Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
sample2.xls.xls
|
Composite Document File V2 Document, Little Endian, Os: MacOS, Version 6.11, Code page: -535, Last Saved By: Microsoft Office
User, Name of Creating Application: Microsoft Macintosh Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Sun Nov 21 19:57:52 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\sample2.xls.xls
|
Composite Document File V2 Document, Little Endian, Os: MacOS, Version 6.11, Code page: -535, Last Saved By: Microsoft Office
User, Name of Creating Application: Microsoft Macintosh Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date:
Sun Nov 21 19:57:52 2021, Security: 0
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\3EDBDB2E-21C4-458B-81F0-642402DEC3FC
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5DA02DEB.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF4CC8EC7F64F458A9.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF620452FF3AABC9C7.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\7D1C.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF30EC3661E732423E.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF6FA4235239FD3AE0.TMP
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\test.test
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\test1.test
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\test2.test
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\test.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\test1.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\test2.test
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://login.microsoftonline.com/
|
unknown
|
|
|
|
https://shell.suite.office.com:1443
|
unknown
|
|
|
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/
|
unknown
|
|
|
|
https://roaming.edog.
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
|
|
|
https://cdn.entity.
|
unknown
|
|
|
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
|
|
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
|
|
|
https://powerlift.acompli.net
|
unknown
|
|
|
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
|
|
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
|
|
|
https://cortana.ai
|
unknown
|
|
|
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
|
|
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
|
|
|
https://api.aadrm.com/
|
unknown
|
|
|
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
|
|
|
https://api.microsoftstream.com/api/
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
|
|
|
https://cr.office.com
|
unknown
|
|
|
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
|
|
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
|
|
|
https://graph.ppe.windows.net
|
unknown
|
|
|
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
|
|
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
|
|
|
https://tasks.office.com
|
unknown
|
|
|
|
https://officeci.azurewebsites.net/api/
|
unknown
|
|
|
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
|
|
|
https://store.office.cn/addinstemplate
|
unknown
|
|
|
|
https://api.aadrm.com
|
unknown
|
|
|
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
|
|
|
https://globaldisco.crm.dynamics.com
|
unknown
|
|
|
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
|
|
|
https://www.odwebp.svc.ms
|
unknown
|
|
|
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
|
|
|
https://web.microsoftstream.com/video/
|
unknown
|
|
|
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
|
|
|
https://graph.windows.net
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/
|
unknown
|
|
|
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
|
|
|
https://analysis.windows.net/powerbi/api
|
unknown
|
|
|
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
|
|
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
|
|
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
|
|
|
https://ncus.contentsync.
|
unknown
|
|
|
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
|
|
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
|
|
|
http://weather.service.msn.com/data.aspx
|
unknown
|
|
|
|
https://apis.live.net/v5.0/
|
unknown
|
|
|
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
|
|
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
|
|
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
|
|
|
https://management.azure.com
|
unknown
|
|
|
|
https://outlook.office365.com
|
unknown
|
|
|
|
https://wus2.contentsync.
|
unknown
|
|
|
|
https://incidents.diagnostics.office.com
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
|
|
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
|
|
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
|
|
|
https://api.office.net
|
unknown
|
|
|
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
|
|
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
|
|
|
https://entitlement.diagnostics.office.com
|
unknown
|
|
|
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
|
|
|
https://outlook.office.com/
|
unknown
|
|
|
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
|
|
|
https://outlook.office365.com/
|
unknown
|
|
|
|
https://webshell.suite.office.com
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
|
|
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
|
|
|
https://management.azure.com/
|
unknown
|
|
|
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
|
|
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://graph.windows.net/
|
unknown
|
|
|
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
|
|
|
https://devnull.onenote.com
|
unknown
|
|
|
|
https://ncus.pagecontentsync.
|
unknown
|
|
|
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
|
|
|
https://messaging.office.com/
|
unknown
|
|
|
|
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
|
|
|
https://augloop.office.com/v2
|
unknown
|
|
|
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
|
unknown
|
|
|
|
https://skyapi.live.net/Activity/
|
unknown
|
|
|
|
https://clients.config.office.net/user/v1.0/mac
|
unknown
|
|
|
|
https://dataservice.o365filtering.com
|
unknown
|
|
|
|
https://api.cortana.ai
|
unknown
|
|
|
|
https://onedrive.live.com
|
unknown
|
|
|
|
https://ovisualuiapp.azurewebsites.net/pbiagave/
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
There are 101 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gupta-foods.xyz
|
51.15.56.22
|
|
|
|
gupta-airways.icu
|
51.15.56.22
|
|
|
|
gupta-technologies.sbs
|
51.15.56.22
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
51.15.56.22
|
gupta-foods.xyz
|
France
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
e '
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
f '
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\2195B
|
2195B
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSForms
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
|
MSComctlLib
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
|
ey'
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\38BE6
|
38BE6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\39D1D
|
39D1D
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General
|
FileFormatBallotBoxAppIDBootedOnce
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
r--
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2E031
|
2E031
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
>-
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\48778
|
48778
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\48EE7
|
48EE7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
There are 88 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7DF586150000
|
unkown image
|
page readonly
|
|
|
|
1036ADC6000
|
heap default
|
page read and write
|
|
|
|
1BB11E02000
|
unkown
|
page read and write
|
|
|
|
697000
|
heap private
|
page read and write
|
|
|
|
1D461650000
|
unkown
|
page read and write
|
|
|
|
1D4EE47E000
|
unkown
|
page read and write
|
|
|
|
7FF5571B5000
|
unkown image
|
page readonly
|
|
|
|
7FF53660E000
|
unkown image
|
page readonly
|
|
|
|
27D6000
|
unkown image
|
page readonly
|
|
|
|
1BB11687000
|
unkown
|
page read and write
|
|
|
|
7FF4FE927000
|
unkown image
|
page readonly
|
|
|
|
7FF591B11000
|
unkown image
|
page readonly
|
|
|
|
1D461FB0000
|
unkown
|
page read and write
|
|
|
|
6DC000
|
unkown
|
page read and write
|
|
|
|
95F207E000
|
stack
|
page read and write
|
|
|
|
7FF536BFC000
|
unkown image
|
page readonly
|
|
|
|
2A720FE000
|
stack
|
page read and write
|
|
|
|
7FF53653A000
|
unkown image
|
page readonly
|
|
|
|
1D4EE300000
|
unkown image
|
page readonly
|
|
|
|
DB708FE000
|
stack
|
page read and write
|
|
|
|
7FF57841E000
|
unkown image
|
page readonly
|
|
|
|
1D4EEC02000
|
unkown
|
page read and write
|
|
|
|
7FF59912C000
|
unkown image
|
page readonly
|
|
|
|
26EF000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown image
|
page readonly
|
|
|
|
1D4EE2F0000
|
heap private
|
page read and write
|
|
|
|
7FF522CA1000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE977000
|
unkown image
|
page readonly
|
|
|
|
7DF50C670000
|
unkown image
|
page readonly
|
|
|
|
1D4EE400000
|
unkown
|
page read and write
|
|
|
|
7FF4FE7B1000
|
unkown image
|
page readonly
|
|
|
|
7FF591B11000
|
unkown image
|
page readonly
|
|
|
|
1D462400000
|
unkown
|
page read and write
|
|
|
|
3360000
|
unkown image
|
page readonly
|
|
|
|
2706000
|
unkown image
|
page readonly
|
|
|
|
1BB11650000
|
unkown
|
page read and write
|
|
|
|
9C0000
|
heap private
|
page read and write
|
|
|
|
2AE7000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE937000
|
unkown image
|
page readonly
|
|
|
|
7FF591896000
|
unkown image
|
page readonly
|
|
|
|
7FF599292000
|
unkown image
|
page readonly
|
|
|
|
7FF5991E7000
|
unkown image
|
page readonly
|
|
|
|
7FF5570E7000
|
unkown image
|
page readonly
|
|
|
|
72FF000
|
stack
|
page read and write
|
|
|
|
9C4000
|
heap private
|
page read and write
|
|
|
|
23EB000
|
unkown image
|
page readonly
|
|
|
|
7FF55713D000
|
unkown image
|
page readonly
|
|
|
|
DB706FE000
|
stack
|
page read and write
|
|
|
|
7F0C2000
|
unkown image
|
page readonly
|
|
|
|
1BB1168D000
|
unkown
|
page read and write
|
|
|
|
7FF4FE9E4000
|
unkown image
|
page readonly
|
|
|
|
27B4000
|
unkown image
|
page readonly
|
|
|
|
1D461FBE000
|
unkown
|
page read and write
|
|
|
|
7FF4FE8E3000
|
unkown image
|
page readonly
|
|
|
|
7DF59F772000
|
unkown image
|
page readonly
|
|
|
|
4D7000
|
heap private
|
page read and write
|
|
|
|
1D4EE500000
|
unkown
|
page read and write
|
|
|
|
7FF591A23000
|
unkown image
|
page readonly
|
|
|
|
1036AD20000
|
unkown image
|
page readonly
|
|
|
|
1D461FB7000
|
unkown
|
page read and write
|
|
|
|
1D461613000
|
unkown
|
page read and write
|
|
|
|
7FF578417000
|
unkown image
|
page readonly
|
|
|
|
1D4EE43C000
|
unkown
|
page read and write
|
|
|
|
2725000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE367000
|
unkown image
|
page readonly
|
|
|
|
67E000
|
stack
|
page read and write
|
|
|
|
7FF5992C1000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown image
|
page readonly
|
|
|
|
1D4615D0000
|
unkown
|
page read and write
|
|
|
|
7FF591A5B000
|
unkown image
|
page readonly
|
|
|
|
2716000
|
unkown image
|
page readonly
|
|
|
|
1D4614B0000
|
unkown image
|
page readonly
|
|
|
|
8850BFD000
|
stack
|
page read and write
|
|
|
|
7300000
|
unkown
|
page read and write
|
|
|
|
7FF5782A1000
|
unkown image
|
page readonly
|
|
|
|
7DF50C670000
|
unkown image
|
page readonly
|
|
|
|
7DF59F790000
|
unkown image
|
page readonly
|
|
|
|
1B0000
|
unkown image
|
page readonly
|
|
|
|
7FF591A37000
|
unkown image
|
page readonly
|
|
|
|
7DF50C672000
|
unkown image
|
page readonly
|
|
|
|
27B4000
|
unkown image
|
page readonly
|
|
|
|
7DF5A6F20000
|
unkown image
|
page readonly
|
|
|
|
2A10000
|
unkown image
|
page readonly
|
|
|
|
7FF536BA2000
|
unkown image
|
page readonly
|
|
|
|
7FF536D74000
|
unkown image
|
page readonly
|
|
|
|
7DF5A6F32000
|
unkown image
|
page readonly
|
|
|
|
7DF564E40000
|
unkown image
|
page readonly
|
|
|
|
7F0D2000
|
unkown image
|
page readonly
|
|
|
|
1D461F89000
|
unkown
|
page read and write
|
|
|
|
4F5000
|
unkown
|
page read and write
|
|
|
|
7FF59923D000
|
unkown image
|
page readonly
|
|
|
|
1BB11670000
|
unkown
|
page read and write
|
|
|
|
7FF4FE7EB000
|
unkown image
|
page readonly
|
|
|
|
26EF000
|
unkown image
|
page readonly
|
|
|
|
7DF564E20000
|
unkown image
|
page readonly
|
|
|
|
1036ABE0000
|
unkown image
|
page readonly
|
|
|
|
7FF57844E000
|
unkown image
|
page readonly
|
|
|
|
7FF5782C0000
|
unkown image
|
page readonly
|
|
|
|
1D4EE350000
|
heap default
|
page read and write
|
|
|
|
1D4EE48D000
|
unkown
|
page read and write
|
|
|
|
7FF591A19000
|
unkown image
|
page readonly
|
|
|
|
33DA000
|
heap private
|
page read and write
|
|
|
|
2725000
|
unkown image
|
page readonly
|
|
|
|
512000
|
unkown
|
page read and write
|
|
|
|
2FD000
|
unkown
|
page read and write
|
|
|
|
7FF5784D4000
|
unkown image
|
page readonly
|
|
|
|
7FF5570E0000
|
unkown image
|
page readonly
|
|
|
|
7FF578403000
|
unkown image
|
page readonly
|
|
|
|
7FF5365A8000
|
unkown image
|
page readonly
|
|
|
|
2C39000
|
unkown image
|
page readonly
|
|
|
|
2A723F9000
|
stack
|
page read and write
|
|
|
|
7FF536CB3000
|
unkown image
|
page readonly
|
|
|
|
7FF591A63000
|
unkown image
|
page readonly
|
|
|
|
248DDC00000
|
unkown
|
page read and write
|
|
|
|
3400000
|
heap default
|
page read and write
|
|
|
|
7F0C0000
|
unkown image
|
page readonly
|
|
|
|
2746000
|
unkown image
|
page readonly
|
|
|
|
340A000
|
heap default
|
page read and write
|
|
|
|
19B000
|
unkown
|
page read and write
|
|
|
|
1D461657000
|
unkown
|
page read and write
|
|
|
|
1D461F62000
|
unkown
|
page read and write
|
|
|
|
6E1000
|
unkown
|
page read and write
|
|
|
|
248DDC6E000
|
unkown
|
page read and write
|
|
|
|
7FF536D91000
|
unkown image
|
page readonly
|
|
|
|
1D462402000
|
unkown
|
page read and write
|
|
|
|
6BA000
|
heap default
|
page read and write
|
|
|
|
7FF4FE90F000
|
unkown image
|
page readonly
|
|
|
|
7FF536D0D000
|
unkown image
|
page readonly
|
|
|
|
7FF5784EA000
|
unkown image
|
page readonly
|
|
|
|
7DF59F790000
|
unkown image
|
page readonly
|
|
|
|
27BB000
|
unkown image
|
page readonly
|
|
|
|
1D4EE508000
|
unkown
|
page read and write
|
|
|
|
218C7E60000
|
unkown
|
page read and write
|
|
|
|
218C7AFF000
|
unkown
|
page read and write
|
|
|
|
7FF591B01000
|
unkown image
|
page readonly
|
|
|
|
7FF591965000
|
unkown image
|
page readonly
|
|
|
|
26DE000
|
unkown image
|
page readonly
|
|
|
|
1D461B80000
|
unkown image
|
page readonly
|
|
|
|
7FF5990CF000
|
unkown image
|
page readonly
|
|
|
|
2D7BFA000
|
stack
|
page read and write
|
|
|
|
7FF578175000
|
unkown image
|
page readonly
|
|
|
|
1BB11602000
|
unkown
|
page read and write
|
|
|
|
6B0000
|
heap default
|
page read and write
|
|
|
|
248DDC2A000
|
unkown
|
page read and write
|
|
|
|
7FF5992A4000
|
unkown image
|
page readonly
|
|
|
|
515000
|
unkown
|
page read and write
|
|
|
|
2719000
|
unkown image
|
page readonly
|
|
|
|
40A0000
|
unkown
|
page read and write
|
|
|
|
7FF4FE923000
|
unkown image
|
page readonly
|
|
|
|
1BB11708000
|
unkown
|
page read and write
|
|
|
|
7FF4FEA00000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE7D0000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE80F000
|
unkown image
|
page readonly
|
|
|
|
248DE402000
|
unkown
|
page read and write
|
|
|
|
69F000
|
stack
|
page read and write
|
|
|
|
1D4EE467000
|
unkown
|
page read and write
|
|
|
|
95F1C7B000
|
stack
|
page read and write
|
|
|
|
5D0000
|
unkown
|
page read and write
|
|
|
|
7DF59F780000
|
unkown image
|
page readonly
|
|
|
|
7DF59F772000
|
unkown image
|
page readonly
|
|
|
|
620000
|
unkown
|
page read and write
|
|
|
|
1D461F89000
|
unkown
|
page read and write
|
|
|
|
7FF4FE8EE000
|
unkown image
|
page readonly
|
|
|
|
1D4EE45C000
|
unkown
|
page read and write
|
|
|
|
6D8000
|
unkown
|
page read and write
|
|
|
|
7DF586170000
|
unkown image
|
page readonly
|
|
|
|
26DE000
|
unkown image
|
page readonly
|
|
|
|
3445000
|
unkown
|
page read and write
|
|
|
|
2D08000
|
unkown image
|
page readonly
|
|
|
|
7DF50C662000
|
unkown image
|
page readonly
|
|
|
|
7DF5A6F40000
|
unkown image
|
page readonly
|
|
|
|
540000
|
heap default
|
page read and write
|
|
|
|
4DA000
|
heap default
|
page read and write
|
|
|
|
248DDD13000
|
unkown
|
page read and write
|
|
|
|
3270000
|
heap default
|
page read and write
|
|
|
|
7FF5784E1000
|
unkown image
|
page readonly
|
|
|
|
1D462402000
|
unkown
|
page read and write
|
|
|
|
1BB11560000
|
unkown image
|
page read and write
|
|
|
|
1D4EEA50000
|
unkown image
|
page readonly
|
|
|
|
7DF49D640000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE817000
|
unkown image
|
page readonly
|
|
|
|
1D461F89000
|
unkown
|
page read and write
|
|
|
|
1BB11570000
|
heap private
|
page read and write
|
|
|
|
7FF59908D000
|
unkown image
|
page readonly
|
|
|
|
2973000
|
unkown image
|
page readonly
|
|
|
|
7F0C2000
|
unkown image
|
page readonly
|
|
|
|
33A0000
|
unkown image
|
page readonly
|
|
|
|
29E000
|
unkown
|
page read and write
|
|
|
|
2C66000
|
unkown image
|
page readonly
|
|
|
|
1D4EE465000
|
unkown
|
page read and write
|
|
|
|
1BB11700000
|
unkown
|
page read and write
|
|
|
|
7FF59191F000
|
unkown image
|
page readonly
|
|
|
|
2C4F000
|
unkown image
|
page readonly
|
|
|
|
27BB000
|
unkown image
|
page readonly
|
|
|
|
1D462402000
|
unkown
|
page read and write
|
|
|
|
88503FE000
|
stack
|
page read and write
|
|
|
|
7FF578276000
|
unkown image
|
page readonly
|
|
|
|
DB709FF000
|
stack
|
page read and write
|
|
|
|
7FF536C9D000
|
unkown image
|
page readonly
|
|
|
|
1D4EE8D0000
|
unkown image
|
page readonly
|
|
|
|
1BB11C50000
|
unkown image
|
page readonly
|
|
|
|
1D4EE2E0000
|
unkown image
|
page read and write
|
|
|
|
248DDD00000
|
unkown
|
page read and write
|
|
|
|
2C6B000
|
unkown image
|
page readonly
|
|
|
|
218C7E00000
|
unkown image
|
page readonly
|
|
|
|
218C7AFF000
|
unkown
|
page read and write
|
|
|
|
7FF5918FB000
|
unkown image
|
page readonly
|
|
|
|
7FF5991E0000
|
unkown image
|
page readonly
|
|
|
|
7F0F2000
|
unkown image
|
page readonly
|
|
|
|
4FC000
|
unkown
|
page read and write
|
|
|
|
7FF536C96000
|
unkown image
|
page readonly
|
|
|
|
1D461F9C000
|
unkown
|
page read and write
|
|
|
|
7F0E0000
|
unkown image
|
page readonly
|
|
|
|
7F0D2000
|
unkown image
|
page readonly
|
|
|
|
7FF536B2A000
|
unkown image
|
page readonly
|
|
|
|
7FF536D7A000
|
unkown image
|
page readonly
|
|
|
|
732687E000
|
stack
|
page read and write
|
|
|
|
218C8900000
|
unkown
|
page read and write
|
|
|
|
7F0F2000
|
unkown image
|
page readonly
|
|
|
|
1D4EE502000
|
unkown
|
page read and write
|
|
|
|
218C7E20000
|
unkown
|
page read and write
|
|
|
|
4E0000
|
unkown image
|
page readonly
|
|
|
|
885067D000
|
stack
|
page read and write
|
|
|
|
1D461655000
|
unkown
|
page read and write
|
|
|
|
1D461F4E000
|
unkown
|
page read and write
|
|
|
|
2C5D000
|
unkown image
|
page readonly
|
|
|
|
7F0E0000
|
unkown image
|
page readonly
|
|
|
|
2B2C000
|
unkown image
|
page readonly
|
|
|
|
1D461F6A000
|
unkown
|
page read and write
|
|
|
|
7FF591A8D000
|
unkown image
|
page readonly
|
|
|
|
27AB000
|
unkown image
|
page readonly
|
|
|
|
1D461CF0000
|
unkown
|
page read and write
|
|
|
|
1D4EE46A000
|
unkown
|
page read and write
|
|
|
|
1D461F9C000
|
unkown
|
page read and write
|
|
|
|
1D4EE360000
|
unkown image
|
page readonly
|
|
|
|
1E0000
|
unkown image
|
page readonly
|
|
|
|
1D461F9E000
|
unkown
|
page read and write
|
|
|
|
248DDBB0000
|
unkown
|
page read and write
|
|
|
|
7FF5784C2000
|
unkown image
|
page readonly
|
|
|
|
1D462500000
|
unkown
|
page read and write
|
|
|
|
1D461F81000
|
unkown
|
page read and write
|
|
|
|
7FF5571A4000
|
unkown image
|
page readonly
|
|
|
|
2719000
|
unkown image
|
page readonly
|
|
|
|
2D08000
|
unkown image
|
page readonly
|
|
|
|
7DF50C680000
|
unkown image
|
page readonly
|
|
|
|
7FF591A87000
|
unkown image
|
page readonly
|
|
|
|
7FF591AE2000
|
unkown image
|
page readonly
|
|
|
|
7F0D0000
|
unkown image
|
page readonly
|
|
|
|
7FF55713A000
|
unkown image
|
page readonly
|
|
|
|
6570000
|
unkown image
|
page readonly
|
|
|
|
3210000
|
unkown image
|
page readonly
|
|
|
|
1D462563000
|
unkown
|
page read and write
|
|
|
|
7DF50C680000
|
unkown image
|
page readonly
|
|
|
|
7DF59F780000
|
unkown image
|
page readonly
|
|
|
|
1036ADD9000
|
unkown
|
page read and write
|
|
|
|
7F100000
|
unkown image
|
page readonly
|
|
|
|
4D20000
|
heap private
|
page read and write
|
|
|
|
1B0000
|
unkown image
|
page readonly
|
|
|
|
7FAA0000
|
unkown image
|
page readonly
|
|
|
|
7FA92000
|
unkown image
|
page readonly
|
|
|
|
27D6000
|
unkown image
|
page readonly
|
|
|
|
248DDC7C000
|
unkown
|
page read and write
|
|
|
|
1D462402000
|
unkown
|
page read and write
|
|
|
|
3380000
|
unkown
|
page read and write
|
|
|
|
95F1AFE000
|
stack
|
page read and write
|
|
|
|
4F8000
|
unkown
|
page read and write
|
|
|
|
1D461FAA000
|
unkown
|
page read and write
|
|
|
|
7326BF7000
|
stack
|
page read and write
|
|
|
|
7F102000
|
unkown image
|
page readonly
|
|
|
|
7FF5784F1000
|
unkown image
|
page readonly
|
|
|
|
33B0000
|
unkown
|
page read and write
|
|
|
|
7FF4FE9D2000
|
unkown image
|
page readonly
|
|
|
|
3428000
|
unkown
|
page read and write
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
5740000
|
unkown image
|
page readonly
|
|
|
|
7FF591A6E000
|
unkown image
|
page readonly
|
|
|
|
4CDE000
|
stack
|
page read and write
|
|
|
|
2C2A000
|
unkown image
|
page readonly
|
|
|
|
7FF59894C000
|
unkown image
|
page readonly
|
|
|
|
7FF59197C000
|
unkown image
|
page readonly
|
|
|
|
7DF4A4DF0000
|
unkown image
|
page readonly
|
|
|
|
7FF536CB0000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown image
|
page read and write
|
|
|
|
7FA80000
|
unkown image
|
page readonly
|
|
|
|
7FF599145000
|
unkown image
|
page readonly
|
|
|
|
1D461600000
|
unkown
|
page read and write
|
|
|
|
7DF586162000
|
unkown image
|
page readonly
|
|
|
|
7FF599046000
|
unkown image
|
page readonly
|
|
|
|
7DF564E20000
|
unkown image
|
page readonly
|
|
|
|
7FF57843B000
|
unkown image
|
page readonly
|
|
|
|
1D461670000
|
unkown
|
page read and write
|
|
|
|
2453000
|
unkown image
|
page readonly
|
|
|
|
7F0F0000
|
unkown image
|
page readonly
|
|
|
|
2746000
|
unkown image
|
page readonly
|
|
|
|
3700000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE855000
|
unkown image
|
page readonly
|
|
|
|
DB707F7000
|
stack
|
page read and write
|
|
|
|
7250000
|
unkown
|
page read and write
|
|
|
|
218C8920000
|
unkown
|
page read and write
|
|
|
|
1D0000
|
unkown image
|
page readonly
|
|
|
|
1036ADEF000
|
unkown
|
page read and write
|
|
|
|
1D461F6F000
|
unkown
|
page read and write
|
|
|
|
7FF536533000
|
unkown image
|
page readonly
|
|
|
|
73E0000
|
unkown
|
page read and write
|
|
|
|
7FF536D0A000
|
unkown image
|
page readonly
|
|
|
|
2AF3000
|
unkown image
|
page readonly
|
|
|
|
7FF578467000
|
unkown image
|
page readonly
|
|
|
|
33D0000
|
heap private
|
page read and write
|
|
|
|
7DF544A10000
|
unkown image
|
page readonly
|
|
|
|
1D461FAA000
|
unkown
|
page read and write
|
|
|
|
260C000
|
unkown image
|
page readonly
|
|
|
|
8170000
|
unkown
|
page read and write
|
|
|
|
7FA80000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE95E000
|
unkown image
|
page readonly
|
|
|
|
7FF536CEE000
|
unkown image
|
page readonly
|
|
|
|
7DF586160000
|
unkown image
|
page readonly
|
|
|
|
1D46163C000
|
unkown
|
page read and write
|
|
|
|
1D461F7F000
|
unkown
|
page read and write
|
|
|
|
573E000
|
stack
|
page read and write
|
|
|
|
7FF577D06000
|
unkown image
|
page readonly
|
|
|
|
1D4615B0000
|
unkown image
|
page readonly
|
|
|
|
7DF50C660000
|
unkown image
|
page readonly
|
|
|
|
1D461FB1000
|
unkown
|
page read and write
|
|
|
|
248DDC4A000
|
unkown
|
page read and write
|
|
|
|
7FF591995000
|
unkown image
|
page readonly
|
|
|
|
1D4EE513000
|
unkown
|
page read and write
|
|
|
|
1D4616F9000
|
unkown
|
page read and write
|
|
|
|
1D46164F000
|
unkown
|
page read and write
|
|
|
|
1BB11AD0000
|
unkown image
|
page readonly
|
|
|
|
47B000
|
unkown
|
page read and write
|
|
|
|
7FF5569F9000
|
unkown image
|
page readonly
|
|
|
|
1D4616DF000
|
unkown
|
page read and write
|
|
|
|
7FF5570CD000
|
unkown image
|
page readonly
|
|
|
|
7FF536C9F000
|
unkown image
|
page readonly
|
|
|
|
218C79F0000
|
unkown image
|
page readonly
|
|
|
|
7DF5A6F30000
|
unkown image
|
page readonly
|
|
|
|
7FF557199000
|
unkown image
|
page readonly
|
|
|
|
218C8910000
|
unkown
|
page readonly
|
|
|
|
7FF4FE9F1000
|
unkown image
|
page readonly
|
|
|
|
7FF5782DB000
|
unkown image
|
page readonly
|
|
|
|
1BB1162A000
|
unkown
|
page read and write
|
|
|
|
7FF5784DA000
|
unkown image
|
page readonly
|
|
|
|
7FF57846D000
|
unkown image
|
page readonly
|
|
|
|
260C000
|
unkown image
|
page readonly
|
|
|
|
218C7AFF000
|
unkown
|
page read and write
|
|
|
|
7DF544A00000
|
unkown image
|
page readonly
|
|
|
|
7326AFA000
|
stack
|
page read and write
|
|
|
|
7FF4FE8DA000
|
unkown image
|
page readonly
|
|
|
|
1D46246A000
|
unkown
|
page read and write
|
|
|
|
1D46246A000
|
unkown
|
page read and write
|
|
|
|
218C7A00000
|
unkown image
|
page readonly
|
|
|
|
7FF5992C1000
|
unkown image
|
page readonly
|
|
|
|
1D4EE469000
|
unkown
|
page read and write
|
|
|
|
7FF4FE75F000
|
unkown image
|
page readonly
|
|
|
|
273D000
|
unkown image
|
page readonly
|
|
|
|
33F0000
|
unkown
|
page read and write
|
|
|
|
1BB11613000
|
unkown
|
page read and write
|
|
|
|
2FFB000
|
unkown
|
page read and write
|
|
|
|
1D4EE461000
|
unkown
|
page read and write
|
|
|
|
2A10000
|
unkown image
|
page readonly
|
|
|
|
7FF599299000
|
unkown image
|
page readonly
|
|
|
|
1BB115D0000
|
heap default
|
page read and write
|
|
|
|
218C79D0000
|
unkown image
|
page readonly
|
|
|
|
1D4616D6000
|
unkown
|
page read and write
|
|
|
|
1D461F90000
|
unkown
|
page read and write
|
|
|
|
3425000
|
unkown
|
page read and write
|
|
|
|
512000
|
unkown
|
page read and write
|
|
|
|
7326EF8000
|
stack
|
page read and write
|
|
|
|
1D4616A8000
|
unkown
|
page read and write
|
|
|
|
2BFE000
|
unkown image
|
page readonly
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
218C86D0000
|
unkown
|
page read and write
|
|
|
|
1036ADC6000
|
unkown
|
page read and write
|
|
|
|
1BB11702000
|
unkown
|
page read and write
|
|
|
|
248DDC50000
|
unkown
|
page read and write
|
|
|
|
1D461FAA000
|
unkown
|
page read and write
|
|
|
|
7FF557192000
|
unkown image
|
page readonly
|
|
|
|
1036AD30000
|
unkown image
|
page readonly
|
|
|
|
27CB000
|
unkown image
|
page readonly
|
|
|
|
7FF598952000
|
unkown image
|
page readonly
|
|
|
|
248DDC4E000
|
unkown
|
page read and write
|
|
|
|
7FF4FE746000
|
unkown image
|
page readonly
|
|
|
|
29A000
|
unkown
|
page read and write
|
|
|
|
43B000
|
unkown
|
page read and write
|
|
|
|
7FF4FE885000
|
unkown image
|
page readonly
|
|
|
|
1BB11600000
|
unkown
|
page read and write
|
|
|
|
7FF578375000
|
unkown image
|
page readonly
|
|
|
|
218C7E55000
|
heap private
|
page read and write
|
|
|
|
3880000
|
unkown image
|
page readonly
|
|
|
|
7FF5915F7000
|
unkown image
|
page readonly
|
|
|
|
1D461480000
|
unkown image
|
page readonly
|
|
|
|
1D4616C5000
|
unkown
|
page read and write
|
|
|
|
1D462502000
|
unkown
|
page read and write
|
|
|
|
1D461FB0000
|
unkown
|
page read and write
|
|
|
|
7DF4428C0000
|
unkown image
|
page readonly
|
|
|
|
7FF5569FC000
|
unkown image
|
page readonly
|
|
|
|
1D4616BE000
|
unkown
|
page read and write
|
|
|
|
27DC000
|
unkown image
|
page readonly
|
|
|
|
33D7000
|
heap private
|
page read and write
|
|
|
|
7DF50C672000
|
unkown image
|
page readonly
|
|
|
|
1BB11580000
|
unkown image
|
page readonly
|
|
|
|
27E3000
|
unkown image
|
page readonly
|
|
|
|
1D461F81000
|
unkown
|
page read and write
|
|
|
|
6F5000
|
unkown
|
page read and write
|
|
|
|
1D461800000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
7FF5991E3000
|
unkown image
|
page readonly
|
|
|
|
7FF591B0A000
|
unkown image
|
page readonly
|
|
|
|
7FF5991EE000
|
unkown image
|
page readonly
|
|
|
|
248DDA80000
|
unkown image
|
page readonly
|
|
|
|
7FF5570D3000
|
unkown image
|
page readonly
|
|
|
|
4D0000
|
heap default
|
page read and write
|
|
|
|
2615000
|
unkown image
|
page readonly
|
|
|
|
2CCB000
|
unkown image
|
page readonly
|
|
|
|
1D462402000
|
unkown
|
page read and write
|
|
|
|
2CDB000
|
unkown image
|
page readonly
|
|
|
|
1D46168B000
|
unkown
|
page read and write
|
|
|
|
803D000
|
stack
|
page read and write
|
|
|
|
7FF4FE953000
|
unkown image
|
page readonly
|
|
|
|
680000
|
unkown image
|
page readonly
|
|
|
|
7DF5A6F32000
|
unkown image
|
page readonly
|
|
|
|
23EB000
|
unkown image
|
page readonly
|
|
|
|
7FF536D85000
|
unkown image
|
page readonly
|
|
|
|
7FF536CDB000
|
unkown image
|
page readonly
|
|
|
|
7FF5570E3000
|
unkown image
|
page readonly
|
|
|
|
7FF5991D3000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE8DE000
|
unkown image
|
page readonly
|
|
|
|
7FF5571C1000
|
unkown image
|
page readonly
|
|
|
|
7FF591AF4000
|
unkown image
|
page readonly
|
|
|
|
7DF5A6F22000
|
unkown image
|
page readonly
|
|
|
|
27C1000
|
unkown image
|
page readonly
|
|
|
|
7FF53661E000
|
unkown image
|
page readonly
|
|
|
|
7FF591A47000
|
unkown image
|
page readonly
|
|
|
|
7FF599237000
|
unkown image
|
page readonly
|
|
|
|
1D461F13000
|
unkown
|
page read and write
|
|
|
|
73269FC000
|
stack
|
page read and write
|
|
|
|
1D4616A1000
|
unkown
|
page read and write
|
|
|
|
7FF4FE913000
|
unkown image
|
page readonly
|
|
|
|
7FF5991C9000
|
unkown image
|
page readonly
|
|
|
|
1D462563000
|
unkown
|
page read and write
|
|
|
|
2701000
|
unkown image
|
page readonly
|
|
|
|
DB701EE000
|
stack
|
page read and write
|
|
|
|
2A7217D000
|
stack
|
page read and write
|
|
|
|
7FF5991CD000
|
unkown image
|
page readonly
|
|
|
|
1036ABC0000
|
unkown image
|
page readonly
|
|
|
|
1D461F6F000
|
unkown
|
page read and write
|
|
|
|
7FF577B7C000
|
unkown image
|
page readonly
|
|
|
|
6D5000
|
unkown
|
page read and write
|
|
|
|
1036ADE0000
|
unkown
|
page read and write
|
|
|
|
724F000
|
stack
|
page read and write
|
|
|
|
2C4B000
|
unkown image
|
page readonly
|
|
|
|
7FF591AFA000
|
unkown image
|
page readonly
|
|
|
|
7DF40A530000
|
unkown image
|
page readonly
|
|
|
|
7FF5991B7000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE70B000
|
unkown image
|
page readonly
|
|
|
|
270A000
|
unkown image
|
page readonly
|
|
|
|
7FF5911A2000
|
unkown image
|
page readonly
|
|
|
|
7FF536D8A000
|
unkown image
|
page readonly
|
|
|
|
1D4EE468000
|
unkown
|
page read and write
|
|
|
|
7FF536960000
|
unkown image
|
page readonly
|
|
|
|
2F60000
|
unkown image
|
page readonly
|
|
|
|
248DDC8A000
|
unkown
|
page read and write
|
|
|
|
9FE000
|
stack
|
page read and write
|
|
|
|
7FF4FE092000
|
unkown image
|
page readonly
|
|
|
|
6D3000
|
heap default
|
page read and write
|
|
|
|
27AB000
|
unkown image
|
page readonly
|
|
|
|
7FF5365AA000
|
unkown image
|
page readonly
|
|
|
|
7FF599141000
|
unkown image
|
page readonly
|
|
|
|
DB7047D000
|
stack
|
page read and write
|
|
|
|
1D461716000
|
unkown
|
page read and write
|
|
|
|
1D4EE330000
|
unkown image
|
page readonly
|
|
|
|
1D461480000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE744000
|
unkown image
|
page readonly
|
|
|
|
8080000
|
unkown
|
page read and write
|
|
|
|
1D46164D000
|
unkown
|
page read and write
|
|
|
|
7FF536619000
|
unkown image
|
page readonly
|
|
|
|
7DF544A02000
|
unkown image
|
page readonly
|
|
|
|
7FF578371000
|
unkown image
|
page readonly
|
|
|
|
1D4616AC000
|
unkown
|
page read and write
|
|
|
|
7FF5992AA000
|
unkown image
|
page readonly
|
|
|
|
290B000
|
unkown image
|
page readonly
|
|
|
|
1036ADD8000
|
unkown
|
page read and write
|
|
|
|
218C79B0000
|
unkown image
|
page read and write
|
|
|
|
7FF578413000
|
unkown image
|
page readonly
|
|
|
|
2B35000
|
unkown image
|
page readonly
|
|
|
|
95F1E77000
|
stack
|
page read and write
|
|
|
|
1036ADE0000
|
unkown
|
page read and write
|
|
|
|
7FF591991000
|
unkown image
|
page readonly
|
|
|
|
272F000
|
unkown image
|
page readonly
|
|
|
|
1D462421000
|
unkown
|
page read and write
|
|
|
|
8850AFF000
|
stack
|
page read and write
|
|
|
|
2CD4000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE9EA000
|
unkown image
|
page readonly
|
|
|
|
1D461F9C000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
heap private
|
page read and write
|
|
|
|
1D46164C000
|
unkown
|
page read and write
|
|
|
|
1D461702000
|
unkown
|
page read and write
|
|
|
|
7FF578427000
|
unkown image
|
page readonly
|
|
|
|
2A721FE000
|
stack
|
page read and write
|
|
|
|
1036ADF0000
|
unkown
|
page read and write
|
|
|
|
7FF598F45000
|
unkown image
|
page readonly
|
|
|
|
4F3000
|
heap default
|
page read and write
|
|
|
|
2C0F000
|
unkown image
|
page readonly
|
|
|
|
2CEB000
|
unkown image
|
page readonly
|
|
|
|
218C7AB7000
|
heap default
|
page read and write
|
|
|
|
6D8000
|
unkown
|
page read and write
|
|
|
|
7FF59921E000
|
unkown image
|
page readonly
|
|
|
|
7FF598DA1000
|
unkown image
|
page readonly
|
|
|
|
248DDA60000
|
unkown image
|
page readonly
|
|
|
|
7FF5571B1000
|
unkown image
|
page readonly
|
|
|
|
7FAA0000
|
unkown image
|
page readonly
|
|
|
|
15B000
|
unkown
|
page read and write
|
|
|
|
7FF536D91000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE9D9000
|
unkown image
|
page readonly
|
|
|
|
4B0000
|
unkown
|
page read and write
|
|
|
|
7FF599090000
|
unkown image
|
page readonly
|
|
|
|
2C45000
|
unkown image
|
page readonly
|
|
|
|
1D4EE413000
|
unkown
|
page read and write
|
|
|
|
218C7E10000
|
unkown
|
page read and write
|
|
|
|
4D24000
|
heap private
|
page read and write
|
|
|
|
7FF4FE97A000
|
unkown image
|
page readonly
|
|
|
|
7FF577B82000
|
unkown image
|
page readonly
|
|
|
|
7DF462CF0000
|
unkown image
|
page readonly
|
|
|
|
1D461D00000
|
unkown image
|
page read and write
|
|
|
|
1036AD85000
|
heap private
|
page read and write
|
|
|
|
7326DFF000
|
stack
|
page read and write
|
|
|
|
1D4614A0000
|
unkown image
|
page readonly
|
|
|
|
248DE180000
|
unkown image
|
page readonly
|
|
|
|
1BB1167B000
|
unkown
|
page read and write
|
|
|
|
218C7E30000
|
unkown
|
page read and write
|
|
|
|
DB7067B000
|
stack
|
page read and write
|
|
|
|
7FF5783E7000
|
unkown image
|
page readonly
|
|
|
|
7FF57834B000
|
unkown image
|
page readonly
|
|
|
|
2D7AFF000
|
stack
|
page read and write
|
|
|
|
27E8000
|
unkown image
|
page readonly
|
|
|
|
218C7C80000
|
unkown image
|
page readonly
|
|
|
|
807E000
|
stack
|
page read and write
|
|
|
|
27AF000
|
unkown image
|
page readonly
|
|
|
|
1D461708000
|
unkown
|
page read and write
|
|
|
|
95F1B7D000
|
stack
|
page read and write
|
|
|
|
7FF4FE8B1000
|
unkown image
|
page readonly
|
|
|
|
7F110000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7F102000
|
unkown image
|
page readonly
|
|
|
|
218C8980000
|
unkown
|
page read and write
|
|
|
|
7DF564E40000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE881000
|
unkown image
|
page readonly
|
|
|
|
2CF6000
|
unkown image
|
page readonly
|
|
|
|
690000
|
heap private
|
page read and write
|
|
|
|
2FBA000
|
unkown
|
page read and write
|
|
|
|
3431000
|
unkown
|
page read and write
|
|
|
|
7DF59F782000
|
unkown image
|
page readonly
|
|
|
|
7FF4FEA01000
|
unkown image
|
page readonly
|
|
|
|
6D0000
|
unkown
|
page read and write
|
|
|
|
2A7207C000
|
unkown
|
page read and write
|
|
|
|
520000
|
unkown image
|
page readonly
|
|
|
|
248DDB90000
|
unkown image
|
page readonly
|
|
|
|
1D46164B000
|
unkown
|
page read and write
|
|
|
|
7FF59911B000
|
unkown image
|
page readonly
|
|
|
|
218C7A40000
|
unkown
|
page read and write
|
|
|
|
218C7AF7000
|
unkown
|
page read and write
|
|
|
|
7FF578345000
|
unkown image
|
page readonly
|
|
|
|
27DC000
|
unkown image
|
page readonly
|
|
|
|
8850A7E000
|
stack
|
page read and write
|
|
|
|
7FF591A1D000
|
unkown image
|
page readonly
|
|
|
|
1133000
|
unkown image
|
page readonly
|
|
|
|
7DF5449F0000
|
unkown image
|
page readonly
|
|
|
|
1D4615F0000
|
unkown image
|
page readonly
|
|
|
|
1036AD80000
|
heap private
|
page read and write
|
|
|
|
1BB1163C000
|
unkown
|
page read and write
|
|
|
|
7FF4FE569000
|
unkown image
|
page readonly
|
|
|
|
7DF5A6F22000
|
unkown image
|
page readonly
|
|
|
|
501000
|
unkown
|
page read and write
|
|
|
|
7FF5918E0000
|
unkown image
|
page readonly
|
|
|
|
7DF5A6F20000
|
unkown image
|
page readonly
|
|
|
|
7326F7F000
|
stack
|
page read and write
|
|
|
|
7FF5918C1000
|
unkown image
|
page readonly
|
|
|
|
3500000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE97D000
|
unkown image
|
page readonly
|
|
|
|
1BB115E0000
|
unkown image
|
page readonly
|
|
|
|
73268FE000
|
stack
|
page read and write
|
|
|
|
2706000
|
unkown image
|
page readonly
|
|
|
|
7FF577FD7000
|
unkown image
|
page readonly
|
|
|
|
732707A000
|
stack
|
page read and write
|
|
|
|
2D7C7E000
|
stack
|
page read and write
|
|
|
|
2B90000
|
unkown image
|
page readonly
|
|
|
|
1036ADC1000
|
unkown
|
page read and write
|
|
|
|
7FF4FE812000
|
unkown image
|
page readonly
|
|
|
|
3428000
|
unkown
|
page read and write
|
|
|
|
248DDA90000
|
unkown image
|
page readonly
|
|
|
|
248DDD08000
|
unkown
|
page read and write
|
|
|
|
270A000
|
unkown image
|
page readonly
|
|
|
|
248DDA60000
|
unkown image
|
page readonly
|
|
|
|
272F000
|
unkown image
|
page readonly
|
|
|
|
2D03000
|
unkown image
|
page readonly
|
|
|
|
2D77BA000
|
unkown
|
page read and write
|
|
|
|
1D461F81000
|
unkown
|
page read and write
|
|
|
|
7DF544A10000
|
unkown image
|
page readonly
|
|
|
|
1D4EE446000
|
unkown
|
page read and write
|
|
|
|
1D462402000
|
unkown
|
page read and write
|
|
|
|
1BB11655000
|
unkown
|
page read and write
|
|
|
|
720E000
|
stack
|
page read and write
|
|
|
|
7DF50C662000
|
unkown image
|
page readonly
|
|
|
|
7DF5A6F40000
|
unkown image
|
page readonly
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
7FF4FE765000
|
unkown image
|
page readonly
|
|
|
|
7FF557113000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE8C2000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE85B000
|
unkown image
|
page readonly
|
|
|
|
7FF5918DD000
|
unkown image
|
page readonly
|
|
|
|
2D7A7E000
|
stack
|
page read and write
|
|
|
|
7DF59F770000
|
unkown image
|
page readonly
|
|
|
|
2CCF000
|
unkown image
|
page readonly
|
|
|
|
1D461FCE000
|
unkown
|
page read and write
|
|
|
|
7DF586152000
|
unkown image
|
page readonly
|
|
|
|
1D461F6D000
|
unkown
|
page read and write
|
|
|
|
7DF564E30000
|
unkown image
|
page readonly
|
|
|
|
6A0000
|
unkown image
|
page readonly
|
|
|
|
1D4EE45B000
|
unkown
|
page read and write
|
|
|
|
1D461FB0000
|
unkown
|
page read and write
|
|
|
|
2B90000
|
unkown image
|
page readonly
|
|
|
|
1D4614D0000
|
heap default
|
page read and write
|
|
|
|
25C7000
|
unkown image
|
page readonly
|
|
|
|
7FF591A30000
|
unkown image
|
page readonly
|
|
|
|
2C26000
|
unkown image
|
page readonly
|
|
|
|
1036ACF0000
|
unkown
|
page read and write
|
|
|
|
1D4EE460000
|
unkown
|
page read and write
|
|
|
|
7FF577FD1000
|
unkown image
|
page readonly
|
|
|
|
7FF5571BA000
|
unkown image
|
page readonly
|
|
|
|
2760000
|
unkown image
|
page readonly
|
|
|
|
7DF544A02000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE909000
|
unkown image
|
page readonly
|
|
|
|
7FF5782FF000
|
unkown image
|
page readonly
|
|
|
|
7DF5449F2000
|
unkown image
|
page readonly
|
|
|
|
1D461FAA000
|
unkown
|
page read and write
|
|
|
|
2F60000
|
unkown image
|
page readonly
|
|
|
|
1D461658000
|
unkown
|
page read and write
|
|
|
|
272B000
|
unkown image
|
page readonly
|
|
|
|
27E8000
|
unkown image
|
page readonly
|
|
|
|
7FF55710B000
|
unkown image
|
page readonly
|
|
|
|
7FF5783FD000
|
unkown image
|
page readonly
|
|
|
|
7FF599115000
|
unkown image
|
page readonly
|
|
|
|
2D7CFF000
|
stack
|
page read and write
|
|
|
|
95F1A7B000
|
unkown
|
page read and write
|
|
|
|
7FF55711E000
|
unkown image
|
page readonly
|
|
|
|
1036B230000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page read and write
|
|
|
|
248DDC13000
|
unkown
|
page read and write
|
|
|
|
3200000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE36B000
|
unkown image
|
page readonly
|
|
|
|
7DF5449F2000
|
unkown image
|
page readonly
|
|
|
|
2A7237F000
|
stack
|
page read and write
|
|
|
|
7EFF0000
|
unkown image
|
page readonly
|
|
|
|
7326CF7000
|
stack
|
page read and write
|
|
|
|
248DDA50000
|
heap private
|
page read and write
|
|
|
|
2701000
|
unkown image
|
page readonly
|
|
|
|
7DF564E30000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE567000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE7B9000
|
unkown image
|
page readonly
|
|
|
|
1D461460000
|
unkown image
|
page read and write
|
|
|
|
7FF5915F1000
|
unkown image
|
page readonly
|
|
|
|
3117000
|
unkown
|
page read and write
|
|
|
|
7FF5784F1000
|
unkown image
|
page readonly
|
|
|
|
7DF586170000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE685000
|
unkown image
|
page readonly
|
|
|
|
3420000
|
unkown
|
page read and write
|
|
|
|
218C8930000
|
unkown
|
page read and write
|
|
|
|
7FF59920B000
|
unkown image
|
page readonly
|
|
|
|
7FF536D69000
|
unkown image
|
page readonly
|
|
|
|
218C8270000
|
unkown image
|
page readonly
|
|
|
|
273D000
|
unkown image
|
page readonly
|
|
|
|
7FA92000
|
unkown image
|
page readonly
|
|
|
|
1036AEB0000
|
unkown image
|
page readonly
|
|
|
|
7FF5990AB000
|
unkown image
|
page readonly
|
|
|
|
1D461FA8000
|
unkown
|
page read and write
|
|
|
|
7FF5782BD000
|
unkown image
|
page readonly
|
|
|
|
1BB118D0000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE7CD000
|
unkown image
|
page readonly
|
|
|
|
1D461E02000
|
unkown
|
page read and write
|
|
|
|
1D461F19000
|
unkown
|
page read and write
|
|
|
|
7FF59196B000
|
unkown image
|
page readonly
|
|
|
|
4DA000
|
heap private
|
page read and write
|
|
|
|
1D461F62000
|
unkown
|
page read and write
|
|
|
|
7FA90000
|
unkown image
|
page readonly
|
|
|
|
7FF591A07000
|
unkown image
|
page readonly
|
|
|
|
218C8070000
|
unkown image
|
page readonly
|
|
|
|
1D462402000
|
unkown
|
page read and write
|
|
|
|
7FF4FE751000
|
unkown image
|
page readonly
|
|
|
|
1BB115A0000
|
unkown image
|
page readonly
|
|
|
|
7FF591795000
|
unkown image
|
page readonly
|
|
|
|
1D462403000
|
unkown
|
page read and write
|
|
|
|
7FF5992BA000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE920000
|
unkown image
|
page readonly
|
|
|
|
7FF536CA6000
|
unkown image
|
page readonly
|
|
|
|
1D4EE424000
|
unkown
|
page read and write
|
|
|
|
1D4616B2000
|
unkown
|
page read and write
|
|
|
|
7327179000
|
stack
|
page read and write
|
|
|
|
2760000
|
unkown image
|
page readonly
|
|
|
|
40D4000
|
heap private
|
page read and write
|
|
|
|
248DDD02000
|
unkown
|
page read and write
|
|
|
|
7FF5991F7000
|
unkown image
|
page readonly
|
|
|
|
7FF591A3E000
|
unkown image
|
page readonly
|
|
|
|
885077B000
|
stack
|
page read and write
|
|
|
|
7F0C0000
|
unkown image
|
page readonly
|
|
|
|
1D461629000
|
unkown
|
page read and write
|
|
|
|
2C36000
|
unkown image
|
page readonly
|
|
|
|
2F50000
|
unkown image
|
page read and write
|
|
|
|
1036ABA0000
|
unkown image
|
page read and write
|
|
|
|
7DF484020000
|
unkown image
|
page readonly
|
|
|
|
512000
|
unkown
|
page read and write
|
|
|
|
7FF5784C9000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE239000
|
unkown image
|
page readonly
|
|
|
|
7FF5570EE000
|
unkown image
|
page readonly
|
|
|
|
1D461FAA000
|
unkown
|
page read and write
|
|
|
|
25D3000
|
unkown image
|
page readonly
|
|
|
|
65E000
|
stack
|
page read and write
|
|
|
|
73265CB000
|
unkown
|
page read and write
|
|
|
|
7FF591A33000
|
unkown image
|
page readonly
|
|
|
|
990000
|
unkown
|
page read and write
|
|
|
|
7FF4FE6D2000
|
unkown image
|
page readonly
|
|
|
|
2CFC000
|
unkown image
|
page readonly
|
|
|
|
1D461FAC000
|
unkown
|
page read and write
|
|
|
|
7F100000
|
unkown image
|
page readonly
|
|
|
|
2CE1000
|
unkown image
|
page readonly
|
|
|
|
1D4EE45A000
|
unkown
|
page read and write
|
|
|
|
1D461C80000
|
unkown image
|
page write copy
|
|
|
|
25D3000
|
unkown image
|
page readonly
|
|
|
|
1D461F00000
|
unkown
|
page read and write
|
|
|
|
7FF59923A000
|
unkown image
|
page readonly
|
|
|
|
7FF598DA7000
|
unkown image
|
page readonly
|
|
|
|
27E8000
|
unkown image
|
page readonly
|
|
|
|
5830000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE786000
|
unkown image
|
page readonly
|
|
|
|
248DDA40000
|
unkown image
|
page read and write
|
|
|
|
7DF586160000
|
unkown image
|
page readonly
|
|
|
|
7DF586162000
|
unkown image
|
page readonly
|
|
|
|
7FF591AE9000
|
unkown image
|
page readonly
|
|
|
|
1D461A00000
|
unkown image
|
page readonly
|
|
|
|
7FF536D62000
|
unkown image
|
page readonly
|
|
|
|
7DF544A00000
|
unkown image
|
page readonly
|
|
|
|
7FF5571AA000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE37C000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE90D000
|
unkown image
|
page readonly
|
|
|
|
7FF536BA7000
|
unkown image
|
page readonly
|
|
|
|
248DE000000
|
unkown image
|
page readonly
|
|
|
|
1D461713000
|
unkown
|
page read and write
|
|
|
|
7DF564E32000
|
unkown image
|
page readonly
|
|
|
|
7FF536CA3000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE4E1000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE23C000
|
unkown image
|
page readonly
|
|
|
|
2D7B79000
|
stack
|
page read and write
|
|
|
|
1D462402000
|
unkown
|
page read and write
|
|
|
|
1D4EE380000
|
unkown
|
page read and write
|
|
|
|
7FF4FE5D7000
|
unkown image
|
page readonly
|
|
|
|
7DF59F770000
|
unkown image
|
page readonly
|
|
|
|
7DF5449F0000
|
unkown image
|
page readonly
|
|
|
|
7DF564E32000
|
unkown image
|
page readonly
|
|
|
|
1BB115B0000
|
unkown image
|
page readonly
|
|
|
|
7FF57835C000
|
unkown image
|
page readonly
|
|
|
|
530000
|
unkown
|
page read and write
|
|
|
|
8850977000
|
stack
|
page read and write
|
|
|
|
4D1E000
|
stack
|
page read and write
|
|
|
|
1D4EE45E000
|
unkown
|
page read and write
|
|
|
|
2453000
|
unkown image
|
page readonly
|
|
|
|
DB7016B000
|
unkown
|
page read and write
|
|
|
|
DB7057B000
|
stack
|
page read and write
|
|
|
|
1D46165A000
|
unkown
|
page read and write
|
|
|
|
1D461F62000
|
unkown
|
page read and write
|
|
|
|
1D461F8B000
|
unkown
|
page read and write
|
|
|
|
69A000
|
heap private
|
page read and write
|
|
|
|
27C1000
|
unkown image
|
page readonly
|
|
|
|
7FF5783F9000
|
unkown image
|
page readonly
|
|
|
|
1D4EE489000
|
unkown
|
page read and write
|
|
|
|
1BB11D30000
|
unkown
|
page read and write
|
|
|
|
8850CFE000
|
stack
|
page read and write
|
|
|
|
7FF4FE4E7000
|
unkown image
|
page readonly
|
|
|
|
1D462502000
|
unkown
|
page read and write
|
|
|
|
4F0000
|
unkown
|
page read and write
|
|
|
|
7F0F0000
|
unkown image
|
page readonly
|
|
|
|
7F110000
|
unkown image
|
page readonly
|
|
|
|
1036ACD0000
|
unkown
|
page read and write
|
|
|
|
27AF000
|
unkown image
|
page readonly
|
|
|
|
1BB11713000
|
unkown
|
page read and write
|
|
|
|
7FF599071000
|
unkown image
|
page readonly
|
|
|
|
40D0000
|
heap private
|
page read and write
|
|
|
|
7DF5A6F30000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE7B5000
|
unkown image
|
page readonly
|
|
|
|
1D4EE6D0000
|
unkown image
|
page readonly
|
|
|
|
342C000
|
unkown
|
page read and write
|
|
|
|
7FF5992B1000
|
unkown image
|
page readonly
|
|
|
|
27E8000
|
unkown image
|
page readonly
|
|
|
|
218C7A20000
|
unkown
|
page read and write
|
|
|
|
7FA82000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE6C7000
|
unkown image
|
page readonly
|
|
|
|
95F1F7F000
|
stack
|
page read and write
|
|
|
|
7FF522CA1000
|
unkown image
|
page readonly
|
|
|
|
7DF564E22000
|
unkown image
|
page readonly
|
|
|
|
7DF50C660000
|
unkown image
|
page readonly
|
|
|
|
2A7227A000
|
stack
|
page read and write
|
|
|
|
2716000
|
unkown image
|
page readonly
|
|
|
|
1D4616EE000
|
unkown
|
page read and write
|
|
|
|
1036ABC0000
|
unkown image
|
page readonly
|
|
|
|
3423000
|
heap default
|
page read and write
|
|
|
|
1D4EE300000
|
unkown image
|
page readonly
|
|
|
|
9D0000
|
unkown
|
page read and write
|
|
|
|
1D4EE463000
|
unkown
|
page read and write
|
|
|
|
248DDE00000
|
unkown image
|
page readonly
|
|
|
|
7FF5783FF000
|
unkown image
|
page readonly
|
|
|
|
2C21000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE86C000
|
unkown image
|
page readonly
|
|
|
|
7FF57846A000
|
unkown image
|
page readonly
|
|
|
|
2615000
|
unkown image
|
page readonly
|
|
|
|
7FF599213000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE9FA000
|
unkown image
|
page readonly
|
|
|
|
1D461FB0000
|
unkown
|
page read and write
|
|
|
|
218C7AB0000
|
heap default
|
page read and write
|
|
|
|
7DF59F782000
|
unkown image
|
page readonly
|
|
|
|
1B0000
|
unkown image
|
page readonly
|
|
|
|
1D461652000
|
unkown
|
page read and write
|
|
|
|
7FF4FE8AF000
|
unkown image
|
page readonly
|
|
|
|
1D461F7F000
|
unkown
|
page read and write
|
|
|
|
1036ADB0000
|
heap default
|
page read and write
|
|
|
|
272B000
|
unkown image
|
page readonly
|
|
|
|
218C7E50000
|
heap private
|
page read and write
|
|
|
|
1D4EE320000
|
unkown image
|
page readonly
|
|
|
|
7330000
|
unkown
|
page read and write
|
|
|
|
218C7A60000
|
unkown image
|
page readonly
|
|
|
|
7DF564E22000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE94B000
|
unkown image
|
page readonly
|
|
|
|
1D461FCD000
|
unkown
|
page read and write
|
|
|
|
1036B0B0000
|
unkown image
|
page readonly
|
|
|
|
7FF5570CF000
|
unkown image
|
page readonly
|
|
|
|
95F1D7B000
|
stack
|
page read and write
|
|
|
|
7FF591A1F000
|
unkown image
|
page readonly
|
|
|
|
7FF5570D6000
|
unkown image
|
page readonly
|
|
|
|
27CB000
|
unkown image
|
page readonly
|
|
|
|
274B000
|
unkown image
|
page readonly
|
|
|
|
7FF5571C1000
|
unkown image
|
page readonly
|
|
|
|
7DF586150000
|
unkown image
|
page readonly
|
|
|
|
7FF591A8A000
|
unkown image
|
page readonly
|
|
|
|
7FF536CE2000
|
unkown image
|
page readonly
|
|
|
|
885087B000
|
stack
|
page read and write
|
|
|
|
7F0D0000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE8F7000
|
unkown image
|
page readonly
|
|
|
|
7FF578410000
|
unkown image
|
page readonly
|
|
|
|
1BB11580000
|
unkown image
|
page readonly
|
|
|
|
1D461FB0000
|
unkown
|
page read and write
|
|
|
|
25C7000
|
unkown image
|
page readonly
|
|
|
|
311B000
|
unkown
|
page read and write
|
|
|
|
7FF4FE5FC000
|
unkown image
|
page readonly
|
|
|
|
2C80000
|
unkown image
|
page readonly
|
|
|
|
5E0000
|
heap default
|
page read and write
|
|
|
|
7FF5991CF000
|
unkown image
|
page readonly
|
|
|
|
7FF4FE5D4000
|
unkown image
|
page readonly
|
|
|
|
1036ADE0000
|
unkown
|
page read and write
|
|
|
|
7FF598AD6000
|
unkown image
|
page readonly
|
|
|
|
218C7E59000
|
heap private
|
page read and write
|
|
|
|
218C79D0000
|
unkown image
|
page readonly
|
|
|
|
1D461FAC000
|
unkown
|
page read and write
|
|
|
|
7FF536D81000
|
unkown image
|
page readonly
|
|
|
|
218C7AF0000
|
heap default
|
page read and write
|
|
|
|
1D461CF0000
|
unkown
|
page read and write
|
|
|
|
1D4EE45D000
|
unkown
|
page read and write
|
|
|
|
218C79C0000
|
unkown
|
page read and write
|
|
|
|
7FA82000
|
unkown image
|
page readonly
|
|
|
|
1D461470000
|
heap private
|
page read and write
|
|
|
|
7DF586152000
|
unkown image
|
page readonly
|
|
|
|
885037C000
|
unkown
|
page read and write
|
|
|
|
7B0000
|
unkown image
|
page readonly
|
|
|
|
248DDC3C000
|
unkown
|
page read and write
|
|
|
|
7FF578443000
|
unkown image
|
page readonly
|
|
|
|
7FA90000
|
unkown image
|
page readonly
|
|
|
|
2F9000
|
unkown
|
page read and write
|
|
|
|
27E3000
|
unkown image
|
page readonly
|
|
|
|
1D4EE457000
|
unkown
|
page read and write
|
|
|
|
7FF4FE08C000
|
unkown image
|
page readonly
|
|
|
|
274B000
|
unkown image
|
page readonly
|
|
|
|
4F8000
|
unkown
|
page read and write
|
|
|
|
7F980000
|
unkown image
|
page readonly
|
|
|
|
248DDC55000
|
unkown
|
page read and write
|
|
|
|
248DDAB0000
|
heap default
|
page read and write
|
|
|
|
7FF4FE92E000
|
unkown image
|
page readonly
|
|
|
|
1D461CF0000
|
unkown
|
page read and write
|
|
|
|
2A722F9000
|
stack
|
page read and write
|
|
There are 874 hidden memdumps, click here to show them.