Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
004192374854_4.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Create Time/Date: Mon Oct
18 10:07:46 2021, Last Saved Time/Date: Mon Oct 18 10:09:47 2021, Security: 0, Comments: Enel Energia - Mercato libero dell'energia
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A58416D3-19ED-4E1C-BD92-401540FA0C34
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://api.aadrm.com
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://outlook.office365.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
https://api.cortana.ai
|
unknown
|
|
|
|
https://onedrive.live.com
|
unknown
|
|
|
|
https://ovisualuiapp.azurewebsites.net/pbiagave/
|
unknown
|
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
windowsupdate.s.llnwi.net
|
178.79.242.0
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
it-IT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
om=
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
pm=
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1040&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1040&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1040&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1040&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1040&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1040&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\21EBA
|
21EBA
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
1x=
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
y5-
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1040
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2F132
|
2F132
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
l9-
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
|
Input
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
|
TargetConverted
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
|
Converted
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
|
TargetNotConverted
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
|
InputError
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\IMEMIP\0x0410
|
FixedConverted
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\371E5
|
371E5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\379E1
|
379E1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
There are 90 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
26148060000
|
unkown image
|
page read and write
|
|
|
|
7FF5D510E000
|
unkown image
|
page readonly
|
|
|
|
17E2B5F0000
|
unkown image
|
page readonly
|
|
|
|
5843A77000
|
stack
|
page read and write
|
|
|
|
7FF5599BE000
|
unkown image
|
page readonly
|
|
|
|
1FE1F1D0000
|
unkown
|
page read and write
|
|
|
|
7FF559F97000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBC7000
|
unkown
|
page read and write
|
|
|
|
7DF5E2E12000
|
unkown image
|
page readonly
|
|
|
|
2BD5FFF000
|
stack
|
page read and write
|
|
|
|
17E2B4F0000
|
unkown image
|
page readonly
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
7FF5224C7000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB67000
|
unkown
|
page read and write
|
|
|
|
14317D10000
|
unkown image
|
page readonly
|
|
|
|
1FE1F140000
|
heap private
|
page read and write
|
|
|
|
1FE1FB8B000
|
unkown
|
page read and write
|
|
|
|
1FE1FB8C000
|
unkown
|
page read and write
|
|
|
|
2614824E000
|
unkown
|
page read and write
|
|
|
|
7FF559C61000
|
unkown image
|
page readonly
|
|
|
|
7FF534B03000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB93000
|
unkown
|
page read and write
|
|
|
|
1FE1FB96000
|
unkown
|
page read and write
|
|
|
|
1B5A6261000
|
unkown
|
page read and write
|
|
|
|
7DF5E2E10000
|
unkown image
|
page readonly
|
|
|
|
7FF57BAFA000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB99000
|
unkown
|
page read and write
|
|
|
|
1B3E750C000
|
heap default
|
page read and write
|
|
|
|
14317F2F000
|
unkown
|
page read and write
|
|
|
|
1FE1FB8C000
|
unkown
|
page read and write
|
|
|
|
1B5A6140000
|
unkown image
|
page readonly
|
|
|
|
7DF567DF0000
|
unkown image
|
page readonly
|
|
|
|
7DF530212000
|
unkown image
|
page readonly
|
|
|
|
7FF53446E000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB77000
|
unkown
|
page read and write
|
|
|
|
1FE1FB79000
|
unkown
|
page read and write
|
|
|
|
7FF5D50E7000
|
unkown image
|
page readonly
|
|
|
|
584377A000
|
stack
|
page read and write
|
|
|
|
1FE1FBAA000
|
unkown
|
page read and write
|
|
|
|
26148400000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB75000
|
unkown
|
page read and write
|
|
|
|
143181C0000
|
heap private
|
page read and write
|
|
|
|
7FF5D50C3000
|
unkown image
|
page readonly
|
|
|
|
7DF5EF572000
|
unkown image
|
page readonly
|
|
|
|
7FF55A02F000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBD9000
|
unkown
|
page read and write
|
|
|
|
143181C5000
|
heap private
|
page read and write
|
|
|
|
7FF5E1911000
|
unkown image
|
page readonly
|
|
|
|
1FE1F2F4000
|
unkown
|
page read and write
|
|
|
|
7FF55A0A7000
|
unkown image
|
page readonly
|
|
|
|
1B3E750F000
|
unkown
|
page read and write
|
|
|
|
7FF55A08F000
|
unkown image
|
page readonly
|
|
|
|
3EA5A7F000
|
stack
|
page read and write
|
|
|
|
7FF5D5031000
|
unkown image
|
page readonly
|
|
|
|
1FE1F265000
|
unkown
|
page read and write
|
|
|
|
7FF5E1595000
|
unkown image
|
page readonly
|
|
|
|
7FF5225A1000
|
unkown image
|
page readonly
|
|
|
|
7DF567DE2000
|
unkown image
|
page readonly
|
|
|
|
1B5A6200000
|
unkown
|
page read and write
|
|
|
|
7FF55A031000
|
unkown image
|
page readonly
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
14317F00000
|
heap default
|
page read and write
|
|
|
|
1FE1FB99000
|
unkown
|
page read and write
|
|
|
|
7FF559EC6000
|
unkown image
|
page readonly
|
|
|
|
1B3E8330000
|
unkown
|
page read and write
|
|
|
|
1FE1FB8C000
|
unkown
|
page read and write
|
|
|
|
9A19CF7000
|
stack
|
page read and write
|
|
|
|
7FF559CE7000
|
unkown image
|
page readonly
|
|
|
|
1B5A6120000
|
unkown image
|
page read and write
|
|
|
|
7FF55A0DE000
|
unkown image
|
page readonly
|
|
|
|
1B3E8390000
|
unkown
|
page read and write
|
|
|
|
7DF589790000
|
unkown image
|
page readonly
|
|
|
|
7FF559C67000
|
unkown image
|
page readonly
|
|
|
|
7FF5E186E000
|
unkown image
|
page readonly
|
|
|
|
584397E000
|
stack
|
page read and write
|
|
|
|
2BC847E000
|
stack
|
page read and write
|
|
|
|
7FF522591000
|
unkown image
|
page readonly
|
|
|
|
7FF53445F000
|
unkown image
|
page readonly
|
|
|
|
7DF567DF0000
|
unkown image
|
page readonly
|
|
|
|
2614824F000
|
unkown
|
page read and write
|
|
|
|
7FF55A093000
|
unkown image
|
page readonly
|
|
|
|
1FE1F2B2000
|
unkown
|
page read and write
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
7FF5D5194000
|
unkown image
|
page readonly
|
|
|
|
7FF534BC4000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1830000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB82000
|
unkown
|
page read and write
|
|
|
|
1FE1F256000
|
unkown
|
page read and write
|
|
|
|
7FF57BA8A000
|
unkown image
|
page readonly
|
|
|
|
7FF5E14D1000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBD9000
|
unkown
|
page read and write
|
|
|
|
7FF559EDF000
|
unkown image
|
page readonly
|
|
|
|
7FF559CE9000
|
unkown image
|
page readonly
|
|
|
|
1B5A6850000
|
unkown image
|
page readonly
|
|
|
|
7FF5D4D71000
|
unkown image
|
page readonly
|
|
|
|
A517977000
|
stack
|
page read and write
|
|
|
|
7DF589782000
|
unkown image
|
page readonly
|
|
|
|
261480B0000
|
unkown image
|
page readonly
|
|
|
|
7FF53497A000
|
unkown image
|
page readonly
|
|
|
|
7FF5D4F36000
|
unkown image
|
page readonly
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
7FF5D4FBF000
|
unkown image
|
page readonly
|
|
|
|
7FF57BA37000
|
unkown image
|
page readonly
|
|
|
|
7DF530202000
|
unkown image
|
page readonly
|
|
|
|
7DF589790000
|
unkown image
|
page readonly
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
7FF5224F3000
|
unkown image
|
page readonly
|
|
|
|
7FF559E8B000
|
unkown image
|
page readonly
|
|
|
|
7DF530200000
|
unkown image
|
page readonly
|
|
|
|
7FF534AE6000
|
unkown image
|
page readonly
|
|
|
|
1B3E73C0000
|
unkown image
|
page read and write
|
|
|
|
7FF55A171000
|
unkown image
|
page readonly
|
|
|
|
1FE1F257000
|
unkown
|
page read and write
|
|
|
|
17E2B700000
|
unkown
|
page read and write
|
|
|
|
7FF57BA1F000
|
unkown image
|
page readonly
|
|
|
|
7FF534BCA000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBA7000
|
unkown
|
page read and write
|
|
|
|
7FF5D50D3000
|
unkown image
|
page readonly
|
|
|
|
7FF559D57000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB85000
|
unkown
|
page read and write
|
|
|
|
1FE1FBAE000
|
unkown
|
page read and write
|
|
|
|
7FF5224D7000
|
unkown image
|
page readonly
|
|
|
|
14317D30000
|
unkown image
|
page readonly
|
|
|
|
7FF559AE7000
|
unkown image
|
page readonly
|
|
|
|
7FF5E181F000
|
unkown image
|
page readonly
|
|
|
|
17E2B702000
|
unkown
|
page read and write
|
|
|
|
2BC86FB000
|
stack
|
page read and write
|
|
|
|
7FF522225000
|
unkown image
|
page readonly
|
|
|
|
584357F000
|
stack
|
page read and write
|
|
|
|
5843BFC000
|
stack
|
page read and write
|
|
|
|
1B3E73D0000
|
unkown
|
page read and write
|
|
|
|
1B5A627F000
|
unkown
|
page read and write
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
7FF5E18E9000
|
unkown image
|
page readonly
|
|
|
|
1FE1F2A1000
|
unkown
|
page read and write
|
|
|
|
7FF5E1837000
|
unkown image
|
page readonly
|
|
|
|
26148A02000
|
unkown
|
page read and write
|
|
|
|
1B3E73E0000
|
unkown image
|
page readonly
|
|
|
|
7FF534B5D000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
1B5A6170000
|
unkown image
|
page readonly
|
|
|
|
7DF542850000
|
unkown image
|
page readonly
|
|
|
|
26148255000
|
unkown
|
page read and write
|
|
|
|
7FF5E176B000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB8C000
|
unkown
|
page read and write
|
|
|
|
1FE1FB5B000
|
unkown
|
page read and write
|
|
|
|
2614828D000
|
unkown
|
page read and write
|
|
|
|
7FF55A089000
|
unkown image
|
page readonly
|
|
|
|
7DF589780000
|
unkown image
|
page readonly
|
|
|
|
7FF559E47000
|
unkown image
|
page readonly
|
|
|
|
1B5A6300000
|
unkown
|
page read and write
|
|
|
|
7DF5EF572000
|
unkown image
|
page readonly
|
|
|
|
A517A7F000
|
stack
|
page read and write
|
|
|
|
7FF5D4C97000
|
unkown image
|
page readonly
|
|
|
|
1B3E8340000
|
unkown
|
page read and write
|
|
|
|
1FE1FB9B000
|
unkown
|
page read and write
|
|
|
|
7FF55A06E000
|
unkown image
|
page readonly
|
|
|
|
2614826C000
|
unkown
|
page read and write
|
|
|
|
7DF530202000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB6F000
|
unkown
|
page read and write
|
|
|
|
1FE1FB85000
|
unkown
|
page read and write
|
|
|
|
1FE1FBAC000
|
unkown
|
page read and write
|
|
|
|
7FF5D5035000
|
unkown image
|
page readonly
|
|
|
|
1FE1F6D0000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBB1000
|
unkown
|
page read and write
|
|
|
|
7FF5D4969000
|
unkown image
|
page readonly
|
|
|
|
2BD5E79000
|
stack
|
page read and write
|
|
|
|
5843AFE000
|
stack
|
page read and write
|
|
|
|
2BD5CFD000
|
stack
|
page read and write
|
|
|
|
7DF530212000
|
unkown image
|
page readonly
|
|
|
|
7FF5E188D000
|
unkown image
|
page readonly
|
|
|
|
7FF534B5A000
|
unkown image
|
page readonly
|
|
|
|
26148200000
|
unkown
|
page read and write
|
|
|
|
2BC897E000
|
stack
|
page read and write
|
|
|
|
2BC84FE000
|
stack
|
page read and write
|
|
|
|
7FF5D5127000
|
unkown image
|
page readonly
|
|
|
|
7FF5D4F7D000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB93000
|
unkown
|
page read and write
|
|
|
|
7FF522497000
|
unkown image
|
page readonly
|
|
|
|
7FF534BDA000
|
unkown image
|
page readonly
|
|
|
|
7DF5E2E22000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1911000
|
unkown image
|
page readonly
|
|
|
|
1B5A6140000
|
unkown image
|
page readonly
|
|
|
|
17E2B4C0000
|
unkown image
|
page readonly
|
|
|
|
7DF542842000
|
unkown image
|
page readonly
|
|
|
|
1B3E8050000
|
unkown
|
page read and write
|
|
|
|
7FF52259A000
|
unkown image
|
page readonly
|
|
|
|
26148300000
|
unkown
|
page read and write
|
|
|
|
2BC887F000
|
stack
|
page read and write
|
|
|
|
7FF5223F5000
|
unkown image
|
page readonly
|
|
|
|
7FF55A0A0000
|
unkown image
|
page readonly
|
|
|
|
7FF522572000
|
unkown image
|
page readonly
|
|
|
|
7FF55A063000
|
unkown image
|
page readonly
|
|
|
|
7DF589772000
|
unkown image
|
page readonly
|
|
|
|
7FF5D500B000
|
unkown image
|
page readonly
|
|
|
|
26148313000
|
unkown
|
page read and write
|
|
|
|
7FF5D4E35000
|
unkown image
|
page readonly
|
|
|
|
1FE1F23C000
|
unkown
|
page read and write
|
|
|
|
1FE1FB74000
|
unkown
|
page read and write
|
|
|
|
7FF559E52000
|
unkown image
|
page readonly
|
|
|
|
7FF559EE5000
|
unkown image
|
page readonly
|
|
|
|
7FF55A0D3000
|
unkown image
|
page readonly
|
|
|
|
9A19DFF000
|
stack
|
page read and write
|
|
|
|
1FE1FB77000
|
unkown
|
page read and write
|
|
|
|
7FF52240C000
|
unkown image
|
page readonly
|
|
|
|
7FF55A077000
|
unkown image
|
page readonly
|
|
|
|
7FF57BA1D000
|
unkown image
|
page readonly
|
|
|
|
1FE2006A000
|
unkown
|
page read and write
|
|
|
|
7DF42E0D0000
|
unkown image
|
page readonly
|
|
|
|
1B3E7507000
|
unkown
|
page read and write
|
|
|
|
7FF55A0A3000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1791000
|
unkown image
|
page readonly
|
|
|
|
58434FE000
|
stack
|
page read and write
|
|
|
|
7FF5224EB000
|
unkown image
|
page readonly
|
|
|
|
A51767E000
|
stack
|
page read and write
|
|
|
|
26148080000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB8F000
|
unkown
|
page read and write
|
|
|
|
1FE1F302000
|
unkown
|
page read and write
|
|
|
|
17E2B655000
|
unkown
|
page read and write
|
|
|
|
7FF534BD1000
|
unkown image
|
page readonly
|
|
|
|
3EA5AFF000
|
stack
|
page read and write
|
|
|
|
7FF5599C2000
|
unkown image
|
page readonly
|
|
|
|
7FF5224AF000
|
unkown image
|
page readonly
|
|
|
|
7FF5E16C1000
|
unkown image
|
page readonly
|
|
|
|
7FF57BB05000
|
unkown image
|
page readonly
|
|
|
|
1FE1F850000
|
unkown image
|
page readonly
|
|
|
|
7DF440710000
|
unkown image
|
page readonly
|
|
|
|
1FE1F259000
|
unkown
|
page read and write
|
|
|
|
1B3E74C0000
|
heap default
|
page read and write
|
|
|
|
7FF55A05A000
|
unkown image
|
page readonly
|
|
|
|
7FF5349F7000
|
unkown image
|
page readonly
|
|
|
|
9A19BFE000
|
stack
|
page read and write
|
|
|
|
7FF5225A1000
|
unkown image
|
page readonly
|
|
|
|
1B5A6313000
|
unkown
|
page read and write
|
|
|
|
1FE1FB78000
|
unkown
|
page read and write
|
|
|
|
7FF57BB0A000
|
unkown image
|
page readonly
|
|
|
|
7FF559F4D000
|
unkown image
|
page readonly
|
|
|
|
7FF559F8F000
|
unkown image
|
page readonly
|
|
|
|
7FF55A001000
|
unkown image
|
page readonly
|
|
|
|
1B5A61A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1823000
|
unkown image
|
page readonly
|
|
|
|
7FF57BA8D000
|
unkown image
|
page readonly
|
|
|
|
7FF5E13F7000
|
unkown image
|
page readonly
|
|
|
|
7DF542842000
|
unkown image
|
page readonly
|
|
|
|
1B5A6308000
|
unkown
|
page read and write
|
|
|
|
7FF5E185B000
|
unkown image
|
page readonly
|
|
|
|
7DF589772000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB8C000
|
unkown
|
page read and write
|
|
|
|
7FF5D50A7000
|
unkown image
|
page readonly
|
|
|
|
17E2B4E0000
|
unkown image
|
page readonly
|
|
|
|
7FF559FDB000
|
unkown image
|
page readonly
|
|
|
|
7FF5224C3000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBB3000
|
unkown
|
page read and write
|
|
|
|
14317F2F000
|
unkown
|
page read and write
|
|
|
|
1FE1FB93000
|
unkown
|
page read and write
|
|
|
|
7FF57BA26000
|
unkown image
|
page readonly
|
|
|
|
1FE2001E000
|
unkown
|
page read and write
|
|
|
|
1FE1F316000
|
unkown
|
page read and write
|
|
|
|
1FE1FB75000
|
unkown
|
page read and write
|
|
|
|
261480A0000
|
unkown image
|
page readonly
|
|
|
|
1B3E8310000
|
unkown
|
page read and write
|
|
|
|
9A1997E000
|
stack
|
page read and write
|
|
|
|
7FF559EC4000
|
unkown image
|
page readonly
|
|
|
|
7FF520AF1000
|
unkown image
|
page readonly
|
|
|
|
26148080000
|
unkown image
|
page readonly
|
|
|
|
17E2B670000
|
unkown
|
page read and write
|
|
|
|
26148229000
|
unkown
|
page read and write
|
|
|
|
7DF530220000
|
unkown image
|
page readonly
|
|
|
|
1FE1F200000
|
unkown
|
page read and write
|
|
|
|
7FF5E190A000
|
unkown image
|
page readonly
|
|
|
|
1FE20000000
|
unkown
|
page read and write
|
|
|
|
7FF559F31000
|
unkown image
|
page readonly
|
|
|
|
14318180000
|
unkown image
|
page readonly
|
|
|
|
5843877000
|
stack
|
page read and write
|
|
|
|
1FE1FB4A000
|
unkown
|
page read and write
|
|
|
|
7DF465CB0000
|
unkown image
|
page readonly
|
|
|
|
7DF5EF582000
|
unkown image
|
page readonly
|
|
|
|
1FE1F254000
|
unkown
|
page read and write
|
|
|
|
7FF57BAE2000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB80000
|
unkown
|
page read and write
|
|
|
|
1FE1F313000
|
unkown
|
page read and write
|
|
|
|
1FE1FB80000
|
unkown
|
page read and write
|
|
|
|
17E2B602000
|
unkown
|
page read and write
|
|
|
|
1FE1FB6D000
|
unkown
|
page read and write
|
|
|
|
1FE1FBAC000
|
unkown
|
page read and write
|
|
|
|
1B5A6270000
|
unkown
|
page read and write
|
|
|
|
7FF5D4F9B000
|
unkown image
|
page readonly
|
|
|
|
2BC85FB000
|
stack
|
page read and write
|
|
|
|
1FE1F249000
|
unkown
|
page read and write
|
|
|
|
7DF542850000
|
unkown image
|
page readonly
|
|
|
|
7FF5D50BD000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB97000
|
unkown
|
page read and write
|
|
|
|
7DF4E0CE0000
|
unkown image
|
page readonly
|
|
|
|
3EA5CFE000
|
stack
|
page read and write
|
|
|
|
7FF57BA23000
|
unkown image
|
page readonly
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
2614823C000
|
unkown
|
page read and write
|
|
|
|
26148302000
|
unkown
|
page read and write
|
|
|
|
1FE1FB99000
|
unkown
|
page read and write
|
|
|
|
2BD5DF9000
|
stack
|
page read and write
|
|
|
|
17E2B708000
|
unkown
|
page read and write
|
|
|
|
7DF530220000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB99000
|
unkown
|
page read and write
|
|
|
|
7DF589770000
|
unkown image
|
page readonly
|
|
|
|
7FF5D50D0000
|
unkown image
|
page readonly
|
|
|
|
7FF57BA3E000
|
unkown image
|
page readonly
|
|
|
|
7FF534438000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1833000
|
unkown image
|
page readonly
|
|
|
|
26148780000
|
unkown image
|
page readonly
|
|
|
|
A51777B000
|
stack
|
page read and write
|
|
|
|
7FF559FFB000
|
unkown image
|
page readonly
|
|
|
|
7FF57BB11000
|
unkown image
|
page readonly
|
|
|
|
7FF5D5103000
|
unkown image
|
page readonly
|
|
|
|
1B5A6190000
|
heap default
|
page read and write
|
|
|
|
7DF5EF580000
|
unkown image
|
page readonly
|
|
|
|
1FE1F2BE000
|
unkown
|
page read and write
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
17E2B650000
|
unkown
|
page read and write
|
|
|
|
7FF559AEB000
|
unkown image
|
page readonly
|
|
|
|
7FF55A0AE000
|
unkown image
|
page readonly
|
|
|
|
1B3E7450000
|
unkown image
|
page readonly
|
|
|
|
7DF487640000
|
unkown image
|
page readonly
|
|
|
|
2BD5F7B000
|
stack
|
page read and write
|
|
|
|
14317F2F000
|
unkown
|
page read and write
|
|
|
|
7FF5349F2000
|
unkown image
|
page readonly
|
|
|
|
7FF5224CE000
|
unkown image
|
page readonly
|
|
|
|
1B3E82F0000
|
unkown image
|
page read and write
|
|
|
|
1FE1FBD9000
|
unkown
|
page read and write
|
|
|
|
7FF55A0FA000
|
unkown image
|
page readonly
|
|
|
|
1FE1F250000
|
unkown
|
page read and write
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
17E2B63C000
|
unkown
|
page read and write
|
|
|
|
7DF567DE2000
|
unkown image
|
page readonly
|
|
|
|
1FE1F9C0000
|
unkown
|
page read and write
|
|
|
|
7FF520AF1000
|
unkown image
|
page readonly
|
|
|
|
7DF5E2E30000
|
unkown image
|
page readonly
|
|
|
|
261481D0000
|
unkown
|
page read and write
|
|
|
|
26148279000
|
unkown
|
page read and write
|
|
|
|
7FF522517000
|
unkown image
|
page readonly
|
|
|
|
7FF5D4C91000
|
unkown image
|
page readonly
|
|
|
|
7FF559F92000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB7F000
|
unkown
|
page read and write
|
|
|
|
7FF5E1847000
|
unkown image
|
page readonly
|
|
|
|
17E2B713000
|
unkown
|
page read and write
|
|
|
|
7FF521D29000
|
unkown image
|
page readonly
|
|
|
|
7FF55A05E000
|
unkown image
|
page readonly
|
|
|
|
14317E40000
|
unkown
|
page read and write
|
|
|
|
26148070000
|
heap private
|
page read and write
|
|
|
|
17E2BC70000
|
unkown
|
page read and write
|
|
|
|
7DF5E2E10000
|
unkown image
|
page readonly
|
|
|
|
143181D0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D512D000
|
unkown image
|
page readonly
|
|
|
|
7DF542840000
|
unkown image
|
page readonly
|
|
|
|
7FF55A180000
|
unkown image
|
page readonly
|
|
|
|
7FF5E181D000
|
unkown image
|
page readonly
|
|
|
|
7FF5223AF000
|
unkown image
|
page readonly
|
|
|
|
1B5A6160000
|
unkown image
|
page readonly
|
|
|
|
17E2B800000
|
unkown image
|
page readonly
|
|
|
|
1FE20019000
|
unkown
|
page read and write
|
|
|
|
7FF5E177C000
|
unkown image
|
page readonly
|
|
|
|
3EA5BF9000
|
stack
|
page read and write
|
|
|
|
7FF5D51B1000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB82000
|
unkown
|
page read and write
|
|
|
|
7FF53445D000
|
unkown image
|
page readonly
|
|
|
|
2BD5EFF000
|
stack
|
page read and write
|
|
|
|
1FE2001E000
|
unkown
|
page read and write
|
|
|
|
7DF542852000
|
unkown image
|
page readonly
|
|
|
|
1B5A6302000
|
unkown
|
page read and write
|
|
|
|
7FF52251D000
|
unkown image
|
page readonly
|
|
|
|
7FF5D4F80000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1807000
|
unkown image
|
page readonly
|
|
|
|
7FF534AEF000
|
unkown image
|
page readonly
|
|
|
|
7DF5E2E30000
|
unkown image
|
page readonly
|
|
|
|
1B3E8060000
|
unkown
|
page read and write
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
3EA5B7E000
|
stack
|
page read and write
|
|
|
|
1FE1F2E8000
|
unkown
|
page read and write
|
|
|
|
7FF559F50000
|
unkown image
|
page readonly
|
|
|
|
7FF559F35000
|
unkown image
|
page readonly
|
|
|
|
A5173AE000
|
stack
|
page read and write
|
|
|
|
14317F16000
|
heap default
|
page read and write
|
|
|
|
7FF5224C0000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB99000
|
unkown
|
page read and write
|
|
|
|
7DF530200000
|
unkown image
|
page readonly
|
|
|
|
7DF5E2E12000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1795000
|
unkown image
|
page readonly
|
|
|
|
7DF589780000
|
unkown image
|
page readonly
|
|
|
|
1B5A6254000
|
unkown
|
page read and write
|
|
|
|
1FE1FBBA000
|
unkown
|
page read and write
|
|
|
|
17E2BE02000
|
unkown
|
page read and write
|
|
|
|
1FE1FB00000
|
unkown
|
page read and write
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
1B5A623C000
|
unkown
|
page read and write
|
|
|
|
7FF55A0FD000
|
unkown image
|
page readonly
|
|
|
|
7FF5E16E0000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB7A000
|
unkown
|
page read and write
|
|
|
|
261481B0000
|
unkown image
|
page readonly
|
|
|
|
14317E20000
|
unkown
|
page read and write
|
|
|
|
7FF522584000
|
unkown image
|
page readonly
|
|
|
|
7FF5E188A000
|
unkown image
|
page readonly
|
|
|
|
7DF567E00000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1819000
|
unkown image
|
page readonly
|
|
|
|
1FE1F4D0000
|
unkown image
|
page readonly
|
|
|
|
7FF522351000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBD0000
|
unkown
|
page read and write
|
|
|
|
7FF559D54000
|
unkown image
|
page readonly
|
|
|
|
7FF53478A000
|
unkown image
|
page readonly
|
|
|
|
26148252000
|
unkown
|
page read and write
|
|
|
|
1FE1FBAC000
|
unkown
|
page read and write
|
|
|
|
14317F27000
|
unkown
|
page read and write
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
7DF567DF2000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB74000
|
unkown
|
page read and write
|
|
|
|
1FE1F1A0000
|
heap default
|
page read and write
|
|
|
|
7FF5E1696000
|
unkown image
|
page readonly
|
|
|
|
1FE1F270000
|
unkown
|
page read and write
|
|
|
|
7DF589782000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB82000
|
unkown
|
page read and write
|
|
|
|
1FE1FBAA000
|
unkown
|
page read and write
|
|
|
|
7FF57B34E000
|
unkown image
|
page readonly
|
|
|
|
7DF589770000
|
unkown image
|
page readonly
|
|
|
|
7FF57BB01000
|
unkown image
|
page readonly
|
|
|
|
7FF5D4963000
|
unkown image
|
page readonly
|
|
|
|
7FF522326000
|
unkown image
|
page readonly
|
|
|
|
A51732B000
|
unkown
|
page read and write
|
|
|
|
26148600000
|
unkown image
|
page readonly
|
|
|
|
7FF559D3F000
|
unkown image
|
page readonly
|
|
|
|
7FF534BE1000
|
unkown image
|
page readonly
|
|
|
|
7FF55A0F7000
|
unkown image
|
page readonly
|
|
|
|
17E2B510000
|
heap default
|
page read and write
|
|
|
|
7FF559ED1000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1887000
|
unkown image
|
page readonly
|
|
|
|
1B5A628A000
|
unkown
|
page read and write
|
|
|
|
261480D0000
|
heap default
|
page read and write
|
|
|
|
7DF542860000
|
unkown image
|
page readonly
|
|
|
|
7FF559F39000
|
unkown image
|
page readonly
|
|
|
|
7FF52258A000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB75000
|
unkown
|
page read and write
|
|
|
|
7FF534431000
|
unkown image
|
page readonly
|
|
|
|
2BC81EC000
|
unkown
|
page read and write
|
|
|
|
1B3E7465000
|
heap private
|
page read and write
|
|
|
|
7FF5D501C000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB76000
|
unkown
|
page read and write
|
|
|
|
1FE1FB8A000
|
unkown
|
page read and write
|
|
|
|
1FE1F2D9000
|
unkown
|
page read and write
|
|
|
|
1B3E7690000
|
unkown
|
page read and write
|
|
|
|
7FF534BE1000
|
unkown image
|
page readonly
|
|
|
|
1FE1F2EB000
|
unkown
|
page read and write
|
|
|
|
1B3E80D0000
|
unkown
|
page read and write
|
|
|
|
7DF5E2E22000
|
unkown image
|
page readonly
|
|
|
|
1FE1F9C0000
|
unkown
|
page read and write
|
|
|
|
584347C000
|
unkown
|
page read and write
|
|
|
|
7FF559933000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBAA000
|
unkown
|
page read and write
|
|
|
|
1FE1F24C000
|
unkown
|
page read and write
|
|
|
|
1FE1FA02000
|
unkown
|
page read and write
|
|
|
|
7FF559FEC000
|
unkown image
|
page readonly
|
|
|
|
14317E70000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB8A000
|
unkown
|
page read and write
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
1FE1F2A8000
|
unkown
|
page read and write
|
|
|
|
1B5A6A02000
|
unkown
|
page read and write
|
|
|
|
7FF57BA30000
|
unkown image
|
page readonly
|
|
|
|
A51787B000
|
stack
|
page read and write
|
|
|
|
7FF5E18F4000
|
unkown image
|
page readonly
|
|
|
|
14317CF0000
|
unkown image
|
page read and write
|
|
|
|
7DF567DE0000
|
unkown image
|
page readonly
|
|
|
|
17E2B4C0000
|
unkown image
|
page readonly
|
|
|
|
1B5A66D0000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB73000
|
unkown
|
page read and write
|
|
|
|
7DF5EF582000
|
unkown image
|
page readonly
|
|
|
|
7FF5D512A000
|
unkown image
|
page readonly
|
|
|
|
7FF534469000
|
unkown image
|
page readonly
|
|
|
|
7FF55A0B7000
|
unkown image
|
page readonly
|
|
|
|
7FF5D519A000
|
unkown image
|
page readonly
|
|
|
|
7FF5224A9000
|
unkown image
|
page readonly
|
|
|
|
17E2B64E000
|
unkown
|
page read and write
|
|
|
|
26148213000
|
unkown
|
page read and write
|
|
|
|
1FE1F950000
|
unkown image
|
page write copy
|
|
|
|
7FF57BAF4000
|
unkown image
|
page readonly
|
|
|
|
9A198FE000
|
stack
|
page read and write
|
|
|
|
7FF57BAE9000
|
unkown image
|
page readonly
|
|
|
|
7FF57BA6E000
|
unkown image
|
page readonly
|
|
|
|
2BC87F7000
|
stack
|
page read and write
|
|
|
|
7FF52236D000
|
unkown image
|
page readonly
|
|
|
|
7DF542860000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBA4000
|
unkown
|
page read and write
|
|
|
|
1FE1FB7C000
|
unkown
|
page read and write
|
|
|
|
9A19B7B000
|
stack
|
page read and write
|
|
|
|
7FF57BB11000
|
unkown image
|
page readonly
|
|
|
|
1FE1F24B000
|
unkown
|
page read and write
|
|
|
|
1FE1FB8A000
|
unkown
|
page read and write
|
|
|
|
7FF57BA63000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB7A000
|
unkown
|
page read and write
|
|
|
|
1B3E74C7000
|
heap default
|
page read and write
|
|
|
|
2BD5D7E000
|
stack
|
page read and write
|
|
|
|
1FE1FB7D000
|
unkown
|
page read and write
|
|
|
|
A517B7D000
|
stack
|
page read and write
|
|
|
|
7FF559FD5000
|
unkown image
|
page readonly
|
|
|
|
7DF5EF570000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB96000
|
unkown
|
page read and write
|
|
|
|
17E2B629000
|
unkown
|
page read and write
|
|
|
|
7FF5D51A1000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB81000
|
unkown
|
page read and write
|
|
|
|
7FF5E171F000
|
unkown image
|
page readonly
|
|
|
|
7FF534785000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB93000
|
unkown
|
page read and write
|
|
|
|
1FE1F9D0000
|
unkown image
|
page read and write
|
|
|
|
1FE1F1F0000
|
unkown image
|
page readonly
|
|
|
|
7FF534AF6000
|
unkown image
|
page readonly
|
|
|
|
7DF4ED440000
|
unkown image
|
page readonly
|
|
|
|
1FE1F9C0000
|
unkown
|
page read and write
|
|
|
|
26148283000
|
unkown
|
page read and write
|
|
|
|
1B3E7469000
|
heap private
|
page read and write
|
|
|
|
7FF534AF3000
|
unkown image
|
page readonly
|
|
|
|
17E2B4A0000
|
unkown image
|
page read and write
|
|
|
|
7FF55A0CB000
|
unkown image
|
page readonly
|
|
|
|
7FF5E16DD000
|
unkown image
|
page readonly
|
|
|
|
17E2B681000
|
unkown
|
page read and write
|
|
|
|
1B3E78A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5E13F1000
|
unkown image
|
page readonly
|
|
|
|
7FF5D50BF000
|
unkown image
|
page readonly
|
|
|
|
1FE1F25A000
|
unkown
|
page read and write
|
|
|
|
1FE1F2EB000
|
unkown
|
page read and write
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
7FF534BB2000
|
unkown image
|
page readonly
|
|
|
|
17E2B613000
|
unkown
|
page read and write
|
|
|
|
7FF534BD5000
|
unkown image
|
page readonly
|
|
|
|
7FF5D50FB000
|
unkown image
|
page readonly
|
|
|
|
7FF5D50D7000
|
unkown image
|
page readonly
|
|
|
|
7DF567E00000
|
unkown image
|
page readonly
|
|
|
|
1FE1F2C5000
|
unkown
|
page read and write
|
|
|
|
1B5A6261000
|
unkown
|
page read and write
|
|
|
|
7FF5D51B1000
|
unkown image
|
page readonly
|
|
|
|
17E2B4B0000
|
heap private
|
page read and write
|
|
|
|
7FF534B32000
|
unkown image
|
page readonly
|
|
|
|
7DF5EF590000
|
unkown image
|
page readonly
|
|
|
|
1B3E750F000
|
unkown
|
page read and write
|
|
|
|
1B5A6258000
|
unkown
|
page read and write
|
|
|
|
1B5A6252000
|
unkown
|
page read and write
|
|
|
|
2614824B000
|
unkown
|
page read and write
|
|
|
|
7FF5D4F61000
|
unkown image
|
page readonly
|
|
|
|
1FE1F2AC000
|
unkown
|
page read and write
|
|
|
|
1FE1FBAA000
|
unkown
|
page read and write
|
|
|
|
1FE1F130000
|
unkown image
|
page read and write
|
|
|
|
1FE1FB99000
|
unkown
|
page read and write
|
|
|
|
7DF5E2E20000
|
unkown image
|
page readonly
|
|
|
|
7DF542840000
|
unkown image
|
page readonly
|
|
|
|
7FF5E10C3000
|
unkown image
|
page readonly
|
|
|
|
7FF522421000
|
unkown image
|
page readonly
|
|
|
|
7FF57B352000
|
unkown image
|
page readonly
|
|
|
|
7DF542852000
|
unkown image
|
page readonly
|
|
|
|
1FE1F1B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5223FB000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB90000
|
unkown
|
page read and write
|
|
|
|
1FE1FB81000
|
unkown
|
page read and write
|
|
|
|
7FF534B2B000
|
unkown image
|
page readonly
|
|
|
|
1FE1F248000
|
unkown
|
page read and write
|
|
|
|
17E2BB80000
|
unkown image
|
page readonly
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
7FF5E18E2000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBAC000
|
unkown
|
page read and write
|
|
|
|
7FF534BB9000
|
unkown image
|
page readonly
|
|
|
|
14317F11000
|
unkown
|
page read and write
|
|
|
|
7DF5EF590000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB13000
|
unkown
|
page read and write
|
|
|
|
1FE1F150000
|
unkown image
|
page readonly
|
|
|
|
9A19EFF000
|
stack
|
page read and write
|
|
|
|
7FF55A005000
|
unkown image
|
page readonly
|
|
|
|
7DF5E2E20000
|
unkown image
|
page readonly
|
|
|
|
17E2B600000
|
unkown
|
page read and write
|
|
|
|
7FF5E10C9000
|
unkown image
|
page readonly
|
|
|
|
17E2B64A000
|
unkown
|
page read and write
|
|
|
|
7DF530210000
|
unkown image
|
page readonly
|
|
|
|
7FF5D5182000
|
unkown image
|
page readonly
|
|
|
|
7FF522081000
|
unkown image
|
page readonly
|
|
|
|
7FF55A152000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBB5000
|
unkown
|
page read and write
|
|
|
|
7FF5E1901000
|
unkown image
|
page readonly
|
|
|
|
7DF5EF580000
|
unkown image
|
page readonly
|
|
|
|
1B3E7AA0000
|
unkown image
|
page readonly
|
|
|
|
7FF57B6CF000
|
unkown image
|
page readonly
|
|
|
|
1B5A624D000
|
unkown
|
page read and write
|
|
|
|
7FF55A164000
|
unkown image
|
page readonly
|
|
|
|
7FF522370000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1765000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
26148308000
|
unkown
|
page read and write
|
|
|
|
1FE1F170000
|
unkown image
|
page readonly
|
|
|
|
1B3E7460000
|
heap private
|
page read and write
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
1FE1F281000
|
unkown
|
page read and write
|
|
|
|
1FE1F150000
|
unkown image
|
page readonly
|
|
|
|
7FF53441D000
|
unkown image
|
page readonly
|
|
|
|
7FF55A159000
|
unkown image
|
page readonly
|
|
|
|
7FF52238B000
|
unkown image
|
page readonly
|
|
|
|
7FF522579000
|
unkown image
|
page readonly
|
|
|
|
1B3E7470000
|
unkown
|
page read and write
|
|
|
|
1FE1FBB8000
|
unkown
|
page read and write
|
|
|
|
7FF55A16A000
|
unkown image
|
page readonly
|
|
|
|
14317F26000
|
unkown
|
page read and write
|
|
|
|
1FE1FB8F000
|
unkown
|
page read and write
|
|
|
|
1B3E8320000
|
unkown
|
page readonly
|
|
|
|
1FE1F180000
|
unkown image
|
page readonly
|
|
|
|
7FF522087000
|
unkown image
|
page readonly
|
|
|
|
7FF55A08D000
|
unkown image
|
page readonly
|
|
|
|
7FF55A17A000
|
unkown image
|
page readonly
|
|
|
|
7FF534B3E000
|
unkown image
|
page readonly
|
|
|
|
3EA5C7E000
|
stack
|
page read and write
|
|
|
|
1B3E750F000
|
unkown
|
page read and write
|
|
|
|
1B5A6130000
|
heap private
|
page read and write
|
|
|
|
1FE20063000
|
unkown
|
page read and write
|
|
|
|
7FF534AED000
|
unkown image
|
page readonly
|
|
|
|
1B5A6213000
|
unkown
|
page read and write
|
|
|
|
1FE1FB77000
|
unkown
|
page read and write
|
|
|
|
1B3E7C30000
|
unkown image
|
page readonly
|
|
|
|
7FF5E16FB000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB91000
|
unkown
|
page read and write
|
|
|
|
1FE1F2E1000
|
unkown
|
page read and write
|
|
|
|
1FE1FB11000
|
unkown
|
page read and write
|
|
|
|
A517C7F000
|
stack
|
page read and write
|
|
|
|
7FF52251A000
|
unkown image
|
page readonly
|
|
|
|
1FE1F213000
|
unkown
|
page read and write
|
|
|
|
7FF5224B3000
|
unkown image
|
page readonly
|
|
|
|
7FF5D51AA000
|
unkown image
|
page readonly
|
|
|
|
1FE1F265000
|
unkown
|
page read and write
|
|
|
|
7FF559F06000
|
unkown image
|
page readonly
|
|
|
|
7FF55A181000
|
unkown image
|
page readonly
|
|
|
|
2BD5C7B000
|
unkown
|
page read and write
|
|
|
|
7FF559AFC000
|
unkown image
|
page readonly
|
|
|
|
1FE1FBB5000
|
unkown
|
page read and write
|
|
|
|
14317E80000
|
unkown image
|
page readonly
|
|
|
|
1B3E7400000
|
unkown image
|
page readonly
|
|
|
|
1B5A61C0000
|
unkown
|
page read and write
|
|
|
|
1FE1F229000
|
unkown
|
page read and write
|
|
|
|
1FE1FB8A000
|
unkown
|
page read and write
|
|
|
|
2BC8A7F000
|
stack
|
page read and write
|
|
|
|
1B3E7410000
|
unkown image
|
page readonly
|
|
|
|
7FF5D5189000
|
unkown image
|
page readonly
|
|
|
|
9A1987B000
|
unkown
|
page read and write
|
|
|
|
7FF559939000
|
unkown image
|
page readonly
|
|
|
|
7DF567DF2000
|
unkown image
|
page readonly
|
|
|
|
7FF534B00000
|
unkown image
|
page readonly
|
|
|
|
7FF57BA5B000
|
unkown image
|
page readonly
|
|
|
|
17E2BA00000
|
unkown image
|
page readonly
|
|
|
|
7FF5E1863000
|
unkown image
|
page readonly
|
|
|
|
7FF5E18FA000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB75000
|
unkown
|
page read and write
|
|
|
|
14318000000
|
unkown image
|
page readonly
|
|
|
|
1B3E80C0000
|
unkown
|
page read and write
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
7DF567DE0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D5005000
|
unkown image
|
page readonly
|
|
|
|
1FE1F24D000
|
unkown
|
page read and write
|
|
|
|
1FE1FB15000
|
unkown
|
page read and write
|
|
|
|
1FE20002000
|
unkown
|
page read and write
|
|
|
|
7FF5E183E000
|
unkown image
|
page readonly
|
|
|
|
7FF559F6B000
|
unkown image
|
page readonly
|
|
|
|
3EA57CA000
|
unkown
|
page read and write
|
|
|
|
7FF522425000
|
unkown image
|
page readonly
|
|
|
|
1FE1F24F000
|
unkown
|
page read and write
|
|
|
|
7FF5D50B9000
|
unkown image
|
page readonly
|
|
|
|
1B5A64D0000
|
unkown image
|
page readonly
|
|
|
|
7FF5224FE000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB9D000
|
unkown
|
page read and write
|
|
|
|
7FF55A042000
|
unkown image
|
page readonly
|
|
|
|
7FF522167000
|
unkown image
|
page readonly
|
|
|
|
1B3E73E0000
|
unkown image
|
page readonly
|
|
|
|
1B5A6229000
|
unkown
|
page read and write
|
|
|
|
14317D10000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB97000
|
unkown
|
page read and write
|
|
|
|
9A19A7C000
|
stack
|
page read and write
|
|
|
|
1FE1FB8B000
|
unkown
|
page read and write
|
|
|
|
7FF559E05000
|
unkown image
|
page readonly
|
|
|
|
7DF5EF570000
|
unkown image
|
page readonly
|
|
|
|
7DF530210000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB7D000
|
unkown
|
page read and write
|
|
|
|
1B3E7430000
|
unkown
|
page read and write
|
|
|
|
7FF534783000
|
unkown image
|
page readonly
|
|
|
|
7FF5D50DE000
|
unkown image
|
page readonly
|
|
|
|
7FF534A4C000
|
unkown image
|
page readonly
|
|
|
|
7FF57BA33000
|
unkown image
|
page readonly
|
|
|
|
1FE1FB88000
|
unkown
|
page read and write
|
|
|
|
1FE1F308000
|
unkown
|
page read and write
|
|
|
|
1FE1FB79000
|
unkown
|
page read and write
|
|
|
|
1B3E7C20000
|
unkown image
|
page readonly
|
|
|
|
7FF5224AD000
|
unkown image
|
page readonly
|
|
|
|
17E2B68C000
|
unkown
|
page read and write
|
|
There are 678 hidden memdumps, click here to show them.