Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Import order764536.xlsx
|
CDFV2 Encrypted
|
initial sample
|
||
C:\Users\user\33920049\mmuiqlcvwo.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\asdERTYgh56F[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
downloaded
|
||
C:\Users\user\AppData\Local\Temp\tmp7677.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
|
data
|
dropped
|
||
C:\Users\Public\vbc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\33920049\aauo.exe
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\abjtjj.gcm
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
C:\Users\user\33920049\aricevnrq.msc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\bbofcjswrb.bmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\dngb.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\dopnobhqej.xml
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\dwipjhaqq.jpg
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\eeppjmhbj.icm
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\egwevtj.xl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\ewkvwqles.xl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\fmkkelc.omp
|
Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\ggaoddlfq.pdf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\hmjc.jpg
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\ipltm.pdf
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\kwhibpnou.exe
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\lueww.jpg
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\lxvjfmbxgn.icm
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\meuuljggm.jpg
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\mmbdcs.xl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\qhqulleu.mp3
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\sdstvfk.ico
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\srslmbkgam.xml
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\suktleoxtu.msc
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\ujhg.cpl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\vusklntwi.docx
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\weqn.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\wsxedltsm.cpl
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\33920049\xtax.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\asdERTYgh56F[1].htm
|
HTML document, ASCII text
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\26B84B08.png
|
PNG image data, 737 x 456, 8-bit/color RGB, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B0CBBE5F.png
|
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B908FF69.png
|
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BDBC2463.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650,
frames 3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BF7984D4.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650,
frames 3
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C009AF6A.png
|
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C5A013CD.png
|
PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D57D5BFC.png
|
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E6B61027.png
|
PNG image data, 737 x 456, 8-bit/color RGB, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EC79CE56.png
|
PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F4E77D3E.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\task.dat
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\Desktop\~$Import order764536.xlsx
|
data
|
dropped
|
||
C:\Users\user\temp\qhqulleu.mp3
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 40 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
|
||
C:\Users\Public\vbc.exe
|
'C:\Users\Public\vbc.exe'
|
||
C:\Users\user\33920049\mmuiqlcvwo.pif
|
'C:\Users\user\33920049\mmuiqlcvwo.pif' fmkkelc.omp
|
||
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
|
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
|
||
C:\Windows\SysWOW64\schtasks.exe
|
'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp7677.tmp'
|
||
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
|
C:\Users\user\AppData\Local\Temp\RegSvcs.exe 0
|
||
C:\Users\user\33920049\mmuiqlcvwo.pif
|
'C:\Users\user\33920049\MMUIQL~1.PIF' C:\Users\user\33920049\fmkkelc.omp
|
||
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
|
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
|
||
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
||
C:\Windows\System32\taskeng.exe
|
taskeng.exe {65A54373-42CF-48A1-B53D-BB3CC40C1C58} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://demopicking.renova-sa.net/asdERTYgh56F.exe
|
97.107.138.110
|
||
ezeani.duckdns.org
|
|||
194.5.98.48
|
|||
https://demopicking.renova-sa.net/asdERTYgh56F.exe
|
97.107.138.110
|
||
http://secure.globalsign.net/cacert/PrimObject.crt0
|
unknown
|
||
http://secure.globalsign.net/cacert/ObjectSign.crt09
|
unknown
|
||
http://www.%s.comPA
|
unknown
|
||
http://www.globalsign.net/repository09
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
||
http://www.autoitscript.com/autoit3/0
|
unknown
|
||
http://www.globalsign.net/repository/0
|
unknown
|
||
http://www.globalsign.net/repository/03
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
ezeani.duckdns.org
|
194.5.98.48
|
||
demopicking.renova-sa.net
|
97.107.138.110
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
194.5.98.48
|
ezeani.duckdns.org
|
Netherlands
|
||
97.107.138.110
|
demopicking.renova-sa.net
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
}`'
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D826
|
2D826
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
2g'
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\31F24
|
31F24
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32DF3
|
32DF3
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\31F24
|
31F24
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
||
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
|
Windows element
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{65A54373-42CF-48A1-B53D-BB3CC40C1C58}
|
data
|
There are 40 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3699000
|
unkown
|
page read and write
|
||
39F7000
|
unkown
|
page read and write
|
||
3B82000
|
unkown
|
page read and write
|
||
342000
|
unkown
|
page execute and read and write
|
||
4162000
|
unkown
|
page read and write
|
||
3901000
|
unkown
|
page read and write
|
||
3C31000
|
unkown
|
page read and write
|
||
3A6B000
|
unkown
|
page read and write
|
||
3A2B000
|
unkown
|
page read and write
|
||
3BB5000
|
unkown
|
page read and write
|
||
39C5000
|
unkown
|
page read and write
|
||
3C5B000
|
unkown
|
page read and write
|
||
3BB5000
|
unkown
|
page read and write
|
||
3900000
|
unkown
|
page read and write
|
||
3AF0000
|
unkown
|
page read and write
|
||
34A9000
|
unkown
|
page read and write
|
||
3BE7000
|
unkown
|
page read and write
|
||
3AF1000
|
unkown
|
page read and write
|
||
4232000
|
unkown
|
page read and write
|
||
2D2000
|
unkown
|
page execute and read and write
|
||
3C1B000
|
unkown
|
page read and write
|
||
3992000
|
unkown
|
page read and write
|
||
AE0000
|
unkown image
|
page read and write
|
||
39C5000
|
unkown
|
page read and write
|
||
2691000
|
unkown
|
page read and write
|
||
3A2B000
|
unkown
|
page read and write
|
||
489E000
|
unkown
|
page read and write
|
||
AE8000
|
unkown
|
page read and write
|
||
AD0000
|
heap private
|
page execute and read and write
|
||
7EFE0000
|
unkown image
|
page readonly
|
||
3B7000
|
heap default
|
page read and write
|
||
457F000
|
unkown
|
page read and write
|
||
3A4E000
|
unkown
|
page read and write
|
||
A00000
|
unkown image
|
page read and write
|
||
930000
|
unkown
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
997000
|
heap private
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
379000
|
heap default
|
page read and write
|
||
21B1000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
A30000
|
unkown image
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
7EFE0000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
2340000
|
unkown
|
page read and write
|
||
4E6F000
|
unkown
|
page read and write
|
||
CA7000
|
heap default
|
page read and write
|
||
680000
|
unkown image
|
page readonly
|
||
2510000
|
unkown
|
page read and write
|
||
3900000
|
unkown
|
page read and write
|
||
A50000
|
heap private
|
page execute and read and write
|
||
347000
|
unkown
|
page execute and read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
D3C000
|
heap default
|
page read and write
|
||
2C0000
|
heap default
|
page read and write
|
||
3F0000
|
unkown
|
page read and write
|
||
50000
|
unkown image
|
page readonly
|
||
7EFD0000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
A90000
|
unkown
|
page read and write
|
||
B58000
|
unkown
|
page read and write
|
||
7FFFFFC2000
|
unkown image
|
page readonly
|
||
1B0000
|
unkown
|
page read and write
|
||
5741000
|
unkown
|
page read and write
|
||
7EFB2000
|
unkown image
|
page readonly
|
||
FFFD0000
|
unkown image
|
page readonly
|
||
E9D000
|
unkown
|
page read and write
|
||
6320000
|
unkown
|
page read and write
|
||
FFFC0000
|
unkown image
|
page readonly
|
||
BDE000
|
unkown
|
page read and write
|
||
D5D000
|
unkown
|
page read and write
|
||
FFFB0000
|
unkown image
|
page readonly
|
||
DA2000
|
unkown image
|
page execute read
|
||
226000
|
unkown
|
page execute and read and write
|
||
F53000
|
unkown
|
page read and write
|
||
A60000
|
heap private
|
page execute and read and write
|
||
BF8000
|
heap private
|
page read and write
|
||
A80000
|
unkown
|
page read and write
|
||
291F000
|
unkown
|
page read and write
|
||
5370000
|
heap private
|
page execute and read and write
|
||
1090000
|
unkown image
|
page readonly
|
||
7EFD0000
|
unkown image
|
page readonly
|
||
2933000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
18D000
|
unkown
|
page execute and read and write
|
||
100000
|
unkown image
|
page readonly
|
||
3461000
|
unkown
|
page read and write
|
||
20000
|
unkown
|
page read and write
|
||
FFFB0000
|
unkown image
|
page readonly
|
||
D14000
|
heap default
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
3489000
|
unkown
|
page read and write
|
||
37E000
|
unkown
|
page read and write
|
||
A20000
|
unkown
|
page read and write
|
||
6430000
|
heap private
|
page read and write
|
||
DA2000
|
unkown image
|
page execute read
|
||
7EFC0000
|
unkown image
|
page readonly
|
||
339E000
|
unkown
|
page read and write
|
||
492F000
|
unkown
|
page read and write
|
||
E80000
|
unkown
|
page read and write
|
||
D90000
|
unkown
|
page read and write
|
||
7EFC0000
|
unkown image
|
page readonly
|
||
AD0000
|
unkown
|
page read and write
|
||
3FD000
|
heap default
|
page read and write
|
||
20B0000
|
unkown image
|
page readonly
|
||
3993000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
DA0000
|
unkown image
|
page readonly
|
||
1B0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
3AF1000
|
unkown
|
page read and write
|
||
3900000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
A40000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
23B000
|
unkown
|
page execute and read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
20000
|
unkown
|
page read and write
|
||
9A0000
|
unkown image
|
page readonly
|
||
7EFB2000
|
unkown image
|
page readonly
|
||
880000
|
heap private
|
page read and write
|
||
A80000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
330000
|
heap default
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
DA2000
|
unkown image
|
page execute read
|
||
1B0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
7EFB0000
|
unkown image
|
page readonly
|
||
39E000
|
unkown
|
page read and write
|
||
7EFB0000
|
unkown image
|
page readonly
|
||
FFFC0000
|
unkown image
|
page readonly
|
||
DAA000
|
unkown image
|
page readonly
|
||
7EFE0000
|
unkown image
|
page readonly
|
||
274E000
|
unkown
|
page read and write
|
||
F00000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
A20000
|
unkown
|
page read and write
|
||
7EFD0000
|
unkown image
|
page readonly
|
||
995000
|
unkown
|
page read and write
|
||
56D2000
|
unkown
|
page read and write
|
||
5703000
|
unkown
|
page read and write
|
||
31B1000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
DA0000
|
unkown image
|
page readonly
|
||
2629000
|
unkown
|
page read and write
|
||
3D1000
|
heap default
|
page read and write
|
||
4CDE000
|
unkown
|
page read and write
|
||
260000
|
unkown image
|
page readonly
|
||
9B0000
|
heap private
|
page execute and read and write
|
||
200000
|
unkown
|
page read and write
|
||
3FC0000
|
unkown
|
page read and write
|
||
2C50000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
1032000
|
unkown image
|
page readonly
|
||
FFFC2000
|
unkown image
|
page readonly
|
||
A20000
|
unkown
|
page read and write
|
||
44FD000
|
unkown
|
page read and write
|
||
7EFC0000
|
unkown image
|
page readonly
|
||
7EFDF000
|
unkown
|
page read and write
|
||
2461000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
AD0000
|
unkown image
|
page read and write
|
||
DAA000
|
unkown image
|
page readonly
|
||
3C1B000
|
unkown
|
page read and write
|
||
C30000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
21D0000
|
unkown
|
page read and write
|
||
546000
|
unkown
|
page read and write
|
||
7FFFFFB2000
|
unkown image
|
page readonly
|
||
F5A000
|
unkown
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
29D000
|
unkown image
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
A80000
|
unkown
|
page read and write
|
||
424000
|
heap default
|
page read and write
|
||
4AE0000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
A60000
|
unkown image
|
page read and write
|
||
7EFD0000
|
unkown image
|
page readonly
|
||
136000
|
heap private
|
page read and write
|
||
3CE1000
|
unkown
|
page read and write
|
||
7EFB0000
|
unkown image
|
page readonly
|
||
4AFF000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
50000
|
unkown image
|
page readonly
|
||
247000
|
heap default
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
957000
|
heap private
|
page read and write
|
||
60000
|
unkown image
|
page readonly
|
||
DA0000
|
unkown image
|
page readonly
|
||
B00000
|
unkown
|
page read and write
|
||
FFFC0000
|
unkown image
|
page readonly
|
||
358E000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
640000
|
unkown image
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
A20000
|
unkown
|
page read and write
|
||
1032000
|
unkown image
|
page readonly
|
||
3220000
|
unkown
|
page read and write
|
||
3640000
|
heap private
|
page read and write
|
||
3900000
|
unkown
|
page read and write
|
||
5641000
|
unkown
|
page read and write
|
||
3FC0000
|
unkown
|
page read and write
|
||
940000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
A20000
|
unkown
|
page read and write
|
||
630000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
130000
|
heap private
|
page read and write
|
||
A20000
|
unkown
|
page read and write
|
||
3C3A000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
7EFD0000
|
unkown image
|
page readonly
|
||
CEF000
|
unkown
|
page read and write
|
||
FFFB0000
|
unkown image
|
page readonly
|
||
E80000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
2290000
|
heap private
|
page read and write
|
||
7EFC2000
|
unkown image
|
page readonly
|
||
3B00000
|
unkown
|
page read and write
|
||
10000
|
unkown image
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
FB0000
|
unkown image
|
page readonly
|
||
720000
|
heap default
|
page read and write
|
||
4160000
|
unkown
|
page read and write
|
||
105B000
|
unkown image
|
page readonly
|
||
AD0000
|
unkown
|
page read and write
|
||
A86000
|
unkown
|
page read and write
|
||
550000
|
unkown
|
page read and write
|
||
21CF000
|
unkown
|
page read and write
|
||
7EFC2000
|
unkown image
|
page readonly
|
||
A30000
|
unkown
|
page read and write
|
||
2A10000
|
heap private
|
page read and write
|
||
3F0000
|
heap default
|
page read and write
|
||
550000
|
heap private
|
page read and write
|
||
572000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
FB1000
|
unkown image
|
page execute read
|
||
7F0000
|
heap default
|
page read and write
|
||
A80000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
3FC0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
3540000
|
unkown
|
page read and write
|
||
7EFDF000
|
unkown
|
page read and write
|
||
56A1000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
A80000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
A40000
|
unkown
|
page read and write
|
||
2C6000
|
unkown
|
page read and write
|
||
5BFC000
|
unkown
|
page read and write
|
||
A35000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
4F0000
|
unkown image
|
page readonly
|
||
1BB000
|
unkown
|
page execute and read and write
|
||
269C000
|
unkown
|
page read and write
|
||
830000
|
heap default
|
page read and write
|
||
88E000
|
unkown
|
page read and write
|
||
3027000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
990000
|
unkown
|
page read and write
|
||
16D000
|
unkown
|
page execute and read and write
|
||
1AA000
|
unkown
|
page execute and read and write
|
||
3CF000
|
unkown
|
page read and write
|
||
7EFB2000
|
unkown image
|
page readonly
|
||
2A15000
|
heap private
|
page read and write
|
||
40000
|
unkown image
|
page readonly
|
||
A20000
|
unkown
|
page read and write
|
||
DAA000
|
unkown image
|
page readonly
|
||
F80000
|
unkown image
|
page readonly
|
||
1CC000
|
unkown
|
page read and write
|
||
7EFC2000
|
unkown image
|
page readonly
|
||
A26000
|
unkown
|
page read and write
|
||
1C4000
|
heap private
|
page read and write
|
||
59EC000
|
unkown
|
page read and write
|
||
A40000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
A30000
|
unkown
|
page read and write
|
||
283000
|
unkown
|
page execute and read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
290000
|
unkown
|
page read and write
|
||
8F7000
|
heap default
|
page read and write
|
||
2340000
|
unkown
|
page read and write
|
||
CF0000
|
unkown image
|
page readonly
|
||
426000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
A80000
|
unkown
|
page read and write
|
||
7EFDF000
|
unkown
|
page read and write
|
||
5704000
|
unkown
|
page read and write
|
||
2C0000
|
unkown image
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
4252000
|
unkown
|
page read and write
|
||
7EFB2000
|
unkown image
|
page readonly
|
||
180000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
DA0000
|
unkown image
|
page readonly
|
||
3B00000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
1260000
|
unkown image
|
page readonly
|
||
BF0000
|
heap private
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
1A7000
|
unkown
|
page execute and read and write
|
||
60000
|
unkown image
|
page readonly
|
||
105B000
|
unkown image
|
page readonly
|
||
A20000
|
unkown
|
page read and write
|
||
3FC0000
|
unkown
|
page read and write
|
||
3CF000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
2A0000
|
heap private
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
FFFB2000
|
unkown image
|
page readonly
|
||
2C50000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
840000
|
unkown image
|
page readonly
|
||
35F0000
|
unkown image
|
page readonly
|
||
1B0000
|
unkown
|
page read and write
|
||
7FFFFFB0000
|
unkown image
|
page readonly
|
||
3CF0000
|
unkown
|
page read and write
|
||
343E000
|
unkown
|
page read and write
|
||
6C0000
|
heap private
|
page read and write
|
||
640000
|
unkown
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
C00000
|
unkown image
|
page readonly
|
||
A28000
|
unkown
|
page read and write
|
||
50000
|
unkown image
|
page readonly
|
||
FB0000
|
unkown image
|
page readonly
|
||
234F000
|
unkown
|
page read and write
|
||
6B8000
|
heap private
|
page read and write
|
||
990000
|
unkown
|
page read and write
|
||
4D1D000
|
unkown
|
page read and write
|
||
1040000
|
unkown image
|
page write copy
|
||
580000
|
unkown
|
page read and write
|
||
35EE000
|
unkown
|
page read and write
|
||
AA0000
|
heap default
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
206B000
|
heap private
|
page read and write
|
||
B4E000
|
unkown
|
page read and write
|
||
1041000
|
unkown image
|
page write copy
|
||
6EB000
|
unkown
|
page read and write
|
||
A40000
|
unkown
|
page read and write
|
||
610000
|
unkown
|
page read and write
|
||
FFFB0000
|
unkown image
|
page readonly
|
||
56B000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
F70000
|
heap private
|
page read and write
|
||
950000
|
heap private
|
page read and write
|
||
3B83000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
2962000
|
heap private
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
D90000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
24B3000
|
unkown
|
page read and write
|
||
5230000
|
unkown
|
page read and write
|
||
4160000
|
unkown
|
page read and write
|
||
DA2000
|
unkown image
|
page execute read
|
||
20000
|
unkown
|
page read and write
|
||
3B0000
|
heap default
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
AE0000
|
unkown
|
page read and write
|
||
DA2000
|
unkown image
|
page execute read
|
||
1B0000
|
unkown
|
page read and write
|
||
A40000
|
unkown
|
page read and write
|
||
920000
|
unkown
|
page execute and read and write
|
||
160000
|
unkown image
|
page readonly
|
||
10000
|
unkown image
|
page read and write
|
||
153000
|
unkown
|
page execute and read and write
|
||
D80000
|
unkown image
|
page readonly
|
||
AD6000
|
unkown
|
page read and write
|
||
CEE000
|
unkown
|
page read and write | page guard
|
||
2620000
|
unkown
|
page read and write
|
||
347E000
|
unkown
|
page read and write
|
||
A00000
|
heap private
|
page execute and read and write
|
||
200000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
10000
|
unkown image
|
page read and write
|
||
DB0000
|
unkown image
|
page readonly
|
||
3220000
|
unkown
|
page read and write
|
||
1B0000
|
unkown image
|
page readonly
|
||
7EFB0000
|
unkown image
|
page readonly
|
||
FFFC0000
|
unkown image
|
page readonly
|
||
6B0D000
|
unkown
|
page read and write
|
||
990000
|
heap private
|
page read and write
|
||
1B7000
|
unkown
|
page execute and read and write
|
||
200000
|
unkown
|
page read and write
|
||
6E5000
|
unkown
|
page read and write
|
||
630000
|
unkown
|
page read and write
|
||
1090000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
380000
|
unkown
|
page read and write
|
||
1042000
|
unkown image
|
page read and write
|
||
990000
|
unkown
|
page read and write
|
||
9F0000
|
unkown
|
page read and write
|
||
A20000
|
unkown
|
page read and write
|
||
FFFD0000
|
unkown image
|
page readonly
|
||
2E40000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
A3E000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
4780000
|
unkown image
|
page readonly
|
||
A45000
|
unkown
|
page read and write
|
||
1041000
|
unkown image
|
page write copy
|
||
60000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
293E000
|
unkown
|
page read and write
|
||
9F0000
|
unkown image
|
page readonly
|
||
A80000
|
unkown
|
page read and write
|
||
54C000
|
unkown
|
page read and write
|
||
A30000
|
unkown
|
page read and write
|
||
49CF000
|
unkown
|
page read and write
|
||
6B0000
|
heap private
|
page read and write
|
||
60000
|
unkown image
|
page readonly
|
||
AD0000
|
unkown
|
page read and write
|
||
3FC0000
|
unkown
|
page read and write
|
||
3B1000
|
unkown
|
page read and write
|
||
7EFC0000
|
unkown image
|
page readonly
|
||
7EFB2000
|
unkown image
|
page readonly
|
||
3440000
|
heap private
|
page read and write
|
||
AD5000
|
unkown
|
page read and write
|
||
610000
|
unkown
|
page read and write
|
||
AD8000
|
unkown
|
page read and write
|
||
2340000
|
unkown
|
page read and write
|
||
383000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
A90000
|
unkown
|
page read and write
|
||
CED000
|
heap default
|
page read and write
|
||
58EE000
|
unkown
|
page read and write
|
||
2298000
|
heap private
|
page read and write
|
||
56A2000
|
unkown
|
page read and write
|
||
3A2B000
|
unkown
|
page read and write
|
||
3CB5000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
A3000
|
heap default
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
4D30000
|
heap private
|
page read and write
|
||
D90000
|
unkown
|
page read and write
|
||
AD6000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
370000
|
unkown
|
page execute and read and write
|
||
E70000
|
unkown image
|
page readonly
|
||
B00000
|
unkown
|
page read and write
|
||
6A0000
|
unkown image
|
page readonly
|
||
3901000
|
unkown
|
page read and write
|
||
6EB000
|
unkown
|
page read and write
|
||
29D000
|
unkown
|
page execute and read and write
|
||
3220000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
3691000
|
unkown
|
page read and write
|
||
DA0000
|
unkown image
|
page readonly
|
||
3150000
|
unkown image
|
page readonly
|
||
D40000
|
unkown
|
page read and write
|
||
7EFB0000
|
unkown image
|
page readonly
|
||
7EFC0000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
3993000
|
unkown
|
page read and write
|
||
13F0000
|
unkown image
|
page readonly
|
||
1B0000
|
unkown
|
page read and write
|
||
3A0000
|
unkown
|
page execute and read and write
|
||
56EC000
|
unkown
|
page read and write
|
||
7C0000
|
unkown image
|
page readonly
|
||
261000
|
unkown image
|
page execute read
|
||
9F5000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
C50000
|
heap private
|
page execute and read and write
|
||
200000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
439E000
|
unkown
|
page read and write
|
||
582D000
|
unkown
|
page read and write
|
||
FFFC2000
|
unkown image
|
page readonly
|
||
7EFE0000
|
unkown image
|
page readonly
|
||
AD0000
|
unkown
|
page read and write
|
||
2D0000
|
unkown
|
page read and write
|
||
E0000
|
unkown
|
page read and write
|
||
555E000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
2940000
|
heap private
|
page read and write
|
||
3E0000
|
heap private
|
page read and write
|
||
6C0000
|
unkown image
|
page readonly
|
||
26ED000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
7EFC2000
|
unkown image
|
page readonly
|
||
3220000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
5290000
|
heap private
|
page execute and read and write
|
||
B02000
|
unkown
|
page read and write
|
||
3D1000
|
unkown
|
page read and write
|
||
DA0000
|
unkown image
|
page readonly
|
||
1042000
|
unkown image
|
page read and write
|
||
26A0000
|
unkown image
|
page readonly
|
||
3900000
|
unkown
|
page read and write
|
||
7EFD0000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
83D000
|
heap default
|
page read and write
|
||
150000
|
unkown image
|
page readonly
|
||
27C6000
|
heap private
|
page read and write
|
||
7EFE0000
|
unkown image
|
page readonly
|
||
237000
|
unkown
|
page execute and read and write
|
||
A30000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
1E2000
|
heap private
|
page read and write
|
||
F40000
|
unkown image
|
page readonly
|
||
7EFC2000
|
unkown image
|
page readonly
|
||
5640000
|
unkown
|
page read and write
|
||
50000
|
unkown image
|
page readonly
|
||
7FFFFFB2000
|
unkown image
|
page readonly
|
||
7EFB0000
|
unkown image
|
page readonly
|
||
22A000
|
unkown
|
page execute and read and write
|
||
3900000
|
unkown
|
page read and write
|
||
460E000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
54AE000
|
unkown
|
page read and write
|
||
3FC0000
|
unkown
|
page read and write
|
||
A80000
|
unkown
|
page read and write
|
||
34B000
|
unkown
|
page execute and read and write
|
||
65C0000
|
heap private
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
362000
|
unkown
|
page execute and read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
565E000
|
unkown
|
page read and write | page guard
|
||
170000
|
unkown image
|
page read and write
|
||
314E000
|
unkown
|
page read and write
|
||
914000
|
heap default
|
page read and write
|
||
1210000
|
unkown image
|
page readonly
|
||
9F0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
292000
|
unkown image
|
page readonly
|
||
935000
|
heap default
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
3D1000
|
unkown
|
page read and write
|
||
ACE000
|
unkown
|
page read and write
|
||
413000
|
unkown
|
page read and write
|
||
DA2000
|
unkown image
|
page execute read
|
||
7FFFFFC2000
|
unkown image
|
page readonly
|
||
2BC000
|
heap default
|
page read and write
|
||
20000
|
unkown
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
268E000
|
unkown
|
page read and write | page guard
|
||
1C0000
|
heap private
|
page read and write
|
||
242D000
|
unkown
|
page read and write
|
||
7EFB0000
|
unkown image
|
page readonly
|
||
50000
|
unkown image
|
page readonly
|
||
354000
|
heap default
|
page read and write
|
||
590000
|
heap private
|
page execute and read and write
|
||
248000
|
unkown
|
page read and write
|
||
3FC0000
|
unkown
|
page read and write
|
||
DA0000
|
unkown image
|
page readonly
|
||
1B0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
380000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
FFFB2000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
2300000
|
heap private
|
page read and write
|
||
15D000
|
unkown
|
page execute and read and write
|
||
27C0000
|
heap private
|
page read and write
|
||
644000
|
heap private
|
page read and write
|
||
2A4000
|
unkown image
|
page read and write
|
||
7EFB2000
|
unkown image
|
page readonly
|
||
27ED000
|
unkown
|
page read and write
|
||
E70000
|
heap private
|
page read and write
|
||
90000
|
heap default
|
page read and write
|
||
B00000
|
unkown
|
page read and write
|
||
62DE000
|
unkown
|
page read and write
|
||
3B7000
|
unkown
|
page read and write
|
||
340000
|
unkown
|
page execute and read and write
|
||
4E1E000
|
unkown
|
page read and write
|
||
57A000
|
unkown
|
page read and write
|
||
2F6E000
|
unkown
|
page read and write
|
||
D0C000
|
heap default
|
page read and write
|
||
27D0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
7FFFFFB0000
|
unkown image
|
page readonly
|
||
A80000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
FFFD0000
|
unkown image
|
page readonly
|
||
800000
|
unkown
|
page read and write
|
||
240000
|
heap default
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
814000
|
heap default
|
page read and write
|
||
292000
|
unkown image
|
page readonly
|
||
1040000
|
unkown image
|
page write copy
|
||
27E000
|
heap default
|
page read and write
|
||
20000
|
unkown image
|
page read and write
|
||
140000
|
unkown image
|
page readonly
|
||
3D3000
|
unkown
|
page read and write
|
||
518C000
|
unkown
|
page read and write
|
||
422F000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
990000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
9D0000
|
unkown
|
page read and write
|
||
4BC4000
|
heap private
|
page read and write
|
||
4182000
|
unkown
|
page read and write
|
||
17D000
|
unkown
|
page execute and read and write
|
||
A30000
|
unkown
|
page read and write
|
||
140000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
50000
|
unkown image
|
page readonly
|
||
DAA000
|
unkown image
|
page readonly
|
||
7EFC0000
|
unkown image
|
page readonly
|
||
AD5000
|
unkown
|
page read and write
|
||
3A50000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
D3D000
|
unkown
|
page read and write
|
||
7FFFFFD0000
|
unkown image
|
page readonly
|
||
AD0000
|
unkown
|
page read and write
|
||
A30000
|
unkown
|
page read and write
|
||
DA0000
|
unkown image
|
page readonly
|
||
4DAE000
|
unkown
|
page read and write
|
||
2340000
|
unkown
|
page read and write
|
||
7FFFFFC0000
|
unkown image
|
page readonly
|
||
3220000
|
unkown
|
page read and write
|
||
A30000
|
unkown
|
page read and write
|
||
4230000
|
unkown
|
page read and write
|
||
477E000
|
unkown
|
page read and write
|
||
2F2000
|
unkown
|
page execute and read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
110000
|
unkown image
|
page readonly
|
||
1B0000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
CC4000
|
heap default
|
page read and write
|
||
599E000
|
unkown
|
page read and write | page guard
|
||
5D0000
|
unkown image
|
page readonly
|
||
7EFB2000
|
unkown image
|
page readonly
|
||
464C000
|
unkown
|
page read and write
|
||
7EFE0000
|
unkown image
|
page readonly
|
||
6790000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
46B5000
|
unkown
|
page read and write
|
||
9F0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
46FC000
|
unkown
|
page read and write
|
||
8F0000
|
heap default
|
page read and write
|
||
449E000
|
unkown
|
page read and write
|
||
2034000
|
heap private
|
page read and write
|
||
1040000
|
unkown image
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
120000
|
unkown image
|
page readonly
|
||
7EF40000
|
unkown
|
page execute and read and write
|
||
174000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
245F000
|
unkown
|
page read and write
|
||
A80000
|
unkown
|
page read and write
|
||
335D000
|
unkown
|
page read and write
|
||
7FFFFFC0000
|
unkown image
|
page readonly
|
||
3220000
|
unkown
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
2C50000
|
unkown
|
page read and write
|
||
9B5000
|
heap private
|
page read and write
|
||
46E2000
|
heap private
|
page read and write
|
||
A20000
|
unkown
|
page read and write
|
||
8F0000
|
heap default
|
page read and write
|
||
4160000
|
unkown
|
page read and write
|
||
FB0000
|
unkown image
|
page readonly
|
||
940000
|
unkown
|
page read and write
|
||
6DDD000
|
unkown
|
page read and write
|
||
FFFB2000
|
unkown image
|
page readonly
|
||
480E000
|
unkown
|
page read and write
|
||
7EFD0000
|
unkown image
|
page readonly
|
||
3AF0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
7EFC0000
|
unkown image
|
page readonly
|
||
A20000
|
unkown
|
page read and write
|
||
477F000
|
unkown
|
page read and write
|
||
A40000
|
unkown image
|
page readonly
|
||
1E0000
|
heap default
|
page read and write
|
||
260000
|
unkown image
|
page readonly
|
||
7EFC0000
|
unkown image
|
page readonly
|
||
820000
|
unkown image
|
page readonly
|
||
A88000
|
unkown
|
page read and write
|
||
E76000
|
heap private
|
page read and write
|
||
B7D000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
10000
|
unkown image
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
62D000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
2294000
|
heap private
|
page read and write
|
||
FB0000
|
unkown image
|
page readonly
|
||
1B0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
810000
|
unkown image
|
page readonly
|
||
A30000
|
unkown
|
page read and write
|
||
284000
|
unkown
|
page read and write
|
||
FB1000
|
unkown image
|
page execute read
|
||
9D0000
|
unkown
|
page read and write
|
||
4090000
|
unkown
|
page read and write
|
||
7EFB0000
|
unkown image
|
page readonly
|
||
3CF0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
DB0000
|
unkown image
|
page readonly
|
||
1057000
|
unkown image
|
page read and write
|
||
1C10000
|
unkown image
|
page readonly
|
||
1057000
|
unkown image
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
2510000
|
unkown
|
page read and write
|
||
336000
|
unkown
|
page read and write
|
||
98E000
|
unkown
|
page read and write
|
||
7FFFFFD0000
|
unkown image
|
page readonly
|
||
FFFC2000
|
unkown image
|
page readonly
|
||
A35000
|
unkown
|
page read and write
|
||
212F000
|
unkown
|
page read and write
|
||
9C0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
AD7000
|
unkown
|
page read and write
|
||
DA0000
|
unkown image
|
page readonly
|
||
2A4B000
|
heap private
|
page read and write
|
||
A20000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
2C1000
|
unkown image
|
page readonly
|
||
3FBF000
|
unkown
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
A40000
|
unkown
|
page read and write
|
||
930000
|
unkown
|
page execute and read and write
|
||
9C0000
|
unkown
|
page read and write
|
||
7EFC2000
|
unkown image
|
page readonly
|
||
39E000
|
unkown
|
page read and write
|
||
28D000
|
unkown
|
page execute and read and write
|
||
662000
|
heap private
|
page read and write
|
||
FB0000
|
unkown image
|
page readonly
|
||
2944000
|
heap private
|
page read and write
|
||
154000
|
unkown
|
page read and write
|
||
D90000
|
unkown
|
page execute and read and write
|
||
30000
|
unkown image
|
page readonly
|
||
2340000
|
unkown
|
page read and write
|
||
7EFC2000
|
unkown image
|
page readonly
|
||
3CF0000
|
unkown
|
page read and write
|
||
557000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
850000
|
unkown image
|
page readonly
|
||
32B5000
|
unkown
|
page read and write
|
||
261000
|
unkown image
|
page execute read
|
||
3CF0000
|
unkown
|
page read and write
|
||
DAA000
|
unkown image
|
page readonly
|
||
FFFD0000
|
unkown image
|
page readonly
|
||
4BC0000
|
heap private
|
page read and write
|
||
563000
|
unkown
|
page read and write
|
||
8F7000
|
heap default
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
270000
|
unkown
|
page read and write
|
||
7EFB2000
|
unkown image
|
page readonly
|
||
1B0000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
130000
|
unkown image
|
page readonly
|
||
5FE000
|
unkown
|
page read and write
|
||
5740000
|
unkown
|
page read and write
|
||
3CF0000
|
unkown
|
page read and write
|
||
8DF000
|
heap default
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
990000
|
unkown
|
page read and write
|
||
7F7000
|
heap default
|
page read and write
|
||
20000
|
unkown image
|
page readonly
|
||
449E000
|
unkown
|
page read and write
|
||
2030000
|
heap private
|
page read and write
|
||
529E000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
5BF000
|
unkown
|
page read and write
|
||
A26000
|
unkown
|
page read and write
|
||
10000
|
unkown image
|
page read and write
|
||
3E4000
|
heap private
|
page read and write
|
||
6C6000
|
heap private
|
page read and write
|
||
534E000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
914000
|
heap default
|
page read and write
|
||
46C0000
|
heap private
|
page read and write
|
||
FFFDF000
|
unkown
|
page read and write
|
||
2E40000
|
unkown
|
page read and write
|
||
53ED000
|
unkown
|
page read and write
|
||
120000
|
unkown image
|
page read and write
|
||
383000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
3AF1000
|
unkown
|
page read and write
|
||
6050000
|
unkown
|
page read and write
|
||
268F000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
379000
|
unkown
|
page read and write
|
||
9F0000
|
unkown image
|
page readonly
|
||
FB1000
|
unkown image
|
page execute read
|
||
200000
|
unkown
|
page read and write
|
||
50B5000
|
unkown
|
page read and write
|
||
3B00000
|
unkown
|
page read and write
|
||
3D1000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
160000
|
unkown
|
page read and write
|
||
2C1000
|
unkown image
|
page readonly
|
||
7EFD0000
|
unkown image
|
page readonly
|
||
395000
|
heap default
|
page read and write
|
||
3C6F000
|
unkown
|
page read and write
|
||
F30000
|
unkown image
|
page readonly
|
||
AC000
|
unkown
|
page read and write
|
||
3B2000
|
heap default
|
page read and write
|
||
830000
|
unkown image
|
page readonly
|
||
A30000
|
unkown
|
page read and write
|
||
2340000
|
unkown
|
page read and write
|
||
740000
|
heap default
|
page read and write
|
||
173000
|
unkown
|
page execute and read and write
|
||
4F4F000
|
unkown
|
page read and write
|
||
CA0000
|
heap default
|
page read and write
|
||
140000
|
unkown image
|
page read and write
|
||
37E000
|
unkown
|
page read and write
|
||
468E000
|
unkown
|
page read and write
|
||
229B000
|
heap private
|
page read and write
|
||
2E40000
|
unkown
|
page read and write
|
||
105B000
|
unkown image
|
page readonly
|
||
177000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
160000
|
unkown
|
page read and write
|
||
1220000
|
unkown image
|
page readonly
|
||
1032000
|
unkown image
|
page readonly
|
||
4CDE000
|
unkown
|
page read and write
|
||
200000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
10000
|
unkown image
|
page read and write
|
||
640000
|
heap private
|
page read and write
|
||
3A4A000
|
unkown
|
page read and write
|
||
A45000
|
unkown
|
page read and write
|
||
FFFDF000
|
unkown
|
page read and write
|
||
37B000
|
unkown
|
page read and write
|
||
7EF40000
|
unkown
|
page execute and read and write
|
||
CE0000
|
heap default
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
568000
|
unkown
|
page read and write
|
||
1AB000
|
unkown
|
page read and write
|
||
180000
|
unkown image
|
page read and write
|
||
1040000
|
unkown image
|
page read and write
|
||
670000
|
unkown image
|
page readonly
|
||
329E000
|
unkown
|
page read and write
|
||
46C4000
|
heap private
|
page read and write
|
||
38F000
|
heap default
|
page read and write
|
||
130000
|
unkown image
|
page read and write
|
||
4BDF000
|
unkown
|
page read and write
|
||
589C000
|
unkown
|
page read and write
|
||
599F000
|
unkown
|
page read and write
|
||
4BE2000
|
heap private
|
page read and write
|
||
60000
|
unkown image
|
page readonly
|
||
13A000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
4D40000
|
heap private
|
page read and write
|
||
55DE000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
A80000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
337000
|
heap default
|
page read and write
|
||
7EFC2000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
565F000
|
unkown
|
page read and write
|
||
29D000
|
unkown image
|
page write copy
|
||
975000
|
heap private
|
page read and write
|
||
260000
|
unkown image
|
page readonly
|
||
AD0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
37B000
|
unkown
|
page read and write
|
||
10000
|
unkown image
|
page read and write
|
||
3BC000
|
heap default
|
page read and write
|
||
620000
|
unkown
|
page read and write
|
||
60000
|
unkown image
|
page readonly
|
||
3220000
|
unkown
|
page read and write
|
||
3D4000
|
heap default
|
page read and write
|
||
7EFE0000
|
unkown image
|
page readonly
|
||
222000
|
unkown
|
page read and write
|
||
1220000
|
heap private
|
page read and write
|
||
5C00000
|
unkown image
|
page readonly
|
||
200000
|
unkown
|
page read and write
|
||
105B000
|
unkown image
|
page readonly
|
||
232000
|
unkown
|
page read and write
|
||
55E000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
690000
|
heap private
|
page read and write
|
||
FB0000
|
unkown image
|
page readonly
|
||
5AEC000
|
unkown
|
page read and write
|
||
A36000
|
unkown
|
page read and write
|
||
3FC0000
|
unkown
|
page read and write
|
||
180000
|
unkown
|
page read and write
|
||
FFFB2000
|
unkown image
|
page readonly
|
||
AD6000
|
unkown
|
page read and write
|
||
BA000
|
unkown
|
page read and write
|
||
A86000
|
unkown
|
page read and write
|
||
A30000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
3B7000
|
heap default
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
68E000
|
unkown
|
page read and write
|
||
630000
|
unkown image
|
page readonly
|
||
33FE000
|
unkown
|
page read and write
|
||
3900000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
53B000
|
unkown
|
page read and write
|
||
3901000
|
unkown
|
page read and write
|
||
2D0000
|
unkown
|
page execute and read and write
|
||
F59000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
200000
|
unkown
|
page read and write
|
||
9F0000
|
unkown
|
page read and write
|
||
6150000
|
heap private
|
page read and write
|
||
1032000
|
unkown image
|
page readonly
|
||
DAA000
|
unkown image
|
page readonly
|
||
1B0000
|
unkown
|
page read and write
|
||
D0000
|
unkown image
|
page read and write
|
||
20000
|
unkown
|
page read and write
|
||
1AA000
|
unkown
|
page read and write
|
||
3B83000
|
unkown
|
page read and write
|
||
FB1000
|
unkown image
|
page execute read
|
||
7EFDF000
|
unkown
|
page read and write
|
||
413000
|
unkown
|
page read and write
|
||
190000
|
heap private
|
page read and write
|
||
AD0000
|
unkown
|
page read and write
|
||
2410000
|
unkown
|
page read and write
|
||
5B2F000
|
unkown
|
page read and write
|
||
2F70000
|
unkown image
|
page readonly
|
||
FFFC2000
|
unkown image
|
page readonly
|
||
3900000
|
unkown
|
page read and write
|
||
3220000
|
unkown
|
page read and write
|
||
AE0000
|
unkown
|
page read and write
|
||
1B0000
|
unkown
|
page read and write
|
||
58FE000
|
unkown
|
page read and write
|
There are 950 hidden memdumps, click here to show them.