Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
aaaaaaaaaaa.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Create Time/Date: Tue Oct
26 08:18:26 2021, Last Saved Time/Date: Tue Oct 26 08:18:28 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4367FA27-1BF9-4B5E-BC42-BFA8671731B4
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://api.aadrm.com
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://outlook.office365.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
https://api.cortana.ai
|
unknown
|
|
|
|
https://onedrive.live.com
|
unknown
|
|
|
|
https://ovisualuiapp.azurewebsites.net/pbiagave/
|
unknown
|
|
There are 90 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
ig9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
jg9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\4A6CC
|
4A6CC
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
3p9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\5818C
|
5818C
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\5895C
|
5895C
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
p+&
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2DE8C
|
2DE8C
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
v/&
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\343E3
|
343E3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\34C1D
|
34C1D
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
There are 84 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF5D056E000
|
unkown image
|
page readonly
|
|
|
|
7FF5D094D000
|
unkown image
|
page readonly
|
|
|
|
1E527FAC000
|
unkown
|
page read and write
|
|
|
|
6E7D07B000
|
unkown
|
page read and write
|
|
|
|
7FF5B0437000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0A4A000
|
unkown image
|
page readonly
|
|
|
|
7DF5E5B70000
|
unkown image
|
page readonly
|
|
|
|
25A22C02000
|
unkown
|
page read and write
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
1FFA787D000
|
unkown
|
page read and write
|
|
|
|
1E527653000
|
unkown
|
page read and write
|
|
|
|
1E527480000
|
unkown image
|
page readonly
|
|
|
|
7FF5B049D000
|
unkown image
|
page readonly
|
|
|
|
1E52841F000
|
unkown
|
page read and write
|
|
|
|
7FF5B1F43000
|
unkown image
|
page readonly
|
|
|
|
7FF58AEA0000
|
unkown image
|
page readonly
|
|
|
|
1E02424F000
|
unkown
|
page read and write
|
|
|
|
1FFA7640000
|
unkown image
|
page read and write
|
|
|
|
25A22C4D000
|
unkown
|
page read and write
|
|
|
|
7FF5AC048000
|
unkown image
|
page readonly
|
|
|
|
1E5276BD000
|
unkown
|
page read and write
|
|
|
|
1E024308000
|
unkown
|
page read and write
|
|
|
|
7DF5E5B72000
|
unkown image
|
page readonly
|
|
|
|
7FF58B244000
|
unkown image
|
page readonly
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
1E527F87000
|
unkown
|
page read and write
|
|
|
|
7FF5B02E1000
|
unkown image
|
page readonly
|
|
|
|
1E527F8A000
|
unkown
|
page read and write
|
|
|
|
76D71FF000
|
stack
|
page read and write
|
|
|
|
76D6EFE000
|
stack
|
page read and write
|
|
|
|
1FFA7870000
|
unkown
|
page read and write
|
|
|
|
7FF58B33F000
|
unkown image
|
page readonly
|
|
|
|
1E527F72000
|
unkown
|
page read and write
|
|
|
|
1E024030000
|
heap private
|
page read and write
|
|
|
|
7FF5D05D5000
|
unkown image
|
page readonly
|
|
|
|
1E527F5D000
|
unkown
|
page read and write
|
|
|
|
7DF5C1182000
|
unkown image
|
page readonly
|
|
|
|
1E527F9B000
|
unkown
|
page read and write
|
|
|
|
25A229B0000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
7FF58B2DE000
|
unkown image
|
page readonly
|
|
|
|
7DF5C55A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D09CF000
|
unkown image
|
page readonly
|
|
|
|
1E527800000
|
unkown image
|
page readonly
|
|
|
|
1E5276FA000
|
unkown
|
page read and write
|
|
|
|
7FF5AFFE6000
|
unkown image
|
page readonly
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
7FF58B3D1000
|
unkown image
|
page readonly
|
|
|
|
7FF5AC0F4000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0A44000
|
unkown image
|
page readonly
|
|
|
|
1E527FA9000
|
unkown
|
page read and write
|
|
|
|
B1CF87A000
|
stack
|
page read and write
|
|
|
|
1FFA7680000
|
unkown image
|
page readonly
|
|
|
|
1E527CF0000
|
unkown
|
page read and write
|
|
|
|
1B221FB5000
|
heap private
|
page read and write
|
|
|
|
1B221D47000
|
unkown
|
page read and write
|
|
|
|
25A229A0000
|
heap private
|
page read and write
|
|
|
|
1FFA7800000
|
unkown
|
page read and write
|
|
|
|
7DF5C1192000
|
unkown image
|
page readonly
|
|
|
|
1E02424B000
|
unkown
|
page read and write
|
|
|
|
1B221FC0000
|
unkown image
|
page readonly
|
|
|
|
7FF5AC010000
|
unkown image
|
page readonly
|
|
|
|
1FFA7900000
|
unkown
|
page read and write
|
|
|
|
1E527F7C000
|
unkown
|
page read and write
|
|
|
|
7FF5D0615000
|
unkown image
|
page readonly
|
|
|
|
7FF58B35D000
|
unkown image
|
page readonly
|
|
|
|
1E527F98000
|
unkown
|
page read and write
|
|
|
|
7FF5B1EB1000
|
unkown image
|
page readonly
|
|
|
|
7DF5E5B82000
|
unkown image
|
page readonly
|
|
|
|
6E7D978000
|
stack
|
page read and write
|
|
|
|
7DF5C7162000
|
unkown image
|
page readonly
|
|
|
|
7FF58B2DA000
|
unkown image
|
page readonly
|
|
|
|
1E527F8A000
|
unkown
|
page read and write
|
|
|
|
1B221D2B000
|
heap default
|
page read and write
|
|
|
|
7DF5C1190000
|
unkown image
|
page readonly
|
|
|
|
7FF58B34E000
|
unkown image
|
page readonly
|
|
|
|
7FF5B046A000
|
unkown image
|
page readonly
|
|
|
|
1E52768A000
|
unkown
|
page read and write
|
|
|
|
1E52841D000
|
unkown
|
page read and write
|
|
|
|
7FF5D09DF000
|
unkown image
|
page readonly
|
|
|
|
7FF5D09A0000
|
unkown image
|
page readonly
|
|
|
|
1E02422A000
|
unkown
|
page read and write
|
|
|
|
7FF58B30F000
|
unkown image
|
page readonly
|
|
|
|
1E527F78000
|
unkown
|
page read and write
|
|
|
|
7FF5D0572000
|
unkown image
|
page readonly
|
|
|
|
7DF5C55B0000
|
unkown image
|
page readonly
|
|
|
|
1B221B40000
|
unkown image
|
page readonly
|
|
|
|
7FF5B041A000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0301000
|
unkown image
|
page readonly
|
|
|
|
1B221C90000
|
unkown image
|
page readonly
|
|
|
|
1E52764E000
|
unkown
|
page read and write
|
|
|
|
25A22A00000
|
heap default
|
page read and write
|
|
|
|
7FF5D05C0000
|
unkown image
|
page readonly
|
|
|
|
25A22C71000
|
unkown
|
page read and write
|
|
|
|
7DF5C1180000
|
unkown image
|
page readonly
|
|
|
|
1E024600000
|
unkown image
|
page readonly
|
|
|
|
7FF5B02C3000
|
unkown image
|
page readonly
|
|
|
|
7FF5B042B000
|
unkown image
|
page readonly
|
|
|
|
1E527649000
|
unkown
|
page read and write
|
|
|
|
7DF5C5592000
|
unkown image
|
page readonly
|
|
|
|
1E527F6D000
|
unkown
|
page read and write
|
|
|
|
1E527654000
|
unkown
|
page read and write
|
|
|
|
1E527F72000
|
unkown
|
page read and write
|
|
|
|
7FF58AACC000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0908000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0AF2000
|
unkown image
|
page readonly
|
|
|
|
1E5274B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5AC03F000
|
unkown image
|
page readonly
|
|
|
|
1E527651000
|
unkown
|
page read and write
|
|
|
|
1E52764A000
|
unkown
|
page read and write
|
|
|
|
1E527C80000
|
unkown image
|
page write copy
|
|
|
|
7DF5A0452000
|
unkown image
|
page readonly
|
|
|
|
25A22990000
|
unkown image
|
page read and write
|
|
|
|
1E024213000
|
unkown
|
page read and write
|
|
|
|
7DF5C7160000
|
unkown image
|
page readonly
|
|
|
|
25A229D0000
|
unkown image
|
page readonly
|
|
|
|
1E527F78000
|
unkown
|
page read and write
|
|
|
|
7FF5D08FE000
|
unkown image
|
page readonly
|
|
|
|
1E024302000
|
unkown
|
page read and write
|
|
|
|
1FFA76B0000
|
heap default
|
page read and write
|
|
|
|
1E527FAA000
|
unkown
|
page read and write
|
|
|
|
C12A0F7000
|
stack
|
page read and write
|
|
|
|
7FF5B036D000
|
unkown image
|
page readonly
|
|
|
|
1B221B20000
|
unkown image
|
page readonly
|
|
|
|
1E527FA8000
|
unkown
|
page read and write
|
|
|
|
1E527FAF000
|
unkown
|
page read and write
|
|
|
|
7DF5A0452000
|
unkown image
|
page readonly
|
|
|
|
1E527F93000
|
unkown
|
page read and write
|
|
|
|
1E527F74000
|
unkown
|
page read and write
|
|
|
|
7FF58B334000
|
unkown image
|
page readonly
|
|
|
|
1E527F75000
|
unkown
|
page read and write
|
|
|
|
7FF5B038C000
|
unkown image
|
page readonly
|
|
|
|
C129FFB000
|
stack
|
page read and write
|
|
|
|
1E527F80000
|
unkown
|
page read and write
|
|
|
|
7DF5C1192000
|
unkown image
|
page readonly
|
|
|
|
7FF58B356000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0A68000
|
unkown image
|
page readonly
|
|
|
|
7FF58B057000
|
unkown image
|
page readonly
|
|
|
|
7FF5D096C000
|
unkown image
|
page readonly
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
1E024400000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2034000
|
unkown image
|
page readonly
|
|
|
|
1E527F90000
|
unkown
|
page read and write
|
|
|
|
7FF5D0A6E000
|
unkown image
|
page readonly
|
|
|
|
7DF5C11A0000
|
unkown image
|
page readonly
|
|
|
|
2FBC2FB000
|
stack
|
page read and write
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
7FF5D04DE000
|
unkown image
|
page readonly
|
|
|
|
7DF5C1182000
|
unkown image
|
page readonly
|
|
|
|
1E527F9A000
|
unkown
|
page read and write
|
|
|
|
7DF5C7180000
|
unkown image
|
page readonly
|
|
|
|
7FF5B1FF5000
|
unkown image
|
page readonly
|
|
|
|
1B221D4E000
|
unkown
|
page read and write
|
|
|
|
1E527FA1000
|
unkown
|
page read and write
|
|
|
|
7FF58B2CA000
|
unkown image
|
page readonly
|
|
|
|
1E527CF0000
|
unkown
|
page read and write
|
|
|
|
1E52767F000
|
unkown
|
page read and write
|
|
|
|
1E5274D0000
|
heap default
|
page read and write
|
|
|
|
7FF5B1E41000
|
unkown image
|
page readonly
|
|
|
|
7FF5B031E000
|
unkown image
|
page readonly
|
|
|
|
1FFA7A00000
|
unkown image
|
page readonly
|
|
|
|
1E527F82000
|
unkown
|
page read and write
|
|
|
|
7FF5AC07E000
|
unkown image
|
page readonly
|
|
|
|
25A229E0000
|
unkown image
|
page readonly
|
|
|
|
7DF5C55A2000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0457000
|
unkown image
|
page readonly
|
|
|
|
7FF5B20E1000
|
unkown image
|
page readonly
|
|
|
|
7FF58B2F7000
|
unkown image
|
page readonly
|
|
|
|
7FF5B205E000
|
unkown image
|
page readonly
|
|
|
|
76D70FF000
|
stack
|
page read and write
|
|
|
|
1B221D5F000
|
unkown
|
page read and write
|
|
|
|
2FBC3FB000
|
stack
|
page read and write
|
|
|
|
7FF58B1DB000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0851000
|
unkown image
|
page readonly
|
|
|
|
76D69CE000
|
stack
|
page read and write
|
|
|
|
7FF5D08FB000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0A17000
|
unkown image
|
page readonly
|
|
|
|
1FFA7855000
|
unkown
|
page read and write
|
|
|
|
1E527F8A000
|
unkown
|
page read and write
|
|
|
|
7DF5C5592000
|
unkown image
|
page readonly
|
|
|
|
1FFA7850000
|
unkown
|
page read and write
|
|
|
|
1E527F8A000
|
unkown
|
page read and write
|
|
|
|
1E527F59000
|
unkown
|
page read and write
|
|
|
|
1FFA784B000
|
unkown
|
page read and write
|
|
|
|
7FF5AC08D000
|
unkown image
|
page readonly
|
|
|
|
1E527FA1000
|
unkown
|
page read and write
|
|
|
|
1E527F99000
|
unkown
|
page read and write
|
|
|
|
7FF5AB963000
|
unkown image
|
page readonly
|
|
|
|
1E527624000
|
unkown
|
page read and write
|
|
|
|
7DF5E5B90000
|
unkown image
|
page readonly
|
|
|
|
1E527FAB000
|
unkown
|
page read and write
|
|
|
|
7FF5B204F000
|
unkown image
|
page readonly
|
|
|
|
7FF5AC015000
|
unkown image
|
page readonly
|
|
|
|
1E527F86000
|
unkown
|
page read and write
|
|
|
|
1E527F7E000
|
unkown
|
page read and write
|
|
|
|
7FF5D0A37000
|
unkown image
|
page readonly
|
|
|
|
1E527FB5000
|
unkown
|
page read and write
|
|
|
|
7FF5B1E85000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0953000
|
unkown image
|
page readonly
|
|
|
|
1B221B20000
|
unkown image
|
page readonly
|
|
|
|
1E527F59000
|
unkown
|
page read and write
|
|
|
|
7DF5C5590000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0197000
|
unkown image
|
page readonly
|
|
|
|
1E5274A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5B02B5000
|
unkown image
|
page readonly
|
|
|
|
7DF5C7162000
|
unkown image
|
page readonly
|
|
|
|
7FF58B317000
|
unkown image
|
page readonly
|
|
|
|
7FF5B20DA000
|
unkown image
|
page readonly
|
|
|
|
1E527F6D000
|
unkown
|
page read and write
|
|
|
|
1E024070000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0A76000
|
unkown image
|
page readonly
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
1E52765C000
|
unkown
|
page read and write
|
|
|
|
1E5275D0000
|
unkown
|
page read and write
|
|
|
|
7DF5A0462000
|
unkown image
|
page readonly
|
|
|
|
1E527FB2000
|
unkown
|
page read and write
|
|
|
|
1E024288000
|
unkown
|
page read and write
|
|
|
|
1B221D4E000
|
unkown
|
page read and write
|
|
|
|
7FF5B048E000
|
unkown image
|
page readonly
|
|
|
|
25A22D08000
|
unkown
|
page read and write
|
|
|
|
7FF5AC05A000
|
unkown image
|
page readonly
|
|
|
|
1FFA7829000
|
unkown
|
page read and write
|
|
|
|
7FF5B0373000
|
unkown image
|
page readonly
|
|
|
|
25A22C4A000
|
unkown
|
page read and write
|
|
|
|
7FF5AC0FA000
|
unkown image
|
page readonly
|
|
|
|
B1CF8FE000
|
stack
|
page read and write
|
|
|
|
1E527F91000
|
unkown
|
page read and write
|
|
|
|
1E527F4F000
|
unkown
|
page read and write
|
|
|
|
7FF5D0780000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0384000
|
unkown image
|
page readonly
|
|
|
|
7DF5C55A2000
|
unkown image
|
page readonly
|
|
|
|
1E527F82000
|
unkown
|
page read and write
|
|
|
|
6E7D5FE000
|
stack
|
page read and write
|
|
|
|
7FF5D0903000
|
unkown image
|
page readonly
|
|
|
|
7FF5D09EA000
|
unkown image
|
page readonly
|
|
|
|
7FF5B1BB0000
|
unkown image
|
page readonly
|
|
|
|
25A22BD0000
|
unkown
|
page read and write
|
|
|
|
7FF5B1ED1000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0A0B000
|
unkown image
|
page readonly
|
|
|
|
7FF5B183C000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0834000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0562000
|
unkown image
|
page readonly
|
|
|
|
1E024090000
|
heap default
|
page read and write
|
|
|
|
1E527F8D000
|
unkown
|
page read and write
|
|
|
|
7FF5AC054000
|
unkown image
|
page readonly
|
|
|
|
1E52846A000
|
unkown
|
page read and write
|
|
|
|
7FF5B1FF0000
|
unkown image
|
page readonly
|
|
|
|
1E527F8B000
|
unkown
|
page read and write
|
|
|
|
C129BBD000
|
stack
|
page read and write
|
|
|
|
1B221D20000
|
heap default
|
page read and write
|
|
|
|
1E528400000
|
unkown
|
page read and write
|
|
|
|
1E527E02000
|
unkown
|
page read and write
|
|
|
|
1E527F00000
|
unkown
|
page read and write
|
|
|
|
7DF5A0470000
|
unkown image
|
page readonly
|
|
|
|
1E527F1F000
|
unkown
|
page read and write
|
|
|
|
7FF5D0A5F000
|
unkown image
|
page readonly
|
|
|
|
1FFA7C00000
|
unkown image
|
page readonly
|
|
|
|
2FBC6FF000
|
stack
|
page read and write
|
|
|
|
1E527F80000
|
unkown
|
page read and write
|
|
|
|
2FBBF6E000
|
stack
|
page read and write
|
|
|
|
25A22D02000
|
unkown
|
page read and write
|
|
|
|
1E024249000
|
unkown
|
page read and write
|
|
|
|
7FF5D09A2000
|
unkown image
|
page readonly
|
|
|
|
1E5276B2000
|
unkown
|
page read and write
|
|
|
|
1E5275B0000
|
unkown image
|
page readonly
|
|
|
|
7DF5C11A0000
|
unkown image
|
page readonly
|
|
|
|
1E527F82000
|
unkown
|
page read and write
|
|
|
|
25A22C8B000
|
unkown
|
page read and write
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
1B221FA0000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0271000
|
unkown image
|
page readonly
|
|
|
|
1E527F7D000
|
unkown
|
page read and write
|
|
|
|
1E527CF0000
|
unkown
|
page read and write
|
|
|
|
1E527F80000
|
unkown
|
page read and write
|
|
|
|
7FF5D07BB000
|
unkown image
|
page readonly
|
|
|
|
C12A1FE000
|
stack
|
page read and write
|
|
|
|
1E527683000
|
unkown
|
page read and write
|
|
|
|
1E02424E000
|
unkown
|
page read and write
|
|
|
|
1E527F78000
|
unkown
|
page read and write
|
|
|
|
1B221C50000
|
unkown
|
page read and write
|
|
|
|
7FF5AFC06000
|
unkown image
|
page readonly
|
|
|
|
7FF58AEA6000
|
unkown image
|
page readonly
|
|
|
|
6E7D0FE000
|
stack
|
page read and write
|
|
|
|
7FF5B031B000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0617000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0895000
|
unkown image
|
page readonly
|
|
|
|
7DF5A0460000
|
unkown image
|
page readonly
|
|
|
|
1B221D31000
|
unkown
|
page read and write
|
|
|
|
1E527613000
|
unkown
|
page read and write
|
|
|
|
1E527F8D000
|
unkown
|
page read and write
|
|
|
|
7FF5D0836000
|
unkown image
|
page readonly
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
7FF58B2EB000
|
unkown image
|
page readonly
|
|
|
|
7DF5E5B80000
|
unkown image
|
page readonly
|
|
|
|
1B221D2D000
|
heap default
|
page read and write
|
|
|
|
1E527FBB000
|
unkown
|
page read and write
|
|
|
|
1E5275F0000
|
unkown image
|
page readonly
|
|
|
|
1E527F8E000
|
unkown
|
page read and write
|
|
|
|
1FFA788A000
|
unkown
|
page read and write
|
|
|
|
25A22C13000
|
unkown
|
page read and write
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
7DF5C55B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5AC089000
|
unkown image
|
page readonly
|
|
|
|
1E02427B000
|
unkown
|
page read and write
|
|
|
|
1E5276AB000
|
unkown
|
page read and write
|
|
|
|
7FF5B0499000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0420000
|
unkown image
|
page readonly
|
|
|
|
1FFA7913000
|
unkown
|
page read and write
|
|
|
|
7FF5B040C000
|
unkown image
|
page readonly
|
|
|
|
1E527470000
|
heap private
|
page read and write
|
|
|
|
7FF5AC101000
|
unkown image
|
page readonly
|
|
|
|
1E527F9A000
|
unkown
|
page read and write
|
|
|
|
7FF58B2E0000
|
unkown image
|
page readonly
|
|
|
|
1FFA783C000
|
unkown
|
page read and write
|
|
|
|
1E024190000
|
unkown
|
page read and write
|
|
|
|
7FF58B1DE000
|
unkown image
|
page readonly
|
|
|
|
6E7D6F7000
|
stack
|
page read and write
|
|
|
|
1E527F90000
|
unkown
|
page read and write
|
|
|
|
25A23202000
|
unkown
|
page read and write
|
|
|
|
7FF5D0A2F000
|
unkown image
|
page readonly
|
|
|
|
1E5276DD000
|
unkown
|
page read and write
|
|
|
|
76D694B000
|
unkown
|
page read and write
|
|
|
|
1E527FBA000
|
unkown
|
page read and write
|
|
|
|
1E527F6E000
|
unkown
|
page read and write
|
|
|
|
25A22C7F000
|
unkown
|
page read and write
|
|
|
|
7FF5D0AEA000
|
unkown image
|
page readonly
|
|
|
|
1E02427C000
|
unkown
|
page read and write
|
|
|
|
7FF5D09D4000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
1B221C80000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0504000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
1E528463000
|
unkown
|
page read and write
|
|
|
|
1E52763C000
|
unkown
|
page read and write
|
|
|
|
7DF5E5B90000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0A79000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0488000
|
unkown image
|
page readonly
|
|
|
|
B1CF67A000
|
unkown
|
page read and write
|
|
|
|
7FF58B3D2000
|
unkown image
|
page readonly
|
|
|
|
7FF5B044C000
|
unkown image
|
page readonly
|
|
|
|
2FBBEEC000
|
unkown
|
page read and write
|
|
|
|
25A22C2A000
|
unkown
|
page read and write
|
|
|
|
7FF5D09CB000
|
unkown image
|
page readonly
|
|
|
|
7DF4BF050000
|
unkown image
|
page readonly
|
|
|
|
7DF5C7180000
|
unkown image
|
page readonly
|
|
|
|
1E527F89000
|
unkown
|
page read and write
|
|
|
|
7FF5B0464000
|
unkown image
|
page readonly
|
|
|
|
7FF58B2E5000
|
unkown image
|
page readonly
|
|
|
|
7FF5ABD90000
|
unkown image
|
page readonly
|
|
|
|
1E527F80000
|
unkown
|
page read and write
|
|
|
|
7FF5AB967000
|
unkown image
|
page readonly
|
|
|
|
1FFA7790000
|
unkown image
|
page readonly
|
|
|
|
1E527658000
|
unkown
|
page read and write
|
|
|
|
7FF5D09B3000
|
unkown image
|
page readonly
|
|
|
|
C129ABC000
|
unkown
|
page read and write
|
|
|
|
7FF5B1E93000
|
unkown image
|
page readonly
|
|
|
|
25A22C00000
|
unkown
|
page read and write
|
|
|
|
1B221B00000
|
unkown image
|
page read and write
|
|
|
|
1E02423C000
|
unkown
|
page read and write
|
|
|
|
1E527F7A000
|
unkown
|
page read and write
|
|
|
|
7FF5B1FEE000
|
unkown image
|
page readonly
|
|
|
|
1E527F8B000
|
unkown
|
page read and write
|
|
|
|
1E527F90000
|
unkown
|
page read and write
|
|
|
|
1E024270000
|
unkown
|
page read and write
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
7FF5B2066000
|
unkown image
|
page readonly
|
|
|
|
1E527670000
|
unkown
|
page read and write
|
|
|
|
1FFA7660000
|
unkown image
|
page readonly
|
|
|
|
7DF4C5030000
|
unkown image
|
page readonly
|
|
|
|
2FBBFEE000
|
stack
|
page read and write
|
|
|
|
7FF5AC01B000
|
unkown image
|
page readonly
|
|
|
|
7DF5C7170000
|
unkown image
|
page readonly
|
|
|
|
1E527F7C000
|
unkown
|
page read and write
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
7FF5B206D000
|
unkown image
|
page readonly
|
|
|
|
1E527FDA000
|
unkown
|
page read and write
|
|
|
|
C129B3E000
|
stack
|
page read and write
|
|
|
|
76D6E7B000
|
stack
|
page read and write
|
|
|
|
1E527F8D000
|
unkown
|
page read and write
|
|
|
|
7FF58B2CC000
|
unkown image
|
page readonly
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
1FFA7650000
|
heap private
|
page read and write
|
|
|
|
1E527F8F000
|
unkown
|
page read and write
|
|
|
|
7DF5E5B72000
|
unkown image
|
page readonly
|
|
|
|
7DF4E3A40000
|
unkown image
|
page readonly
|
|
|
|
1E527F87000
|
unkown
|
page read and write
|
|
|
|
1E527F72000
|
unkown
|
page read and write
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
1E527FAA000
|
unkown
|
page read and write
|
|
|
|
25A22E00000
|
unkown image
|
page readonly
|
|
|
|
1FFA7D80000
|
unkown image
|
page readonly
|
|
|
|
7FF58B3CA000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0A05000
|
unkown image
|
page readonly
|
|
|
|
1E52764F000
|
unkown
|
page read and write
|
|
|
|
6E7D7F8000
|
stack
|
page read and write
|
|
|
|
25A22C3C000
|
unkown
|
page read and write
|
|
|
|
7FF58AAC6000
|
unkown image
|
page readonly
|
|
|
|
1E527B80000
|
unkown image
|
page readonly
|
|
|
|
25A22C50000
|
unkown
|
page read and write
|
|
|
|
7DF5A0450000
|
unkown image
|
page readonly
|
|
|
|
1E5276C4000
|
unkown
|
page read and write
|
|
|
|
B1CF97C000
|
stack
|
page read and write
|
|
|
|
1E527D00000
|
unkown image
|
page read and write
|
|
|
|
1E52767F000
|
unkown
|
page read and write
|
|
|
|
1E024253000
|
unkown
|
page read and write
|
|
|
|
1E528403000
|
unkown
|
page read and write
|
|
|
|
1E527F86000
|
unkown
|
page read and write
|
|
|
|
7FF5AFC0C000
|
unkown image
|
page readonly
|
|
|
|
B1CF6FE000
|
stack
|
page read and write
|
|
|
|
1FFA784E000
|
unkown
|
page read and write
|
|
|
|
7FF5D01E6000
|
unkown image
|
page readonly
|
|
|
|
7FF5B1EEB000
|
unkown image
|
page readonly
|
|
|
|
25A23000000
|
unkown image
|
page readonly
|
|
|
|
6E7D17E000
|
stack
|
page read and write
|
|
|
|
7FF5B2058000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0302000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
7DF5A0450000
|
unkown image
|
page readonly
|
|
|
|
7DF5A0462000
|
unkown image
|
page readonly
|
|
|
|
1E527F8F000
|
unkown
|
page read and write
|
|
|
|
25A22C81000
|
unkown
|
page read and write
|
|
|
|
7DF5C1180000
|
unkown image
|
page readonly
|
|
|
|
7FF5B047F000
|
unkown image
|
page readonly
|
|
|
|
1E527FB8000
|
unkown
|
page read and write
|
|
|
|
1E527F76000
|
unkown
|
page read and write
|
|
|
|
6E7D4F7000
|
stack
|
page read and write
|
|
|
|
1E02424C000
|
unkown
|
page read and write
|
|
|
|
1E527F8D000
|
unkown
|
page read and write
|
|
|
|
1B221D4E000
|
unkown
|
page read and write
|
|
|
|
7FF58AEB5000
|
unkown image
|
page readonly
|
|
|
|
7FF5B1F54000
|
unkown image
|
page readonly
|
|
|
|
1E024300000
|
unkown
|
page read and write
|
|
|
|
1E527F82000
|
unkown
|
page read and write
|
|
|
|
7FF5B1FFB000
|
unkown image
|
page readonly
|
|
|
|
1E52767D000
|
unkown
|
page read and write
|
|
|
|
1E527F67000
|
unkown
|
page read and write
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
7FF5AC03C000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0511000
|
unkown image
|
page readonly
|
|
|
|
7FF58B359000
|
unkown image
|
page readonly
|
|
|
|
2FBC4F7000
|
stack
|
page read and write
|
|
|
|
76D6D7C000
|
stack
|
page read and write
|
|
|
|
7DF5C5590000
|
unkown image
|
page readonly
|
|
|
|
7FF58B32A000
|
unkown image
|
page readonly
|
|
|
|
1E527F8D000
|
unkown
|
page read and write
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
1E527F5D000
|
unkown
|
page read and write
|
|
|
|
1E527F80000
|
unkown
|
page read and write
|
|
|
|
7FF5D0A00000
|
unkown image
|
page readonly
|
|
|
|
7FF5B1BC5000
|
unkown image
|
page readonly
|
|
|
|
7DF5C7172000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
1B221E20000
|
unkown image
|
page readonly
|
|
|
|
1B221D46000
|
unkown
|
page read and write
|
|
|
|
7FF5D05C6000
|
unkown image
|
page readonly
|
|
|
|
1E024313000
|
unkown
|
page read and write
|
|
|
|
1E024170000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0512000
|
unkown image
|
page readonly
|
|
|
|
1E527F8D000
|
unkown
|
page read and write
|
|
|
|
7FF58B348000
|
unkown image
|
page readonly
|
|
|
|
7FF5B20E2000
|
unkown image
|
page readonly
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
1E02424A000
|
unkown
|
page read and write
|
|
|
|
7FF58B131000
|
unkown image
|
page readonly
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
7FF5B201C000
|
unkown image
|
page readonly
|
|
|
|
7FF5AFFE0000
|
unkown image
|
page readonly
|
|
|
|
1E527F86000
|
unkown
|
page read and write
|
|
|
|
7FF5D09FA000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0964000
|
unkown image
|
page readonly
|
|
|
|
1E527F82000
|
unkown
|
page read and write
|
|
|
|
7FF5B1BB6000
|
unkown image
|
page readonly
|
|
|
|
1E527FAA000
|
unkown
|
page read and write
|
|
|
|
1E527F8B000
|
unkown
|
page read and write
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
7DF5E5B70000
|
unkown image
|
page readonly
|
|
|
|
1E024040000
|
unkown image
|
page readonly
|
|
|
|
7FF5B20D4000
|
unkown image
|
page readonly
|
|
|
|
7FF5B1F3D000
|
unkown image
|
page readonly
|
|
|
|
1E527F99000
|
unkown
|
page read and write
|
|
|
|
6E7D3FE000
|
stack
|
page read and write
|
|
|
|
7FF58B30C000
|
unkown image
|
page readonly
|
|
|
|
1E5276EA000
|
unkown
|
page read and write
|
|
|
|
1E527650000
|
unkown
|
page read and write
|
|
|
|
1E52765D000
|
unkown
|
page read and write
|
|
|
|
7FF5B1D67000
|
unkown image
|
page readonly
|
|
|
|
7FF58B324000
|
unkown image
|
page readonly
|
|
|
|
7FF5D08C1000
|
unkown image
|
page readonly
|
|
|
|
1FFA7690000
|
unkown image
|
page readonly
|
|
|
|
1E024200000
|
unkown
|
page read and write
|
|
|
|
1FFA7660000
|
unkown image
|
page readonly
|
|
|
|
7FF5AC078000
|
unkown image
|
page readonly
|
|
|
|
7DF4C3460000
|
unkown image
|
page readonly
|
|
|
|
1E527F5A000
|
unkown
|
page read and write
|
|
|
|
7FF58B175000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2027000
|
unkown image
|
page readonly
|
|
|
|
7FF5B050A000
|
unkown image
|
page readonly
|
|
|
|
1E527F5B000
|
unkown
|
page read and write
|
|
|
|
7FF5D0AE4000
|
unkown image
|
page readonly
|
|
|
|
1E527A00000
|
unkown image
|
page readonly
|
|
|
|
1E527F87000
|
unkown
|
page read and write
|
|
|
|
7FF5D07C6000
|
unkown image
|
page readonly
|
|
|
|
1E52764B000
|
unkown
|
page read and write
|
|
|
|
7DF5E5B80000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
1E527F8A000
|
unkown
|
page read and write
|
|
|
|
7DF5C1190000
|
unkown image
|
page readonly
|
|
|
|
25A22D00000
|
unkown
|
page read and write
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
7FF5AC06E000
|
unkown image
|
page readonly
|
|
|
|
1E024257000
|
unkown
|
page read and write
|
|
|
|
1FFA7908000
|
unkown
|
page read and write
|
|
|
|
76D6FF7000
|
stack
|
page read and write
|
|
|
|
1E527713000
|
unkown
|
page read and write
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
1E527F8D000
|
unkown
|
page read and write
|
|
|
|
7FF5D0777000
|
unkown image
|
page readonly
|
|
|
|
1E527FB8000
|
unkown
|
page read and write
|
|
|
|
6E7D87E000
|
stack
|
page read and write
|
|
|
|
7FF5D08E1000
|
unkown image
|
page readonly
|
|
|
|
1E52764C000
|
unkown
|
page read and write
|
|
|
|
1E527F97000
|
unkown
|
page read and write
|
|
|
|
7DF5C7172000
|
unkown image
|
page readonly
|
|
|
|
7FF5AC064000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0425000
|
unkown image
|
page readonly
|
|
|
|
1E527F87000
|
unkown
|
page read and write
|
|
|
|
7FF58B233000
|
unkown image
|
page readonly
|
|
|
|
25A229B0000
|
unkown image
|
page readonly
|
|
|
|
1E527F98000
|
unkown
|
page read and write
|
|
|
|
7FF58B1A1000
|
unkown image
|
page readonly
|
|
|
|
7FF5D08AA000
|
unkown image
|
page readonly
|
|
|
|
7FF5B041E000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
7DF49E320000
|
unkown image
|
page readonly
|
|
|
|
7FF5B1FDA000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
1E527F63000
|
unkown
|
page read and write
|
|
|
|
1E527FA9000
|
unkown
|
page read and write
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
1E527F74000
|
unkown
|
page read and write
|
|
|
|
1E024060000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0A2C000
|
unkown image
|
page readonly
|
|
|
|
1E024202000
|
unkown
|
page read and write
|
|
|
|
1E527600000
|
unkown
|
page read and write
|
|
|
|
7FF58B1C1000
|
unkown image
|
page readonly
|
|
|
|
25A22D13000
|
unkown
|
page read and write
|
|
|
|
1E527F99000
|
unkown
|
page read and write
|
|
|
|
1E527F86000
|
unkown
|
page read and write
|
|
|
|
7DF5C55A0000
|
unkown image
|
page readonly
|
|
|
|
1E528402000
|
unkown
|
page read and write
|
|
|
|
B1CF7F9000
|
stack
|
page read and write
|
|
|
|
1E527683000
|
unkown
|
page read and write
|
|
|
|
7FF5B1F5C000
|
unkown image
|
page readonly
|
|
|
|
1E527F8B000
|
unkown
|
page read and write
|
|
|
|
7FF5B2044000
|
unkown image
|
page readonly
|
|
|
|
1E527F84000
|
unkown
|
page read and write
|
|
|
|
1E527F71000
|
unkown
|
page read and write
|
|
|
|
1E528403000
|
unkown
|
page read and write
|
|
|
|
1E527F59000
|
unkown
|
page read and write
|
|
|
|
1E527659000
|
unkown
|
page read and write
|
|
|
|
1E5276EA000
|
unkown
|
page read and write
|
|
|
|
7FF58B24C000
|
unkown image
|
page readonly
|
|
|
|
1FFA7879000
|
unkown
|
page read and write
|
|
|
|
1B221D5E000
|
unkown
|
page read and write
|
|
|
|
7FF5B1FDC000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0357000
|
unkown image
|
page readonly
|
|
|
|
7FF5B201F000
|
unkown image
|
page readonly
|
|
|
|
1E527F90000
|
unkown
|
page read and write
|
|
|
|
7FF5B203A000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0AF1000
|
unkown image
|
page readonly
|
|
|
|
7DF5A0460000
|
unkown image
|
page readonly
|
|
|
|
1FFA8002000
|
unkown
|
page read and write
|
|
|
|
1E024040000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2069000
|
unkown image
|
page readonly
|
|
|
|
1FFA77B0000
|
unkown
|
page read and write
|
|
|
|
7FF5D09EC000
|
unkown image
|
page readonly
|
|
|
|
25A22AE0000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2007000
|
unkown image
|
page readonly
|
|
|
|
7FF5B0496000
|
unkown image
|
page readonly
|
|
|
|
7FF58B183000
|
unkown image
|
page readonly
|
|
|
|
76D6C7E000
|
stack
|
page read and write
|
|
|
|
7FF58B3C4000
|
unkown image
|
page readonly
|
|
|
|
7FF5D01EC000
|
unkown image
|
page readonly
|
|
|
|
1B221C30000
|
unkown
|
page read and write
|
|
|
|
7DF5C7160000
|
unkown image
|
page readonly
|
|
|
|
7FF5AC102000
|
unkown image
|
page readonly
|
|
|
|
7DF5A0470000
|
unkown image
|
page readonly
|
|
|
|
1E527460000
|
unkown image
|
page read and write
|
|
|
|
1E527708000
|
unkown
|
page read and write
|
|
|
|
7DF5E5B82000
|
unkown image
|
page readonly
|
|
|
|
7FF5D0353000
|
unkown image
|
page readonly
|
|
|
|
7FF5D08A3000
|
unkown image
|
page readonly
|
|
|
|
1E527F5D000
|
unkown
|
page read and write
|
|
|
|
1E527F8D000
|
unkown
|
page read and write
|
|
|
|
1E527F6C000
|
unkown
|
page read and write
|
|
|
|
1FFA7813000
|
unkown
|
page read and write
|
|
|
|
7FF58B22D000
|
unkown image
|
page readonly
|
|
|
|
B1CF77F000
|
stack
|
page read and write
|
|
|
|
1E527F97000
|
unkown
|
page read and write
|
|
|
|
1E527702000
|
unkown
|
page read and write
|
|
|
|
1E527F9B000
|
unkown
|
page read and write
|
|
|
|
7FF5D0A54000
|
unkown image
|
page readonly
|
|
|
|
1E527F8D000
|
unkown
|
page read and write
|
|
|
|
7DF5C7170000
|
unkown image
|
page readonly
|
|
|
|
7FF5B1EEE000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
1E527656000
|
unkown
|
page read and write
|
|
|
|
7FF5D0800000
|
unkown image
|
page readonly
|
|
|
|
1E024A02000
|
unkown
|
page read and write
|
|
|
|
1E5276A7000
|
unkown
|
page read and write
|
|
|
|
7FF5D09FE000
|
unkown image
|
page readonly
|
|
|
|
1FFA7902000
|
unkown
|
page read and write
|
|
|
|
7FF5D0841000
|
unkown image
|
page readonly
|
|
|
|
7FF5B044F000
|
unkown image
|
page readonly
|
|
|
|
1E024020000
|
unkown image
|
page read and write
|
|
|
|
1E024780000
|
unkown image
|
page readonly
|
|
|
|
1E527FA8000
|
unkown
|
page read and write
|
|
|
|
1FFA7802000
|
unkown
|
page read and write
|
|
|
|
C12A2FF000
|
stack
|
page read and write
|
|
|
|
1E527716000
|
unkown
|
page read and write
|
|
|
|
2FBC5FE000
|
stack
|
page read and write
|
|
|
|
25A22C55000
|
unkown
|
page read and write
|
|
|
|
1B221D36000
|
heap default
|
page read and write
|
|
|
|
1E5276A0000
|
unkown
|
page read and write
|
|
|
|
6E7D378000
|
stack
|
page read and write
|
|
|
|
7FF5B0474000
|
unkown image
|
page readonly
|
|
|
|
1E527F8B000
|
unkown
|
page read and write
|
|
|
|
1E527F14000
|
unkown
|
page read and write
|
|
|
|
1E527F6C000
|
unkown
|
page read and write
|
|
|
|
1E5276E7000
|
unkown
|
page read and write
|
|
|
|
1B221FB0000
|
heap private
|
page read and write
|
|
|
|
1E527480000
|
unkown image
|
page readonly
|
|
|
|
7FF5B1FEA000
|
unkown image
|
page readonly
|
|
|
|
1E527F88000
|
unkown
|
page read and write
|
|
|
|
25A23180000
|
unkown image
|
page readonly
|
|
|
|
7FF5AFFF5000
|
unkown image
|
page readonly
|
|
|
|
7FF5B040A000
|
unkown image
|
page readonly
|
|
There are 630 hidden memdumps, click here to show them.