Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
payment8642156.xlsb
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\ProgramData\XgQXeAWeoOU.rtf
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$payment8642156.xlsb
|
data
|
dropped
|
|
|
|
C:\ProgramData\pXJSNz.txt
|
ASCII text, with no line terminators
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\89313E5E-CC0C-4CD1-B945-313065E02B9E
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\274B0EB1.png
|
PNG image data, 288 x 44, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\55F344FE.png
|
PNG image data, 237 x 336, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7A5B4E7.tmp
|
Microsoft Excel 2007+
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Q2W5VWUFL5VCMQ7JQPETG3CCTYX72Z4R25PDG[1].txt
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
\Device\ConDrv
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Q2W5VWUFL5VCMQ7JQPETG3CCTYX72Z4R25PDG[1].txt
|
ASCII text, with no line terminators
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\32440B49.png
|
PNG image data, 288 x 44, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C414A8B6.png
|
PNG image data, 237 x 336, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\5E36.tmp
|
Microsoft Excel 2007+
|
dropped
|
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\wbem\WMIC.exe
|
wmic process call create "mshta C:\ProgramData\XgQXeAWeoOU.rtf"
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\wbem\WMIC.exe
|
wmic process call create "mshta C:\ProgramData\XgQXeAWeoOU.rtf"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\mshta.exe
|
mshta C:\ProgramData\XgQXeAWeoOU.rtf
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://api.aadrm.com
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
http://132.148.135.183:8080/Q2W5VWUFL5VCMQ7JQPETG3CCTYX72Z4R25PDG
|
132.148.135.183
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://outlook.office365.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
https://api.cortana.ai
|
unknown
|
|
|
|
https://onedrive.live.com
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
There are 101 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
132.148.135.183
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
2c6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
3c6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\4CFC1
|
4CFC1
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
<v6
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
OriginalAttachmentPath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
TemporaryAttachmentName
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109A10090400000000000F01FEC\Usage
|
OutlookMAPI2Intl_1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
0 .
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2FB4F
|
2FB4F
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
j(.
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
OriginalAttachmentPath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
TemporaryAttachmentName
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400100000000F01FEC\Usage
|
OutlookMAPI2Intl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
There are 45 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2308FC3C000
|
unkown
|
page read and write
|
|
|
|
7DF5616B2000
|
unkown image
|
page readonly
|
|
|
|
2308FC98000
|
unkown
|
page read and write
|
|
|
|
6057F7B000
|
stack
|
page read and write
|
|
|
|
3B2D000
|
unkown
|
page read and write
|
|
|
|
3B29000
|
unkown
|
page read and write
|
|
|
|
7FF54C53B000
|
unkown image
|
page readonly
|
|
|
|
17A57302000
|
unkown
|
page read and write
|
|
|
|
7FF5D82B1000
|
unkown image
|
page readonly
|
|
|
|
2288DCC0000
|
unkown image
|
page readonly
|
|
|
|
7F700000
|
unkown image
|
page readonly
|
|
|
|
17A5724D000
|
unkown
|
page read and write
|
|
|
|
7F802000
|
unkown image
|
page readonly
|
|
|
|
1086000
|
unkown image
|
page readonly
|
|
|
|
7FF5B27BA000
|
unkown image
|
page readonly
|
|
|
|
7DF4EB200000
|
unkown image
|
page readonly
|
|
|
|
14547460000
|
unkown image
|
page readonly
|
|
|
|
7FF54C3CC000
|
unkown image
|
page readonly
|
|
|
|
3FA0000
|
unkown image
|
page readonly
|
|
|
|
7FF54C39A000
|
unkown image
|
page readonly
|
|
|
|
7FF54C484000
|
unkown image
|
page readonly
|
|
|
|
145472D0000
|
unkown image
|
page readonly
|
|
|
|
2288DDA0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7A55000
|
unkown image
|
page readonly
|
|
|
|
20576650000
|
unkown image
|
page readonly
|
|
|
|
7DF561520000
|
unkown image
|
page readonly
|
|
|
|
7DF5ED340000
|
unkown image
|
page readonly
|
|
|
|
7FF54C3F1000
|
unkown image
|
page readonly
|
|
|
|
7FF54C42E000
|
unkown image
|
page readonly
|
|
|
|
7FF5D808C000
|
unkown image
|
page readonly
|
|
|
|
7FF54C2F3000
|
unkown image
|
page readonly
|
|
|
|
23090A70000
|
heap private
|
page read and write
|
|
|
|
2288DE77000
|
unkown
|
page read and write
|
|
|
|
7FF54C3CF000
|
unkown image
|
page readonly
|
|
|
|
7FF54BE50000
|
unkown image
|
page readonly
|
|
|
|
7FF5D8152000
|
unkown image
|
page readonly
|
|
|
|
7FF5D823D000
|
unkown image
|
page readonly
|
|
|
|
7FF54C622000
|
unkown image
|
page readonly
|
|
|
|
3B19000
|
heap private
|
page read and write
|
|
|
|
7FF5D821E000
|
unkown image
|
page readonly
|
|
|
|
7DF5ED340000
|
unkown image
|
page readonly
|
|
|
|
2288F770000
|
heap private
|
page read and write
|
|
|
|
17A57850000
|
unkown image
|
page readonly
|
|
|
|
20576740000
|
unkown
|
page read and write
|
|
|
|
7FF5D7F18000
|
unkown image
|
page readonly
|
|
|
|
7FF54C40E000
|
unkown image
|
page readonly
|
|
|
|
20576108000
|
unkown
|
page read and write
|
|
|
|
7FF5D8239000
|
unkown image
|
page readonly
|
|
|
|
307E000
|
unkown
|
page read and write
|
|
|
|
2B79000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2861000
|
unkown image
|
page readonly
|
|
|
|
8F310E000
|
stack
|
page read and write
|
|
|
|
7FF5B27C4000
|
unkown image
|
page readonly
|
|
|
|
7FF54C49C000
|
unkown image
|
page readonly
|
|
|
|
A6C07FD000
|
stack
|
page read and write
|
|
|
|
7FF54C59E000
|
unkown image
|
page readonly
|
|
|
|
7DF5616A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7F1C000
|
unkown image
|
page readonly
|
|
|
|
F10000
|
unkown image
|
page readonly
|
|
|
|
2308FC64000
|
unkown
|
page read and write
|
|
|
|
17A570F0000
|
unkown image
|
page read and write
|
|
|
|
7DF5C78E2000
|
unkown image
|
page readonly
|
|
|
|
3AAE000
|
stack
|
page read and write
|
|
|
|
7DFEAF758000
|
unkown image
|
page readonly
|
|
|
|
2308FC58000
|
unkown
|
page read and write
|
|
|
|
35E0000
|
unkown image
|
page readonly
|
|
|
|
2288DCA0000
|
unkown image
|
page read and write
|
|
|
|
2308FC2C000
|
unkown
|
page read and write
|
|
|
|
23090A77000
|
heap private
|
page read and write
|
|
|
|
7FF5D8094000
|
unkown image
|
page readonly
|
|
|
|
17A57110000
|
unkown image
|
page readonly
|
|
|
|
14546D30000
|
unkown image
|
page readonly
|
|
|
|
2288DE22000
|
unkown
|
page read and write
|
|
|
|
348B000
|
unkown
|
page read and write
|
|
|
|
7DF561512000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7F9F000
|
unkown image
|
page readonly
|
|
|
|
14546F13000
|
unkown
|
page read and write
|
|
|
|
2D73000
|
unkown image
|
page readonly
|
|
|
|
2288F730000
|
heap private
|
page read and write
|
|
|
|
2308FF70000
|
unkown
|
page read and write
|
|
|
|
7F810000
|
unkown image
|
page readonly
|
|
|
|
7FF54C3D7000
|
unkown image
|
page readonly
|
|
|
|
2288DE7F000
|
heap default
|
page read and write
|
|
|
|
2288DE92000
|
heap default
|
page read and write
|
|
|
|
2308FC08000
|
unkown
|
page read and write
|
|
|
|
543F000
|
stack
|
page read and write
|
|
|
|
22D96FF000
|
stack
|
page read and write
|
|
|
|
348D000
|
unkown
|
page read and write
|
|
|
|
14546E00000
|
unkown
|
page read and write
|
|
|
|
2CC5000
|
unkown image
|
page readonly
|
|
|
|
7F820000
|
unkown image
|
page readonly
|
|
|
|
2309078E000
|
unkown
|
page read and write
|
|
|
|
7FF5B285A000
|
unkown image
|
page readonly
|
|
|
|
7DF5C7900000
|
unkown image
|
page readonly
|
|
|
|
22D927E000
|
stack
|
page read and write
|
|
|
|
2308FC0C000
|
unkown
|
page read and write
|
|
|
|
7FF54C48A000
|
unkown image
|
page readonly
|
|
|
|
7FF54C3A0000
|
unkown image
|
page readonly
|
|
|
|
2288DE28000
|
heap default
|
page read and write
|
|
|
|
7FF5B2631000
|
unkown image
|
page readonly
|
|
|
|
3E20000
|
unkown image
|
page readonly
|
|
|
|
7FF5D8124000
|
unkown image
|
page readonly
|
|
|
|
7FF5B275A000
|
unkown image
|
page readonly
|
|
|
|
2288DD30000
|
unkown
|
page read and write
|
|
|
|
7FF54C1F1000
|
unkown image
|
page readonly
|
|
|
|
3AEF000
|
stack
|
page read and write
|
|
|
|
2308FC38000
|
unkown
|
page read and write
|
|
|
|
7F800000
|
unkown image
|
page readonly
|
|
|
|
7FF54C584000
|
unkown image
|
page readonly
|
|
|
|
308D000
|
unkown
|
page read and write
|
|
|
|
7F820000
|
unkown image
|
page readonly
|
|
|
|
348A000
|
unkown
|
page read and write
|
|
|
|
2308FAFA000
|
unkown
|
page read and write
|
|
|
|
7FF5D7F98000
|
unkown image
|
page readonly
|
|
|
|
2288DCC0000
|
unkown image
|
page readonly
|
|
|
|
2308FBEC000
|
unkown
|
page read and write
|
|
|
|
60583FF000
|
stack
|
page read and write
|
|
|
|
22D937C000
|
stack
|
page read and write
|
|
|
|
7FF5D7F70000
|
unkown image
|
page readonly
|
|
|
|
8F3777000
|
stack
|
page read and write
|
|
|
|
23090A74000
|
heap private
|
page read and write
|
|
|
|
2288DEA7000
|
heap default
|
page read and write
|
|
|
|
7FF5D7954000
|
unkown image
|
page readonly
|
|
|
|
7FF5B266E000
|
unkown image
|
page readonly
|
|
|
|
2308FAE0000
|
unkown
|
page read and write
|
|
|
|
2288DE96000
|
heap default
|
page read and write
|
|
|
|
2308FBF0000
|
unkown
|
page read and write
|
|
|
|
2308FC30000
|
unkown
|
page read and write
|
|
|
|
7FF54C0F6000
|
unkown image
|
page readonly
|
|
|
|
23090BD5000
|
unkown
|
page read and write
|
|
|
|
20576802000
|
unkown
|
page read and write
|
|
|
|
7FF54C39E000
|
unkown image
|
page readonly
|
|
|
|
17A5723C000
|
unkown
|
page read and write
|
|
|
|
54BF000
|
stack
|
page read and write
|
|
|
|
7FF54C535000
|
unkown image
|
page readonly
|
|
|
|
336E000
|
stack
|
page read and write
|
|
|
|
14546D60000
|
heap default
|
page read and write
|
|
|
|
7FF54C61A000
|
unkown image
|
page readonly
|
|
|
|
7FF5B276A000
|
unkown image
|
page readonly
|
|
|
|
7FF54C416000
|
unkown image
|
page readonly
|
|
|
|
2B73000
|
unkown image
|
page readonly
|
|
|
|
7DF45F570000
|
unkown image
|
page readonly
|
|
|
|
22D947B000
|
stack
|
page read and write
|
|
|
|
7FF54C281000
|
unkown image
|
page readonly
|
|
|
|
7FF5B27ED000
|
unkown image
|
page readonly
|
|
|
|
2308FC20000
|
unkown
|
page read and write
|
|
|
|
2B6C000
|
unkown image
|
page readonly
|
|
|
|
6057B0B000
|
unkown
|
page read and write
|
|
|
|
20576052000
|
unkown
|
page read and write
|
|
|
|
8F35FB000
|
stack
|
page read and write
|
|
|
|
2288DCB0000
|
unkown image
|
page readonly
|
|
|
|
3530000
|
unkown
|
page read and write
|
|
|
|
230907B3000
|
unkown
|
page read and write
|
|
|
|
2288DE9E000
|
heap default
|
page read and write
|
|
|
|
7FF54C598000
|
unkown image
|
page readonly
|
|
|
|
7FF54C51C000
|
unkown image
|
page readonly
|
|
|
|
7FF54C55C000
|
unkown image
|
page readonly
|
|
|
|
3B24000
|
unkown
|
page read and write
|
|
|
|
7FF5D8214000
|
unkown image
|
page readonly
|
|
|
|
2308FC60000
|
unkown
|
page read and write
|
|
|
|
2288DE48000
|
unkown
|
page read and write
|
|
|
|
23090BF2000
|
unkown
|
page read and write
|
|
|
|
7FF5D7AC2000
|
unkown image
|
page readonly
|
|
|
|
7FF5D80FA000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2330000
|
unkown image
|
page readonly
|
|
|
|
7FF54C51A000
|
unkown image
|
page readonly
|
|
|
|
2288E300000
|
unkown image
|
page readonly
|
|
|
|
20576084000
|
unkown
|
page read and write
|
|
|
|
7DF5C78F0000
|
unkown image
|
page readonly
|
|
|
|
7FF5B275C000
|
unkown image
|
page readonly
|
|
|
|
308A000
|
unkown
|
page read and write
|
|
|
|
8F318E000
|
stack
|
page read and write
|
|
|
|
7FF5D7E9D000
|
unkown image
|
page readonly
|
|
|
|
7FF5D8253000
|
unkown image
|
page readonly
|
|
|
|
2308FBE8000
|
unkown
|
page read and write
|
|
|
|
7FF5B266B000
|
unkown image
|
page readonly
|
|
|
|
22D8FBE000
|
stack
|
page read and write
|
|
|
|
14546D90000
|
unkown
|
page read and write
|
|
|
|
7FF54C3AB000
|
unkown image
|
page readonly
|
|
|
|
14546E70000
|
unkown
|
page read and write
|
|
|
|
2288DE51000
|
unkown
|
page read and write
|
|
|
|
2308FC41000
|
unkown
|
page read and write
|
|
|
|
2C53000
|
unkown image
|
page readonly
|
|
|
|
7FF5D82A4000
|
unkown image
|
page readonly
|
|
|
|
3430000
|
heap default
|
page read and write
|
|
|
|
7FF5B2090000
|
unkown image
|
page readonly
|
|
|
|
3B13000
|
heap private
|
page read and write
|
|
|
|
8F397E000
|
stack
|
page read and write
|
|
|
|
2288DD80000
|
unkown
|
page read and write
|
|
|
|
7FF5D81BA000
|
unkown image
|
page readonly
|
|
|
|
7FF54C494000
|
unkown image
|
page readonly
|
|
|
|
20575FE0000
|
heap default
|
page read and write
|
|
|
|
7F812000
|
unkown image
|
page readonly
|
|
|
|
20576000000
|
unkown
|
page read and write
|
|
|
|
2288DD9E000
|
heap private
|
page read and write
|
|
|
|
7FF54C408000
|
unkown image
|
page readonly
|
|
|
|
EB0000
|
unkown image
|
page readonly
|
|
|
|
7DF5ED330000
|
unkown image
|
page readonly
|
|
|
|
EA0000
|
unkown image
|
page read and write
|
|
|
|
3618000
|
heap private
|
page read and write
|
|
|
|
23090BDB000
|
unkown
|
page read and write
|
|
|
|
7FF54C3FF000
|
unkown image
|
page readonly
|
|
|
|
2288DDF9000
|
unkown
|
page read and write
|
|
|
|
2308FC70000
|
unkown
|
page read and write
|
|
|
|
3B26000
|
unkown
|
page read and write
|
|
|
|
7FF5D80C3000
|
unkown image
|
page readonly
|
|
|
|
20576063000
|
unkown
|
page read and write
|
|
|
|
7FF54C117000
|
unkown image
|
page readonly
|
|
|
|
14546CF0000
|
unkown image
|
page read and write
|
|
|
|
7FF5D7A66000
|
unkown image
|
page readonly
|
|
|
|
EB0000
|
unkown image
|
page readonly
|
|
|
|
7FF54C38C000
|
unkown image
|
page readonly
|
|
|
|
7FF5D815C000
|
unkown image
|
page readonly
|
|
|
|
2288DE29000
|
unkown
|
page read and write
|
|
|
|
22D8F3B000
|
unkown
|
page read and write
|
|
|
|
7FF54C547000
|
unkown image
|
page readonly
|
|
|
|
14547450000
|
unkown image
|
page readonly
|
|
|
|
7DF5616C0000
|
unkown image
|
page readonly
|
|
|
|
35DF000
|
stack
|
page read and write
|
|
|
|
7FF54C048000
|
unkown image
|
page readonly
|
|
|
|
7FF5D8160000
|
unkown image
|
page readonly
|
|
|
|
3B10000
|
heap private
|
page read and write
|
|
|
|
7FF5D8097000
|
unkown image
|
page readonly
|
|
|
|
7FF54C419000
|
unkown image
|
page readonly
|
|
|
|
7FF5D81D7000
|
unkown image
|
page readonly
|
|
|
|
2CCF000
|
unkown image
|
page readonly
|
|
|
|
2288DE87000
|
heap default
|
page read and write
|
|
|
|
8F387E000
|
stack
|
page read and write
|
|
|
|
2288DE48000
|
heap default
|
page read and write
|
|
|
|
14546E0B000
|
unkown
|
page read and write
|
|
|
|
2057604B000
|
unkown
|
page read and write
|
|
|
|
A6BFBFF000
|
stack
|
page read and write
|
|
|
|
7FF5B26BD000
|
unkown image
|
page readonly
|
|
|
|
7DF5ED330000
|
unkown image
|
page readonly
|
|
|
|
7FF5D8236000
|
unkown image
|
page readonly
|
|
|
|
7DF5616A2000
|
unkown image
|
page readonly
|
|
|
|
2057604E000
|
unkown
|
page read and write
|
|
|
|
7F812000
|
unkown image
|
page readonly
|
|
|
|
A6BFEF7000
|
unkown
|
page read and write
|
|
|
|
7FF5D8228000
|
unkown image
|
page readonly
|
|
|
|
7FF54C52A000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7D0D000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7CF6000
|
unkown image
|
page readonly
|
|
|
|
3496000
|
unkown
|
page read and write
|
|
|
|
7FF5D7F7B000
|
unkown image
|
page readonly
|
|
|
|
2308FBF8000
|
unkown
|
page read and write
|
|
|
|
7FF5D7B77000
|
unkown image
|
page readonly
|
|
|
|
3B17000
|
heap private
|
page read and write
|
|
|
|
7DF5616B2000
|
unkown image
|
page readonly
|
|
|
|
14546E3C000
|
unkown
|
page read and write
|
|
|
|
17A57224000
|
unkown
|
page read and write
|
|
|
|
7FF54BB24000
|
unkown image
|
page readonly
|
|
|
|
17A57255000
|
unkown
|
page read and write
|
|
|
|
20575F70000
|
unkown image
|
page read and write
|
|
|
|
7FF5D7F2C000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7E1A000
|
unkown image
|
page readonly
|
|
|
|
3B12000
|
heap private
|
page read and write
|
|
|
|
7F802000
|
unkown image
|
page readonly
|
|
|
|
7FF54C492000
|
unkown image
|
page readonly
|
|
|
|
230908D0000
|
unkown image
|
page read and write
|
|
|
|
7FF5D7F86000
|
unkown image
|
page readonly
|
|
|
|
34A2000
|
unkown
|
page read and write
|
|
|
|
3A60000
|
heap private
|
page read and write
|
|
|
|
20575FB0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7974000
|
unkown image
|
page readonly
|
|
|
|
32F0000
|
unkown
|
page read and write
|
|
|
|
23090770000
|
unkown
|
page read and write
|
|
|
|
7FF5D7F24000
|
unkown image
|
page readonly
|
|
|
|
23090CD0000
|
unkown image
|
page readonly
|
|
|
|
2308FC10000
|
unkown
|
page read and write
|
|
|
|
53FE000
|
stack
|
page read and write
|
|
|
|
605807B000
|
stack
|
page read and write
|
|
|
|
14546E13000
|
unkown
|
page read and write
|
|
|
|
7FF54C105000
|
unkown image
|
page readonly
|
|
|
|
17A57300000
|
unkown
|
page read and write
|
|
|
|
7FF5D822E000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2613000
|
unkown image
|
page readonly
|
|
|
|
7FF54C3A5000
|
unkown image
|
page readonly
|
|
|
|
7FF5B27E9000
|
unkown image
|
page readonly
|
|
|
|
2288DE8E000
|
heap default
|
page read and write
|
|
|
|
7FF54C41D000
|
unkown image
|
page readonly
|
|
|
|
A6C06FF000
|
stack
|
page read and write
|
|
|
|
2C95000
|
unkown image
|
page readonly
|
|
|
|
7DF561510000
|
unkown image
|
page readonly
|
|
|
|
2288DF80000
|
unkown image
|
page readonly
|
|
|
|
7FF54C3E4000
|
unkown image
|
page readonly
|
|
|
|
7DF561530000
|
unkown image
|
page readonly
|
|
|
|
7FF5D80C8000
|
unkown image
|
page readonly
|
|
|
|
7FF54C52E000
|
unkown image
|
page readonly
|
|
|
|
2288DE22000
|
heap default
|
page read and write
|
|
|
|
2288DDEA000
|
unkown
|
page read and write
|
|
|
|
60581F7000
|
stack
|
page read and write
|
|
|
|
17A57130000
|
unkown image
|
page readonly
|
|
|
|
22D95F7000
|
stack
|
page read and write
|
|
|
|
17A57200000
|
unkown
|
page read and write
|
|
|
|
20575FC0000
|
unkown image
|
page readonly
|
|
|
|
14547602000
|
unkown
|
page read and write
|
|
|
|
2288DE7F000
|
unkown
|
page read and write
|
|
|
|
3490000
|
unkown
|
page read and write
|
|
|
|
7FF5D81C0000
|
unkown image
|
page readonly
|
|
|
|
7FF54C621000
|
unkown image
|
page readonly
|
|
|
|
7DF5C78F2000
|
unkown image
|
page readonly
|
|
|
|
2D45000
|
unkown image
|
page readonly
|
|
|
|
17A57A02000
|
unkown
|
page read and write
|
|
|
|
17A576D0000
|
unkown image
|
page readonly
|
|
|
|
7FF54C0F0000
|
unkown image
|
page readonly
|
|
|
|
14546F02000
|
unkown
|
page read and write
|
|
|
|
7FF5D812C000
|
unkown image
|
page readonly
|
|
|
|
17A57170000
|
unkown image
|
page readonly
|
|
|
|
2288DEA9000
|
heap default
|
page read and write
|
|
|
|
20576063000
|
unkown
|
page read and write
|
|
|
|
7DF561510000
|
unkown image
|
page readonly
|
|
|
|
2308FC14000
|
unkown
|
page read and write
|
|
|
|
2288DE50000
|
heap default
|
page read and write
|
|
|
|
F20000
|
unkown image
|
page readonly
|
|
|
|
2309078D000
|
unkown
|
page read and write
|
|
|
|
2288DE7B000
|
heap default
|
page read and write
|
|
|
|
7FF5B2345000
|
unkown image
|
page readonly
|
|
|
|
342E000
|
stack
|
page read and write
|
|
|
|
2308FC8C000
|
unkown
|
page read and write
|
|
|
|
2308FC1C000
|
unkown
|
page read and write
|
|
|
|
2308FC04000
|
unkown
|
page read and write
|
|
|
|
3610000
|
heap private
|
page read and write
|
|
|
|
7FF5B26C3000
|
unkown image
|
page readonly
|
|
|
|
7FF54C614000
|
unkown image
|
page readonly
|
|
|
|
7FF5D79A1000
|
unkown image
|
page readonly
|
|
|
|
7FF54C42B000
|
unkown image
|
page readonly
|
|
|
|
2D54000
|
unkown image
|
page readonly
|
|
|
|
2057604F000
|
unkown
|
page read and write
|
|
|
|
2308FC6C000
|
unkown
|
page read and write
|
|
|
|
7FF5D8057000
|
unkown image
|
page readonly
|
|
|
|
14546D00000
|
heap private
|
page read and write
|
|
|
|
2288DE3D000
|
heap default
|
page read and write
|
|
|
|
7FF54BF75000
|
unkown image
|
page readonly
|
|
|
|
7FF5B25C1000
|
unkown image
|
page readonly
|
|
|
|
7FF54C29B000
|
unkown image
|
page readonly
|
|
|
|
2308FE20000
|
unkown
|
page read and write
|
|
|
|
60582FE000
|
stack
|
page read and write
|
|
|
|
2308FC00000
|
unkown
|
page read and write
|
|
|
|
3B2A000
|
unkown
|
page read and write
|
|
|
|
2288E180000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2854000
|
unkown image
|
page readonly
|
|
|
|
22D94FE000
|
stack
|
page read and write
|
|
|
|
7FF54C55F000
|
unkown image
|
page readonly
|
|
|
|
14546D10000
|
unkown image
|
page readonly
|
|
|
|
2308FAE4000
|
unkown
|
page read and write
|
|
|
|
20575FF0000
|
unkown image
|
page readonly
|
|
|
|
2CCD000
|
unkown image
|
page readonly
|
|
|
|
17A57140000
|
unkown image
|
page readonly
|
|
|
|
2288DDB0000
|
heap default
|
page read and write
|
|
|
|
7DF5ED332000
|
unkown image
|
page readonly
|
|
|
|
7DF5C78F2000
|
unkown image
|
page readonly
|
|
|
|
7FF5B27CF000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2787000
|
unkown image
|
page readonly
|
|
|
|
6057E7D000
|
stack
|
page read and write
|
|
|
|
7DF5C78E0000
|
unkown image
|
page readonly
|
|
|
|
2CAB000
|
unkown image
|
page readonly
|
|
|
|
2288DEAB000
|
heap default
|
page read and write
|
|
|
|
7FF5D7E9A000
|
unkown image
|
page readonly
|
|
|
|
2309078A000
|
unkown
|
page read and write
|
|
|
|
2308FF20000
|
unkown image
|
page write copy
|
|
|
|
7DF5616A2000
|
unkown image
|
page readonly
|
|
|
|
7DF5616C0000
|
unkown image
|
page readonly
|
|
|
|
7FF5B27DE000
|
unkown image
|
page readonly
|
|
|
|
3B20000
|
unkown
|
page read and write
|
|
|
|
7FF54C3EA000
|
unkown image
|
page readonly
|
|
|
|
230907A2000
|
unkown
|
page read and write
|
|
|
|
7FF5B27E6000
|
unkown image
|
page readonly
|
|
|
|
17A57280000
|
unkown
|
page read and write
|
|
|
|
7FF5D81AC000
|
unkown image
|
page readonly
|
|
|
|
2288DD90000
|
heap private
|
page read and write
|
|
|
|
7DF5C78F0000
|
unkown image
|
page readonly
|
|
|
|
3550000
|
unkown
|
page read and write
|
|
|
|
2CA3000
|
unkown image
|
page readonly
|
|
|
|
2308FC34000
|
unkown
|
page read and write
|
|
|
|
2C7C000
|
unkown image
|
page readonly
|
|
|
|
20576100000
|
unkown
|
page read and write
|
|
|
|
7DF5C7900000
|
unkown image
|
page readonly
|
|
|
|
7FF5D794A000
|
unkown image
|
page readonly
|
|
|
|
2CB0000
|
unkown image
|
page readonly
|
|
|
|
2288DD10000
|
unkown
|
page read and write
|
|
|
|
7FF5B279F000
|
unkown image
|
page readonly
|
|
|
|
3090000
|
unkown
|
page read and write
|
|
|
|
7DF5ED342000
|
unkown image
|
page readonly
|
|
|
|
3C20000
|
unkown image
|
page readonly
|
|
|
|
205764D0000
|
unkown image
|
page readonly
|
|
|
|
14546E9F000
|
unkown
|
page read and write
|
|
|
|
7FF54C47D000
|
unkown image
|
page readonly
|
|
|
|
2288DEA5000
|
heap default
|
page read and write
|
|
|
|
7FF54C5A9000
|
unkown image
|
page readonly
|
|
|
|
7FF5D82B2000
|
unkown image
|
page readonly
|
|
|
|
7FF5B276E000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2770000
|
unkown image
|
page readonly
|
|
|
|
7FF5B277B000
|
unkown image
|
page readonly
|
|
|
|
7FF54C3D3000
|
unkown image
|
page readonly
|
|
|
|
7FF54BCB4000
|
unkown image
|
page readonly
|
|
|
|
A6C05FE000
|
stack
|
page read and write
|
|
|
|
2CD3000
|
unkown image
|
page readonly
|
|
|
|
8F367E000
|
stack
|
page read and write
|
|
|
|
2288F774000
|
heap private
|
page read and write
|
|
|
|
2C5C000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7F2E000
|
unkown image
|
page readonly
|
|
|
|
2309078E000
|
unkown
|
page read and write
|
|
|
|
2CC7000
|
unkown image
|
page readonly
|
|
|
|
7FF54C243000
|
unkown image
|
page readonly
|
|
|
|
7FF5D81AA000
|
unkown image
|
page readonly
|
|
|
|
7FF5B2862000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7980000
|
unkown image
|
page readonly
|
|
|
|
7FF54C38A000
|
unkown image
|
page readonly
|
|
|
|
2288DEA3000
|
heap default
|
page read and write
|
|
|
|
A6C04FF000
|
stack
|
page read and write
|
|
|
|
20575F80000
|
heap private
|
page read and write
|
|
|
|
A6C08FF000
|
stack
|
page read and write
|
|
|
|
A6C02FE000
|
stack
|
page read and write
|
|
|
|
3437000
|
heap default
|
page read and write
|
|
|
|
2C6C000
|
unkown image
|
page readonly
|
|
|
|
7DF561530000
|
unkown image
|
page readonly
|
|
|
|
7FF54BF66000
|
unkown image
|
page readonly
|
|
|
|
2288F794000
|
heap private
|
page read and write
|
|
|
|
7FF54C3F4000
|
unkown image
|
page readonly
|
|
|
|
2057603C000
|
unkown
|
page read and write
|
|
|
|
7DF5616B0000
|
unkown image
|
page readonly
|
|
|
|
20576113000
|
unkown
|
page read and write
|
|
|
|
7FF5B26D4000
|
unkown image
|
page readonly
|
|
|
|
7DF5616A0000
|
unkown image
|
page readonly
|
|
|
|
7DF561512000
|
unkown image
|
page readonly
|
|
|
|
23090A7A000
|
heap private
|
page read and write
|
|
|
|
7DF5616B0000
|
unkown image
|
page readonly
|
|
|
|
2288DDB9000
|
heap default
|
page read and write
|
|
|
|
7FF5D7DF3000
|
unkown image
|
page readonly
|
|
|
|
7FF5B27B4000
|
unkown image
|
page readonly
|
|
|
|
3487000
|
unkown
|
page read and write
|
|
|
|
7DF561520000
|
unkown image
|
page readonly
|
|
|
|
7FF54C3B7000
|
unkown image
|
page readonly
|
|
|
|
23090779000
|
unkown
|
page read and write
|
|
|
|
17A57308000
|
unkown
|
page read and write
|
|
|
|
7FF5B2651000
|
unkown image
|
page readonly
|
|
|
|
7FF5B26DC000
|
unkown image
|
page readonly
|
|
|
|
20576070000
|
unkown
|
page read and write
|
|
|
|
7FF54C567000
|
unkown image
|
page readonly
|
|
|
|
14546E29000
|
unkown
|
page read and write
|
|
|
|
3B17000
|
heap private
|
page read and write
|
|
|
|
7FF5D8088000
|
unkown image
|
page readonly
|
|
|
|
7FF54BF60000
|
unkown image
|
page readonly
|
|
|
|
343F000
|
unkown
|
page read and write
|
|
|
|
2308FC9C000
|
unkown
|
page read and write
|
|
|
|
7FF54C574000
|
unkown image
|
page readonly
|
|
|
|
17A57313000
|
unkown
|
page read and write
|
|
|
|
20576096000
|
unkown
|
page read and write
|
|
|
|
7FF54C5A6000
|
unkown image
|
page readonly
|
|
|
|
7FF5D82AA000
|
unkown image
|
page readonly
|
|
|
|
23090A80000
|
unkown
|
page read and write
|
|
|
|
7FF5D7A1B000
|
unkown image
|
page readonly
|
|
|
|
2288DD95000
|
heap private
|
page read and write
|
|
|
|
17A57190000
|
unkown
|
page read and write
|
|
|
|
2288DE50000
|
unkown
|
page read and write
|
|
|
|
2308FC84000
|
unkown
|
page read and write
|
|
|
|
2CDA000
|
unkown image
|
page readonly
|
|
|
|
23090780000
|
unkown
|
page read and write
|
|
|
|
7DF5ED342000
|
unkown image
|
page readonly
|
|
|
|
2288F790000
|
heap private
|
page read and write
|
|
|
|
17A57270000
|
unkown
|
page read and write
|
|
|
|
2C8D000
|
unkown image
|
page readonly
|
|
|
|
17A57213000
|
unkown
|
page read and write
|
|
|
|
7FF5B27A7000
|
unkown image
|
page readonly
|
|
|
|
17A57202000
|
unkown
|
page read and write
|
|
|
|
7FF5D8113000
|
unkown image
|
page readonly
|
|
|
|
2288DE87000
|
unkown
|
page read and write
|
|
|
|
20576102000
|
unkown
|
page read and write
|
|
|
|
14546D10000
|
unkown image
|
page readonly
|
|
|
|
23090BD0000
|
unkown
|
page read and write
|
|
|
|
17A57100000
|
heap private
|
page read and write
|
|
|
|
547E000
|
stack
|
page read and write
|
|
|
|
A6C03FE000
|
stack
|
page read and write
|
|
|
|
2308FCE0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D7DEF000
|
unkown image
|
page readonly
|
|
|
|
60580FE000
|
stack
|
page read and write
|
|
|
|
33AF000
|
stack
|
page read and write
|
|
|
|
2CF2000
|
unkown image
|
page readonly
|
|
|
|
2D68000
|
unkown image
|
page readonly
|
|
|
|
17A57249000
|
unkown
|
page read and write
|
|
|
|
7FF5B2336000
|
unkown image
|
page readonly
|
|
|
|
7FF5D8204000
|
unkown image
|
page readonly
|
|
|
|
7FF54C381000
|
unkown image
|
page readonly
|
|
|
|
2CB9000
|
unkown image
|
page readonly
|
|
|
|
2308FC7C000
|
unkown
|
page read and write
|
|
|
|
20575F90000
|
unkown image
|
page readonly
|
|
|
|
2308FBFC000
|
unkown
|
page read and write
|
|
|
|
34A4000
|
unkown
|
page read and write
|
|
|
|
20575F90000
|
unkown image
|
page readonly
|
|
|
|
2308FC18000
|
unkown
|
page read and write
|
|
|
|
2D62000
|
unkown image
|
page readonly
|
|
|
|
23090A40000
|
unkown
|
page read and write
|
|
|
|
17A57110000
|
unkown image
|
page readonly
|
|
|
|
7FF5D81EF000
|
unkown image
|
page readonly
|
|
|
|
7FF5D810D000
|
unkown image
|
page readonly
|
|
|
|
7FF54C30C000
|
unkown image
|
page readonly
|
|
|
|
14546D40000
|
unkown image
|
page readonly
|
|
|
|
2308FDB0000
|
unkown
|
page read and write
|
|
|
|
230907CE000
|
unkown
|
page read and write
|
|
|
|
14546D70000
|
unkown image
|
page readonly
|
|
|
|
7FF5D8106000
|
unkown image
|
page readonly
|
|
|
|
6057B8E000
|
stack
|
page read and write
|
|
|
|
23090783000
|
unkown
|
page read and write
|
|
|
|
7FF5D7E40000
|
unkown image
|
page readonly
|
|
|
|
7F810000
|
unkown image
|
page readonly
|
|
|
|
20576055000
|
unkown
|
page read and write
|
|
|
|
307A000
|
unkown
|
page read and write
|
|
|
|
7FF5B279C000
|
unkown image
|
page readonly
|
|
|
|
2308FDD0000
|
unkown image
|
page readonly
|
|
|
|
2D73000
|
unkown image
|
page readonly
|
|
|
|
7FF54C411000
|
unkown image
|
page readonly
|
|
|
|
2288E310000
|
unkown image
|
page readonly
|
|
|
|
359E000
|
stack
|
page read and write
|
|
|
|
2308FC28000
|
unkown
|
page read and write
|
|
|
|
2C9C000
|
unkown image
|
page readonly
|
|
|
|
20576046000
|
unkown
|
page read and write
|
|
|
|
7FF5D8175000
|
unkown image
|
page readonly
|
|
|
|
2308FC88000
|
unkown
|
page read and write
|
|
|
|
2308FC50000
|
unkown
|
page read and write
|
|
|
|
7FF54C58F000
|
unkown image
|
page readonly
|
|
|
|
205762D0000
|
unkown image
|
page readonly
|
|
|
|
3B2B000
|
unkown
|
page read and write
|
|
|
|
20576013000
|
unkown
|
page read and write
|
|
|
|
7FF5D8082000
|
unkown image
|
page readonly
|
|
|
|
7FF54C2ED000
|
unkown image
|
page readonly
|
|
|
|
7DF5ED350000
|
unkown image
|
page readonly
|
|
|
|
2288F740000
|
unkown
|
page read and write
|
|
|
|
7FF5D81EC000
|
unkown image
|
page readonly
|
|
|
|
2057608F000
|
unkown
|
page read and write
|
|
|
|
2288DCE0000
|
unkown image
|
page readonly
|
|
|
|
F0C000
|
unkown
|
page read and write
|
|
|
|
7DF561522000
|
unkown image
|
page readonly
|
|
|
|
7FF54C530000
|
unkown image
|
page readonly
|
|
|
|
347D000
|
unkown
|
page read and write
|
|
|
|
7FF54C2A7000
|
unkown image
|
page readonly
|
|
|
|
2FEB000
|
unkown
|
page read and write
|
|
|
|
3320000
|
heap default
|
page read and write
|
|
|
|
2057602A000
|
unkown
|
page read and write
|
|
|
|
34A1000
|
unkown
|
page read and write
|
|
|
|
17A5728B000
|
unkown
|
page read and write
|
|
|
|
7FF5B24E7000
|
unkown image
|
page readonly
|
|
|
|
3475000
|
unkown
|
page read and write
|
|
|
|
23090A72000
|
heap private
|
page read and write
|
|
|
|
7FF5B2775000
|
unkown image
|
page readonly
|
|
|
|
3442000
|
heap default
|
page read and write
|
|
|
|
7DF5C78E0000
|
unkown image
|
page readonly
|
|
|
|
2BA2000
|
unkown image
|
page readonly
|
|
|
|
2288F720000
|
unkown
|
page read and write
|
|
|
|
145470D0000
|
unkown image
|
page readonly
|
|
|
|
2288DCF0000
|
unkown image
|
page readonly
|
|
|
|
2308FC80000
|
unkown
|
page read and write
|
|
|
|
7DF5ED332000
|
unkown image
|
page readonly
|
|
|
|
7DF45F3E0000
|
unkown image
|
page readonly
|
|
|
|
3B1A000
|
heap private
|
page read and write
|
|
|
|
2CDF000
|
unkown image
|
page readonly
|
|
|
|
22D97FE000
|
stack
|
page read and write
|
|
|
|
2308FDC0000
|
unkown image
|
page readonly
|
|
|
|
14546E9A000
|
unkown
|
page read and write
|
|
|
|
2D41000
|
unkown image
|
page readonly
|
|
|
|
7FF5D81BE000
|
unkown image
|
page readonly
|
|
|
|
7FF54C57A000
|
unkown image
|
page readonly
|
|
|
|
7FF54C483000
|
unkown image
|
page readonly
|
|
|
|
7DF4C57B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D81F7000
|
unkown image
|
page readonly
|
|
|
|
7F800000
|
unkown image
|
page readonly
|
|
|
|
17A574D0000
|
unkown image
|
page readonly
|
|
|
|
7FF5D8090000
|
unkown image
|
page readonly
|
|
|
|
17A57250000
|
unkown
|
page read and write
|
|
|
|
7FF54C5AD000
|
unkown image
|
page readonly
|
|
|
|
7FF5D8183000
|
unkown image
|
page readonly
|
|
|
|
2288DDC6000
|
heap default
|
page read and write
|
|
|
|
7DF5ED350000
|
unkown image
|
page readonly
|
|
|
|
17A57160000
|
heap default
|
page read and write
|
|
|
|
7FF54C304000
|
unkown image
|
page readonly
|
|
|
|
7DF5C78E2000
|
unkown image
|
page readonly
|
|
|
|
33EE000
|
stack
|
page read and write
|
|
|
|
7FF5D81CB000
|
unkown image
|
page readonly
|
|
|
|
7FF5B27D8000
|
unkown image
|
page readonly
|
|
|
|
2308FAFD000
|
unkown
|
page read and write
|
|
|
|
7FF5D820A000
|
unkown image
|
page readonly
|
|
|
|
2288F79D000
|
heap private
|
page read and write
|
|
|
|
2288DE3D000
|
unkown
|
page read and write
|
|
|
|
7FF54C491000
|
unkown image
|
page readonly
|
|
|
|
8F308B000
|
unkown
|
page read and write
|
|
|
|
2288DDE5000
|
heap default
|
page read and write
|
|
|
|
7FF5D81C5000
|
unkown image
|
page readonly
|
|
|
|
7DF561522000
|
unkown image
|
page readonly
|
|
There are 578 hidden memdumps, click here to show them.