Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
protocol.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Oct 27 10:45:18 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\protocol.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Oct 27 10:45:18 2021, Security: 0
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\ACCDA27E-452C-4E08-9584-F9C22DEC51A8
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8C80DA27.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF5B4680BDC0A2AA0C.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF8E2EB8545C9796C0.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\CD1E.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF2671737F09DCABAC.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF9858F0CABAD63058.TMP
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://atochagaleria.com.ar/CnijALAyxR/l.html
|
192.99.46.215
|
|
|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://ost.net.br/toXuNS00/l.html
|
162.241.2.103
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://api.aadrm.com
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://maberic.com/3XRJdBEjFc/l.html
|
199.79.62.121
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://outlook.office365.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
There are 101 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
atochagaleria.com.ar
|
192.99.46.215
|
|
|
|
maberic.com
|
199.79.62.121
|
|
|
|
ost.net.br
|
162.241.2.103
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.99.46.215
|
atochagaleria.com.ar
|
Canada
|
|
|
|
162.241.2.103
|
ost.net.br
|
United States
|
|
|
|
199.79.62.121
|
maberic.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
9*=
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
:*=
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\20883
|
20883
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
c2=
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\3355A
|
3355A
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\34345
|
34345
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General
|
FileFormatBallotBoxAppIDBootedOnce
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
0=#
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D411
|
2D411
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
)a#
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3D5E5
|
3D5E5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3DDC1
|
3DDC1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
There are 99 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
16A2259F000
|
unkown
|
page read and write
|
|
|
|
AAA857E000
|
stack
|
page read and write
|
|
|
|
16A22A00000
|
unkown
|
page read and write
|
|
|
|
1E0000
|
unkown
|
page read and write
|
|
|
|
7FF5AE39D000
|
unkown image
|
page readonly
|
|
|
|
294B000
|
unkown image
|
page readonly
|
|
|
|
28B9000
|
unkown image
|
page readonly
|
|
|
|
14841624000
|
unkown
|
page read and write
|
|
|
|
7FF502022000
|
unkown image
|
page readonly
|
|
|
|
7FF54A617000
|
unkown image
|
page readonly
|
|
|
|
2BE0000
|
unkown image
|
page readonly
|
|
|
|
7FF54A3F2000
|
unkown image
|
page readonly
|
|
|
|
16A22250000
|
unkown image
|
page readonly
|
|
|
|
25F361B0000
|
unkown image
|
page read and write
|
|
|
|
296D8A13000
|
unkown
|
page read and write
|
|
|
|
2964000
|
unkown image
|
page readonly
|
|
|
|
7DF565F00000
|
unkown image
|
page readonly
|
|
|
|
7DF5A7282000
|
unkown image
|
page readonly
|
|
|
|
7FF562961000
|
unkown image
|
page readonly
|
|
|
|
7DF565F00000
|
unkown image
|
page readonly
|
|
|
|
AAA788B000
|
unkown
|
page read and write
|
|
|
|
7FF562944000
|
unkown image
|
page readonly
|
|
|
|
2BD0000
|
unkown image
|
page read and write
|
|
|
|
25F8DD30000
|
unkown image
|
page readonly
|
|
|
|
20D88380000
|
unkown image
|
page readonly
|
|
|
|
7FF585FAE000
|
unkown image
|
page readonly
|
|
|
|
7FF50211D000
|
unkown image
|
page readonly
|
|
|
|
2F00000
|
unkown image
|
page readonly
|
|
|
|
14841540000
|
heap default
|
page read and write
|
|
|
|
7FF55D9C1000
|
unkown image
|
page readonly
|
|
|
|
16A22598000
|
unkown
|
page read and write
|
|
|
|
20D88370000
|
heap private
|
page read and write
|
|
|
|
7FF502123000
|
unkown image
|
page readonly
|
|
|
|
7FF55D9B1000
|
unkown image
|
page readonly
|
|
|
|
7FF4F82E2000
|
unkown image
|
page readonly
|
|
|
|
7FF54A6F2000
|
unkown image
|
page readonly
|
|
|
|
4F9B0E000
|
stack
|
page read and write
|
|
|
|
16A21B20000
|
unkown image
|
page read and write
|
|
|
|
7FF5A8053000
|
unkown image
|
page readonly
|
|
|
|
7FF585906000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE3B3000
|
unkown image
|
page readonly
|
|
|
|
2D86000
|
unkown
|
page read and write
|
|
|
|
7FF54A60E000
|
unkown image
|
page readonly
|
|
|
|
D61CF7B000
|
stack
|
page read and write
|
|
|
|
7FF55D77C000
|
unkown image
|
page readonly
|
|
|
|
7FF583154000
|
unkown image
|
page readonly
|
|
|
|
7FF4F82F4000
|
unkown image
|
page readonly
|
|
|
|
296D9300000
|
unkown
|
page read and write
|
|
|
|
2AB877B000
|
stack
|
page read and write
|
|
|
|
7FF585E35000
|
unkown image
|
page readonly
|
|
|
|
49E0000
|
unkown
|
page read and write
|
|
|
|
7FF5581FD000
|
unkown image
|
page readonly
|
|
|
|
158A77E000
|
stack
|
page read and write
|
|
|
|
3310000
|
unkown image
|
page readonly
|
|
|
|
296D9060000
|
unkown image
|
page readonly
|
|
|
|
7FF585FBE000
|
unkown image
|
page readonly
|
|
|
|
2900000
|
unkown image
|
page readonly
|
|
|
|
296D8ACA000
|
unkown
|
page read and write
|
|
|
|
16A21C50000
|
unkown
|
page read and write
|
|
|
|
1C2AE655000
|
unkown
|
page read and write
|
|
|
|
296D9130000
|
unkown image
|
page write copy
|
|
|
|
16A22587000
|
unkown
|
page read and write
|
|
|
|
5C77C7F000
|
stack
|
page read and write
|
|
|
|
28C6000
|
unkown image
|
page readonly
|
|
|
|
7FD00000
|
unkown image
|
page readonly
|
|
|
|
7FF5860A9000
|
unkown image
|
page readonly
|
|
|
|
7FF55D7AB000
|
unkown image
|
page readonly
|
|
|
|
20C6AC10000
|
unkown image
|
page readonly
|
|
|
|
296D8930000
|
unkown image
|
page readonly
|
|
|
|
1918EC41000
|
unkown
|
page read and write
|
|
|
|
20D8847B000
|
unkown
|
page read and write
|
|
|
|
D61CB7C000
|
unkown
|
page read and write
|
|
|
|
7DF5BC0F0000
|
unkown image
|
page readonly
|
|
|
|
16A22A1F000
|
unkown
|
page read and write
|
|
|
|
7FF55D8D3000
|
unkown image
|
page readonly
|
|
|
|
25F36220000
|
heap default
|
page read and write
|
|
|
|
20D88413000
|
unkown
|
page read and write
|
|
|
|
16A22402000
|
unkown
|
page read and write
|
|
|
|
7FF599615000
|
unkown image
|
page readonly
|
|
|
|
4FA177000
|
stack
|
page read and write
|
|
|
|
28A1000
|
unkown image
|
page readonly
|
|
|
|
7F612000
|
unkown image
|
page readonly
|
|
|
|
7FF599611000
|
unkown image
|
page readonly
|
|
|
|
296D8A00000
|
unkown
|
page read and write
|
|
|
|
54E000
|
stack
|
page read and write
|
|
|
|
1918EC34000
|
unkown
|
page read and write
|
|
|
|
7FF585EA0000
|
unkown image
|
page readonly
|
|
|
|
296D8AC2000
|
unkown
|
page read and write
|
|
|
|
4FA07E000
|
stack
|
page read and write
|
|
|
|
7FF514C69000
|
unkown image
|
page readonly
|
|
|
|
25F8D66E000
|
unkown
|
page read and write
|
|
|
|
7FF502126000
|
unkown image
|
page readonly
|
|
|
|
7FF55D075000
|
unkown image
|
page readonly
|
|
|
|
20C6AC10000
|
unkown image
|
page readonly
|
|
|
|
7FF562961000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page read and write
|
|
|
|
6260000
|
unkown image
|
page readonly
|
|
|
|
1918EC25000
|
unkown
|
page read and write
|
|
|
|
7FF5AE2EB000
|
unkown image
|
page readonly
|
|
|
|
C63897F000
|
stack
|
page read and write
|
|
|
|
1456BA57000
|
unkown
|
page read and write
|
|
|
|
41224DC000
|
unkown
|
page read and write
|
|
|
|
7F620000
|
unkown image
|
page readonly
|
|
|
|
296D88F0000
|
heap private
|
page read and write
|
|
|
|
298DD480000
|
unkown image
|
page readonly
|
|
|
|
7DF50FE80000
|
unkown image
|
page readonly
|
|
|
|
7DF593D30000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE462000
|
unkown image
|
page readonly
|
|
|
|
7DF5915A0000
|
unkown image
|
page readonly
|
|
|
|
16A22A02000
|
unkown
|
page read and write
|
|
|
|
7FF585F55000
|
unkown image
|
page readonly
|
|
|
|
7DF591592000
|
unkown image
|
page readonly
|
|
|
|
7DF56B640000
|
unkown image
|
page readonly
|
|
|
|
28DD000
|
unkown image
|
page readonly
|
|
|
|
7FF50198E000
|
unkown image
|
page readonly
|
|
|
|
7FF5860B4000
|
unkown image
|
page readonly
|
|
|
|
25F8D600000
|
unkown image
|
page readonly
|
|
|
|
7FF5993A6000
|
unkown image
|
page readonly
|
|
|
|
298DD4C0000
|
unkown
|
page read and write
|
|
|
|
31F0000
|
unkown image
|
page readonly
|
|
|
|
7FF5857D3000
|
unkown image
|
page readonly
|
|
|
|
7FF502211000
|
unkown image
|
page readonly
|
|
|
|
2976000
|
unkown image
|
page readonly
|
|
|
|
CFC887C000
|
unkown
|
page read and write
|
|
|
|
298DD920000
|
unkown image
|
page readonly
|
|
|
|
296D8A29000
|
unkown
|
page read and write
|
|
|
|
20C6AC00000
|
heap private
|
page read and write
|
|
|
|
16A22559000
|
unkown
|
page read and write
|
|
|
|
16A22566000
|
unkown
|
page read and write
|
|
|
|
7FF4F830A000
|
unkown image
|
page readonly
|
|
|
|
7F950000
|
unkown image
|
page readonly
|
|
|
|
1918EB80000
|
unkown
|
page read and write
|
|
|
|
7FF558252000
|
unkown image
|
page readonly
|
|
|
|
22160602000
|
unkown
|
page read and write
|
|
|
|
7FF5AE491000
|
unkown image
|
page readonly
|
|
|
|
2215EA48000
|
unkown
|
page read and write
|
|
|
|
7DF5B5DA0000
|
unkown image
|
page readonly
|
|
|
|
7FCF0000
|
unkown image
|
page readonly
|
|
|
|
20D888D0000
|
unkown image
|
page readonly
|
|
|
|
7FF56294A000
|
unkown image
|
page readonly
|
|
|
|
1918EC2A000
|
unkown
|
page read and write
|
|
|
|
7DF5915A2000
|
unkown image
|
page readonly
|
|
|
|
2215E970000
|
heap private
|
page read and write
|
|
|
|
20D8843C000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC110000
|
unkown image
|
page readonly
|
|
|
|
287E000
|
unkown image
|
page readonly
|
|
|
|
7FF583827000
|
unkown image
|
page readonly
|
|
|
|
7DF505F70000
|
unkown image
|
page readonly
|
|
|
|
16A2256B000
|
unkown
|
page read and write
|
|
|
|
16A225A6000
|
unkown
|
page read and write
|
|
|
|
5D93BFF000
|
stack
|
page read and write
|
|
|
|
16A22511000
|
unkown
|
page read and write
|
|
|
|
1456B840000
|
unkown image
|
page readonly
|
|
|
|
7FF514C81000
|
unkown image
|
page readonly
|
|
|
|
16A21C5C000
|
unkown
|
page read and write
|
|
|
|
25F8DEB0000
|
unkown image
|
page readonly
|
|
|
|
990000
|
unkown image
|
page readonly
|
|
|
|
7FF4F8226000
|
unkown image
|
page readonly
|
|
|
|
2215EA58000
|
unkown
|
page read and write
|
|
|
|
2215EB02000
|
unkown
|
page read and write
|
|
|
|
7FF59957E000
|
unkown image
|
page readonly
|
|
|
|
20C6AE77000
|
unkown
|
page read and write
|
|
|
|
16A2259C000
|
unkown
|
page read and write
|
|
|
|
16A22340000
|
unkown image
|
page write copy
|
|
|
|
20C6AE6C000
|
unkown
|
page read and write
|
|
|
|
16A2258B000
|
unkown
|
page read and write
|
|
|
|
28E6000
|
unkown image
|
page readonly
|
|
|
|
7FF583931000
|
unkown image
|
page readonly
|
|
|
|
1484163D000
|
unkown
|
page read and write
|
|
|
|
2E3A000
|
unkown
|
page read and write
|
|
|
|
7FF558047000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE315000
|
unkown image
|
page readonly
|
|
|
|
296B000
|
unkown image
|
page readonly
|
|
|
|
110000
|
unkown image
|
page readonly
|
|
|
|
16A2258E000
|
unkown
|
page read and write
|
|
|
|
7FF5A80A7000
|
unkown image
|
page readonly
|
|
|
|
25F3643D000
|
unkown
|
page read and write
|
|
|
|
7FF585D97000
|
unkown image
|
page readonly
|
|
|
|
7F952000
|
unkown image
|
page readonly
|
|
|
|
7FF54A633000
|
unkown image
|
page readonly
|
|
|
|
16A22585000
|
unkown
|
page read and write
|
|
|
|
3070000
|
unkown image
|
page readonly
|
|
|
|
7FF4F8230000
|
unkown image
|
page readonly
|
|
|
|
7FF599621000
|
unkown image
|
page readonly
|
|
|
|
7FF54A62F000
|
unkown image
|
page readonly
|
|
|
|
20C6AE3C000
|
unkown
|
page read and write
|
|
|
|
7DF5915B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8125000
|
unkown image
|
page readonly
|
|
|
|
7FF585FAA000
|
unkown image
|
page readonly
|
|
|
|
7FF514BB3000
|
unkown image
|
page readonly
|
|
|
|
25F36467000
|
unkown
|
page read and write
|
|
|
|
C6384FD000
|
stack
|
page read and write
|
|
|
|
2FE1000
|
unkown
|
page read and write
|
|
|
|
7DF5B5D90000
|
unkown image
|
page readonly
|
|
|
|
16A22589000
|
unkown
|
page read and write
|
|
|
|
2988000
|
unkown image
|
page readonly
|
|
|
|
20C6AD40000
|
unkown image
|
page readonly
|
|
|
|
632000
|
unkown
|
page read and write
|
|
|
|
16A21C4E000
|
unkown
|
page read and write
|
|
|
|
7FF5021FA000
|
unkown image
|
page readonly
|
|
|
|
7DF491C00000
|
unkown image
|
page readonly
|
|
|
|
7FF585F2B000
|
unkown image
|
page readonly
|
|
|
|
2FD5000
|
unkown
|
page read and write
|
|
|
|
7FF4F82FA000
|
unkown image
|
page readonly
|
|
|
|
298DD561000
|
unkown
|
page read and write
|
|
|
|
7FF55D6BD000
|
unkown image
|
page readonly
|
|
|
|
7FF55D73B000
|
unkown image
|
page readonly
|
|
|
|
D61D37F000
|
stack
|
page read and write
|
|
|
|
7FF585EDF000
|
unkown image
|
page readonly
|
|
|
|
40E4000
|
heap private
|
page read and write
|
|
|
|
16A22513000
|
unkown
|
page read and write
|
|
|
|
14841570000
|
unkown
|
page read and write
|
|
|
|
20D88455000
|
unkown
|
page read and write
|
|
|
|
16A2259F000
|
unkown
|
page read and write
|
|
|
|
7FF58590A000
|
unkown image
|
page readonly
|
|
|
|
3180000
|
unkown image
|
page readonly
|
|
|
|
7DF593D42000
|
unkown image
|
page readonly
|
|
|
|
7FF514AEB000
|
unkown image
|
page readonly
|
|
|
|
7FF54A26D000
|
unkown image
|
page readonly
|
|
|
|
2988000
|
unkown image
|
page readonly
|
|
|
|
7FF59952F000
|
unkown image
|
page readonly
|
|
|
|
7FF5860D1000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8039000
|
unkown image
|
page readonly
|
|
|
|
7FF5627E5000
|
unkown image
|
page readonly
|
|
|
|
14841600000
|
unkown
|
page read and write
|
|
|
|
2F20000
|
heap private
|
page read and write
|
|
|
|
2F30000
|
heap default
|
page read and write
|
|
|
|
7FF586023000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE216000
|
unkown image
|
page readonly
|
|
|
|
7DF5A7290000
|
unkown image
|
page readonly
|
|
|
|
1C2AE613000
|
unkown
|
page read and write
|
|
|
|
2215ECD0000
|
unkown image
|
page readonly
|
|
|
|
1C2AE651000
|
unkown
|
page read and write
|
|
|
|
7DF5A7290000
|
unkown image
|
page readonly
|
|
|
|
7FF58385E000
|
unkown image
|
page readonly
|
|
|
|
7DF4B9FC0000
|
unkown image
|
page readonly
|
|
|
|
28C5000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC102000
|
unkown image
|
page readonly
|
|
|
|
CFC88FE000
|
stack
|
page read and write
|
|
|
|
7FF562869000
|
unkown image
|
page readonly
|
|
|
|
7FF514B9F000
|
unkown image
|
page readonly
|
|
|
|
27B5000
|
unkown image
|
page readonly
|
|
|
|
7FF55D07F000
|
unkown image
|
page readonly
|
|
|
|
3040000
|
heap private
|
page read and write
|
|
|
|
7FF599604000
|
unkown image
|
page readonly
|
|
|
|
25F8E270000
|
unkown
|
page read and write
|
|
|
|
16A22569000
|
unkown
|
page read and write
|
|
|
|
AAA847F000
|
stack
|
page read and write
|
|
|
|
20C6AF00000
|
unkown
|
page read and write
|
|
|
|
2976000
|
unkown image
|
page readonly
|
|
|
|
7FF4F828A000
|
unkown image
|
page readonly
|
|
|
|
14841613000
|
unkown
|
page read and write
|
|
|
|
298DD580000
|
unkown
|
page read and write
|
|
|
|
1D0000
|
unkown image
|
page readonly
|
|
|
|
7FF585A4C000
|
unkown image
|
page readonly
|
|
|
|
7FF58392A000
|
unkown image
|
page readonly
|
|
|
|
CFC8C7E000
|
stack
|
page read and write
|
|
|
|
28CF000
|
unkown image
|
page readonly
|
|
|
|
7FF562441000
|
unkown image
|
page readonly
|
|
|
|
2894000
|
unkown image
|
page readonly
|
|
|
|
1C2AE62A000
|
unkown
|
page read and write
|
|
|
|
7FF56288E000
|
unkown image
|
page readonly
|
|
|
|
296D8A6F000
|
unkown
|
page read and write
|
|
|
|
7FF55D687000
|
unkown image
|
page readonly
|
|
|
|
7F960000
|
unkown image
|
page readonly
|
|
|
|
2EA0000
|
unkown image
|
page readonly
|
|
|
|
298DD500000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE387000
|
unkown image
|
page readonly
|
|
|
|
296D8A44000
|
unkown
|
page read and write
|
|
|
|
7FF5A812E000
|
unkown image
|
page readonly
|
|
|
|
14841E02000
|
unkown
|
page read and write
|
|
|
|
16A21C8A000
|
unkown
|
page read and write
|
|
|
|
1918EC13000
|
unkown
|
page read and write
|
|
|
|
7DF5A72A0000
|
unkown image
|
page readonly
|
|
|
|
25F8D800000
|
unkown image
|
page readonly
|
|
|
|
7FF5ADB93000
|
unkown image
|
page readonly
|
|
|
|
1456B840000
|
unkown image
|
page readonly
|
|
|
|
7F622000
|
unkown image
|
page readonly
|
|
|
|
7FF514B15000
|
unkown image
|
page readonly
|
|
|
|
7FF54A269000
|
unkown image
|
page readonly
|
|
|
|
20C6AE72000
|
unkown
|
page read and write
|
|
|
|
AAA877E000
|
stack
|
page read and write
|
|
|
|
16A22A02000
|
unkown
|
page read and write
|
|
|
|
7FF5AE25D000
|
unkown image
|
page readonly
|
|
|
|
1C2AEB90000
|
unkown
|
page read and write
|
|
|
|
2885000
|
unkown image
|
page readonly
|
|
|
|
2215EA59000
|
unkown
|
page read and write
|
|
|
|
7FF58602E000
|
unkown image
|
page readonly
|
|
|
|
7FF5628D7000
|
unkown image
|
page readonly
|
|
|
|
7FF54A71E000
|
unkown image
|
page readonly
|
|
|
|
28BA000
|
unkown image
|
page readonly
|
|
|
|
7FF56286F000
|
unkown image
|
page readonly
|
|
|
|
2891000
|
unkown image
|
page readonly
|
|
|
|
61A0000
|
unkown image
|
page readonly
|
|
|
|
20D88450000
|
unkown
|
page read and write
|
|
|
|
7FF585EE7000
|
unkown image
|
page readonly
|
|
|
|
16A21C49000
|
unkown
|
page read and write
|
|
|
|
221604C0000
|
unkown
|
page read and write
|
|
|
|
7FF58387B000
|
unkown image
|
page readonly
|
|
|
|
2900000
|
unkown image
|
page readonly
|
|
|
|
7F610000
|
unkown image
|
page readonly
|
|
|
|
7FF5628B3000
|
unkown image
|
page readonly
|
|
|
|
7F630000
|
unkown image
|
page readonly
|
|
|
|
7FF55827A000
|
unkown image
|
page readonly
|
|
|
|
20C6B602000
|
unkown
|
page read and write
|
|
|
|
1918EC7A000
|
unkown
|
page read and write
|
|
|
|
16A2258B000
|
unkown
|
page read and write
|
|
|
|
7FF55D937000
|
unkown image
|
page readonly
|
|
|
|
7FF4F821D000
|
unkown image
|
page readonly
|
|
|
|
7DF593D40000
|
unkown image
|
page readonly
|
|
|
|
16A2258E000
|
unkown
|
page read and write
|
|
|
|
1456B890000
|
heap default
|
page read and write
|
|
|
|
7FF5AE3EE000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE260000
|
unkown image
|
page readonly
|
|
|
|
7FF599504000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC100000
|
unkown image
|
page readonly
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
7FD02000
|
unkown image
|
page readonly
|
|
|
|
296D8B02000
|
unkown
|
page read and write
|
|
|
|
7FF5AE3C7000
|
unkown image
|
page readonly
|
|
|
|
7FF585DDB000
|
unkown image
|
page readonly
|
|
|
|
25F8D5C0000
|
unkown image
|
page readonly
|
|
|
|
148415A0000
|
unkown
|
page read and write
|
|
|
|
7FF5021E9000
|
unkown image
|
page readonly
|
|
|
|
7DF558382000
|
unkown image
|
page readonly
|
|
|
|
28D5000
|
unkown image
|
page readonly
|
|
|
|
16A22585000
|
unkown
|
page read and write
|
|
|
|
16A22598000
|
unkown
|
page read and write
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
2875000
|
unkown image
|
page readonly
|
|
|
|
16A21BE0000
|
unkown image
|
page readonly
|
|
|
|
16A21C55000
|
unkown
|
page read and write
|
|
|
|
7DF40DD40000
|
unkown image
|
page readonly
|
|
|
|
7DF5B5D92000
|
unkown image
|
page readonly
|
|
|
|
7CF0000
|
unkown
|
page read and write
|
|
|
|
25F1000
|
unkown image
|
page readonly
|
|
|
|
321A000
|
heap default
|
page read and write
|
|
|
|
7FF562730000
|
unkown image
|
page readonly
|
|
|
|
16A2257F000
|
unkown
|
page read and write
|
|
|
|
16A2254C000
|
unkown
|
page read and write
|
|
|
|
7FF55D8CF000
|
unkown image
|
page readonly
|
|
|
|
7FF54A70A000
|
unkown image
|
page readonly
|
|
|
|
7FF4F7B4A000
|
unkown image
|
page readonly
|
|
|
|
25F8D915000
|
heap private
|
page read and write
|
|
|
|
40E0000
|
heap private
|
page read and write
|
|
|
|
7FF5860A2000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7EAB000
|
unkown image
|
page readonly
|
|
|
|
2891000
|
unkown image
|
page readonly
|
|
|
|
7F510000
|
unkown image
|
page readonly
|
|
|
|
2FA7000
|
heap private
|
page read and write
|
|
|
|
7FF585F92000
|
unkown image
|
page readonly
|
|
|
|
2FDC000
|
unkown
|
page read and write
|
|
|
|
2971000
|
unkown image
|
page readonly
|
|
|
|
7FF5628DD000
|
unkown image
|
page readonly
|
|
|
|
CFC897D000
|
stack
|
page read and write
|
|
|
|
7FF5580FC000
|
unkown image
|
page readonly
|
|
|
|
7FF502133000
|
unkown image
|
page readonly
|
|
|
|
296D8B13000
|
unkown
|
page read and write
|
|
|
|
7FF585D55000
|
unkown image
|
page readonly
|
|
|
|
7DF593D32000
|
unkown image
|
page readonly
|
|
|
|
1C2AE702000
|
unkown
|
page read and write
|
|
|
|
7FF585FDF000
|
unkown image
|
page readonly
|
|
|
|
16A2258E000
|
unkown
|
page read and write
|
|
|
|
7FF5AE39F000
|
unkown image
|
page readonly
|
|
|
|
7DF5A7292000
|
unkown image
|
page readonly
|
|
|
|
7F940000
|
unkown image
|
page readonly
|
|
|
|
16A21C58000
|
unkown
|
page read and write
|
|
|
|
7FF5581F7000
|
unkown image
|
page readonly
|
|
|
|
CAAA37D000
|
stack
|
page read and write
|
|
|
|
16A22584000
|
unkown
|
page read and write
|
|
|
|
3238000
|
unkown
|
page read and write
|
|
|
|
7FF55D1B9000
|
unkown image
|
page readonly
|
|
|
|
7FF4EE121000
|
unkown image
|
page readonly
|
|
|
|
1C2AEB80000
|
unkown image
|
page readonly
|
|
|
|
7FF598E2E000
|
unkown image
|
page readonly
|
|
|
|
16A21C3C000
|
unkown
|
page read and write
|
|
|
|
3500000
|
unkown image
|
page readonly
|
|
|
|
7FF55D8B7000
|
unkown image
|
page readonly
|
|
|
|
2AB8A7E000
|
stack
|
page read and write
|
|
|
|
7DF4207C0000
|
unkown image
|
page readonly
|
|
|
|
7FF502162000
|
unkown image
|
page readonly
|
|
|
|
7F620000
|
unkown image
|
page readonly
|
|
|
|
7DF5705D2000
|
unkown image
|
page readonly
|
|
|
|
2215E980000
|
unkown image
|
page readonly
|
|
|
|
C63877F000
|
stack
|
page read and write
|
|
|
|
7FF501987000
|
unkown image
|
page readonly
|
|
|
|
7DF558382000
|
unkown image
|
page readonly
|
|
|
|
298DD550000
|
heap default
|
page read and write
|
|
|
|
20D88360000
|
unkown image
|
page read and write
|
|
|
|
7FF585EE2000
|
unkown image
|
page readonly
|
|
|
|
28F6000
|
unkown image
|
page readonly
|
|
|
|
16A21C4A000
|
unkown
|
page read and write
|
|
|
|
2EE0000
|
unkown
|
page read and write
|
|
|
|
1456B990000
|
unkown
|
page read and write
|
|
|
|
7FF54A647000
|
unkown image
|
page readonly
|
|
|
|
7DF5915B0000
|
unkown image
|
page readonly
|
|
|
|
7DF5705C2000
|
unkown image
|
page readonly
|
|
|
|
2767000
|
unkown image
|
page readonly
|
|
|
|
7FF514C74000
|
unkown image
|
page readonly
|
|
|
|
2961000
|
unkown image
|
page readonly
|
|
|
|
7FF50218D000
|
unkown image
|
page readonly
|
|
|
|
3380000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7E52000
|
unkown image
|
page readonly
|
|
|
|
20C6AC40000
|
unkown image
|
page readonly
|
|
|
|
1918ED02000
|
unkown
|
page read and write
|
|
|
|
D61D07B000
|
stack
|
page read and write
|
|
|
|
5C7787E000
|
stack
|
page read and write
|
|
|
|
7FF514B99000
|
unkown image
|
page readonly
|
|
|
|
16A2258F000
|
unkown
|
page read and write
|
|
|
|
2215F060000
|
unkown image
|
page readonly
|
|
|
|
7FF54A4BF000
|
unkown image
|
page readonly
|
|
|
|
7FD10000
|
unkown image
|
page readonly
|
|
|
|
7FF55D082000
|
unkown image
|
page readonly
|
|
|
|
16A2259B000
|
unkown
|
page read and write
|
|
|
|
5D9397E000
|
stack
|
page read and write
|
|
|
|
7DF5BC0F0000
|
unkown image
|
page readonly
|
|
|
|
7DF5A7282000
|
unkown image
|
page readonly
|
|
|
|
621000
|
unkown
|
page read and write
|
|
|
|
1C2AE63C000
|
unkown
|
page read and write
|
|
|
|
7DF50FE72000
|
unkown image
|
page readonly
|
|
|
|
7FF55818F000
|
unkown image
|
page readonly
|
|
|
|
28AA000
|
unkown image
|
page readonly
|
|
|
|
1C2AE510000
|
unkown image
|
page readonly
|
|
|
|
5C7754B000
|
unkown
|
page read and write
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
7FF54A603000
|
unkown image
|
page readonly
|
|
|
|
7FF558006000
|
unkown image
|
page readonly
|
|
|
|
7FD10000
|
unkown image
|
page readonly
|
|
|
|
25F36513000
|
unkown
|
page read and write
|
|
|
|
158A7FC000
|
stack
|
page read and write
|
|
|
|
7FF54A711000
|
unkown image
|
page readonly
|
|
|
|
7FF55D9A4000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7E7E000
|
unkown image
|
page readonly
|
|
|
|
1C2AE3D0000
|
heap private
|
page read and write
|
|
|
|
7FF585E89000
|
unkown image
|
page readonly
|
|
|
|
16A2258E000
|
unkown
|
page read and write
|
|
|
|
25F36471000
|
unkown
|
page read and write
|
|
|
|
7FF55792F000
|
unkown image
|
page readonly
|
|
|
|
22160702000
|
unkown
|
page read and write
|
|
|
|
C63837F000
|
stack
|
page read and write
|
|
|
|
7FF55D93D000
|
unkown image
|
page readonly
|
|
|
|
7DF56B632000
|
unkown image
|
page readonly
|
|
|
|
2897000
|
unkown image
|
page readonly
|
|
|
|
CAAA9FF000
|
stack
|
page read and write
|
|
|
|
7FF502116000
|
unkown image
|
page readonly
|
|
|
|
61C000
|
unkown
|
page read and write
|
|
|
|
7FF55D31D000
|
unkown image
|
page readonly
|
|
|
|
7FF5628BE000
|
unkown image
|
page readonly
|
|
|
|
7FF54A69D000
|
unkown image
|
page readonly
|
|
|
|
7FF502201000
|
unkown image
|
page readonly
|
|
|
|
7DF50FE80000
|
unkown image
|
page readonly
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
7FF514A5D000
|
unkown image
|
page readonly
|
|
|
|
20D88A50000
|
unkown image
|
page readonly
|
|
|
|
25F36600000
|
unkown image
|
page readonly
|
|
|
|
5D9387B000
|
unkown
|
page read and write
|
|
|
|
7FF585BB7000
|
unkown image
|
page readonly
|
|
|
|
7FF55D1B5000
|
unkown image
|
page readonly
|
|
|
|
16A225CF000
|
unkown
|
page read and write
|
|
|
|
2983000
|
unkown image
|
page readonly
|
|
|
|
700000
|
unkown
|
page read and write
|
|
|
|
7DF522900000
|
unkown image
|
page readonly
|
|
|
|
7DF50FE82000
|
unkown image
|
page readonly
|
|
|
|
7F630000
|
unkown image
|
page readonly
|
|
|
|
7FF55D9BA000
|
unkown image
|
page readonly
|
|
|
|
7FF599540000
|
unkown image
|
page readonly
|
|
|
|
27BC000
|
unkown image
|
page readonly
|
|
|
|
7DF505F72000
|
unkown image
|
page readonly
|
|
|
|
2FD0000
|
unkown
|
page read and write
|
|
|
|
7FF55D746000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8102000
|
unkown image
|
page readonly
|
|
|
|
296D9202000
|
unkown
|
page read and write
|
|
|
|
25F8E4C0000
|
unkown
|
page read and write
|
|
|
|
2E5A000
|
unkown
|
page read and write
|
|
|
|
2FD3000
|
heap default
|
page read and write
|
|
|
|
7FF5A808E000
|
unkown image
|
page readonly
|
|
|
|
25F8D920000
|
unkown
|
page read and write
|
|
|
|
6270000
|
unkown
|
page read and write
|
|
|
|
25F36310000
|
unkown image
|
page readonly
|
|
|
|
298DD525000
|
heap private
|
page read and write
|
|
|
|
7DF4B3C60000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC102000
|
unkown image
|
page readonly
|
|
|
|
1918EC5A000
|
unkown
|
page read and write
|
|
|
|
7DF4A5150000
|
unkown image
|
page readonly
|
|
|
|
272000
|
unkown
|
page read and write
|
|
|
|
7FF54A404000
|
unkown image
|
page readonly
|
|
|
|
CB7007F000
|
stack
|
page read and write
|
|
|
|
7FF55D9C1000
|
unkown image
|
page readonly
|
|
|
|
16A21CB1000
|
unkown
|
page read and write
|
|
|
|
158ACFF000
|
stack
|
page read and write
|
|
|
|
7FF5995F2000
|
unkown image
|
page readonly
|
|
|
|
7FF501A99000
|
unkown image
|
page readonly
|
|
|
|
7DF5915A2000
|
unkown image
|
page readonly
|
|
|
|
7FF5A795D000
|
unkown image
|
page readonly
|
|
|
|
7FF54A67E000
|
unkown image
|
page readonly
|
|
|
|
7FF586047000
|
unkown image
|
page readonly
|
|
|
|
7FF514C62000
|
unkown image
|
page readonly
|
|
|
|
3238000
|
unkown
|
page read and write
|
|
|
|
25F8D5E0000
|
unkown
|
page read and write
|
|
|
|
CB6FEFF000
|
stack
|
page read and write
|
|
|
|
CAAA7FC000
|
stack
|
page read and write
|
|
|
|
16A2258E000
|
unkown
|
page read and write
|
|
|
|
7FF5A7C97000
|
unkown image
|
page readonly
|
|
|
|
2BF0000
|
unkown image
|
page readonly
|
|
|
|
7DF565EE2000
|
unkown image
|
page readonly
|
|
|
|
7FF4F826E000
|
unkown image
|
page readonly
|
|
|
|
7FF50215B000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7C83000
|
unkown image
|
page readonly
|
|
|
|
298DD460000
|
unkown image
|
page readonly
|
|
|
|
1918EC66000
|
unkown
|
page read and write
|
|
|
|
DB5000
|
unkown image
|
page readonly
|
|
|
|
AAA7F7C000
|
stack
|
page read and write
|
|
|
|
7DF46E490000
|
unkown image
|
page readonly
|
|
|
|
7DFDF0E62000
|
unkown image
|
page readonly
|
|
|
|
1918F250000
|
unkown image
|
page readonly
|
|
|
|
28E6000
|
unkown image
|
page readonly
|
|
|
|
7FF585F25000
|
unkown image
|
page readonly
|
|
|
|
287B000
|
unkown image
|
page readonly
|
|
|
|
49DD000
|
stack
|
page read and write
|
|
|
|
16A22596000
|
unkown
|
page read and write
|
|
|
|
16A22598000
|
unkown
|
page read and write
|
|
|
|
7FF558280000
|
unkown image
|
page readonly
|
|
|
|
1918EC3B000
|
unkown
|
page read and write
|
|
|
|
7FF5581CB000
|
unkown image
|
page readonly
|
|
|
|
7FF54A09C000
|
unkown image
|
page readonly
|
|
|
|
16A21B40000
|
unkown image
|
page readonly
|
|
|
|
7FF56295A000
|
unkown image
|
page readonly
|
|
|
|
7FF55D83C000
|
unkown image
|
page readonly
|
|
|
|
7DF5583A0000
|
unkown image
|
page readonly
|
|
|
|
25F8D570000
|
unkown image
|
page read and write
|
|
|
|
7FF5A7E26000
|
unkown image
|
page readonly
|
|
|
|
7FF55D1E4000
|
unkown image
|
page readonly
|
|
|
|
16A2256A000
|
unkown
|
page read and write
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
296D933A000
|
unkown
|
page read and write
|
|
|
|
1456BE00000
|
unkown image
|
page readonly
|
|
|
|
28DD000
|
unkown image
|
page readonly
|
|
|
|
7FF583931000
|
unkown image
|
page readonly
|
|
|
|
2215E9A0000
|
unkown image
|
page readonly
|
|
|
|
296D8960000
|
unkown image
|
page readonly
|
|
|
|
7FF583857000
|
unkown image
|
page readonly
|
|
|
|
AAA7E7F000
|
stack
|
page read and write
|
|
|
|
16A225C9000
|
unkown
|
page read and write
|
|
|
|
78A000
|
heap private
|
page read and write
|
|
|
|
7D1E000
|
stack
|
page read and write
|
|
|
|
7DF456250000
|
unkown image
|
page readonly
|
|
|
|
25F36980000
|
unkown image
|
page readonly
|
|
|
|
7FF514BB0000
|
unkown image
|
page readonly
|
|
|
|
7DF522910000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE3DB000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE474000
|
unkown image
|
page readonly
|
|
|
|
7FF585CA4000
|
unkown image
|
page readonly
|
|
|
|
286B000
|
unkown image
|
page readonly
|
|
|
|
7DF5705C2000
|
unkown image
|
page readonly
|
|
|
|
7FF502205000
|
unkown image
|
page readonly
|
|
|
|
7FF50211F000
|
unkown image
|
page readonly
|
|
|
|
25F8D590000
|
unkown image
|
page readonly
|
|
|
|
7FF54A640000
|
unkown image
|
page readonly
|
|
|
|
7FF54A64E000
|
unkown image
|
page readonly
|
|
|
|
CAAA6FF000
|
stack
|
page read and write
|
|
|
|
7FF5860CA000
|
unkown image
|
page readonly
|
|
|
|
20C6B200000
|
unkown image
|
page readonly
|
|
|
|
5F0000
|
heap default
|
page read and write
|
|
|
|
20C6AE56000
|
unkown
|
page read and write
|
|
|
|
7DF463DB0000
|
unkown image
|
page readonly
|
|
|
|
780000
|
heap private
|
page read and write
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
7FF558259000
|
unkown image
|
page readonly
|
|
|
|
2589000
|
unkown image
|
page readonly
|
|
|
|
D7C000
|
unkown image
|
page readonly
|
|
|
|
7F952000
|
unkown image
|
page readonly
|
|
|
|
7FF4F821F000
|
unkown image
|
page readonly
|
|
|
|
7FF585E2F000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8109000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE3B7000
|
unkown image
|
page readonly
|
|
|
|
7FF558163000
|
unkown image
|
page readonly
|
|
|
|
16A2257F000
|
unkown
|
page read and write
|
|
|
|
3000000
|
unkown
|
page read and write
|
|
|
|
2FAA000
|
heap private
|
page read and write
|
|
|
|
16A21C6D000
|
unkown
|
page read and write
|
|
|
|
7FF54A704000
|
unkown image
|
page readonly
|
|
|
|
297C000
|
unkown image
|
page readonly
|
|
|
|
25F8E210000
|
unkown
|
page read and write
|
|
|
|
16A22A02000
|
unkown
|
page read and write
|
|
|
|
28CB000
|
unkown image
|
page readonly
|
|
|
|
22160580000
|
unkown
|
page read and write
|
|
|
|
16A22558000
|
unkown
|
page read and write
|
|
|
|
7FF55801F000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8057000
|
unkown image
|
page readonly
|
|
|
|
25F8D590000
|
unkown image
|
page readonly
|
|
|
|
7FF514BE3000
|
unkown image
|
page readonly
|
|
|
|
16A21B30000
|
heap private
|
page read and write
|
|
|
|
7FF557FDF000
|
unkown image
|
page readonly
|
|
|
|
16A21C52000
|
unkown
|
page read and write
|
|
|
|
7FF599578000
|
unkown image
|
page readonly
|
|
|
|
618000
|
unkown
|
page read and write
|
|
|
|
7FF514771000
|
unkown image
|
page readonly
|
|
|
|
20C6ABF0000
|
unkown image
|
page read and write
|
|
|
|
7FF5581FA000
|
unkown image
|
page readonly
|
|
|
|
3241000
|
unkown
|
page read and write
|
|
|
|
20C6AF13000
|
unkown
|
page read and write
|
|
|
|
296D8ED0000
|
unkown image
|
page readonly
|
|
|
|
14841510000
|
unkown image
|
page readonly
|
|
|
|
7DF5A7280000
|
unkown image
|
page readonly
|
|
|
|
2FB0000
|
heap default
|
page read and write
|
|
|
|
7FF54A6F9000
|
unkown image
|
page readonly
|
|
|
|
2215EB18000
|
unkown
|
page read and write
|
|
|
|
22160580000
|
unkown
|
page read and write
|
|
|
|
16A21B90000
|
heap default
|
page read and write
|
|
|
|
148415A0000
|
unkown
|
page read and write
|
|
|
|
7FF5A7FE1000
|
unkown image
|
page readonly
|
|
|
|
7FF562880000
|
unkown image
|
page readonly
|
|
|
|
2983000
|
unkown image
|
page readonly
|
|
|
|
AAA817E000
|
stack
|
page read and write
|
|
|
|
296D9050000
|
unkown image
|
page readonly
|
|
|
|
25F8D7E0000
|
unkown
|
page read and write
|
|
|
|
1918EC48000
|
unkown
|
page read and write
|
|
|
|
25F36A02000
|
unkown
|
page read and write
|
|
|
|
7FF5AE241000
|
unkown image
|
page readonly
|
|
|
|
7FF599543000
|
unkown image
|
page readonly
|
|
|
|
296D8CD0000
|
unkown image
|
page readonly
|
|
|
|
1918EC62000
|
unkown
|
page read and write
|
|
|
|
296D8900000
|
unkown image
|
page readonly
|
|
|
|
2215EA49000
|
unkown
|
page read and write
|
|
|
|
7FF5A7C99000
|
unkown image
|
page readonly
|
|
|
|
7DF565EF2000
|
unkown image
|
page readonly
|
|
|
|
298DD520000
|
heap private
|
page read and write
|
|
|
|
7FF55D513000
|
unkown image
|
page readonly
|
|
|
|
7FF558041000
|
unkown image
|
page readonly
|
|
|
|
7DF522902000
|
unkown image
|
page readonly
|
|
|
|
7FF585E85000
|
unkown image
|
page readonly
|
|
|
|
148414D0000
|
unkown image
|
page read and write
|
|
|
|
16A21CA6000
|
unkown
|
page read and write
|
|
|
|
7DF4694F0000
|
unkown image
|
page readonly
|
|
|
|
1918EAF0000
|
heap private
|
page read and write
|
|
|
|
7FF5838AA000
|
unkown image
|
page readonly
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
7DF5B5DA2000
|
unkown image
|
page readonly
|
|
|
|
2954000
|
unkown image
|
page readonly
|
|
|
|
2CBD000
|
unkown
|
page read and write
|
|
|
|
7FF5AE481000
|
unkown image
|
page readonly
|
|
|
|
DA5000
|
unkown image
|
page readonly
|
|
|
|
20D8844F000
|
unkown
|
page read and write
|
|
|
|
298DD4F0000
|
unkown image
|
page readonly
|
|
|
|
25F36475000
|
unkown
|
page read and write
|
|
|
|
20D88429000
|
unkown
|
page read and write
|
|
|
|
7FF5860C1000
|
unkown image
|
page readonly
|
|
|
|
16A21B70000
|
unkown image
|
page readonly
|
|
|
|
1918EC02000
|
unkown
|
page read and write
|
|
|
|
7FF5021F4000
|
unkown image
|
page readonly
|
|
|
|
7DF565EE0000
|
unkown image
|
page readonly
|
|
|
|
20D88508000
|
unkown
|
page read and write
|
|
|
|
7FF55D9B5000
|
unkown image
|
page readonly
|
|
|
|
4F9FFB000
|
stack
|
page read and write
|
|
|
|
16A21D13000
|
unkown
|
page read and write
|
|
|
|
295B000
|
unkown image
|
page readonly
|
|
|
|
7F950000
|
unkown image
|
page readonly
|
|
|
|
1C2AE66F000
|
unkown
|
page read and write
|
|
|
|
1456BA79000
|
unkown
|
page read and write
|
|
|
|
2D82000
|
unkown
|
page read and write
|
|
|
|
7FF562939000
|
unkown image
|
page readonly
|
|
|
|
28B6000
|
unkown image
|
page readonly
|
|
|
|
7FF5A803F000
|
unkown image
|
page readonly
|
|
|
|
2215EA13000
|
unkown
|
page read and write
|
|
|
|
7FF55D8AB000
|
unkown image
|
page readonly
|
|
|
|
7FF4F8305000
|
unkown image
|
page readonly
|
|
|
|
25F8D622000
|
heap default
|
page read and write
|
|
|
|
16A21CA7000
|
unkown
|
page read and write
|
|
|
|
7F940000
|
unkown image
|
page readonly
|
|
|
|
7FF561FF8000
|
unkown image
|
page readonly
|
|
|
|
16A21B60000
|
unkown image
|
page readonly
|
|
|
|
7D20000
|
unkown
|
page read and write
|
|
|
|
2783000
|
unkown image
|
page readonly
|
|
|
|
7FF58604A000
|
unkown image
|
page readonly
|
|
|
|
5EE000
|
stack
|
page read and write
|
|
|
|
7DF5705E0000
|
unkown image
|
page readonly
|
|
|
|
7FF585C39000
|
unkown image
|
page readonly
|
|
|
|
2601000
|
unkown image
|
page readonly
|
|
|
|
20C6AE63000
|
unkown
|
page read and write
|
|
|
|
4FA5FC000
|
stack
|
page read and write
|
|
|
|
618000
|
unkown
|
page read and write
|
|
|
|
297B000
|
unkown image
|
page readonly
|
|
|
|
16A22515000
|
unkown
|
page read and write
|
|
|
|
16A2258E000
|
unkown
|
page read and write
|
|
|
|
1456BA68000
|
unkown
|
page read and write
|
|
|
|
2215EA72000
|
unkown
|
page read and write
|
|
|
|
16A2259C000
|
unkown
|
page read and write
|
|
|
|
7FF5A807B000
|
unkown image
|
page readonly
|
|
|
|
7DF56B620000
|
unkown image
|
page readonly
|
|
|
|
2BE0000
|
unkown image
|
page read and write
|
|
|
|
16A2259F000
|
unkown
|
page read and write
|
|
|
|
16A22A6A000
|
unkown
|
page read and write
|
|
|
|
7DF5705E0000
|
unkown image
|
page readonly
|
|
|
|
7DF593D30000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8121000
|
unkown image
|
page readonly
|
|
|
|
7DF56B640000
|
unkown image
|
page readonly
|
|
|
|
632000
|
unkown
|
page read and write
|
|
|
|
2FBA000
|
heap default
|
page read and write
|
|
|
|
1C2AEC02000
|
unkown
|
page read and write
|
|
|
|
1456BA64000
|
unkown
|
page read and write
|
|
|
|
16A2258E000
|
unkown
|
page read and write
|
|
|
|
1C2AE400000
|
unkown image
|
page readonly
|
|
|
|
16A22A03000
|
unkown
|
page read and write
|
|
|
|
7FF5AE48A000
|
unkown image
|
page readonly
|
|
|
|
2875000
|
unkown image
|
page readonly
|
|
|
|
7FF59960A000
|
unkown image
|
page readonly
|
|
|
|
7DF5A7280000
|
unkown image
|
page readonly
|
|
|
|
16A21C6D000
|
unkown
|
page read and write
|
|
|
|
16A22590000
|
unkown
|
page read and write
|
|
|
|
7DF56B632000
|
unkown image
|
page readonly
|
|
|
|
3255000
|
unkown
|
page read and write
|
|
|
|
7FBF0000
|
unkown image
|
page readonly
|
|
|
|
7DF505F70000
|
unkown image
|
page readonly
|
|
|
|
25F363F0000
|
unkown
|
page read and write
|
|
|
|
7FF583867000
|
unkown image
|
page readonly
|
|
|
|
7FF561FFE000
|
unkown image
|
page readonly
|
|
|
|
7FF55D692000
|
unkown image
|
page readonly
|
|
|
|
20D88470000
|
unkown
|
page read and write
|
|
|
|
294F000
|
unkown image
|
page readonly
|
|
|
|
16A225A6000
|
unkown
|
page read and write
|
|
|
|
295B000
|
unkown image
|
page readonly
|
|
|
|
7FF55818A000
|
unkown image
|
page readonly
|
|
|
|
4FA4FE000
|
stack
|
page read and write
|
|
|
|
16A2259F000
|
unkown
|
page read and write
|
|
|
|
CFC8B7F000
|
stack
|
page read and write
|
|
|
|
16A2258B000
|
unkown
|
page read and write
|
|
|
|
7FF549F4D000
|
unkown image
|
page readonly
|
|
|
|
7FF501FAA000
|
unkown image
|
page readonly
|
|
|
|
7FF562887000
|
unkown image
|
page readonly
|
|
|
|
25F8E4E0000
|
unkown
|
page read and write
|
|
|
|
16A2255B000
|
unkown
|
page read and write
|
|
|
|
7DF56B620000
|
unkown image
|
page readonly
|
|
|
|
7DF593D40000
|
unkown image
|
page readonly
|
|
|
|
16A22A02000
|
unkown
|
page read and write
|
|
|
|
7DF56B630000
|
unkown image
|
page readonly
|
|
|
|
7FF55D527000
|
unkown image
|
page readonly
|
|
|
|
16A21C4F000
|
unkown
|
page read and write
|
|
|
|
2773000
|
unkown image
|
page readonly
|
|
|
|
7F610000
|
unkown image
|
page readonly
|
|
|
|
295F000
|
unkown image
|
page readonly
|
|
|
|
16A21D16000
|
unkown
|
page read and write
|
|
|
|
14841AD0000
|
unkown image
|
page readonly
|
|
|
|
7FF4F7B46000
|
unkown image
|
page readonly
|
|
|
|
1918EC5F000
|
unkown
|
page read and write
|
|
|
|
7FF59954E000
|
unkown image
|
page readonly
|
|
|
|
5C7797B000
|
stack
|
page read and write
|
|
|
|
610000
|
unkown
|
page read and write
|
|
|
|
7DF5B5D92000
|
unkown image
|
page readonly
|
|
|
|
7FF585F51000
|
unkown image
|
page readonly
|
|
|
|
CB6FF79000
|
stack
|
page read and write
|
|
|
|
7FF514AFC000
|
unkown image
|
page readonly
|
|
|
|
20D88502000
|
unkown
|
page read and write
|
|
|
|
7FF5ADF77000
|
unkown image
|
page readonly
|
|
|
|
7FF5838A7000
|
unkown image
|
page readonly
|
|
|
|
7FF55D9AA000
|
unkown image
|
page readonly
|
|
|
|
25F8E4D0000
|
unkown
|
page readonly
|
|
|
|
7FF5AE407000
|
unkown image
|
page readonly
|
|
|
|
7FF585E21000
|
unkown image
|
page readonly
|
|
|
|
7DF50FE72000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8114000
|
unkown image
|
page readonly
|
|
|
|
CFC8BF9000
|
stack
|
page read and write
|
|
|
|
25F8DB30000
|
unkown image
|
page readonly
|
|
|
|
16A22580000
|
unkown
|
page read and write
|
|
|
|
25F8D580000
|
unkown
|
page read and write
|
|
|
|
298DD580000
|
unkown
|
page read and write
|
|
|
|
7FF585FFE000
|
unkown image
|
page readonly
|
|
|
|
7FF5581D3000
|
unkown image
|
page readonly
|
|
|
|
7E00000
|
unkown
|
page read and write
|
|
|
|
16A225B2000
|
unkown
|
page read and write
|
|
|
|
560000
|
heap default
|
page read and write
|
|
|
|
296B000
|
unkown image
|
page readonly
|
|
|
|
D61CBFE000
|
stack
|
page read and write
|
|
|
|
158A8FE000
|
stack
|
page read and write
|
|
|
|
2910000
|
unkown image
|
page readonly
|
|
|
|
28DB000
|
unkown image
|
page readonly
|
|
|
|
7FF4F8233000
|
unkown image
|
page readonly
|
|
|
|
3233000
|
heap default
|
page read and write
|
|
|
|
25F8D5B0000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC0F2000
|
unkown image
|
page readonly
|
|
|
|
AAA867F000
|
stack
|
page read and write
|
|
|
|
1918EC6E000
|
unkown
|
page read and write
|
|
|
|
2F9D000
|
stack
|
page read and write
|
|
|
|
CFC8A79000
|
stack
|
page read and write
|
|
|
|
1C2AE410000
|
unkown image
|
page readonly
|
|
|
|
7FF5836B6000
|
unkown image
|
page readonly
|
|
|
|
6F0000
|
unkown
|
page read and write
|
|
|
|
7FF583883000
|
unkown image
|
page readonly
|
|
|
|
2215EA00000
|
unkown
|
page read and write
|
|
|
|
7FF514A7B000
|
unkown image
|
page readonly
|
|
|
|
7FF58601B000
|
unkown image
|
page readonly
|
|
|
|
2988000
|
unkown image
|
page readonly
|
|
|
|
2215E960000
|
unkown image
|
page read and write
|
|
|
|
7FF501A12000
|
unkown image
|
page readonly
|
|
|
|
2767000
|
unkown image
|
page readonly
|
|
|
|
2215EA59000
|
unkown
|
page read and write
|
|
|
|
2F40000
|
unkown
|
page read and write
|
|
|
|
28DF000
|
unkown image
|
page readonly
|
|
|
|
295B000
|
unkown image
|
page readonly
|
|
|
|
7FF54A672000
|
unkown image
|
page readonly
|
|
|
|
7DF5B5D90000
|
unkown image
|
page readonly
|
|
|
|
7FF59959A000
|
unkown image
|
page readonly
|
|
|
|
298DD720000
|
unkown image
|
page readonly
|
|
|
|
2F24000
|
heap private
|
page read and write
|
|
|
|
7FF562447000
|
unkown image
|
page readonly
|
|
|
|
7DF5705D0000
|
unkown image
|
page readonly
|
|
|
|
16A223B0000
|
unkown
|
page read and write
|
|
|
|
7FF586007000
|
unkown image
|
page readonly
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
16A21CBE000
|
unkown
|
page read and write
|
|
|
|
7FF54A657000
|
unkown image
|
page readonly
|
|
|
|
1918EB50000
|
heap default
|
page read and write
|
|
|
|
7FF5AE491000
|
unkown image
|
page readonly
|
|
|
|
14841C50000
|
unkown image
|
page readonly
|
|
|
|
2777000
|
unkown image
|
page readonly
|
|
|
|
2FF2000
|
unkown
|
page read and write
|
|
|
|
298DD58D000
|
unkown
|
page read and write
|
|
|
|
1918F0D0000
|
unkown image
|
page readonly
|
|
|
|
16A22A63000
|
unkown
|
page read and write
|
|
|
|
16A22598000
|
unkown
|
page read and write
|
|
|
|
16A2258F000
|
unkown
|
page read and write
|
|
|
|
2954000
|
unkown image
|
page readonly
|
|
|
|
7FF4F825B000
|
unkown image
|
page readonly
|
|
|
|
7DF5228F2000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8131000
|
unkown image
|
page readonly
|
|
|
|
7FF585A37000
|
unkown image
|
page readonly
|
|
|
|
7FF583843000
|
unkown image
|
page readonly
|
|
|
|
4FA27F000
|
stack
|
page read and write
|
|
|
|
7FF501A28000
|
unkown image
|
page readonly
|
|
|
|
20D88500000
|
unkown
|
page read and write
|
|
|
|
4122D7F000
|
stack
|
page read and write
|
|
|
|
1918EC5C000
|
unkown
|
page read and write
|
|
|
|
5D93AFE000
|
stack
|
page read and write
|
|
|
|
20C6AE13000
|
unkown
|
page read and write
|
|
|
|
7FF5835B5000
|
unkown image
|
page readonly
|
|
|
|
16A21CF3000
|
unkown
|
page read and write
|
|
|
|
16A21C5B000
|
unkown
|
page read and write
|
|
|
|
C63887D000
|
stack
|
page read and write
|
|
|
|
7FF585FF3000
|
unkown image
|
page readonly
|
|
|
|
7FF514C91000
|
unkown image
|
page readonly
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
7FF514AE5000
|
unkown image
|
page readonly
|
|
|
|
14841659000
|
unkown
|
page read and write
|
|
|
|
28C9000
|
unkown image
|
page readonly
|
|
|
|
7FF55D8E3000
|
unkown image
|
page readonly
|
|
|
|
7FF55D75F000
|
unkown image
|
page readonly
|
|
|
|
28CB000
|
unkown image
|
page readonly
|
|
|
|
7DF5705C0000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE27B000
|
unkown image
|
page readonly
|
|
|
|
CB6FE7F000
|
stack
|
page read and write
|
|
|
|
20C6AC60000
|
heap default
|
page read and write
|
|
|
|
304A000
|
heap private
|
page read and write
|
|
|
|
16A22A02000
|
unkown
|
page read and write
|
|
|
|
148414E0000
|
heap private
|
page read and write
|
|
|
|
14841702000
|
unkown
|
page read and write
|
|
|
|
7FF585EBB000
|
unkown image
|
page readonly
|
|
|
|
7FF59959D000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE115000
|
unkown image
|
page readonly
|
|
|
|
298DDAA0000
|
unkown image
|
page readonly
|
|
|
|
7FF5ADF71000
|
unkown image
|
page readonly
|
|
|
|
7FF599573000
|
unkown image
|
page readonly
|
|
|
|
1918EC6A000
|
unkown
|
page read and write
|
|
|
|
1456BA28000
|
unkown
|
page read and write
|
|
|
|
2FD8000
|
unkown
|
page read and write
|
|
|
|
5FA000
|
heap default
|
page read and write
|
|
|
|
7FF55D8E0000
|
unkown image
|
page readonly
|
|
|
|
7FF557FA2000
|
unkown image
|
page readonly
|
|
|
|
1456BA3C000
|
unkown
|
page read and write
|
|
|
|
296D8950000
|
heap default
|
page read and write
|
|
|
|
16A22557000
|
unkown
|
page read and write
|
|
|
|
7DF403E40000
|
unkown image
|
page readonly
|
|
|
|
20C6AE52000
|
unkown
|
page read and write
|
|
|
|
28B0000
|
unkown image
|
page readonly
|
|
|
|
1918EC6C000
|
unkown
|
page read and write
|
|
|
|
1456B860000
|
unkown image
|
page readonly
|
|
|
|
7FF50207C000
|
unkown image
|
page readonly
|
|
|
|
1918EC3D000
|
unkown
|
page read and write
|
|
|
|
2FA0000
|
heap private
|
page read and write
|
|
|
|
148414F0000
|
unkown image
|
page readonly
|
|
|
|
7FF5627E1000
|
unkown image
|
page readonly
|
|
|
|
7FF54A697000
|
unkown image
|
page readonly
|
|
|
|
7FF599517000
|
unkown image
|
page readonly
|
|
|
|
2215EB00000
|
unkown
|
page read and write
|
|
|
|
20C6AC30000
|
unkown image
|
page readonly
|
|
|
|
412255E000
|
stack
|
page read and write
|
|
|
|
16A21D02000
|
unkown
|
page read and write
|
|
|
|
7FD02000
|
unkown image
|
page readonly
|
|
|
|
16A223C0000
|
unkown image
|
page read and write
|
|
|
|
7FF56276F000
|
unkown image
|
page readonly
|
|
|
|
7DF558390000
|
unkown image
|
page readonly
|
|
|
|
7FF5994E2000
|
unkown image
|
page readonly
|
|
|
|
7FF514A60000
|
unkown image
|
page readonly
|
|
|
|
7FF4F8237000
|
unkown image
|
page readonly
|
|
|
|
7FF55D06C000
|
unkown image
|
page readonly
|
|
|
|
7FF59961A000
|
unkown image
|
page readonly
|
|
|
|
7FF54A629000
|
unkown image
|
page readonly
|
|
|
|
2E00000
|
unkown image
|
page readonly
|
|
|
|
25F8D666000
|
unkown
|
page read and write
|
|
|
|
7DF558380000
|
unkown image
|
page readonly
|
|
|
|
7FF4F8301000
|
unkown image
|
page readonly
|
|
|
|
7DF50FE70000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8050000
|
unkown image
|
page readonly
|
|
|
|
7FF58604D000
|
unkown image
|
page readonly
|
|
|
|
16A225A0000
|
unkown
|
page read and write
|
|
|
|
7FF55D8E7000
|
unkown image
|
page readonly
|
|
|
|
28B9000
|
unkown image
|
page readonly
|
|
|
|
7DF593D42000
|
unkown image
|
page readonly
|
|
|
|
20D88513000
|
unkown
|
page read and write
|
|
|
|
7FF514C07000
|
unkown image
|
page readonly
|
|
|
|
7FF5627B5000
|
unkown image
|
page readonly
|
|
|
|
7FF55806B000
|
unkown image
|
page readonly
|
|
|
|
20D883E0000
|
unkown image
|
page readonly
|
|
|
|
7FF585DA2000
|
unkown image
|
page readonly
|
|
|
|
7FF5A803D000
|
unkown image
|
page readonly
|
|
|
|
4F9A8B000
|
unkown
|
page read and write
|
|
|
|
7FF585F3C000
|
unkown image
|
page readonly
|
|
|
|
1918EC4E000
|
unkown
|
page read and write
|
|
|
|
7FF585E14000
|
unkown image
|
page readonly
|
|
|
|
7FF55D912000
|
unkown image
|
page readonly
|
|
|
|
16A225A9000
|
unkown
|
page read and write
|
|
|
|
1918EC42000
|
unkown
|
page read and write
|
|
|
|
7FF5AE3BE000
|
unkown image
|
page readonly
|
|
|
|
CB000
|
unkown
|
page read and write
|
|
|
|
2215E980000
|
unkown image
|
page readonly
|
|
|
|
635000
|
unkown
|
page read and write
|
|
|
|
1456BF80000
|
unkown image
|
page readonly
|
|
|
|
16A22A02000
|
unkown
|
page read and write
|
|
|
|
20D883B0000
|
unkown image
|
page readonly
|
|
|
|
50E000
|
stack
|
page read and write
|
|
|
|
1C2AE600000
|
unkown
|
page read and write
|
|
|
|
22160580000
|
unkown
|
page read and write
|
|
|
|
2AB897E000
|
stack
|
page read and write
|
|
|
|
3230000
|
unkown
|
page read and write
|
|
|
|
D61CE7E000
|
stack
|
page read and write
|
|
|
|
16A225A7000
|
unkown
|
page read and write
|
|
|
|
25F8E540000
|
unkown
|
page read and write
|
|
|
|
C63807B000
|
stack
|
page read and write
|
|
|
|
296D8AB9000
|
unkown
|
page read and write
|
|
|
|
7FCF2000
|
unkown image
|
page readonly
|
|
|
|
D61D27F000
|
stack
|
page read and write
|
|
|
|
7FF54A537000
|
unkown image
|
page readonly
|
|
|
|
2E80000
|
unkown image
|
page readonly
|
|
|
|
2FF2000
|
unkown
|
page read and write
|
|
|
|
158A2CB000
|
unkown
|
page read and write
|
|
|
|
4FA378000
|
stack
|
page read and write
|
|
|
|
1918EB30000
|
unkown image
|
page readonly
|
|
|
|
286B000
|
unkown image
|
page readonly
|
|
|
|
7FF585A3B000
|
unkown image
|
page readonly
|
|
|
|
7FF557F47000
|
unkown image
|
page readonly
|
|
|
|
499F000
|
stack
|
page read and write
|
|
|
|
2E00000
|
unkown image
|
page readonly
|
|
|
|
7DF5705C0000
|
unkown image
|
page readonly
|
|
|
|
25F361D0000
|
unkown image
|
page readonly
|
|
|
|
2FC0000
|
unkown
|
page read and write
|
|
|
|
2AB847B000
|
unkown
|
page read and write
|
|
|
|
3047000
|
heap private
|
page read and write
|
|
|
|
1918EC74000
|
unkown
|
page read and write
|
|
|
|
28B6000
|
unkown image
|
page readonly
|
|
|
|
289B000
|
unkown image
|
page readonly
|
|
|
|
7DF565EF0000
|
unkown image
|
page readonly
|
|
|
|
7DF5228F0000
|
unkown image
|
page readonly
|
|
|
|
7F840000
|
unkown image
|
page readonly
|
|
|
|
7FF514BA3000
|
unkown image
|
page readonly
|
|
|
|
1C2AE3C0000
|
unkown image
|
page read and write
|
|
|
|
1C2AEA00000
|
unkown image
|
page readonly
|
|
|
|
16A22596000
|
unkown
|
page read and write
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
16A223B0000
|
unkown
|
page read and write
|
|
|
|
1456BB00000
|
unkown
|
page read and write
|
|
|
|
20D88C02000
|
unkown
|
page read and write
|
|
|
|
7FF55D7D2000
|
unkown image
|
page readonly
|
|
|
|
7FF557F76000
|
unkown image
|
page readonly
|
|
|
|
7FF501A9E000
|
unkown image
|
page readonly
|
|
|
|
7FD00000
|
unkown image
|
page readonly
|
|
|
|
28C5000
|
unkown image
|
page readonly
|
|
|
|
7FF54A532000
|
unkown image
|
page readonly
|
|
|
|
296D8920000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC110000
|
unkown image
|
page readonly
|
|
|
|
7FF549DE5000
|
unkown image
|
page readonly
|
|
|
|
7FF55D992000
|
unkown image
|
page readonly
|
|
|
|
16A21C6F000
|
unkown
|
page read and write
|
|
|
|
221605B0000
|
unkown image
|
page write copy
|
|
|
|
7FF583850000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE2FC000
|
unkown image
|
page readonly
|
|
|
|
2215E9B0000
|
unkown image
|
page readonly
|
|
|
|
7FF562932000
|
unkown image
|
page readonly
|
|
|
|
7DF505F80000
|
unkown image
|
page readonly
|
|
|
|
16A21BA0000
|
unkown image
|
page readonly
|
|
|
|
20D88400000
|
unkown
|
page read and write
|
|
|
|
25F8D919000
|
heap private
|
page read and write
|
|
|
|
2E7B000
|
unkown
|
page read and write
|
|
|
|
7FF514BEE000
|
unkown image
|
page readonly
|
|
|
|
25F36402000
|
unkown
|
page read and write
|
|
|
|
16A21CDF000
|
unkown
|
page read and write
|
|
|
|
28AA000
|
unkown image
|
page readonly
|
|
|
|
296D8900000
|
unkown image
|
page readonly
|
|
|
|
1C2AE68A000
|
unkown
|
page read and write
|
|
|
|
7FF599533000
|
unkown image
|
page readonly
|
|
|
|
7FF58383F000
|
unkown image
|
page readonly
|
|
|
|
1918EC83000
|
unkown
|
page read and write
|
|
|
|
7FF5AE3A3000
|
unkown image
|
page readonly
|
|
|
|
16A2258C000
|
unkown
|
page read and write
|
|
|
|
5C775CE000
|
stack
|
page read and write
|
|
|
|
495E000
|
stack
|
page read and write
|
|
|
|
AAA7CFA000
|
stack
|
page read and write
|
|
|
|
CAAA8FC000
|
stack
|
page read and write
|
|
|
|
7FF562883000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8027000
|
unkown image
|
page readonly
|
|
|
|
7FF5581A3000
|
unkown image
|
page readonly
|
|
|
|
7FF502027000
|
unkown image
|
page readonly
|
|
|
|
7FF5838AD000
|
unkown image
|
page readonly
|
|
|
|
7FF514C0A000
|
unkown image
|
page readonly
|
|
|
|
7FF562711000
|
unkown image
|
page readonly
|
|
|
|
7DF56B622000
|
unkown image
|
page readonly
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
7FF4F8311000
|
unkown image
|
page readonly
|
|
|
|
1918EC63000
|
unkown
|
page read and write
|
|
|
|
7FF55D91E000
|
unkown image
|
page readonly
|
|
|
|
7FF54A69A000
|
unkown image
|
page readonly
|
|
|
|
7FF585FF7000
|
unkown image
|
page readonly
|
|
|
|
7FCF0000
|
unkown image
|
page readonly
|
|
|
|
1C2AE700000
|
unkown
|
page read and write
|
|
|
|
7FF56272D000
|
unkown image
|
page readonly
|
|
|
|
7DF505F82000
|
unkown image
|
page readonly
|
|
|
|
CAAAAFD000
|
stack
|
page read and write
|
|
|
|
288E000
|
unkown image
|
page readonly
|
|
|
|
2215EA02000
|
unkown
|
page read and write
|
|
|
|
7FF514C8A000
|
unkown image
|
page readonly
|
|
|
|
7FF514BBE000
|
unkown image
|
page readonly
|
|
|
|
14841602000
|
unkown
|
page read and write
|
|
|
|
16A21D08000
|
unkown
|
page read and write
|
|
|
|
7F960000
|
unkown image
|
page readonly
|
|
|
|
7FF5992E0000
|
unkown image
|
page readonly
|
|
|
|
7DF565EE2000
|
unkown image
|
page readonly
|
|
|
|
4FA477000
|
stack
|
page read and write
|
|
|
|
7FF558193000
|
unkown image
|
page readonly
|
|
|
|
1918EB60000
|
unkown image
|
page readonly
|
|
|
|
7DF593D50000
|
unkown image
|
page readonly
|
|
|
|
7FF501A2A000
|
unkown image
|
page readonly
|
|
|
|
16A2257F000
|
unkown
|
page read and write
|
|
|
|
41225DE000
|
stack
|
page read and write
|
|
|
|
7FF583853000
|
unkown image
|
page readonly
|
|
|
|
7FF5992D7000
|
unkown image
|
page readonly
|
|
|
|
16A21C4B000
|
unkown
|
page read and write
|
|
|
|
7FF514BDB000
|
unkown image
|
page readonly
|
|
|
|
298DD58D000
|
unkown
|
page read and write
|
|
|
|
7FF5627BB000
|
unkown image
|
page readonly
|
|
|
|
7DF5228F2000
|
unkown image
|
page readonly
|
|
|
|
25F36477000
|
unkown
|
page read and write
|
|
|
|
276000
|
unkown
|
page read and write
|
|
|
|
1456BC00000
|
unkown image
|
page readonly
|
|
|
|
7DF591590000
|
unkown image
|
page readonly
|
|
|
|
7DF0000
|
unkown
|
page read and write
|
|
|
|
7FF5A8043000
|
unkown image
|
page readonly
|
|
|
|
25F36429000
|
unkown
|
page read and write
|
|
|
|
7FF55D8AF000
|
unkown image
|
page readonly
|
|
|
|
7FF55D58C000
|
unkown image
|
page readonly
|
|
|
|
7FF4F8311000
|
unkown image
|
page readonly
|
|
|
|
7FF599597000
|
unkown image
|
page readonly
|
|
|
|
2215F050000
|
unkown image
|
page readonly
|
|
|
|
7FF585BB1000
|
unkown image
|
page readonly
|
|
|
|
7DF5705D2000
|
unkown image
|
page readonly
|
|
|
|
7DF591590000
|
unkown image
|
page readonly
|
|
|
|
28EB000
|
unkown image
|
page readonly
|
|
|
|
7FF585FD9000
|
unkown image
|
page readonly
|
|
|
|
7FF59933A000
|
unkown image
|
page readonly
|
|
|
|
7FF583902000
|
unkown image
|
page readonly
|
|
|
|
16A22500000
|
unkown
|
page read and write
|
|
|
|
16A2256B000
|
unkown
|
page read and write
|
|
|
|
7DF565EE0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7FCE000
|
unkown image
|
page readonly
|
|
|
|
2579000
|
unkown image
|
page readonly
|
|
|
|
2215EA8A000
|
unkown
|
page read and write
|
|
|
|
7FF502211000
|
unkown image
|
page readonly
|
|
|
|
7FF585FB3000
|
unkown image
|
page readonly
|
|
|
|
14841C60000
|
unkown image
|
page readonly
|
|
|
|
16A220D0000
|
unkown image
|
page readonly
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
1456B870000
|
unkown image
|
page readonly
|
|
|
|
16A21CD6000
|
unkown
|
page read and write
|
|
|
|
7FF5A80AD000
|
unkown image
|
page readonly
|
|
|
|
298DD460000
|
unkown image
|
page readonly
|
|
|
|
25F8D65A000
|
heap default
|
page read and write
|
|
|
|
7FF5628DA000
|
unkown image
|
page readonly
|
|
|
|
2894000
|
unkown image
|
page readonly
|
|
|
|
296D9312000
|
unkown
|
page read and write
|
|
|
|
2993000
|
unkown image
|
page readonly
|
|
|
|
615000
|
unkown
|
page read and write
|
|
|
|
148418D0000
|
unkown image
|
page readonly
|
|
|
|
7FF58391A000
|
unkown image
|
page readonly
|
|
|
|
7DF48F460000
|
unkown image
|
page readonly
|
|
|
|
323C000
|
unkown
|
page read and write
|
|
|
|
7DF505F90000
|
unkown image
|
page readonly
|
|
|
|
22160500000
|
unkown
|
page read and write
|
|
|
|
25F36800000
|
unkown image
|
page readonly
|
|
|
|
1918EAE0000
|
unkown image
|
page read and write
|
|
|
|
298DD580000
|
unkown
|
page read and write
|
|
|
|
3030000
|
unkown
|
page read and write
|
|
|
|
16A21C00000
|
unkown
|
page read and write
|
|
|
|
1918EC61000
|
unkown
|
page read and write
|
|
|
|
16A225A1000
|
unkown
|
page read and write
|
|
|
|
6250000
|
unkown image
|
page readonly
|
|
|
|
16A21CC5000
|
unkown
|
page read and write
|
|
|
|
25F8D66E000
|
unkown
|
page read and write
|
|
|
|
7FF562897000
|
unkown image
|
page readonly
|
|
|
|
7FF55D7D7000
|
unkown image
|
page readonly
|
|
|
|
7DF522900000
|
unkown image
|
page readonly
|
|
|
|
4122C7E000
|
stack
|
page read and write
|
|
|
|
298DD58D000
|
unkown
|
page read and write
|
|
|
|
148415A0000
|
unkown
|
page read and write
|
|
|
|
7FF54A3F5000
|
unkown image
|
page readonly
|
|
|
|
7DF593D32000
|
unkown image
|
page readonly
|
|
|
|
7DF50FE82000
|
unkown image
|
page readonly
|
|
|
|
20D88488000
|
unkown
|
page read and write
|
|
|
|
7FF5581A0000
|
unkown image
|
page readonly
|
|
|
|
16A2256B000
|
unkown
|
page read and write
|
|
|
|
7FF5625E5000
|
unkown image
|
page readonly
|
|
|
|
5C77B77000
|
stack
|
page read and write
|
|
|
|
2998000
|
unkown image
|
page readonly
|
|
|
|
7FF54A4A6000
|
unkown image
|
page readonly
|
|
|
|
298DD576000
|
unkown
|
page read and write
|
|
|
|
22160470000
|
unkown
|
page read and write
|
|
|
|
148414F0000
|
unkown image
|
page readonly
|
|
|
|
1918EC73000
|
unkown
|
page read and write
|
|
|
|
7FF585F81000
|
unkown image
|
page readonly
|
|
|
|
16A21C29000
|
unkown
|
page read and write
|
|
|
|
1918EC64000
|
unkown
|
page read and write
|
|
|
|
25F8D618000
|
heap default
|
page read and write
|
|
|
|
632000
|
unkown
|
page read and write
|
|
|
|
613000
|
heap default
|
page read and write
|
|
|
|
7FF5A801E000
|
unkown image
|
page readonly
|
|
|
|
2215E9D0000
|
heap default
|
page read and write
|
|
|
|
7DF558380000
|
unkown image
|
page readonly
|
|
|
|
1456BF90000
|
unkown image
|
page readonly
|
|
|
|
4A00000
|
heap private
|
page read and write
|
|
|
|
4F9B8E000
|
stack
|
page read and write
|
|
|
|
7FF514C0D000
|
unkown image
|
page readonly
|
|
|
|
296D88E0000
|
unkown image
|
page read and write
|
|
|
|
120000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE47A000
|
unkown image
|
page readonly
|
|
|
|
7FF585E56000
|
unkown image
|
page readonly
|
|
|
|
7DF505F72000
|
unkown image
|
page readonly
|
|
|
|
D61D177000
|
stack
|
page read and write
|
|
|
|
10B000
|
unkown
|
page read and write
|
|
|
|
7FF5581B7000
|
unkown image
|
page readonly
|
|
|
|
25F8D610000
|
heap default
|
page read and write
|
|
|
|
2E9B000
|
unkown
|
page read and write
|
|
|
|
1C2AE3E0000
|
unkown image
|
page readonly
|
|
|
|
7FF514915000
|
unkown image
|
page readonly
|
|
|
|
7DF565EF0000
|
unkown image
|
page readonly
|
|
|
|
2998000
|
unkown image
|
page readonly
|
|
|
|
7FF4F828D000
|
unkown image
|
page readonly
|
|
|
|
7FF55D07B000
|
unkown image
|
page readonly
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
7FF502130000
|
unkown image
|
page readonly
|
|
|
|
2897000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
16A22584000
|
unkown
|
page read and write
|
|
|
|
1918EC32000
|
unkown
|
page read and write
|
|
|
|
7DF5228F0000
|
unkown image
|
page readonly
|
|
|
|
7FF54A71A000
|
unkown image
|
page readonly
|
|
|
|
2FE0000
|
unkown image
|
page readonly
|
|
|
|
297C000
|
unkown image
|
page readonly
|
|
|
|
AAA827D000
|
stack
|
page read and write
|
|
|
|
25F1000
|
unkown image
|
page readonly
|
|
|
|
16A21C13000
|
unkown
|
page read and write
|
|
|
|
7DF5915A0000
|
unkown image
|
page readonly
|
|
|
|
5AE000
|
stack
|
page read and write
|
|
|
|
7FF585FDD000
|
unkown image
|
page readonly
|
|
|
|
14841550000
|
unkown image
|
page readonly
|
|
|
|
27C5000
|
unkown image
|
page readonly
|
|
|
|
7FF55826A000
|
unkown image
|
page readonly
|
|
|
|
7FF54A5A5000
|
unkown image
|
page readonly
|
|
|
|
7DF50FE90000
|
unkown image
|
page readonly
|
|
|
|
7FF5860BA000
|
unkown image
|
page readonly
|
|
|
|
28A4000
|
unkown image
|
page readonly
|
|
|
|
7FF55D773000
|
unkown image
|
page readonly
|
|
|
|
5D93CFE000
|
stack
|
page read and write
|
|
|
|
7FF5A811A000
|
unkown image
|
page readonly
|
|
|
|
7FF4F823E000
|
unkown image
|
page readonly
|
|
|
|
2773000
|
unkown image
|
page readonly
|
|
|
|
20D883A0000
|
unkown image
|
page readonly
|
|
|
|
25F8D910000
|
heap private
|
page read and write
|
|
|
|
16A21C57000
|
unkown
|
page read and write
|
|
|
|
7DF522910000
|
unkown image
|
page readonly
|
|
|
|
7DF5583A0000
|
unkown image
|
page readonly
|
|
|
|
1456BA00000
|
unkown
|
page read and write
|
|
|
|
298C000
|
unkown image
|
page readonly
|
|
|
|
7DF505F82000
|
unkown image
|
page readonly
|
|
|
|
7FF557F52000
|
unkown image
|
page readonly
|
|
|
|
1918EC67000
|
unkown
|
page read and write
|
|
|
|
2E90000
|
unkown image
|
page readonly
|
|
|
|
1918EC45000
|
unkown
|
page read and write
|
|
|
|
25F8E4F0000
|
unkown
|
page read and write
|
|
|
|
7FF585FC7000
|
unkown image
|
page readonly
|
|
|
|
20D88380000
|
unkown image
|
page readonly
|
|
|
|
27AC000
|
unkown image
|
page readonly
|
|
|
|
25F36200000
|
unkown image
|
page readonly
|
|
|
|
B10000
|
unkown image
|
page readonly
|
|
|
|
CFC8AFB000
|
stack
|
page read and write
|
|
|
|
1918EC40000
|
unkown
|
page read and write
|
|
|
|
25F36300000
|
unkown image
|
page readonly
|
|
|
|
1456BA13000
|
unkown
|
page read and write
|
|
|
|
1918EED0000
|
unkown image
|
page readonly
|
|
|
|
16A21C4D000
|
unkown
|
page read and write
|
|
|
|
7FF5AE3E3000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC100000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE29F000
|
unkown image
|
page readonly
|
|
|
|
20D88B30000
|
unkown
|
page read and write
|
|
|
|
7FF5627CC000
|
unkown image
|
page readonly
|
|
|
|
7FF50218A000
|
unkown image
|
page readonly
|
|
|
|
7DF558392000
|
unkown image
|
page readonly
|
|
|
|
7F942000
|
unkown image
|
page readonly
|
|
|
|
7FF55D664000
|
unkown image
|
page readonly
|
|
|
|
7F612000
|
unkown image
|
page readonly
|
|
|
|
7FF557F64000
|
unkown image
|
page readonly
|
|
|
|
7FF585FE3000
|
unkown image
|
page readonly
|
|
|
|
16A225C9000
|
unkown
|
page read and write
|
|
|
|
25F36400000
|
unkown
|
page read and write
|
|
|
|
7FF54A624000
|
unkown image
|
page readonly
|
|
|
|
7DF5A7292000
|
unkown image
|
page readonly
|
|
|
|
7FF514C91000
|
unkown image
|
page readonly
|
|
|
|
5C77A7B000
|
stack
|
page read and write
|
|
|
|
7FF514A41000
|
unkown image
|
page readonly
|
|
|
|
298DD577000
|
unkown
|
page read and write
|
|
|
|
296B000
|
unkown image
|
page readonly
|
|
|
|
16A21CE9000
|
unkown
|
page read and write
|
|
|
|
14842000000
|
unkown
|
page read and write
|
|
|
|
16A2259B000
|
unkown
|
page read and write
|
|
|
|
7FF5A8013000
|
unkown image
|
page readonly
|
|
|
|
2FD8000
|
unkown
|
page read and write
|
|
|
|
7DF5B5DB0000
|
unkown image
|
page readonly
|
|
|
|
20C6AE00000
|
unkown
|
page read and write
|
|
|
|
7FF54A643000
|
unkown image
|
page readonly
|
|
|
|
1918EC58000
|
unkown
|
page read and write
|
|
|
|
16A22596000
|
unkown
|
page read and write
|
|
|
|
298DD4A0000
|
unkown
|
page read and write
|
|
|
|
7FF562873000
|
unkown image
|
page readonly
|
|
|
|
2BE0000
|
unkown image
|
page readonly
|
|
|
|
27AC000
|
unkown image
|
page readonly
|
|
|
|
2215EED0000
|
unkown image
|
page readonly
|
|
|
|
158AA7F000
|
stack
|
page read and write
|
|
|
|
16A21BC0000
|
unkown
|
page read and write
|
|
|
|
16A22A02000
|
unkown
|
page read and write
|
|
|
|
7DF50FE70000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE2E5000
|
unkown image
|
page readonly
|
|
|
|
2215EA2A000
|
unkown
|
page read and write
|
|
|
|
7FF58388E000
|
unkown image
|
page readonly
|
|
|
|
28EB000
|
unkown image
|
page readonly
|
|
|
|
1918EC7C000
|
unkown
|
page read and write
|
|
|
|
7DF522902000
|
unkown image
|
page readonly
|
|
|
|
1484162A000
|
unkown
|
page read and write
|
|
|
|
2215EB13000
|
unkown
|
page read and write
|
|
|
|
AAA837E000
|
stack
|
page read and write
|
|
|
|
7FF50220A000
|
unkown image
|
page readonly
|
|
|
|
296D8980000
|
unkown
|
page read and write
|
|
|
|
41229FB000
|
stack
|
page read and write
|
|
|
|
7FF54A5A1000
|
unkown image
|
page readonly
|
|
|
|
7DF505F90000
|
unkown image
|
page readonly
|
|
|
|
7FF55D8CD000
|
unkown image
|
page readonly
|
|
|
|
7DF558390000
|
unkown image
|
page readonly
|
|
|
|
16A21ED0000
|
unkown image
|
page readonly
|
|
|
|
298DD566000
|
heap default
|
page read and write
|
|
|
|
20D883D0000
|
heap default
|
page read and write
|
|
|
|
7FF5A8082000
|
unkown image
|
page readonly
|
|
|
|
7FF5A8088000
|
unkown image
|
page readonly
|
|
|
|
7FF562857000
|
unkown image
|
page readonly
|
|
|
|
7DF593D50000
|
unkown image
|
page readonly
|
|
|
|
CAAA5FE000
|
stack
|
page read and write
|
|
|
|
25F361F0000
|
unkown image
|
page readonly
|
|
|
|
20D8844A000
|
unkown
|
page read and write
|
|
|
|
7FF585C37000
|
unkown image
|
page readonly
|
|
|
|
7DF50FE90000
|
unkown image
|
page readonly
|
|
|
|
2FF2000
|
unkown
|
page read and write
|
|
|
|
2AB887B000
|
stack
|
page read and write
|
|
|
|
7DF5B5DB0000
|
unkown image
|
page readonly
|
|
|
|
7FF5628AB000
|
unkown image
|
page readonly
|
|
|
|
7DF558392000
|
unkown image
|
page readonly
|
|
|
|
1918EC69000
|
unkown
|
page read and write
|
|
|
|
1918EC46000
|
unkown
|
page read and write
|
|
|
|
7FCF2000
|
unkown image
|
page readonly
|
|
|
|
CB6FBBA000
|
unkown
|
page read and write
|
|
|
|
16A225CF000
|
unkown
|
page read and write
|
|
|
|
25F36413000
|
unkown
|
page read and write
|
|
|
|
7FF54A32D000
|
unkown image
|
page readonly
|
|
|
|
28FB000
|
unkown image
|
page readonly
|
|
|
|
7FF514777000
|
unkown image
|
page readonly
|
|
|
|
16A21C53000
|
unkown
|
page read and write
|
|
|
|
7FF56286D000
|
unkown image
|
page readonly
|
|
|
|
16A2255D000
|
unkown
|
page read and write
|
|
|
|
7FF54A62D000
|
unkown image
|
page readonly
|
|
|
|
CB700FD000
|
stack
|
page read and write
|
|
|
|
7FF54A66B000
|
unkown image
|
page readonly
|
|
|
|
20C6B000000
|
unkown image
|
page readonly
|
|
|
|
7FF54A4DC000
|
unkown image
|
page readonly
|
|
|
|
294F000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE399000
|
unkown image
|
page readonly
|
|
|
|
7FF583914000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE469000
|
unkown image
|
page readonly
|
|
|
|
7DF5BC0F2000
|
unkown image
|
page readonly
|
|
|
|
7FF5581A7000
|
unkown image
|
page readonly
|
|
|
|
7FF59956B000
|
unkown image
|
page readonly
|
|
|
|
2FF5000
|
unkown
|
page read and write
|
|
|
|
1C2AE708000
|
unkown
|
page read and write
|
|
|
|
7FF5A805E000
|
unkown image
|
page readonly
|
|
|
|
1456B830000
|
heap private
|
page read and write
|
|
|
|
3210000
|
heap default
|
page read and write
|
|
|
|
7FF55D529000
|
unkown image
|
page readonly
|
|
|
|
CAA9F2C000
|
unkown
|
page read and write
|
|
|
|
7DF505F80000
|
unkown image
|
page readonly
|
|
|
|
7FF558281000
|
unkown image
|
page readonly
|
|
|
|
20C6AF08000
|
unkown
|
page read and write
|
|
|
|
7FF5A7EFD000
|
unkown image
|
page readonly
|
|
|
|
2215EA3D000
|
unkown
|
page read and write
|
|
|
|
7FF514C7A000
|
unkown image
|
page readonly
|
|
|
|
7FF4F82E9000
|
unkown image
|
page readonly
|
|
|
|
20C6AF02000
|
unkown
|
page read and write
|
|
|
|
1918F402000
|
unkown
|
page read and write
|
|
|
|
1918EC60000
|
unkown
|
page read and write
|
|
|
|
7DF565EF2000
|
unkown image
|
page readonly
|
|
|
|
28A0000
|
unkown image
|
page readonly
|
|
|
|
7FF514393000
|
unkown image
|
page readonly
|
|
|
|
7FF55D93A000
|
unkown image
|
page readonly
|
|
|
|
7F622000
|
unkown image
|
page readonly
|
|
|
|
7FF514BB7000
|
unkown image
|
page readonly
|
|
|
|
7DF5B5DA0000
|
unkown image
|
page readonly
|
|
|
|
289B000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE311000
|
unkown image
|
page readonly
|
|
|
|
16A22A03000
|
unkown
|
page read and write
|
|
|
|
7FF5581DE000
|
unkown image
|
page readonly
|
|
|
|
7FF599529000
|
unkown image
|
page readonly
|
|
|
|
7FF54A721000
|
unkown image
|
page readonly
|
|
|
|
16A225B7000
|
unkown
|
page read and write
|
|
|
|
2215E9E0000
|
unkown image
|
page readonly
|
|
|
|
7FF5A7FDF000
|
unkown image
|
page readonly
|
|
|
|
7DF5B5DA2000
|
unkown image
|
page readonly
|
|
|
|
7DF56B630000
|
unkown image
|
page readonly
|
|
|
|
287E000
|
unkown image
|
page readonly
|
|
|
|
25F36502000
|
unkown
|
page read and write
|
|
|
|
25F3645B000
|
unkown
|
page read and write
|
|
|
|
158A9FD000
|
stack
|
page read and write
|
|
|
|
22160490000
|
unkown
|
page read and write
|
|
|
|
1918EB00000
|
unkown image
|
page readonly
|
|
|
|
7FF582FC7000
|
unkown image
|
page readonly
|
|
|
|
1456B970000
|
unkown image
|
page readonly
|
|
|
|
1456BB02000
|
unkown
|
page read and write
|
|
|
|
7FF583921000
|
unkown image
|
page readonly
|
|
|
|
7FF514B11000
|
unkown image
|
page readonly
|
|
|
|
158AB7D000
|
stack
|
page read and write
|
|
|
|
C637E7B000
|
unkown
|
page read and write
|
|
|
|
7FF585E9D000
|
unkown image
|
page readonly
|
|
|
|
7FF5A80AA000
|
unkown image
|
page readonly
|
|
|
|
7FF50216E000
|
unkown image
|
page readonly
|
|
|
|
25F361C0000
|
heap private
|
page read and write
|
|
|
|
1918EB00000
|
unkown image
|
page readonly
|
|
|
|
20C6AE70000
|
unkown
|
page read and write
|
|
|
|
3020000
|
unkown image
|
page readonly
|
|
|
|
1C2AE3E0000
|
unkown image
|
page readonly
|
|
|
|
CFC89FE000
|
stack
|
page read and write
|
|
|
|
70000
|
unkown image
|
page readonly
|
|
|
|
7FF557935000
|
unkown image
|
page readonly
|
|
|
|
C63857B000
|
stack
|
page read and write
|
|
|
|
28CF000
|
unkown image
|
page readonly
|
|
|
|
7FF585CA7000
|
unkown image
|
page readonly
|
|
|
|
7FF585F7F000
|
unkown image
|
page readonly
|
|
|
|
20C6B380000
|
unkown image
|
page readonly
|
|
|
|
7FF56274B000
|
unkown image
|
page readonly
|
|
|
|
28ED000
|
unkown image
|
page readonly
|
|
|
|
7FF5995F9000
|
unkown image
|
page readonly
|
|
|
|
1C2AE64C000
|
unkown
|
page read and write
|
|
|
|
298DD440000
|
unkown image
|
page read and write
|
|
|
|
25F8E200000
|
unkown
|
page read and write
|
|
|
|
25F361D0000
|
unkown image
|
page readonly
|
|
|
|
7FF55D8C9000
|
unkown image
|
page readonly
|
|
|
|
7FF514BC7000
|
unkown image
|
page readonly
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
2215EA49000
|
unkown
|
page read and write
|
|
|
|
7CAE000
|
stack
|
page read and write
|
|
|
|
C6383FC000
|
stack
|
page read and write
|
|
|
|
7D00000
|
unkown
|
page read and write
|
|
|
|
7FF5860D0000
|
unkown image
|
page readonly
|
|
|
|
7CEE000
|
stack
|
page read and write
|
|
|
|
619E000
|
stack
|
page read and write
|
|
|
|
3235000
|
unkown
|
page read and write
|
|
|
|
7FF55D999000
|
unkown image
|
page readonly
|
|
|
|
1918EC57000
|
unkown
|
page read and write
|
|
|
|
7FF54A5F1000
|
unkown image
|
page readonly
|
|
|
|
7FF585FF0000
|
unkown image
|
page readonly
|
|
|
|
7FF558151000
|
unkown image
|
page readonly
|
|
|
|
7FF55D8EE000
|
unkown image
|
page readonly
|
|
|
|
72D0000
|
unkown
|
page read and write
|
|
|
|
CAAA4FE000
|
stack
|
page read and write
|
|
|
|
4122B77000
|
stack
|
page read and write
|
|
|
|
25F8E280000
|
unkown
|
page read and write
|
|
|
|
16A2258E000
|
unkown
|
page read and write
|
|
|
|
7DF5A72A0000
|
unkown image
|
page readonly
|
|
|
|
787000
|
heap private
|
page read and write
|
|
|
|
1456B820000
|
unkown image
|
page read and write
|
|
|
|
1918EC44000
|
unkown
|
page read and write
|
|
|
|
1918EB20000
|
unkown image
|
page readonly
|
|
|
|
27B5000
|
unkown image
|
page readonly
|
|
|
|
7FF585E16000
|
unkown image
|
page readonly
|
|
|
|
CB6FFFA000
|
stack
|
page read and write
|
|
|
|
7FF58383D000
|
unkown image
|
page readonly
|
|
|
|
7FF4F8263000
|
unkown image
|
page readonly
|
|
|
|
7FF558177000
|
unkown image
|
page readonly
|
|
|
|
2961000
|
unkown image
|
page readonly
|
|
|
|
7FF558271000
|
unkown image
|
page readonly
|
|
|
|
7FF5021E2000
|
unkown image
|
page readonly
|
|
|
|
1918EC5D000
|
unkown
|
page read and write
|
|
|
|
7FF54A59B000
|
unkown image
|
page readonly
|
|
|
|
1C2AE67C000
|
unkown
|
page read and write
|
|
|
|
16A225B2000
|
unkown
|
page read and write
|
|
|
|
28A0000
|
unkown image
|
page readonly
|
|
|
|
25F8D66E000
|
unkown
|
page read and write
|
|
|
|
16A2258E000
|
unkown
|
page read and write
|
|
|
|
1C2AE800000
|
unkown image
|
page readonly
|
|
|
|
7FF514A9F000
|
unkown image
|
page readonly
|
|
|
|
14841520000
|
unkown image
|
page readonly
|
|
|
|
7FF55D90B000
|
unkown image
|
page readonly
|
|
|
|
1C2AE713000
|
unkown
|
page read and write
|
|
|
|
16A22A1D000
|
unkown
|
page read and write
|
|
|
|
7DF591592000
|
unkown image
|
page readonly
|
|
|
|
7FF514A16000
|
unkown image
|
page readonly
|
|
|
|
16A22591000
|
unkown
|
page read and write
|
|
|
|
2988000
|
unkown image
|
page readonly
|
|
|
|
294B000
|
unkown image
|
page readonly
|
|
|
|
7FF5A812A000
|
unkown image
|
page readonly
|
|
|
|
5840000
|
unkown image
|
page readonly
|
|
|
|
2CB9000
|
unkown
|
page read and write
|
|
|
|
70000
|
unkown image
|
page readonly
|
|
|
|
16A21B40000
|
unkown image
|
page readonly
|
|
|
|
20C6AD60000
|
unkown
|
page read and write
|
|
|
|
20C6AE29000
|
unkown
|
page read and write
|
|
|
|
16A22585000
|
unkown
|
page read and write
|
|
|
|
16A225BA000
|
unkown
|
page read and write
|
|
|
|
7FF54A47F000
|
unkown image
|
page readonly
|
|
|
|
7FF5994EE000
|
unkown image
|
page readonly
|
|
|
|
1918EC00000
|
unkown
|
page read and write
|
|
|
|
16A2255D000
|
unkown
|
page read and write
|
|
|
|
7FF55818D000
|
unkown image
|
page readonly
|
|
|
|
1456C202000
|
unkown
|
page read and write
|
|
|
|
1C2AE430000
|
heap default
|
page read and write
|
|
|
|
1918EC7D000
|
unkown
|
page read and write
|
|
|
|
7FF514B87000
|
unkown image
|
page readonly
|
|
|
|
7FF4EE121000
|
unkown image
|
page readonly
|
|
|
|
4A04000
|
heap private
|
page read and write
|
|
|
|
C63827F000
|
stack
|
page read and write
|
|
|
|
7FF5626E6000
|
unkown image
|
page readonly
|
|
|
|
1918EC59000
|
unkown
|
page read and write
|
|
|
|
5D93DFF000
|
stack
|
page read and write
|
|
|
|
7FF59952D000
|
unkown image
|
page readonly
|
|
|
|
7FF4F8223000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE3B0000
|
unkown image
|
page readonly
|
|
|
|
C63867C000
|
stack
|
page read and write
|
|
|
|
16A22A02000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
7FF562951000
|
unkown image
|
page readonly
|
|
|
|
7FF5AE40A000
|
unkown image
|
page readonly
|
|
|
|
4122A7E000
|
stack
|
page read and write
|
|
|
|
2986000
|
unkown image
|
page readonly
|
|
|
|
7FF599547000
|
unkown image
|
page readonly
|
|
|
|
16A223B0000
|
unkown
|
page read and write
|
|
|
|
7FF599621000
|
unkown image
|
page readonly
|
|
|
|
28AB000
|
unkown image
|
page readonly
|
|
|
|
16A225A7000
|
unkown
|
page read and write
|
|
|
|
7FF55816E000
|
unkown image
|
page readonly
|
|
|
|
7FF5581AE000
|
unkown image
|
page readonly
|
|
|
|
7FF558264000
|
unkown image
|
page readonly
|
|
|
|
7F942000
|
unkown image
|
page readonly
|
|
|
|
1456BB13000
|
unkown
|
page read and write
|
|
|
|
16A2257D000
|
unkown
|
page read and write
|
|
|
|
3060000
|
heap default
|
page read and write
|
|
|
|
7DF5705D0000
|
unkown image
|
page readonly
|
|
|
|
16A2259F000
|
unkown
|
page read and write
|
|
|
|
7FF514B9D000
|
unkown image
|
page readonly
|
|
|
|
16A2256A000
|
unkown
|
page read and write
|
|
|
|
7FF5AE40D000
|
unkown image
|
page readonly
|
|
|
|
1456BA02000
|
unkown
|
page read and write
|
|
|
|
20D886D0000
|
unkown image
|
page readonly
|
|
|
|
7FF585E81000
|
unkown image
|
page readonly
|
|
|
|
7DF56B622000
|
unkown image
|
page readonly
|
|
|
|
5D938FE000
|
stack
|
page read and write
|
|
|
|
28A7000
|
unkown image
|
page readonly
|
|
|
|
2215EA65000
|
unkown
|
page read and write
|
|
|
|
5C77D7F000
|
stack
|
page read and write
|
|
|
|
2579000
|
unkown image
|
page readonly
|
|
There are 1477 hidden memdumps, click here to show them.