Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
document-1251000362.xlsm
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\3003[1].gif
|
PE32+ executable (DLL) (native) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\3003[1].gif
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\~$document-1251000362.xlsm
|
data
|
dropped
|
|
|
|
C:\Users\user\ksjvoefv.skd
|
PE32+ executable (DLL) (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\ksjvoefv.skd3
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 58596 bytes, 1 file
|
dropped
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4AE58898.png
|
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\77F73266.png
|
PNG image data, 485 x 185, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\98EC7FB9.png
|
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DFB60433.png
|
PNG image data, 205 x 58, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\C4DE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\CabDF39.tmp
|
Microsoft Cabinet archive data, 58596 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\TarDF3A.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue
Oct 17 10:04:00 2017, mtime=Wed Apr 7 01:35:39 2021, atime=Wed Apr 7 01:35:39 2021, length=16384, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-1251000362.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16
2020, mtime=Wed Apr 7 01:35:39 2021, atime=Wed Apr 7 01:35:40 2021, length=108032, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\A5DE0000
|
data
|
dropped
|
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\ksjvoefv.skd,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\ksjvoefv.skd1,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\ksjvoefv.skd2,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\ksjvoefv.skd3,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\ksjvoefv.skd4,DllRegisterServer
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://twitter.com/awscloud
|
unknown
|
|
|
|
https://a0.awsstatic.com/libra-css/images/logo
|
unknown
|
|
|
|
https://aws.amazon.com/terms/?nc1=f_pr
|
unknown
|
|
|
|
https://dc.ads.linkedin.com/collect/?pid=3038&fmt=gif
|
unknown
|
|
|
|
https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.html
|
unknown
|
|
|
|
https://a0.awsstatic.com/plc/js/1.0.108/plc
|
unknown
|
|
|
|
https://aws.amazon.com/cn/
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
|
|
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
|
|
|
https://a0.awsstatic.com/libra-css/images
|
unknown
|
|
|
|
https://a0.awsstatic.com/psf/null
|
unknown
|
|
|
|
https://aws.amazon.com/ar/
|
unknown
|
|
|
|
https://www.honeycode.aws/?&trk=el_a134p000003yC6YAAU&trkCampaign=pac-edm-2020-honeycode-hom
|
unknown
|
|
|
|
https://pages.awscloud.com/zillow-case-study?hp=tile&story=zllw
|
unknown
|
|
|
|
https://pages.awscloud.com/communication-preferences?trk=homepage
|
unknown
|
|
|
|
http://ocsp.rootg2.amazontrust.com08
|
unknown
|
|
|
|
https://aws.amazon.com/cn/?nc1=h_ls
|
unknown
|
|
|
|
https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&src=default
|
unknown
|
|
|
|
http://usaaforced.fun/
|
unknown
|
|
|
|
https://aws.amazon.com/ru/
|
unknown
|
|
|
|
https://aws.amazon.com/tw/?nc1=h_ls
|
unknown
|
|
|
|
https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowser
|
unknown
|
|
|
|
https://i18n-string.us-west-2.prod.pricing.aws.a2z.com
|
unknown
|
|
|
|
https://aws.amazon.com/ko/
|
unknown
|
|
|
|
https://aws.amazon.com/ru/?nc1=h_ls
|
unknown
|
|
|
|
http://usaaforced.fun/Q
|
unknown
|
|
|
|
https://a0.awsstatic.com/libra-css/images/site/fav/favicon.ico
|
unknown
|
|
|
|
https://aws.amazon.com/es/
|
unknown
|
|
|
|
http://crl.sca1b.amazontrust.com/sca1b.crl0
|
unknown
|
|
|
|
https://a0.awsstatic.com/target/1.0.113/aws-target-mediator.js
|
unknown
|
|
|
|
https://docs.aws.amazon.com/index.html?nc2=h_ql_doc
|
unknown
|
|
|
|
http://tvorartificialnature.xyz/
|
unknown
|
|
|
|
https://aws.amazon.com/ar/?nc1=h_ls
|
unknown
|
|
|
|
https://aws.amazon.com/k
|
unknown
|
|
|
|
https://aws.amazon.com/th/
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
https://a0.awsstatic.com/pricing-calculator/js/1.0.2
|
unknown
|
|
|
|
https://aws.amazon.com/marketplace/?nc2=h_mo
|
unknown
|
|
|
|
http://ocsp.sca1b.amazontrust.com06
|
unknown
|
|
|
|
https://amazon.com/
|
unknown
|
|
|
|
https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.png
|
unknown
|
|
|
|
https://console.aws.amazon.com/support/home/?nc2=h_ql_cu
|
unknown
|
|
|
|
http://crl.rootca1.amazontrust.com/rootca1.crl0
|
unknown
|
|
|
|
https://aws.amazon.com/search/
|
unknown
|
|
|
|
https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credential
|
unknown
|
|
|
|
https://aws.amazon.com/?nc2=h_lg
|
unknown
|
|
|
|
http://ocsp.rootca1.amazontrust.com0:
|
unknown
|
|
|
|
https://console.aws.amazon.com/support/home/?nc1=f_dr
|
unknown
|
|
|
|
https://a0.awsstatic.com/aws-blog/1.0.46/js
|
unknown
|
|
|
|
https://aws.amazon.com/fr/
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
https://console.aws.amazon.com/console/home?nc1=f_ct&src=footer-signin-mobile
|
unknown
|
|
|
|
https://aws.amazon.com/vi/
|
unknown
|
|
|
|
https://www.twitch.tv/aws
|
unknown
|
|
|
|
http://usaaforced.fun/k
|
unknown
|
|
|
|
https://aws.amazon.com/marketplace/?nc2=h_ql_mp
|
unknown
|
|
|
|
https://aws.amazon.com/search
|
unknown
|
|
|
|
http://crl.rootg2.amazontrust.com/rootg2.crl0
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
https://a0.awsstatic.com/da/js/1.0.47/aws-da.js
|
unknown
|
|
|
|
https://aws.amazon.com/tw/
|
unknown
|
|
|
|
https://aws.amazon.com/tr/?nc1=h_ls
|
unknown
|
|
|
|
https://console.aws.amazon.com/?nc2=h_m_mc
|
unknown
|
|
|
|
https://aws.amazon.com/fr/?nc1=h_ls
|
unknown
|
|
|
|
http://o.ss2.us/0
|
unknown
|
|
|
|
https://aws.amazon.com/search/?searchQuery=
|
unknown
|
|
|
|
https://a0.awsstatic.com/libra-search/1.0.13/js
|
unknown
|
|
|
|
http://crt.rootca1.am
|
unknown
|
|
|
|
https://aws.amazon.com/privacy/?nc1=f_pr
|
unknown
|
|
|
|
https://aws.amazon.com/pt/?nc1=h_ls
|
unknown
|
|
|
|
https://aws.amazon.com/jp/?nc1=h_ls
|
unknown
|
|
|
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
|
|
|
https://aws.amazon.com/marketplace?aws=hp
|
unknown
|
|
|
|
https://aws.amazon.com/
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.png
|
unknown
|
|
|
|
https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js
|
unknown
|
|
|
|
https://aws.amazon.com/podcasts/aws-podcast/
|
unknown
|
|
|
|
http://ocsp.entrust.net03
|
unknown
|
|
|
|
https://aws.amazon.com/jp/
|
unknown
|
|
|
|
http://crt.rootg2.amazontrust.com/rootg2.cer0=
|
unknown
|
|
|
|
https://aws.amazon.com/pt/
|
unknown
|
|
|
|
https://aws.amazon.com/?nc1=h_ls
|
unknown
|
|
|
|
https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.html
|
unknown
|
|
|
|
http://crt.comod
|
unknown
|
|
|
|
https://aws.amazon.com/es/?nc1=h_ls
|
unknown
|
|
|
|
https://a0.awsstatic.com/libra-css/images/logoo
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
https://d1.awsstatic.com
|
unknown
|
|
|
|
https://aws.amazon.com/de/
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
https://phd.aws.amazon.com/?nc2=h_m_sc
|
unknown
|
|
|
|
https://a0.awsstatic.com/libra/1.0.376/librastandardlib
|
unknown
|
|
|
|
https://aws.amazon.com/id/?nc1=h_ls
|
unknown
|
|
|
|
https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&src=default
|
unknown
|
|
|
|
https://a0.awsstatic.com
|
unknown
|
|
|
|
http://ocsp.entrust.net0D
|
unknown
|
|
|
|
https://pages.awscloud.com/fico-case-study.html?hp=tile&story=fico
|
unknown
|
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
agenbolatermurah.com
|
unknown
|
|
|
|
usaaforced.fun
|
unknown
|
|
|
|
tvorartificialnature.xyz
|
unknown
|
|
|
|
metaflip.io
|
192.185.48.186
|
|
|
|
tajushariya.com
|
199.79.62.99
|
|
|
|
columbia.aula-web.net
|
50.87.146.86
|
|
|
|
dr49lng3n1n2s.cloudfront.net
|
143.204.3.74
|
|
|
|
partsapp.com.br
|
192.185.214.87
|
|
|
|
aws.amazon.com
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
50.87.146.86
|
columbia.aula-web.net
|
United States
|
|
|
|
199.79.62.99
|
tajushariya.com
|
United States
|
|
|
|
192.185.214.87
|
partsapp.com.br
|
United States
|
|
|
|
143.204.3.74
|
dr49lng3n1n2s.cloudfront.net
|
United States
|
|
|
|
192.185.48.186
|
metaflip.io
|
United States
|
|
|
|
192.168.2.255
|
unknown
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
p`7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED079
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED402
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED568
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED614
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
?j7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
110435
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
111140
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
There are 109 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
152000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
DD000
|
heap default
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
2BD0000
|
unkown
|
page readonly
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
3202000
|
unkown
|
page read and write
|
|
|
|
28E9000
|
unkown
|
page readonly
|
|
|
|
386000
|
heap default
|
page read and write
|
|
|
|
2200000
|
unkown
|
page readonly
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
28A4000
|
unkown
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
28B9000
|
unkown
|
page readonly
|
|
|
|
376000
|
heap default
|
page read and write
|
|
|
|
2985000
|
unkown
|
page readonly
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
2A72000
|
unkown
|
page readonly
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
2A25000
|
unkown
|
page readonly
|
|
|
|
450000
|
unkown
|
page readonly
|
|
|
|
2B0000
|
unkown
|
page execute and read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
2099000
|
heap private
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
2902000
|
unkown
|
page readonly
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
31F6000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
2280000
|
heap private
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
27E000
|
heap default
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
2EC0000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
2989000
|
unkown
|
page readonly
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
2889000
|
unkown
|
page readonly
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
2866000
|
unkown
|
page readonly
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
15C000
|
unkown
|
page read and write
|
|
|
|
380000
|
unkown
|
page readonly
|
|
|
|
7FEF40E1000
|
unkown image
|
page execute read
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
7FEF46BA000
|
unkown image
|
page readonly
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
heap default
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
2C51000
|
unkown
|
page read and write
|
|
|
|
214000
|
heap private
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
440000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
3C0000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
F8000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
28E2000
|
unkown
|
page readonly
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
AE000
|
heap default
|
page read and write
|
|
|
|
2320000
|
unkown
|
page readonly
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
21E0000
|
heap private
|
page read and write
|
|
|
|
1B00000
|
unkown
|
page readonly
|
|
|
|
2C51000
|
unkown
|
page read and write
|
|
|
|
5F0000
|
unkown
|
page readonly
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
27E4000
|
unkown
|
page readonly
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
28D5000
|
unkown
|
page readonly
|
|
|
|
3AE000
|
unkown
|
page read and write
|
|
|
|
2782000
|
unkown
|
page readonly
|
|
|
|
7FEF40E3000
|
unkown image
|
page write copy
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
28D2000
|
unkown
|
page readonly
|
|
|
|
28D5000
|
unkown
|
page readonly
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
heap private
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
376000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
D2000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
444000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
31FE000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
28A5000
|
unkown
|
page readonly
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
2804000
|
unkown
|
page readonly
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
560000
|
unkown
|
page readonly
|
|
|
|
31F6000
|
unkown
|
page read and write
|
|
|
|
2C47000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
CF000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
31FB000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
2986000
|
unkown
|
page readonly
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
2C50000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
1FE3000
|
heap private
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
2C10000
|
unkown
|
page readonly
|
|
|
|
26CF000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
2812000
|
unkown
|
page readonly
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
2882000
|
unkown
|
page readonly
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
2C00000
|
unkown
|
page read and write
|
|
|
|
1EA0000
|
heap private
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
22CD000
|
unkown
|
page read and write
|
|
|
|
31F6000
|
unkown
|
page read and write
|
|
|
|
298D000
|
unkown
|
page readonly
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
31E2000
|
unkown
|
page read and write
|
|
|
|
31E2000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
520000
|
unkown
|
page readonly
|
|
|
|
3201000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
7FEF46C5000
|
unkown image
|
page readonly
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
1A6000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
CB000
|
heap default
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
31FE000
|
unkown
|
page read and write
|
|
|
|
27A2000
|
unkown
|
page readonly
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page readonly
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
31F6000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
11B000
|
unkown
|
page read and write
|
|
|
|
2C50000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
2C4C000
|
unkown
|
page read and write
|
|
|
|
31E2000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
28E6000
|
unkown
|
page readonly
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
2780000
|
heap private
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
2A1B000
|
unkown
|
page read and write
|
|
|
|
2A0000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
294000
|
heap private
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
2B50000
|
unkown
|
page readonly
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
2B42000
|
unkown
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
28B2000
|
unkown
|
page readonly
|
|
|
|
43A000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
2608000
|
unkown
|
page readonly
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
1A6000
|
unkown
|
page read and write
|
|
|
|
2682000
|
unkown
|
page readonly
|
|
|
|
27B2000
|
unkown
|
page readonly
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
2B32000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
2E70000
|
unkown
|
page readonly
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
20B0000
|
heap private
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
1FD0000
|
heap private
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
28E9000
|
unkown
|
page readonly
|
|
|
|
21E0000
|
unkown
|
page readonly
|
|
|
|
2784000
|
unkown
|
page readonly
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
436000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
2A20000
|
heap private
|
page read and write
|
|
|
|
240000
|
heap default
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
2582000
|
unkown
|
page readonly
|
|
|
|
2280000
|
unkown
|
page readonly
|
|
|
|
2932000
|
unkown
|
page readonly
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
443000
|
heap default
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
16F000
|
unkown
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
32DC000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
2260000
|
unkown
|
page readonly
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
280000
|
unkown
|
page readonly
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
20DB000
|
heap private
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
20A0000
|
heap private
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
260000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
310000
|
heap private
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
238B000
|
heap private
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
28A5000
|
unkown
|
page readonly
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
15F000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
634000
|
heap private
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
2BFF000
|
unkown
|
page read and write
|
|
|
|
2A2C000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
7FEF4690000
|
unkown image
|
page readonly
|
|
|
|
2B4000
|
unkown
|
page execute and read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
2285000
|
heap private
|
page read and write
|
|
|
|
2762000
|
unkown
|
page readonly
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
25C000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
3190000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
27BF000
|
heap private
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
2B92000
|
unkown
|
page readonly
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
16F000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
2055000
|
heap private
|
page read and write
|
|
|
|
2289000
|
heap private
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
1D10000
|
unkown
|
page readonly
|
|
|
|
33CC000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
3B3000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
2800000
|
unkown
|
page write copy
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
D6000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
1F50000
|
heap private
|
page read and write
|
|
|
|
314000
|
heap private
|
page read and write
|
|
|
|
168000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
350000
|
heap default
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
3B4000
|
unkown
|
page execute and read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
439000
|
heap default
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
31E2000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
BCF000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
3B1000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
2975000
|
unkown
|
page readonly
|
|
|
|
480000
|
unkown
|
page write copy
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
5E4000
|
heap private
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2B90000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2AD0000
|
unkown
|
page readonly
|
|
|
|
7FEF40E9000
|
unkown image
|
page write copy
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
21E9000
|
heap private
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
unkown
|
page execute and read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
2C47000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
2939000
|
unkown
|
page readonly
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
15B000
|
unkown
|
page read and write
|
|
|
|
1CA7000
|
unkown
|
page readonly
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
22D0000
|
unkown
|
page readonly
|
|
|
|
2300000
|
unkown
|
page readonly
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
20F0000
|
unkown
|
page readonly
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
2825000
|
unkown
|
page readonly
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
2C47000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
38E000
|
heap default
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
1B60000
|
unkown
|
page readonly
|
|
|
|
2169000
|
heap private
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
7FEF40E0000
|
unkown image
|
page readonly
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
28F6000
|
unkown
|
page readonly
|
|
|
|
2350000
|
heap private
|
page read and write
|
|
|
|
15C000
|
heap default
|
page read and write
|
|
|
|
2C3A000
|
unkown
|
page read and write
|
|
|
|
337000
|
heap default
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
27C4000
|
unkown
|
page readonly
|
|
|
|
D8000
|
heap default
|
page read and write
|
|
|
|
27C5000
|
unkown
|
page readonly
|
|
|
|
21E5000
|
heap private
|
page read and write
|
|
|
|
3201000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
unkown
|
page readonly
|
|
|
|
2855000
|
unkown
|
page readonly
|
|
|
|
F8000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
436000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
142000
|
heap default
|
page read and write
|
|
|
|
2B30000
|
unkown
|
page readonly
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
700000
|
unkown
|
page readonly
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
630000
|
heap private
|
page read and write
|
|
|
|
152000
|
heap default
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
2962000
|
unkown
|
page readonly
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
20CF000
|
heap private
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
2836000
|
unkown
|
page readonly
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
31F6000
|
unkown
|
page read and write
|
|
|
|
31F6000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
2845000
|
unkown
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
3202000
|
unkown
|
page read and write
|
|
|
|
148000
|
heap default
|
page read and write
|
|
|
|
1DB7000
|
unkown
|
page readonly
|
|
|
|
390000
|
unkown
|
page read and write
|
|
|
|
2882000
|
unkown
|
page readonly
|
|
|
|
2C4C000
|
unkown
|
page read and write
|
|
|
|
27F0000
|
heap private
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
2764000
|
unkown
|
page readonly
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
29A2000
|
unkown
|
page readonly
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
330000
|
heap default
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
2DE000
|
heap default
|
page read and write
|
|
|
|
16E000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
167000
|
heap default
|
page read and write
|
|
|
|
2945000
|
unkown
|
page readonly
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
2AB0000
|
unkown
|
page readonly
|
|
|
|
28B6000
|
unkown
|
page readonly
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
2925000
|
unkown
|
page readonly
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
26A8000
|
unkown
|
page readonly
|
|
|
|
26A2000
|
unkown
|
page readonly
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
290000
|
unkown
|
page read and write
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
20D0000
|
unkown
|
page readonly
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
2C47000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
22EF000
|
unkown
|
page read and write
|
|
|
|
2856000
|
unkown
|
page readonly
|
|
|
|
2892000
|
unkown
|
page readonly
|
|
|
|
436000
|
unkown
|
page read and write
|
|
|
|
F9000
|
heap default
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
7FEF40E8000
|
unkown image
|
page readonly
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
44E000
|
heap default
|
page read and write
|
|
|
|
2050000
|
heap private
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
3C0000
|
unkown
|
page read and write
|
|
|
|
2875000
|
unkown
|
page readonly
|
|
|
|
2DF5000
|
heap private
|
page read and write
|
|
|
|
436000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
296000
|
unkown
|
page read and write
|
|
|
|
1BD0000
|
unkown
|
page readonly
|
|
|
|
2A0000
|
heap default
|
page read and write
|
|
|
|
2886000
|
unkown
|
page readonly
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
31F6000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
2956000
|
unkown
|
page readonly
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
2C60000
|
unkown
|
page readonly
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
2D4B000
|
heap private
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
70000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page readonly
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
276B000
|
unkown
|
page read and write
|
|
|
|
3202000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
3201000
|
unkown
|
page read and write
|
|
|
|
2C47000
|
unkown
|
page read and write
|
|
|
|
120000
|
unkown
|
page readonly
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
2C40000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
B0F000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
5E0000
|
heap private
|
page read and write
|
|
|
|
2C39000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
33D000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
2C51000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
2862000
|
unkown
|
page readonly
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
250000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
380000
|
heap default
|
page read and write
|
|
|
|
1AC0000
|
unkown
|
page readonly
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
2588000
|
unkown
|
page readonly
|
|
|
|
2932000
|
unkown
|
page readonly
|
|
|
|
170000
|
unkown
|
page readonly
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
29F5000
|
unkown
|
page readonly
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page read and write
|
|
|
|
2789000
|
heap private
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
2B10000
|
unkown
|
page readonly
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
2902000
|
unkown
|
page readonly
|
|
|
|
37B000
|
heap default
|
page read and write
|
|
|
|
20A5000
|
heap private
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
29A9000
|
unkown
|
page readonly
|
|
|
|
2B3B000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
28ED000
|
unkown
|
page readonly
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
2160000
|
heap private
|
page read and write
|
|
|
|
2090000
|
heap private
|
page read and write
|
|
|
|
3201000
|
unkown
|
page read and write
|
|
|
|
2802000
|
unkown
|
page readonly
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
247000
|
heap default
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
290000
|
heap private
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
2A02000
|
unkown
|
page readonly
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
14A000
|
heap default
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
31F6000
|
unkown
|
page read and write
|
|
|
|
2926000
|
unkown
|
page readonly
|
|
|
|
2AF2000
|
unkown
|
page readonly
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
208B000
|
heap private
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
2B70000
|
unkown
|
page readonly
|
|
|
|
2806000
|
unkown
|
page readonly
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
15A000
|
unkown
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
30CB000
|
unkown
|
page read and write
|
|
|
|
6F0000
|
unkown
|
page readonly
|
|
|
|
2B4C000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
7FEF4691000
|
unkown image
|
page execute read
|
|
|
|
436000
|
unkown
|
page read and write
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
2962000
|
unkown
|
page readonly
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
3201000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
2DF0000
|
heap private
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
2864000
|
unkown
|
page readonly
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
27E2000
|
unkown
|
page readonly
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
27E2000
|
unkown
|
page readonly
|
|
|
|
3202000
|
unkown
|
page read and write
|
|
|
|
27F5000
|
unkown
|
page readonly
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
2A7000
|
heap default
|
page read and write
|
|
|
|
2BE0000
|
heap private
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
36D000
|
heap default
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2C4B000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
heap default
|
page read and write
|
|
|
|
2C47000
|
unkown
|
page read and write
|
|
|
|
3B3000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
3BE000
|
heap default
|
page read and write
|
|
|
|
2955000
|
unkown
|
page readonly
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
1CE7000
|
unkown
|
page readonly
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2602000
|
unkown
|
page readonly
|
|
|
|
1C6000
|
unkown
|
page read and write
|
|
|
|
24B000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
2909000
|
unkown
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2905000
|
unkown
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
2910000
|
heap private
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
28C2000
|
unkown
|
page readonly
|
|
|
|
7FEF46C0000
|
unkown image
|
page write copy
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
77000
|
heap default
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
27C2000
|
unkown
|
page readonly
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
29D2000
|
unkown
|
page readonly
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
59E000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
357000
|
heap default
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
CE000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
2D15000
|
heap private
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
1EF7000
|
unkown
|
page readonly
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
2969000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
28A2000
|
unkown
|
page readonly
|
|
|
|
210000
|
heap private
|
page read and write
|
|
|
|
2C01000
|
unkown
|
page read and write
|
|
|
|
28E5000
|
unkown
|
page readonly
|
|
|
|
16D000
|
unkown
|
page read and write
|
|
|
|
2869000
|
unkown
|
page readonly
|
|
|
|
2AF0000
|
unkown
|
page readonly
|
|
|
|
2842000
|
unkown
|
page readonly
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
2915000
|
unkown
|
page readonly
|
|
|
|
2C30000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
26A0000
|
unkown
|
page write copy
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
31E2000
|
unkown
|
page read and write
|
|
|
|
2C47000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
31F6000
|
unkown
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
29D9000
|
unkown
|
page readonly
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
2C51000
|
unkown
|
page read and write
|
|
|
|
2C51000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
1F20000
|
unkown
|
page write copy
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
7FEF40E0000
|
unkown image
|
page readonly
|
|
|
|
2355000
|
heap private
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
2E2B000
|
heap private
|
page read and write
|
|
|
|
3AB000
|
heap default
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
2A09000
|
unkown
|
page readonly
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
2165000
|
heap private
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
29C5000
|
unkown
|
page readonly
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
150000
|
heap default
|
page read and write
|
|
|
|
1D47000
|
unkown
|
page readonly
|
|
|
|
360000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
106000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
286D000
|
unkown
|
page readonly
|
|
|
|
436000
|
unkown
|
page read and write
|
|
|
|
27D6000
|
unkown
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2832000
|
unkown
|
page readonly
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
2BF0000
|
unkown
|
page readonly
|
|
|
|
2862000
|
unkown
|
page readonly
|
|
|
|
31DC000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
16F000
|
unkown
|
page read and write
|
|
|
|
280000
|
heap private
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
31EF000
|
unkown
|
page read and write
|
|
|
|
7D0000
|
unkown
|
page readonly
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
3202000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
70000
|
heap default
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2D30000
|
heap private
|
page read and write
|
|
|
|
2702000
|
unkown
|
page readonly
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
7FEF4690000
|
unkown image
|
page readonly
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
23D0000
|
unkown
|
page readonly
|
|
|
|
1FB0000
|
unkown
|
page readonly
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
2130000
|
unkown
|
page readonly
|
|
|
|
1F40000
|
unkown
|
page write copy
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
31C9000
|
unkown
|
page read and write
|
|
|
|
2884000
|
unkown
|
page readonly
|
|
|
|
2744000
|
unkown
|
page readonly
|
|
|
|
426000
|
heap default
|
page read and write
|
|
|
|
3D4000
|
heap private
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
7FEF40E2000
|
unkown image
|
page readonly
|
|
|
|
31D2000
|
unkown
|
page read and write
|
|
|
|
318E000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page read and write
|
|
|
|
43B000
|
unkown
|
page read and write
|
|
|
|
387000
|
heap default
|
page read and write
|
|
|
|
2D90000
|
unkown
|
page readonly
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
15F000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
2160000
|
heap private
|
page read and write
|
|
|
|
3B7000
|
unkown
|
page read and write
|
|
|
|
2BF0000
|
unkown
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
3202000
|
unkown
|
page read and write
|
|
|
|
2C77000
|
unkown
|
page read and write
|
|
|
|
2D10000
|
heap private
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
3A0000
|
unkown
|
page readonly
|
|
|
|
3AF000
|
heap default
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
260000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
D8000
|
unkown
|
page read and write
|
|
|
|
31E1000
|
unkown
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
31E2000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
2742000
|
unkown
|
page readonly
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
428000
|
heap default
|
page read and write
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
3201000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
443000
|
unkown
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
There are 1109 hidden memdumps, click here to show them.