Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
art-1881052385.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Create Time/Date: Fri Jun
5 19:19:34 2015, Last Saved Time/Date: Tue Oct 12 17:38:05 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4416AE68-685B-4439-B54A-0B33DBC77125
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://recapitol.com/pl92fIeHE11X/filht.html
|
108.179.232.85
|
|
|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://iu.ac.bd/QpPq5lm6Xy/fikfh.html
|
103.28.121.60
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://api.aadrm.com
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://outlook.office365.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
|
|
|
https://boogieproductions.com.au/jJNW2LDF/filkfht.html
|
101.0.113.93
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
There are 101 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iu.ac.bd
|
103.28.121.60
|
|
|
|
boogieproductions.com.au
|
101.0.113.93
|
|
|
|
recapitol.com
|
108.179.232.85
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
101.0.113.93
|
boogieproductions.com.au
|
Australia
|
|
|
|
103.28.121.60
|
iu.ac.bd
|
Bangladesh
|
|
|
|
108.179.232.85
|
recapitol.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
o9<
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
p9<
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\2260D
|
2260D
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
b#<
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\32C23
|
32C23
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\32DE8
|
32DE8
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
i#'
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2F26A
|
2F26A
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
4''
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3B654
|
3B654
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3B8E3
|
3B8E3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
There are 94 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7DF515980000
|
unkown image
|
page readonly
|
|
|
|
27F22230000
|
unkown
|
page read and write
|
|
|
|
239B000
|
unkown image
|
page readonly
|
|
|
|
2A3C000
|
unkown
|
page read and write
|
|
|
|
104C0B4F000
|
unkown
|
page read and write
|
|
|
|
7FF507D11000
|
unkown image
|
page readonly
|
|
|
|
104C0880000
|
unkown
|
page read and write
|
|
|
|
1E9A6C5B000
|
unkown
|
page read and write
|
|
|
|
7FF5B34A3000
|
unkown image
|
page readonly
|
|
|
|
7FF507BCF000
|
unkown image
|
page readonly
|
|
|
|
7FF5B33AB000
|
unkown image
|
page readonly
|
|
|
|
2820000
|
unkown
|
page read and write
|
|
|
|
7FF50352F000
|
unkown image
|
page readonly
|
|
|
|
7DF5B3130000
|
unkown image
|
page readonly
|
|
|
|
2C60000
|
unkown
|
page read and write
|
|
|
|
7FF5A5499000
|
unkown image
|
page readonly
|
|
|
|
7FF507C57000
|
unkown image
|
page readonly
|
|
|
|
7FB72000
|
unkown image
|
page readonly
|
|
|
|
7DF5C11D0000
|
unkown image
|
page readonly
|
|
|
|
1E9A6C55000
|
unkown
|
page read and write
|
|
|
|
7FF507C33000
|
unkown image
|
page readonly
|
|
|
|
7FF5A54C1000
|
unkown image
|
page readonly
|
|
|
|
104C01F0000
|
unkown image
|
page readonly
|
|
|
|
27F223A0000
|
unkown image
|
page readonly
|
|
|
|
2D00000
|
heap private
|
page read and write
|
|
|
|
24EB000
|
unkown image
|
page readonly
|
|
|
|
2CF0000
|
heap private
|
page read and write
|
|
|
|
7FF507B8C000
|
unkown image
|
page readonly
|
|
|
|
7FF56C0DA000
|
unkown image
|
page readonly
|
|
|
|
30D27E000
|
unkown
|
page read and write
|
|
|
|
24452802000
|
unkown
|
page read and write
|
|
|
|
2AA0000
|
unkown image
|
page readonly
|
|
|
|
1C79F250000
|
unkown
|
page read and write
|
|
|
|
104C1100000
|
unkown
|
page read and write
|
|
|
|
253F000
|
unkown image
|
page readonly
|
|
|
|
7FF50357E000
|
unkown image
|
page readonly
|
|
|
|
7FF56C04E000
|
unkown image
|
page readonly
|
|
|
|
24451F90000
|
heap private
|
page read and write
|
|
|
|
7FF56C0EA000
|
unkown image
|
page readonly
|
|
|
|
2D7F000
|
unkown
|
page read and write
|
|
|
|
104C1002000
|
unkown
|
page read and write
|
|
|
|
2495000
|
unkown image
|
page readonly
|
|
|
|
7FF5B349B000
|
unkown image
|
page readonly
|
|
|
|
3060000
|
unkown image
|
page readonly
|
|
|
|
104C0BAC000
|
unkown
|
page read and write
|
|
|
|
2DBA000
|
heap default
|
page read and write
|
|
|
|
7FF5A54A4000
|
unkown image
|
page readonly
|
|
|
|
104C0229000
|
unkown
|
page read and write
|
|
|
|
7FF507BFE000
|
unkown image
|
page readonly
|
|
|
|
25A8000
|
unkown image
|
page readonly
|
|
|
|
20C0000
|
unkown image
|
page readonly
|
|
|
|
1E95F060000
|
unkown
|
page read and write
|
|
|
|
7FF507BA1000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3463000
|
unkown image
|
page readonly
|
|
|
|
104C0BBC000
|
unkown
|
page read and write
|
|
|
|
1E95F13D000
|
unkown
|
page read and write
|
|
|
|
7DF515992000
|
unkown image
|
page readonly
|
|
|
|
104C0B8A000
|
unkown
|
page read and write
|
|
|
|
1E9A6C80000
|
unkown
|
page read and write
|
|
|
|
104C0B18000
|
unkown
|
page read and write
|
|
|
|
7FF50359D000
|
unkown image
|
page readonly
|
|
|
|
7FF507AD5000
|
unkown image
|
page readonly
|
|
|
|
104C0BA9000
|
unkown
|
page read and write
|
|
|
|
1E9A6A10000
|
unkown image
|
page readonly
|
|
|
|
1E9A6D08000
|
unkown
|
page read and write
|
|
|
|
30D97F000
|
unkown
|
page read and write
|
|
|
|
7FF503475000
|
unkown image
|
page readonly
|
|
|
|
104C0B18000
|
unkown
|
page read and write
|
|
|
|
216F000
|
unkown image
|
page readonly
|
|
|
|
2C8E000
|
unkown
|
page read and write
|
|
|
|
7FF5032AE000
|
unkown image
|
page readonly
|
|
|
|
104C0B0D000
|
unkown
|
page read and write
|
|
|
|
246E000
|
unkown image
|
page readonly
|
|
|
|
2D30000
|
heap private
|
page read and write
|
|
|
|
7DF413850000
|
unkown image
|
page readonly
|
|
|
|
27F223F0000
|
unkown
|
page read and write
|
|
|
|
104C0B7D000
|
unkown
|
page read and write
|
|
|
|
104C02A6000
|
unkown
|
page read and write
|
|
|
|
23D5000
|
unkown image
|
page readonly
|
|
|
|
7FF5B33BC000
|
unkown image
|
page readonly
|
|
|
|
1E9A6C22000
|
unkown
|
page read and write
|
|
|
|
7FF503107000
|
unkown image
|
page readonly
|
|
|
|
27F0000
|
unkown image
|
page read and write
|
|
|
|
104C0880000
|
unkown
|
page read and write
|
|
|
|
7DF579D70000
|
unkown image
|
page readonly
|
|
|
|
7A30000
|
unkown
|
page read and write
|
|
|
|
7FF5A502B000
|
unkown image
|
page readonly
|
|
|
|
104C0200000
|
unkown
|
page read and write
|
|
|
|
7FF507A66000
|
unkown image
|
page readonly
|
|
|
|
104C02B1000
|
unkown
|
page read and write
|
|
|
|
1E9A6C02000
|
unkown
|
page read and write
|
|
|
|
2114000
|
unkown image
|
page readonly
|
|
|
|
7DF5C11B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5B34CD000
|
unkown image
|
page readonly
|
|
|
|
7F5A0000
|
unkown image
|
page readonly
|
|
|
|
7DF5B2D52000
|
unkown image
|
page readonly
|
|
|
|
7FF590FF1000
|
unkown image
|
page readonly
|
|
|
|
104C0040000
|
unkown image
|
page readonly
|
|
|
|
29C7000
|
unkown
|
page read and write
|
|
|
|
2BC0000
|
unkown image
|
page readonly
|
|
|
|
104C1002000
|
unkown
|
page read and write
|
|
|
|
2A00000
|
unkown image
|
page readonly
|
|
|
|
30D6FB000
|
unkown
|
page read and write
|
|
|
|
7FF56BBD7000
|
unkown image
|
page readonly
|
|
|
|
104C0BC2000
|
unkown
|
page read and write
|
|
|
|
7FF507C47000
|
unkown image
|
page readonly
|
|
|
|
7DF579D52000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3541000
|
unkown image
|
page readonly
|
|
|
|
AA440F7000
|
unkown
|
page read and write
|
|
|
|
7FF56C06D000
|
unkown image
|
page readonly
|
|
|
|
79EE000
|
unkown
|
page read and write
|
|
|
|
104C0270000
|
unkown
|
page read and write
|
|
|
|
1E9A6B60000
|
unkown
|
page read and write
|
|
|
|
1C79F308000
|
unkown
|
page read and write
|
|
|
|
7FF507C9D000
|
unkown image
|
page readonly
|
|
|
|
27F23190000
|
unkown
|
page read and write
|
|
|
|
7FF5A50E1000
|
unkown image
|
page readonly
|
|
|
|
104C0249000
|
unkown
|
page read and write
|
|
|
|
23A5000
|
unkown image
|
page readonly
|
|
|
|
104C02EB000
|
unkown
|
page read and write
|
|
|
|
1C79F28C000
|
unkown
|
page read and write
|
|
|
|
24452055000
|
unkown
|
page read and write
|
|
|
|
1E95F000000
|
unkown image
|
page readonly
|
|
|
|
24DB000
|
unkown image
|
page readonly
|
|
|
|
7FF507C2D000
|
unkown image
|
page readonly
|
|
|
|
2D83000
|
heap default
|
page read and write
|
|
|
|
27F22B20000
|
unkown image
|
page readonly
|
|
|
|
27F22460000
|
heap private
|
page read and write
|
|
|
|
2D0E000
|
unkown
|
page read and write
|
|
|
|
2840000
|
heap default
|
page read and write
|
|
|
|
7DF5B2D60000
|
unkown image
|
page readonly
|
|
|
|
2A3A000
|
unkown
|
page read and write
|
|
|
|
211B000
|
unkown image
|
page readonly
|
|
|
|
2790000
|
unkown image
|
page readonly
|
|
|
|
1E95F3D0000
|
heap private
|
page read and write
|
|
|
|
30D2FE000
|
unkown
|
page read and write
|
|
|
|
7F592000
|
unkown image
|
page readonly
|
|
|
|
1E9A69F0000
|
unkown image
|
page read and write
|
|
|
|
2484000
|
unkown image
|
page readonly
|
|
|
|
1C79F281000
|
unkown
|
page read and write
|
|
|
|
1E95F126000
|
unkown
|
page read and write
|
|
|
|
7FB82000
|
unkown image
|
page readonly
|
|
|
|
1E9A6C00000
|
unkown
|
page read and write
|
|
|
|
7FF50359A000
|
unkown image
|
page readonly
|
|
|
|
7FF5079F2000
|
unkown image
|
page readonly
|
|
|
|
2559000
|
unkown
|
page read and write
|
|
|
|
7FF5A54AA000
|
unkown image
|
page readonly
|
|
|
|
2DE1000
|
unkown
|
page read and write
|
|
|
|
2A38000
|
unkown
|
page read and write
|
|
|
|
7DF511280000
|
unkown image
|
page readonly
|
|
|
|
104C0B72000
|
unkown
|
page read and write
|
|
|
|
30CFAB000
|
unkown
|
page read and write
|
|
|
|
104C0B9B000
|
unkown
|
page read and write
|
|
|
|
7DF579D62000
|
unkown image
|
page readonly
|
|
|
|
24C0000
|
unkown image
|
page readonly
|
|
|
|
7DF5159A0000
|
unkown image
|
page readonly
|
|
|
|
1C79F090000
|
unkown image
|
page read and write
|
|
|
|
E744BF9000
|
unkown
|
page read and write
|
|
|
|
2D10000
|
unkown
|
page read and write
|
|
|
|
62BBFFB000
|
unkown
|
page read and write
|
|
|
|
7A2F000
|
unkown
|
page read and write
|
|
|
|
104C1019000
|
unkown
|
page read and write
|
|
|
|
104C103C000
|
unkown
|
page read and write
|
|
|
|
7FF56C0F1000
|
unkown image
|
page readonly
|
|
|
|
104C0BD7000
|
unkown
|
page read and write
|
|
|
|
7DF5B2D40000
|
unkown image
|
page readonly
|
|
|
|
4740000
|
unkown image
|
page readonly
|
|
|
|
263B000
|
unkown
|
page read and write
|
|
|
|
7DF5B2D60000
|
unkown image
|
page readonly
|
|
|
|
1E9A6C67000
|
unkown
|
page read and write
|
|
|
|
2445206C000
|
unkown
|
page read and write
|
|
|
|
2555000
|
unkown
|
page read and write
|
|
|
|
1F33000
|
unkown image
|
page readonly
|
|
|
|
2D3A000
|
heap private
|
page read and write
|
|
|
|
1E95F000000
|
unkown image
|
page readonly
|
|
|
|
7FF56BF45000
|
unkown image
|
page readonly
|
|
|
|
1DB8000
|
unkown image
|
page readonly
|
|
|
|
1F75000
|
unkown image
|
page readonly
|
|
|
|
2551000
|
unkown image
|
page readonly
|
|
|
|
104C0BA0000
|
unkown
|
page read and write
|
|
|
|
1E95F133000
|
unkown
|
page read and write
|
|
|
|
1C79F313000
|
unkown
|
page read and write
|
|
|
|
259C000
|
unkown image
|
page readonly
|
|
|
|
104C0B96000
|
unkown
|
page read and write
|
|
|
|
7FF5A4C8A000
|
unkown image
|
page readonly
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
24452000000
|
unkown
|
page read and write
|
|
|
|
104C0160000
|
unkown
|
page read and write
|
|
|
|
7FF56BD7E000
|
unkown image
|
page readonly
|
|
|
|
104C0BA9000
|
unkown
|
page read and write
|
|
|
|
104C0BA4000
|
unkown
|
page read and write
|
|
|
|
1E9A6C2A000
|
unkown
|
page read and write
|
|
|
|
104C0BA5000
|
unkown
|
page read and write
|
|
|
|
104C02C8000
|
unkown
|
page read and write
|
|
|
|
104C0010000
|
unkown image
|
page readonly
|
|
|
|
2A9B000
|
unkown
|
page read and write
|
|
|
|
1E95F111000
|
unkown
|
page read and write
|
|
|
|
7FF507B32000
|
unkown image
|
page readonly
|
|
|
|
2A7B000
|
unkown
|
page read and write
|
|
|
|
7FF5A50D1000
|
unkown image
|
page readonly
|
|
|
|
1E95F13D000
|
unkown
|
page read and write
|
|
|
|
7FF5A54C1000
|
unkown image
|
page readonly
|
|
|
|
24451FA0000
|
unkown image
|
page readonly
|
|
|
|
7FF507AA6000
|
unkown image
|
page readonly
|
|
|
|
104C0B72000
|
unkown
|
page read and write
|
|
|
|
7FF5B31D5000
|
unkown image
|
page readonly
|
|
|
|
208F000
|
unkown image
|
page readonly
|
|
|
|
1E9A6A00000
|
heap private
|
page read and write
|
|
|
|
7FA70000
|
unkown image
|
page readonly
|
|
|
|
2CCF000
|
unkown
|
page read and write
|
|
|
|
27F23170000
|
unkown
|
page read and write
|
|
|
|
7FF5B34CA000
|
unkown image
|
page readonly
|
|
|
|
244524E0000
|
unkown image
|
page readonly
|
|
|
|
2C50000
|
unkown
|
page read and write
|
|
|
|
27F22B10000
|
unkown image
|
page readonly
|
|
|
|
27C0000
|
unkown image
|
page read and write
|
|
|
|
1C79F0B0000
|
unkown image
|
page readonly
|
|
|
|
7FF507C6B000
|
unkown image
|
page readonly
|
|
|
|
31E0000
|
unkown image
|
page readonly
|
|
|
|
219F000
|
unkown image
|
page readonly
|
|
|
|
206A000
|
unkown image
|
page readonly
|
|
|
|
7FF50356B000
|
unkown image
|
page readonly
|
|
|
|
7FF50361A000
|
unkown image
|
page readonly
|
|
|
|
7DF579D70000
|
unkown image
|
page readonly
|
|
|
|
249E000
|
unkown image
|
page readonly
|
|
|
|
A676C7F000
|
unkown
|
page read and write
|
|
|
|
104C0B7E000
|
unkown
|
page read and write
|
|
|
|
7FF507D21000
|
unkown image
|
page readonly
|
|
|
|
256B000
|
unkown image
|
page readonly
|
|
|
|
104C0B7B000
|
unkown
|
page read and write
|
|
|
|
1E95F127000
|
unkown
|
page read and write
|
|
|
|
7DF579D60000
|
unkown image
|
page readonly
|
|
|
|
104C0BA6000
|
unkown
|
page read and write
|
|
|
|
104C1019000
|
unkown
|
page read and write
|
|
|
|
7DF579D60000
|
unkown image
|
page readonly
|
|
|
|
75CF000
|
unkown
|
page read and write
|
|
|
|
104C02C1000
|
unkown
|
page read and write
|
|
|
|
2A10000
|
heap default
|
page read and write
|
|
|
|
104C0B9B000
|
unkown
|
page read and write
|
|
|
|
7FF507B7B000
|
unkown image
|
page readonly
|
|
|
|
2C27000
|
heap private
|
page read and write
|
|
|
|
2D91000
|
unkown
|
page read and write
|
|
|
|
1E95F3E0000
|
unkown image
|
page readonly
|
|
|
|
1E9A6D13000
|
unkown
|
page read and write
|
|
|
|
7FF56C010000
|
unkown image
|
page readonly
|
|
|
|
2573000
|
unkown image
|
page readonly
|
|
|
|
7FF5A50B2000
|
unkown image
|
page readonly
|
|
|
|
104C0BA0000
|
unkown
|
page read and write
|
|
|
|
104C0259000
|
unkown
|
page read and write
|
|
|
|
7FF5B34AE000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4C83000
|
unkown image
|
page readonly
|
|
|
|
7FF5B32D6000
|
unkown image
|
page readonly
|
|
|
|
7FF5074AA000
|
unkown image
|
page readonly
|
|
|
|
AA43D7E000
|
unkown
|
page read and write
|
|
|
|
104C0313000
|
unkown
|
page read and write
|
|
|
|
104C0BBD000
|
unkown
|
page read and write
|
|
|
|
7FF503101000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3459000
|
unkown image
|
page readonly
|
|
|
|
2C14000
|
heap private
|
page read and write
|
|
|
|
104C0253000
|
unkown
|
page read and write
|
|
|
|
7DF515992000
|
unkown image
|
page readonly
|
|
|
|
7FAD0000
|
unkown image
|
page readonly
|
|
|
|
1C79F200000
|
unkown
|
page read and write
|
|
|
|
7FF5B2CDA000
|
unkown image
|
page readonly
|
|
|
|
104C0BA5000
|
unkown
|
page read and write
|
|
|
|
7FF507AD9000
|
unkown image
|
page readonly
|
|
|
|
2A35000
|
unkown
|
page read and write
|
|
|
|
104C0890000
|
unkown image
|
page read and write
|
|
|
|
A676DFF000
|
unkown
|
page read and write
|
|
|
|
104C0B78000
|
unkown
|
page read and write
|
|
|
|
2357000
|
unkown image
|
page readonly
|
|
|
|
7FF56C013000
|
unkown image
|
page readonly
|
|
|
|
7FF5A50C4000
|
unkown image
|
page readonly
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
27F22F30000
|
unkown
|
page read and write
|
|
|
|
104C0BB7000
|
unkown
|
page read and write
|
|
|
|
7FF5078E1000
|
unkown image
|
page readonly
|
|
|
|
104C0B8A000
|
unkown
|
page read and write
|
|
|
|
7DF5B2D50000
|
unkown image
|
page readonly
|
|
|
|
7FF56C01E000
|
unkown image
|
page readonly
|
|
|
|
30D7FF000
|
unkown
|
page read and write
|
|
|
|
104C0B5A000
|
unkown
|
page read and write
|
|
|
|
24452029000
|
unkown
|
page read and write
|
|
|
|
104C0B16000
|
unkown
|
page read and write
|
|
|
|
7FF5B3534000
|
unkown image
|
page readonly
|
|
|
|
7FAC0000
|
unkown image
|
page readonly
|
|
|
|
2143000
|
unkown image
|
page readonly
|
|
|
|
7FF5A50D5000
|
unkown image
|
page readonly
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
7DF5C11C2000
|
unkown image
|
page readonly
|
|
|
|
2D20000
|
unkown
|
page read and write
|
|
|
|
7FF503621000
|
unkown image
|
page readonly
|
|
|
|
21E8000
|
unkown image
|
page readonly
|
|
|
|
7FF56BD75000
|
unkown image
|
page readonly
|
|
|
|
1C79F1E0000
|
unkown image
|
page readonly
|
|
|
|
104C0BBB000
|
unkown
|
page read and write
|
|
|
|
24452100000
|
unkown
|
page read and write
|
|
|
|
1E9A6C5D000
|
unkown
|
page read and write
|
|
|
|
7FF56C03B000
|
unkown image
|
page readonly
|
|
|
|
1C79F0B0000
|
unkown image
|
page readonly
|
|
|
|
1C79F24B000
|
unkown
|
page read and write
|
|
|
|
7FF5A505D000
|
unkown image
|
page readonly
|
|
|
|
104C0B7B000
|
unkown
|
page read and write
|
|
|
|
2506000
|
unkown image
|
page readonly
|
|
|
|
7FF507C17000
|
unkown image
|
page readonly
|
|
|
|
104C0BC0000
|
unkown
|
page read and write
|
|
|
|
104C024F000
|
unkown
|
page read and write
|
|
|
|
2445203C000
|
unkown
|
page read and write
|
|
|
|
20AB000
|
unkown image
|
page readonly
|
|
|
|
104C0BAB000
|
unkown
|
page read and write
|
|
|
|
7FF5B33D1000
|
unkown image
|
page readonly
|
|
|
|
2A1A000
|
heap default
|
page read and write
|
|
|
|
104C023C000
|
unkown
|
page read and write
|
|
|
|
24B4000
|
unkown image
|
page readonly
|
|
|
|
7FF5079AE000
|
unkown image
|
page readonly
|
|
|
|
7DF5159A0000
|
unkown image
|
page readonly
|
|
|
|
27F22270000
|
unkown image
|
page readonly
|
|
|
|
104C0BB7000
|
unkown
|
page read and write
|
|
|
|
2DDC000
|
unkown
|
page read and write
|
|
|
|
7FF5A4938000
|
unkown image
|
page readonly
|
|
|
|
2CD0000
|
unkown image
|
page readonly
|
|
|
|
2060000
|
unkown image
|
page readonly
|
|
|
|
27D0000
|
unkown image
|
page readonly
|
|
|
|
2A80000
|
unkown image
|
page readonly
|
|
|
|
104C1014000
|
unkown
|
page read and write
|
|
|
|
104C0B8E000
|
unkown
|
page read and write
|
|
|
|
1C79F255000
|
unkown
|
page read and write
|
|
|
|
7FF507D20000
|
unkown image
|
page readonly
|
|
|
|
7DF5B3122000
|
unkown image
|
page readonly
|
|
|
|
7FF5A50DA000
|
unkown image
|
page readonly
|
|
|
|
7DF5B3120000
|
unkown image
|
page readonly
|
|
|
|
7FF56BE76000
|
unkown image
|
page readonly
|
|
|
|
7FF507BA5000
|
unkown image
|
page readonly
|
|
|
|
7FF507C7E000
|
unkown image
|
page readonly
|
|
|
|
2A30000
|
unkown
|
page read and write
|
|
|
|
24452102000
|
unkown
|
page read and write
|
|
|
|
24451FC0000
|
unkown image
|
page readonly
|
|
|
|
7FF5B33D5000
|
unkown image
|
page readonly
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
E744AFE000
|
unkown
|
page read and write
|
|
|
|
29D0000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3447000
|
unkown image
|
page readonly
|
|
|
|
2D6A000
|
heap default
|
page read and write
|
|
|
|
7FF507A71000
|
unkown image
|
page readonly
|
|
|
|
7DF40F150000
|
unkown image
|
page readonly
|
|
|
|
7DF511292000
|
unkown image
|
page readonly
|
|
|
|
7F590000
|
unkown image
|
page readonly
|
|
|
|
7FF507801000
|
unkown image
|
page readonly
|
|
|
|
2121000
|
unkown image
|
page readonly
|
|
|
|
104C0B80000
|
unkown
|
page read and write
|
|
|
|
7FF507C9A000
|
unkown image
|
page readonly
|
|
|
|
7FF56C043000
|
unkown image
|
page readonly
|
|
|
|
2650000
|
unkown image
|
page readonly
|
|
|
|
104C1002000
|
unkown
|
page read and write
|
|
|
|
79CF000
|
unkown
|
page read and write
|
|
|
|
2C70000
|
heap default
|
page read and write
|
|
|
|
24E5000
|
unkown image
|
page readonly
|
|
|
|
7FF56C017000
|
unkown image
|
page readonly
|
|
|
|
984867F000
|
unkown
|
page read and write
|
|
|
|
104C1000000
|
unkown
|
page read and write
|
|
|
|
2487000
|
unkown image
|
page readonly
|
|
|
|
2C2A000
|
heap private
|
page read and write
|
|
|
|
7DF515980000
|
unkown image
|
page readonly
|
|
|
|
104C1021000
|
unkown
|
page read and write
|
|
|
|
1C79F860000
|
unkown
|
page read and write
|
|
|
|
104C01A0000
|
unkown image
|
page write copy
|
|
|
|
7DF477C20000
|
unkown image
|
page readonly
|
|
|
|
7FF507BD1000
|
unkown image
|
page readonly
|
|
|
|
25A3000
|
unkown image
|
page readonly
|
|
|
|
7F5A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4931000
|
unkown image
|
page readonly
|
|
|
|
2057000
|
unkown image
|
page readonly
|
|
|
|
27F22480000
|
heap default
|
page read and write
|
|
|
|
7FF50347B000
|
unkown image
|
page readonly
|
|
|
|
7FF507687000
|
unkown image
|
page readonly
|
|
|
|
7F5A2000
|
unkown image
|
page readonly
|
|
|
|
758E000
|
unkown
|
page read and write
|
|
|
|
1E95F116000
|
heap default
|
page read and write
|
|
|
|
253B000
|
unkown image
|
page readonly
|
|
|
|
27F224C7000
|
unkown
|
page read and write
|
|
|
|
7FF50768B000
|
unkown image
|
page readonly
|
|
|
|
2A55000
|
unkown
|
page read and write
|
|
|
|
2DF5000
|
unkown
|
page read and write
|
|
|
|
7FF56BFF9000
|
unkown image
|
page readonly
|
|
|
|
7FF5A540B000
|
unkown image
|
page readonly
|
|
|
|
104C1002000
|
unkown
|
page read and write
|
|
|
|
2390000
|
unkown image
|
page read and write
|
|
|
|
7DF511292000
|
unkown image
|
page readonly
|
|
|
|
104C0600000
|
unkown image
|
page readonly
|
|
|
|
7FF56BF4B000
|
unkown image
|
page readonly
|
|
|
|
1E95EFE0000
|
unkown image
|
page read and write
|
|
|
|
27F224CE000
|
unkown
|
page read and write
|
|
|
|
2581000
|
unkown image
|
page readonly
|
|
|
|
7FB82000
|
unkown image
|
page readonly
|
|
|
|
7FAE0000
|
unkown image
|
page readonly
|
|
|
|
27F22790000
|
unkown image
|
page readonly
|
|
|
|
1E9A6C13000
|
unkown
|
page read and write
|
|
|
|
27F0000
|
unkown image
|
page readonly
|
|
|
|
27F224EF000
|
heap default
|
page read and write
|
|
|
|
1E9A6C3C000
|
unkown
|
page read and write
|
|
|
|
7DF5B2D42000
|
unkown image
|
page readonly
|
|
|
|
104C0B98000
|
unkown
|
page read and write
|
|
|
|
7FF56BEDB000
|
unkown image
|
page readonly
|
|
|
|
104C0B74000
|
unkown
|
page read and write
|
|
|
|
7FF56C0C2000
|
unkown image
|
page readonly
|
|
|
|
2136000
|
unkown image
|
page readonly
|
|
|
|
984887F000
|
unkown
|
page read and write
|
|
|
|
7DF511290000
|
unkown image
|
page readonly
|
|
|
|
104C0B89000
|
unkown
|
page read and write
|
|
|
|
7FF5A53E7000
|
unkown image
|
page readonly
|
|
|
|
1E95F12F000
|
unkown
|
page read and write
|
|
|
|
27F22380000
|
unkown
|
page read and write
|
|
|
|
1C79F26F000
|
unkown
|
page read and write
|
|
|
|
E744C7E000
|
unkown
|
page read and write
|
|
|
|
7DF5B3132000
|
unkown image
|
page readonly
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
7FAC2000
|
unkown image
|
page readonly
|
|
|
|
104C02E2000
|
unkown
|
page read and write
|
|
|
|
7FF507887000
|
unkown image
|
page readonly
|
|
|
|
1E95F040000
|
unkown
|
page read and write
|
|
|
|
30D4F7000
|
unkown
|
page read and write
|
|
|
|
7FF5B3031000
|
unkown image
|
page readonly
|
|
|
|
24452076000
|
unkown
|
page read and write
|
|
|
|
78D0000
|
unkown
|
page read and write
|
|
|
|
7FAD2000
|
unkown image
|
page readonly
|
|
|
|
2C40000
|
unkown image
|
page readonly
|
|
|
|
7DF515982000
|
unkown image
|
page readonly
|
|
|
|
1E9A6D00000
|
unkown
|
page read and write
|
|
|
|
7F5A2000
|
unkown image
|
page readonly
|
|
|
|
23FA000
|
unkown
|
page read and write
|
|
|
|
E744B7B000
|
unkown
|
page read and write
|
|
|
|
2218000
|
unkown image
|
page readonly
|
|
|
|
104C0302000
|
unkown
|
page read and write
|
|
|
|
2E60000
|
unkown image
|
page readonly
|
|
|
|
104C0BBA000
|
unkown
|
page read and write
|
|
|
|
7DF4B0FF0000
|
unkown image
|
page readonly
|
|
|
|
104C0B16000
|
unkown
|
page read and write
|
|
|
|
7FF5B353A000
|
unkown image
|
page readonly
|
|
|
|
A676E7C000
|
unkown
|
page read and write
|
|
|
|
104C0256000
|
unkown
|
page read and write
|
|
|
|
7FF5A54B5000
|
unkown image
|
page readonly
|
|
|
|
248B000
|
unkown image
|
page readonly
|
|
|
|
7DF4B0C10000
|
unkown image
|
page readonly
|
|
|
|
27F224CE000
|
unkown
|
page read and write
|
|
|
|
104C0BA6000
|
unkown
|
page read and write
|
|
|
|
62BBE7B000
|
unkown
|
page read and write
|
|
|
|
24451FF0000
|
heap default
|
page read and write
|
|
|
|
2DD8000
|
unkown
|
page read and write
|
|
|
|
7F5B0000
|
unkown image
|
page readonly
|
|
|
|
2D88000
|
unkown
|
page read and write
|
|
|
|
7FF56BFE7000
|
unkown image
|
page readonly
|
|
|
|
24451F80000
|
unkown image
|
page read and write
|
|
|
|
7DF5B3140000
|
unkown image
|
page readonly
|
|
|
|
7FF5079A5000
|
unkown image
|
page readonly
|
|
|
|
2C5F000
|
unkown
|
page read and write
|
|
|
|
7FF5B331D000
|
unkown image
|
page readonly
|
|
|
|
24BB000
|
unkown image
|
page readonly
|
|
|
|
24D6000
|
unkown image
|
page readonly
|
|
|
|
2DD3000
|
heap default
|
page read and write
|
|
|
|
2850000
|
unkown image
|
page readonly
|
|
|
|
7FF507B2F000
|
unkown image
|
page readonly
|
|
|
|
27F231A0000
|
unkown
|
page read and write
|
|
|
|
1E9A6B40000
|
unkown image
|
page readonly
|
|
|
|
7FF5B34C7000
|
unkown image
|
page readonly
|
|
|
|
104C0B75000
|
unkown
|
page read and write
|
|
|
|
7FF56BEC0000
|
unkown image
|
page readonly
|
|
|
|
1C79F0A0000
|
heap private
|
page read and write
|
|
|
|
7FF5B3470000
|
unkown image
|
page readonly
|
|
|
|
AA43F7B000
|
unkown
|
page read and write
|
|
|
|
1F27000
|
unkown image
|
page readonly
|
|
|
|
7FF5078F4000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4C5E000
|
unkown image
|
page readonly
|
|
|
|
24D9000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3320000
|
unkown image
|
page readonly
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
7FF5A53CD000
|
unkown image
|
page readonly
|
|
|
|
7FF56C003000
|
unkown image
|
page readonly
|
|
|
|
2481000
|
unkown image
|
page readonly
|
|
|
|
244522D0000
|
unkown image
|
page readonly
|
|
|
|
24452113000
|
unkown
|
page read and write
|
|
|
|
2574000
|
unkown image
|
page readonly
|
|
|
|
2DB0000
|
heap default
|
page read and write
|
|
|
|
30D8F9000
|
unkown
|
page read and write
|
|
|
|
7FF507B37000
|
unkown image
|
page readonly
|
|
|
|
798E000
|
unkown
|
page read and write
|
|
|
|
7FF5B345D000
|
unkown image
|
page readonly
|
|
|
|
7DF5B2D50000
|
unkown image
|
page readonly
|
|
|
|
A67696A000
|
unkown
|
page read and write
|
|
|
|
7FF5B3477000
|
unkown image
|
page readonly
|
|
|
|
1E14000
|
unkown image
|
page readonly
|
|
|
|
7F590000
|
unkown image
|
page readonly
|
|
|
|
104C0B93000
|
unkown
|
page read and write
|
|
|
|
104C0B8F000
|
unkown
|
page read and write
|
|
|
|
27F22400000
|
unkown
|
page read and write
|
|
|
|
208B000
|
unkown image
|
page readonly
|
|
|
|
7FF5A53CF000
|
unkown image
|
page readonly
|
|
|
|
205B000
|
unkown image
|
page readonly
|
|
|
|
2578000
|
unkown image
|
page readonly
|
|
|
|
7FF5035F9000
|
unkown image
|
page readonly
|
|
|
|
7FF507C73000
|
unkown image
|
page readonly
|
|
|
|
104C0B7D000
|
unkown
|
page read and write
|
|
|
|
7FF507C4E000
|
unkown image
|
page readonly
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
7FF5B3487000
|
unkown image
|
page readonly
|
|
|
|
7FAE0000
|
unkown image
|
page readonly
|
|
|
|
7FF56BF71000
|
unkown image
|
page readonly
|
|
|
|
62BBD7E000
|
unkown
|
page read and write
|
|
|
|
23A0000
|
unkown image
|
page readonly
|
|
|
|
7FB72000
|
unkown image
|
page readonly
|
|
|
|
7DF5C11C0000
|
unkown image
|
page readonly
|
|
|
|
7FF507C03000
|
unkown image
|
page readonly
|
|
|
|
A676D7A000
|
unkown
|
page read and write
|
|
|
|
7FB70000
|
unkown image
|
page readonly
|
|
|
|
AA43FFF000
|
unkown
|
page read and write
|
|
|
|
7DF511282000
|
unkown image
|
page readonly
|
|
|
|
75D0000
|
unkown
|
page read and write
|
|
|
|
292E000
|
unkown
|
page read and write
|
|
|
|
7FF5A53E0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4CD7000
|
unkown image
|
page readonly
|
|
|
|
104C0B9A000
|
unkown
|
page read and write
|
|
|
|
7DF515982000
|
unkown image
|
page readonly
|
|
|
|
104C0B7C000
|
unkown
|
page read and write
|
|
|
|
104C0BCC000
|
unkown
|
page read and write
|
|
|
|
24452013000
|
unkown
|
page read and write
|
|
|
|
984897F000
|
unkown
|
page read and write
|
|
|
|
104C0286000
|
unkown
|
page read and write
|
|
|
|
7DF5B2D42000
|
unkown image
|
page readonly
|
|
|
|
24BF000
|
unkown image
|
page readonly
|
|
|
|
2387000
|
unkown image
|
page readonly
|
|
|
|
104C103C000
|
unkown
|
page read and write
|
|
|
|
2D04000
|
heap private
|
page read and write
|
|
|
|
7DF5B3122000
|
unkown image
|
page readonly
|
|
|
|
104C0BA9000
|
unkown
|
page read and write
|
|
|
|
7FF507B0B000
|
unkown image
|
page readonly
|
|
|
|
7FF503604000
|
unkown image
|
page readonly
|
|
|
|
AA43CFE000
|
unkown
|
page read and write
|
|
|
|
7FF5B2CD4000
|
unkown image
|
page readonly
|
|
|
|
1E9A7402000
|
unkown
|
page read and write
|
|
|
|
104C0140000
|
unkown image
|
page readonly
|
|
|
|
2AB0000
|
unkown image
|
page readonly
|
|
|
|
7FF5032A5000
|
unkown image
|
page readonly
|
|
|
|
30DA7D000
|
unkown
|
page read and write
|
|
|
|
24B7000
|
unkown image
|
page readonly
|
|
|
|
104C1002000
|
unkown
|
page read and write
|
|
|
|
7FF5A4FF6000
|
unkown image
|
page readonly
|
|
|
|
7FF5A503E000
|
unkown image
|
page readonly
|
|
|
|
1E9A7000000
|
unkown image
|
page readonly
|
|
|
|
210F000
|
unkown image
|
page readonly
|
|
|
|
104C0B8A000
|
unkown
|
page read and write
|
|
|
|
104C0060000
|
heap default
|
page read and write
|
|
|
|
30D5F7000
|
unkown
|
page read and write
|
|
|
|
7FF5B31DE000
|
unkown image
|
page readonly
|
|
|
|
7FF5033A6000
|
unkown image
|
page readonly
|
|
|
|
7DF5C11D0000
|
unkown image
|
page readonly
|
|
|
|
24B5000
|
unkown image
|
page readonly
|
|
|
|
98485FB000
|
unkown
|
page read and write
|
|
|
|
1E9A6A60000
|
heap default
|
page read and write
|
|
|
|
7FF5033D1000
|
unkown image
|
page readonly
|
|
|
|
1E95F090000
|
unkown image
|
page readonly
|
|
|
|
1C79F780000
|
unkown image
|
page readonly
|
|
|
|
7FF507CF2000
|
unkown image
|
page readonly
|
|
|
|
104C0B0C000
|
unkown
|
page read and write
|
|
|
|
7DF5B3140000
|
unkown image
|
page readonly
|
|
|
|
27D0000
|
unkown image
|
page readonly
|
|
|
|
1E95F5E0000
|
unkown image
|
page readonly
|
|
|
|
1E9A6A30000
|
unkown image
|
page readonly
|
|
|
|
7DF4BF080000
|
unkown image
|
page readonly
|
|
|
|
2CFA000
|
heap private
|
page read and write
|
|
|
|
104C0B93000
|
unkown
|
page read and write
|
|
|
|
7FF50360A000
|
unkown image
|
page readonly
|
|
|
|
29F0000
|
unkown
|
page read and write
|
|
|
|
7FF5A4C85000
|
unkown image
|
page readonly
|
|
|
|
7FF503533000
|
unkown image
|
page readonly
|
|
|
|
7FF50354E000
|
unkown image
|
page readonly
|
|
|
|
7FF56C0D4000
|
unkown image
|
page readonly
|
|
|
|
7FF507D0A000
|
unkown image
|
page readonly
|
|
|
|
7DF579D50000
|
unkown image
|
page readonly
|
|
|
|
104C0B62000
|
unkown
|
page read and write
|
|
|
|
29C3000
|
unkown
|
page read and write
|
|
|
|
2596000
|
unkown image
|
page readonly
|
|
|
|
2CF7000
|
heap private
|
page read and write
|
|
|
|
7FB90000
|
unkown image
|
page readonly
|
|
|
|
1C79F600000
|
unkown image
|
page readonly
|
|
|
|
249A000
|
unkown image
|
page readonly
|
|
|
|
2A38000
|
unkown
|
page read and write
|
|
|
|
27F22260000
|
unkown image
|
page readonly
|
|
|
|
104C025A000
|
unkown
|
page read and write
|
|
|
|
7FF5A5003000
|
unkown image
|
page readonly
|
|
|
|
24FD000
|
unkown image
|
page readonly
|
|
|
|
7FF50769C000
|
unkown image
|
page readonly
|
|
|
|
1E95F13D000
|
unkown
|
page read and write
|
|
|
|
1C79F300000
|
unkown
|
page read and write
|
|
|
|
7DF511280000
|
unkown image
|
page readonly
|
|
|
|
104C0BCF000
|
unkown
|
page read and write
|
|
|
|
7FF56B874000
|
unkown image
|
page readonly
|
|
|
|
30B0000
|
unkown image
|
page readonly
|
|
|
|
2445204F000
|
unkown
|
page read and write
|
|
|
|
7FF507AD1000
|
unkown image
|
page readonly
|
|
|
|
7DF5112A0000
|
unkown image
|
page readonly
|
|
|
|
7FF50348C000
|
unkown image
|
page readonly
|
|
|
|
2544000
|
unkown image
|
page readonly
|
|
|
|
1E95F132000
|
unkown
|
page read and write
|
|
|
|
104C1002000
|
unkown
|
page read and write
|
|
|
|
7DF5112A0000
|
unkown image
|
page readonly
|
|
|
|
27F22470000
|
unkown
|
page read and write
|
|
|
|
5E40000
|
unkown image
|
page readonly
|
|
|
|
27F231F0000
|
unkown
|
page read and write
|
|
|
|
2D60000
|
heap default
|
page read and write
|
|
|
|
7FF507D04000
|
unkown image
|
page readonly
|
|
|
|
2085000
|
unkown image
|
page readonly
|
|
|
|
1E9A6E00000
|
unkown image
|
page readonly
|
|
|
|
2C20000
|
heap private
|
page read and write
|
|
|
|
1E9A6A40000
|
unkown image
|
page readonly
|
|
|
|
2363000
|
unkown image
|
page readonly
|
|
|
|
254B000
|
unkown image
|
page readonly
|
|
|
|
7FF503540000
|
unkown image
|
page readonly
|
|
|
|
104C0B93000
|
unkown
|
page read and write
|
|
|
|
257B000
|
unkown image
|
page readonly
|
|
|
|
1E9A7180000
|
unkown image
|
page readonly
|
|
|
|
104C0B20000
|
unkown
|
page read and write
|
|
|
|
7FF507BE2000
|
unkown image
|
page readonly
|
|
|
|
27F22990000
|
unkown image
|
page readonly
|
|
|
|
24BB000
|
unkown image
|
page readonly
|
|
|
|
7FF5A541E000
|
unkown image
|
page readonly
|
|
|
|
104C0BAA000
|
unkown
|
page read and write
|
|
|
|
1E95F10B000
|
heap default
|
page read and write
|
|
|
|
27F22240000
|
unkown image
|
page readonly
|
|
|
|
1C79F0E0000
|
unkown image
|
page readonly
|
|
|
|
24452750000
|
unkown
|
page read and write
|
|
|
|
7FF5A543A000
|
unkown image
|
page readonly
|
|
|
|
2D00000
|
unkown image
|
page readonly
|
|
|
|
7FF5074BE000
|
unkown image
|
page readonly
|
|
|
|
7FF5A53E3000
|
unkown image
|
page readonly
|
|
|
|
7FF5A5081000
|
unkown image
|
page readonly
|
|
|
|
2A41000
|
unkown
|
page read and write
|
|
|
|
104C0B84000
|
unkown
|
page read and write
|
|
|
|
79D0000
|
unkown
|
page read and write
|
|
|
|
7FF507CF9000
|
unkown image
|
page readonly
|
|
|
|
213C000
|
unkown image
|
page readonly
|
|
|
|
7FB80000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4EF7000
|
unkown image
|
page readonly
|
|
|
|
7FF5A496E000
|
unkown image
|
page readonly
|
|
|
|
1C79F24E000
|
unkown
|
page read and write
|
|
|
|
984815E000
|
unkown
|
page read and write
|
|
|
|
104C0B93000
|
unkown
|
page read and write
|
|
|
|
104C0B60000
|
unkown
|
page read and write
|
|
|
|
7FF5A4FF3000
|
unkown image
|
page readonly
|
|
|
|
104C0B75000
|
unkown
|
page read and write
|
|
|
|
104C0255000
|
unkown
|
page read and write
|
|
|
|
7FF507889000
|
unkown image
|
page readonly
|
|
|
|
1E95F10D000
|
heap default
|
page read and write
|
|
|
|
7FAD2000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4FE6000
|
unkown image
|
page readonly
|
|
|
|
104C0B85000
|
unkown
|
page read and write
|
|
|
|
7FF5B347E000
|
unkown image
|
page readonly
|
|
|
|
7FF5A5413000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3551000
|
unkown image
|
page readonly
|
|
|
|
2C00000
|
unkown image
|
page readonly
|
|
|
|
98480DB000
|
unkown
|
page read and write
|
|
|
|
104C109D000
|
unkown
|
page read and write
|
|
|
|
7FF56BEBD000
|
unkown image
|
page readonly
|
|
|
|
2274000
|
unkown image
|
page readonly
|
|
|
|
2D37000
|
heap private
|
page read and write
|
|
|
|
7FF5035F2000
|
unkown image
|
page readonly
|
|
|
|
104C0B60000
|
unkown
|
page read and write
|
|
|
|
7FF507A85000
|
unkown image
|
page readonly
|
|
|
|
7DF5B3132000
|
unkown image
|
page readonly
|
|
|
|
104C0B78000
|
unkown
|
page read and write
|
|
|
|
23A0000
|
unkown image
|
page readonly
|
|
|
|
24A9000
|
unkown image
|
page readonly
|
|
|
|
7FF507AED000
|
unkown image
|
page readonly
|
|
|
|
A6769EE000
|
unkown
|
page read and write
|
|
|
|
7FF5B335F000
|
unkown image
|
page readonly
|
|
|
|
104C0B20000
|
unkown
|
page read and write
|
|
|
|
24EF000
|
unkown image
|
page readonly
|
|
|
|
104C0B98000
|
unkown
|
page read and write
|
|
|
|
2D8C000
|
unkown
|
page read and write
|
|
|
|
2DD0000
|
unkown
|
page read and write
|
|
|
|
27F224E6000
|
heap default
|
page read and write
|
|
|
|
2054000
|
unkown image
|
page readonly
|
|
|
|
250B000
|
unkown image
|
page readonly
|
|
|
|
104C0B93000
|
unkown
|
page read and write
|
|
|
|
7FF5A50CA000
|
unkown image
|
page readonly
|
|
|
|
7FF5074A4000
|
unkown image
|
page readonly
|
|
|
|
104C0B98000
|
unkown
|
page read and write
|
|
|
|
7FF56C027000
|
unkown image
|
page readonly
|
|
|
|
104C0252000
|
unkown
|
page read and write
|
|
|
|
7FF5A54B1000
|
unkown image
|
page readonly
|
|
|
|
7FF56C0C9000
|
unkown image
|
page readonly
|
|
|
|
104C0BB1000
|
unkown
|
page read and write
|
|
|
|
24F0000
|
unkown image
|
page readonly
|
|
|
|
104C024A000
|
unkown
|
page read and write
|
|
|
|
104C0258000
|
unkown
|
page read and write
|
|
|
|
1C79F23C000
|
unkown
|
page read and write
|
|
|
|
1D3F000
|
unkown image
|
page readonly
|
|
|
|
104C0B7D000
|
unkown
|
page read and write
|
|
|
|
AA441FF000
|
unkown
|
page read and write
|
|
|
|
24B1000
|
unkown image
|
page readonly
|
|
|
|
27F22465000
|
heap private
|
page read and write
|
|
|
|
7FF56BEA1000
|
unkown image
|
page readonly
|
|
|
|
7FF503529000
|
unkown image
|
page readonly
|
|
|
|
7FF507C2F000
|
unkown image
|
page readonly
|
|
|
|
7FF507BFA000
|
unkown image
|
page readonly
|
|
|
|
7FF5A53D3000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3037000
|
unkown image
|
page readonly
|
|
|
|
2640000
|
unkown image
|
page readonly
|
|
|
|
7DF5C11C2000
|
unkown image
|
page readonly
|
|
|
|
27F22469000
|
heap private
|
page read and write
|
|
|
|
25A8000
|
unkown image
|
page readonly
|
|
|
|
104C1002000
|
unkown
|
page read and write
|
|
|
|
104C0B83000
|
unkown
|
page read and write
|
|
|
|
7DF5C11C0000
|
unkown image
|
page readonly
|
|
|
|
209D000
|
unkown image
|
page readonly
|
|
|
|
7FF507C43000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3529000
|
unkown image
|
page readonly
|
|
|
|
7FB70000
|
unkown image
|
page readonly
|
|
|
|
104C1102000
|
unkown
|
page read and write
|
|
|
|
104C0251000
|
unkown
|
page read and write
|
|
|
|
104C0B60000
|
unkown
|
page read and write
|
|
|
|
1E95F12F000
|
unkown
|
page read and write
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
104C0B7C000
|
unkown
|
page read and write
|
|
|
|
1E95F0A0000
|
unkown image
|
page readonly
|
|
|
|
2BE0000
|
unkown
|
page read and write
|
|
|
|
7FAC2000
|
unkown image
|
page readonly
|
|
|
|
24A6000
|
unkown image
|
page readonly
|
|
|
|
24451FD0000
|
unkown image
|
page readonly
|
|
|
|
7FF56C06A000
|
unkown image
|
page readonly
|
|
|
|
7FAC0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A53EE000
|
unkown image
|
page readonly
|
|
|
|
2079000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3522000
|
unkown image
|
page readonly
|
|
|
|
7DF511290000
|
unkown image
|
page readonly
|
|
|
|
2C10000
|
heap private
|
page read and write
|
|
|
|
104C0030000
|
unkown image
|
page readonly
|
|
|
|
7FB90000
|
unkown image
|
page readonly
|
|
|
|
7DF5B2D40000
|
unkown image
|
page readonly
|
|
|
|
104C0400000
|
unkown image
|
page readonly
|
|
|
|
7FF507A2B000
|
unkown image
|
page readonly
|
|
|
|
7FF50342F000
|
unkown image
|
page readonly
|
|
|
|
1E95F13D000
|
unkown
|
page read and write
|
|
|
|
7FF503543000
|
unkown image
|
page readonly
|
|
|
|
7FF56B87A000
|
unkown image
|
page readonly
|
|
|
|
7FF56C0E1000
|
unkown image
|
page readonly
|
|
|
|
2DA5000
|
unkown
|
page read and write
|
|
|
|
7FF503573000
|
unkown image
|
page readonly
|
|
|
|
104C0B93000
|
unkown
|
page read and write
|
|
|
|
7FF5079E7000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4EF2000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3301000
|
unkown image
|
page readonly
|
|
|
|
24452660000
|
unkown image
|
page readonly
|
|
|
|
104C024E000
|
unkown
|
page read and write
|
|
|
|
7FF590FF1000
|
unkown image
|
page readonly
|
|
|
|
2DD8000
|
unkown
|
page read and write
|
|
|
|
104C1002000
|
unkown
|
page read and write
|
|
|
|
7F592000
|
unkown image
|
page readonly
|
|
|
|
3230000
|
unkown image
|
page readonly
|
|
|
|
62BBCFE000
|
unkown
|
page read and write
|
|
|
|
104C0B5C000
|
unkown
|
page read and write
|
|
|
|
E744D79000
|
unkown
|
page read and write
|
|
|
|
104C109D000
|
unkown
|
page read and write
|
|
|
|
7FF56BFFD000
|
unkown image
|
page readonly
|
|
|
|
27F23180000
|
unkown
|
page readonly
|
|
|
|
7DF579D50000
|
unkown image
|
page readonly
|
|
|
|
104C0880000
|
unkown
|
page read and write
|
|
|
|
210B000
|
unkown image
|
page readonly
|
|
|
|
E744A7D000
|
unkown
|
page read and write
|
|
|
|
1E9A6C8B000
|
unkown
|
page read and write
|
|
|
|
2148000
|
unkown image
|
page readonly
|
|
|
|
2A00000
|
unkown image
|
page readonly
|
|
|
|
2A33000
|
heap default
|
page read and write
|
|
|
|
7FF503621000
|
unkown image
|
page readonly
|
|
|
|
27F22220000
|
unkown image
|
page read and write
|
|
|
|
24D6000
|
unkown image
|
page readonly
|
|
|
|
AA442FE000
|
unkown
|
page read and write
|
|
|
|
104C0B00000
|
unkown
|
page read and write
|
|
|
|
280E000
|
unkown
|
page read and write
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
24452080000
|
unkown
|
page read and write
|
|
|
|
7FF507A7F000
|
unkown image
|
page readonly
|
|
|
|
7FF5A50E1000
|
unkown image
|
page readonly
|
|
|
|
2393000
|
unkown image
|
page readonly
|
|
|
|
104C0B93000
|
unkown
|
page read and write
|
|
|
|
7FB80000
|
unkown image
|
page readonly
|
|
|
|
7DF579D52000
|
unkown image
|
page readonly
|
|
|
|
104C0B60000
|
unkown
|
page read and write
|
|
|
|
104C0B93000
|
unkown
|
page read and write
|
|
|
|
104BFFF0000
|
unkown image
|
page read and write
|
|
|
|
1E9A6C62000
|
unkown
|
page read and write
|
|
|
|
62BC2FE000
|
unkown
|
page read and write
|
|
|
|
24452108000
|
unkown
|
page read and write
|
|
|
|
104C1003000
|
unkown
|
page read and write
|
|
|
|
27F22360000
|
unkown
|
page read and write
|
|
|
|
256F000
|
unkown image
|
page readonly
|
|
|
|
24CD000
|
unkown image
|
page readonly
|
|
|
|
7FF56BF5C000
|
unkown image
|
page readonly
|
|
|
|
A676CF9000
|
unkown
|
page read and write
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
988000
|
unkown image
|
page readonly
|
|
|
|
104C1021000
|
unkown
|
page read and write
|
|
|
|
104C024B000
|
unkown
|
page read and write
|
|
|
|
7DF5C11B0000
|
unkown image
|
page readonly
|
|
|
|
2051000
|
unkown image
|
page readonly
|
|
|
|
7FF5033ED000
|
unkown image
|
page readonly
|
|
|
|
7FF5B354A000
|
unkown image
|
page readonly
|
|
|
|
1E95F3D5000
|
heap private
|
page read and write
|
|
|
|
258B000
|
unkown image
|
page readonly
|
|
|
|
203E000
|
unkown image
|
page readonly
|
|
|
|
7DF515990000
|
unkown image
|
page readonly
|
|
|
|
7DF5B3130000
|
unkown image
|
page readonly
|
|
|
|
212B000
|
unkown image
|
page readonly
|
|
|
|
2035000
|
unkown image
|
page readonly
|
|
|
|
104C0BB8000
|
unkown
|
page read and write
|
|
|
|
2EB0000
|
unkown image
|
page readonly
|
|
|
|
7FF507D1A000
|
unkown image
|
page readonly
|
|
|
|
7FF503547000
|
unkown image
|
page readonly
|
|
|
|
7FF507C97000
|
unkown image
|
page readonly
|
|
|
|
7FF56BF75000
|
unkown image
|
page readonly
|
|
|
|
104C0B93000
|
unkown
|
page read and write
|
|
|
|
23CB000
|
unkown image
|
page readonly
|
|
|
|
104C0B87000
|
unkown
|
page read and write
|
|
|
|
2CE0000
|
unkown
|
page read and write
|
|
|
|
2BF0000
|
heap default
|
page read and write
|
|
|
|
7DF5C11B2000
|
unkown image
|
page readonly
|
|
|
|
7FF503597000
|
unkown image
|
page readonly
|
|
|
|
7FF5B333B000
|
unkown image
|
page readonly
|
|
|
|
E7447FB000
|
unkown
|
page read and write
|
|
|
|
7FF503611000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4969000
|
unkown image
|
page readonly
|
|
|
|
7FAD0000
|
unkown image
|
page readonly
|
|
|
|
2A5A000
|
unkown
|
page read and write
|
|
|
|
1C79F229000
|
unkown
|
page read and write
|
|
|
|
1E9A6A10000
|
unkown image
|
page readonly
|
|
|
|
104C0010000
|
unkown image
|
page readonly
|
|
|
|
7FF507807000
|
unkown image
|
page readonly
|
|
|
|
1E9A6C8E000
|
unkown
|
page read and write
|
|
|
|
7DF515990000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4FEF000
|
unkown image
|
page readonly
|
|
|
|
2520000
|
unkown image
|
page readonly
|
|
|
|
7FF507C40000
|
unkown image
|
page readonly
|
|
|
|
7FF5A4FED000
|
unkown image
|
page readonly
|
|
|
|
7F5B0000
|
unkown image
|
page readonly
|
|
|
|
2BA0000
|
unkown
|
page read and write
|
|
|
|
7FF5B33A5000
|
unkown image
|
page readonly
|
|
|
|
7FF507A64000
|
unkown image
|
page readonly
|
|
|
|
7FF507C29000
|
unkown image
|
page readonly
|
|
|
|
62BC1FF000
|
unkown
|
page read and write
|
|
|
|
1E95F760000
|
unkown image
|
page readonly
|
|
|
|
104C0BB2000
|
unkown
|
page read and write
|
|
|
|
2D85000
|
unkown
|
page read and write
|
|
|
|
104C106A000
|
unkown
|
page read and write
|
|
|
|
1E95F100000
|
heap default
|
page read and write
|
|
|
|
104C0B7E000
|
unkown
|
page read and write
|
|
|
|
7F9C0000
|
unkown image
|
page readonly
|
|
|
|
1C79F302000
|
unkown
|
page read and write
|
|
|
|
2465000
|
unkown image
|
page readonly
|
|
|
|
7FF507C0E000
|
unkown image
|
page readonly
|
|
|
|
7DF579D62000
|
unkown image
|
page readonly
|
|
|
|
27F22487000
|
heap default
|
page read and write
|
|
|
|
2C3E000
|
unkown
|
page read and write
|
|
|
|
104C0BA4000
|
unkown
|
page read and write
|
|
|
|
1C79F213000
|
unkown
|
page read and write
|
|
|
|
4820000
|
heap private
|
page read and write
|
|
|
|
24CA000
|
unkown image
|
page readonly
|
|
|
|
7F490000
|
unkown image
|
page readonly
|
|
|
|
104C0B7C000
|
unkown
|
page read and write
|
|
|
|
7FF5A50B9000
|
unkown image
|
page readonly
|
|
|
|
104C0BAB000
|
unkown
|
page read and write
|
|
|
|
2BD0000
|
unkown
|
page read and write
|
|
|
|
7FF5A54BA000
|
unkown image
|
page readonly
|
|
|
|
7FF56BEFF000
|
unkown image
|
page readonly
|
|
|
|
1C79F100000
|
heap default
|
page read and write
|
|
|
|
7FF56C0F1000
|
unkown image
|
page readonly
|
|
|
|
104C0B20000
|
unkown
|
page read and write
|
|
|
|
7FF5A4F4C000
|
unkown image
|
page readonly
|
|
|
|
20A6000
|
unkown image
|
page readonly
|
|
|
|
7FF503517000
|
unkown image
|
page readonly
|
|
|
|
7FF5A5032000
|
unkown image
|
page readonly
|
|
|
|
2244000
|
unkown image
|
page readonly
|
|
|
|
1E95F12F000
|
unkown
|
page read and write
|
|
|
|
7FF502DAA000
|
unkown image
|
page readonly
|
|
|
|
244524D0000
|
unkown image
|
page readonly
|
|
|
|
7FF5033F0000
|
unkown image
|
page readonly
|
|
|
|
24451FA0000
|
unkown image
|
page readonly
|
|
|
|
2CBF000
|
unkown
|
page read and write
|
|
|
|
7FF5A5000000
|
unkown image
|
page readonly
|
|
|
|
104C024C000
|
unkown
|
page read and write
|
|
|
|
255B000
|
unkown image
|
page readonly
|
|
|
|
104C0213000
|
unkown
|
page read and write
|
|
|
|
2076000
|
unkown image
|
page readonly
|
|
|
|
104C0316000
|
unkown
|
page read and write
|
|
|
|
7FF5A4E7A000
|
unkown image
|
page readonly
|
|
|
|
104C0B78000
|
unkown
|
page read and write
|
|
|
|
7FF5A4D6D000
|
unkown image
|
page readonly
|
|
|
|
1E9A6D02000
|
unkown
|
page read and write
|
|
|
|
7FF5078F7000
|
unkown image
|
page readonly
|
|
|
|
104C0B72000
|
unkown
|
page read and write
|
|
|
|
5A60000
|
unkown image
|
page readonly
|
|
|
|
2578000
|
unkown image
|
page readonly
|
|
|
|
27B0000
|
unkown
|
page read and write
|
|
|
|
104C0000000
|
heap private
|
page read and write
|
|
|
|
1E9A6C5F000
|
unkown
|
page read and write
|
|
|
|
7FF5B3551000
|
unkown image
|
page readonly
|
|
|
|
2D80000
|
unkown
|
page read and write
|
|
|
|
104C0BB5000
|
unkown
|
page read and write
|
|
|
|
4824000
|
heap private
|
page read and write
|
|
|
|
7FF50340B000
|
unkown image
|
page readonly
|
|
|
|
104C0308000
|
unkown
|
page read and write
|
|
|
|
7FF50352D000
|
unkown image
|
page readonly
|
|
|
|
7DF5B3120000
|
unkown image
|
page readonly
|
|
|
|
104C027F000
|
unkown
|
page read and write
|
|
|
|
2770000
|
unkown
|
page read and write
|
|
|
|
2DD5000
|
unkown
|
page read and write
|
|
|
|
2D88000
|
unkown
|
page read and write
|
|
|
|
104C02F9000
|
unkown
|
page read and write
|
|
|
|
7FF5B345F000
|
unkown image
|
page readonly
|
|
|
|
292A000
|
unkown
|
page read and write
|
|
|
|
2566000
|
unkown image
|
page readonly
|
|
|
|
7FF56BFFF000
|
unkown image
|
page readonly
|
|
|
|
62BBEFE000
|
unkown
|
page read and write
|
|
|
|
104C0A02000
|
unkown
|
page read and write
|
|
|
|
7AB0000
|
unkown
|
page read and write
|
|
|
|
62BBC7C000
|
unkown
|
page read and write
|
|
|
|
7FF5034A5000
|
unkown image
|
page readonly
|
|
|
|
104C0B76000
|
unkown
|
page read and write
|
|
|
|
1C79F0D0000
|
unkown image
|
page readonly
|
|
|
|
104C0B7E000
|
unkown
|
page read and write
|
|
|
|
98481DE000
|
unkown
|
page read and write
|
|
|
|
7FF5A5492000
|
unkown image
|
page readonly
|
|
|
|
7FF5A543D000
|
unkown image
|
page readonly
|
|
|
|
7FF56C067000
|
unkown image
|
page readonly
|
|
|
|
2810000
|
unkown image
|
page readonly
|
|
|
|
27F22240000
|
unkown image
|
page readonly
|
|
|
|
E744CFF000
|
unkown
|
page read and write
|
|
|
|
27F22580000
|
unkown
|
page read and write
|
|
|
|
9848777000
|
unkown
|
page read and write
|
|
|
|
7FF5034A1000
|
unkown image
|
page readonly
|
|
|
|
256C000
|
unkown image
|
page readonly
|
|
|
|
104C0780000
|
unkown image
|
page readonly
|
|
|
|
104C0BD7000
|
unkown
|
page read and write
|
|
|
|
2148000
|
unkown image
|
page readonly
|
|
|
|
7DF511282000
|
unkown image
|
page readonly
|
|
|
|
7DF5B2D52000
|
unkown image
|
page readonly
|
|
|
|
7FF507AF0000
|
unkown image
|
page readonly
|
|
|
|
104C0BBC000
|
unkown
|
page read and write
|
|
|
|
7DF5C11B2000
|
unkown image
|
page readonly
|
|
|
|
62BC0F7000
|
unkown
|
page read and write
|
|
|
|
104C0BB4000
|
unkown
|
page read and write
|
|
|
|
AA43E7C000
|
unkown
|
page read and write
|
|
|
|
7FF56BBD1000
|
unkown image
|
page readonly
|
|
|
|
AA43C7B000
|
unkown
|
page read and write
|
|
|
|
104C0B8F000
|
unkown
|
page read and write
|
|
|
|
2490000
|
unkown image
|
page readonly
|
|
|
|
104C0B94000
|
unkown
|
page read and write
|
|
|
|
1C79F400000
|
unkown image
|
page readonly
|
|
|
|
1E95F020000
|
unkown image
|
page readonly
|
|
|
|
7FF507B75000
|
unkown image
|
page readonly
|
|
|
|
2C30000
|
unkown
|
page read and write
|
|
|
|
27F224CE000
|
unkown
|
page read and write
|
|
|
|
1F6B000
|
unkown image
|
page readonly
|
|
|
|
98C000
|
unkown image
|
page readonly
|
|
|
|
7FF5A505A000
|
unkown image
|
page readonly
|
|
|
|
7FF503557000
|
unkown image
|
page readonly
|
|
|
|
7FF5A53D6000
|
unkown image
|
page readonly
|
|
|
|
7FF5B3473000
|
unkown image
|
page readonly
|
|
|
|
1C79FA02000
|
unkown
|
page read and write
|
|
There are 956 hidden memdumps, click here to show them.