Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Documents_111651917_375818984.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Last Saved By: 5, Name of Creating
Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon May 3 14:24:59 2021,
Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\vegas[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\bsdnbsej.dbw
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\vegas[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 58596 bytes, 1 file
|
dropped
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\2[1].json
|
Non-ISO extended-ASCII text, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\2[1].json
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\fOhFGX570RDgmgTtbgZ5[1]
|
data
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\ECA40000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu
Jun 27 17:12:41 2019, mtime=Mon May 3 22:13:16 2021, atime=Mon May 3 22:13:16 2021, length=8192, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Documents_111651917_375818984.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 06:35:51
2020, mtime=Mon May 3 22:13:16 2021, atime=Mon May 3 22:13:16 2021, length=127488, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
|
Little-endian UTF-16 Unicode text, with CR line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\CDA40000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\06CE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\VPKC7C2S.txt
|
ASCII text
|
downloaded
|
|
|
|
C:\Users\user\Desktop\C6CE0000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32 ..\bsdnbsej.dbw,PluginInit
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\System32\cmd.exe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\bsdnbsej.dbw,PluginInit
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
|
unknown
|
|
|
|
http://www.certplus.com/CRL/class3.crl0
|
unknown
|
|
|
|
http://www.e-me.lv/repository0
|
unknown
|
|
|
|
http://www.acabogacia.org/doc0
|
unknown
|
|
|
|
http://crl.chambersign.org/chambersroot.crl0
|
unknown
|
|
|
|
http://ocsp.suscerte.gob.ve0
|
unknown
|
|
|
|
http://www.postsignum.cz/crl/psrootqca2.crl02
|
unknown
|
|
|
|
http://crl.dhimyotis.com/certignarootca.crl0
|
unknown
|
|
|
|
http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
|
unknown
|
|
|
|
https://18.222.240.99/qOh
|
unknown
|
|
|
|
http://www.chambersign.org1
|
unknown
|
|
|
|
http://www.pkioverheid.nl/policies/root-policy0
|
unknown
|
|
|
|
http://repository.swisssign.com/0
|
unknown
|
|
|
|
http://www.suscerte.gob.ve/lcr0#
|
unknown
|
|
|
|
http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
|
unknown
|
|
|
|
http://crl.ssc.lt/root-c/cacrl.crl0
|
unknown
|
|
|
|
http://postsignum.ttc.cz/crl/psrootqca2.crl0
|
unknown
|
|
|
|
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
|
unknown
|
|
|
|
http://ca.disig.sk/ca/crl/ca_disig.crl0
|
unknown
|
|
|
|
http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
|
unknown
|
|
|
|
http://www.certplus.com/CRL/class3P.crl0
|
unknown
|
|
|
|
http://www.suscerte.gob.ve/dpc0
|
unknown
|
|
|
|
http://www.certeurope.fr/reference/root2.crl0
|
unknown
|
|
|
|
http://www.certplus.com/CRL/class2.crl0
|
unknown
|
|
|
|
http://www.disig.sk/ca/crl/ca_disig.crl0
|
unknown
|
|
|
|
http://eca.hinet.net/repository/Certs/IssuedToThisCA.p7b05
|
unknown
|
|
|
|
http://www.defence.gov.au/pki0
|
unknown
|
|
|
|
http://www.sk.ee/cps/0
|
unknown
|
|
|
|
http://www.globaltrust.info0=
|
unknown
|
|
|
|
http://www.anf.es
|
unknown
|
|
|
|
http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
|
unknown
|
|
|
|
http://pki.registradores.org/normativa/index.htm0
|
unknown
|
|
|
|
http://policy.camerfirma.com0
|
unknown
|
|
|
|
http://www.ssc.lt/cps03
|
unknown
|
|
|
|
http://ocsp.pki.gva.es0
|
unknown
|
|
|
|
http://www.anf.es/es/address-direccion.html
|
unknown
|
|
|
|
https://www.anf.es/address/)1(0&
|
unknown
|
|
|
|
http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
|
unknown
|
|
|
|
https://18.222.240.99/hOg
|
unknown
|
|
|
|
http://ca.mtin.es/mtin/ocsp0
|
unknown
|
|
|
|
http://crl.ssc.lt/root-b/cacrl.crl0
|
unknown
|
|
|
|
http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
|
unknown
|
|
|
|
http://www.certicamara.com/dpc/0Z
|
unknown
|
|
|
|
http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
|
unknown
|
|
|
|
http://crl.pki.wellsfargo.com/wsprca.crl0
|
unknown
|
|
|
|
https://18.222.240.99/update/infoy
|
unknown
|
|
|
|
https://wwww.certigna.fr/autorites/0m
|
unknown
|
|
|
|
http://www.dnie.es/dpc0
|
unknown
|
|
|
|
http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
|
unknown
|
|
|
|
http://ca.mtin.es/mtin/DPCyPoliticas0
|
unknown
|
|
|
|
https://www.anf.es/AC/ANFServerCA.crl0
|
unknown
|
|
|
|
http://www.globaltrust.info0
|
unknown
|
|
|
|
http://certificates.starfieldtech.com/repository/1604
|
unknown
|
|
|
|
http://acedicom.edicomgroup.com/doc0
|
unknown
|
|
|
|
http://www.certplus.com/CRL/class3TS.crl0
|
unknown
|
|
|
|
https://crl.anf.es/AC/ANFServerCA.crl0
|
unknown
|
|
|
|
http://www.certeurope.fr/reference/pc-root2.pdf0
|
unknown
|
|
|
|
http://ac.economia.gob.mx/last.crl0G
|
unknown
|
|
|
|
https://www.catcert.net/verarrel
|
unknown
|
|
|
|
http://www.disig.sk/ca0f
|
unknown
|
|
|
|
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
|
unknown
|
|
|
|
http://www.e-szigno.hu/RootCA.crl
|
unknown
|
|
|
|
http://www.sk.ee/juur/crl/0
|
unknown
|
|
|
|
http://crl.chambersign.org/chambersignroot.crl0
|
unknown
|
|
|
|
http://crl.xrampsecurity.com/XGCA.crl0
|
unknown
|
|
|
|
http://certs.oati.net/repository/OATICA2.crl0
|
unknown
|
|
|
|
http://crl.oces.trust2408.com/oces.crl0
|
unknown
|
|
|
|
http://www.quovadis.bm0
|
unknown
|
|
|
|
https://eca.hinet.net/repository0
|
unknown
|
|
|
|
http://crl.ssc.lt/root-a/cacrl.crl0
|
unknown
|
|
|
|
http://certs.oaticerts.com/repository/OATICA2.crl
|
unknown
|
|
|
|
http://www.trustdst.com/certificates/policy/ACES-index.html0
|
unknown
|
|
|
|
http://certs.oati.net/repository/OATICA2.crt0
|
unknown
|
|
|
|
http://www.accv.es00
|
unknown
|
|
|
|
http://www.pkioverheid.nl/policies/root-policy-G20
|
unknown
|
|
|
|
https://www.netlock.net/docs
|
unknown
|
|
|
|
http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
|
unknown
|
|
|
|
https://18.222.240.99/
|
unknown
|
|
|
|
http://www.e-trust.be/CPS/QNcerts
|
unknown
|
|
|
|
http://ocsp.ncdc.gov.sa0
|
unknown
|
|
|
|
http://html4/loose.dtd
|
unknown
|
|
|
|
http://fedir.comsign.co.il/crl/ComSignCA.crl0
|
unknown
|
|
|
|
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
|
unknown
|
|
|
|
http://web.ncdc.gov.sa/crl/nrcaparta1.crl
|
unknown
|
|
|
|
http://www.datev.de/zertifikat-policy-int0
|
unknown
|
|
|
|
http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
|
unknown
|
|
|
|
https://repository.luxtrust.lu0
|
unknown
|
|
|
|
http://cps.chambersign.org/cps/chambersroot.html0
|
unknown
|
|
|
|
http://www.acabogacia.org0
|
unknown
|
|
|
|
http://ocsp.eca.hinet.net/OCSP/ocspG2sha20
|
unknown
|
|
|
|
http://www.firmaprofesional.com/cps0
|
unknown
|
|
|
|
http://www.uce.gub.uy/acrn/acrn.crl0
|
unknown
|
|
|
|
http://.css
|
unknown
|
|
|
|
http://crl.securetrust.com/SGCA.crl0
|
unknown
|
|
|
|
http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
|
unknown
|
|
|
|
https://18.222.240.99/versal
|
unknown
|
|
|
|
http://www.agesic.gub.uy/acrn/acrn.crl0)
|
unknown
|
|
|
|
https://18.222.240.99/gO~
|
unknown
|
|
|
|
http://crl.securetrust.com/STCA.crl0
|
unknown
|
|
|
|
http://www.rcsc.lt/repository0
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
There are 98 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
otusmail.com
|
104.21.64.132
|
|
|
|
cdn.digicertcdn.com
|
104.18.10.39
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
18.222.240.99
|
unknown
|
United States
|
|
|
|
104.21.64.132
|
otusmail.com
|
United States
|
|
|
|
54.163.9.216
|
unknown
|
United States
|
|
|
|
172.67.151.10
|
otusmail.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
d.1
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
e.1
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
4A238
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
MSForms
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
MSComctlLib
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
1
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
UpdateComplete
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
4AA95
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
4AB7F
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
4AC3B
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
4AD35
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
4AE10
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
)c1
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
FileFormatBallotBoxAppIDBootedOnce
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingConfigurableSettings
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastSyncTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastWriteTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
CacheReady
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastRequest
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
CacheReady
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastUpdate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
NextUpdate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
r37
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EBE5F
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
FontCachePath
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC4B6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC533
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC5BF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC69A
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC716
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
2?7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
FDBBF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
FDD26
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
There are 157 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF5B8497000
|
unkown
|
page readonly
|
|
|
|
22329E30000
|
heap private
|
page read and write
|
|
|
|
94788FF000
|
unkown
|
page read and write
|
|
|
|
67330000
|
unkown image
|
page readonly
|
|
|
|
7FF5E527E000
|
unkown
|
page readonly
|
|
|
|
7FF5B87C7000
|
unkown
|
page readonly
|
|
|
|
D30000
|
unkown
|
page readonly
|
|
|
|
245AADE0000
|
unkown
|
page readonly
|
|
|
|
2CCD000
|
unkown
|
page readonly
|
|
|
|
24BDBFA000
|
unkown
|
page read and write
|
|
|
|
3107000
|
unkown
|
page read and write
|
|
|
|
24BD5FC000
|
unkown
|
page read and write
|
|
|
|
4FC9000
|
unkown
|
page read and write
|
|
|
|
2BB7000
|
unkown
|
page readonly
|
|
|
|
5A0000
|
heap default
|
page read and write
|
|
|
|
24BDEFE000
|
unkown
|
page read and write
|
|
|
|
1BC000
|
unkown
|
page read and write
|
|
|
|
7FF535250000
|
unkown
|
page readonly
|
|
|
|
4C0F000
|
unkown
|
page read and write
|
|
|
|
2BE6000
|
unkown
|
page readonly
|
|
|
|
5171000
|
unkown
|
page read and write
|
|
|
|
2C31000
|
unkown
|
page readonly
|
|
|
|
5B4A000
|
unkown
|
page readonly
|
|
|
|
2FF3000
|
unkown
|
page readonly
|
|
|
|
19573A50000
|
heap default
|
page read and write
|
|
|
|
2F23000
|
unkown
|
page readonly
|
|
|
|
2BBD000
|
unkown
|
page readonly
|
|
|
|
2A63000
|
unkown
|
page readonly
|
|
|
|
5C5000
|
unkown
|
page read and write
|
|
|
|
245AADD5000
|
heap private
|
page read and write
|
|
|
|
19578FB0000
|
unkown
|
page read and write
|
|
|
|
2A58000
|
unkown
|
page readonly
|
|
|
|
7FF5352A4000
|
unkown
|
page readonly
|
|
|
|
6A0000
|
unkown
|
page readonly
|
|
|
|
4A2E000
|
unkown
|
page read and write
|
|
|
|
4C10000
|
unkown
|
page readonly
|
|
|
|
5C5000
|
unkown
|
page read and write
|
|
|
|
639000
|
heap default
|
page read and write
|
|
|
|
2BCA000
|
unkown
|
page readonly
|
|
|
|
19579210000
|
unkown
|
page read and write
|
|
|
|
19573B30000
|
unkown
|
page readonly
|
|
|
|
2BEB000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
heap default
|
page read and write
|
|
|
|
2B4F000
|
unkown
|
page readonly
|
|
|
|
480000
|
unkown
|
page readonly
|
|
|
|
5170000
|
unkown
|
page read and write
|
|
|
|
7FF5352BE000
|
unkown
|
page readonly
|
|
|
|
D90000
|
unkown
|
page readonly
|
|
|
|
117E000
|
unkown
|
page read and write
|
|
|
|
2EDF000
|
unkown
|
page readonly
|
|
|
|
2BB5000
|
unkown
|
page readonly
|
|
|
|
845787E000
|
unkown
|
page read and write
|
|
|
|
4FBA000
|
unkown
|
page read and write
|
|
|
|
30AA000
|
unkown
|
page read and write
|
|
|
|
58F000
|
unkown
|
page read and write
|
|
|
|
2B7D000
|
unkown
|
page readonly
|
|
|
|
7FF57A8F2000
|
unkown
|
page readonly
|
|
|
|
2A69000
|
unkown
|
page readonly
|
|
|
|
22329E35000
|
heap private
|
page read and write
|
|
|
|
2E0F000
|
unkown
|
page readonly
|
|
|
|
310A000
|
unkown
|
page read and write
|
|
|
|
2BBF000
|
unkown
|
page readonly
|
|
|
|
310A000
|
unkown
|
page read and write
|
|
|
|
EB0000
|
unkown
|
page readonly
|
|
|
|
195790D4000
|
unkown
|
page read and write
|
|
|
|
2C63000
|
unkown
|
page readonly
|
|
|
|
2CC3000
|
unkown
|
page readonly
|
|
|
|
10B0000
|
unkown
|
page readonly
|
|
|
|
6BDE000
|
unkown
|
page read and write
|
|
|
|
7FF57A969000
|
unkown
|
page readonly
|
|
|
|
5FF4000
|
unkown
|
page readonly
|
|
|
|
674B9000
|
unkown image
|
page readonly
|
|
|
|
3105000
|
unkown
|
page read and write
|
|
|
|
7FF5E5258000
|
unkown
|
page readonly
|
|
|
|
2F60000
|
unkown
|
page read and write
|
|
|
|
42B0000
|
unkown
|
page read and write
|
|
|
|
19579190000
|
unkown
|
page read and write
|
|
|
|
6D30000
|
unkown
|
page read and write
|
|
|
|
7FF5352CD000
|
unkown
|
page readonly
|
|
|
|
67345000
|
unkown image
|
page readonly
|
|
|
|
C00000
|
heap private
|
page read and write
|
|
|
|
19574C00000
|
unkown
|
page readonly
|
|
|
|
EA0000
|
heap private
|
page read and write
|
|
|
|
7FF5352AF000
|
unkown
|
page readonly
|
|
|
|
23AAD8E0000
|
unkown
|
page readonly
|
|
|
|
460000
|
unkown
|
page read and write
|
|
|
|
22329C59000
|
unkown
|
page read and write
|
|
|
|
24BDFFF000
|
unkown
|
page read and write
|
|
|
|
19573C6E000
|
unkown
|
page read and write
|
|
|
|
6D1F000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page readonly
|
|
|
|
308A000
|
heap default
|
page read and write
|
|
|
|
7FF5B87AE000
|
unkown
|
page readonly
|
|
|
|
7FF5B8826000
|
unkown
|
page readonly
|
|
|
|
7FF5B879C000
|
unkown
|
page readonly
|
|
|
|
22329C58000
|
unkown
|
page read and write
|
|
|
|
5021000
|
unkown
|
page read and write
|
|
|
|
19579210000
|
unkown
|
page readonly
|
|
|
|
8BD000
|
unkown
|
page read and write
|
|
|
|
2F2B000
|
unkown
|
page readonly
|
|
|
|
30F8000
|
unkown
|
page read and write
|
|
|
|
7FF5B87B0000
|
unkown
|
page readonly
|
|
|
|
947000
|
unkown
|
page read and write
|
|
|
|
2F20000
|
unkown
|
page execute and read and write
|
|
|
|
4A40000
|
heap private
|
page read and write
|
|
|
|
960000
|
unkown
|
page readonly
|
|
|
|
7FF57A9D4000
|
unkown
|
page readonly
|
|
|
|
7FF5B8804000
|
unkown
|
page readonly
|
|
|
|
512E000
|
unkown
|
page read and write
|
|
|
|
19573B50000
|
unkown
|
page read and write
|
|
|
|
67343000
|
unkown image
|
page read and write
|
|
|
|
7FF5B8049000
|
unkown
|
page readonly
|
|
|
|
19573CAC000
|
unkown
|
page read and write
|
|
|
|
7FF5B83C5000
|
unkown
|
page readonly
|
|
|
|
E50000
|
unkown
|
page readonly
|
|
|
|
E70000
|
unkown
|
page read and write
|
|
|
|
7FF5B852F000
|
unkown
|
page readonly
|
|
|
|
7FF5E5304000
|
unkown
|
page readonly
|
|
|
|
195794BD000
|
unkown
|
page read and write
|
|
|
|
2A7F000
|
unkown
|
page readonly
|
|
|
|
67331000
|
unkown image
|
page execute read
|
|
|
|
2B9B000
|
unkown
|
page readonly
|
|
|
|
3035000
|
unkown
|
page read and write
|
|
|
|
8457AFF000
|
unkown
|
page read and write
|
|
|
|
4B8F000
|
unkown
|
page read and write
|
|
|
|
22329D30000
|
unkown
|
page read and write
|
|
|
|
6F9000
|
unkown
|
page read and write
|
|
|
|
1957940C000
|
unkown
|
page read and write
|
|
|
|
1957949C000
|
unkown
|
page read and write
|
|
|
|
7FF5B88A2000
|
unkown
|
page readonly
|
|
|
|
51A4000
|
unkown
|
page read and write
|
|
|
|
7FF5E528E000
|
unkown
|
page readonly
|
|
|
|
2B59000
|
unkown
|
page readonly
|
|
|
|
23AAD6FC000
|
heap default
|
page read and write
|
|
|
|
2F1C000
|
unkown
|
page readonly
|
|
|
|
245AABD0000
|
unkown
|
page read and write
|
|
|
|
7D0000
|
unkown
|
page readonly
|
|
|
|
B70000
|
unkown
|
page execute and read and write
|
|
|
|
7FF5B8601000
|
unkown
|
page readonly
|
|
|
|
7FF5E5222000
|
unkown
|
page readonly
|
|
|
|
19574C40000
|
unkown
|
page readonly
|
|
|
|
19579453000
|
unkown
|
page read and write
|
|
|
|
7FF5B87B5000
|
unkown
|
page readonly
|
|
|
|
2F4F000
|
unkown
|
page readonly
|
|
|
|
5021000
|
unkown
|
page read and write
|
|
|
|
2FC5000
|
unkown
|
page readonly
|
|
|
|
19574518000
|
unkown
|
page read and write
|
|
|
|
4FC8000
|
unkown
|
page read and write
|
|
|
|
24BE1FF000
|
unkown
|
page read and write
|
|
|
|
7FF5B8588000
|
unkown
|
page readonly
|
|
|
|
2BC3000
|
unkown
|
page readonly
|
|
|
|
19574C20000
|
unkown
|
page readonly
|
|
|
|
28E6000
|
unkown
|
page readonly
|
|
|
|
2B63000
|
unkown
|
page readonly
|
|
|
|
84578FF000
|
unkown
|
page read and write
|
|
|
|
2BEB000
|
unkown
|
page readonly
|
|
|
|
310A000
|
unkown
|
page read and write
|
|
|
|
35C000
|
unkown
|
page read and write
|
|
|
|
2BA0000
|
unkown
|
page readonly
|
|
|
|
7FF5B878F000
|
unkown
|
page readonly
|
|
|
|
7FF5B8489000
|
unkown
|
page readonly
|
|
|
|
3107000
|
unkown
|
page read and write
|
|
|
|
7FF5E5225000
|
unkown
|
page readonly
|
|
|
|
4FC6000
|
unkown
|
page readonly
|
|
|
|
67320000
|
unkown image
|
page readonly
|
|
|
|
19579270000
|
unkown
|
page readonly
|
|
|
|
67358000
|
unkown image
|
page execute read
|
|
|
|
300C000
|
unkown
|
page read and write
|
|
|
|
2873000
|
unkown
|
page readonly
|
|
|
|
7FF5B876F000
|
unkown
|
page readonly
|
|
|
|
22329C58000
|
unkown
|
page read and write
|
|
|
|
7FF5B8312000
|
unkown
|
page readonly
|
|
|
|
22329C4A000
|
unkown
|
page read and write
|
|
|
|
30BE000
|
unkown
|
page read and write
|
|
|
|
48B0000
|
unkown
|
page readonly
|
|
|
|
67353000
|
unkown image
|
page read and write
|
|
|
|
19574500000
|
unkown
|
page read and write
|
|
|
|
7FF5B859B000
|
unkown
|
page readonly
|
|
|
|
2CC5000
|
unkown
|
page readonly
|
|
|
|
7FF535255000
|
unkown
|
page readonly
|
|
|
|
2A90000
|
unkown
|
page readonly
|
|
|
|
2C44000
|
unkown
|
page readonly
|
|
|
|
7FF5B87F8000
|
unkown
|
page readonly
|
|
|
|
49AD000
|
unkown
|
page read and write
|
|
|
|
19574402000
|
unkown
|
page read and write
|
|
|
|
2FDC000
|
unkown
|
page readonly
|
|
|
|
22329C5B000
|
unkown
|
page read and write
|
|
|
|
19574C30000
|
unkown
|
page readonly
|
|
|
|
23AAD640000
|
unkown
|
page read and write
|
|
|
|
19573D02000
|
unkown
|
page read and write
|
|
|
|
195794DD000
|
unkown
|
page read and write
|
|
|
|
6734C000
|
unkown image
|
page readonly
|
|
|
|
2F60000
|
unkown
|
page read and write
|
|
|
|
19574C50000
|
unkown
|
page readonly
|
|
|
|
19579184000
|
unkown
|
page read and write
|
|
|
|
30F8000
|
unkown
|
page read and write
|
|
|
|
2C44000
|
unkown
|
page readonly
|
|
|
|
3010000
|
heap default
|
page read and write
|
|
|
|
19579210000
|
unkown
|
page read and write
|
|
|
|
4A0000
|
unkown
|
page readonly
|
|
|
|
933000
|
unkown
|
page read and write
|
|
|
|
2BBF000
|
unkown
|
page readonly
|
|
|
|
6A9B000
|
unkown
|
page read and write
|
|
|
|
24BE0FF000
|
unkown
|
page read and write
|
|
|
|
2F80000
|
heap private
|
page read and write
|
|
|
|
5711000
|
unkown
|
page readonly
|
|
|
|
7FF5B879A000
|
unkown
|
page readonly
|
|
|
|
7FF5B877B000
|
unkown
|
page readonly
|
|
|
|
2F7B000
|
unkown
|
page readonly
|
|
|
|
23AAD680000
|
unkown
|
page readonly
|
|
|
|
2DF3000
|
unkown
|
page readonly
|
|
|
|
3083000
|
heap default
|
page read and write
|
|
|
|
19574513000
|
unkown
|
page read and write
|
|
|
|
6BE0000
|
unkown
|
page read and write
|
|
|
|
7FF5351D1000
|
unkown
|
page readonly
|
|
|
|
6BE0000
|
unkown
|
page read and write
|
|
|
|
4C0000
|
unkown
|
page execute and read and write
|
|
|
|
19573D13000
|
unkown
|
page read and write
|
|
|
|
22329C20000
|
unkown
|
page readonly
|
|
|
|
860000
|
heap default
|
page read and write
|
|
|
|
7FF535341000
|
unkown
|
page readonly
|
|
|
|
22329B30000
|
unkown
|
page readonly
|
|
|
|
30AA000
|
unkown
|
page read and write
|
|
|
|
19574BF0000
|
unkown
|
page readonly
|
|
|
|
19579200000
|
unkown
|
page read and write
|
|
|
|
2B5D000
|
unkown
|
page readonly
|
|
|
|
195790B8000
|
unkown
|
page read and write
|
|
|
|
4F70000
|
unkown
|
page read and write
|
|
|
|
30E1000
|
unkown
|
page read and write
|
|
|
|
6842C7E000
|
unkown
|
page read and write
|
|
|
|
7FF5B881E000
|
unkown
|
page readonly
|
|
|
|
94787FE000
|
unkown
|
page read and write
|
|
|
|
4C30000
|
unkown
|
page readonly
|
|
|
|
55F000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page readonly
|
|
|
|
9FC000
|
unkown
|
page read and write
|
|
|
|
7FF5B8784000
|
unkown
|
page readonly
|
|
|
|
2A7F000
|
unkown
|
page readonly
|
|
|
|
4A30000
|
unkown
|
page readonly
|
|
|
|
7FF57A93A000
|
unkown
|
page readonly
|
|
|
|
937000
|
heap default
|
page read and write
|
|
|
|
7FF5B87DF000
|
unkown
|
page readonly
|
|
|
|
7FF5E522B000
|
unkown
|
page readonly
|
|
|
|
2BA9000
|
unkown
|
page readonly
|
|
|
|
19574601000
|
unkown
|
page read and write
|
|
|
|
195791A8000
|
unkown
|
page read and write
|
|
|
|
7FF53529A000
|
unkown
|
page readonly
|
|
|
|
490000
|
unkown
|
page readonly
|
|
|
|
7FF5B87AA000
|
unkown
|
page readonly
|
|
|
|
5AA000
|
heap default
|
page read and write
|
|
|
|
E60000
|
unkown
|
page execute and read and write
|
|
|
|
4F71000
|
unkown
|
page read and write
|
|
|
|
19574A30000
|
unkown
|
page read and write
|
|
|
|
58B000
|
unkown
|
page read and write
|
|
|
|
2FE2000
|
unkown
|
page readonly
|
|
|
|
4FA1000
|
unkown
|
page read and write
|
|
|
|
30BE000
|
unkown
|
page read and write
|
|
|
|
674A8000
|
unkown image
|
page read and write
|
|
|
|
7FF5B8750000
|
unkown
|
page readonly
|
|
|
|
7FF5B87BB000
|
unkown
|
page readonly
|
|
|
|
30E2000
|
unkown
|
page read and write
|
|
|
|
7FF5B8773000
|
unkown
|
page readonly
|
|
|
|
19573C73000
|
unkown
|
page read and write
|
|
|
|
639000
|
unkown
|
page read and write
|
|
|
|
900000
|
unkown
|
page execute and read and write
|
|
|
|
7FF5B8818000
|
unkown
|
page readonly
|
|
|
|
4B0000
|
unkown
|
page readonly
|
|
|
|
24BDCFE000
|
unkown
|
page read and write
|
|
|
|
7FF5B88A1000
|
unkown
|
page readonly
|
|
|
|
67330000
|
unkown image
|
page readonly
|
|
|
|
7FF5B8763000
|
unkown
|
page readonly
|
|
|
|
19573C91000
|
unkown
|
page read and write
|
|
|
|
2F72000
|
unkown
|
page readonly
|
|
|
|
2F60000
|
unkown
|
page read and write
|
|
|
|
7FF5B880F000
|
unkown
|
page readonly
|
|
|
|
2C58000
|
unkown
|
page readonly
|
|
|
|
2F76000
|
unkown
|
page readonly
|
|
|
|
7FF5B8056000
|
unkown
|
page readonly
|
|
|
|
2C0E000
|
unkown
|
page readonly
|
|
|
|
7FF57A8FB000
|
unkown
|
page readonly
|
|
|
|
2C63000
|
unkown
|
page readonly
|
|
|
|
35D000
|
unkown
|
page read and write
|
|
|
|
4C20000
|
heap private
|
page read and write
|
|
|
|
7FF5B849A000
|
unkown
|
page readonly
|
|
|
|
2BB5000
|
unkown
|
page readonly
|
|
|
|
7FF5352C9000
|
unkown
|
page readonly
|
|
|
|
6842BFE000
|
unkown
|
page read and write
|
|
|
|
67355000
|
unkown image
|
page readonly
|
|
|
|
7FF5B8406000
|
unkown
|
page readonly
|
|
|
|
195790E0000
|
unkown
|
page read and write
|
|
|
|
7FF5B871C000
|
unkown
|
page readonly
|
|
|
|
7FF5B85F1000
|
unkown
|
page readonly
|
|
|
|
195790BE000
|
unkown
|
page read and write
|
|
|
|
7FF5B858F000
|
unkown
|
page readonly
|
|
|
|
2A79000
|
unkown
|
page readonly
|
|
|
|
673AE000
|
unkown image
|
page read and write
|
|
|
|
2B8C000
|
unkown
|
page readonly
|
|
|
|
19573C29000
|
unkown
|
page read and write
|
|
|
|
19574C10000
|
unkown
|
page readonly
|
|
|
|
245AADD0000
|
heap private
|
page read and write
|
|
|
|
59EB000
|
unkown
|
page readonly
|
|
|
|
30E9000
|
unkown
|
page read and write
|
|
|
|
2DE8000
|
unkown
|
page readonly
|
|
|
|
7FF57A8F5000
|
unkown
|
page readonly
|
|
|
|
7FF5E5220000
|
unkown
|
page readonly
|
|
|
|
19574415000
|
unkown
|
page read and write
|
|
|
|
19578FA0000
|
unkown
|
page read and write
|
|
|
|
195791C0000
|
unkown
|
page read and write
|
|
|
|
4F71000
|
unkown
|
page read and write
|
|
|
|
2B6A000
|
unkown
|
page readonly
|
|
|
|
900000
|
unkown
|
page read and write
|
|
|
|
2BE2000
|
unkown
|
page readonly
|
|
|
|
5040000
|
unkown
|
page readonly
|
|
|
|
19574A00000
|
unkown
|
page readonly
|
|
|
|
301A000
|
heap default
|
page read and write
|
|
|
|
19573BE0000
|
unkown
|
page read and write
|
|
|
|
4FA2000
|
unkown
|
page read and write
|
|
|
|
6560000
|
unkown
|
page readonly
|
|
|
|
7FF5E5264000
|
unkown
|
page readonly
|
|
|
|
2F5A000
|
unkown
|
page readonly
|
|
|
|
7FF5B8829000
|
unkown
|
page readonly
|
|
|
|
2C52000
|
unkown
|
page readonly
|
|
|
|
19574900000
|
unkown
|
page read and write
|
|
|
|
7FF53533A000
|
unkown
|
page readonly
|
|
|
|
2883000
|
unkown
|
page readonly
|
|
|
|
19573C13000
|
unkown
|
page read and write
|
|
|
|
6BE0000
|
unkown
|
page read and write
|
|
|
|
19579250000
|
unkown
|
page readonly
|
|
|
|
2C39000
|
unkown
|
page readonly
|
|
|
|
2C4C000
|
unkown
|
page readonly
|
|
|
|
4FB6000
|
unkown
|
page read and write
|
|
|
|
2F53000
|
unkown
|
page readonly
|
|
|
|
22329C45000
|
unkown
|
page read and write
|
|
|
|
2B48000
|
unkown
|
page readonly
|
|
|
|
7FF57A8F0000
|
unkown
|
page readonly
|
|
|
|
195790F0000
|
unkown
|
page read and write
|
|
|
|
5C4000
|
unkown
|
page read and write
|
|
|
|
2BCA000
|
unkown
|
page readonly
|
|
|
|
19573BC1000
|
unkown
|
page read and write
|
|
|
|
195790B0000
|
unkown
|
page read and write
|
|
|
|
E30000
|
unkown
|
page readonly
|
|
|
|
B6F000
|
unkown
|
page read and write
|
|
|
|
19579320000
|
unkown
|
page readonly
|
|
|
|
195743C0000
|
unkown
|
page read and write
|
|
|
|
19573C75000
|
unkown
|
page read and write
|
|
|
|
51BB000
|
unkown
|
page read and write
|
|
|
|
7FF5B877F000
|
unkown
|
page readonly
|
|
|
|
11D0000
|
unkown
|
page execute and read and write
|
|
|
|
2C31000
|
unkown
|
page readonly
|
|
|
|
33C0000
|
unkown
|
page readonly
|
|
|
|
3107000
|
unkown
|
page read and write
|
|
|
|
2F5F000
|
unkown
|
page readonly
|
|
|
|
19573CFC000
|
unkown
|
page read and write
|
|
|
|
7FF57A958000
|
unkown
|
page readonly
|
|
|
|
84579FF000
|
unkown
|
page read and write
|
|
|
|
2FCD000
|
unkown
|
page read and write
|
|
|
|
4FA4000
|
unkown
|
page read and write
|
|
|
|
6370000
|
unkown
|
page readonly
|
|
|
|
2B85000
|
unkown
|
page readonly
|
|
|
|
DA0000
|
unkown
|
page readonly
|
|
|
|
2F4D000
|
unkown
|
page readonly
|
|
|
|
6373000
|
unkown
|
page readonly
|
|
|
|
7FF5352B8000
|
unkown
|
page readonly
|
|
|
|
D70000
|
unkown
|
page read and write
|
|
|
|
4EB0000
|
unkown
|
page readonly
|
|
|
|
195791E0000
|
unkown
|
page read and write
|
|
|
|
2C35000
|
unkown
|
page readonly
|
|
|
|
7FF5B865A000
|
unkown
|
page readonly
|
|
|
|
67320000
|
unkown image
|
page readonly
|
|
|
|
7FF5B86FD000
|
unkown
|
page readonly
|
|
|
|
2BE6000
|
unkown
|
page readonly
|
|
|
|
19573C53000
|
unkown
|
page read and write
|
|
|
|
930000
|
unkown
|
page readonly
|
|
|
|
7FF5E5274000
|
unkown
|
page readonly
|
|
|
|
7FF5B85A1000
|
unkown
|
page readonly
|
|
|
|
B29000
|
unkown
|
page read and write
|
|
|
|
7FF5B85E4000
|
unkown
|
page readonly
|
|
|
|
195790B1000
|
unkown
|
page read and write
|
|
|
|
19573CA3000
|
unkown
|
page read and write
|
|
|
|
2BA0000
|
unkown
|
page readonly
|
|
|
|
51E0000
|
unkown
|
page readonly
|
|
|
|
5022000
|
unkown
|
page read and write
|
|
|
|
94783FC000
|
unkown
|
page read and write
|
|
|
|
4FA4000
|
unkown
|
page read and write
|
|
|
|
7FF57A94E000
|
unkown
|
page readonly
|
|
|
|
2FD4000
|
unkown
|
page readonly
|
|
|
|
673AF000
|
unkown image
|
page execute and read and write
|
|
|
|
195739F0000
|
heap private
|
page read and write
|
|
|
|
7FF5B86F6000
|
unkown
|
page readonly
|
|
|
|
308A000
|
unkown
|
page read and write
|
|
|
|
195743D0000
|
unkown
|
page read and write
|
|
|
|
19574502000
|
unkown
|
page read and write
|
|
|
|
674B8000
|
unkown image
|
page read and write
|
|
|
|
7FF5B889A000
|
unkown
|
page readonly
|
|
|
|
845759C000
|
unkown
|
page read and write
|
|
|
|
E35000
|
heap default
|
page read and write
|
|
|
|
7FF5B85AD000
|
unkown
|
page readonly
|
|
|
|
4FFD000
|
unkown
|
page read and write
|
|
|
|
2B93000
|
unkown
|
page readonly
|
|
|
|
7FF5B87DC000
|
unkown
|
page readonly
|
|
|
|
19573A60000
|
unkown
|
page readonly
|
|
|
|
23AAD570000
|
unkown
|
page readonly
|
|
|
|
2F47000
|
unkown
|
page readonly
|
|
|
|
7C5000
|
heap default
|
page read and write
|
|
|
|
23AAD8D5000
|
heap private
|
page read and write
|
|
|
|
E30000
|
heap default
|
page read and write
|
|
|
|
51E000
|
unkown
|
page read and write
|
|
|
|
24BDDFB000
|
unkown
|
page read and write
|
|
|
|
517F000
|
unkown
|
page read and write
|
|
|
|
E40000
|
unkown
|
page readonly
|
|
|
|
245AAC10000
|
unkown
|
page readonly
|
|
|
|
1FB000
|
unkown
|
page read and write
|
|
|
|
850000
|
unkown
|
page readonly
|
|
|
|
195791F0000
|
unkown
|
page read and write
|
|
|
|
7FF5E5312000
|
unkown
|
page readonly
|
|
|
|
245AAAD8000
|
heap default
|
page read and write
|
|
|
|
19573BE3000
|
unkown
|
page read and write
|
|
|
|
30E2000
|
unkown
|
page read and write
|
|
|
|
2A90000
|
unkown
|
page readonly
|
|
|
|
2BA9000
|
unkown
|
page readonly
|
|
|
|
11C0000
|
unkown
|
page readonly
|
|
|
|
2BC3000
|
unkown
|
page readonly
|
|
|
|
19573C8C000
|
unkown
|
page read and write
|
|
|
|
1957947E000
|
unkown
|
page read and write
|
|
|
|
245AAAD0000
|
heap default
|
page read and write
|
|
|
|
3107000
|
unkown
|
page read and write
|
|
|
|
358000
|
unkown
|
page read and write
|
|
|
|
24BDF7F000
|
unkown
|
page read and write
|
|
|
|
7FF5B87F4000
|
unkown
|
page readonly
|
|
|
|
7FF5B87E7000
|
unkown
|
page readonly
|
|
|
|
7FF5B8642000
|
unkown
|
page readonly
|
|
|
|
B2D000
|
unkown
|
page read and write
|
|
|
|
8BD000
|
heap default
|
page read and write
|
|
|
|
19579481000
|
unkown
|
page read and write
|
|
|
|
19579200000
|
unkown
|
page read and write
|
|
|
|
195794EE000
|
unkown
|
page read and write
|
|
|
|
24BDAFA000
|
unkown
|
page read and write
|
|
|
|
6739E000
|
unkown image
|
page read and write
|
|
|
|
22329E40000
|
unkown
|
page readonly
|
|
|
|
22329AD0000
|
unkown
|
page readonly
|
|
|
|
19579260000
|
unkown
|
page readonly
|
|
|
|
19573C78000
|
unkown
|
page read and write
|
|
|
|
2B93000
|
unkown
|
page readonly
|
|
|
|
195791D0000
|
unkown
|
page read and write
|
|
|
|
7FF57A934000
|
unkown
|
page readonly
|
|
|
|
947877F000
|
unkown
|
page read and write
|
|
|
|
7FF5B865F000
|
unkown
|
page readonly
|
|
|
|
19579460000
|
unkown
|
page read and write
|
|
|
|
89B000
|
unkown
|
page read and write
|
|
|
|
19579180000
|
unkown
|
page readonly
|
|
|
|
2FC1000
|
unkown
|
page readonly
|
|
|
|
4FB6000
|
unkown
|
page read and write
|
|
|
|
4FA4000
|
unkown
|
page read and write
|
|
|
|
2C63000
|
unkown
|
page readonly
|
|
|
|
2F30000
|
unkown
|
page readonly
|
|
|
|
6842B7F000
|
unkown
|
page read and write
|
|
|
|
7FF5B80B1000
|
unkown
|
page readonly
|
|
|
|
3035000
|
unkown
|
page read and write
|
|
|
|
7FF5B855A000
|
unkown
|
page readonly
|
|
|
|
7FF535294000
|
unkown
|
page readonly
|
|
|
|
19573C9C000
|
unkown
|
page read and write
|
|
|
|
23AAD510000
|
unkown
|
page readonly
|
|
|
|
2BE2000
|
unkown
|
page readonly
|
|
|
|
7FF53527C000
|
unkown
|
page readonly
|
|
|
|
19573BF0000
|
unkown
|
page read and write
|
|
|
|
7FF5E529D000
|
unkown
|
page readonly
|
|
|
|
7FF5B85E6000
|
unkown
|
page readonly
|
|
|
|
245AABF0000
|
unkown
|
page read and write
|
|
|
|
19579400000
|
unkown
|
page read and write
|
|
|
|
24BE17E000
|
unkown
|
page read and write
|
|
|
|
6FB000
|
unkown
|
page read and write
|
|
|
|
7FF5B85AF000
|
unkown
|
page readonly
|
|
|
|
195790E0000
|
unkown
|
page read and write
|
|
|
|
2F60000
|
unkown
|
page read and write
|
|
|
|
4FB6000
|
unkown
|
page read and write
|
|
|
|
2C35000
|
unkown
|
page readonly
|
|
|
|
3110000
|
unkown
|
page readonly
|
|
|
|
2F1F000
|
unkown
|
page read and write
|
|
|
|
7FF57A944000
|
unkown
|
page readonly
|
|
|
|
59E000
|
unkown
|
page read and write
|
|
|
|
7FF57A95E000
|
unkown
|
page readonly
|
|
|
|
19579210000
|
unkown
|
page read and write
|
|
|
|
4ACE000
|
unkown
|
page read and write
|
|
|
|
7FF535252000
|
unkown
|
page readonly
|
|
|
|
2BCF000
|
unkown
|
page readonly
|
|
|
|
245AA9F0000
|
unkown
|
page readonly
|
|
|
|
7FF5E524C000
|
unkown
|
page readonly
|
|
|
|
19573B60000
|
unkown
|
page read and write
|
|
|
|
4FA4000
|
unkown
|
page read and write
|
|
|
|
30E5000
|
unkown
|
page read and write
|
|
|
|
19579180000
|
unkown
|
page read and write
|
|
|
|
62F1000
|
unkown
|
page readonly
|
|
|
|
195790B0000
|
unkown
|
page read and write
|
|
|
|
19574190000
|
unkown
|
page readonly
|
|
|
|
1957943C000
|
unkown
|
page read and write
|
|
|
|
5B66000
|
unkown
|
page readonly
|
|
|
|
7FF5E5299000
|
unkown
|
page readonly
|
|
|
|
2B59000
|
unkown
|
page readonly
|
|
|
|
868000
|
heap default
|
page read and write
|
|
|
|
2B8C000
|
unkown
|
page readonly
|
|
|
|
6012000
|
unkown
|
page readonly
|
|
|
|
23AAD6D0000
|
heap default
|
page read and write
|
|
|
|
7FF5B873C000
|
unkown
|
page readonly
|
|
|
|
19573C3D000
|
unkown
|
page read and write
|
|
|
|
2C4C000
|
unkown
|
page readonly
|
|
|
|
2EDE000
|
unkown
|
page read and write
|
|
|
|
23AAD660000
|
unkown
|
page read and write
|
|
|
|
19579449000
|
unkown
|
page read and write
|
|
|
|
245AAFE0000
|
unkown
|
page readonly
|
|
|
|
2F30000
|
unkown
|
page readonly
|
|
|
|
7FF5B80D0000
|
unkown
|
page readonly
|
|
|
|
28A9000
|
unkown
|
page readonly
|
|
|
|
6D20000
|
unkown
|
page readonly
|
|
|
|
DD0000
|
unkown
|
page read and write
|
|
|
|
19574400000
|
unkown
|
page read and write
|
|
|
|
2B7D000
|
unkown
|
page readonly
|
|
|
|
2B5D000
|
unkown
|
page readonly
|
|
|
|
19573E00000
|
unkown
|
page readonly
|
|
|
|
2C13000
|
unkown
|
page readonly
|
|
|
|
944000
|
heap default
|
page read and write
|
|
|
|
310A000
|
unkown
|
page read and write
|
|
|
|
11BE000
|
unkown
|
page read and write
|
|
|
|
3036000
|
unkown
|
page read and write
|
|
|
|
2B9B000
|
unkown
|
page readonly
|
|
|
|
6733C000
|
unkown image
|
page readonly
|
|
|
|
4A8F000
|
unkown
|
page read and write
|
|
|
|
7FF5B7FFC000
|
unkown
|
page readonly
|
|
|
|
7FF5B856B000
|
unkown
|
page readonly
|
|
|
|
2B63000
|
unkown
|
page readonly
|
|
|
|
6ADD000
|
unkown
|
page read and write
|
|
|
|
7FF57A9E2000
|
unkown
|
page readonly
|
|
|
|
7FF5B8671000
|
unkown
|
page readonly
|
|
|
|
57E1000
|
unkown
|
page readonly
|
|
|
|
2BBD000
|
unkown
|
page readonly
|
|
|
|
4FA6000
|
unkown
|
page read and write
|
|
|
|
570B000
|
unkown
|
page readonly
|
|
|
|
2F45000
|
unkown
|
page readonly
|
|
|
|
947867F000
|
unkown
|
page read and write
|
|
|
|
504E000
|
unkown
|
page read and write
|
|
|
|
DD0000
|
heap private
|
page read and write
|
|
|
|
49EE000
|
unkown
|
page read and write
|
|
|
|
2F39000
|
unkown
|
page readonly
|
|
|
|
4B4E000
|
unkown
|
page read and write
|
|
|
|
2873000
|
unkown
|
page readonly
|
|
|
|
2DF9000
|
unkown
|
page readonly
|
|
|
|
1957942C000
|
unkown
|
page read and write
|
|
|
|
7FF5B8576000
|
unkown
|
page readonly
|
|
|
|
2F70000
|
unkown
|
page readonly
|
|
|
|
30E4000
|
unkown
|
page read and write
|
|
|
|
7FF5B83C7000
|
unkown
|
page readonly
|
|
|
|
6739F000
|
unkown image
|
page execute and read and write
|
|
|
|
E20000
|
unkown
|
page readonly
|
|
|
|
19573C25000
|
unkown
|
page read and write
|
|
|
|
24BD9F7000
|
unkown
|
page read and write
|
|
|
|
23AAD6DB000
|
heap default
|
page read and write
|
|
|
|
7FF5B8655000
|
unkown
|
page readonly
|
|
|
|
7FF5E5288000
|
unkown
|
page readonly
|
|
|
|
C3B000
|
unkown
|
page read and write
|
|
|
|
947887F000
|
unkown
|
page read and write
|
|
|
|
2B6A000
|
unkown
|
page readonly
|
|
|
|
7FF57A9E1000
|
unkown
|
page readonly
|
|
|
|
5D59000
|
unkown
|
page readonly
|
|
|
|
E70000
|
unkown
|
page read and write
|
|
|
|
195790D1000
|
unkown
|
page read and write
|
|
|
|
7FF5B8012000
|
unkown
|
page readonly
|
|
|
|
7FF535334000
|
unkown
|
page readonly
|
|
|
|
699E000
|
unkown
|
page read and write
|
|
|
|
24BE2FE000
|
unkown
|
page read and write
|
|
|
|
3105000
|
unkown
|
page read and write
|
|
|
|
1220000
|
unkown
|
page readonly
|
|
|
|
19574F90000
|
unkown
|
page read and write
|
|
|
|
195792F0000
|
unkown
|
page readonly
|
|
|
|
7FF57A96D000
|
unkown
|
page readonly
|
|
|
|
7FF535342000
|
unkown
|
page readonly
|
|
|
|
19578F90000
|
unkown
|
page read and write
|
|
|
|
2F88000
|
heap private
|
page read and write
|
|
|
|
7FF57A928000
|
unkown
|
page readonly
|
|
|
|
5070000
|
unkown
|
page readonly
|
|
|
|
24BDE7E000
|
unkown
|
page read and write
|
|
|
|
3072000
|
heap default
|
page read and write
|
|
|
|
7FF5E526A000
|
unkown
|
page readonly
|
|
|
|
7C0000
|
heap default
|
page read and write
|
|
|
|
19579210000
|
unkown
|
page read and write
|
|
|
|
4B0A000
|
unkown
|
page read and write
|
|
|
|
19579194000
|
unkown
|
page readonly
|
|
|
|
2BCF000
|
unkown
|
page readonly
|
|
|
|
2FE8000
|
unkown
|
page readonly
|
|
|
|
2A3C000
|
unkown
|
page readonly
|
|
|
|
4FA1000
|
unkown
|
page read and write
|
|
|
|
516E000
|
unkown
|
page read and write
|
|
|
|
22329C30000
|
heap default
|
page read and write
|
|
|
|
2F15000
|
unkown
|
page readonly
|
|
|
|
19573C00000
|
unkown
|
page read and write
|
|
|
|
67348000
|
unkown image
|
page execute read
|
|
|
|
7FF5E530A000
|
unkown
|
page readonly
|
|
|
|
19579413000
|
unkown
|
page read and write
|
|
|
|
7FF5B80FE000
|
unkown
|
page readonly
|
|
|
|
2C52000
|
unkown
|
page readonly
|
|
|
|
7FF534F15000
|
unkown
|
page readonly
|
|
|
|
7FF57A91C000
|
unkown
|
page readonly
|
|
|
|
2BB7000
|
unkown
|
page readonly
|
|
|
|
7FF57A9DA000
|
unkown
|
page readonly
|
|
|
|
7FF535288000
|
unkown
|
page readonly
|
|
|
|
2EF3000
|
unkown
|
page readonly
|
|
|
|
195794CD000
|
unkown
|
page read and write
|
|
|
|
740000
|
unkown
|
page read and write
|
|
|
|
3107000
|
unkown
|
page read and write
|
|
|
|
4BCE000
|
unkown
|
page read and write
|
|
|
|
674A9000
|
unkown image
|
page readonly
|
|
|
|
C10000
|
unkown
|
page readonly
|
|
|
|
19579500000
|
unkown
|
page read and write
|
|
|
|
19573C56000
|
unkown
|
page read and write
|
|
|
|
19573B40000
|
unkown
|
page readonly
|
|
|
|
8457A7F000
|
unkown
|
page read and write
|
|
|
|
24BE5FE000
|
unkown
|
page read and write
|
|
|
|
4AC0000
|
unkown
|
page readonly
|
|
|
|
19574B10000
|
unkown
|
page read and write
|
|
|
|
2B85000
|
unkown
|
page readonly
|
|
|
|
68427FA000
|
unkown
|
page read and write
|
|
|
|
195791AA000
|
unkown
|
page write copy
|
|
|
|
920000
|
heap private
|
page read and write
|
|
|
|
2CCB000
|
unkown
|
page readonly
|
|
|
|
6C1E000
|
unkown
|
page read and write
|
|
|
|
2BD1000
|
unkown
|
page readonly
|
|
|
|
23AAD8D0000
|
heap private
|
page read and write
|
|
|
|
22329C3B000
|
heap default
|
page read and write
|
|
|
|
47D0000
|
unkown
|
page readonly
|
|
|
|
7FF5B8441000
|
unkown
|
page readonly
|
|
|
|
E70000
|
unkown
|
page execute and read and write
|
|
|
|
639000
|
unkown
|
page read and write
|
|
|
|
19573C8A000
|
unkown
|
page read and write
|
|
|
|
504E000
|
unkown
|
page read and write
|
|
|
|
195790F4000
|
unkown
|
page read and write
|
|
|
|
590A000
|
unkown
|
page readonly
|
|
|
|
7FF5B8894000
|
unkown
|
page readonly
|
|
|
|
2C63000
|
unkown
|
page readonly
|
|
|
|
4F7F000
|
unkown
|
page read and write
|
|
|
|
B70000
|
unkown
|
page readonly
|
|
|
|
67321000
|
unkown image
|
page execute read
|
|
|
|
7FF5E5311000
|
unkown
|
page readonly
|
|
|
|
30FF000
|
unkown
|
page read and write
|
|
|
|
3105000
|
unkown
|
page read and write
|
|
|
|
24BE3FB000
|
unkown
|
page read and write
|
|
|
|
CA0000
|
unkown
|
page readonly
|
|
|
|
4FBA000
|
unkown
|
page read and write
|
|
|
|
7FF5B8494000
|
unkown
|
page readonly
|
|
|
|
2C58000
|
unkown
|
page readonly
|
|
|
|
19579220000
|
unkown
|
page read and write
|
|
|
|
1957941E000
|
unkown
|
page read and write
|
|
|
|
7FF53525B000
|
unkown
|
page readonly
|
|
|
|
287E000
|
unkown
|
page readonly
|
|
|
|
3107000
|
unkown
|
page read and write
|
|
|
|
195790D0000
|
unkown
|
page read and write
|
|
|
|
2BD1000
|
unkown
|
page readonly
|
|
|
|
22329C00000
|
unkown
|
page read and write
|
|
There are 645 hidden memdumps, click here to show them.