Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
650912 .xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Create Time/Date: Mon Oct
11 09:03:47 2021, Last Saved Time/Date: Mon Oct 11 09:03:49 2021, Security: 0, Comments: ''BRT
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\35F6661B-AEDB-44E3-949D-A83F70583589
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://api.aadrm.com
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://outlook.office365.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
https://api.cortana.ai
|
unknown
|
|
|
|
https://onedrive.live.com
|
unknown
|
|
|
|
https://ovisualuiapp.azurewebsites.net/pbiagave/
|
unknown
|
|
There are 90 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
v6?
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
w6?
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\4D0EA
|
4D0EA
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
+c?
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
>`+
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2F92D
|
2F92D
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
we+
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\35782
|
35782
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3584D
|
3584D
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
There are 82 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4D7B37F000
|
unkown
|
page read and write
|
|
|
|
1F801013000
|
unkown
|
page read and write
|
|
|
|
7FF56F67F000
|
unkown image
|
page readonly
|
|
|
|
1F800EB0000
|
heap default
|
page read and write
|
|
|
|
1F80107D000
|
unkown
|
page read and write
|
|
|
|
7FF56F68E000
|
unkown image
|
page readonly
|
|
|
|
7DF56E140000
|
unkown image
|
page readonly
|
|
|
|
16B9EE00000
|
unkown
|
page read and write
|
|
|
|
1B2AC39E000
|
unkown
|
page read and write
|
|
|
|
1F801002000
|
unkown
|
page read and write
|
|
|
|
7FF527544000
|
unkown image
|
page readonly
|
|
|
|
7FF527497000
|
unkown image
|
page readonly
|
|
|
|
6C855DE000
|
unkown
|
page read and write
|
|
|
|
23FE70C0000
|
unkown
|
page read and write
|
|
|
|
7FF56F62B000
|
unkown image
|
page readonly
|
|
|
|
7FF527303000
|
unkown image
|
page readonly
|
|
|
|
23590C77000
|
unkown
|
page read and write
|
|
|
|
7DF482660000
|
unkown image
|
page readonly
|
|
|
|
7FF5271E0000
|
unkown image
|
page readonly
|
|
|
|
6C85C7F000
|
unkown
|
page read and write
|
|
|
|
7FF56F4E1000
|
unkown image
|
page readonly
|
|
|
|
7FF5590A1000
|
unkown image
|
page readonly
|
|
|
|
A2E36FF000
|
unkown
|
page read and write
|
|
|
|
1B2AC300000
|
unkown
|
page read and write
|
|
|
|
7DF584792000
|
unkown image
|
page readonly
|
|
|
|
23FE71DE000
|
unkown
|
page read and write
|
|
|
|
7FF527465000
|
unkown image
|
page readonly
|
|
|
|
16B9EF13000
|
unkown
|
page read and write
|
|
|
|
7FF558FB5000
|
unkown image
|
page readonly
|
|
|
|
1B2AB9C0000
|
heap private
|
page read and write
|
|
|
|
1F801070000
|
unkown
|
page read and write
|
|
|
|
1B2ABC4D000
|
unkown
|
page read and write
|
|
|
|
7FF56F0FE000
|
unkown image
|
page readonly
|
|
|
|
7FF5E15F4000
|
unkown image
|
page readonly
|
|
|
|
7FF5C1361000
|
unkown image
|
page readonly
|
|
|
|
7FF5C1040000
|
unkown image
|
page readonly
|
|
|
|
1B2AC398000
|
unkown
|
page read and write
|
|
|
|
16B9EE70000
|
unkown
|
page read and write
|
|
|
|
16B9EDA0000
|
unkown image
|
page readonly
|
|
|
|
1B2AC382000
|
unkown
|
page read and write
|
|
|
|
6C854DB000
|
unkown
|
page read and write
|
|
|
|
1B2ABD13000
|
unkown
|
page read and write
|
|
|
|
7FF5274A4000
|
unkown image
|
page readonly
|
|
|
|
7FF5C1564000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3B1000
|
unkown
|
page read and write
|
|
|
|
1B2AC37C000
|
unkown
|
page read and write
|
|
|
|
1B2AC202000
|
unkown
|
page read and write
|
|
|
|
1B2AC3AB000
|
unkown
|
page read and write
|
|
|
|
7FF5E161E000
|
unkown image
|
page readonly
|
|
|
|
7DF5F6732000
|
unkown image
|
page readonly
|
|
|
|
7FF558FDC000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC50000
|
unkown
|
page read and write
|
|
|
|
7FF56F64F000
|
unkown image
|
page readonly
|
|
|
|
23590C60000
|
unkown
|
page read and write
|
|
|
|
1B2AC39A000
|
unkown
|
page read and write
|
|
|
|
7DF5F6720000
|
unkown image
|
page readonly
|
|
|
|
7FF56F5EF000
|
unkown image
|
page readonly
|
|
|
|
7DF5F6740000
|
unkown image
|
page readonly
|
|
|
|
1F801102000
|
unkown
|
page read and write
|
|
|
|
7FF5C14E8000
|
unkown image
|
page readonly
|
|
|
|
EDCE1FE000
|
unkown
|
page read and write
|
|
|
|
1B2AC373000
|
unkown
|
page read and write
|
|
|
|
7FF558FFA000
|
unkown image
|
page readonly
|
|
|
|
7DF46BFF0000
|
unkown image
|
page readonly
|
|
|
|
7FF5C14F6000
|
unkown image
|
page readonly
|
|
|
|
7FF56F5C0000
|
unkown image
|
page readonly
|
|
|
|
7FF52745A000
|
unkown image
|
page readonly
|
|
|
|
1B2AC963000
|
unkown
|
page read and write
|
|
|
|
23590A60000
|
unkown image
|
page readonly
|
|
|
|
23FE70A0000
|
unkown
|
page read and write
|
|
|
|
1B2ABCB2000
|
unkown
|
page read and write
|
|
|
|
7FF5274CE000
|
unkown image
|
page readonly
|
|
|
|
7FF5274D9000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC56000
|
unkown
|
page read and write
|
|
|
|
7FF5E15B0000
|
unkown image
|
page readonly
|
|
|
|
7FF527026000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC4C000
|
unkown
|
page read and write
|
|
|
|
23591180000
|
unkown image
|
page readonly
|
|
|
|
16B9F000000
|
unkown image
|
page readonly
|
|
|
|
7FF5C146C000
|
unkown image
|
page readonly
|
|
|
|
23FE74B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5C14FD000
|
unkown image
|
page readonly
|
|
|
|
23590A90000
|
heap default
|
page read and write
|
|
|
|
7FF56F192000
|
unkown image
|
page readonly
|
|
|
|
7FF5C1497000
|
unkown image
|
page readonly
|
|
|
|
23590A40000
|
unkown image
|
page readonly
|
|
|
|
7DF53C5F0000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3DB000
|
unkown
|
page read and write
|
|
|
|
16B9EE3C000
|
unkown
|
page read and write
|
|
|
|
7DF56E122000
|
unkown image
|
page readonly
|
|
|
|
7DF5847A2000
|
unkown image
|
page readonly
|
|
|
|
16B9EE76000
|
unkown
|
page read and write
|
|
|
|
1B2AC38D000
|
unkown
|
page read and write
|
|
|
|
1B2ABC80000
|
unkown
|
page read and write
|
|
|
|
1F801108000
|
unkown
|
page read and write
|
|
|
|
7FF56F454000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3B3000
|
unkown
|
page read and write
|
|
|
|
E4086FF000
|
unkown
|
page read and write
|
|
|
|
1B2AC39E000
|
unkown
|
page read and write
|
|
|
|
7FF52748C000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1694000
|
unkown image
|
page readonly
|
|
|
|
1B2AC39E000
|
unkown
|
page read and write
|
|
|
|
7FF52744A000
|
unkown image
|
page readonly
|
|
|
|
7DF53C5E0000
|
unkown image
|
page readonly
|
|
|
|
23590C00000
|
unkown
|
page read and write
|
|
|
|
1B2AC000000
|
unkown image
|
page readonly
|
|
|
|
4D7B27F000
|
unkown
|
page read and write
|
|
|
|
23591402000
|
unkown
|
page read and write
|
|
|
|
1F801100000
|
unkown
|
page read and write
|
|
|
|
1B2ABC55000
|
unkown
|
page read and write
|
|
|
|
7FF5C14F9000
|
unkown image
|
page readonly
|
|
|
|
1B2AC38A000
|
unkown
|
page read and write
|
|
|
|
1B2AB9D0000
|
unkown image
|
page readonly
|
|
|
|
1F800E50000
|
heap private
|
page read and write
|
|
|
|
6C85A7E000
|
unkown
|
page read and write
|
|
|
|
7DF53C5E0000
|
unkown image
|
page readonly
|
|
|
|
EDCDF7E000
|
unkown
|
page read and write
|
|
|
|
23590D02000
|
unkown
|
page read and write
|
|
|
|
7FF5273CC000
|
unkown image
|
page readonly
|
|
|
|
7FF5C14CA000
|
unkown image
|
page readonly
|
|
|
|
6C858FB000
|
unkown
|
page read and write
|
|
|
|
7FF527321000
|
unkown image
|
page readonly
|
|
|
|
1B2AC800000
|
unkown
|
page read and write
|
|
|
|
7FF56F64C000
|
unkown image
|
page readonly
|
|
|
|
7FF5C14DF000
|
unkown image
|
page readonly
|
|
|
|
16B9F380000
|
unkown image
|
page readonly
|
|
|
|
7FF56EE5C000
|
unkown image
|
page readonly
|
|
|
|
4D7B177000
|
unkown
|
page read and write
|
|
|
|
1B2ABC71000
|
unkown
|
page read and write
|
|
|
|
7FF5C1485000
|
unkown image
|
page readonly
|
|
|
|
1B2AC790000
|
unkown image
|
page read and write
|
|
|
|
7FF56F235000
|
unkown image
|
page readonly
|
|
|
|
7DF5D65F2000
|
unkown image
|
page readonly
|
|
|
|
EDCE17B000
|
unkown
|
page read and write
|
|
|
|
1B2AC354000
|
unkown
|
page read and write
|
|
|
|
23590C76000
|
unkown
|
page read and write
|
|
|
|
6C8555D000
|
unkown
|
page read and write
|
|
|
|
7FF56F501000
|
unkown image
|
page readonly
|
|
|
|
16B9EC70000
|
unkown image
|
page readonly
|
|
|
|
7FF5E16A1000
|
unkown image
|
page readonly
|
|
|
|
7FF5274BF000
|
unkown image
|
page readonly
|
|
|
|
1B2ABCE3000
|
unkown
|
page read and write
|
|
|
|
1B2AC39A000
|
unkown
|
page read and write
|
|
|
|
7FF56F182000
|
unkown image
|
page readonly
|
|
|
|
1B2ABD16000
|
unkown
|
page read and write
|
|
|
|
7FF56F696000
|
unkown image
|
page readonly
|
|
|
|
7FF559029000
|
unkown image
|
page readonly
|
|
|
|
1B2ABCC9000
|
unkown
|
page read and write
|
|
|
|
E4088FE000
|
unkown
|
page read and write
|
|
|
|
7FF558FE8000
|
unkown image
|
page readonly
|
|
|
|
7FF5C14AF000
|
unkown image
|
page readonly
|
|
|
|
23FE7630000
|
unkown image
|
page readonly
|
|
|
|
7FF56F4CA000
|
unkown image
|
page readonly
|
|
|
|
4D7AF7E000
|
unkown
|
page read and write
|
|
|
|
7DF5F6740000
|
unkown image
|
page readonly
|
|
|
|
7FF558FDF000
|
unkown image
|
page readonly
|
|
|
|
7FF56F18E000
|
unkown image
|
page readonly
|
|
|
|
1B2AC398000
|
unkown
|
page read and write
|
|
|
|
7FF52745E000
|
unkown image
|
page readonly
|
|
|
|
7DF5847A0000
|
unkown image
|
page readonly
|
|
|
|
1F80103C000
|
unkown
|
page read and write
|
|
|
|
16B9F200000
|
unkown image
|
page readonly
|
|
|
|
7DF5847B0000
|
unkown image
|
page readonly
|
|
|
|
7FF52744C000
|
unkown image
|
page readonly
|
|
|
|
1B2AC802000
|
unkown
|
page read and write
|
|
|
|
7DF584792000
|
unkown image
|
page readonly
|
|
|
|
7FF56F699000
|
unkown image
|
page readonly
|
|
|
|
7FF56F584000
|
unkown image
|
page readonly
|
|
|
|
7FF56F657000
|
unkown image
|
page readonly
|
|
|
|
1B2ABCF8000
|
unkown
|
page read and write
|
|
|
|
A2E38FB000
|
unkown
|
page read and write
|
|
|
|
1B2ABC5C000
|
unkown
|
page read and write
|
|
|
|
1B2AC39C000
|
unkown
|
page read and write
|
|
|
|
7FF56F51B000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1626000
|
unkown image
|
page readonly
|
|
|
|
7FF56F573000
|
unkown image
|
page readonly
|
|
|
|
1B2AB9F0000
|
unkown image
|
page readonly
|
|
|
|
16B9EE13000
|
unkown
|
page read and write
|
|
|
|
7FF5C1323000
|
unkown image
|
page readonly
|
|
|
|
7FF5590A2000
|
unkown image
|
page readonly
|
|
|
|
23FE6FB0000
|
unkown image
|
page readonly
|
|
|
|
7FF5C14EE000
|
unkown image
|
page readonly
|
|
|
|
1B2AC357000
|
unkown
|
page read and write
|
|
|
|
1B2AC38E000
|
unkown
|
page read and write
|
|
|
|
7FF559018000
|
unkown image
|
page readonly
|
|
|
|
7FF558903000
|
unkown image
|
page readonly
|
|
|
|
EDCDEFE000
|
unkown
|
page read and write
|
|
|
|
7FF559004000
|
unkown image
|
page readonly
|
|
|
|
1B2AC38E000
|
unkown
|
page read and write
|
|
|
|
1F800E40000
|
unkown image
|
page read and write
|
|
|
|
7FF558FF4000
|
unkown image
|
page readonly
|
|
|
|
1B2AC86A000
|
unkown
|
page read and write
|
|
|
|
7FF5273B3000
|
unkown image
|
page readonly
|
|
|
|
1F801055000
|
unkown
|
page read and write
|
|
|
|
7FF56F56D000
|
unkown image
|
page readonly
|
|
|
|
1F80104D000
|
unkown
|
page read and write
|
|
|
|
1F801580000
|
unkown image
|
page readonly
|
|
|
|
7FF5E15DC000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC5A000
|
unkown
|
page read and write
|
|
|
|
7FF5E1453000
|
unkown image
|
page readonly
|
|
|
|
1B2AC902000
|
unkown
|
page read and write
|
|
|
|
A2E357E000
|
unkown
|
page read and write
|
|
|
|
7FF56F420000
|
unkown image
|
page readonly
|
|
|
|
16B9EE81000
|
unkown
|
page read and write
|
|
|
|
7FF558FBB000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC5D000
|
unkown
|
page read and write
|
|
|
|
EDCE2F7000
|
unkown
|
page read and write
|
|
|
|
7FF527460000
|
unkown image
|
page readonly
|
|
|
|
7FF5E15E7000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC13000
|
unkown
|
page read and write
|
|
|
|
23590A20000
|
unkown image
|
page read and write
|
|
|
|
E40867F000
|
unkown
|
page read and write
|
|
|
|
7FF558C8A000
|
unkown image
|
page readonly
|
|
|
|
1B2AC1A0000
|
unkown image
|
page readonly
|
|
|
|
7DF56E122000
|
unkown image
|
page readonly
|
|
|
|
7FF56F523000
|
unkown image
|
page readonly
|
|
|
|
1B2AC802000
|
unkown
|
page read and write
|
|
|
|
1F800F90000
|
unkown image
|
page readonly
|
|
|
|
7DF56E140000
|
unkown image
|
page readonly
|
|
|
|
A2E37FB000
|
unkown
|
page read and write
|
|
|
|
1B2AC386000
|
unkown
|
page read and write
|
|
|
|
1B2AC386000
|
unkown
|
page read and write
|
|
|
|
23590A30000
|
heap private
|
page read and write
|
|
|
|
23FE71DE000
|
unkown
|
page read and write
|
|
|
|
7FF5C14D4000
|
unkown image
|
page readonly
|
|
|
|
1B2ABCBE000
|
unkown
|
page read and write
|
|
|
|
23591000000
|
unkown image
|
page readonly
|
|
|
|
7DF56E132000
|
unkown image
|
page readonly
|
|
|
|
7FF5E162D000
|
unkown image
|
page readonly
|
|
|
|
7FF5C0CB6000
|
unkown image
|
page readonly
|
|
|
|
1B2AB9B0000
|
unkown image
|
page read and write
|
|
|
|
7FF5273C4000
|
unkown image
|
page readonly
|
|
|
|
23FE71EE000
|
unkown
|
page read and write
|
|
|
|
7FF55902D000
|
unkown image
|
page readonly
|
|
|
|
7FF56EF22000
|
unkown image
|
page readonly
|
|
|
|
E40887E000
|
unkown
|
page read and write
|
|
|
|
7FF56F456000
|
unkown image
|
page readonly
|
|
|
|
23590C3C000
|
unkown
|
page read and write
|
|
|
|
7FF56F237000
|
unkown image
|
page readonly
|
|
|
|
16B9EC50000
|
unkown image
|
page read and write
|
|
|
|
7FF5C12D1000
|
unkown image
|
page readonly
|
|
|
|
7FF5E160F000
|
unkown image
|
page readonly
|
|
|
|
7FF56F471000
|
unkown image
|
page readonly
|
|
|
|
1B2AC802000
|
unkown
|
page read and write
|
|
|
|
4D7AEFB000
|
unkown
|
page read and write
|
|
|
|
7FF5274D6000
|
unkown image
|
page readonly
|
|
|
|
7FF527551000
|
unkown image
|
page readonly
|
|
|
|
1B2AC325000
|
unkown
|
page read and write
|
|
|
|
1B2ABD02000
|
unkown
|
page read and write
|
|
|
|
7DF56E120000
|
unkown image
|
page readonly
|
|
|
|
1B2AC902000
|
unkown
|
page read and write
|
|
|
|
7FF5C147A000
|
unkown image
|
page readonly
|
|
|
|
7DF53C5D2000
|
unkown image
|
page readonly
|
|
|
|
1B2AC802000
|
unkown
|
page read and write
|
|
|
|
1F801050000
|
unkown
|
page read and write
|
|
|
|
7FF5E1401000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3B1000
|
unkown
|
page read and write
|
|
|
|
16B9ECA0000
|
unkown image
|
page readonly
|
|
|
|
7FF527035000
|
unkown image
|
page readonly
|
|
|
|
7DF53C5E2000
|
unkown image
|
page readonly
|
|
|
|
1B2AC386000
|
unkown
|
page read and write
|
|
|
|
16B9EDC0000
|
unkown
|
page read and write
|
|
|
|
23FE71C6000
|
heap default
|
page read and write
|
|
|
|
7FF5E15DF000
|
unkown image
|
page readonly
|
|
|
|
7FF5E15BB000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6600000
|
unkown image
|
page readonly
|
|
|
|
7FF5E159C000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3A2000
|
unkown
|
page read and write
|
|
|
|
1B2AC39A000
|
unkown
|
page read and write
|
|
|
|
7FF5C147E000
|
unkown image
|
page readonly
|
|
|
|
7FF56F1E0000
|
unkown image
|
page readonly
|
|
|
|
23590C2A000
|
unkown
|
page read and write
|
|
|
|
7FF5E14FD000
|
unkown image
|
page readonly
|
|
|
|
1B2AC37F000
|
unkown
|
page read and write
|
|
|
|
7FF5E1604000
|
unkown image
|
page readonly
|
|
|
|
1B2AC319000
|
unkown
|
page read and write
|
|
|
|
7FF56F712000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6610000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1503000
|
unkown image
|
page readonly
|
|
|
|
23590D13000
|
unkown
|
page read and write
|
|
|
|
7FF56F704000
|
unkown image
|
page readonly
|
|
|
|
7FF5274B4000
|
unkown image
|
page readonly
|
|
|
|
7FF526C96000
|
unkown image
|
page readonly
|
|
|
|
7FF56F397000
|
unkown image
|
page readonly
|
|
|
|
1B2AC38E000
|
unkown
|
page read and write
|
|
|
|
1B2ABC00000
|
unkown
|
page read and write
|
|
|
|
7FF5E1618000
|
unkown image
|
page readonly
|
|
|
|
A2E3477000
|
unkown
|
page read and write
|
|
|
|
6C859FB000
|
unkown
|
page read and write
|
|
|
|
23590C82000
|
unkown
|
page read and write
|
|
|
|
23590B70000
|
unkown image
|
page readonly
|
|
|
|
1B2AC39A000
|
unkown
|
page read and write
|
|
|
|
1B2AC900000
|
unkown
|
page read and write
|
|
|
|
7DF4D44C0000
|
unkown image
|
page readonly
|
|
|
|
23FE71B0000
|
heap default
|
page read and write
|
|
|
|
1B2AC1F0000
|
unkown
|
page read and write
|
|
|
|
1B2AC3C2000
|
unkown
|
page read and write
|
|
|
|
1B2AC398000
|
unkown
|
page read and write
|
|
|
|
7DF43A4A0000
|
unkown image
|
page readonly
|
|
|
|
1B2ABD08000
|
unkown
|
page read and write
|
|
|
|
1B2AC36B000
|
unkown
|
page read and write
|
|
|
|
7FF5E1170000
|
unkown image
|
page readonly
|
|
|
|
7FF5E15AA000
|
unkown image
|
page readonly
|
|
|
|
7FF56F70A000
|
unkown image
|
page readonly
|
|
|
|
23590C76000
|
unkown
|
page read and write
|
|
|
|
1B2AC740000
|
unkown image
|
page write copy
|
|
|
|
7FF56F1E6000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC4E000
|
unkown
|
page read and write
|
|
|
|
7FF5E1514000
|
unkown image
|
page readonly
|
|
|
|
7FF56F461000
|
unkown image
|
page readonly
|
|
|
|
1B2AC963000
|
unkown
|
page read and write
|
|
|
|
23FE6F90000
|
unkown image
|
page readonly
|
|
|
|
7FF526C9C000
|
unkown image
|
page readonly
|
|
|
|
7FF5C146A000
|
unkown image
|
page readonly
|
|
|
|
1B2AC386000
|
unkown
|
page read and write
|
|
|
|
7FF56F51E000
|
unkown image
|
page readonly
|
|
|
|
7FF56F688000
|
unkown image
|
page readonly
|
|
|
|
7DF53C5D2000
|
unkown image
|
page readonly
|
|
|
|
7FF55909A000
|
unkown image
|
page readonly
|
|
|
|
7FF527477000
|
unkown image
|
page readonly
|
|
|
|
7DF5D65F2000
|
unkown image
|
page readonly
|
|
|
|
7FF56EE56000
|
unkown image
|
page readonly
|
|
|
|
16B9EC90000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3D4000
|
unkown
|
page read and write
|
|
|
|
7FF56F3E6000
|
unkown image
|
page readonly
|
|
|
|
1B2AC31B000
|
unkown
|
page read and write
|
|
|
|
23590C5C000
|
unkown
|
page read and write
|
|
|
|
7FF5E1330000
|
unkown image
|
page readonly
|
|
|
|
23FE71DE000
|
unkown
|
page read and write
|
|
|
|
1B2AC37B000
|
unkown
|
page read and write
|
|
|
|
7FF52735B000
|
unkown image
|
page readonly
|
|
|
|
4D7AABB000
|
unkown
|
page read and write
|
|
|
|
1B2AC38B000
|
unkown
|
page read and write
|
|
|
|
1F80102A000
|
unkown
|
page read and write
|
|
|
|
1B2AC802000
|
unkown
|
page read and write
|
|
|
|
1F80108A000
|
unkown
|
page read and write
|
|
|
|
16B9EE4F000
|
unkown
|
page read and write
|
|
|
|
7FF5C1200000
|
unkown image
|
page readonly
|
|
|
|
23FE72B0000
|
unkown image
|
page readonly
|
|
|
|
23FE71C1000
|
unkown
|
page read and write
|
|
|
|
7FF5E1471000
|
unkown image
|
page readonly
|
|
|
|
1B2AC388000
|
unkown
|
page read and write
|
|
|
|
7FF56F61E000
|
unkown image
|
page readonly
|
|
|
|
7DF5847A2000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3CE000
|
unkown
|
page read and write
|
|
|
|
7FF56F674000
|
unkown image
|
page readonly
|
|
|
|
7DF5F6722000
|
unkown image
|
page readonly
|
|
|
|
1B2AC39A000
|
unkown
|
page read and write
|
|
|
|
1B2ABE00000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC89000
|
unkown
|
page read and write
|
|
|
|
7FF5E15B5000
|
unkown image
|
page readonly
|
|
|
|
7FF5C156A000
|
unkown image
|
page readonly
|
|
|
|
7FF56F528000
|
unkown image
|
page readonly
|
|
|
|
1B2AC1F0000
|
unkown
|
page read and write
|
|
|
|
1B2AC1F0000
|
unkown
|
page read and write
|
|
|
|
1F800FB0000
|
unkown
|
page read and write
|
|
|
|
1B2AC3BF000
|
unkown
|
page read and write
|
|
|
|
7FF5E16A2000
|
unkown image
|
page readonly
|
|
|
|
7FF5C13EC000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC3C000
|
unkown
|
page read and write
|
|
|
|
1F801000000
|
unkown
|
page read and write
|
|
|
|
7DF5F6730000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1629000
|
unkown image
|
page readonly
|
|
|
|
7DF584790000
|
unkown image
|
page readonly
|
|
|
|
7FF56F1F5000
|
unkown image
|
page readonly
|
|
|
|
7DF56E130000
|
unkown image
|
page readonly
|
|
|
|
7DF53C5F0000
|
unkown image
|
page readonly
|
|
|
|
7FF5C14AC000
|
unkown image
|
page readonly
|
|
|
|
1B2AC362000
|
unkown
|
page read and write
|
|
|
|
A2E337A000
|
unkown
|
page read and write
|
|
|
|
23590C13000
|
unkown
|
page read and write
|
|
|
|
1B2AC86A000
|
unkown
|
page read and write
|
|
|
|
E40839A000
|
unkown
|
page read and write
|
|
|
|
7FF5E15AE000
|
unkown image
|
page readonly
|
|
|
|
7FF56F61A000
|
unkown image
|
page readonly
|
|
|
|
1B2AC802000
|
unkown
|
page read and write
|
|
|
|
EDCDE7B000
|
unkown
|
page read and write
|
|
|
|
EDCE07B000
|
unkown
|
page read and write
|
|
|
|
23FE70E0000
|
heap private
|
page read and write
|
|
|
|
1B2ABA00000
|
unkown image
|
page readonly
|
|
|
|
7FF5271D7000
|
unkown image
|
page readonly
|
|
|
|
7DF5F6720000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3C7000
|
unkown
|
page read and write
|
|
|
|
4D7AB3E000
|
unkown
|
page read and write
|
|
|
|
7FF5C0CBC000
|
unkown image
|
page readonly
|
|
|
|
7DF5F6730000
|
unkown image
|
page readonly
|
|
|
|
1B2ABB00000
|
unkown image
|
page readonly
|
|
|
|
7FF5C148B000
|
unkown image
|
page readonly
|
|
|
|
7FF5E169A000
|
unkown image
|
page readonly
|
|
|
|
7FF56F711000
|
unkown image
|
page readonly
|
|
|
|
7DF5F6732000
|
unkown image
|
page readonly
|
|
|
|
7FF56F625000
|
unkown image
|
page readonly
|
|
|
|
7FF5274C8000
|
unkown image
|
page readonly
|
|
|
|
7DF5D65F0000
|
unkown image
|
page readonly
|
|
|
|
6C85D7E000
|
unkown
|
page read and write
|
|
|
|
16B9EF08000
|
unkown
|
page read and write
|
|
|
|
7FF5C137B000
|
unkown image
|
page readonly
|
|
|
|
23FE7100000
|
unkown image
|
page readonly
|
|
|
|
7FF5C1046000
|
unkown image
|
page readonly
|
|
|
|
16B9EF02000
|
unkown
|
page read and write
|
|
|
|
7FF5C13CD000
|
unkown image
|
page readonly
|
|
|
|
7FF5C14B7000
|
unkown image
|
page readonly
|
|
|
|
7FF5C1055000
|
unkown image
|
page readonly
|
|
|
|
7FF55900E000
|
unkown image
|
page readonly
|
|
|
|
7FF5C1341000
|
unkown image
|
page readonly
|
|
|
|
23FE71ED000
|
unkown
|
page read and write
|
|
|
|
16B9EC60000
|
heap private
|
page read and write
|
|
|
|
1F80104A000
|
unkown
|
page read and write
|
|
|
|
7FF5E151C000
|
unkown image
|
page readonly
|
|
|
|
1B2AC802000
|
unkown
|
page read and write
|
|
|
|
7DF5D6602000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3AF000
|
unkown
|
page read and write
|
|
|
|
7FF56F5D3000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3B1000
|
unkown
|
page read and write
|
|
|
|
23FE7110000
|
unkown image
|
page readonly
|
|
|
|
23590D00000
|
unkown
|
page read and write
|
|
|
|
1B2AC35A000
|
unkown
|
page read and write
|
|
|
|
7DF5847B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5E15C7000
|
unkown image
|
page readonly
|
|
|
|
1F801400000
|
unkown image
|
page readonly
|
|
|
|
7FF56EF73000
|
unkown image
|
page readonly
|
|
|
|
7FF55901E000
|
unkown image
|
page readonly
|
|
|
|
1F801113000
|
unkown
|
page read and write
|
|
|
|
16B9EE55000
|
unkown
|
page read and write
|
|
|
|
7FF56F5EB000
|
unkown image
|
page readonly
|
|
|
|
7FF5C13E4000
|
unkown image
|
page readonly
|
|
|
|
7DF56E130000
|
unkown image
|
page readonly
|
|
|
|
7DF53C5D0000
|
unkown image
|
page readonly
|
|
|
|
1B2AC396000
|
unkown
|
page read and write
|
|
|
|
1B2AC3C7000
|
unkown
|
page read and write
|
|
|
|
7FF558907000
|
unkown image
|
page readonly
|
|
|
|
1B2ABC29000
|
unkown
|
page read and write
|
|
|
|
7DF5847A0000
|
unkown image
|
page readonly
|
|
|
|
7DF5D65F0000
|
unkown image
|
page readonly
|
|
|
|
7FF527020000
|
unkown image
|
page readonly
|
|
|
|
1F800E60000
|
unkown image
|
page readonly
|
|
|
|
E4087F9000
|
unkown
|
page read and write
|
|
|
|
EDCE4FF000
|
unkown
|
page read and write
|
|
|
|
1B2ABBF0000
|
unkown
|
page read and write
|
|
|
|
7DF56E132000
|
unkown image
|
page readonly
|
|
|
|
7FF5E159A000
|
unkown image
|
page readonly
|
|
|
|
1B2ABA20000
|
heap default
|
page read and write
|
|
|
|
1B2ABC58000
|
unkown
|
page read and write
|
|
|
|
7FF5E14AE000
|
unkown image
|
page readonly
|
|
|
|
16B9ECC0000
|
heap default
|
page read and write
|
|
|
|
7FF56F60A000
|
unkown image
|
page readonly
|
|
|
|
7FF5273AD000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6602000
|
unkown image
|
page readonly
|
|
|
|
7FF5274AA000
|
unkown image
|
page readonly
|
|
|
|
23590D08000
|
unkown
|
page read and write
|
|
|
|
1B2AC802000
|
unkown
|
page read and write
|
|
|
|
1F801802000
|
unkown
|
page read and write
|
|
|
|
7FF5E1185000
|
unkown image
|
page readonly
|
|
|
|
1B2AC373000
|
unkown
|
page read and write
|
|
|
|
7DF53C5E2000
|
unkown image
|
page readonly
|
|
|
|
23590A70000
|
unkown image
|
page readonly
|
|
|
|
7FF52735E000
|
unkown image
|
page readonly
|
|
|
|
4D7ABBE000
|
unkown
|
page read and write
|
|
|
|
1B2AC38A000
|
unkown
|
page read and write
|
|
|
|
7DF56E120000
|
unkown image
|
page readonly
|
|
|
|
7DF53C5D0000
|
unkown image
|
page readonly
|
|
|
|
7FF52746B000
|
unkown image
|
page readonly
|
|
|
|
1B2AC180000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3B1000
|
unkown
|
page read and write
|
|
|
|
1B2AC39F000
|
unkown
|
page read and write
|
|
|
|
A2E3678000
|
unkown
|
page read and write
|
|
|
|
7FF56F637000
|
unkown image
|
page readonly
|
|
|
|
7DF5D6600000
|
unkown image
|
page readonly
|
|
|
|
7FF56F664000
|
unkown image
|
page readonly
|
|
|
|
7FF52754A000
|
unkown image
|
page readonly
|
|
|
|
A2E317E000
|
unkown
|
page read and write
|
|
|
|
7FF5272B1000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3A2000
|
unkown
|
page read and write
|
|
|
|
1B2AC39E000
|
unkown
|
page read and write
|
|
|
|
1B2AC3CE000
|
unkown
|
page read and write
|
|
|
|
7FF559094000
|
unkown image
|
page readonly
|
|
|
|
7FF5C14C4000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3C2000
|
unkown
|
page read and write
|
|
|
|
7FF56F66A000
|
unkown image
|
page readonly
|
|
|
|
7FF5C11F7000
|
unkown image
|
page readonly
|
|
|
|
7FF56F3A0000
|
unkown image
|
page readonly
|
|
|
|
7FF56F5FF000
|
unkown image
|
page readonly
|
|
|
|
23590C67000
|
unkown
|
page read and write
|
|
|
|
23590A40000
|
unkown image
|
page readonly
|
|
|
|
7FF527341000
|
unkown image
|
page readonly
|
|
|
|
1B2AC39E000
|
unkown
|
page read and write
|
|
|
|
E40877D000
|
unkown
|
page read and write
|
|
|
|
1B2ABCE1000
|
unkown
|
page read and write
|
|
|
|
1F800E90000
|
unkown image
|
page readonly
|
|
|
|
16B9EF00000
|
unkown
|
page read and write
|
|
|
|
7FF56F620000
|
unkown image
|
page readonly
|
|
|
|
23FE71D7000
|
unkown
|
page read and write
|
|
|
|
4D7B07B000
|
unkown
|
page read and write
|
|
|
|
7FF527552000
|
unkown image
|
page readonly
|
|
|
|
7FF5E14AB000
|
unkown image
|
page readonly
|
|
|
|
A2E30FF000
|
unkown
|
page read and write
|
|
|
|
7FF5C1572000
|
unkown image
|
page readonly
|
|
|
|
7FF56F3DB000
|
unkown image
|
page readonly
|
|
|
|
7FF558FB0000
|
unkown image
|
page readonly
|
|
|
|
7FF56F60C000
|
unkown image
|
page readonly
|
|
|
|
7FF56F4C3000
|
unkown image
|
page readonly
|
|
|
|
1B2AC39E000
|
unkown
|
page read and write
|
|
|
|
16B9EC70000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1176000
|
unkown image
|
page readonly
|
|
|
|
7FF5E15FA000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1491000
|
unkown image
|
page readonly
|
|
|
|
23FE6F70000
|
unkown image
|
page read and write
|
|
|
|
16B9F602000
|
unkown
|
page read and write
|
|
|
|
7FF56F5C2000
|
unkown image
|
page readonly
|
|
|
|
1B2AC386000
|
unkown
|
page read and write
|
|
|
|
1F800E60000
|
unkown image
|
page readonly
|
|
|
|
7FF5C13D3000
|
unkown image
|
page readonly
|
|
|
|
1F801200000
|
unkown image
|
page readonly
|
|
|
|
EDCE3FE000
|
unkown
|
page read and write
|
|
|
|
7FF56F5F4000
|
unkown image
|
page readonly
|
|
|
|
23590C62000
|
unkown
|
page read and write
|
|
|
|
7FF5274DD000
|
unkown image
|
page readonly
|
|
|
|
7FF5C137E000
|
unkown image
|
page readonly
|
|
|
|
23FE6F90000
|
unkown image
|
page readonly
|
|
|
|
7DF4F45F0000
|
unkown image
|
page readonly
|
|
|
|
23FE71D6000
|
unkown
|
page read and write
|
|
|
|
7FF56EF77000
|
unkown image
|
page readonly
|
|
|
|
23590B90000
|
unkown
|
page read and write
|
|
|
|
7DF5D6610000
|
unkown image
|
page readonly
|
|
|
|
7FF5C1480000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1327000
|
unkown image
|
page readonly
|
|
|
|
1B2AB9D0000
|
unkown image
|
page readonly
|
|
|
|
23590C54000
|
unkown
|
page read and write
|
|
|
|
7DF5F6722000
|
unkown image
|
page readonly
|
|
|
|
1B2AC352000
|
unkown
|
page read and write
|
|
|
|
7FF52748F000
|
unkown image
|
page readonly
|
|
|
|
6C85B77000
|
unkown
|
page read and write
|
|
|
|
7FF56F58C000
|
unkown image
|
page readonly
|
|
|
|
1B2AC3A2000
|
unkown
|
page read and write
|
|
|
|
1F800E80000
|
unkown image
|
page readonly
|
|
|
|
7FF5C1571000
|
unkown image
|
page readonly
|
|
|
|
23590E00000
|
unkown image
|
page readonly
|
|
|
|
7DF584790000
|
unkown image
|
page readonly
|
|
|
|
16B9EE29000
|
unkown
|
page read and write
|
|
|
|
A2E307C000
|
unkown
|
page read and write
|
|
|
|
23FE70E5000
|
heap private
|
page read and write
|
|
|
|
1B2AC396000
|
unkown
|
page read and write
|
|
There are 532 hidden memdumps, click here to show them.