Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
plan-1637276620.xlsm
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\2CAF7AE8-289A-4F25-868B-6D2546F9329C
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DF8B976F.png
|
PNG image data, 1133 x 589, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$plan-1637276620.xlsm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 60080 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F9EDFDD2.png
|
PNG image data, 1133 x 589, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\4ECE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\CabDAC6.tmp
|
Microsoft Cabinet archive data, 60080 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\TarDAC7.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue
Oct 17 10:04:00 2017, mtime=Tue Jun 22 19:26:38 2021, atime=Tue Jun 22 19:26:38 2021, length=8192, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\plan-1637276620.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13
2020, mtime=Tue Jun 22 19:26:38 2021, atime=Tue Jun 22 19:26:38 2021, length=93153, window=hide
|
dropped
|
|
|
|
C:\Users\user\Desktop\DFCE0000
|
data
|
dropped
|
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
 |
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 ..\wail1.dll
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 ..\wail2.dll
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\splwow64.exe
|
C:\Windows\splwow64.exe 12288
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://templatelogging.office.com/client/log
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
https://api.cortana.ai
|
unknown
|
|
|
|
https://onedrive.live.com
|
unknown
|
|
|
|
https://ovisualuiapp.azurewebsites.net/pbiagave/
|
unknown
|
|
|
|
https://visio.uservoice.com/forums/368202-visio-on-devices
|
unknown
|
|
|
|
https://directory.services.
|
unknown
|
|
|
|
https://login.windows-ppe.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://staging.cortana.ai
|
unknown
|
|
|
|
https://loki.delve.office.com/api/v1/configuration/officewin32/
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
There are 101 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iliknaturals.com
|
103.50.160.62
|
|
|
|
ieronymou.com
|
192.185.21.116
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.185.21.116
|
ieronymou.com
|
United States
|
|
|
|
103.50.160.62
|
iliknaturals.com
|
India
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
}'
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
~'
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RemoteClearDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Last
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
FilePath
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
StartDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
EndDate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Properties
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
Url
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastClean
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableWinHttpCertAuth
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableIsOwnerRegex
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableSessionAwareHttpClose
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableADALForExtendedApps
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DisableADALSetSilentAuth
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
msoridDisableGuestCredProvider
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
msoridDisableOstringReplace
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
FileFormatBallotBoxAppIDBootedOnce
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingConfigurableSettings
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastSyncTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastWriteTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
3.3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC5DE
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC9C5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ECA61
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ECB5A
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ECC25
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ECD4E
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ECDEA
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ECF9E
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED00C
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
3=3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F8749
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F88CF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
There are 142 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF54D59A000
|
unkown
|
page readonly
|
|
|
|
7FF5243F7000
|
unkown
|
page readonly
|
|
|
|
EDEE178000
|
unkown
|
page read and write
|
|
|
|
1A020710000
|
unkown
|
page read and write
|
|
|
|
7FF52C246000
|
unkown
|
page readonly
|
|
|
|
2A9C246C000
|
unkown
|
page read and write
|
|
|
|
7FF576955000
|
unkown
|
page readonly
|
|
|
|
7FF5A85ED000
|
unkown
|
page readonly
|
|
|
|
2EB99FAD000
|
unkown
|
page read and write
|
|
|
|
C34B675000
|
unkown
|
page read and write
|
|
|
|
7FF5A869A000
|
unkown
|
page readonly
|
|
|
|
7FF5243EC000
|
unkown
|
page readonly
|
|
|
|
7FF5A878A000
|
unkown
|
page readonly
|
|
|
|
7FF5A859E000
|
unkown
|
page readonly
|
|
|
|
7FF5244A4000
|
unkown
|
page readonly
|
|
|
|
1EF0AF60000
|
unkown
|
page write copy
|
|
|
|
2EB995E0000
|
unkown
|
page readonly
|
|
|
|
DD40B1E000
|
unkown
|
page read and write
|
|
|
|
1EF0CAA0000
|
unkown
|
page readonly
|
|
|
|
2A9C244A000
|
unkown
|
page read and write
|
|
|
|
7FF54D5A0000
|
unkown
|
page readonly
|
|
|
|
1ED22E54000
|
unkown
|
page read and write
|
|
|
|
1A0206FE000
|
unkown
|
page read and write
|
|
|
|
2C53A7E000
|
unkown
|
page read and write
|
|
|
|
7FF576682000
|
unkown
|
page readonly
|
|
|
|
2EB99FA7000
|
unkown
|
page read and write
|
|
|
|
1A931302000
|
unkown
|
page read and write
|
|
|
|
2EB99F2C000
|
unkown
|
page read and write
|
|
|
|
2EB995F0000
|
unkown
|
page read and write
|
|
|
|
2EB99F49000
|
unkown
|
page read and write
|
|
|
|
7FF5243BA000
|
unkown
|
page readonly
|
|
|
|
7FF513F7C000
|
unkown
|
page readonly
|
|
|
|
7FF576D80000
|
unkown
|
page readonly
|
|
|
|
1ED23000000
|
unkown
|
page write copy
|
|
|
|
7FF51403A000
|
unkown
|
page readonly
|
|
|
|
C34B8F7000
|
unkown
|
page read and write
|
|
|
|
7FF54D49B000
|
unkown
|
page readonly
|
|
|
|
7FF54D443000
|
unkown
|
page readonly
|
|
|
|
7FF576A59000
|
unkown
|
page readonly
|
|
|
|
EDEDB7E000
|
unkown
|
page read and write
|
|
|
|
2EB99F53000
|
unkown
|
page read and write
|
|
|
|
1EF0D235000
|
unkown
|
page read and write
|
|
|
|
1EF0B12F000
|
unkown
|
page read and write
|
|
|
|
7FF576B80000
|
unkown
|
page readonly
|
|
|
|
2EB99F9C000
|
unkown
|
page read and write
|
|
|
|
7FF52C4FD000
|
unkown
|
page readonly
|
|
|
|
2A9C2452000
|
unkown
|
page read and write
|
|
|
|
7FF513F88000
|
unkown
|
page readonly
|
|
|
|
7FF52C4F9000
|
unkown
|
page readonly
|
|
|
|
2EB99480000
|
heap default
|
page read and write
|
|
|
|
7FF54D5A5000
|
unkown
|
page readonly
|
|
|
|
7FF576E6A000
|
unkown
|
page readonly
|
|
|
|
7FF52C4AF000
|
unkown
|
page readonly
|
|
|
|
1EF0CF57000
|
unkown
|
page read and write
|
|
|
|
7FF52419F000
|
unkown
|
page readonly
|
|
|
|
2EB99F73000
|
unkown
|
page read and write
|
|
|
|
1A93126A000
|
unkown
|
page read and write
|
|
|
|
2EB99F72000
|
unkown
|
page read and write
|
|
|
|
7FF576D54000
|
unkown
|
page readonly
|
|
|
|
2EB9963C000
|
unkown
|
page read and write
|
|
|
|
7FF4F326A000
|
unkown
|
page readonly
|
|
|
|
2B19A2B0000
|
heap default
|
page read and write
|
|
|
|
1EF0D213000
|
unkown
|
page read and write
|
|
|
|
7FF576C88000
|
unkown
|
page readonly
|
|
|
|
2A9C2485000
|
unkown
|
page read and write
|
|
|
|
2C53977000
|
unkown
|
page read and write
|
|
|
|
7FF54D619000
|
unkown
|
page readonly
|
|
|
|
7FF52C4DE000
|
unkown
|
page readonly
|
|
|
|
2EB99F50000
|
unkown
|
page read and write
|
|
|
|
2EB9964C000
|
unkown
|
page read and write
|
|
|
|
7FF52BCE1000
|
unkown
|
page readonly
|
|
|
|
1ED22E6C000
|
unkown
|
page read and write
|
|
|
|
2EB99613000
|
unkown
|
page read and write
|
|
|
|
2EB996E1000
|
unkown
|
page read and write
|
|
|
|
2EB99716000
|
unkown
|
page read and write
|
|
|
|
2EB99F62000
|
unkown
|
page read and write
|
|
|
|
7FF5A8275000
|
unkown
|
page readonly
|
|
|
|
7FF5766D7000
|
unkown
|
page readonly
|
|
|
|
1A0206DD000
|
heap default
|
page read and write
|
|
|
|
1A93126B000
|
unkown
|
page read and write
|
|
|
|
70F517A000
|
unkown
|
page read and write
|
|
|
|
2EB99F71000
|
unkown
|
page read and write
|
|
|
|
7FF513FBE000
|
unkown
|
page readonly
|
|
|
|
2EB99655000
|
unkown
|
page read and write
|
|
|
|
2EB99F13000
|
unkown
|
page read and write
|
|
|
|
2EB99F43000
|
unkown
|
page read and write
|
|
|
|
1EF0B0E1000
|
unkown
|
page read and write
|
|
|
|
7FF513FAE000
|
unkown
|
page readonly
|
|
|
|
2294C9A0000
|
unkown
|
page readonly
|
|
|
|
2EB99FB4000
|
unkown
|
page read and write
|
|
|
|
1ED22E6B000
|
unkown
|
page read and write
|
|
|
|
1EF0CFDB000
|
unkown
|
page read and write
|
|
|
|
7FF5244AA000
|
unkown
|
page readonly
|
|
|
|
7FF5A8719000
|
unkown
|
page readonly
|
|
|
|
1EF0D2B7000
|
unkown
|
page read and write
|
|
|
|
1EF0CDE0000
|
unkown
|
page readonly
|
|
|
|
7FF54D5FF000
|
unkown
|
page readonly
|
|
|
|
1A02070A000
|
unkown
|
page read and write
|
|
|
|
1A0206F7000
|
unkown
|
page read and write
|
|
|
|
2EB9964F000
|
unkown
|
page read and write
|
|
|
|
1ED22D30000
|
unkown
|
page readonly
|
|
|
|
2B19AA60000
|
unkown
|
page readonly
|
|
|
|
7FF576DE8000
|
unkown
|
page readonly
|
|
|
|
2B19A489000
|
unkown
|
page read and write
|
|
|
|
2EB99F6B000
|
unkown
|
page read and write
|
|
|
|
7FF5768EE000
|
unkown
|
page readonly
|
|
|
|
7FF523C21000
|
unkown
|
page readonly
|
|
|
|
7FF4F3595000
|
unkown
|
page readonly
|
|
|
|
DD40A9B000
|
unkown
|
page read and write
|
|
|
|
2EB99F24000
|
unkown
|
page read and write
|
|
|
|
1A932C70000
|
unkown
|
page read and write
|
|
|
|
7FF5A86AB000
|
unkown
|
page readonly
|
|
|
|
7FF5A8260000
|
unkown
|
page readonly
|
|
|
|
2EB99F43000
|
unkown
|
page read and write
|
|
|
|
7FF513F5B000
|
unkown
|
page readonly
|
|
|
|
7FF5A86A0000
|
unkown
|
page readonly
|
|
|
|
7FF5243D7000
|
unkown
|
page readonly
|
|
|
|
1EF0CFFC000
|
unkown
|
page read and write
|
|
|
|
7FF4F360D000
|
unkown
|
page readonly
|
|
|
|
7FF52C388000
|
unkown
|
page readonly
|
|
|
|
7FF588B05000
|
unkown
|
page readonly
|
|
|
|
7FF5889E1000
|
unkown
|
page readonly
|
|
|
|
7FF5243C0000
|
unkown
|
page readonly
|
|
|
|
2EB99F67000
|
unkown
|
page read and write
|
|
|
|
7FF52C4D4000
|
unkown
|
page readonly
|
|
|
|
1EF0B03F000
|
unkown
|
page read and write
|
|
|
|
2EB99654000
|
unkown
|
page read and write
|
|
|
|
2EB99FD9000
|
unkown
|
page read and write
|
|
|
|
1EF0CF38000
|
unkown
|
page read and write
|
|
|
|
2EB99702000
|
unkown
|
page read and write
|
|
|
|
1EF0D383000
|
unkown
|
page read and write
|
|
|
|
2EB99800000
|
unkown
|
page readonly
|
|
|
|
7FF588AC3000
|
unkown
|
page readonly
|
|
|
|
2EB99F00000
|
unkown
|
page read and write
|
|
|
|
1A02070E000
|
unkown
|
page read and write
|
|
|
|
7FF52C4CA000
|
unkown
|
page readonly
|
|
|
|
7FF576995000
|
unkown
|
page readonly
|
|
|
|
1EF0CF87000
|
unkown
|
page read and write
|
|
|
|
2EB99658000
|
unkown
|
page read and write
|
|
|
|
7FF576DF6000
|
unkown
|
page readonly
|
|
|
|
2EB9965A000
|
unkown
|
page read and write
|
|
|
|
2B19A42A000
|
unkown
|
page read and write
|
|
|
|
7FF4F35EF000
|
unkown
|
page readonly
|
|
|
|
2A9C2350000
|
heap private
|
page read and write
|
|
|
|
2EB99F57000
|
unkown
|
page read and write
|
|
|
|
7FF52C361000
|
unkown
|
page readonly
|
|
|
|
7FF57685E000
|
unkown
|
page readonly
|
|
|
|
7FF524394000
|
unkown
|
page readonly
|
|
|
|
1EF0CF18000
|
unkown
|
page read and write
|
|
|
|
5C1C8CB000
|
unkown
|
page read and write
|
|
|
|
7FF52C37B000
|
unkown
|
page readonly
|
|
|
|
7FF576DEE000
|
unkown
|
page readonly
|
|
|
|
7FF588AFE000
|
unkown
|
page readonly
|
|
|
|
7FF576940000
|
unkown
|
page readonly
|
|
|
|
7FF576D22000
|
unkown
|
page readonly
|
|
|
|
7FF5A860C000
|
unkown
|
page readonly
|
|
|
|
1EF0E210000
|
unkown
|
page read and write
|
|
|
|
2294CA4D000
|
unkown
|
page read and write
|
|
|
|
1ED22E48000
|
unkown
|
page read and write
|
|
|
|
2B19A400000
|
unkown
|
page read and write
|
|
|
|
1EF0D383000
|
unkown
|
page read and write
|
|
|
|
1EF0AFB0000
|
unkown
|
page readonly
|
|
|
|
7FF523F22000
|
unkown
|
page readonly
|
|
|
|
7FF576D5F000
|
unkown
|
page readonly
|
|
|
|
7FF5768F2000
|
unkown
|
page readonly
|
|
|
|
7FF5A8716000
|
unkown
|
page readonly
|
|
|
|
7FF576D85000
|
unkown
|
page readonly
|
|
|
|
1A93126C000
|
unkown
|
page read and write
|
|
|
|
7FF4F3606000
|
unkown
|
page readonly
|
|
|
|
7FF588AA0000
|
unkown
|
page readonly
|
|
|
|
2EB9964A000
|
unkown
|
page read and write
|
|
|
|
2294CC00000
|
unkown
|
page readonly
|
|
|
|
1EF0D402000
|
unkown
|
page read and write
|
|
|
|
7FF524201000
|
unkown
|
page readonly
|
|
|
|
11AA77F000
|
unkown
|
page read and write
|
|
|
|
7FF54CD9C000
|
unkown
|
page readonly
|
|
|
|
7FF576E64000
|
unkown
|
page readonly
|
|
|
|
2294CA00000
|
unkown
|
page read and write
|
|
|
|
7FF576BD1000
|
unkown
|
page readonly
|
|
|
|
7FF524360000
|
unkown
|
page readonly
|
|
|
|
7FF5A8543000
|
unkown
|
page readonly
|
|
|
|
7FF5242C8000
|
unkown
|
page readonly
|
|
|
|
2EB99E02000
|
unkown
|
page read and write
|
|
|
|
1EF0B0FF000
|
unkown
|
page read and write
|
|
|
|
1EF0CFC7000
|
unkown
|
page read and write
|
|
|
|
7FF5A86EA000
|
unkown
|
page readonly
|
|
|
|
70F50FE000
|
unkown
|
page read and write
|
|
|
|
7FF576DB7000
|
unkown
|
page readonly
|
|
|
|
7FF4F34E3000
|
unkown
|
page readonly
|
|
|
|
7FF513FCD000
|
unkown
|
page readonly
|
|
|
|
7FF52C420000
|
unkown
|
page readonly
|
|
|
|
1EF0B0D4000
|
unkown
|
page read and write
|
|
|
|
1A93123F000
|
unkown
|
page read and write
|
|
|
|
7FF52442E000
|
unkown
|
page readonly
|
|
|
|
2EB99F71000
|
unkown
|
page read and write
|
|
|
|
7FF588B0B000
|
unkown
|
page readonly
|
|
|
|
7FF4F3156000
|
unkown
|
page readonly
|
|
|
|
7FF54D5CF000
|
unkown
|
page readonly
|
|
|
|
7FF54D175000
|
unkown
|
page readonly
|
|
|
|
2B19A402000
|
unkown
|
page read and write
|
|
|
|
7FF52C4EE000
|
unkown
|
page readonly
|
|
|
|
7FF54D692000
|
unkown
|
page readonly
|
|
|
|
7FF5A8784000
|
unkown
|
page readonly
|
|
|
|
1ED22D20000
|
heap default
|
page read and write
|
|
|
|
1ED22E67000
|
unkown
|
page read and write
|
|
|
|
7FF524211000
|
unkown
|
page readonly
|
|
|
|
2EB99F73000
|
unkown
|
page read and write
|
|
|
|
1A931268000
|
unkown
|
page read and write
|
|
|
|
7FF4F3681000
|
unkown
|
page readonly
|
|
|
|
1A93126C000
|
unkown
|
page read and write
|
|
|
|
2EB99629000
|
unkown
|
page read and write
|
|
|
|
1A931140000
|
unkown
|
page write copy
|
|
|
|
7FF54D481000
|
unkown
|
page readonly
|
|
|
|
7FF513F55000
|
unkown
|
page readonly
|
|
|
|
1EF0D266000
|
unkown
|
page read and write
|
|
|
|
1EF0E310000
|
unkown
|
page read and write
|
|
|
|
EDEDF7E000
|
unkown
|
page read and write
|
|
|
|
2EB99689000
|
unkown
|
page read and write
|
|
|
|
7FF52C47E000
|
unkown
|
page readonly
|
|
|
|
1A931213000
|
unkown
|
page read and write
|
|
|
|
EDEDA7B000
|
unkown
|
page read and write
|
|
|
|
7FF54D59E000
|
unkown
|
page readonly
|
|
|
|
7FF588B44000
|
unkown
|
page readonly
|
|
|
|
2EB996F4000
|
unkown
|
page read and write
|
|
|
|
7FF576B46000
|
unkown
|
page readonly
|
|
|
|
7FF52408A000
|
unkown
|
page readonly
|
|
|
|
2EB9A461000
|
unkown
|
page read and write
|
|
|
|
2EB99560000
|
unkown
|
page readonly
|
|
|
|
EDEE3FF000
|
unkown
|
page read and write
|
|
|
|
7FF576C61000
|
unkown
|
page readonly
|
|
|
|
7FF4F35D4000
|
unkown
|
page readonly
|
|
|
|
70F52FF000
|
unkown
|
page read and write
|
|
|
|
7FF524414000
|
unkown
|
page readonly
|
|
|
|
7FF5887CA000
|
unkown
|
page readonly
|
|
|
|
7FF588925000
|
unkown
|
page readonly
|
|
|
|
1A93126A000
|
unkown
|
page read and write
|
|
|
|
1EF0D297000
|
unkown
|
page read and write
|
|
|
|
2EB9A500000
|
unkown
|
page read and write
|
|
|
|
1EF0CF4A000
|
unkown
|
page read and write
|
|
|
|
1EF0B113000
|
unkown
|
page read and write
|
|
|
|
2EB9A402000
|
unkown
|
page read and write
|
|
|
|
1EF0B11C000
|
unkown
|
page read and write
|
|
|
|
7FF52438F000
|
unkown
|
page readonly
|
|
|
|
7FF5A871D000
|
unkown
|
page readonly
|
|
|
|
D641E7E000
|
unkown
|
page read and write
|
|
|
|
1EF0E110000
|
unkown
|
page read and write
|
|
|
|
EDEE07C000
|
unkown
|
page read and write
|
|
|
|
7FF5A84F1000
|
unkown
|
page readonly
|
|
|
|
7FF588BEA000
|
unkown
|
page readonly
|
|
|
|
1EF0AFF0000
|
unkown
|
page read and write
|
|
|
|
1EF0E310000
|
unkown
|
page read and write
|
|
|
|
2EB99F54000
|
unkown
|
page read and write
|
|
|
|
2294CA3C000
|
unkown
|
page read and write
|
|
|
|
1A0206E6000
|
heap default
|
page read and write
|
|
|
|
D64207A000
|
unkown
|
page read and write
|
|
|
|
2B19A450000
|
unkown
|
page read and write
|
|
|
|
7FF4F35BF000
|
unkown
|
page readonly
|
|
|
|
2B19A3A0000
|
unkown
|
page readonly
|
|
|
|
DD41177000
|
unkown
|
page read and write
|
|
|
|
7FF576BB4000
|
unkown
|
page readonly
|
|
|
|
2EB99F84000
|
unkown
|
page read and write
|
|
|
|
7FF576D6C000
|
unkown
|
page readonly
|
|
|
|
2EB99F9F000
|
unkown
|
page read and write
|
|
|
|
1EF0D0C0000
|
unkown
|
page readonly
|
|
|
|
2A9C2413000
|
unkown
|
page read and write
|
|
|
|
7FF588B7D000
|
unkown
|
page readonly
|
|
|
|
7FF523F99000
|
unkown
|
page readonly
|
|
|
|
2EB99F5F000
|
unkown
|
page read and write
|
|
|
|
1EF0AE90000
|
unkown
|
page readonly
|
|
|
|
7FF513F94000
|
unkown
|
page readonly
|
|
|
|
2294C9B0000
|
unkown
|
page readonly
|
|
|
|
1A93126C000
|
unkown
|
page read and write
|
|
|
|
7FF524306000
|
unkown
|
page readonly
|
|
|
|
7FF52C14F000
|
unkown
|
page readonly
|
|
|
|
D6428FB000
|
unkown
|
page read and write
|
|
|
|
2EB99600000
|
unkown
|
page read and write
|
|
|
|
1A9310D0000
|
heap private
|
page read and write
|
|
|
|
1A931229000
|
unkown
|
page read and write
|
|
|
|
2EB99F72000
|
unkown
|
page read and write
|
|
|
|
7FF5888BB000
|
unkown
|
page readonly
|
|
|
|
2EB99F42000
|
unkown
|
page read and write
|
|
|
|
7FF52440A000
|
unkown
|
page readonly
|
|
|
|
1EF0CE02000
|
unkown
|
page read and write
|
|
|
|
2EB99F62000
|
unkown
|
page read and write
|
|
|
|
1A931202000
|
unkown
|
page read and write
|
|
|
|
7FF5242C3000
|
unkown
|
page readonly
|
|
|
|
7FF54D5D7000
|
unkown
|
page readonly
|
|
|
|
D642A7C000
|
unkown
|
page read and write
|
|
|
|
1ED22E6B000
|
unkown
|
page read and write
|
|
|
|
D6427FB000
|
unkown
|
page read and write
|
|
|
|
2B19AC02000
|
unkown
|
page read and write
|
|
|
|
2EB99FBA000
|
unkown
|
page read and write
|
|
|
|
7FF52C2D9000
|
unkown
|
page readonly
|
|
|
|
2EB99F9F000
|
unkown
|
page read and write
|
|
|
|
2A9C244D000
|
unkown
|
page read and write
|
|
|
|
D6422FA000
|
unkown
|
page read and write
|
|
|
|
1EF0B120000
|
unkown
|
page read and write
|
|
|
|
7FF524352000
|
unkown
|
page readonly
|
|
|
|
2294CA6F000
|
unkown
|
page read and write
|
|
|
|
7FF54D691000
|
unkown
|
page readonly
|
|
|
|
1A93126B000
|
unkown
|
page read and write
|
|
|
|
1A0209C0000
|
heap private
|
page read and write
|
|
|
|
1EF0E110000
|
unkown
|
page read and write
|
|
|
|
7FF588B2F000
|
unkown
|
page readonly
|
|
|
|
1EF0E410000
|
unkown
|
page read and write
|
|
|
|
7FF513FC9000
|
unkown
|
page readonly
|
|
|
|
5C1C9CE000
|
unkown
|
page read and write
|
|
|
|
7FF4F34DD000
|
unkown
|
page readonly
|
|
|
|
7FF576615000
|
unkown
|
page readonly
|
|
|
|
7FF588B17000
|
unkown
|
page readonly
|
|
|
|
7FF52C13C000
|
unkown
|
page readonly
|
|
|
|
2294CB02000
|
unkown
|
page read and write
|
|
|
|
11AA57F000
|
unkown
|
page read and write
|
|
|
|
1A931246000
|
unkown
|
page read and write
|
|
|
|
7FF52408F000
|
unkown
|
page readonly
|
|
|
|
7FF4F3609000
|
unkown
|
page readonly
|
|
|
|
2A9C249E000
|
unkown
|
page read and write
|
|
|
|
2EB99670000
|
unkown
|
page read and write
|
|
|
|
7FF52C48B000
|
unkown
|
page readonly
|
|
|
|
1EF0B1A1000
|
unkown
|
page read and write
|
|
|
|
2A9C2400000
|
unkown
|
page read and write
|
|
|
|
1EF0D482000
|
unkown
|
page read and write
|
|
|
|
1A020630000
|
unkown
|
page readonly
|
|
|
|
D6424FB000
|
unkown
|
page read and write
|
|
|
|
2EB99F6B000
|
unkown
|
page read and write
|
|
|
|
EDEE2F8000
|
unkown
|
page read and write
|
|
|
|
2EB9967E000
|
unkown
|
page read and write
|
|
|
|
1EF0B082000
|
unkown
|
page read and write
|
|
|
|
2EB99F55000
|
unkown
|
page read and write
|
|
|
|
7FF54D684000
|
unkown
|
page readonly
|
|
|
|
7FF52C4F1000
|
unkown
|
page readonly
|
|
|
|
2EB99F5A000
|
unkown
|
page read and write
|
|
|
|
7FF576E72000
|
unkown
|
page readonly
|
|
|
|
2B19A44B000
|
unkown
|
page read and write
|
|
|
|
1EF0E210000
|
unkown
|
page read and write
|
|
|
|
1ED22E02000
|
unkown
|
page read and write
|
|
|
|
2A9C2502000
|
unkown
|
page read and write
|
|
|
|
1EF0D050000
|
unkown
|
page read and write
|
|
|
|
7FF5A868A000
|
unkown
|
page readonly
|
|
|
|
7FF4F35DA000
|
unkown
|
page readonly
|
|
|
|
7FF4F3674000
|
unkown
|
page readonly
|
|
|
|
7FF5A870E000
|
unkown
|
page readonly
|
|
|
|
2294CA55000
|
unkown
|
page read and write
|
|
|
|
7FF576DDF000
|
unkown
|
page readonly
|
|
|
|
7FF588B4A000
|
unkown
|
page readonly
|
|
|
|
2EB99FA5000
|
unkown
|
page read and write
|
|
|
|
7FF588B71000
|
unkown
|
page readonly
|
|
|
|
2294CB00000
|
unkown
|
page read and write
|
|
|
|
7FF5244B1000
|
unkown
|
page readonly
|
|
|
|
1EF0B000000
|
unkown
|
page read and write
|
|
|
|
2EB99FA7000
|
unkown
|
page read and write
|
|
|
|
7FF52C56A000
|
unkown
|
page readonly
|
|
|
|
2EB9A600000
|
unkown
|
page readonly
|
|
|
|
70F507E000
|
unkown
|
page read and write
|
|
|
|
7FF52C572000
|
unkown
|
page readonly
|
|
|
|
1ED24810000
|
unkown
|
page read and write
|
|
|
|
1EF0B160000
|
unkown
|
page read and write
|
|
|
|
7FF54D5B7000
|
unkown
|
page readonly
|
|
|
|
7FF513FB8000
|
unkown
|
page readonly
|
|
|
|
1EF0B0B3000
|
unkown
|
page read and write
|
|
|
|
1EF0D582000
|
unkown
|
page read and write
|
|
|
|
7FF524186000
|
unkown
|
page readonly
|
|
|
|
7FF588921000
|
unkown
|
page readonly
|
|
|
|
2EB99650000
|
unkown
|
page read and write
|
|
|
|
7FF576CD3000
|
unkown
|
page readonly
|
|
|
|
2EB9A402000
|
unkown
|
page read and write
|
|
|
|
2294D202000
|
unkown
|
page read and write
|
|
|
|
EDEDAFE000
|
unkown
|
page read and write
|
|
|
|
7FF52438B000
|
unkown
|
page readonly
|
|
|
|
2EB99F50000
|
unkown
|
page read and write
|
|
|
|
2EB99F70000
|
unkown
|
page read and write
|
|
|
|
2EB995F0000
|
unkown
|
page readonly
|
|
|
|
7FF5A8266000
|
unkown
|
page readonly
|
|
|
|
2EB99649000
|
unkown
|
page read and write
|
|
|
|
7FF52C480000
|
unkown
|
page readonly
|
|
|
|
1EF0B090000
|
unkown
|
page read and write
|
|
|
|
11AA4FF000
|
unkown
|
page read and write
|
|
|
|
7FF52417B000
|
unkown
|
page readonly
|
|
|
|
7FF54D608000
|
unkown
|
page readonly
|
|
|
|
2C5330E000
|
unkown
|
page read and write
|
|
|
|
70F51F9000
|
unkown
|
page read and write
|
|
|
|
11AA47A000
|
unkown
|
page read and write
|
|
|
|
2A9C242A000
|
unkown
|
page read and write
|
|
|
|
D6423FB000
|
unkown
|
page read and write
|
|
|
|
D641F79000
|
unkown
|
page read and write
|
|
|
|
7FF576DC4000
|
unkown
|
page readonly
|
|
|
|
7FF4F357C000
|
unkown
|
page readonly
|
|
|
|
1ED23250000
|
unkown
|
page readonly
|
|
|
|
2EB99FA0000
|
unkown
|
page read and write
|
|
|
|
7FF52C4C4000
|
unkown
|
page readonly
|
|
|
|
2EB99F9E000
|
unkown
|
page read and write
|
|
|
|
7FF576C7E000
|
unkown
|
page readonly
|
|
|
|
7FF524431000
|
unkown
|
page readonly
|
|
|
|
7FF514042000
|
unkown
|
page readonly
|
|
|
|
7FF4F359B000
|
unkown
|
page readonly
|
|
|
|
2B19A455000
|
unkown
|
page read and write
|
|
|
|
7FF54D166000
|
unkown
|
page readonly
|
|
|
|
7FF5241E5000
|
unkown
|
page readonly
|
|
|
|
1ED22F02000
|
unkown
|
page read and write
|
|
|
|
2B19A43C000
|
unkown
|
page read and write
|
|
|
|
7FF4F35BC000
|
unkown
|
page readonly
|
|
|
|
7FF5A868C000
|
unkown
|
page readonly
|
|
|
|
7FF5138A7000
|
unkown
|
page readonly
|
|
|
|
D64217B000
|
unkown
|
page read and write
|
|
|
|
7FF58835D000
|
unkown
|
page readonly
|
|
|
|
1EF0D040000
|
unkown
|
page readonly
|
|
|
|
1A931300000
|
unkown
|
page read and write
|
|
|
|
2EB99F4A000
|
unkown
|
page read and write
|
|
|
|
7FF4F3433000
|
unkown
|
page readonly
|
|
|
|
2C5328B000
|
unkown
|
page read and write
|
|
|
|
2A9C2500000
|
unkown
|
page read and write
|
|
|
|
7FF5243EF000
|
unkown
|
page readonly
|
|
|
|
7FF4F3682000
|
unkown
|
page readonly
|
|
|
|
2294CCD0000
|
unkown
|
page readonly
|
|
|
|
2A9C3140000
|
unkown
|
page readonly
|
|
|
|
7FF5A8379000
|
unkown
|
page readonly
|
|
|
|
1A931190000
|
unkown
|
page readonly
|
|
|
|
1EF0D225000
|
unkown
|
page read and write
|
|
|
|
2EB9A454000
|
unkown
|
page read and write
|
|
|
|
7FF5244B2000
|
unkown
|
page readonly
|
|
|
|
1EF0D080000
|
unkown
|
page read and write
|
|
|
|
2EB99F73000
|
unkown
|
page read and write
|
|
|
|
2EB99F57000
|
unkown
|
page read and write
|
|
|
|
2B19A413000
|
unkown
|
page read and write
|
|
|
|
7FF54D279000
|
unkown
|
page readonly
|
|
|
|
7FF513F50000
|
unkown
|
page readonly
|
|
|
|
7FF5A8417000
|
unkown
|
page readonly
|
|
|
|
7FF4F367A000
|
unkown
|
page readonly
|
|
|
|
2EB99CC0000
|
unkown
|
page readonly
|
|
|
|
7FF576CE4000
|
unkown
|
page readonly
|
|
|
|
D6426FB000
|
unkown
|
page read and write
|
|
|
|
1EF0D200000
|
unkown
|
page read and write
|
|
|
|
7FF576DD4000
|
unkown
|
page readonly
|
|
|
|
1EF0B170000
|
unkown
|
page read and write
|
|
|
|
7FF524428000
|
unkown
|
page readonly
|
|
|
|
7FF52C497000
|
unkown
|
page readonly
|
|
|
|
2EB99F62000
|
unkown
|
page read and write
|
|
|
|
1EF0E000000
|
unkown
|
page read and write
|
|
|
|
2A9C2513000
|
unkown
|
page read and write
|
|
|
|
7FF576946000
|
unkown
|
page readonly
|
|
|
|
1EF0D0B0000
|
unkown
|
page readonly
|
|
|
|
2EB99F72000
|
unkown
|
page read and write
|
|
|
|
1EF0E410000
|
unkown
|
page read and write
|
|
|
|
2EB99FA5000
|
unkown
|
page read and write
|
|
|
|
D642AFD000
|
unkown
|
page read and write
|
|
|
|
7FF5887CF000
|
unkown
|
page readonly
|
|
|
|
7FF5A8604000
|
unkown
|
page readonly
|
|
|
|
2A9C249B000
|
unkown
|
page read and write
|
|
|
|
2A9C2508000
|
unkown
|
page read and write
|
|
|
|
1EF0B161000
|
unkown
|
page read and write
|
|
|
|
1EF0D442000
|
unkown
|
page read and write
|
|
|
|
7FF4F3590000
|
unkown
|
page readonly
|
|
|
|
1A931313000
|
unkown
|
page read and write
|
|
|
|
7FF52430D000
|
unkown
|
page readonly
|
|
|
|
2EB9A461000
|
unkown
|
page read and write
|
|
|
|
1EF0B11F000
|
unkown
|
page read and write
|
|
|
|
7FF5888C6000
|
unkown
|
page readonly
|
|
|
|
7FF5766D3000
|
unkown
|
page readonly
|
|
|
|
1EF0D2DF000
|
unkown
|
page read and write
|
|
|
|
7FF54D58C000
|
unkown
|
page readonly
|
|
|
|
2B19A390000
|
unkown
|
page readonly
|
|
|
|
2EB99F59000
|
unkown
|
page read and write
|
|
|
|
1A931200000
|
unkown
|
page read and write
|
|
|
|
7FF5242A1000
|
unkown
|
page readonly
|
|
|
|
DD4137F000
|
unkown
|
page read and write
|
|
|
|
7FF4F34FC000
|
unkown
|
page readonly
|
|
|
|
2294CB08000
|
unkown
|
page read and write
|
|
|
|
2294D740000
|
unkown
|
page readonly
|
|
|
|
2B19A2C0000
|
unkown
|
page readonly
|
|
|
|
11AA5F9000
|
unkown
|
page read and write
|
|
|
|
1EF0D2D9000
|
unkown
|
page read and write
|
|
|
|
2EB996EB000
|
unkown
|
page read and write
|
|
|
|
7FF588BF2000
|
unkown
|
page readonly
|
|
|
|
7FF4F348E000
|
unkown
|
page readonly
|
|
|
|
1A93126C000
|
unkown
|
page read and write
|
|
|
|
D64227A000
|
unkown
|
page read and write
|
|
|
|
2EB996BC000
|
unkown
|
page read and write
|
|
|
|
1A931268000
|
unkown
|
page read and write
|
|
|
|
7FF54D61D000
|
unkown
|
page readonly
|
|
|
|
7FF5A8708000
|
unkown
|
page readonly
|
|
|
|
2EB99F56000
|
unkown
|
page read and write
|
|
|
|
2EB99F65000
|
unkown
|
page read and write
|
|
|
|
70F527E000
|
unkown
|
page read and write
|
|
|
|
7FF4F3150000
|
unkown
|
page readonly
|
|
|
|
5C1CC7A000
|
unkown
|
page read and write
|
|
|
|
D64297B000
|
unkown
|
page read and write
|
|
|
|
1EF0D050000
|
unkown
|
page read and write
|
|
|
|
7FF5243BE000
|
unkown
|
page readonly
|
|
|
|
1EF0D300000
|
unkown
|
page read and write
|
|
|
|
2EB996A6000
|
unkown
|
page read and write
|
|
|
|
7FF4F3165000
|
unkown
|
page readonly
|
|
|
|
1EF0B093000
|
unkown
|
page read and write
|
|
|
|
1A020500000
|
unkown
|
page readonly
|
|
|
|
2B19A46C000
|
unkown
|
page read and write
|
|
|
|
D64237C000
|
unkown
|
page read and write
|
|
|
|
2EB99708000
|
unkown
|
page read and write
|
|
|
|
2EB99F98000
|
unkown
|
page read and write
|
|
|
|
2EB99570000
|
unkown
|
page readonly
|
|
|
|
1EF0CF45000
|
unkown
|
page read and write
|
|
|
|
1A020620000
|
unkown
|
page readonly
|
|
|
|
2EB9A000000
|
unkown
|
page readonly
|
|
|
|
1EF0B0F3000
|
unkown
|
page read and write
|
|
|
|
1EF0CF32000
|
unkown
|
page read and write
|
|
|
|
1EF0B0DC000
|
unkown
|
page read and write
|
|
|
|
2B19A500000
|
unkown
|
page read and write
|
|
|
|
7FF524439000
|
unkown
|
page readonly
|
|
|
|
7FF576AF7000
|
unkown
|
page readonly
|
|
|
|
7FF4F33E1000
|
unkown
|
page readonly
|
|
|
|
7FF588361000
|
unkown
|
page readonly
|
|
|
|
7FF576D20000
|
unkown
|
page readonly
|
|
|
|
2C53B7E000
|
unkown
|
page read and write
|
|
|
|
7FF524219000
|
unkown
|
page readonly
|
|
|
|
2EB99F7E000
|
unkown
|
page read and write
|
|
|
|
7FF52439F000
|
unkown
|
page readonly
|
|
|
|
2EB99F85000
|
unkown
|
page read and write
|
|
|
|
1EF0E210000
|
unkown
|
page read and write
|
|
|
|
D6429FB000
|
unkown
|
page read and write
|
|
|
|
2EB99F32000
|
unkown
|
page read and write
|
|
|
|
1A020709000
|
unkown
|
page read and write
|
|
|
|
7FF576C23000
|
unkown
|
page readonly
|
|
|
|
2EB99F9C000
|
unkown
|
page read and write
|
|
|
|
2EB99F5C000
|
unkown
|
page read and write
|
|
|
|
7FF576D4B000
|
unkown
|
page readonly
|
|
|
|
5C1CDF9000
|
unkown
|
page read and write
|
|
|
|
7FF588B68000
|
unkown
|
page readonly
|
|
|
|
2EB99F42000
|
unkown
|
page read and write
|
|
|
|
7FF4F358E000
|
unkown
|
page readonly
|
|
|
|
7FF52C443000
|
unkown
|
page readonly
|
|
|
|
1EF0CFA4000
|
unkown
|
page read and write
|
|
|
|
7FF576D7E000
|
unkown
|
page readonly
|
|
|
|
7FF54D3F1000
|
unkown
|
page readonly
|
|
|
|
2EB996A4000
|
unkown
|
page read and write
|
|
|
|
1EF0D070000
|
unkown
|
page read and write
|
|
|
|
1A0209D0000
|
unkown
|
page readonly
|
|
|
|
2EB99F6D000
|
unkown
|
page read and write
|
|
|
|
1A931400000
|
unkown
|
page readonly
|
|
|
|
7FF5A85F3000
|
unkown
|
page readonly
|
|
|
|
2294D400000
|
unkown
|
page readonly
|
|
|
|
D64247B000
|
unkown
|
page read and write
|
|
|
|
2A9C2600000
|
unkown
|
page readonly
|
|
|
|
D6425FA000
|
unkown
|
page read and write
|
|
|
|
D64257A000
|
unkown
|
page read and write
|
|
|
|
2EB9A502000
|
unkown
|
page read and write
|
|
|
|
C34B77B000
|
unkown
|
page read and write
|
|
|
|
7FF52435C000
|
unkown
|
page readonly
|
|
|
|
7FF588AA2000
|
unkown
|
page readonly
|
|
|
|
2C5338E000
|
unkown
|
page read and write
|
|
|
|
7FF5A86A5000
|
unkown
|
page readonly
|
|
|
|
7FF576D7A000
|
unkown
|
page readonly
|
|
|
|
2EB99F7E000
|
unkown
|
page read and write
|
|
|
|
1ED22E29000
|
unkown
|
page read and write
|
|
|
|
2EB99F77000
|
unkown
|
page read and write
|
|
|
|
1A931268000
|
unkown
|
page read and write
|
|
|
|
1EF0D502000
|
unkown
|
page read and write
|
|
|
|
1EF0CFFA000
|
unkown
|
page read and write
|
|
|
|
2294C990000
|
heap default
|
page read and write
|
|
|
|
2EB99FAB000
|
unkown
|
page read and write
|
|
|
|
7FF576E71000
|
unkown
|
page readonly
|
|
|
|
7FF4F3307000
|
unkown
|
page readonly
|
|
|
|
2EB99FA5000
|
unkown
|
page read and write
|
|
|
|
1ED22CC0000
|
heap private
|
page read and write
|
|
|
|
7FF5241F6000
|
unkown
|
page readonly
|
|
|
|
7FF576D8B000
|
unkown
|
page readonly
|
|
|
|
2B19A44D000
|
unkown
|
page read and write
|
|
|
|
2EB9964B000
|
unkown
|
page read and write
|
|
|
|
2EB99F3C000
|
unkown
|
page read and write
|
|
|
|
1EF0D482000
|
unkown
|
page read and write
|
|
|
|
2EB9A402000
|
unkown
|
page read and write
|
|
|
|
7FF4F34F4000
|
unkown
|
page readonly
|
|
|
|
1A93126A000
|
unkown
|
page read and write
|
|
|
|
7FF4F35A7000
|
unkown
|
page readonly
|
|
|
|
D64267B000
|
unkown
|
page read and write
|
|
|
|
2B19A449000
|
unkown
|
page read and write
|
|
|
|
1A02070A000
|
unkown
|
page read and write
|
|
|
|
7FF5A86B7000
|
unkown
|
page readonly
|
|
|
|
1EF0D090000
|
unkown
|
page readonly
|
|
|
|
7FF52C2A1000
|
unkown
|
page readonly
|
|
|
|
7FF54D4F3000
|
unkown
|
page readonly
|
|
|
|
1ED22E00000
|
unkown
|
page read and write
|
|
|
|
7FF524436000
|
unkown
|
page readonly
|
|
|
|
2B19AE00000
|
unkown
|
page readonly
|
|
|
|
C34BAFE000
|
unkown
|
page read and write
|
|
|
|
C34B57E000
|
unkown
|
page read and write
|
|
|
|
2294CA83000
|
unkown
|
page read and write
|
|
|
|
1EF0B08A000
|
unkown
|
page read and write
|
|
|
|
7FF5889FB000
|
unkown
|
page readonly
|
|
|
|
1EF0D383000
|
unkown
|
page read and write
|
|
|
|
7FF4F348B000
|
unkown
|
page readonly
|
|
|
|
7FF588B38000
|
unkown
|
page readonly
|
|
|
|
2C537FB000
|
unkown
|
page read and write
|
|
|
|
1EF0B200000
|
unkown
|
page readonly
|
|
|
|
1A932D70000
|
unkown
|
page readonly
|
|
|
|
5C1CCF9000
|
unkown
|
page read and write
|
|
|
|
2EB99F59000
|
unkown
|
page read and write
|
|
|
|
2B19A600000
|
unkown
|
page readonly
|
|
|
|
7FF4F3471000
|
unkown
|
page readonly
|
|
|
|
2A9C244F000
|
unkown
|
page read and write
|
|
|
|
7FF5A859B000
|
unkown
|
page readonly
|
|
|
|
1EF0CF00000
|
unkown
|
page read and write
|
|
|
|
7FF523CC2000
|
unkown
|
page readonly
|
|
|
|
7FF54D5EA000
|
unkown
|
page readonly
|
|
|
|
1EF0B058000
|
unkown
|
page read and write
|
|
|
|
1A0205F0000
|
unkown
|
page read and write
|
|
|
|
7FF54D4ED000
|
unkown
|
page readonly
|
|
|
|
1EF0CDF0000
|
heap private
|
page read and write
|
|
|
|
1EF0C9A0000
|
unkown
|
page read and write
|
|
|
|
2EB9964D000
|
unkown
|
page read and write
|
|
|
|
2B19A48C000
|
unkown
|
page read and write
|
|
|
|
7FF4F35E4000
|
unkown
|
page readonly
|
|
|
|
1EF0D050000
|
unkown
|
page read and write
|
|
|
|
2EB99F6C000
|
unkown
|
page read and write
|
|
|
|
7FF523C1D000
|
unkown
|
page readonly
|
|
|
|
C34B4FE000
|
unkown
|
page read and write
|
|
|
|
7FF514034000
|
unkown
|
page readonly
|
|
|
|
2EB99F8B000
|
unkown
|
page read and write
|
|
|
|
7FF576DCA000
|
unkown
|
page readonly
|
|
|
|
2EB99F5C000
|
unkown
|
page read and write
|
|
|
|
7FF5243AA000
|
unkown
|
page readonly
|
|
|
|
7FF52C23B000
|
unkown
|
page readonly
|
|
|
|
2EB99F85000
|
unkown
|
page read and write
|
|
|
|
7FF54D317000
|
unkown
|
page readonly
|
|
|
|
1A020708000
|
unkown
|
page read and write
|
|
|
|
7FF576DAF000
|
unkown
|
page readonly
|
|
|
|
2EB99652000
|
unkown
|
page read and write
|
|
|
|
1EF0CFFB000
|
unkown
|
page read and write
|
|
|
|
D64277D000
|
unkown
|
page read and write
|
|
|
|
C34B9FE000
|
unkown
|
page read and write
|
|
|
|
2EB99F98000
|
unkown
|
page read and write
|
|
|
|
1A9314D0000
|
unkown
|
page readonly
|
|
|
|
2EB9A402000
|
unkown
|
page read and write
|
|
|
|
7FF5242BB000
|
unkown
|
page readonly
|
|
|
|
7FF52C383000
|
unkown
|
page readonly
|
|
|
|
1EF0D582000
|
unkown
|
page read and write
|
|
|
|
7FF54D58A000
|
unkown
|
page readonly
|
|
|
|
7FF588B00000
|
unkown
|
page readonly
|
|
|
|
1A931269000
|
unkown
|
page read and write
|
|
|
|
2B19A513000
|
unkown
|
page read and write
|
|
|
|
1ED24910000
|
unkown
|
page readonly
|
|
|
|
1A0206FE000
|
unkown
|
page read and write
|
|
|
|
7FF52C485000
|
unkown
|
page readonly
|
|
|
|
2EB99F9B000
|
unkown
|
page read and write
|
|
|
|
7FF576D6A000
|
unkown
|
page readonly
|
|
|
|
7FF588A03000
|
unkown
|
page readonly
|
|
|
|
7FF54D5E4000
|
unkown
|
page readonly
|
|
|
|
1ED22E3F000
|
unkown
|
page read and write
|
|
|
|
7FF5A86FF000
|
unkown
|
page readonly
|
|
|
|
7FF4F35C7000
|
unkown
|
page readonly
|
|
|
|
7FF54D5F4000
|
unkown
|
page readonly
|
|
|
|
7FF52C4B8000
|
unkown
|
page readonly
|
|
|
|
2EB99F72000
|
unkown
|
page read and write
|
|
|
|
7FF52441E000
|
unkown
|
page readonly
|
|
|
|
7FF5243AC000
|
unkown
|
page readonly
|
|
|
|
7FF5A8791000
|
unkown
|
page readonly
|
|
|
|
1A0209C5000
|
heap private
|
page read and write
|
|
|
|
2A9C23B0000
|
heap default
|
page read and write
|
|
|
|
7FF588B6E000
|
unkown
|
page readonly
|
|
|
|
2EB99F72000
|
unkown
|
page read and write
|
|
|
|
2EB99F6A000
|
unkown
|
page read and write
|
|
|
|
7FF52C422000
|
unkown
|
page readonly
|
|
|
|
2EB99F46000
|
unkown
|
page read and write
|
|
|
|
1A0206E1000
|
unkown
|
page read and write
|
|
|
|
1A931233000
|
unkown
|
page read and write
|
|
|
|
7FF5A86F4000
|
unkown
|
page readonly
|
|
|
|
7FF54D616000
|
unkown
|
page readonly
|
|
|
|
2EB996C3000
|
unkown
|
page read and write
|
|
|
|
7FF576C2A000
|
unkown
|
page readonly
|
|
|
|
7FF5137E5000
|
unkown
|
page readonly
|
|
|
|
2EB996A8000
|
unkown
|
page read and write
|
|
|
|
1A0206E6000
|
unkown
|
page read and write
|
|
|
|
7FF513F7F000
|
unkown
|
page readonly
|
|
|
|
2EB99580000
|
unkown
|
page read and write
|
|
|
|
2B19A3B0000
|
unkown
|
page read and write
|
|
|
|
7FF54D5AB000
|
unkown
|
page readonly
|
|
|
|
7FF4F357A000
|
unkown
|
page readonly
|
|
|
|
7FF52C4AC000
|
unkown
|
page readonly
|
|
|
|
2EB9A402000
|
unkown
|
page read and write
|
|
|
|
1ED23050000
|
unkown
|
page readonly
|
|
|
|
7FF5A7E9C000
|
unkown
|
page readonly
|
|
|
|
7FF524383000
|
unkown
|
page readonly
|
|
|
|
EDEE4FC000
|
unkown
|
page read and write
|
|
|
|
7FF576C83000
|
unkown
|
page readonly
|
|
|
|
7FF52C564000
|
unkown
|
page readonly
|
|
|
|
1EF0B054000
|
unkown
|
page read and write
|
|
|
|
C34B47B000
|
unkown
|
page read and write
|
|
|
|
7FF5A8792000
|
unkown
|
page readonly
|
|
|
|
1EF0B13F000
|
unkown
|
page read and write
|
|
|
|
D6421FC000
|
unkown
|
page read and write
|
|
|
|
7FF588B76000
|
unkown
|
page readonly
|
|
|
|
EDEDC75000
|
unkown
|
page read and write
|
|
|
|
1A0206DB000
|
heap default
|
page read and write
|
|
|
|
2EB99F88000
|
unkown
|
page read and write
|
|
|
|
2EB99490000
|
unkown
|
page readonly
|
|
|
|
2A9C2C02000
|
unkown
|
page read and write
|
|
|
|
11AA6FE000
|
unkown
|
page read and write
|
|
|
|
7FF54D49E000
|
unkown
|
page readonly
|
|
|
|
2EB99420000
|
heap private
|
page read and write
|
|
|
|
1A93126A000
|
unkown
|
page read and write
|
|
|
|
7FF54D160000
|
unkown
|
page readonly
|
|
|
|
DD40FFB000
|
unkown
|
page read and write
|
|
|
|
7FF4F358A000
|
unkown
|
page readonly
|
|
|
|
7FF4F35F8000
|
unkown
|
page readonly
|
|
|
|
7FF514041000
|
unkown
|
page readonly
|
|
|
|
7FF5A86E4000
|
unkown
|
page readonly
|
|
|
|
2B19A508000
|
unkown
|
page read and write
|
|
|
|
D641FFE000
|
unkown
|
page read and write
|
|
|
|
7FF576DAC000
|
unkown
|
page readonly
|
|
|
|
1EF0B120000
|
unkown
|
page read and write
|
|
|
|
2EB996EB000
|
unkown
|
page read and write
|
|
|
|
7FF576DF9000
|
unkown
|
page readonly
|
|
|
|
7FF52407C000
|
unkown
|
page readonly
|
|
|
|
7FF524097000
|
unkown
|
page readonly
|
|
|
|
1EF0E410000
|
unkown
|
page read and write
|
|
|
|
2EB99F59000
|
unkown
|
page read and write
|
|
|
|
2EB99F4F000
|
unkown
|
page read and write
|
|
|
|
1EF0B121000
|
unkown
|
page read and write
|
|
|
|
2EB99F62000
|
unkown
|
page read and write
|
|
|
|
7FF588BE4000
|
unkown
|
page readonly
|
|
|
|
1EF0AE80000
|
heap default
|
page read and write
|
|
|
|
DD40EF5000
|
unkown
|
page read and write
|
|
|
|
7FF5A8581000
|
unkown
|
page readonly
|
|
|
|
2EB99F72000
|
unkown
|
page read and write
|
|
|
|
1A0206FE000
|
unkown
|
page read and write
|
|
|
|
1EF0D343000
|
unkown
|
page read and write
|
|
|
|
7FF588AFA000
|
unkown
|
page readonly
|
|
|
|
1EF0D050000
|
unkown
|
page read and write
|
|
|
|
7FF5A86CF000
|
unkown
|
page readonly
|
|
|
|
2EB99F98000
|
unkown
|
page read and write
|
|
|
|
D641BBE000
|
unkown
|
page read and write
|
|
|
|
2A9C2455000
|
unkown
|
page read and write
|
|
|
|
1EF0B0B1000
|
unkown
|
page read and write
|
|
|
|
1A0205D0000
|
unkown
|
page read and write
|
|
|
|
1EF0E410000
|
unkown
|
page read and write
|
|
|
|
2EB995D0000
|
unkown
|
page readonly
|
|
|
|
2A9C23E0000
|
unkown
|
page read and write
|
|
|
|
2EB99F9E000
|
unkown
|
page read and write
|
|
|
|
2294CB13000
|
unkown
|
page read and write
|
|
|
|
2EB9967D000
|
unkown
|
page read and write
|
|
|
|
7FF52BCDD000
|
unkown
|
page readonly
|
|
|
|
1EF0D060000
|
unkown
|
page read and write
|
|
|
|
2EB99F7B000
|
unkown
|
page read and write
|
|
|
|
2294CA4A000
|
unkown
|
page read and write
|
|
|
|
7FF5887D7000
|
unkown
|
page readonly
|
|
|
|
7FF5241E1000
|
unkown
|
page readonly
|
|
|
|
2B19A502000
|
unkown
|
page read and write
|
|
|
|
7FF54D60E000
|
unkown
|
page readonly
|
|
|
|
7FF54D5CC000
|
unkown
|
page readonly
|
|
|
|
7FF524404000
|
unkown
|
page readonly
|
|
|
|
1EF0AE20000
|
heap private
|
page read and write
|
|
|
|
2EB99F82000
|
unkown
|
page read and write
|
|
|
|
2EB99F9E000
|
unkown
|
page read and write
|
|
|
|
7FF52C157000
|
unkown
|
page readonly
|
|
|
|
1EF0CFE8000
|
unkown
|
page read and write
|
|
|
|
1A931269000
|
unkown
|
page read and write
|
|
|
|
2EB9A402000
|
unkown
|
page read and write
|
|
|
|
DD4127F000
|
unkown
|
page read and write
|
|
|
|
7FF576D4F000
|
unkown
|
page readonly
|
|
|
|
2EB99F5C000
|
unkown
|
page read and write
|
|
|
|
1EF0CF73000
|
unkown
|
page read and write
|
|
|
|
2C5387F000
|
unkown
|
page read and write
|
|
|
|
70F4DAB000
|
unkown
|
page read and write
|
|
|
|
7FF52C4E8000
|
unkown
|
page readonly
|
|
|
|
EDEDD77000
|
unkown
|
page read and write
|
|
|
|
7FF5241F4000
|
unkown
|
page readonly
|
|
|
|
7FF52C4F6000
|
unkown
|
page readonly
|
|
|
|
7FF5887BC000
|
unkown
|
page readonly
|
|
|
|
D641EFA000
|
unkown
|
page read and write
|
|
|
|
2EB99FA5000
|
unkown
|
page read and write
|
|
|
|
7FF524362000
|
unkown
|
page readonly
|
|
|
|
1EF0CF5F000
|
unkown
|
page read and write
|
|
|
|
2294CA29000
|
unkown
|
page read and write
|
|
|
|
2A9C243C000
|
unkown
|
page read and write
|
|
|
|
2EB99F9E000
|
unkown
|
page read and write
|
|
|
|
1EF0E310000
|
unkown
|
page read and write
|
|
|
|
1EF0D442000
|
unkown
|
page read and write
|
|
|
|
1EF0B086000
|
unkown
|
page read and write
|
|
|
|
7FF588B54000
|
unkown
|
page readonly
|
|
|
|
7FF57657C000
|
unkown
|
page readonly
|
|
|
|
7FF54D504000
|
unkown
|
page readonly
|
|
|
|
2EB9A400000
|
unkown
|
page read and write
|
|
|
|
7FF52C571000
|
unkown
|
page readonly
|
|
|
|
2EB99F5B000
|
unkown
|
page read and write
|
|
|
|
2EB99F60000
|
unkown
|
page read and write
|
|
|
|
2EB995F0000
|
unkown
|
page read and write
|
|
|
|
2EB99F8D000
|
unkown
|
page read and write
|
|
|
|
1A93126D000
|
unkown
|
page read and write
|
|
|
|
1EF0D2E4000
|
unkown
|
page read and write
|
|
|
|
7FF576D97000
|
unkown
|
page readonly
|
|
|
|
1A0206D0000
|
heap default
|
page read and write
|
|
|
|
2EB996D9000
|
unkown
|
page read and write
|
|
|
|
1EF0D400000
|
unkown
|
page read and write
|
|
|
|
7FF4F35FE000
|
unkown
|
page readonly
|
|
|
|
2EB99FA1000
|
unkown
|
page read and write
|
|
|
|
D6420FA000
|
unkown
|
page read and write
|
|
|
|
2EB99FC2000
|
unkown
|
page read and write
|
|
|
|
1EF0B102000
|
unkown
|
page read and write
|
|
|
|
7FF5243CB000
|
unkown
|
page readonly
|
|
|
|
7FF588B5E000
|
unkown
|
page readonly
|
|
|
|
2EB99713000
|
unkown
|
page read and write
|
|
|
|
1EF0D343000
|
unkown
|
page read and write
|
|
|
|
7FF588B2C000
|
unkown
|
page readonly
|
|
|
|
2A9C2E00000
|
unkown
|
page readonly
|
|
|
|
1EF0B013000
|
unkown
|
page read and write
|
|
|
|
7FF5A86D7000
|
unkown
|
page readonly
|
|
|
|
2EB99FA5000
|
unkown
|
page read and write
|
|
|
|
7FF576CCD000
|
unkown
|
page readonly
|
|
|
|
7FF588A08000
|
unkown
|
page readonly
|
|
|
|
7FF5768E2000
|
unkown
|
page readonly
|
|
|
|
2A9C23D0000
|
unkown
|
page readonly
|
|
|
|
1ED22E69000
|
unkown
|
page read and write
|
|
|
|
7FF52C2A5000
|
unkown
|
page readonly
|
|
|
|
7FF588B79000
|
unkown
|
page readonly
|
|
|
|
7FF576CEC000
|
unkown
|
page readonly
|
|
|
|
1EF0B081000
|
unkown
|
page read and write
|
|
|
|
7FF52C14A000
|
unkown
|
page readonly
|
|
|
|
7FF524198000
|
unkown
|
page readonly
|
|
|
|
1EF0CFBE000
|
unkown
|
page read and write
|
|
|
|
2EB995F0000
|
unkown
|
page read and write
|
|
|
|
2EB99F50000
|
unkown
|
page read and write
|
|
|
|
1ED22E13000
|
unkown
|
page read and write
|
|
|
|
2EB99FA3000
|
unkown
|
page read and write
|
|
|
|
11AA67A000
|
unkown
|
page read and write
|
|
|
|
2EB99FA3000
|
unkown
|
page read and write
|
|
|
|
7FF576C7B000
|
unkown
|
page readonly
|
|
|
|
7FF513FA4000
|
unkown
|
page readonly
|
|
|
|
7FF513F9A000
|
unkown
|
page readonly
|
|
|
|
D64287B000
|
unkown
|
page read and write
|
|
|
|
7FF5138A3000
|
unkown
|
page readonly
|
|
|
|
DD4107E000
|
unkown
|
page read and write
|
|
|
|
2294CA13000
|
unkown
|
page read and write
|
|
|
|
1A931130000
|
heap default
|
page read and write
|
|
|
|
1EF0B029000
|
unkown
|
page read and write
|
|
|
|
7FF5A86CC000
|
unkown
|
page readonly
|
|
|
|
2EB995A0000
|
unkown
|
page readonly
|
|
|
|
DD40B9E000
|
unkown
|
page read and write
|
|
|
|
1A931255000
|
unkown
|
page read and write
|
|
|
|
1EF0D482000
|
unkown
|
page read and write
|
|
|
|
7FF576B3B000
|
unkown
|
page readonly
|
|
|
|
5C1CD7F000
|
unkown
|
page read and write
|
|
|
|
7FF588959000
|
unkown
|
page readonly
|
|
|
|
2EB99F5B000
|
unkown
|
page read and write
|
|
|
|
2294C930000
|
heap private
|
page read and write
|
|
|
|
5C1C94E000
|
unkown
|
page read and write
|
|
|
|
1EF0D542000
|
unkown
|
page read and write
|
|
|
|
7FF52C47A000
|
unkown
|
page readonly
|
|
|
|
7FF588BF1000
|
unkown
|
page readonly
|
|
|
|
7FF576BB6000
|
unkown
|
page readonly
|
|
|
|
7FF576BC1000
|
unkown
|
page readonly
|
|
|
|
2EB99C60000
|
unkown
|
page write copy
|
|
|
|
EDEDE77000
|
unkown
|
page read and write
|
|
|
|
D641B3B000
|
unkown
|
page read and write
|
|
|
|
2A9C23C0000
|
unkown
|
page readonly
|
|
|
|
2EB99F4F000
|
unkown
|
page read and write
|
|
|
|
2EB996B0000
|
unkown
|
page read and write
|
|
|
|
EDEE1FE000
|
unkown
|
page read and write
|
|
|
|
1EF0D500000
|
unkown
|
page read and write
|
|
|
|
7FF5243C5000
|
unkown
|
page readonly
|
|
|
|
2294C9C0000
|
unkown
|
page read and write
|
|
|
|
1EF0E010000
|
unkown
|
page read and write
|
|
|
|
2B19A250000
|
heap private
|
page read and write
|
|
|
|
2EB99F72000
|
unkown
|
page read and write
|
|
|
|
2EB996E8000
|
unkown
|
page read and write
|
|
|
|
2EB99F3A000
|
unkown
|
page read and write
|
|
|
|
7FF5A869E000
|
unkown
|
page readonly
|
|
|
|
2294CA50000
|
unkown
|
page read and write
|
|
|
|
1EF0E010000
|
unkown
|
page read and write
|
|
|
|
7FF54D50C000
|
unkown
|
page readonly
|
|
|
|
D642B7E000
|
unkown
|
page read and write
|
|
|
|
7FF576997000
|
unkown
|
page readonly
|
|
|
|
1A0206F6000
|
unkown
|
page read and write
|
|
|
|
7FF54D68A000
|
unkown
|
page readonly
|
|
|
|
2A9C26D0000
|
unkown
|
page readonly
|
|
|
|
C34B7FE000
|
unkown
|
page read and write
|
|
There are 862 hidden memdumps, click here to show them.