Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
sample1.doc
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: User, Template: Normal.dotm,
Last Saved By: kirin, Revision Number: 7, Name of Creating Application: Microsoft Office Word, Total Editing Time: 20:00,
Create Time/Date: Sun May 10 01:31:00 2020, Last Saved Time/Date: Wed Oct 28 04:44:00 2020, Number of Pages: 2, Number of
Words: 89482, Number of Characters: 510049, Security: 0
|
initial sample
|
 |
|
|
C:\Users\Public\Ksh1.pdf
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\sample1.doc.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Jan 14 10:31:16
2021, mtime=Thu Jan 14 10:31:22 2021, atime=Thu Jan 14 10:31:19 2021, length=856064, window=hide
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xae16a304, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
|
|
|
C:\Users\Public\~$Ksh1.doc
|
data
|
dropped
|
|
|
|
C:\Users\Public\~$Ksh1.xls
|
data
|
dropped
|
|
|
|
C:\Users\Public\~WRD0000.tmp
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\~WRD0004.tmp
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C8E730CE-6109-4C50-987F-9ABD6FDBDF02
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0001.doc
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0002.doc
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0003.doc
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0005.doc
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0364.doc
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0497.doc
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{78283799-0F83-48EF-8031-734426429AE8}.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CCDBE93F-C124-4002-A8A4-82387CB4CA40}.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Ksh1.doc.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Jan 14 10:32:15
2021, mtime=Thu Jan 14 10:32:15 2021, atime=Thu Jan 14 10:32:15 2021, length=595972, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Ksh1.xls.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Jan 14 10:32:13
2021, mtime=Thu Jan 14 10:32:14 2021, atime=Thu Jan 14 10:32:14 2021, length=595972, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Public.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Wed
Apr 11 22:38:20 2018, mtime=Thu Jan 14 10:32:13 2021, atime=Thu Jan 14 10:32:13 2021, length=4096, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$ample1.doc
|
data
|
dropped
|
|
|
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
ASCII text, with no line terminators
|
dropped
|
|
There are 19 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE' /Automation -Embedding
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k unistacksvcgroup
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\certutil.exe
|
Certutil -decode C:\Users\Public\Ksh1.xls C:\Users\Public\Ksh1.pdf
|
|
|
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
|
unknown
|
|
|
|
https://t0.tiles.ditu.live.com/tiles/gen
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://wus2-000.contentsync.
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://appexmapsappupdate.blob.core.windows.net
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
http://www.bingmapsportal.com
|
unknown
|
|
|
|
https://ecs.office.com/config/v2/Office
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
|
|
|
https://wus2-000.pagecontentsync.
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Locations
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://dynamic.t
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
|
|
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
|
|
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
|
|
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
|
|
|
https://templatelogging.office.com/client/log
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip166475689.ahcdn.com
|
188.209.213.202
|
|
|
|
mov.pornthash.mobi
|
104.21.4.61
|
|
|
|
pornthash.mobi
|
104.21.4.61
|
|
IPs
|
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
|---|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
unknown
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\svchost.exe
|
cval
|
|
|
|
C:\Windows\System32\svchost.exe
|
cval
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
i>(
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
j>(
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
! (
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
RemoteClearDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Last
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
FilePath
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
StartDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
EndDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Properties
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Url
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
LastClean
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
DisableWinHttpCertAuth
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
DisableIsOwnerRegex
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
DisableSessionAwareHttpClose
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
DisableADALForExtendedApps
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
DisableADALSetSilentAuth
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
msoridDisableGuestCredProvider
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
msoridDisableOstringReplace
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
n#(
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
VBAFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
ReviewToken
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
178E5
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
MSForms
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
MSComctlLib
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Name
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Path
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Extensions
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Cambria Math
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
1F096
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
File Path
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Datetime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Position
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 1
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 21
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
2454D
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
File Path
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Datetime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Position
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 22
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
248F7
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
File Path
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Datetime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Position
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
WORDFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
RoamingConfigurableSettings
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
RoamingLastSyncTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
RoamingLastWriteTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Name
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Path
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Extensions
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Name
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Path
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Extensions
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
1F096
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
CacheReady
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
LastRequest
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
CacheReady
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
LastUpdate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
NextUpdate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
ChangeId
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 1
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 2
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 3
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 4
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 5
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 6
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 7
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 8
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 9
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 10
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 11
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 12
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 13
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 14
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 15
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 16
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 17
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 18
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 19
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 20
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
ChangeId
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
2454D
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 1
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
ChangeId
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 1
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 2
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 3
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 4
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 5
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 6
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 7
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 8
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 9
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 10
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 11
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 12
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 13
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 14
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 15
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 16
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 17
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 18
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 19
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 20
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
Item 21
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
ChangeId
|
|
|
|
C:\Windows\System32\svchost.exe
|
PerfMMFileName
|
|
|
|
C:\Windows\System32\svchost.exe
|
@%SystemRoot%\System32\ci.dll,-100
|
|
|
|
C:\Windows\System32\svchost.exe
|
@%SystemRoot%\System32\ci.dll,-101
|
|
|
|
C:\Windows\System32\svchost.exe
|
@%SystemRoot%\system32\dnsapi.dll,-103
|
|
|
|
C:\Windows\System32\svchost.exe
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
C:\Windows\System32\svchost.exe
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
C:\Windows\System32\svchost.exe
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
C:\Windows\System32\svchost.exe
|
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
|
|
|
|
C:\Windows\System32\svchost.exe
|
@%SystemRoot%\system32\NgcRecovery.dll,-100
|
|
|
|
C:\Windows\System32\certutil.exe
|
Name
|
|
|
|
C:\Windows\System32\certutil.exe
|
Name
|
|
|
|
C:\Windows\System32\certutil.exe
|
Name
|
|
There are 132 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF5C8FC8000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4B7000
|
unkown
|
page readonly
|
|
|
|
8E1167E000
|
unkown
|
page read and write
|
|
|
|
A372877000
|
unkown
|
page read and write
|
|
|
|
12295202000
|
unkown
|
page read and write
|
|
|
|
19BE7D10000
|
unkown
|
page read and write
|
|
|
|
7FF5C8E34000
|
unkown
|
page readonly
|
|
|
|
208A9B70000
|
unkown
|
page readonly
|
|
|
|
7FF4FD515000
|
unkown
|
page readonly
|
|
|
|
7FF5727E1000
|
unkown
|
page readonly
|
|
|
|
22125910000
|
unkown
|
page read and write
|
|
|
|
7FF593179000
|
unkown
|
page readonly
|
|
|
|
7FF5327B1000
|
unkown
|
page readonly
|
|
|
|
2B71E3E0000
|
unkown
|
page read and write
|
|
|
|
1A6257A000
|
unkown
|
page read and write
|
|
|
|
7FF5726FA000
|
unkown
|
page readonly
|
|
|
|
7FF5E7130000
|
unkown
|
page readonly
|
|
|
|
7FF4FD5D9000
|
unkown
|
page readonly
|
|
|
|
1A6227B000
|
unkown
|
page read and write
|
|
|
|
208A9C78000
|
unkown
|
page read and write
|
|
|
|
19BE7D30000
|
unkown
|
page read and write
|
|
|
|
4E836FE000
|
unkown
|
page read and write
|
|
|
|
7FF5C90E6000
|
unkown
|
page readonly
|
|
|
|
208A9D00000
|
unkown
|
page read and write
|
|
|
|
7FF54C400000
|
unkown
|
page readonly
|
|
|
|
7FF54C55A000
|
unkown
|
page readonly
|
|
|
|
7FF5C911F000
|
unkown
|
page readonly
|
|
|
|
1EEA0200000
|
unkown
|
page readonly
|
|
|
|
22F01350000
|
unkown
|
page readonly
|
|
|
|
7FF5C9170000
|
unkown
|
page readonly
|
|
|
|
7FF4FD33E000
|
unkown
|
page readonly
|
|
|
|
7FF532709000
|
unkown
|
page readonly
|
|
|
|
22F01457000
|
unkown
|
page read and write
|
|
|
|
1EEA0100000
|
unkown
|
page read and write
|
|
|
|
7FF593A67000
|
unkown
|
page readonly
|
|
|
|
7FF5326EE000
|
unkown
|
page readonly
|
|
|
|
7FF57274D000
|
unkown
|
page readonly
|
|
|
|
22120B18000
|
unkown
|
page read and write
|
|
|
|
18158345000
|
unkown
|
page read and write
|
|
|
|
2B71E3E0000
|
unkown
|
page read and write
|
|
|
|
7FF54BE54000
|
unkown
|
page readonly
|
|
|
|
7FF55297D000
|
unkown
|
page readonly
|
|
|
|
7FF593AD9000
|
unkown
|
page readonly
|
|
|
|
7FF57271E000
|
unkown
|
page readonly
|
|
|
|
7FF4FD5D1000
|
unkown
|
page readonly
|
|
|
|
117CC7F000
|
unkown
|
page read and write
|
|
|
|
7FF5326C6000
|
unkown
|
page readonly
|
|
|
|
1EEA0029000
|
unkown
|
page read and write
|
|
|
|
7FF5939AA000
|
unkown
|
page readonly
|
|
|
|
7FF4FD577000
|
unkown
|
page readonly
|
|
|
|
22F0145A000
|
unkown
|
page read and write
|
|
|
|
1DA3AB10000
|
unkown
|
page readonly
|
|
|
|
7FF552AAF000
|
unkown
|
page readonly
|
|
|
|
181562C1000
|
unkown
|
page read and write
|
|
|
|
1A6277F000
|
unkown
|
page read and write
|
|
|
|
19BE9B00000
|
unkown
|
page read and write
|
|
|
|
8E111CC000
|
unkown
|
page read and write
|
|
|
|
18156450000
|
unkown
|
page readonly
|
|
|
|
208A9C5B000
|
unkown
|
page read and write
|
|
|
|
19BE7DC0000
|
unkown
|
page readonly
|
|
|
|
181580D0000
|
unkown
|
page read and write
|
|
|
|
7FF54BE4E000
|
unkown
|
page readonly
|
|
|
|
7FF552A9E000
|
unkown
|
page readonly
|
|
|
|
22F0143D000
|
unkown
|
page read and write
|
|
|
|
A372A7C000
|
unkown
|
page read and write
|
|
|
|
208A9C5A000
|
unkown
|
page read and write
|
|
|
|
22F01280000
|
unkown
|
page readonly
|
|
|
|
12294B13000
|
unkown
|
page read and write
|
|
|
|
208A9D13000
|
unkown
|
page read and write
|
|
|
|
4E8397E000
|
unkown
|
page read and write
|
|
|
|
181562C4000
|
unkown
|
page read and write
|
|
|
|
7FF572725000
|
unkown
|
page readonly
|
|
|
|
18158388000
|
unkown
|
page read and write
|
|
|
|
208A9C00000
|
unkown
|
page read and write
|
|
|
|
7FF532754000
|
unkown
|
page readonly
|
|
|
|
7FF5C914C000
|
unkown
|
page readonly
|
|
|
|
1EE9FFC0000
|
unkown
|
page readonly
|
|
|
|
7FF5C8E47000
|
unkown
|
page readonly
|
|
|
|
12294960000
|
unkown
|
page readonly
|
|
|
|
19BE7DE0000
|
heap default
|
page read and write
|
|
|
|
208A9C57000
|
unkown
|
page read and write
|
|
|
|
1F93877000
|
unkown
|
page read and write
|
|
|
|
7FF532757000
|
unkown
|
page readonly
|
|
|
|
1EEA006E000
|
unkown
|
page read and write
|
|
|
|
208A9C67000
|
unkown
|
page read and write
|
|
|
|
7FF5326F5000
|
unkown
|
page readonly
|
|
|
|
208A9C02000
|
unkown
|
page read and write
|
|
|
|
1E2166A4000
|
unkown
|
page read and write
|
|
|
|
19BE7F30000
|
heap private
|
page read and write
|
|
|
|
22F0144E000
|
unkown
|
page read and write
|
|
|
|
7FF54C57F000
|
unkown
|
page readonly
|
|
|
|
2B71CA57000
|
unkown
|
page read and write
|
|
|
|
1EEA006C000
|
unkown
|
page read and write
|
|
|
|
1DA3AC02000
|
unkown
|
page read and write
|
|
|
|
117CA7B000
|
unkown
|
page read and write
|
|
|
|
7FF5C8E95000
|
unkown
|
page readonly
|
|
|
|
7FF4FD32A000
|
unkown
|
page readonly
|
|
|
|
208A9C13000
|
unkown
|
page read and write
|
|
|
|
7FF5937A0000
|
unkown
|
page readonly
|
|
|
|
7FF4FD445000
|
unkown
|
page readonly
|
|
|
|
7FF5E7461000
|
unkown
|
page readonly
|
|
|
|
22F01442000
|
unkown
|
page read and write
|
|
|
|
7FF4FD574000
|
unkown
|
page readonly
|
|
|
|
122948E0000
|
heap private
|
page read and write
|
|
|
|
7FF593A56000
|
unkown
|
page readonly
|
|
|
|
18158302000
|
unkown
|
page read and write
|
|
|
|
7FF4FD53D000
|
unkown
|
page readonly
|
|
|
|
18158050000
|
unkown
|
page read and write
|
|
|
|
7FF4FD471000
|
unkown
|
page readonly
|
|
|
|
7FF5C90FA000
|
unkown
|
page readonly
|
|
|
|
7FF4FD2FB000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4C8000
|
unkown
|
page readonly
|
|
|
|
7FF5370E9000
|
unkown
|
page readonly
|
|
|
|
7FF4FCC75000
|
unkown
|
page readonly
|
|
|
|
7FF580B69000
|
unkown
|
page readonly
|
|
|
|
7FF5939E6000
|
unkown
|
page readonly
|
|
|
|
7FF5938C8000
|
unkown
|
page readonly
|
|
|
|
7FF5E759C000
|
unkown
|
page readonly
|
|
|
|
7FF5E7433000
|
unkown
|
page readonly
|
|
|
|
7FF5E7629000
|
unkown
|
page readonly
|
|
|
|
22F01210000
|
heap private
|
page read and write
|
|
|
|
7FF552B07000
|
unkown
|
page readonly
|
|
|
|
117CAFE000
|
unkown
|
page read and write
|
|
|
|
7FF54C5C7000
|
unkown
|
page readonly
|
|
|
|
18158300000
|
unkown
|
page read and write
|
|
|
|
22F0147B000
|
unkown
|
page read and write
|
|
|
|
1F9377E000
|
unkown
|
page read and write
|
|
|
|
1E216590000
|
unkown
|
page read and write
|
|
|
|
181561E0000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4E2000
|
unkown
|
page readonly
|
|
|
|
7FF5938E3000
|
unkown
|
page readonly
|
|
|
|
7FF5727E9000
|
unkown
|
page readonly
|
|
|
|
18158348000
|
unkown
|
page read and write
|
|
|
|
1EEA0040000
|
unkown
|
page read and write
|
|
|
|
7FF4FD565000
|
unkown
|
page readonly
|
|
|
|
2B71CA48000
|
unkown
|
page read and write
|
|
|
|
A3724FE000
|
unkown
|
page read and write
|
|
|
|
7FF572766000
|
unkown
|
page readonly
|
|
|
|
7FF5E75B5000
|
unkown
|
page readonly
|
|
|
|
221257BE000
|
unkown
|
page read and write
|
|
|
|
7FF5E7621000
|
unkown
|
page readonly
|
|
|
|
7FF4FD295000
|
unkown
|
page readonly
|
|
|
|
7FF593A74000
|
unkown
|
page readonly
|
|
|
|
1A6237E000
|
unkown
|
page read and write
|
|
|
|
208A9C5D000
|
unkown
|
page read and write
|
|
|
|
208A9C5F000
|
unkown
|
page read and write
|
|
|
|
7FF54C56E000
|
unkown
|
page readonly
|
|
|
|
1815623F000
|
unkown
|
page read and write
|
|
|
|
7FF4FD50E000
|
unkown
|
page readonly
|
|
|
|
7FF5C9087000
|
unkown
|
page readonly
|
|
|
|
7FF552A8A000
|
unkown
|
page readonly
|
|
|
|
7FF4FD318000
|
unkown
|
page readonly
|
|
|
|
22125AB9000
|
unkown
|
page read and write
|
|
|
|
7FF5E75C7000
|
unkown
|
page readonly
|
|
|
|
117CD7F000
|
unkown
|
page read and write
|
|
|
|
7FF4FD3E7000
|
unkown
|
page readonly
|
|
|
|
7FF532736000
|
unkown
|
page readonly
|
|
|
|
8E116FE000
|
unkown
|
page read and write
|
|
|
|
18156254000
|
unkown
|
page read and write
|
|
|
|
7FF4FD287000
|
unkown
|
page readonly
|
|
|
|
12294A13000
|
unkown
|
page read and write
|
|
|
|
1F934FE000
|
unkown
|
page read and write
|
|
|
|
1DA3AC13000
|
unkown
|
page read and write
|
|
|
|
1E216698000
|
unkown
|
page read and write
|
|
|
|
22F01484000
|
unkown
|
page read and write
|
|
|
|
7FF54C26A000
|
unkown
|
page readonly
|
|
|
|
7FF5E6E0E000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4AA000
|
unkown
|
page readonly
|
|
|
|
208A9C27000
|
unkown
|
page read and write
|
|
|
|
7FF4FD0E3000
|
unkown
|
page readonly
|
|
|
|
7FF54C631000
|
unkown
|
page readonly
|
|
|
|
7FF5E758D000
|
unkown
|
page readonly
|
|
|
|
22F01270000
|
heap default
|
page read and write
|
|
|
|
21D4F460000
|
unkown
|
page read and write
|
|
|
|
1DA3AE00000
|
unkown
|
page write copy
|
|
|
|
18156200000
|
unkown
|
page read and write
|
|
|
|
7FF5C9146000
|
unkown
|
page readonly
|
|
|
|
7FF54C4DA000
|
unkown
|
page readonly
|
|
|
|
181562DB000
|
unkown
|
page read and write
|
|
|
|
22F01459000
|
unkown
|
page read and write
|
|
|
|
1815627D000
|
unkown
|
page read and write
|
|
|
|
7FF5E73AF000
|
unkown
|
page readonly
|
|
|
|
7FF53272C000
|
unkown
|
page readonly
|
|
|
|
7FF4FD35F000
|
unkown
|
page readonly
|
|
|
|
7FF593A29000
|
unkown
|
page readonly
|
|
|
|
1EEA0000000
|
unkown
|
page read and write
|
|
|
|
7FF552958000
|
unkown
|
page readonly
|
|
|
|
7FF552AB9000
|
unkown
|
page readonly
|
|
|
|
22F0146B000
|
unkown
|
page read and write
|
|
|
|
7FF55234E000
|
unkown
|
page readonly
|
|
|
|
7FF54C3F8000
|
unkown
|
page readonly
|
|
|
|
12294A2A000
|
unkown
|
page read and write
|
|
|
|
1DA3C5F0000
|
unkown
|
page read and write
|
|
|
|
7FF4FD55C000
|
unkown
|
page readonly
|
|
|
|
7FF552B69000
|
unkown
|
page readonly
|
|
|
|
7FF572756000
|
unkown
|
page readonly
|
|
|
|
7FF552A72000
|
unkown
|
page readonly
|
|
|
|
1EEA0057000
|
unkown
|
page read and write
|
|
|
|
22F01400000
|
unkown
|
page read and write
|
|
|
|
7FF54C58C000
|
unkown
|
page readonly
|
|
|
|
22125900000
|
unkown
|
page read and write
|
|
|
|
208A9E00000
|
unkown
|
page readonly
|
|
|
|
7FF552ADC000
|
unkown
|
page readonly
|
|
|
|
1E21667B000
|
heap default
|
page read and write
|
|
|
|
1E2165B0000
|
unkown
|
page readonly
|
|
|
|
7FF54C409000
|
unkown
|
page readonly
|
|
|
|
22F01413000
|
unkown
|
page read and write
|
|
|
|
22F01460000
|
unkown
|
page read and write
|
|
|
|
1E216440000
|
unkown
|
page readonly
|
|
|
|
7FF5326FF000
|
unkown
|
page readonly
|
|
|
|
7FF59382A000
|
unkown
|
page readonly
|
|
|
|
7FF5C8F2A000
|
unkown
|
page readonly
|
|
|
|
22F0145C000
|
unkown
|
page read and write
|
|
|
|
7FF55293A000
|
unkown
|
page readonly
|
|
|
|
7FF552ACD000
|
unkown
|
page readonly
|
|
|
|
22F01432000
|
unkown
|
page read and write
|
|
|
|
1F935F5000
|
unkown
|
page read and write
|
|
|
|
7FF4FD4AC000
|
unkown
|
page readonly
|
|
|
|
7FF4FD5CE000
|
unkown
|
page readonly
|
|
|
|
7FF53273C000
|
unkown
|
page readonly
|
|
|
|
1EEA0002000
|
unkown
|
page read and write
|
|
|
|
7FF4FD487000
|
unkown
|
page readonly
|
|
|
|
1EEA001F000
|
unkown
|
page read and write
|
|
|
|
8E115FF000
|
unkown
|
page read and write
|
|
|
|
18156400000
|
unkown
|
page write copy
|
|
|
|
18158100000
|
unkown
|
page readonly
|
|
|
|
2B71E3E0000
|
unkown
|
page read and write
|
|
|
|
7FF54C5E2000
|
unkown
|
page readonly
|
|
|
|
2B71CA58000
|
unkown
|
page read and write
|
|
|
|
7FF5E756F000
|
unkown
|
page readonly
|
|
|
|
22F01445000
|
unkown
|
page read and write
|
|
|
|
2CC5CF60000
|
unkown
|
page read and write
|
|
|
|
18158388000
|
unkown
|
page read and write
|
|
|
|
7FF593A70000
|
unkown
|
page readonly
|
|
|
|
7FF4FD10D000
|
unkown
|
page readonly
|
|
|
|
1E216570000
|
unkown
|
page read and write
|
|
|
|
7FF54C532000
|
unkown
|
page readonly
|
|
|
|
1E216685000
|
unkown
|
page read and write
|
|
|
|
1A623FA000
|
unkown
|
page read and write
|
|
|
|
7FF570E99000
|
unkown
|
page readonly
|
|
|
|
7FF54C639000
|
unkown
|
page readonly
|
|
|
|
208A9C62000
|
unkown
|
page read and write
|
|
|
|
7FF593A5C000
|
unkown
|
page readonly
|
|
|
|
181560A0000
|
heap private
|
page read and write
|
|
|
|
7FF4FD234000
|
unkown
|
page readonly
|
|
|
|
1EE9FE30000
|
heap private
|
page read and write
|
|
|
|
7FF531E2A000
|
unkown
|
page readonly
|
|
|
|
7FF593A3D000
|
unkown
|
page readonly
|
|
|
|
22F01448000
|
unkown
|
page read and write
|
|
|
|
7FF593A1F000
|
unkown
|
page readonly
|
|
|
|
7FF5529A7000
|
unkown
|
page readonly
|
|
|
|
7FF54C62E000
|
unkown
|
page readonly
|
|
|
|
7FF4FD48A000
|
unkown
|
page readonly
|
|
|
|
7FF552660000
|
unkown
|
page readonly
|
|
|
|
4E8387E000
|
unkown
|
page read and write
|
|
|
|
7FF5E6DC4000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4FA000
|
unkown
|
page readonly
|
|
|
|
12295400000
|
unkown
|
page readonly
|
|
|
|
208A9C29000
|
unkown
|
page read and write
|
|
|
|
22F01360000
|
unkown
|
page readonly
|
|
|
|
8E114FE000
|
unkown
|
page read and write
|
|
|
|
18158400000
|
unkown
|
page readonly
|
|
|
|
7FF593987000
|
unkown
|
page readonly
|
|
|
|
7FF54C54A000
|
unkown
|
page readonly
|
|
|
|
A37277E000
|
unkown
|
page read and write
|
|
|
|
7FF5C8EA0000
|
unkown
|
page readonly
|
|
|
|
12294A00000
|
unkown
|
page read and write
|
|
|
|
18156229000
|
unkown
|
page read and write
|
|
|
|
7FF4FD3C8000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4D0000
|
unkown
|
page readonly
|
|
|
|
7FF593A15000
|
unkown
|
page readonly
|
|
|
|
7FF4FD484000
|
unkown
|
page readonly
|
|
|
|
7FF5C8E43000
|
unkown
|
page readonly
|
|
|
|
7FF5C91CE000
|
unkown
|
page readonly
|
|
|
|
1EEA1DE0000
|
unkown
|
page read and write
|
|
|
|
12294A8A000
|
unkown
|
page read and write
|
|
|
|
7FF5C8875000
|
unkown
|
page readonly
|
|
|
|
18156313000
|
unkown
|
page read and write
|
|
|
|
208A9B90000
|
unkown
|
page read and write
|
|
|
|
2B71CA48000
|
unkown
|
page read and write
|
|
|
|
12294A27000
|
unkown
|
page read and write
|
|
|
|
46E1F7D000
|
unkown
|
page read and write
|
|
|
|
18158060000
|
unkown
|
page readonly
|
|
|
|
7FF572782000
|
unkown
|
page readonly
|
|
|
|
12294A3C000
|
unkown
|
page read and write
|
|
|
|
7FF5E7522000
|
unkown
|
page readonly
|
|
|
|
22F01462000
|
unkown
|
page read and write
|
|
|
|
7FF5C9115000
|
unkown
|
page readonly
|
|
|
|
7FF593A0E000
|
unkown
|
page readonly
|
|
|
|
7FF57275C000
|
unkown
|
page readonly
|
|
|
|
7FF552A60000
|
unkown
|
page readonly
|
|
|
|
7FF5C8FE3000
|
unkown
|
page readonly
|
|
|
|
7FF532750000
|
unkown
|
page readonly
|
|
|
|
22F01474000
|
unkown
|
page read and write
|
|
|
|
1A6267D000
|
unkown
|
page read and write
|
|
|
|
1EE9FEA0000
|
unkown
|
page readonly
|
|
|
|
46E1EFC000
|
unkown
|
page read and write
|
|
|
|
22F01464000
|
unkown
|
page read and write
|
|
|
|
7FF5326DA000
|
unkown
|
page readonly
|
|
|
|
1E216635000
|
heap private
|
page read and write
|
|
|
|
7FF5939E8000
|
unkown
|
page readonly
|
|
|
|
7FF5C9091000
|
unkown
|
page readonly
|
|
|
|
7FF593A4C000
|
unkown
|
page readonly
|
|
|
|
7FF5B6839000
|
unkown
|
page readonly
|
|
|
|
117CB7E000
|
unkown
|
page read and write
|
|
|
|
208A9C53000
|
unkown
|
page read and write
|
|
|
|
7FF593840000
|
unkown
|
page readonly
|
|
|
|
181562ED000
|
unkown
|
page read and write
|
|
|
|
1DA3ABE0000
|
unkown
|
page readonly
|
|
|
|
7FF4FD556000
|
unkown
|
page readonly
|
|
|
|
7FF5E7538000
|
unkown
|
page readonly
|
|
|
|
7FF5E7532000
|
unkown
|
page readonly
|
|
|
|
7FF50AF89000
|
unkown
|
page readonly
|
|
|
|
22F01429000
|
unkown
|
page read and write
|
|
|
|
7FF55292E000
|
unkown
|
page readonly
|
|
|
|
7FF5C9177000
|
unkown
|
page readonly
|
|
|
|
7FF552A78000
|
unkown
|
page readonly
|
|
|
|
12294CD0000
|
unkown
|
page readonly
|
|
|
|
7FF5939E2000
|
unkown
|
page readonly
|
|
|
|
7FF532745000
|
unkown
|
page readonly
|
|
|
|
22F01600000
|
unkown
|
page readonly
|
|
|
|
7FF5C9156000
|
unkown
|
page readonly
|
|
|
|
7FF54C5BC000
|
unkown
|
page readonly
|
|
|
|
18156213000
|
unkown
|
page read and write
|
|
|
|
7FF54BDD2000
|
unkown
|
page readonly
|
|
|
|
721EFA000
|
unkown
|
page read and write
|
|
|
|
721E7F000
|
unkown
|
page read and write
|
|
|
|
181580E0000
|
unkown
|
page readonly
|
|
|
|
7FF5529DC000
|
unkown
|
page readonly
|
|
|
|
2CC5CF60000
|
unkown
|
page read and write
|
|
|
|
7FF5397B4000
|
unkown
|
page readonly
|
|
|
|
4E833BB000
|
unkown
|
page read and write
|
|
|
|
22F01444000
|
unkown
|
page read and write
|
|
|
|
1F93A7E000
|
unkown
|
page read and write
|
|
|
|
7FF5C91D1000
|
unkown
|
page readonly
|
|
|
|
7FF4FD25C000
|
unkown
|
page readonly
|
|
|
|
A3726FB000
|
unkown
|
page read and write
|
|
|
|
7FF552A76000
|
unkown
|
page readonly
|
|
|
|
117CBFA000
|
unkown
|
page read and write
|
|
|
|
22F0146D000
|
unkown
|
page read and write
|
|
|
|
7FF593AD1000
|
unkown
|
page readonly
|
|
|
|
1DA3AC35000
|
unkown
|
page read and write
|
|
|
|
7FF552B00000
|
unkown
|
page readonly
|
|
|
|
12294B00000
|
unkown
|
page read and write
|
|
|
|
7FF54C5B0000
|
unkown
|
page readonly
|
|
|
|
18158202000
|
unkown
|
page read and write
|
|
|
|
22F01441000
|
unkown
|
page read and write
|
|
|
|
208A9D02000
|
unkown
|
page read and write
|
|
|
|
181580D0000
|
unkown
|
page read and write
|
|
|
|
2B71CA47000
|
unkown
|
page read and write
|
|
|
|
1E2164A0000
|
unkown
|
page readonly
|
|
|
|
7FF4FD491000
|
unkown
|
page readonly
|
|
|
|
7FF4FD546000
|
unkown
|
page readonly
|
|
|
|
7FF54C59D000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4B3000
|
unkown
|
page readonly
|
|
|
|
1F936FB000
|
unkown
|
page read and write
|
|
|
|
7FF5E75AC000
|
unkown
|
page readonly
|
|
|
|
18156302000
|
unkown
|
page read and write
|
|
|
|
7FF590049000
|
unkown
|
page readonly
|
|
|
|
7FF5E7596000
|
unkown
|
page readonly
|
|
|
|
7FF54C639000
|
unkown
|
page readonly
|
|
|
|
221257F4000
|
unkown
|
page read and write
|
|
|
|
7FF54C5A1000
|
unkown
|
page readonly
|
|
|
|
7FF5528EF000
|
unkown
|
page readonly
|
|
|
|
721B5B000
|
unkown
|
page read and write
|
|
|
|
7FF5C910E000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4E8000
|
unkown
|
page readonly
|
|
|
|
7FF4FD243000
|
unkown
|
page readonly
|
|
|
|
7FF5C913D000
|
unkown
|
page readonly
|
|
|
|
22125AB6000
|
unkown
|
page read and write
|
|
|
|
7FF5938E7000
|
unkown
|
page readonly
|
|
|
|
A37297F000
|
unkown
|
page read and write
|
|
|
|
7FF5326C8000
|
unkown
|
page readonly
|
|
|
|
7FF54C542000
|
unkown
|
page readonly
|
|
|
|
7FF54C5D7000
|
unkown
|
page readonly
|
|
|
|
7FF593734000
|
unkown
|
page readonly
|
|
|
|
7FF4FD51F000
|
unkown
|
page readonly
|
|
|
|
7FF4FD54C000
|
unkown
|
page readonly
|
|
|
|
7FF552AA5000
|
unkown
|
page readonly
|
|
|
|
221257B0000
|
unkown
|
page read and write
|
|
|
|
7FF5326B0000
|
unkown
|
page readonly
|
|
|
|
7FF5397B4000
|
unkown
|
page readonly
|
|
|
|
7FF5727DE000
|
unkown
|
page readonly
|
|
|
|
7FF4FD28E000
|
unkown
|
page readonly
|
|
|
|
7FF552973000
|
unkown
|
page readonly
|
|
|
|
7FF4FD30C000
|
unkown
|
page readonly
|
|
|
|
7FF54C29F000
|
unkown
|
page readonly
|
|
|
|
7FF4FD340000
|
unkown
|
page readonly
|
|
|
|
7FF5E755E000
|
unkown
|
page readonly
|
|
|
|
22F0145F000
|
unkown
|
page read and write
|
|
|
|
7FF552AEC000
|
unkown
|
page readonly
|
|
|
|
1A6247B000
|
unkown
|
page read and write
|
|
|
|
7FF54C546000
|
unkown
|
page readonly
|
|
|
|
7FF4FD5D9000
|
unkown
|
page readonly
|
|
|
|
7FF5C9174000
|
unkown
|
page readonly
|
|
|
|
22120B58000
|
unkown
|
page read and write
|
|
|
|
7FF54C589000
|
unkown
|
page readonly
|
|
|
|
22F01477000
|
unkown
|
page read and write
|
|
|
|
7FF54C5DD000
|
unkown
|
page readonly
|
|
|
|
22F0147A000
|
unkown
|
page read and write
|
|
|
|
7FF59398A000
|
unkown
|
page readonly
|
|
|
|
117CCF9000
|
unkown
|
page read and write
|
|
|
|
22F01426000
|
unkown
|
page read and write
|
|
|
|
4E8367E000
|
unkown
|
page read and write
|
|
|
|
7FF5E7520000
|
unkown
|
page readonly
|
|
|
|
12294940000
|
heap default
|
page read and write
|
|
|
|
A3721EC000
|
unkown
|
page read and write
|
|
|
|
7FF593795000
|
unkown
|
page readonly
|
|
|
|
7FF5E2309000
|
unkown
|
page readonly
|
|
|
|
18157BF0000
|
unkown
|
page read and write
|
|
|
|
1E216630000
|
heap private
|
page read and write
|
|
|
|
7FF5E75C4000
|
unkown
|
page readonly
|
|
|
|
7FF552A62000
|
unkown
|
page readonly
|
|
|
|
18156100000
|
heap default
|
page read and write
|
|
|
|
7FF5C90EA000
|
unkown
|
page readonly
|
|
|
|
7FF552B61000
|
unkown
|
page readonly
|
|
|
|
7FF5324DA000
|
unkown
|
page readonly
|
|
|
|
721BDF000
|
unkown
|
page read and write
|
|
|
|
7FF4FD541000
|
unkown
|
page readonly
|
|
|
|
22F01475000
|
unkown
|
page read and write
|
|
|
|
221257B0000
|
unkown
|
page read and write
|
|
|
|
7FF5529A1000
|
unkown
|
page readonly
|
|
|
|
1EEA0102000
|
unkown
|
page read and write
|
|
|
|
7FF552B5E000
|
unkown
|
page readonly
|
|
|
|
7FF5E754A000
|
unkown
|
page readonly
|
|
|
|
7FF5327AE000
|
unkown
|
page readonly
|
|
|
|
7FF5E7418000
|
unkown
|
page readonly
|
|
|
|
208A9B80000
|
unkown
|
page readonly
|
|
|
|
721F7A000
|
unkown
|
page read and write
|
|
|
|
208A9C3C000
|
unkown
|
page read and write
|
|
|
|
7FF552304000
|
unkown
|
page readonly
|
|
|
|
7FF5C915C000
|
unkown
|
page readonly
|
|
|
|
7FF5C8879000
|
unkown
|
page readonly
|
|
|
|
1EEA0113000
|
unkown
|
page read and write
|
|
|
|
7FF57276C000
|
unkown
|
page readonly
|
|
|
|
12294950000
|
unkown
|
page readonly
|
|
|
|
181580D0000
|
unkown
|
page read and write
|
|
|
|
1E2166A4000
|
unkown
|
page read and write
|
|
|
|
7FF4FD570000
|
unkown
|
page readonly
|
|
|
|
7FF5E734A000
|
unkown
|
page readonly
|
|
|
|
19BE7DD0000
|
unkown
|
page readonly
|
|
|
|
7FF54C530000
|
unkown
|
page readonly
|
|
|
|
7FF4FD47A000
|
unkown
|
page readonly
|
|
|
|
7FF5C9129000
|
unkown
|
page readonly
|
|
|
|
A3725F5000
|
unkown
|
page read and write
|
|
|
|
7FF5C8FE7000
|
unkown
|
page readonly
|
|
|
|
12294970000
|
unkown
|
page read and write
|
|
|
|
19BE7DE8000
|
heap default
|
page read and write
|
|
|
|
181562F4000
|
unkown
|
page read and write
|
|
|
|
22F01370000
|
unkown
|
page read and write
|
|
|
|
2CC5CF60000
|
unkown
|
page read and write
|
|
|
|
7FF5E7579000
|
unkown
|
page readonly
|
|
|
|
7FF552B69000
|
unkown
|
page readonly
|
|
|
|
12294C00000
|
unkown
|
page readonly
|
|
|
|
1F931AB000
|
unkown
|
page read and write
|
|
|
|
22F01431000
|
unkown
|
page read and write
|
|
|
|
208A9C78000
|
unkown
|
page read and write
|
|
|
|
7FF593ACE000
|
unkown
|
page readonly
|
|
|
|
12294B02000
|
unkown
|
page read and write
|
|
|
|
1DA3AC40000
|
unkown
|
page read and write
|
|
|
|
22125910000
|
unkown
|
page read and write
|
|
|
|
7FF552AE6000
|
unkown
|
page readonly
|
|
|
|
221257E0000
|
unkown
|
page read and write
|
|
|
|
22F01446000
|
unkown
|
page read and write
|
|
|
|
1EE9FE90000
|
heap default
|
page read and write
|
|
|
|
7FF5E73FA000
|
unkown
|
page readonly
|
|
|
|
18158314000
|
unkown
|
page read and write
|
|
|
|
22120B59000
|
unkown
|
page read and write
|
|
|
|
181580C0000
|
unkown
|
page readonly
|
|
|
|
181562C3000
|
unkown
|
page read and write
|
|
|
|
22F01502000
|
unkown
|
page read and write
|
|
|
|
7FF5E75A6000
|
unkown
|
page readonly
|
|
|
|
1F9397E000
|
unkown
|
page read and write
|
|
|
|
221257F0000
|
unkown
|
page read and write
|
|
|
|
7FF552670000
|
unkown
|
page readonly
|
|
|
|
1DA3AAA0000
|
heap private
|
page read and write
|
|
|
|
7FF552AF5000
|
unkown
|
page readonly
|
|
|
|
19BE7D60000
|
unkown
|
page readonly
|
|
|
|
7FF55288A000
|
unkown
|
page readonly
|
|
|
|
7FF4FD2A0000
|
unkown
|
page readonly
|
|
|
|
18156251000
|
unkown
|
page read and write
|
|
|
|
1DA3AE50000
|
unkown
|
page readonly
|
|
|
|
12294A5B000
|
unkown
|
page read and write
|
|
|
|
7FF5327B9000
|
unkown
|
page readonly
|
|
|
|
19BE7D50000
|
unkown
|
page readonly
|
|
|
|
18157CF0000
|
unkown
|
page readonly
|
|
|
|
A37247D000
|
unkown
|
page read and write
|
|
|
|
1EEA005B000
|
unkown
|
page read and write
|
|
|
|
12294A51000
|
unkown
|
page read and write
|
|
|
|
7FF5C91D9000
|
unkown
|
page readonly
|
|
|
|
7FF532726000
|
unkown
|
page readonly
|
|
|
|
7FF5C90AA000
|
unkown
|
page readonly
|
|
|
|
1EEA19A0000
|
unkown
|
page read and write
|
|
|
|
7FF5E711A000
|
unkown
|
page readonly
|
|
|
|
1A626F9000
|
unkown
|
page read and write
|
|
|
|
1DA3AC29000
|
unkown
|
page read and write
|
|
|
|
1E2166A4000
|
unkown
|
page read and write
|
|
|
|
1EEA1AA0000
|
unkown
|
page readonly
|
|
|
|
22F01440000
|
unkown
|
page read and write
|
|
|
|
1DA3AC00000
|
unkown
|
page read and write
|
|
|
|
22F01463000
|
unkown
|
page read and write
|
|
|
|
7FF55265A000
|
unkown
|
page readonly
|
|
|
|
7FF5E7536000
|
unkown
|
page readonly
|
|
|
|
7FF54C5B6000
|
unkown
|
page readonly
|
|
|
|
7FF572775000
|
unkown
|
page readonly
|
|
|
|
22F01468000
|
unkown
|
page read and write
|
|
|
|
208A9A90000
|
heap default
|
page read and write
|
|
|
|
7FF5C9167000
|
unkown
|
page readonly
|
|
|
|
7FF593A77000
|
unkown
|
page readonly
|
|
|
|
7FF5C90E2000
|
unkown
|
page readonly
|
|
|
|
1EE9FF70000
|
unkown
|
page write copy
|
|
|
|
208A9A30000
|
heap private
|
page read and write
|
|
|
|
208A9D08000
|
unkown
|
page read and write
|
|
|
|
7FF5C90AC000
|
unkown
|
page readonly
|
|
|
|
19BE7BE0000
|
unkown
|
page readonly
|
|
|
|
7FF54C4E4000
|
unkown
|
page readonly
|
|
|
|
7FF593991000
|
unkown
|
page readonly
|
|
|
|
7FF5E749C000
|
unkown
|
page readonly
|
|
|
|
22120B18000
|
unkown
|
page read and write
|
|
|
|
12294B08000
|
unkown
|
page read and write
|
|
|
|
7FF5C91D9000
|
unkown
|
page readonly
|
|
|
|
7FF5C908A000
|
unkown
|
page readonly
|
|
|
|
19BE8015000
|
heap private
|
page read and write
|
|
|
|
7FF4FD3E3000
|
unkown
|
page readonly
|
|
|
|
18156316000
|
unkown
|
page read and write
|
|
|
|
7FF54C5AC000
|
unkown
|
page readonly
|
|
|
|
22F01461000
|
unkown
|
page read and write
|
|
|
|
7FF5E7629000
|
unkown
|
page readonly
|
|
|
|
7FF5726F8000
|
unkown
|
page readonly
|
|
|
|
721FFF000
|
unkown
|
page read and write
|
|
|
|
1DA3AC57000
|
unkown
|
page read and write
|
|
|
|
7FF593AD9000
|
unkown
|
page readonly
|
|
|
|
1E216770000
|
unkown
|
page readonly
|
|
|
|
1EEA0013000
|
unkown
|
page read and write
|
|
|
|
22125880000
|
unkown
|
page read and write
|
|
|
|
1E216670000
|
heap default
|
page read and write
|
|
|
|
7FF54C5A6000
|
unkown
|
page readonly
|
|
|
|
7FF54C5D0000
|
unkown
|
page readonly
|
|
|
|
7FF593A46000
|
unkown
|
page readonly
|
|
|
|
18158070000
|
heap private
|
page read and write
|
|
|
|
221257B8000
|
unkown
|
page read and write
|
|
|
|
19BE7F40000
|
unkown
|
page readonly
|
|
|
|
208AA402000
|
unkown
|
page read and write
|
|
|
|
7FF54C548000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4E6000
|
unkown
|
page readonly
|
|
|
|
7FF4FD247000
|
unkown
|
page readonly
|
|
|
|
22F0147E000
|
unkown
|
page read and write
|
|
|
|
7FF53271D000
|
unkown
|
page readonly
|
|
|
|
7FF593175000
|
unkown
|
page readonly
|
|
|
|
181562A6000
|
unkown
|
page read and write
|
|
|
|
208A9AA0000
|
unkown
|
page readonly
|
|
|
|
7FF5939EA000
|
unkown
|
page readonly
|
|
|
|
46E1FFE000
|
unkown
|
page read and write
|
|
|
|
208AA600000
|
unkown
|
page readonly
|
|
|
|
7FF5E761E000
|
unkown
|
page readonly
|
|
|
|
208AA260000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4BC000
|
unkown
|
page readonly
|
|
|
|
19BE7C40000
|
unkown
|
page readonly
|
|
|
|
7FF4FCC79000
|
unkown
|
page readonly
|
|
|
|
7FF552B04000
|
unkown
|
page readonly
|
|
|
|
12294A66000
|
unkown
|
page read and write
|
|
|
|
181580D0000
|
unkown
|
page read and write
|
|
|
|
7FF5E743D000
|
unkown
|
page readonly
|
|
|
|
19BE8010000
|
heap private
|
page read and write
|
|
|
|
7FF5939AC000
|
unkown
|
page readonly
|
|
|
|
1A624FF000
|
unkown
|
page read and write
|
|
|
|
18159010000
|
unkown
|
page read and write
|
|
|
|
4E83A7E000
|
unkown
|
page read and write
|
|
|
|
7FF593743000
|
unkown
|
page readonly
|
|
|
|
7FF5E75C0000
|
unkown
|
page readonly
|
|
|
|
1F9347E000
|
unkown
|
page read and write
|
|
|
|
7FF5939FA000
|
unkown
|
page readonly
|
|
|
|
2B71CA58000
|
unkown
|
page read and write
|
|
|
|
7FF5727E9000
|
unkown
|
page readonly
|
|
|
|
7FF4FD4D2000
|
unkown
|
page readonly
|
|
|
|
1DA3C6F0000
|
unkown
|
page readonly
|
|
|
|
7FF54C575000
|
unkown
|
page readonly
|
|
|
|
221257D1000
|
unkown
|
page read and write
|
|
|
|
22F01C02000
|
unkown
|
page read and write
|
|
|
|
7FF4FD567000
|
unkown
|
page readonly
|
|
|
|
1DA3AD02000
|
unkown
|
page read and write
|
|
|
|
7FF593747000
|
unkown
|
page readonly
|
|
|
|
7FF53253F000
|
unkown
|
page readonly
|
|
|
|
22F0143A000
|
unkown
|
page read and write
|
|
|
|
7FF5327B9000
|
unkown
|
page readonly
|
|
|
|
12295740000
|
unkown
|
page readonly
|
|
|
|
19BE7E15000
|
unkown
|
page read and write
|
|
|
|
7FF5E7120000
|
unkown
|
page readonly
|
|
|
|
7FF4FD529000
|
unkown
|
page readonly
|
|
|
|
19BE9C80000
|
heap private
|
page read and write
|
|
|
|
18156296000
|
unkown
|
page read and write
|
|
|
|
208A9C81000
|
unkown
|
page read and write
|
|
|
|
7FF5C8F40000
|
unkown
|
page readonly
|
|
|
|
22125AAE000
|
unkown
|
page read and write
|
|
|
|
7FF572739000
|
unkown
|
page readonly
|
|
|
|
7FF5E7467000
|
unkown
|
page readonly
|
|
|
|
12294A5E000
|
unkown
|
page read and write
|
|
|
|
22F0146A000
|
unkown
|
page read and write
|
|
|
|
19BE8360000
|
unkown
|
page readonly
|
|
|
|
7FF54BE51000
|
unkown
|
page readonly
|
|
|
|
4E83B7F000
|
unkown
|
page read and write
|
|
|
|
22F01465000
|
unkown
|
page read and write
|
|
|
|
7FF5E73EE000
|
unkown
|
page readonly
|
|
|
|
7FF4FD44C000
|
unkown
|
page readonly
|
|
|
|
221257D4000
|
unkown
|
page read and write
|
|
|
|
7FF5C90E8000
|
unkown
|
page readonly
|
|
|
|
1E21669A000
|
unkown
|
page read and write
|
|
|
|
1A625F9000
|
unkown
|
page read and write
|
|
|
|
1A622FE000
|
unkown
|
page read and write
|
|
|
|
18156110000
|
unkown
|
page readonly
|
|
|
|
7FF552AD6000
|
unkown
|
page readonly
|
|
|
|
19BE7DA0000
|
unkown
|
page read and write
|
|
|
|
19BE8020000
|
unkown
|
page readonly
|
|
|
|
7FF5E7565000
|
unkown
|
page readonly
|
|
|
|
22125910000
|
unkown
|
page read and write
|
|
|
|
8E1147E000
|
unkown
|
page read and write
|
|
|
|
181562CC000
|
unkown
|
page read and write
|
|
|
|
22F01458000
|
unkown
|
page read and write
|
|
|
|
22125910000
|
unkown
|
page read and write
|
|
|
|
1DA3AB00000
|
heap default
|
page read and write
|
|
|
|
12294A61000
|
unkown
|
page read and write
|
|
|
|
1815628C000
|
unkown
|
page read and write
|
|
|
|
1E21668A000
|
heap default
|
page read and write
|
|
There are 613 hidden memdumps, click here to show them.