Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
document-1900770373.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Feb 18 09:51:20 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-1900770373.xls.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 14:03:42
2020, mtime=Mon Feb 22 00:00:18 2021, atime=Mon Feb 22 00:00:18 2021, length=90112, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CD13771E5132C64BEEF257719A4363C4
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CD13771E5132C64BEEF257719A4363C4
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7D6E80E9-F6BE-42BF-A2A0-7FD90E04D55B
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\31810000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu
Jun 27 16:19:49 2019, mtime=Mon Feb 22 00:00:17 2021, atime=Mon Feb 22 00:00:17 2021, length=8192, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\D1810000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 59134 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2BBE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\CabD03B.tmp
|
Microsoft Cabinet archive data, 59134 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\TarD03C.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-1900770373.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:11
2020, mtime=Sun Feb 21 23:54:33 2021, atime=Sun Feb 21 23:54:33 2021, length=90112, window=hide
|
dropped
|
|
|
|
C:\Users\user\Desktop\CBBE0000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32 ..\idefje.ekfd,DllRegisterServer
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\idefje.ekfd,DllRegisterServer
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://kashful.softwarebd.biz/ds/1802.gif
|
unknown
|
|
|
|
https://kashful.softwarebd.biz/ds/1802.Dc
|
unknown
|
|
|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://wus2-000.contentsync.
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://ecs.office.com/config/v2/Office
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
http://cps.root-x1.letsencrypt.org0
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://wus2-000.pagecontentsync.
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://templatelogging.office.com/client/log
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://ncus-000.contentsync.
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
https://api.cortana.ai
|
unknown
|
|
|
|
https://onedrive.live.com
|
unknown
|
|
|
|
https://ovisualuiapp.azurewebsites.net/pbiagave/
|
unknown
|
|
|
|
https://visio.uservoice.com/forums/368202-visio-on-devices
|
unknown
|
|
|
|
https://directory.services.
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://cert.int-x1.letsencrypt.org/
|
unknown
|
|
There are 100 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
kashful.softwarebd.biz
|
185.151.30.170
|
|
|
|
cert.int-x1.letsencrypt.org
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
|---|---|---|---|---|---|
|
185.151.30.170
|
unknown
|
United Kingdom
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
l`:
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
|`:
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RemoteClearDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Last
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
FilePath
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
StartDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
EndDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Properties
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Url
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastClean
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableWinHttpCertAuth
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableIsOwnerRegex
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableSessionAwareHttpClose
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableADALForExtendedApps
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableADALSetSilentAuth
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
msoridDisableGuestCredProvider
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
msoridDisableOstringReplace
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
17A9A
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
MSForms
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
MSComctlLib
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
17EA2
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
18067
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
18180
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
1822C
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
(n:
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
25654
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
2578D
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingConfigurableSettings
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastSyncTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastWriteTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
CacheReady
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastRequest
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
CacheReady
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastUpdate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
NextUpdate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
|h2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EB809
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EBA0C
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EBAC7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EBB82
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EBBFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
kp2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F5792
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F5918
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
There are 166 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2AE99154000
|
unkown
|
page read and write
|
|
|
|
1E0A3C63000
|
unkown
|
page read and write
|
|
|
|
2F62000
|
unkown
|
page readonly
|
|
|
|
230CA271000
|
unkown
|
page read and write
|
|
|
|
7FF4F6954000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D02000
|
unkown
|
page readonly
|
|
|
|
1B1D4A47000
|
unkown
|
page read and write
|
|
|
|
6980000
|
unkown
|
page read and write
|
|
|
|
3D050FF000
|
unkown
|
page read and write
|
|
|
|
2DF7000
|
unkown
|
page readonly
|
|
|
|
2FF6000
|
unkown
|
page readonly
|
|
|
|
7FF5A1AB5000
|
unkown
|
page readonly
|
|
|
|
24219B60000
|
unkown
|
page write copy
|
|
|
|
230CA341000
|
unkown
|
page read and write
|
|
|
|
7FF5A1C03000
|
unkown
|
page readonly
|
|
|
|
7FF4F6FAC000
|
unkown
|
page readonly
|
|
|
|
7FF57E73A000
|
unkown
|
page readonly
|
|
|
|
7FF505896000
|
unkown
|
page readonly
|
|
|
|
2AE994B1000
|
unkown
|
page read and write
|
|
|
|
7FF554B1C000
|
unkown
|
page readonly
|
|
|
|
22FF766D000
|
unkown
|
page read and write
|
|
|
|
24219C02000
|
unkown
|
page read and write
|
|
|
|
22FF7550000
|
heap private
|
page read and write
|
|
|
|
2F95000
|
unkown
|
page readonly
|
|
|
|
2F56000
|
unkown
|
page readonly
|
|
|
|
1E0A3C00000
|
unkown
|
page read and write
|
|
|
|
230CC140000
|
unkown
|
page read and write
|
|
|
|
2F70000
|
unkown
|
page readonly
|
|
|
|
230CC742000
|
unkown
|
page read and write
|
|
|
|
2AE99110000
|
unkown
|
page read and write
|
|
|
|
7FF5A1CA7000
|
unkown
|
page readonly
|
|
|
|
230CC332000
|
unkown
|
page read and write
|
|
|
|
1B0CA84A000
|
unkown
|
page read and write
|
|
|
|
7FF4F6FF1000
|
unkown
|
page readonly
|
|
|
|
7FF4F7075000
|
unkown
|
page readonly
|
|
|
|
273E7ECF000
|
unkown
|
page read and write
|
|
|
|
7FF4F7089000
|
unkown
|
page readonly
|
|
|
|
7FF57E50A000
|
unkown
|
page readonly
|
|
|
|
7FF4F6F28000
|
unkown
|
page readonly
|
|
|
|
3D054FB000
|
unkown
|
page read and write
|
|
|
|
7FF4F709D000
|
unkown
|
page readonly
|
|
|
|
7FF4F6E5B000
|
unkown
|
page readonly
|
|
|
|
1B0CA730000
|
heap default
|
page read and write
|
|
|
|
7FF5693CA000
|
unkown
|
page readonly
|
|
|
|
54ADC7F000
|
unkown
|
page read and write
|
|
|
|
2AE99131000
|
unkown
|
page read and write
|
|
|
|
1AFA5DE0000
|
unkown
|
page read and write
|
|
|
|
7FF4F6DF5000
|
unkown
|
page readonly
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
3421000
|
unkown
|
page read and write
|
|
|
|
E3B000
|
unkown
|
page read and write
|
|
|
|
7FF4F6DA7000
|
unkown
|
page readonly
|
|
|
|
1AFA5E70000
|
unkown
|
page read and write
|
|
|
|
296CA7B000
|
unkown
|
page read and write
|
|
|
|
230CC38C000
|
unkown
|
page read and write
|
|
|
|
7FF5BA64F000
|
unkown
|
page readonly
|
|
|
|
1E0A3AF0000
|
unkown
|
page readonly
|
|
|
|
230CA200000
|
unkown
|
page read and write
|
|
|
|
1AFA5DB0000
|
heap default
|
page read and write
|
|
|
|
7FF505810000
|
unkown
|
page readonly
|
|
|
|
1B0CA740000
|
unkown
|
page readonly
|
|
|
|
CC2207F000
|
unkown
|
page read and write
|
|
|
|
341D000
|
unkown
|
page read and write
|
|
|
|
7FF50590E000
|
unkown
|
page readonly
|
|
|
|
7FF5B9DE1000
|
unkown
|
page readonly
|
|
|
|
3D04E7B000
|
unkown
|
page read and write
|
|
|
|
230CA150000
|
unkown
|
page write copy
|
|
|
|
230CC543000
|
unkown
|
page read and write
|
|
|
|
7FF50589C000
|
unkown
|
page readonly
|
|
|
|
1AFA5E13000
|
unkown
|
page read and write
|
|
|
|
7FF598539000
|
unkown
|
page readonly
|
|
|
|
230CC334000
|
unkown
|
page read and write
|
|
|
|
7FF5BA701000
|
unkown
|
page readonly
|
|
|
|
230CA288000
|
unkown
|
page read and write
|
|
|
|
230CA362000
|
unkown
|
page read and write
|
|
|
|
296CFFE000
|
unkown
|
page read and write
|
|
|
|
7FF4F6D94000
|
unkown
|
page readonly
|
|
|
|
230CC360000
|
unkown
|
page read and write
|
|
|
|
7FF554B34000
|
unkown
|
page readonly
|
|
|
|
7FF5058A5000
|
unkown
|
page readonly
|
|
|
|
1E0A3A20000
|
unkown
|
page readonly
|
|
|
|
249BE140000
|
unkown
|
page readonly
|
|
|
|
7FF57E910000
|
unkown
|
page readonly
|
|
|
|
22FF7700000
|
unkown
|
page read and write
|
|
|
|
7FF57E7DE000
|
unkown
|
page readonly
|
|
|
|
2421B6A0000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D66000
|
unkown
|
page readonly
|
|
|
|
249BE282000
|
unkown
|
page read and write
|
|
|
|
7FF4F6C6D000
|
unkown
|
page readonly
|
|
|
|
1E0A3C7D000
|
unkown
|
page read and write
|
|
|
|
115F000
|
stack
|
page read and write
|
|
|
|
2E45000
|
unkown
|
page readonly
|
|
|
|
1E0A3C2F000
|
unkown
|
page read and write
|
|
|
|
230CA229000
|
unkown
|
page read and write
|
|
|
|
7FF5BA709000
|
unkown
|
page readonly
|
|
|
|
1B0CA855000
|
unkown
|
page read and write
|
|
|
|
7FF5BA4CE000
|
unkown
|
page readonly
|
|
|
|
7FF5BA51D000
|
unkown
|
page readonly
|
|
|
|
7FF554B30000
|
unkown
|
page readonly
|
|
|
|
3D057FA000
|
unkown
|
page read and write
|
|
|
|
7FF57E79F000
|
unkown
|
page readonly
|
|
|
|
1B0CB540000
|
unkown
|
page readonly
|
|
|
|
7FF4F7046000
|
unkown
|
page readonly
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
7FF50587D000
|
unkown
|
page readonly
|
|
|
|
36E0000
|
unkown
|
page readonly
|
|
|
|
D68B1FE000
|
unkown
|
page read and write
|
|
|
|
1E0A3C76000
|
unkown
|
page read and write
|
|
|
|
7FF57E93A000
|
unkown
|
page readonly
|
|
|
|
36D7000
|
heap private
|
page read and write
|
|
|
|
7FF50584E000
|
unkown
|
page readonly
|
|
|
|
2AE99134000
|
unkown
|
page read and write
|
|
|
|
1E0A3A10000
|
heap default
|
page read and write
|
|
|
|
7FF5698CE000
|
unkown
|
page readonly
|
|
|
|
7FF5696ED000
|
unkown
|
page readonly
|
|
|
|
2FF0000
|
unkown
|
page readonly
|
|
|
|
249BE300000
|
unkown
|
page read and write
|
|
|
|
7FF57E9B4000
|
unkown
|
page readonly
|
|
|
|
7FF4F70A6000
|
unkown
|
page readonly
|
|
|
|
230CA302000
|
unkown
|
page read and write
|
|
|
|
F44C17E000
|
unkown
|
page read and write
|
|
|
|
7FF5A1CCC000
|
unkown
|
page readonly
|
|
|
|
230CC120000
|
unkown
|
page read and write
|
|
|
|
7FF5A1DF9000
|
unkown
|
page readonly
|
|
|
|
3D04EFE000
|
unkown
|
page read and write
|
|
|
|
24219C54000
|
unkown
|
page read and write
|
|
|
|
230CC130000
|
unkown
|
page read and write
|
|
|
|
1E0A3C4E000
|
unkown
|
page read and write
|
|
|
|
7FF5BA67C000
|
unkown
|
page readonly
|
|
|
|
230CC350000
|
unkown
|
page read and write
|
|
|
|
7FF5BA48F000
|
unkown
|
page readonly
|
|
|
|
3D04FFA000
|
unkown
|
page read and write
|
|
|
|
230CC332000
|
unkown
|
page read and write
|
|
|
|
230CD410000
|
unkown
|
page read and write
|
|
|
|
1E0A3D02000
|
unkown
|
page read and write
|
|
|
|
7FF57E1B7000
|
unkown
|
page readonly
|
|
|
|
249BE25A000
|
unkown
|
page read and write
|
|
|
|
2E03000
|
unkown
|
page readonly
|
|
|
|
230CA2C0000
|
unkown
|
page read and write
|
|
|
|
7FF56980E000
|
unkown
|
page readonly
|
|
|
|
230CC377000
|
unkown
|
page read and write
|
|
|
|
4C38DF7000
|
unkown
|
page read and write
|
|
|
|
296CB7E000
|
unkown
|
page read and write
|
|
|
|
7FF504F75000
|
unkown
|
page readonly
|
|
|
|
1E0A3C49000
|
unkown
|
page read and write
|
|
|
|
4C38FFC000
|
unkown
|
page read and write
|
|
|
|
1B0CA6D0000
|
heap private
|
page read and write
|
|
|
|
7FF4F70D0000
|
unkown
|
page readonly
|
|
|
|
7FF5A1B4A000
|
unkown
|
page readonly
|
|
|
|
1B0CA813000
|
unkown
|
page read and write
|
|
|
|
7FF57E7EA000
|
unkown
|
page readonly
|
|
|
|
2AE994B3000
|
unkown
|
page read and write
|
|
|
|
7FF554807000
|
unkown
|
page readonly
|
|
|
|
296CDFB000
|
unkown
|
page read and write
|
|
|
|
1E0A3E00000
|
unkown
|
page readonly
|
|
|
|
7FF5549A7000
|
unkown
|
page readonly
|
|
|
|
22FF75B0000
|
heap default
|
page read and write
|
|
|
|
7FF5A1DF9000
|
unkown
|
page readonly
|
|
|
|
230CC436000
|
unkown
|
page read and write
|
|
|
|
230CC332000
|
unkown
|
page read and write
|
|
|
|
7FF5BA602000
|
unkown
|
page readonly
|
|
|
|
7FF554B0C000
|
unkown
|
page readonly
|
|
|
|
230CD110000
|
unkown
|
page read and write
|
|
|
|
7FF554AFD000
|
unkown
|
page readonly
|
|
|
|
7FF57E82D000
|
unkown
|
page readonly
|
|
|
|
3D05AFC000
|
unkown
|
page read and write
|
|
|
|
7FF5BA686000
|
unkown
|
page readonly
|
|
|
|
22FF91C0000
|
unkown
|
page readonly
|
|
|
|
7FF4F6FDA000
|
unkown
|
page readonly
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
7FF554B37000
|
unkown
|
page readonly
|
|
|
|
7FF5696AA000
|
unkown
|
page readonly
|
|
|
|
7FF554B99000
|
unkown
|
page readonly
|
|
|
|
273E7F63000
|
unkown
|
page read and write
|
|
|
|
7FF5BA513000
|
unkown
|
page readonly
|
|
|
|
7FF5058B4000
|
unkown
|
page readonly
|
|
|
|
24219C29000
|
unkown
|
page read and write
|
|
|
|
7FF5547F4000
|
unkown
|
page readonly
|
|
|
|
1AFA5E4D000
|
unkown
|
page read and write
|
|
|
|
1B0CA908000
|
unkown
|
page read and write
|
|
|
|
1AFA5E49000
|
unkown
|
page read and write
|
|
|
|
230CA275000
|
unkown
|
page read and write
|
|
|
|
230CC0B0000
|
heap private
|
page read and write
|
|
|
|
1AFA5DD0000
|
unkown
|
page readonly
|
|
|
|
54AD7BB000
|
unkown
|
page read and write
|
|
|
|
7FF5A1CAA000
|
unkown
|
page readonly
|
|
|
|
1AFA60D0000
|
unkown
|
page readonly
|
|
|
|
1B0CA84D000
|
unkown
|
page read and write
|
|
|
|
2AE99210000
|
unkown
|
page read and write
|
|
|
|
7FF57E986000
|
unkown
|
page readonly
|
|
|
|
7FF555B39000
|
unkown
|
page readonly
|
|
|
|
1AFA5E00000
|
unkown
|
page read and write
|
|
|
|
230CD010000
|
unkown
|
page read and write
|
|
|
|
230CA400000
|
unkown
|
page readonly
|
|
|
|
7FF5543A9000
|
unkown
|
page readonly
|
|
|
|
7FF57E996000
|
unkown
|
page readonly
|
|
|
|
7FF554AAA000
|
unkown
|
page readonly
|
|
|
|
7FF4F70C5000
|
unkown
|
page readonly
|
|
|
|
230CC3D7000
|
unkown
|
page read and write
|
|
|
|
7FF554AA6000
|
unkown
|
page readonly
|
|
|
|
7FF505886000
|
unkown
|
page readonly
|
|
|
|
249BE150000
|
unkown
|
page read and write
|
|
|
|
7FF4F6E00000
|
unkown
|
page readonly
|
|
|
|
230CC311000
|
unkown
|
page read and write
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
2F67000
|
unkown
|
page readonly
|
|
|
|
7FF57E9B0000
|
unkown
|
page readonly
|
|
|
|
3419000
|
unkown
|
page read and write
|
|
|
|
230CC37A000
|
unkown
|
page read and write
|
|
|
|
7FF5BA42A000
|
unkown
|
page readonly
|
|
|
|
7FF5BA541000
|
unkown
|
page readonly
|
|
|
|
230CC642000
|
unkown
|
page read and write
|
|
|
|
1E0A3C64000
|
unkown
|
page read and write
|
|
|
|
111E000
|
unkown
|
page read and write
|
|
|
|
7FF57E09D000
|
unkown
|
page readonly
|
|
|
|
7FF4F70B6000
|
unkown
|
page readonly
|
|
|
|
D68ABBE000
|
unkown
|
page read and write
|
|
|
|
2FA5000
|
unkown
|
page readonly
|
|
|
|
1E0A3C3A000
|
unkown
|
page read and write
|
|
|
|
273E8AA0000
|
unkown
|
page read and write
|
|
|
|
2F32000
|
unkown
|
page readonly
|
|
|
|
4C390FF000
|
unkown
|
page read and write
|
|
|
|
230CA362000
|
unkown
|
page read and write
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
1B0CB002000
|
unkown
|
page read and write
|
|
|
|
1E0A3C26000
|
unkown
|
page read and write
|
|
|
|
249BE308000
|
unkown
|
page read and write
|
|
|
|
1AFA5E29000
|
unkown
|
page read and write
|
|
|
|
2AE99489000
|
unkown
|
page read and write
|
|
|
|
1AFA5E3C000
|
unkown
|
page read and write
|
|
|
|
230CC36E000
|
unkown
|
page read and write
|
|
|
|
7FF5BA57C000
|
unkown
|
page readonly
|
|
|
|
230CC110000
|
unkown
|
page read and write
|
|
|
|
1E0A3C6A000
|
unkown
|
page read and write
|
|
|
|
4C38AFF000
|
unkown
|
page read and write
|
|
|
|
7FF4F6E9E000
|
unkown
|
page readonly
|
|
|
|
7FF4F7030000
|
unkown
|
page readonly
|
|
|
|
230CC30F000
|
unkown
|
page read and write
|
|
|
|
24219D02000
|
unkown
|
page read and write
|
|
|
|
22FF7800000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D7C000
|
unkown
|
page readonly
|
|
|
|
7FF5BA612000
|
unkown
|
page readonly
|
|
|
|
7FF554ADF000
|
unkown
|
page readonly
|
|
|
|
1E0A3C61000
|
unkown
|
page read and write
|
|
|
|
F44C57E000
|
unkown
|
page read and write
|
|
|
|
3415000
|
unkown
|
page read and write
|
|
|
|
230CA314000
|
unkown
|
page read and write
|
|
|
|
2F3A000
|
unkown
|
page readonly
|
|
|
|
7FF57EA0E000
|
unkown
|
page readonly
|
|
|
|
22FF763F000
|
unkown
|
page read and write
|
|
|
|
230CC32F000
|
unkown
|
page read and write
|
|
|
|
1E0A39B0000
|
heap private
|
page read and write
|
|
|
|
230CA26F000
|
unkown
|
page read and write
|
|
|
|
CFA000
|
unkown
|
page read and write
|
|
|
|
2AE99270000
|
unkown
|
page read and write
|
|
|
|
1E0A4202000
|
unkown
|
page read and write
|
|
|
|
1B0CB200000
|
unkown
|
page readonly
|
|
|
|
7FF5696E3000
|
unkown
|
page readonly
|
|
|
|
1B1D4A48000
|
unkown
|
page read and write
|
|
|
|
7FF5697E8000
|
unkown
|
page readonly
|
|
|
|
230CC34F000
|
unkown
|
page read and write
|
|
|
|
7FF57E912000
|
unkown
|
page readonly
|
|
|
|
230CC583000
|
unkown
|
page read and write
|
|
|
|
2AE99140000
|
unkown
|
page read and write
|
|
|
|
7FF5621AC000
|
unkown
|
page readonly
|
|
|
|
1AFA5E8A000
|
unkown
|
page read and write
|
|
|
|
230CC350000
|
unkown
|
page read and write
|
|
|
|
230CA1F0000
|
unkown
|
page readonly
|
|
|
|
22FF7702000
|
unkown
|
page read and write
|
|
|
|
230CC311000
|
unkown
|
page read and write
|
|
|
|
1E0A3C5C000
|
unkown
|
page read and write
|
|
|
|
230CC388000
|
unkown
|
page read and write
|
|
|
|
1E0A3C7A000
|
unkown
|
page read and write
|
|
|
|
4C38A7E000
|
unkown
|
page read and write
|
|
|
|
7FF5BA6A7000
|
unkown
|
page readonly
|
|
|
|
7FF554AA8000
|
unkown
|
page readonly
|
|
|
|
3018000
|
unkown
|
page readonly
|
|
|
|
230CA213000
|
unkown
|
page read and write
|
|
|
|
F44C477000
|
unkown
|
page read and write
|
|
|
|
2AE9911E000
|
unkown
|
page read and write
|
|
|
|
3D055FB000
|
unkown
|
page read and write
|
|
|
|
22FF7920000
|
unkown
|
page readonly
|
|
|
|
230CC110000
|
unkown
|
page read and write
|
|
|
|
7FF4F712E000
|
unkown
|
page readonly
|
|
|
|
2AE99150000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D5D000
|
unkown
|
page readonly
|
|
|
|
249BE050000
|
heap default
|
page read and write
|
|
|
|
1B0CA847000
|
unkown
|
page read and write
|
|
|
|
7FF50583A000
|
unkown
|
page readonly
|
|
|
|
273E7ECF000
|
unkown
|
page read and write
|
|
|
|
2F54000
|
unkown
|
page readonly
|
|
|
|
6630000
|
heap private
|
page read and write
|
|
|
|
7FF5A1D49000
|
unkown
|
page readonly
|
|
|
|
1E0A3C2A000
|
unkown
|
page read and write
|
|
|
|
230CA26B000
|
unkown
|
page read and write
|
|
|
|
3004000
|
unkown
|
page readonly
|
|
|
|
33FA000
|
heap default
|
page read and write
|
|
|
|
7FF5A1D3F000
|
unkown
|
page readonly
|
|
|
|
1B1D4A48000
|
unkown
|
page read and write
|
|
|
|
230CA1E0000
|
unkown
|
page read and write
|
|
|
|
1E0A3C5F000
|
unkown
|
page read and write
|
|
|
|
230CC311000
|
unkown
|
page read and write
|
|
|
|
249BE25E000
|
unkown
|
page read and write
|
|
|
|
3D052F9000
|
unkown
|
page read and write
|
|
|
|
341E000
|
unkown
|
page read and write
|
|
|
|
230CC473000
|
unkown
|
page read and write
|
|
|
|
1E0A3C33000
|
unkown
|
page read and write
|
|
|
|
F44C0FE000
|
unkown
|
page read and write
|
|
|
|
1AFA6602000
|
unkown
|
page read and write
|
|
|
|
230CCA00000
|
unkown
|
page readonly
|
|
|
|
2421B5A0000
|
unkown
|
page read and write
|
|
|
|
7FF554988000
|
unkown
|
page readonly
|
|
|
|
7FF50585F000
|
unkown
|
page readonly
|
|
|
|
1AFA5F08000
|
unkown
|
page read and write
|
|
|
|
7FF5BA66D000
|
unkown
|
page readonly
|
|
|
|
7FF4F70BC000
|
unkown
|
page readonly
|
|
|
|
273E7F3E000
|
unkown
|
page read and write
|
|
|
|
230CC583000
|
unkown
|
page read and write
|
|
|
|
3419000
|
unkown
|
page read and write
|
|
|
|
230CC543000
|
unkown
|
page read and write
|
|
|
|
7FF4F6DEE000
|
unkown
|
page readonly
|
|
|
|
230CC311000
|
unkown
|
page read and write
|
|
|
|
230CA321000
|
unkown
|
page read and write
|
|
|
|
CC21FF9000
|
unkown
|
page read and write
|
|
|
|
F44C07B000
|
unkown
|
page read and write
|
|
|
|
7FF4F6EBF000
|
unkown
|
page readonly
|
|
|
|
7FF57E97D000
|
unkown
|
page readonly
|
|
|
|
230CC332000
|
unkown
|
page read and write
|
|
|
|
230CC345000
|
unkown
|
page read and write
|
|
|
|
273E7EED000
|
unkown
|
page read and write
|
|
|
|
22FF7600000
|
unkown
|
page read and write
|
|
|
|
7FF5A1A67000
|
unkown
|
page readonly
|
|
|
|
24219C3F000
|
unkown
|
page read and write
|
|
|
|
230CC500000
|
unkown
|
page read and write
|
|
|
|
7FF5A1A63000
|
unkown
|
page readonly
|
|
|
|
22FF766E000
|
unkown
|
page read and write
|
|
|
|
1AFA5E88000
|
unkown
|
page read and write
|
|
|
|
7FF57E9B7000
|
unkown
|
page readonly
|
|
|
|
1B0CAA00000
|
unkown
|
page readonly
|
|
|
|
249BEA02000
|
unkown
|
page read and write
|
|
|
|
2AE994B6000
|
unkown
|
page read and write
|
|
|
|
7FF504FED000
|
unkown
|
page readonly
|
|
|
|
3D0597D000
|
unkown
|
page read and write
|
|
|
|
249BE261000
|
unkown
|
page read and write
|
|
|
|
2F83000
|
unkown
|
page readonly
|
|
|
|
7FF505911000
|
unkown
|
page readonly
|
|
|
|
7FF56984C000
|
unkown
|
page readonly
|
|
|
|
341D000
|
unkown
|
page read and write
|
|
|
|
E37000
|
unkown
|
page read and write
|
|
|
|
7FF4F6DA3000
|
unkown
|
page readonly
|
|
|
|
249BE400000
|
unkown
|
page readonly
|
|
|
|
7FF57E851000
|
unkown
|
page readonly
|
|
|
|
CC21F79000
|
unkown
|
page read and write
|
|
|
|
230CC4A4000
|
unkown
|
page read and write
|
|
|
|
7FF4F7042000
|
unkown
|
page readonly
|
|
|
|
7FF5BA618000
|
unkown
|
page readonly
|
|
|
|
1170000
|
unkown
|
page readonly
|
|
|
|
7FF571A99000
|
unkown
|
page readonly
|
|
|
|
24219A90000
|
unkown
|
page readonly
|
|
|
|
7FF57E955000
|
unkown
|
page readonly
|
|
|
|
7FF554AD5000
|
unkown
|
page readonly
|
|
|
|
230CA2C1000
|
unkown
|
page read and write
|
|
|
|
3415000
|
unkown
|
page read and write
|
|
|
|
D68AFFF000
|
unkown
|
page read and write
|
|
|
|
230CC202000
|
unkown
|
page read and write
|
|
|
|
230CA332000
|
unkown
|
page read and write
|
|
|
|
7FF4F6958000
|
unkown
|
page readonly
|
|
|
|
2C13000
|
unkown
|
page readonly
|
|
|
|
230CBC70000
|
unkown
|
page read and write
|
|
|
|
7FF4F7032000
|
unkown
|
page readonly
|
|
|
|
7FF5E7C89000
|
unkown
|
page readonly
|
|
|
|
7FF4F6EA0000
|
unkown
|
page readonly
|
|
|
|
1E0A3C40000
|
unkown
|
page read and write
|
|
|
|
4C38CFB000
|
unkown
|
page read and write
|
|
|
|
1E0A3C83000
|
unkown
|
page read and write
|
|
|
|
230CC300000
|
unkown
|
page read and write
|
|
|
|
230CA2C2000
|
unkown
|
page read and write
|
|
|
|
7FF5BA645000
|
unkown
|
page readonly
|
|
|
|
2C8B000
|
unkown
|
page readonly
|
|
|
|
7FF57E95F000
|
unkown
|
page readonly
|
|
|
|
230CC314000
|
unkown
|
page read and write
|
|
|
|
230CC332000
|
unkown
|
page read and write
|
|
|
|
2AE99110000
|
unkown
|
page read and write
|
|
|
|
22FF78D0000
|
unkown
|
page write copy
|
|
|
|
3018000
|
unkown
|
page readonly
|
|
|
|
7FF569874000
|
unkown
|
page readonly
|
|
|
|
1B0CA83C000
|
unkown
|
page read and write
|
|
|
|
1B0CA760000
|
unkown
|
page read and write
|
|
|
|
7FF57EA11000
|
unkown
|
page readonly
|
|
|
|
1E0A3C13000
|
unkown
|
page read and write
|
|
|
|
230CC484000
|
unkown
|
page read and write
|
|
|
|
7FF4F6FE4000
|
unkown
|
page readonly
|
|
|
|
22FF75C0000
|
unkown
|
page readonly
|
|
|
|
F44C275000
|
unkown
|
page read and write
|
|
|
|
341A000
|
unkown
|
page read and write
|
|
|
|
230CA140000
|
heap default
|
page read and write
|
|
|
|
3010000
|
unkown
|
page readonly
|
|
|
|
230CA1A0000
|
unkown
|
page readonly
|
|
|
|
230CA2A1000
|
unkown
|
page read and write
|
|
|
|
7FF525759000
|
unkown
|
page readonly
|
|
|
|
230CC38F000
|
unkown
|
page read and write
|
|
|
|
296CCFE000
|
unkown
|
page read and write
|
|
|
|
7FF56983D000
|
unkown
|
page readonly
|
|
|
|
33EE000
|
stack
|
page read and write
|
|
|
|
24219C00000
|
unkown
|
page read and write
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
7FF5A1DF1000
|
unkown
|
page readonly
|
|
|
|
DA0000
|
unkown
|
page read and write
|
|
|
|
7FF4F6E6C000
|
unkown
|
page readonly
|
|
|
|
249BE23C000
|
unkown
|
page read and write
|
|
|
|
1E0A3C3D000
|
unkown
|
page read and write
|
|
|
|
7FF554A51000
|
unkown
|
page readonly
|
|
|
|
7FF4F6C43000
|
unkown
|
page readonly
|
|
|
|
22FF7713000
|
unkown
|
page read and write
|
|
|
|
7FF56974C000
|
unkown
|
page readonly
|
|
|
|
7FF569711000
|
unkown
|
page readonly
|
|
|
|
7FF554900000
|
unkown
|
page readonly
|
|
|
|
2F50000
|
unkown
|
page readonly
|
|
|
|
249BE130000
|
unkown
|
page readonly
|
|
|
|
3439000
|
unkown
|
page read and write
|
|
|
|
CC220FF000
|
unkown
|
page read and write
|
|
|
|
230CA2EB000
|
unkown
|
page read and write
|
|
|
|
7FF57E857000
|
unkown
|
page readonly
|
|
|
|
3D053F9000
|
unkown
|
page read and write
|
|
|
|
3D051FA000
|
unkown
|
page read and write
|
|
|
|
7FF5BA200000
|
unkown
|
page readonly
|
|
|
|
7FF4F6FE7000
|
unkown
|
page readonly
|
|
|
|
54ADD7A000
|
unkown
|
page read and write
|
|
|
|
1E0A3C02000
|
unkown
|
page read and write
|
|
|
|
230CC682000
|
unkown
|
page read and write
|
|
|
|
1B0CAAD0000
|
unkown
|
page readonly
|
|
|
|
230CC602000
|
unkown
|
page read and write
|
|
|
|
230CC412000
|
unkown
|
page read and write
|
|
|
|
230CD610000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D87000
|
unkown
|
page readonly
|
|
|
|
1AFA6B40000
|
unkown
|
page readonly
|
|
|
|
7FF5BA62A000
|
unkown
|
page readonly
|
|
|
|
7FF57E808000
|
unkown
|
page readonly
|
|
|
|
3D0567B000
|
unkown
|
page read and write
|
|
|
|
230CC700000
|
unkown
|
page read and write
|
|
|
|
249BE266000
|
unkown
|
page read and write
|
|
|
|
7FF57E510000
|
unkown
|
page readonly
|
|
|
|
7FF57E926000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D06000
|
unkown
|
page readonly
|
|
|
|
7FF5A1C07000
|
unkown
|
page readonly
|
|
|
|
D68AABB000
|
unkown
|
page read and write
|
|
|
|
7FF504F73000
|
unkown
|
page readonly
|
|
|
|
230CA26B000
|
unkown
|
page read and write
|
|
|
|
249BE860000
|
unkown
|
page readonly
|
|
|
|
24219A20000
|
heap private
|
page read and write
|
|
|
|
230CC3C6000
|
unkown
|
page read and write
|
|
|
|
7FF50563A000
|
unkown
|
page readonly
|
|
|
|
249BE22A000
|
unkown
|
page read and write
|
|
|
|
3D059FB000
|
unkown
|
page read and write
|
|
|
|
7FF5693D0000
|
unkown
|
page readonly
|
|
|
|
24219C13000
|
unkown
|
page read and write
|
|
|
|
7FF569856000
|
unkown
|
page readonly
|
|
|
|
7FF57E9A5000
|
unkown
|
page readonly
|
|
|
|
7FF5BA695000
|
unkown
|
page readonly
|
|
|
|
22FF7629000
|
unkown
|
page read and write
|
|
|
|
1AFA6000000
|
unkown
|
page readonly
|
|
|
|
F44C67E000
|
unkown
|
page read and write
|
|
|
|
230CC34B000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D90000
|
unkown
|
page readonly
|
|
|
|
CC21EFE000
|
unkown
|
page read and write
|
|
|
|
22FF7613000
|
unkown
|
page read and write
|
|
|
|
2F1F000
|
unkown
|
page readonly
|
|
|
|
CC21E7E000
|
unkown
|
page read and write
|
|
|
|
1B0CA800000
|
unkown
|
page read and write
|
|
|
|
7FF5549A3000
|
unkown
|
page readonly
|
|
|
|
230CC331000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D76000
|
unkown
|
page readonly
|
|
|
|
7FF57E98C000
|
unkown
|
page readonly
|
|
|
|
2AE94518000
|
unkown
|
page read and write
|
|
|
|
7FF57E99C000
|
unkown
|
page readonly
|
|
|
|
DD0000
|
unkown
|
page readonly
|
|
|
|
7FF5BA63E000
|
unkown
|
page readonly
|
|
|
|
230CA2F6000
|
unkown
|
page read and write
|
|
|
|
230CA0E0000
|
heap private
|
page read and write
|
|
|
|
1E0A3C6C000
|
unkown
|
page read and write
|
|
|
|
7FF5548EA000
|
unkown
|
page readonly
|
|
|
|
1AFA5E78000
|
unkown
|
page read and write
|
|
|
|
22FF90C0000
|
unkown
|
page read and write
|
|
|
|
296CEF7000
|
unkown
|
page read and write
|
|
|
|
36D0000
|
heap private
|
page read and write
|
|
|
|
1E0A3C46000
|
unkown
|
page read and write
|
|
|
|
7FF5BA210000
|
unkown
|
page readonly
|
|
|
|
7FF505826000
|
unkown
|
page readonly
|
|
|
|
2F4B000
|
unkown
|
page readonly
|
|
|
|
230CC782000
|
unkown
|
page read and write
|
|
|
|
7FF4F7139000
|
unkown
|
page readonly
|
|
|
|
1B1D4A57000
|
unkown
|
page read and write
|
|
|
|
7FF5A1BE8000
|
unkown
|
page readonly
|
|
|
|
230CD310000
|
unkown
|
page read and write
|
|
|
|
7FF4F707F000
|
unkown
|
page readonly
|
|
|
|
296CC75000
|
unkown
|
page read and write
|
|
|
|
1E0A3C5A000
|
unkown
|
page read and write
|
|
|
|
230CA288000
|
unkown
|
page read and write
|
|
|
|
7FF554B8E000
|
unkown
|
page readonly
|
|
|
|
7FF505919000
|
unkown
|
page readonly
|
|
|
|
273E7ECF000
|
unkown
|
page read and write
|
|
|
|
7FF4F6DBC000
|
unkown
|
page readonly
|
|
|
|
4C38BF5000
|
unkown
|
page read and write
|
|
|
|
7FF5A1B60000
|
unkown
|
page readonly
|
|
|
|
1E0A3C31000
|
unkown
|
page read and write
|
|
|
|
230CD410000
|
unkown
|
page read and write
|
|
|
|
1AFA5E4C000
|
unkown
|
page read and write
|
|
|
|
1E0A3C33000
|
unkown
|
page read and write
|
|
|
|
1000000
|
unkown
|
page readonly
|
|
|
|
230CD110000
|
unkown
|
page read and write
|
|
|
|
230CC368000
|
unkown
|
page read and write
|
|
|
|
7FF5693E0000
|
unkown
|
page readonly
|
|
|
|
22FF7602000
|
unkown
|
page read and write
|
|
|
|
341E000
|
unkown
|
page read and write
|
|
|
|
6640000
|
unkown
|
page readonly
|
|
|
|
7FF57E94E000
|
unkown
|
page readonly
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
7FF50588C000
|
unkown
|
page readonly
|
|
|
|
237A57A0000
|
unkown
|
page read and write
|
|
|
|
4C38EFE000
|
unkown
|
page read and write
|
|
|
|
2AE991E0000
|
unkown
|
page read and write
|
|
|
|
7FF5A1A54000
|
unkown
|
page readonly
|
|
|
|
1180000
|
unkown
|
page read and write
|
|
|
|
3D0577B000
|
unkown
|
page read and write
|
|
|
|
7FF5697D0000
|
unkown
|
page readonly
|
|
|
|
2AE94558000
|
unkown
|
page read and write
|
|
|
|
230CD710000
|
unkown
|
page read and write
|
|
|
|
7FF554855000
|
unkown
|
page readonly
|
|
|
|
1B0CA900000
|
unkown
|
page read and write
|
|
|
|
1E0A3BE0000
|
unkown
|
page read and write
|
|
|
|
230CC110000
|
unkown
|
page read and write
|
|
|
|
1AFA5E75000
|
unkown
|
page read and write
|
|
|
|
1B1D6550000
|
unkown
|
page read and write
|
|
|
|
3D0557C000
|
unkown
|
page read and write
|
|
|
|
230CC43A000
|
unkown
|
page read and write
|
|
|
|
7FF57E520000
|
unkown
|
page readonly
|
|
|
|
2F46000
|
unkown
|
page readonly
|
|
|
|
7FF4F7139000
|
unkown
|
page readonly
|
|
|
|
230CA274000
|
unkown
|
page read and write
|
|
|
|
7FF554ACE000
|
unkown
|
page readonly
|
|
|
|
1B0CA88D000
|
unkown
|
page read and write
|
|
|
|
7FF554A6A000
|
unkown
|
page readonly
|
|
|
|
230CBD70000
|
unkown
|
page readonly
|
|
|
|
7FF569815000
|
unkown
|
page readonly
|
|
|
|
7FF4F6E78000
|
unkown
|
page readonly
|
|
|
|
7FF56965F000
|
unkown
|
page readonly
|
|
|
|
2F0E000
|
unkown
|
page readonly
|
|
|
|
7FF5BA600000
|
unkown
|
page readonly
|
|
|
|
249BE25B000
|
unkown
|
page read and write
|
|
|
|
7FF569877000
|
unkown
|
page readonly
|
|
|
|
230CA2C2000
|
unkown
|
page read and write
|
|
|
|
230CC400000
|
unkown
|
page read and write
|
|
|
|
230CA255000
|
unkown
|
page read and write
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
7FF4F700C000
|
unkown
|
page readonly
|
|
|
|
2F41000
|
unkown
|
page readonly
|
|
|
|
237A57A0000
|
unkown
|
page read and write
|
|
|
|
341D000
|
unkown
|
page read and write
|
|
|
|
7FF5BA616000
|
unkown
|
page readonly
|
|
|
|
2FFB000
|
unkown
|
page readonly
|
|
|
|
1B0CA82A000
|
unkown
|
page read and write
|
|
|
|
296CAFE000
|
unkown
|
page read and write
|
|
|
|
7FF57E0A3000
|
unkown
|
page readonly
|
|
|
|
1AFA5E4B000
|
unkown
|
page read and write
|
|
|
|
2AE99210000
|
unkown
|
page read and write
|
|
|
|
7FF57E969000
|
unkown
|
page readonly
|
|
|
|
230CA4D0000
|
unkown
|
page readonly
|
|
|
|
7FF4F7028000
|
unkown
|
page readonly
|
|
|
|
3439000
|
unkown
|
page read and write
|
|
|
|
7FF5698D1000
|
unkown
|
page readonly
|
|
|
|
1AFA5E52000
|
unkown
|
page read and write
|
|
|
|
7FF554ABA000
|
unkown
|
page readonly
|
|
|
|
230CA27C000
|
unkown
|
page read and write
|
|
|
|
230CC802000
|
unkown
|
page read and write
|
|
|
|
273E7EC7000
|
unkown
|
page read and write
|
|
|
|
7FF57EA19000
|
unkown
|
page readonly
|
|
|
|
7FF56981F000
|
unkown
|
page readonly
|
|
|
|
1E0A3C5E000
|
unkown
|
page read and write
|
|
|
|
1AFA5F13000
|
unkown
|
page read and write
|
|
|
|
1AFA5E4F000
|
unkown
|
page read and write
|
|
|
|
1E0A3C69000
|
unkown
|
page read and write
|
|
|
|
230CA2E9000
|
unkown
|
page read and write
|
|
|
|
7FF554A47000
|
unkown
|
page readonly
|
|
|
|
230CC3AD000
|
unkown
|
page read and write
|
|
|
|
230CD210000
|
unkown
|
page read and write
|
|
|
|
7FF5697E6000
|
unkown
|
page readonly
|
|
|
|
2AE994B7000
|
unkown
|
page read and write
|
|
|
|
1E0A3C66000
|
unkown
|
page read and write
|
|
|
|
D68AB3E000
|
unkown
|
page read and write
|
|
|
|
230CC353000
|
unkown
|
page read and write
|
|
|
|
230CC3F3000
|
unkown
|
page read and write
|
|
|
|
54ADBFA000
|
unkown
|
page read and write
|
|
|
|
7FF4F70A1000
|
unkown
|
page readonly
|
|
|
|
3D05B7D000
|
unkown
|
page read and write
|
|
|
|
249BE276000
|
unkown
|
page read and write
|
|
|
|
230CC3B6000
|
unkown
|
page read and write
|
|
|
|
7FF569717000
|
unkown
|
page readonly
|
|
|
|
7FF5A1566000
|
unkown
|
page readonly
|
|
|
|
2F3D000
|
unkown
|
page readonly
|
|
|
|
1AFA5E50000
|
unkown
|
page read and write
|
|
|
|
7FF5BA6A4000
|
unkown
|
page readonly
|
|
|
|
230CC453000
|
unkown
|
page read and write
|
|
|
|
7FF5058B7000
|
unkown
|
page readonly
|
|
|
|
F44C37B000
|
unkown
|
page read and write
|
|
|
|
7FF569846000
|
unkown
|
page readonly
|
|
|
|
7FF5543A5000
|
unkown
|
page readonly
|
|
|
|
249BE060000
|
unkown
|
page readonly
|
|
|
|
1B0CA913000
|
unkown
|
page read and write
|
|
|
|
7FF5A1DEE000
|
unkown
|
page readonly
|
|
|
|
7FF5BA6A0000
|
unkown
|
page readonly
|
|
|
|
54ADB7A000
|
unkown
|
page read and write
|
|
|
|
1E0A3C58000
|
unkown
|
page read and write
|
|
|
|
230CC34D000
|
unkown
|
page read and write
|
|
|
|
7FF554B16000
|
unkown
|
page readonly
|
|
|
|
7FF568F63000
|
unkown
|
page readonly
|
|
|
|
7FF5A1CCA000
|
unkown
|
page readonly
|
|
|
|
7FF5696C8000
|
unkown
|
page readonly
|
|
|
|
7FF554B06000
|
unkown
|
page readonly
|
|
|
|
2AE99118000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D6C000
|
unkown
|
page readonly
|
|
|
|
7FF4F70D4000
|
unkown
|
page readonly
|
|
|
|
7FF505919000
|
unkown
|
page readonly
|
|
|
|
1E0A3BD0000
|
unkown
|
page readonly
|
|
|
|
3432000
|
unkown
|
page read and write
|
|
|
|
230CC330000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D69000
|
unkown
|
page readonly
|
|
|
|
230CC30A000
|
unkown
|
page read and write
|
|
|
|
2AE94518000
|
unkown
|
page read and write
|
|
|
|
230CA23F000
|
unkown
|
page read and write
|
|
|
|
2AE99260000
|
unkown
|
page read and write
|
|
|
|
7FF5A156A000
|
unkown
|
page readonly
|
|
|
|
7FF554B27000
|
unkown
|
page readonly
|
|
|
|
273E7ED9000
|
unkown
|
page read and write
|
|
|
|
3D05BFE000
|
unkown
|
page read and write
|
|
|
|
54ADA7E000
|
unkown
|
page read and write
|
|
|
|
7FF5695FA000
|
unkown
|
page readonly
|
|
|
|
1B0CA850000
|
unkown
|
page read and write
|
|
|
|
7FF569870000
|
unkown
|
page readonly
|
|
|
|
230CC332000
|
unkown
|
page read and write
|
|
|
|
54ADCFB000
|
unkown
|
page read and write
|
|
|
|
7FF4F6F47000
|
unkown
|
page readonly
|
|
|
|
7FF554B99000
|
unkown
|
page readonly
|
|
|
|
1B0CA86F000
|
unkown
|
page read and write
|
|
|
|
3D0527A000
|
unkown
|
page read and write
|
|
|
|
7FF5691E9000
|
unkown
|
page readonly
|
|
|
|
D3B000
|
stack
|
page read and write
|
|
|
|
230CC311000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D08000
|
unkown
|
page readonly
|
|
|
|
230CC100000
|
unkown
|
page readonly
|
|
|
|
7FF4F6E8A000
|
unkown
|
page readonly
|
|
|
|
20D23866000
|
unkown
|
page read and write
|
|
|
|
230CC38F000
|
unkown
|
page read and write
|
|
|
|
6634000
|
heap private
|
page read and write
|
|
|
|
230CD510000
|
unkown
|
page read and write
|
|
|
|
7FF4F7013000
|
unkown
|
page readonly
|
|
|
|
7FF5A1CB1000
|
unkown
|
page readonly
|
|
|
|
3D0517A000
|
unkown
|
page read and write
|
|
|
|
249BE302000
|
unkown
|
page read and write
|
|
|
|
34F0000
|
unkown
|
page readonly
|
|
|
|
6440000
|
unkown
|
page read and write
|
|
|
|
22FF9500000
|
unkown
|
page read and write
|
|
|
|
1E0A3C57000
|
unkown
|
page read and write
|
|
|
|
273E7F4F000
|
unkown
|
page read and write
|
|
|
|
273E7F2F000
|
unkown
|
page read and write
|
|
|
|
1AFA6800000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D94000
|
unkown
|
page readonly
|
|
|
|
230CA31F000
|
unkown
|
page read and write
|
|
|
|
3D05C7F000
|
unkown
|
page read and write
|
|
|
|
7FF5697D2000
|
unkown
|
page readonly
|
|
|
|
273E7F18000
|
unkown
|
page read and write
|
|
|
|
7FF568F5D000
|
unkown
|
page readonly
|
|
|
|
7FF4F705A000
|
unkown
|
page readonly
|
|
|
|
1E0A3C62000
|
unkown
|
page read and write
|
|
|
|
7FF4F6FEA000
|
unkown
|
page readonly
|
|
|
|
3D0587B000
|
unkown
|
page read and write
|
|
|
|
7FF554860000
|
unkown
|
page readonly
|
|
|
|
7FF554AE9000
|
unkown
|
page readonly
|
|
|
|
11D0000
|
unkown
|
page read and write
|
|
|
|
1E0A3C79000
|
unkown
|
page read and write
|
|
|
|
2AE994B6000
|
unkown
|
page read and write
|
|
|
|
1E0A3C42000
|
unkown
|
page read and write
|
|
|
|
7FF5BA1FA000
|
unkown
|
page readonly
|
|
|
|
230CA2CE000
|
unkown
|
page read and write
|
|
|
|
7FF5BA676000
|
unkown
|
page readonly
|
|
|
|
1AFA5E48000
|
unkown
|
page read and write
|
|
|
|
230CC800000
|
unkown
|
page read and write
|
|
|
|
230CA298000
|
unkown
|
page read and write
|
|
|
|
1AFA5DC0000
|
unkown
|
page readonly
|
|
|
|
230CD210000
|
unkown
|
page read and write
|
|
|
|
2F72000
|
unkown
|
page readonly
|
|
|
|
10D0000
|
heap default
|
page read and write
|
|
|
|
7FF5A1D97000
|
unkown
|
page readonly
|
|
|
|
249BEC00000
|
unkown
|
page readonly
|
|
|
|
7FF569865000
|
unkown
|
page readonly
|
|
|
|
273E7F2D000
|
unkown
|
page read and write
|
|
|
|
230CC34F000
|
unkown
|
page read and write
|
|
|
|
230CC150000
|
unkown
|
page readonly
|
|
|
|
230CD610000
|
unkown
|
page read and write
|
|
|
|
7FF57E88C000
|
unkown
|
page readonly
|
|
|
|
230CC702000
|
unkown
|
page read and write
|
|
|
|
7FF554A4A000
|
unkown
|
page readonly
|
|
|
|
341D000
|
unkown
|
page read and write
|
|
|
|
7FF5BA709000
|
unkown
|
page readonly
|
|
|
|
7FF4F6FA5000
|
unkown
|
page readonly
|
|
|
|
230CD510000
|
unkown
|
page read and write
|
|
|
|
20D23866000
|
unkown
|
page read and write
|
|
|
|
7FF5BA4F8000
|
unkown
|
page readonly
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
7FF4F701C000
|
unkown
|
page readonly
|
|
|
|
230CC110000
|
unkown
|
page read and write
|
|
|
|
7FF4F7131000
|
unkown
|
page readonly
|
|
|
|
7FF5A1D0A000
|
unkown
|
page readonly
|
|
|
|
35E0000
|
unkown
|
page readonly
|
|
|
|
7FF57E823000
|
unkown
|
page readonly
|
|
|
|
2F90000
|
unkown
|
page readonly
|
|
|
|
7FF5B9DE4000
|
unkown
|
page readonly
|
|
|
|
1B1D6550000
|
unkown
|
page read and write
|
|
|
|
249BDFF0000
|
heap private
|
page read and write
|
|
|
|
7FF4F70C7000
|
unkown
|
page readonly
|
|
|
|
230CD410000
|
unkown
|
page read and write
|
|
|
|
7FF5058B0000
|
unkown
|
page readonly
|
|
|
|
3D056FB000
|
unkown
|
page read and write
|
|
|
|
4C387CB000
|
unkown
|
page read and write
|
|
|
|
33F0000
|
heap default
|
page read and write
|
|
|
|
2AE994B1000
|
unkown
|
page read and write
|
|
|
|
7FF57E922000
|
unkown
|
page readonly
|
|
|
|
3D058FA000
|
unkown
|
page read and write
|
|
|
|
7FF5B9EA6000
|
unkown
|
page readonly
|
|
|
|
230CC311000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D1A000
|
unkown
|
page readonly
|
|
|
|
7FF505869000
|
unkown
|
page readonly
|
|
|
|
1AFA5D50000
|
heap private
|
page read and write
|
|
|
|
7FF554803000
|
unkown
|
page readonly
|
|
|
|
249BE213000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D2E000
|
unkown
|
page readonly
|
|
|
|
230CA322000
|
unkown
|
page read and write
|
|
|
|
230CA26F000
|
unkown
|
page read and write
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
230CD510000
|
unkown
|
page read and write
|
|
|
|
230CC332000
|
unkown
|
page read and write
|
|
|
|
273E8DC0000
|
unkown
|
page read and write
|
|
|
|
230CA2BE000
|
unkown
|
page read and write
|
|
|
|
7FF5698D9000
|
unkown
|
page readonly
|
|
|
|
230CD010000
|
unkown
|
page read and write
|
|
|
|
D68B0FE000
|
unkown
|
page read and write
|
|
|
|
3D0547A000
|
unkown
|
page read and write
|
|
|
|
273E7F4F000
|
unkown
|
page read and write
|
|
|
|
DC0000
|
unkown
|
page readonly
|
|
|
|
7FF505828000
|
unkown
|
page readonly
|
|
|
|
7FF57EA19000
|
unkown
|
page readonly
|
|
|
|
3D04F7E000
|
unkown
|
page read and write
|
|
|
|
296D0FC000
|
unkown
|
page read and write
|
|
|
|
7FF5BA547000
|
unkown
|
page readonly
|
|
|
|
7FF4F6DE7000
|
unkown
|
page readonly
|
|
|
|
7FF554B91000
|
unkown
|
page readonly
|
|
|
|
230CD310000
|
unkown
|
page read and write
|
|
|
|
230CA373000
|
unkown
|
page read and write
|
|
|
|
1AFA5F02000
|
unkown
|
page read and write
|
|
|
|
7FF4F7017000
|
unkown
|
page readonly
|
|
|
|
7FF565B49000
|
unkown
|
page readonly
|
|
|
|
230CA28C000
|
unkown
|
page read and write
|
|
|
|
3419000
|
unkown
|
page read and write
|
|
|
|
7FF4F6FD1000
|
unkown
|
page readonly
|
|
|
|
3D05A7B000
|
unkown
|
page read and write
|
|
|
|
7FF4F706E000
|
unkown
|
page readonly
|
|
|
|
7FF57E928000
|
unkown
|
page readonly
|
|
|
|
7FF5697FA000
|
unkown
|
page readonly
|
|
|
|
7FF4F6F43000
|
unkown
|
page readonly
|
|
|
|
7FF4F70AC000
|
unkown
|
page readonly
|
|
|
|
7FF569077000
|
unkown
|
page readonly
|
|
|
|
230CD210000
|
unkown
|
page read and write
|
|
|
|
230CC389000
|
unkown
|
page read and write
|
|
|
|
7FF4F70D7000
|
unkown
|
page readonly
|
|
|
|
230CA2BB000
|
unkown
|
page read and write
|
|
|
|
1B1D6550000
|
unkown
|
page read and write
|
|
|
|
7FF554AA2000
|
unkown
|
page readonly
|
|
|
|
230CC386000
|
unkown
|
page read and write
|
|
|
|
7FF5A1D35000
|
unkown
|
page readonly
|
|
|
|
1B0CA902000
|
unkown
|
page read and write
|
|
|
|
7FF5697E2000
|
unkown
|
page readonly
|
|
|
|
230CC3AD000
|
unkown
|
page read and write
|
|
|
|
7FF554A6C000
|
unkown
|
page readonly
|
|
|
|
230CC583000
|
unkown
|
page read and write
|
|
|
|
DE0000
|
unkown
|
page read and write
|
|
|
|
230CA2EE000
|
unkown
|
page read and write
|
|
|
|
7FF56969E000
|
unkown
|
page readonly
|
|
|
|
1160000
|
unkown
|
page readonly
|
|
|
|
1AFA5F00000
|
unkown
|
page read and write
|
|
|
|
7FF5BA6FE000
|
unkown
|
page readonly
|
|
|
|
1E0A3C2D000
|
unkown
|
page read and write
|
|
|
|
273E7F02000
|
unkown
|
page read and write
|
|
|
|
230CC170000
|
unkown
|
page readonly
|
|
|
|
230CC600000
|
unkown
|
page read and write
|
|
|
|
2FAA000
|
unkown
|
page readonly
|
|
|
|
CC21BCB000
|
unkown
|
page read and write
|
|
|
|
7FF569829000
|
unkown
|
page readonly
|
|
|
|
24219BB0000
|
unkown
|
page readonly
|
|
|
|
1B0CA885000
|
unkown
|
page read and write
|
|
|
|
22FF7655000
|
unkown
|
page read and write
|
|
|
|
7FF5A1AC0000
|
unkown
|
page readonly
|
|
|
|
2AE99484000
|
unkown
|
page read and write
|
|
|
|
54ADAFE000
|
unkown
|
page read and write
|
|
|
|
36DA000
|
heap private
|
page read and write
|
|
|
|
230CD310000
|
unkown
|
page read and write
|
|
|
|
1B1D4A58000
|
unkown
|
page read and write
|
|
|
|
7FF4F7048000
|
unkown
|
page readonly
|
|
|
|
2AE99210000
|
unkown
|
page read and write
|
|
|
|
249BE276000
|
unkown
|
page read and write
|
|
|
|
11CE000
|
unkown
|
page read and write
|
|
|
|
230CD000000
|
unkown
|
page read and write
|
|
|
|
7FF4F700A000
|
unkown
|
page readonly
|
|
|
|
7FF5BA659000
|
unkown
|
page readonly
|
|
|
|
24219A80000
|
heap default
|
page read and write
|
|
|
|
1E0A3C45000
|
unkown
|
page read and write
|
|
|
|
7FF5698D9000
|
unkown
|
page readonly
|
|
|
|
7FF505855000
|
unkown
|
page readonly
|
|
|
|
249BE200000
|
unkown
|
page read and write
|
|
|
|
7FF56985C000
|
unkown
|
page readonly
|
|
|
|
3D0507A000
|
unkown
|
page read and write
|
|
|
|
3D0537A000
|
unkown
|
page read and write
|
|
|
|
230CC30D000
|
unkown
|
page read and write
|
|
|
|
1E0A3C60000
|
unkown
|
page read and write
|
|
|
|
237A57A0000
|
unkown
|
page read and write
|
|
|
|
7FF5BA68C000
|
unkown
|
page readonly
|
|
|
|
1B0CA750000
|
unkown
|
page readonly
|
|
|
|
249BE313000
|
unkown
|
page read and write
|
|
|
|
7FF50F9B9000
|
unkown
|
page readonly
|
|
|
|
1B1D4A58000
|
unkown
|
page read and write
|
|
|
|
7FF5BA4DA000
|
unkown
|
page readonly
|
|
|
|
7FF50569F000
|
unkown
|
page readonly
|
|
|
|
24219E00000
|
unkown
|
page readonly
|
|
There are 821 hidden memdumps, click here to show them.