Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PL_503_13_570.docx
|
Microsoft Word 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\Sugvt[1].exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\toqqx.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\notpad\notpad.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\toqqx.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\826308279625120\temp
|
SQLite 3.x database, last written using SQLite version 3032001
|
dropped
|
 |
|
|
C:\ProgramData\843743064682002\_8437430646.zip
|
Zip archive data, at least v2.0 to extract
|
dropped
|
|
|
|
C:\ProgramData\843743064682002\cookies\Google Chrome_Default.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\843743064682002\cookies\Mozilla Firefox_7xwghk55.default.txt
|
ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\843743064682002\screenshot.jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024,
frames 3
|
dropped
|
|
|
|
C:\ProgramData\843743064682002\system.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\843743064682002\temp
|
SQLite 3.x database, last written using SQLite version 3032001
|
dropped
|
|
|
|
C:\ProgramData\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\sqlite3.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4C112D4.png
|
PNG image data, 288 x 424, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B4C77723-97C0-4A14-814E-1968BCE52029}.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FDB545E2-A1F4-4D0B-BC71-CA4D3862B689}.tmp
|
Targa image data - RLE 65536 x 65536 x 0 ""
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\PL_503_13_570.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15
2020, mtime=Wed Aug 26 14:08:15 2020, atime=Wed May 5 03:33:33 2021, length=96745, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$_503_13_570.docx
|
data
|
dropped
|
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
|
|
|
|
C:\Users\user\toqqx.exe
|
C:\Users\user\toqqx.exe
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
|
|
|
|
C:\Users\user\toqqx.exe
|
C:\Users\user\toqqx.exe
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
|
|
|
|
C:\Users\user\AppData\Local\Temp\toqqx.exe
|
C:\Users\user\AppData\Local\Temp\toqqx.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\toqqx.exe
|
C:\Users\user\AppData\Local\Temp\toqqx.exe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
'C:\Windows\System32\cmd.exe' /c taskkill /pid 2540 & erase C:\Users\user\AppData\Local\Temp\toqqx.exe & RD /S /Q C:\\ProgramData\\843743064682002\\*
& exit
|
|
|
|
C:\Windows\SysWOW64\taskkill.exe
|
taskkill /pid 2540
|
|
There are 2 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://198.98.60.43/6.jpg
|
198.98.60.43
|
|
|
|
http://198.98.60.43/main.php
|
198.98.60.43
|
|
|
|
http://ocsp.thawte.com0
|
unknown
|
|
|
|
http://31.210.20.6/3/Sugvt.exe
|
31.210.20.6
|
|
|
|
http://198.98.60.43/1.jpg
|
198.98.60.43
|
|
|
|
http://www.mozilla.com0
|
unknown
|
|
|
|
https://discord.com/
|
unknown
|
|
|
|
http://198.98.60.43/7.jpg
|
198.98.60.43
|
|
|
|
http://198.98.60.43/2.jpg
|
198.98.60.43
|
|
|
|
http://198.98.60.43/
|
198.98.60.43
|
|
|
|
https://discord.com/2
|
unknown
|
|
|
|
https://discord.com/6
|
unknown
|
|
|
|
http://198.98.60.43/3.jpg
|
198.98.60.43
|
|
|
|
https://discord.com/:
|
unknown
|
|
|
|
http://198.98.60.43/5.jpg
|
198.98.60.43
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://198.98.60.43/4.jpg
|
198.98.60.43
|
|
|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
|
|
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
|
|
|
https://duckduckgo.com/ac/?q=
|
unknown
|
|
|
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
|
|
|
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
|
unknown
|
|
|
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
|
|
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
|
|
|
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
|
There are 17 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
198.98.60.43
|
unknown
|
United States
|
|
|
|
31.210.20.6
|
unknown
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\toqqx.exe
|
Startup
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
~46
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
w56
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
n76
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
EC4B6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Arial Unicode MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Batang
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@BatangChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@DFKai-SB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Dotum
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@DotumChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@FangSong
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Gulim
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@GulimChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Gungsuh
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@GungsuhChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@KaiTi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Malgun Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Meiryo
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Meiryo UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Microsoft JhengHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Microsoft YaHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU_HKSCS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU_HKSCS-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS Mincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS PGothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS PMincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS UI Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@NSimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@PMingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@PMingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@SimHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@SimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@SimSun-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Agency FB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Aharoni
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Algerian
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Andalus
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Angsana New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
AngsanaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Aparajita
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arabic Typesetting
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Black
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Narrow
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Rounded MT Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Unicode MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Baskerville Old Face
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Batang
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
BatangChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bauhaus 93
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bell MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Berlin Sans FB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Berlin Sans FB Demi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bernard MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Blackadder ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT Black
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT Poster Compressed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Book Antiqua
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bookman Old Style
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bookshelf Symbol 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bradley Hand ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Britannic Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Broadway
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Browallia New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
BrowalliaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Brush Script MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Calibri
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Calibri Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Californian FB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Calisto MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cambria
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cambria Math
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Candara
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Castellar
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Centaur
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Century
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Century Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Century Schoolbook
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Chiller
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Colonna MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Comic Sans MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Consolas
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Constantia
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cooper Black
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Copperplate Gothic Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Copperplate Gothic Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Corbel
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cordia New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
CordiaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Courier New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Curlz MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DaunPenh
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
David
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DFKai-SB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DilleniaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DokChampa
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Dotum
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DotumChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Ebrima
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Edwardian Script ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Elephant
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Engravers MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Bold ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Demi ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Light ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Medium ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Estrangelo Edessa
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
EucrosiaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Euphemia
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FangSong
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Felix Titling
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Footlight MT Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Forte
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Book
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Demi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Demi Cond
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Heavy
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Medium
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Medium Cond
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FrankRuehl
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FreesiaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Freestyle Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
French Script MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gabriola
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Garamond
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gautami
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Georgia
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gigi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans MT Ext Condensed Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans Ultra Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans Ultra Bold Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gisha
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gloucester MT Extra Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Goudy Old Style
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Goudy Stout
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gulim
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
GulimChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gungsuh
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
GungsuhChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Haettenschweiler
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Harlow Solid Italic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Harrington
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
High Tower Text
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Impact
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Imprint MT Shadow
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Informal Roman
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
IrisUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Iskoola Pota
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
JasmineUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Jokerman
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Juice ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
KaiTi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kalinga
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kartika
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Khmer UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
KodchiangUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kokila
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kristen ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kunstler Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lao UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Latha
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Leelawadee
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Levenim MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
LilyUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Bright
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Calligraphy
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Console
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Fax
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Handwriting
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Sans
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Sans Typewriter
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Sans Unicode
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Magneto
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Maiandra GD
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Malgun Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Mangal
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Marlett
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Matura MT Script Capitals
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Meiryo
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Meiryo UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Himalaya
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft JhengHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft New Tai Lue
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft PhagsPa
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Sans Serif
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Tai Le
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Uighur
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft YaHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Yi Baiti
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU_HKSCS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU_HKSCS-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Miriam
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Miriam Fixed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Mistral
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Modern No. 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Mongolian Baiti
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Monotype Corsiva
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MoolBoran
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Mincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Outlook
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS PGothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS PMincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Reference Sans Serif
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Reference Specialty
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS UI Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MT Extra
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MV Boli
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Narkisim
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Niagara Engraved
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Niagara Solid
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NSimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Nyala
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
OCR A Extended
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Old English Text MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Onyx
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Palace Script MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Palatino Linotype
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Papyrus
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Parchment
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Perpetua
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Perpetua Titling MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Plantagenet Cherokee
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Playbill
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
PMingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
PMingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Poor Richard
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Pristina
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Raavi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rage Italic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Ravie
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rockwell
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rockwell Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rockwell Extra Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rod
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Sakkal Majalla
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Script MT Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe Print
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI Semibold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI Symbol
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Shonar Bangla
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Showcard Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Shruti
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SimHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Simplified Arabic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Simplified Arabic Fixed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SimSun-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Snap ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Stencil
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Sylfaen
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Symbol
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tahoma
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tempus Sans ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Times New Roman
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Traditional Arabic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Trebuchet MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tunga
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tw Cen MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tw Cen MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tw Cen MT Condensed Extra Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Utsaah
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vani
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Verdana
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vijaya
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Viner Hand ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vivaldi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vladimir Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vrinda
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Webdings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wide Latin
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wingdings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wingdings 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wingdings 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
F2C5E
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductNonBootFilesIntl_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
WORDFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
EquationEditorFilesIntl_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
F2C5E
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductNonBootFilesIntl_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Settings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ZoomApp
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MTTF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MTTA
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationEditorFilesIntl_1033
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SavedLegacySettings
|
|
|
|
C:\Users\user\toqqx.exe
|
Startup
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Zoom
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
CustomZoom
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ShowAll
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Version
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ForceOpen
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ToolbarDocked
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ToolbarShown
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ToolbarDockPos
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MTUpgradeDialog
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Full
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Script
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ScriptScript
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Symbol
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SubSymbol
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LineSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MatrixRowSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MatrixColSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SuperscriptHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SubscriptDepth
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LimHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LimDepth
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LimLineSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
NumerHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
DenomDepth
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
FractBarOver
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
FractBarThick
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SubFractBarThick
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
FenceOver
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SpacingFactor
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MinGap
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
RadicalGap
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EmbellGap
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
PrimeHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Text
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Function
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Variable
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LCGreek
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
UCGreek
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Symbol
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Vector
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Number
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
User1
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
User2
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationWindow
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SpacingWindow
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
TextLanguage
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MathLanguage
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationEditorFilesIntl_1033
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationEditorFilesIntl_1033
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Zoom
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
CustomZoom
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ShowAll
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Version
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ForceOpen
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ToolbarDocked
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ToolbarShown
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ToolbarDockPos
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MTUpgradeDialog
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Full
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Script
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ScriptScript
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Symbol
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SubSymbol
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LineSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MatrixRowSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MatrixColSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SuperscriptHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SubscriptDepth
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LimHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LimDepth
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LimLineSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
NumerHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
DenomDepth
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
FractBarOver
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
FractBarThick
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SubFractBarThick
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
FenceOver
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SpacingFactor
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MinGap
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
RadicalGap
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EmbellGap
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
PrimeHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationWindow
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SpacingWindow
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
TextLanguage
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MathLanguage
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Text
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Function
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Variable
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LCGreek
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
UCGreek
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Symbol
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Vector
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Number
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
User1
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
User2
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationEditorFilesIntl_1033
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Zoom
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
CustomZoom
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ShowAll
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Version
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ForceOpen
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ToolbarDocked
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ToolbarShown
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ToolbarDockPos
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MTUpgradeDialog
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Full
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Script
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
ScriptScript
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Symbol
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SubSymbol
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LineSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MatrixRowSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MatrixColSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SuperscriptHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SubscriptDepth
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LimHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LimDepth
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LimLineSpacing
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
NumerHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
DenomDepth
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
FractBarOver
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
FractBarThick
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SubFractBarThick
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
FenceOver
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SpacingFactor
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MinGap
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
RadicalGap
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EmbellGap
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
PrimeHeight
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationWindow
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SpacingWindow
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
TextLanguage
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
MathLanguage
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Text
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Function
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Variable
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
LCGreek
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
UCGreek
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Symbol
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Vector
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Number
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
User1
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
User2
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationEditorFilesIntl_1033
|
|
|
|
C:\Users\user\AppData\Local\Temp\toqqx.exe
|
SavedLegacySettings
|
|
|
|
C:\Users\user\AppData\Local\Temp\toqqx.exe
|
SavedLegacySettings
|
|
There are 467 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
A80000
|
unkown
|
page read and write
|
|
|
|
F60000
|
unkown
|
page write copy
|
|
|
|
360000
|
unkown
|
page readonly
|
|
|
|
B10000
|
unkown image
|
page readonly
|
|
|
|
260000
|
unkown
|
page read and write
|
|
|
|
89C000
|
unkown
|
page read and write
|
|
|
|
45C0000
|
unkown
|
page readonly
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
45BF000
|
unkown
|
page read and write
|
|
|
|
E2E000
|
unkown
|
page read and write | page guard
|
|
|
|
7B0000
|
unkown
|
page read and write
|
|
|
|
5601000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
CD0000
|
unkown
|
page readonly
|
|
|
|
2FE0000
|
unkown
|
page read and write
|
|
|
|
C90000
|
heap private
|
page execute and read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
4B12000
|
heap private
|
page read and write
|
|
|
|
2BBE000
|
unkown
|
page read and write
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
47F000
|
heap default
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
1032000
|
unkown image
|
page execute read
|
|
|
|
3A8000
|
unkown
|
page read and write
|
|
|
|
7D9000
|
unkown
|
page read and write
|
|
|
|
A0000
|
unkown
|
page read and write
|
|
|
|
8E0000
|
unkown
|
page read and write
|
|
|
|
9E0000
|
unkown
|
page readonly
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
107000
|
heap default
|
page read and write
|
|
|
|
517000
|
heap default
|
page read and write
|
|
|
|
4A00000
|
heap private
|
page execute and read and write
|
|
|
|
175000
|
unkown
|
page execute and read and write
|
|
|
|
2FE0000
|
unkown
|
page read and write
|
|
|
|
B10000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
346000
|
heap private
|
page read and write
|
|
|
|
1020000
|
unkown image
|
page readonly
|
|
|
|
390000
|
unkown
|
page read and write
|
|
|
|
48D000
|
heap default
|
page read and write
|
|
|
|
A70000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
2A6B000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
heap default
|
page read and write
|
|
|
|
43D000
|
heap default
|
page read and write
|
|
|
|
4D3000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
460000
|
heap private
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
181000
|
unkown
|
page read and write
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
106A000
|
unkown image
|
page readonly
|
|
|
|
2C20000
|
heap private
|
page read and write
|
|
|
|
477000
|
heap default
|
page read and write
|
|
|
|
105A000
|
unkown image
|
page readonly
|
|
|
|
829000
|
unkown
|
page read and write
|
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
A00000
|
unkown
|
page read and write
|
|
|
|
A7D000
|
unkown
|
page read and write
|
|
|
|
167000
|
unkown
|
page execute and read and write
|
|
|
|
6F0000
|
unkown
|
page readonly
|
|
|
|
177000
|
unkown
|
page execute and read and write
|
|
|
|
820000
|
unkown
|
page read and write
|
|
|
|
A4E000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
37A0000
|
heap private
|
page read and write
|
|
|
|
3D0000
|
unkown
|
page read and write
|
|
|
|
171000
|
unkown
|
page read and write
|
|
|
|
1020000
|
unkown image
|
page readonly
|
|
|
|
893000
|
unkown
|
page read and write
|
|
|
|
990000
|
unkown
|
page read and write
|
|
|
|
3FE0000
|
unkown
|
page readonly
|
|
|
|
88D000
|
unkown
|
page read and write
|
|
|
|
4D1E000
|
unkown
|
page read and write
|
|
|
|
188000
|
unkown
|
page read and write
|
|
|
|
2FE0000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
3E20000
|
unkown
|
page read and write
|
|
|
|
A5B000
|
unkown
|
page read and write
|
|
|
|
C20000
|
unkown
|
page read and write
|
|
|
|
2CBC000
|
unkown
|
page read and write
|
|
|
|
97A000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
8C9000
|
unkown
|
page read and write
|
|
|
|
170000
|
heap private
|
page read and write
|
|
|
|
2A7E000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
2BC0000
|
unkown
|
page read and write
|
|
|
|
88B000
|
unkown
|
page read and write
|
|
|
|
487000
|
heap default
|
page read and write
|
|
|
|
294C000
|
unkown
|
page read and write
|
|
|
|
980000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
BC4000
|
unkown
|
page read and write
|
|
|
|
768000
|
unkown
|
page read and write
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
162000
|
unkown
|
page read and write
|
|
|
|
A81000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
C0000
|
unkown
|
page read and write
|
|
|
|
2D70000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
7AB000
|
unkown
|
page read and write
|
|
|
|
268D000
|
unkown
|
page read and write
|
|
|
|
2DEF000
|
unkown
|
page read and write
|
|
|
|
3E00000
|
unkown
|
page read and write
|
|
|
|
3170000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
17F000
|
unkown
|
page read and write
|
|
|
|
849000
|
unkown
|
page read and write
|
|
|
|
B1D000
|
unkown
|
page read and write
|
|
|
|
2D70000
|
unkown
|
page read and write
|
|
|
|
2FE0000
|
unkown
|
page read and write
|
|
|
|
850000
|
unkown
|
page read and write
|
|
|
|
A70000
|
unkown
|
page read and write
|
|
|
|
3A30000
|
unkown
|
page readonly
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
37A4000
|
heap private
|
page read and write
|
|
|
|
1030000
|
unkown image
|
page readonly
|
|
|
|
6A0000
|
heap private
|
page read and write
|
|
|
|
91E000
|
unkown
|
page read and write
|
|
|
|
24B4000
|
unkown
|
page read and write
|
|
|
|
24A0000
|
unkown
|
page read and write
|
|
|
|
2BC0000
|
unkown
|
page read and write
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
BC5000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page readonly
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page readonly
|
|
|
|
DBE000
|
unkown
|
page read and write
|
|
|
|
6B8000
|
unkown
|
page read and write
|
|
|
|
A90000
|
unkown
|
page read and write
|
|
|
|
2521000
|
unkown
|
page read and write
|
|
|
|
5C6000
|
heap private
|
page read and write
|
|
|
|
2A74000
|
unkown
|
page read and write
|
|
|
|
1032000
|
unkown image
|
page execute read
|
|
|
|
3481000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
A5E000
|
unkown
|
page read and write
|
|
|
|
49DE000
|
unkown
|
page read and write
|
|
|
|
179000
|
unkown
|
page read and write
|
|
|
|
50E000
|
unkown
|
page read and write
|
|
|
|
15F000
|
unkown
|
page read and write
|
|
|
|
2BF000
|
unkown
|
page read and write
|
|
|
|
4ACE000
|
unkown
|
page read and write
|
|
|
|
3D6000
|
unkown
|
page read and write
|
|
|
|
48EE000
|
unkown
|
page read and write
|
|
|
|
B0000
|
unkown
|
page read and write
|
|
|
|
F0E000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
474000
|
heap default
|
page read and write
|
|
|
|
B4F000
|
unkown
|
page read and write
|
|
|
|
9F9000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
3170000
|
unkown
|
page read and write
|
|
|
|
513E000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
29EF000
|
unkown
|
page read and write
|
|
|
|
3250000
|
unkown
|
page read and write
|
|
|
|
173000
|
unkown
|
page read and write
|
|
|
|
24A5000
|
unkown
|
page read and write
|
|
|
|
A10000
|
unkown
|
page execute and read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
350000
|
unkown
|
page execute and read and write
|
|
|
|
6BB10000
|
unkown image
|
page readonly
|
|
|
|
385000
|
unkown
|
page read and write
|
|
|
|
166000
|
unkown
|
page execute and read and write
|
|
|
|
5C0000
|
unkown
|
page readonly
|
|
|
|
2D70000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
unkown
|
page read and write
|
|
|
|
489000
|
heap default
|
page read and write
|
|
|
|
820000
|
unkown
|
page read and write
|
|
|
|
EAE000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
unkown
|
page read and write
|
|
|
|
AFB000
|
unkown
|
page read and write
|
|
|
|
15D000
|
unkown
|
page execute and read and write
|
|
|
|
BD2000
|
heap private
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
7B0000
|
unkown
|
page read and write
|
|
|
|
26DF000
|
unkown
|
page read and write
|
|
|
|
2FE0000
|
unkown
|
page read and write
|
|
|
|
25DE000
|
unkown
|
page read and write
|
|
|
|
1022000
|
unkown image
|
page execute read
|
|
|
|
2481000
|
unkown
|
page read and write
|
|
|
|
5A0000
|
heap private
|
page read and write
|
|
|
|
87A000
|
unkown
|
page read and write
|
|
|
|
492E000
|
unkown
|
page read and write
|
|
|
|
B0000
|
heap default
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
59D000
|
unkown
|
page read and write
|
|
|
|
535E000
|
unkown
|
page read and write
|
|
|
|
280000
|
heap private
|
page read and write
|
|
|
|
435000
|
unkown
|
page execute and read and write
|
|
|
|
5705000
|
heap private
|
page read and write
|
|
|
|
2470000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
C4D000
|
unkown
|
page read and write
|
|
|
|
3BF0000
|
unkown
|
page read and write
|
|
|
|
4C70000
|
unkown
|
page readonly
|
|
|
|
878000
|
unkown
|
page read and write
|
|
|
|
3F0000
|
heap default
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
34E6000
|
unkown
|
page read and write
|
|
|
|
8C5000
|
unkown
|
page read and write
|
|
|
|
55FE000
|
unkown
|
page read and write | page guard
|
|
|
|
2470000
|
unkown
|
page read and write
|
|
|
|
DA000
|
unkown
|
page execute and read and write
|
|
|
|
3130000
|
heap private
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
5350000
|
unkown
|
page read and write
|
|
|
|
820000
|
unkown
|
page read and write
|
|
|
|
360000
|
unkown
|
page read and write
|
|
|
|
160000
|
heap private
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
16F000
|
unkown
|
page read and write
|
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
172000
|
unkown
|
page read and write
|
|
|
|
AFA000
|
unkown
|
page read and write
|
|
|
|
5722000
|
heap private
|
page read and write
|
|
|
|
8B9000
|
unkown
|
page read and write
|
|
|
|
2A4D000
|
unkown
|
page read and write
|
|
|
|
4BD000
|
heap default
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
76E000
|
unkown
|
page read and write
|
|
|
|
F10000
|
unkown
|
page readonly
|
|
|
|
990000
|
unkown
|
page read and write
|
|
|
|
140000
|
heap private
|
page read and write
|
|
|
|
AFB000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
275F000
|
unkown
|
page read and write
|
|
|
|
4964000
|
heap private
|
page read and write
|
|
|
|
4F30000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
898000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
7D0000
|
unkown
|
page read and write
|
|
|
|
8FF000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
87A000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
4A1E000
|
unkown
|
page read and write
|
|
|
|
A30000
|
unkown
|
page read and write
|
|
|
|
2C0D000
|
unkown
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
unkown
|
page execute and read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
1030000
|
unkown image
|
page readonly
|
|
|
|
1030000
|
unkown image
|
page readonly
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
C00000
|
unkown
|
page execute and read and write
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
990000
|
unkown
|
page read and write
|
|
|
|
810000
|
unkown
|
page read and write
|
|
|
|
7E7000
|
heap default
|
page read and write
|
|
|
|
8C8000
|
unkown
|
page read and write
|
|
|
|
4C0000
|
unkown
|
page readonly
|
|
|
|
248D000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
heap default
|
page read and write
|
|
|
|
4D8000
|
heap default
|
page read and write
|
|
|
|
2690000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
unkown
|
page read and write
|
|
|
|
97A000
|
unkown
|
page read and write
|
|
|
|
28A0000
|
heap private
|
page read and write
|
|
|
|
3C0000
|
unkown
|
page read and write
|
|
|
|
1430000
|
heap private
|
page read and write
|
|
|
|
750000
|
unkown
|
page execute and read and write
|
|
|
|
990000
|
unkown
|
page read and write
|
|
|
|
5140000
|
unkown
|
page readonly
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
8BE000
|
unkown
|
page read and write
|
|
|
|
2D70000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
A37000
|
unkown
|
page read and write
|
|
|
|
BAB000
|
unkown
|
page read and write
|
|
|
|
3680000
|
unkown
|
page read and write
|
|
|
|
162000
|
unkown
|
page read and write
|
|
|
|
9E0000
|
unkown
|
page read and write
|
|
|
|
3576000
|
unkown
|
page read and write
|
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
2EC0000
|
heap private
|
page read and write
|
|
|
|
3B7000
|
heap default
|
page read and write
|
|
|
|
3BF0000
|
unkown
|
page read and write
|
|
|
|
D6000
|
unkown
|
page execute and read and write
|
|
|
|
F8E000
|
unkown
|
page read and write
|
|
|
|
3F0000
|
heap default
|
page read and write
|
|
|
|
87A000
|
unkown
|
page read and write
|
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
3A9000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
BAD000
|
unkown
|
page read and write
|
|
|
|
3250000
|
unkown
|
page read and write
|
|
|
|
B3000
|
unkown
|
page execute and read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
4AF5000
|
heap private
|
page read and write
|
|
|
|
2800000
|
unkown
|
page read and write
|
|
|
|
C10000
|
unkown
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
BF0000
|
unkown
|
page read and write
|
|
|
|
8A2000
|
unkown
|
page read and write
|
|
|
|
950000
|
heap private
|
page read and write
|
|
|
|
29E8000
|
unkown
|
page read and write
|
|
|
|
4B0000
|
unkown
|
page read and write
|
|
|
|
3FC000
|
heap default
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
910000
|
heap private
|
page execute and read and write
|
|
|
|
1070000
|
unkown
|
page readonly
|
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
BD000
|
unkown
|
page execute and read and write
|
|
|
|
A1A000
|
unkown
|
page read and write
|
|
|
|
9F0000
|
unkown
|
page read and write
|
|
|
|
BB4000
|
heap private
|
page read and write
|
|
|
|
3680000
|
unkown
|
page read and write
|
|
|
|
88E000
|
unkown
|
page read and write
|
|
|
|
32B0000
|
unkown
|
page read and write
|
|
|
|
167000
|
unkown
|
page read and write
|
|
|
|
165000
|
unkown
|
page execute and read and write
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
37C2000
|
heap private
|
page read and write
|
|
|
|
1030000
|
unkown image
|
page readonly
|
|
|
|
2800000
|
unkown
|
page read and write
|
|
|
|
14D000
|
unkown
|
page execute and read and write
|
|
|
|
690000
|
unkown
|
page read and write
|
|
|
|
87A000
|
heap default
|
page read and write
|
|
|
|
446000
|
heap default
|
page read and write
|
|
|
|
1BC000
|
unkown
|
page read and write
|
|
|
|
3680000
|
unkown
|
page read and write
|
|
|
|
B20000
|
unkown
|
page read and write
|
|
|
|
A2D000
|
unkown
|
page read and write
|
|
|
|
25E0000
|
unkown
|
page readonly
|
|
|
|
55FF000
|
unkown
|
page read and write
|
|
|
|
3D4000
|
heap default
|
page read and write
|
|
|
|
3BF0000
|
unkown
|
page read and write
|
|
|
|
435000
|
unkown
|
page execute and read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
97A000
|
unkown
|
page read and write
|
|
|
|
5840000
|
unkown
|
page readonly
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
1030000
|
unkown image
|
page readonly
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
958000
|
heap private
|
page read and write
|
|
|
|
60900000
|
unkown image
|
page readonly
|
|
|
|
100000
|
heap default
|
page read and write
|
|
|
|
2D6E000
|
unkown
|
page read and write
|
|
|
|
48B000
|
heap default
|
page read and write
|
|
|
|
3F7000
|
heap default
|
page read and write
|
|
|
|
99D000
|
unkown
|
page read and write
|
|
|
|
37F0000
|
heap private
|
page read and write
|
|
|
|
A6E000
|
unkown
|
page read and write
|
|
|
|
89C000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
4AF0000
|
heap private
|
page execute and read and write
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
3680000
|
unkown
|
page read and write
|
|
|
|
280000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
105A000
|
unkown image
|
page readonly
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
32B0000
|
heap private
|
page read and write
|
|
|
|
4982000
|
heap private
|
page read and write
|
|
|
|
3E20000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
896000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
3133000
|
heap private
|
page read and write
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
8AD000
|
unkown
|
page read and write
|
|
|
|
30C0000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
F70000
|
unkown
|
page readonly
|
|
|
|
E2F000
|
unkown
|
page read and write
|
|
|
|
5E0000
|
heap private
|
page execute and read and write
|
|
|
|
17C000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
2FE0000
|
unkown
|
page read and write
|
|
|
|
2FE0000
|
unkown
|
page read and write
|
|
|
|
820000
|
unkown
|
page read and write
|
|
|
|
A7F000
|
unkown
|
page read and write
|
|
|
|
841000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
452000
|
heap default
|
page read and write
|
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
9AE000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
5070000
|
unkown
|
page read and write
|
|
|
|
A1A000
|
unkown
|
page read and write
|
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
2D70000
|
unkown
|
page read and write
|
|
|
|
414000
|
heap default
|
page read and write
|
|
|
|
24C4000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
97A000
|
unkown
|
page read and write
|
|
|
|
2693000
|
unkown
|
page read and write
|
|
|
|
458F000
|
unkown
|
page read and write
|
|
|
|
489000
|
heap default
|
page read and write
|
|
|
|
32B0000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
ED000
|
unkown
|
page read and write
|
|
|
|
185000
|
unkown
|
page read and write
|
|
|
|
348000
|
unkown
|
page read and write
|
|
|
|
A30000
|
unkown
|
page read and write
|
|
|
|
1032000
|
unkown image
|
page execute read
|
|
|
|
5B30000
|
unkown
|
page readonly
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
440000
|
unkown
|
page readonly
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
A90000
|
unkown
|
page read and write
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
370000
|
unkown
|
page readonly
|
|
|
|
3800000
|
unkown
|
page readonly
|
|
|
|
8FD000
|
unkown
|
page read and write
|
|
|
|
89B000
|
unkown
|
page read and write
|
|
|
|
A3B000
|
unkown
|
page read and write
|
|
|
|
990000
|
unkown
|
page read and write
|
|
|
|
390000
|
unkown
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
27FF000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
464000
|
heap private
|
page read and write
|
|
|
|
CBE000
|
unkown
|
page read and write
|
|
|
|
49F000
|
unkown
|
page read and write
|
|
|
|
16F000
|
unkown
|
page read and write
|
|
|
|
C10000
|
unkown image
|
page readonly
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
8B9000
|
unkown
|
page read and write
|
|
|
|
979000
|
unkown
|
page read and write
|
|
|
|
32B0000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
heap default
|
page read and write
|
|
|
|
80000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
CD000
|
unkown
|
page execute and read and write
|
|
|
|
4A4000
|
unkown
|
page read and write
|
|
|
|
B97000
|
unkown
|
page read and write
|
|
|
|
2D70000
|
unkown
|
page read and write
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
5F1E000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
3E5000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
5700000
|
heap private
|
page read and write
|
|
|
|
506E000
|
unkown
|
page read and write
|
|
|
|
56CE000
|
unkown
|
page read and write
|
|
|
|
2C20000
|
heap private
|
page read and write
|
|
|
|
2BC0000
|
unkown
|
page read and write
|
|
|
|
350000
|
unkown
|
page readonly
|
|
|
|
591E000
|
unkown
|
page read and write | page guard
|
|
|
|
39F000
|
unkown
|
page read and write
|
|
|
|
2FE0000
|
unkown
|
page read and write
|
|
|
|
DC0000
|
unkown
|
page readonly
|
|
|
|
1022000
|
unkown image
|
page execute read
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
38E000
|
unkown
|
page read and write
|
|
|
|
367D000
|
unkown
|
page read and write
|
|
|
|
8C0000
|
unkown
|
page read and write
|
|
|
|
105A000
|
unkown image
|
page readonly
|
|
|
|
2A6000
|
unkown
|
page read and write
|
|
|
|
34ED000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
3BF0000
|
unkown
|
page read and write
|
|
|
|
32B0000
|
unkown
|
page read and write
|
|
|
|
B34000
|
unkown
|
page read and write
|
|
|
|
1BB000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
9E1000
|
unkown
|
page read and write
|
|
|
|
839000
|
heap default
|
page read and write
|
|
|
|
1BB000
|
unkown
|
page read and write
|
|
|
|
5601000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
FFE000
|
unkown
|
page read and write
|
|
|
|
30C0000
|
unkown
|
page read and write
|
|
|
|
A4B000
|
unkown
|
page read and write
|
|
|
|
376000
|
unkown
|
page read and write
|
|
|
|
4FF000
|
heap default
|
page read and write
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
D2000
|
unkown
|
page read and write
|
|
|
|
1032000
|
unkown image
|
page execute read
|
|
|
|
24A0000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
A90000
|
unkown
|
page read and write
|
|
|
|
13D000
|
heap default
|
page read and write
|
|
|
|
3BF0000
|
unkown
|
page read and write
|
|
|
|
620000
|
unkown
|
page readonly
|
|
|
|
609E000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
970000
|
heap private
|
page read and write
|
|
|
|
BE0000
|
unkown
|
page readonly
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
3170000
|
unkown
|
page readonly
|
|
|
|
970000
|
unkown
|
page readonly
|
|
|
|
A81000
|
unkown
|
page read and write
|
|
|
|
9E1000
|
unkown
|
page read and write
|
|
|
|
820000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
heap private
|
page read and write
|
|
|
|
4590000
|
unkown
|
page readonly
|
|
|
|
4F2C000
|
unkown
|
page read and write
|
|
|
|
AFB000
|
unkown
|
page read and write
|
|
|
|
4E8000
|
heap default
|
page read and write
|
|
|
|
97A000
|
unkown
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
30C0000
|
unkown
|
page read and write
|
|
|
|
1030000
|
unkown image
|
page readonly
|
|
|
|
A68000
|
unkown
|
page read and write
|
|
|
|
162000
|
heap default
|
page read and write
|
|
|
|
C30000
|
unkown
|
page read and write
|
|
|
|
510000
|
unkown
|
page read and write
|
|
|
|
4960000
|
heap private
|
page read and write
|
|
|
|
172000
|
unkown
|
page read and write
|
|
|
|
3FC000
|
unkown
|
page read and write
|
|
|
|
A5B000
|
unkown
|
page read and write
|
|
|
|
FEE000
|
unkown
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
2A73000
|
unkown
|
page read and write
|
|
|
|
522E000
|
unkown
|
page read and write
|
|
|
|
2FE0000
|
unkown
|
page write copy
|
|
|
|
106A000
|
unkown image
|
page readonly
|
|
|
|
55FE000
|
unkown
|
page read and write
|
|
|
|
97A000
|
unkown
|
page read and write
|
|
|
|
2800000
|
unkown
|
page read and write
|
|
|
|
165000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
85B000
|
unkown
|
page read and write
|
|
|
|
24FC000
|
unkown
|
page read and write
|
|
|
|
E70000
|
unkown
|
page readonly
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
BF0000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
BC4000
|
unkown
|
page read and write
|
|
|
|
A30000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
1020000
|
unkown image
|
page readonly
|
|
|
|
430000
|
heap default
|
page read and write
|
|
|
|
875000
|
unkown
|
page read and write
|
|
|
|
9DD000
|
unkown
|
page read and write
|
|
|
|
89D000
|
unkown
|
page read and write
|
|
|
|
251F000
|
unkown
|
page read and write
|
|
|
|
8A2000
|
unkown
|
page read and write
|
|
|
|
4F0000
|
unkown
|
page readonly
|
|
|
|
F0E000
|
unkown
|
page read and write
|
|
|
|
249F000
|
unkown
|
page read and write
|
|
|
|
120000
|
unkown
|
page read and write
|
|
|
|
2BC0000
|
unkown
|
page read and write
|
|
|
|
990000
|
unkown
|
page read and write
|
|
|
|
2EA0000
|
unkown
|
page read and write
|
|
|
|
6BF000
|
unkown
|
page read and write
|
|
|
|
2800000
|
unkown
|
page read and write
|
|
|
|
29EC000
|
unkown
|
page read and write
|
|
|
|
176000
|
heap private
|
page read and write
|
|
|
|
2E60000
|
heap private
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
C80000
|
unkown
|
page readonly
|
|
|
|
F6F000
|
unkown
|
page read and write
|
|
|
|
5A8000
|
heap private
|
page read and write
|
|
|
|
A30000
|
unkown
|
page read and write
|
|
|
|
B4000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
B9E000
|
unkown
|
page read and write | page guard
|
|
|
|
105A000
|
unkown image
|
page readonly
|
|
|
|
6C0000
|
unkown
|
page readonly
|
|
|
|
2481000
|
unkown
|
page read and write
|
|
|
|
B24000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
B25000
|
unkown
|
page read and write
|
|
|
|
144000
|
unkown
|
page read and write
|
|
|
|
3170000
|
unkown
|
page read and write
|
|
|
|
A1A000
|
unkown
|
page read and write
|
|
|
|
16B000
|
unkown
|
page execute and read and write
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
2FF000
|
unkown
|
page read and write
|
|
|
|
55D000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
9E1000
|
unkown
|
page read and write
|
|
|
|
3E8000
|
unkown
|
page read and write
|
|
|
|
C0000
|
heap default
|
page read and write
|
|
|
|
4AF0000
|
heap private
|
page read and write
|
|
|
|
2AD000
|
unkown
|
page read and write
|
|
|
|
C5E000
|
unkown
|
page read and write
|
|
|
|
F2D000
|
unkown
|
page read and write
|
|
|
|
A30000
|
unkown
|
page read and write
|
|
|
|
494000
|
heap default
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
8DE000
|
unkown
|
page read and write
|
|
|
|
3250000
|
unkown
|
page read and write
|
|
|
|
2B9F000
|
unkown
|
page read and write
|
|
|
|
143000
|
unkown
|
page execute and read and write
|
|
|
|
2BC0000
|
unkown
|
page read and write
|
|
|
|
1020000
|
unkown image
|
page readonly
|
|
|
|
1022000
|
unkown image
|
page execute read
|
|
|
|
8A3000
|
unkown
|
page read and write
|
|
|
|
7F0000
|
unkown
|
page readonly
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
2830000
|
heap private
|
page read and write
|
|
|
|
34BE000
|
unkown
|
page read and write
|
|
|
|
2800000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
86E000
|
unkown
|
page read and write
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
804000
|
heap default
|
page read and write
|
|
|
|
887000
|
unkown
|
page read and write
|
|
|
|
181000
|
unkown
|
page read and write
|
|
|
|
24AF000
|
unkown
|
page read and write
|
|
|
|
AF7000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page readonly
|
|
|
|
32B0000
|
unkown
|
page read and write
|
|
|
|
BD4000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
48CE000
|
unkown
|
page read and write
|
|
|
|
8C7000
|
unkown
|
page read and write
|
|
|
|
591F000
|
unkown
|
page read and write
|
|
|
|
168000
|
unkown
|
page read and write
|
|
|
|
2BC0000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
3170000
|
unkown
|
page read and write
|
|
|
|
4ED000
|
heap default
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
8B9000
|
unkown
|
page read and write
|
|
|
|
B4E000
|
unkown
|
page read and write
|
|
|
|
2A6B000
|
unkown
|
page read and write
|
|
|
|
856000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
4DF0000
|
heap private
|
page read and write
|
|
|
|
30C0000
|
unkown
|
page read and write
|
|
|
|
27FC000
|
unkown
|
page read and write
|
|
|
|
976000
|
heap private
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
2FE0000
|
unkown
|
page read and write
|
|
|
|
1020000
|
unkown image
|
page readonly
|
|
|
|
51A000
|
unkown
|
page read and write
|
|
|
|
200000
|
unkown
|
page readonly
|
|
|
|
240000
|
unkown
|
page readonly
|
|
|
|
A81000
|
unkown
|
page read and write
|
|
|
|
388000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
1AA000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
375000
|
unkown
|
page read and write
|
|
|
|
891000
|
unkown
|
page read and write
|
|
|
|
17B000
|
unkown
|
page execute and read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
25BE000
|
unkown
|
page read and write
|
|
|
|
32AD000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
B50000
|
unkown
|
page readonly
|
|
|
|
87A000
|
unkown
|
page read and write
|
|
|
|
A5B000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
unkown
|
page execute and read and write
|
|
|
|
1022000
|
unkown image
|
page execute read
|
|
|
|
16D000
|
unkown
|
page read and write
|
|
|
|
3E4000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
4A4000
|
heap default
|
page read and write
|
|
|
|
583E000
|
unkown
|
page read and write
|
|
|
|
230000
|
unkown
|
page readonly
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
976000
|
heap private
|
page read and write
|
|
|
|
870000
|
unkown
|
page read and write
|
|
|
|
175000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
3D5000
|
unkown
|
page read and write
|
|
|
|
146000
|
heap default
|
page read and write
|
|
|
|
88C000
|
unkown
|
page read and write
|
|
|
|
89A000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown
|
page readonly
|
|
|
|
24F5000
|
unkown
|
page read and write
|
|
|
|
E0000
|
heap default
|
page read and write
|
|
|
|
A1A000
|
unkown
|
page read and write
|
|
|
|
30C0000
|
unkown
|
page read and write
|
|
|
|
A3E000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
1B0000
|
unkown
|
page readonly
|
|
|
|
F5E000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
A30000
|
unkown
|
page read and write
|
|
|
|
250000
|
unkown
|
page readonly
|
|
|
|
8CA000
|
unkown
|
page read and write
|
|
|
|
172000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
470000
|
heap default
|
page read and write
|
|
|
|
172000
|
unkown
|
page read and write
|
|
|
|
5180000
|
heap private
|
page read and write
|
|
|
|
765000
|
unkown
|
page read and write
|
|
|
|
A80000
|
unkown
|
page read and write
|
|
|
|
A1A000
|
unkown
|
page read and write
|
|
|
|
A19000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
703A0000
|
unkown image
|
page readonly
|
|
|
|
248D000
|
unkown
|
page read and write
|
|
|
|
990000
|
unkown
|
page read and write
|
|
|
|
570000
|
unkown
|
page readonly
|
|
|
|
186000
|
unkown
|
page read and write
|
|
|
|
534E000
|
unkown
|
page read and write
|
|
|
|
4C6C000
|
unkown
|
page read and write
|
|
|
|
1020000
|
unkown image
|
page readonly
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
32BB000
|
heap private
|
page read and write
|
|
|
|
240000
|
heap private
|
page execute and read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
3576000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
unkown
|
page read and write
|
|
|
|
2517000
|
unkown
|
page read and write
|
|
|
|
8BA000
|
unkown
|
page read and write
|
|
|
|
146000
|
heap private
|
page read and write
|
|
|
|
A1A000
|
unkown
|
page read and write
|
|
|
|
2800000
|
unkown
|
page read and write
|
|
|
|
2519000
|
unkown
|
page read and write
|
|
|
|
2FDF000
|
unkown
|
page read and write
|
|
|
|
16A000
|
unkown
|
page execute and read and write
|
|
|
|
2E20000
|
heap private
|
page read and write
|
|
|
|
3680000
|
unkown
|
page read and write
|
|
|
|
106A000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
34E6000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
2BC0000
|
unkown
|
page read and write
|
|
|
|
82E000
|
heap default
|
page read and write
|
|
|
|
C19000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
670000
|
unkown
|
page readonly
|
|
|
|
366F000
|
unkown
|
page read and write
|
|
|
|
A5A000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
A65000
|
unkown
|
page read and write
|
|
|
|
106A000
|
unkown image
|
page readonly
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
3481000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
heap private
|
page read and write
|
|
|
|
5BF000
|
unkown
|
page read and write
|
|
|
|
B9F000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
BB0000
|
heap private
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
97A000
|
unkown
|
page read and write
|
|
|
|
189000
|
unkown
|
page read and write
|
|
|
|
384000
|
unkown
|
page read and write
|
|
|
|
8BD000
|
unkown
|
page read and write
|
|
|
|
16E000
|
unkown
|
page read and write
|
|
|
|
5600000
|
unkown
|
page read and write
|
|
|
|
340000
|
heap private
|
page read and write
|
|
|
|
A1A000
|
unkown
|
page read and write
|
|
|
|
B24000
|
unkown
|
page read and write
|
|
There are 754 hidden memdumps, click here to show them.