Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
wpswireless-invoice-08.11.22.doc
|
Zip archive data, at least v2.0 to extract
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\r3F3.tmp.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\y133.tmp.dll
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFDCA04E6C9BCC80E5.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\wpswireless-invoice-08.11.22.doc.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:31:46
2022, mtime=Thu Aug 11 23:58:01 2022, atime=Thu Aug 11 23:57:53 2022, length=2256213, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\y6A2E.tmp.dll
|
HTML document, ASCII text
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\63CA26CB-402D-484B-8FDD-9A1DCA3EDC07
|
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1C02F562.png
|
PNG image data, 636 x 613, 8-bit/color RGB, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\907D81FB.png
|
PNG image data, 440 x 440, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BA43D80B-197B-47FB-952A-5A1171D0EFB1}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BED8643F-71E8-40CE-8636-E16E70F1E391}.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\rm[1].htm
|
HTML document, ASCII text
|
downloaded
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
|
Little-endian UTF-16 Unicode text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\~$swireless-invoice-08.11.22.doc
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\rm[1].htm
|
HTML document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\wpswireless-invoice-08.11.22.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:53
2022, mtime=Tue Mar 8 15:45:53 2022, atime=Thu Aug 11 23:42:11 2022, length=2256213, window=hide
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
|
"C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /Automation -Embedding
|
|
|
|
C:\Users\user\AppData\Local\Temp\r3F3.tmp.exe
|
"C:\Users\user\AppData\Local\Temp\r3F3.tmp.exe" "C:\Users\user\AppData\Local\Temp\y133.tmp.dll",#1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.diagnosticssdf.office.com
|
unknown
|
||
|
https://login.microsoftonline.com/
|
unknown
|
||
|
https://shell.suite.office.com:1443
|
unknown
|
||
|
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
|
unknown
|
||
|
https://autodiscover-s.outlook.com/
|
unknown
|
||
|
https://roaming.edog.
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
|
unknown
|
||
|
https://cdn.entity.
|
unknown
|
||
|
https://api.addins.omex.office.net/appinfo/query
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/tenantassociationkey
|
unknown
|
||
|
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
|
unknown
|
||
|
https://powerlift.acompli.net
|
unknown
|
||
|
https://rpsticket.partnerservices.getmicrosoftkey.com
|
unknown
|
||
|
https://lookup.onenote.com/lookup/geolocation/v1
|
unknown
|
||
|
https://cortana.ai
|
unknown
|
||
|
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://cloudfiles.onenote.com/upload.aspx
|
unknown
|
||
|
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://entitlement.diagnosticssdf.office.com
|
unknown
|
||
|
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
|
unknown
|
||
|
https://api.aadrm.com/
|
unknown
|
||
|
https://ofcrecsvcapi-int.azurewebsites.net/
|
unknown
|
||
|
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
|
unknown
|
||
|
https://api.microsoftstream.com/api/
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
|
unknown
|
||
|
https://cr.office.com
|
unknown
|
||
|
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
|
unknown
|
||
|
https://portal.office.com/account/?ref=ClientMeControl
|
unknown
|
||
|
https://graph.ppe.windows.net
|
unknown
|
||
|
https://res.getmicrosoftkey.com/api/redemptionevents
|
unknown
|
||
|
https://powerlift-frontdesk.acompli.net
|
unknown
|
||
|
https://tasks.office.com
|
unknown
|
||
|
https://officeci.azurewebsites.net/api/
|
unknown
|
||
|
http://45.8.146.139/fhfty/_C45V3_-S5YKINT86D3PPVX0ILQLA-SG/rmP
|
unknown
|
||
|
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
|
unknown
|
||
|
https://my.microsoftpersonalcontent.com
|
unknown
|
||
|
https://store.office.cn/addinstemplate
|
unknown
|
||
|
https://api.aadrm.com
|
unknown
|
||
|
https://outlook.office.com/autosuggest/api/v1/init?cvid=
|
unknown
|
||
|
https://globaldisco.crm.dynamics.com
|
unknown
|
||
|
https://messaging.engagement.office.com/
|
unknown
|
||
|
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://dev0-api.acompli.net/autodetect
|
unknown
|
||
|
https://www.odwebp.svc.ms
|
unknown
|
||
|
https://api.diagnosticssdf.office.com/v2/feedback
|
unknown
|
||
|
https://api.powerbi.com/v1.0/myorg/groups
|
unknown
|
||
|
https://web.microsoftstream.com/video/
|
unknown
|
||
|
https://api.addins.store.officeppe.com/addinstemplate
|
unknown
|
||
|
https://graph.windows.net
|
unknown
|
||
|
https://dataservice.o365filtering.com/
|
unknown
|
||
|
https://officesetup.getmicrosoftkey.com
|
unknown
|
||
|
https://analysis.windows.net/powerbi/api
|
unknown
|
||
|
https://prod-global-autodetect.acompli.net/autodetect
|
unknown
|
||
|
https://outlook.office365.com/autodiscover/autodiscover.json
|
unknown
|
||
|
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
|
unknown
|
||
|
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
|
unknown
|
||
|
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
|
unknown
|
||
|
https://ncus.contentsync.
|
unknown
|
||
|
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
|
unknown
|
||
|
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
|
unknown
|
||
|
http://weather.service.msn.com/data.aspx
|
unknown
|
||
|
https://apis.live.net/v5.0/
|
unknown
|
||
|
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
|
unknown
|
||
|
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
|
unknown
|
||
|
https://messaging.lifecycle.office.com/
|
unknown
|
||
|
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
|
unknown
|
||
|
https://management.azure.com
|
unknown
|
||
|
https://outlook.office365.com
|
unknown
|
||
|
https://wus2.contentsync.
|
unknown
|
||
|
https://incidents.diagnostics.office.com
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/ios
|
unknown
|
||
|
https://insertmedia.bing.office.net/odc/insertmedia
|
unknown
|
||
|
https://o365auditrealtimeingestion.manage.office.com
|
unknown
|
||
|
https://outlook.office365.com/api/v1.0/me/Activities
|
unknown
|
||
|
https://api.office.net
|
unknown
|
||
|
https://incidents.diagnosticssdf.office.com
|
unknown
|
||
|
https://asgsmsproxyapi.azurewebsites.net/
|
unknown
|
||
|
https://clients.config.office.net/user/v1.0/android/policies
|
unknown
|
||
|
https://entitlement.diagnostics.office.com
|
unknown
|
||
|
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
|
unknown
|
||
|
https://substrate.office.com/search/api/v2/init
|
unknown
|
||
|
https://outlook.office.com/
|
unknown
|
||
|
https://storage.live.com/clientlogs/uploadlocation
|
unknown
|
||
|
https://outlook.office365.com/
|
unknown
|
||
|
https://webshell.suite.office.com
|
unknown
|
||
|
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
|
unknown
|
||
|
https://substrate.office.com/search/api/v1/SearchHistory
|
unknown
|
||
|
https://management.azure.com/
|
unknown
|
||
|
https://messaging.lifecycle.office.com/getcustommessage16
|
unknown
|
||
|
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
|
unknown
|
||
|
https://login.windows.net/common/oauth2/authorize
|
unknown
|
||
|
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
|
unknown
|
||
|
https://graph.windows.net/
|
unknown
|
||
|
http://45.8.146.139/fhfty/_C45V3_-S5YKINT86D3PPVX0ILQLA-SG/rm
|
45.8.146.139
|
||
|
https://api.powerbi.com/beta/myorg/imports
|
unknown
|
||
|
https://devnull.onenote.com
|
unknown
|
||
|
https://messaging.action.office.com/
|
unknown
|
||
|
https://ncus.pagecontentsync.
|
unknown
|
||
|
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
|
unknown
|
There are 90 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.8.146.139
|
unknown
|
Russian Federation
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
k6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
k6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
9o6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
RemoteClearDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
|
Last
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
FilePath
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
StartDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
EndDate
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Properties
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
|
Url
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
|
LastClean
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableWinHttpCertAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableIsOwnerRegex
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableSessionAwareHttpClose
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALForExtendedApps
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
DisableADALSetSilentAuth
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableGuestCredProvider
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
|
msoridDisableOstringReplace
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\StartupItems
|
yy6
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\1ED0B
|
1ED0B
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
|
MSForms
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Word8.0
|
MSComctlLib
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Panose
|
Cambria Math
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\2A0BB
|
2A0BB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
File Path
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Datetime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Position
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Chart Tools
|
ChartToolsSuperTooltipHidden
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
|
VisiFlm
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
|
AutoGrammar
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
|
AutosaveInterval
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options
|
PreferredView
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
|
en-US
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
WORDFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
|
LastBootTime
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Office\16.0\Word\Text Converters\Import
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100C0400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1036
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F100A0C00000000000F01FEC\Usage
|
SpellingAndGrammarFiles_3082
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109F10090400000000000F01FEC\Usage
|
SpellingAndGrammarFiles_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingConfigurableSettings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastSyncTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
|
RoamingLastWriteTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Resiliency\DocumentRecovery\2A0BB
|
2A0BB
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Datetime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Reading Locations\Document 0
|
Position
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Data
|
Settings
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
c$/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
:&/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
|(/
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\Recover
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\Recover
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\Recover
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WrdPrfctDos
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WrdPrfctDos
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WrdPrfctDos
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WordPerfect6x
|
Name
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WordPerfect6x
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Word\Text Converters\Import\WordPerfect6x
|
Extensions
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\65BE6
|
65BE6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
WORDFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP5FilesIntl_1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
TCWP6FilesIntl_1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
There are 100 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
64B7CFD000
|
stack
|
page read and write
|
||
|
232A3168000
|
heap
|
page read and write
|
||
|
1FBD1E3C000
|
heap
|
page read and write
|
||
|
163C5E4B000
|
heap
|
page read and write
|
||
|
28E0000
|
trusted library allocation
|
page read and write
|
||
|
232A7FE0000
|
trusted library allocation
|
page read and write
|
||
|
DC2B1F5000
|
unkown
|
page read and write
|
||
|
199A4113000
|
heap
|
page read and write
|
||
|
232A3E00000
|
trusted library section
|
page readonly
|
||
|
23488629000
|
heap
|
page read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
232A25D0000
|
heap
|
page read and write
|
||
|
15FC7C10000
|
remote allocation
|
page read and write
|
||
|
1883F480000
|
trusted library allocation
|
page read and write
|
||
|
7E828FD000
|
stack
|
page read and write
|
||
|
DC2B2FE000
|
unkown
|
page read and write
|
||
|
232A8270000
|
trusted library allocation
|
page read and write
|
||
|
1FBD1F13000
|
heap
|
page read and write
|
||
|
232A2E02000
|
heap
|
page read and write
|
||
|
232A817C000
|
trusted library allocation
|
page read and write
|
||
|
DC2A5FF000
|
stack
|
page read and write
|
||
|
1883EE66000
|
heap
|
page read and write
|
||
|
C1000
|
unkown
|
page execute read
|
||
|
232A2FD9000
|
heap
|
page read and write
|
||
|
15FC7A00000
|
heap
|
page read and write
|
||
|
232A2713000
|
heap
|
page read and write
|
||
|
163C5DD0000
|
heap
|
page read and write
|
||
|
23488708000
|
heap
|
page read and write
|
||
|
232A7E80000
|
trusted library allocation
|
page read and write
|
||
|
232A882E000
|
unkown
|
page read and write
|
||
|
21F96C42000
|
heap
|
page read and write
|
||
|
232A3143000
|
heap
|
page read and write
|
||
|
24E61520000
|
heap
|
page read and write
|
||
|
15FC7A6D000
|
heap
|
page read and write
|
||
|
232A8600000
|
unkown
|
page read and write
|
||
|
31FA2F7000
|
stack
|
page read and write
|
||
|
24E61629000
|
heap
|
page read and write
|
||
|
232A8800000
|
unkown
|
page read and write
|
||
|
15FC7A10000
|
trusted library allocation
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
232A305A000
|
heap
|
page read and write
|
||
|
163C5E2A000
|
heap
|
page read and write
|
||
|
449257E000
|
stack
|
page read and write
|
||
|
15FC2513000
|
heap
|
page read and write
|
||
|
232A2FC5000
|
heap
|
page read and write
|
||
|
232A863A000
|
unkown
|
page read and write
|
||
|
C9000
|
unkown
|
page readonly
|
||
|
2850000
|
remote allocation
|
page read and write
|
||
|
15FC78E0000
|
trusted library allocation
|
page read and write
|
||
|
1FBD1E4B000
|
heap
|
page read and write
|
||
|
2348864C000
|
heap
|
page read and write
|
||
|
232A3E11000
|
trusted library allocation
|
page read and write
|
||
|
21F96C29000
|
heap
|
page read and write
|
||
|
25ED000
|
stack
|
page read and write
|
||
|
163C5E53000
|
heap
|
page read and write
|
||
|
232A804E000
|
trusted library allocation
|
page read and write
|
||
|
1883F602000
|
trusted library allocation
|
page read and write
|
||
|
693ACFE000
|
stack
|
page read and write
|
||
|
232A8008000
|
trusted library allocation
|
page read and write
|
||
|
232A3000000
|
heap
|
page read and write
|
||
|
232A3CD0000
|
trusted library allocation
|
page read and write
|
||
|
232A8160000
|
trusted library allocation
|
page read and write
|
||
|
15FC2360000
|
trusted library section
|
page read and write
|
||
|
15FC24A0000
|
heap
|
page read and write
|
||
|
15FC78D1000
|
trusted library allocation
|
page read and write
|
||
|
232A82A0000
|
trusted library allocation
|
page read and write
|
||
|
449227F000
|
stack
|
page read and write
|
||
|
7E82B7E000
|
stack
|
page read and write
|
||
|
232A8000000
|
trusted library allocation
|
page read and write
|
||
|
232A801E000
|
trusted library allocation
|
page read and write
|
||
|
205E7402000
|
trusted library allocation
|
page read and write
|
||
|
15FC2D00000
|
heap
|
page read and write
|
||
|
99C2F7E000
|
stack
|
page read and write
|
||
|
163C5E00000
|
heap
|
page read and write
|
||
|
267C4FE000
|
stack
|
page read and write
|
||
|
4B90CFE000
|
stack
|
page read and write
|
||
|
15FC7B02000
|
heap
|
page read and write
|
||
|
4B90779000
|
stack
|
page read and write
|
||
|
15FC33D0000
|
trusted library section
|
page readonly
|
||
|
31F9E7B000
|
stack
|
page read and write
|
||
|
F3400FE000
|
stack
|
page read and write
|
||
|
4B90677000
|
stack
|
page read and write
|
||
|
232A3DC0000
|
trusted library section
|
page readonly
|
||
|
232A263C000
|
heap
|
page read and write
|
||
|
163C5E55000
|
heap
|
page read and write
|
||
|
232A8170000
|
trusted library allocation
|
page read and write
|
||
|
24E61602000
|
heap
|
page read and write
|
||
|
F08A0F7000
|
stack
|
page read and write
|
||
|
1883ECB0000
|
heap
|
page read and write
|
||
|
15FC23C1000
|
trusted library allocation
|
page read and write
|
||
|
1FBD1F02000
|
heap
|
page read and write
|
||
|
1FBD1F00000
|
heap
|
page read and write
|
||
|
23488671000
|
heap
|
page read and write
|
||
|
1FBD1E52000
|
heap
|
page read and write
|
||
|
C9000
|
unkown
|
page readonly
|
||
|
64B77FE000
|
stack
|
page read and write
|
||
|
1BFEC402000
|
heap
|
page read and write
|
||
|
F34007E000
|
stack
|
page read and write
|
||
|
232A8000000
|
trusted library allocation
|
page read and write
|
||
|
2348867C000
|
heap
|
page read and write
|
||
|
232A8174000
|
trusted library allocation
|
page read and write
|
||
|
4B9117F000
|
stack
|
page read and write
|
||
|
1BFEC513000
|
heap
|
page read and write
|
||
|
1FBD1E51000
|
heap
|
page read and write
|
||
|
232A880B000
|
unkown
|
page read and write
|
||
|
1BFEC502000
|
heap
|
page read and write
|
||
|
15FC78E0000
|
trusted library allocation
|
page read and write
|
||
|
DC2A7FB000
|
stack
|
page read and write
|
||
|
232A80A0000
|
trusted library allocation
|
page read and write
|
||
|
232A8420000
|
trusted library allocation
|
page read and write
|
||
|
24FDD913000
|
heap
|
page read and write
|
||
|
232A8160000
|
trusted library allocation
|
page read and write
|
||
|
232A804A000
|
trusted library allocation
|
page read and write
|
||
|
24E615F0000
|
remote allocation
|
page read and write
|
||
|
232A8739000
|
unkown
|
page read and write
|
||
|
15FC2E01000
|
trusted library allocation
|
page read and write
|
||
|
232A87F9000
|
unkown
|
page read and write
|
||
|
23488510000
|
heap
|
page read and write
|
||
|
1BFEC413000
|
heap
|
page read and write
|
||
|
C0000
|
unkown
|
page readonly
|
||
|
15FC77A0000
|
trusted library allocation
|
page read and write
|
||
|
232A31A2000
|
heap
|
page read and write
|
||
|
232A3E30000
|
trusted library allocation
|
page read and write
|
||
|
15FC2413000
|
heap
|
page read and write
|
||
|
232A2D50000
|
trusted library allocation
|
page read and write
|
||
|
199A405A000
|
heap
|
page read and write
|
||
|
232A3154000
|
heap
|
page read and write
|
||
|
21F96C5A000
|
heap
|
page read and write
|
||
|
64B7AFF000
|
stack
|
page read and write
|
||
|
232A3198000
|
heap
|
page read and write
|
||
|
CC000
|
unkown
|
page readonly
|
||
|
DC2AEFE000
|
stack
|
page read and write
|
||
|
1883EE7D000
|
heap
|
page read and write
|
||
|
15FC7A18000
|
heap
|
page read and write
|
||
|
2850000
|
remote allocation
|
page read and write
|
||
|
205E6A30000
|
heap
|
page read and write
|
||
|
7E8277F000
|
stack
|
page read and write
|
||
|
163C5F02000
|
heap
|
page read and write
|
||
|
15FC2457000
|
heap
|
page read and write
|
||
|
232A7E50000
|
trusted library allocation
|
page read and write
|
||
|
232A8745000
|
unkown
|
page read and write
|
||
|
232A31F8000
|
heap
|
page read and write
|
||
|
4491A7B000
|
stack
|
page read and write
|
||
|
232A8020000
|
trusted library allocation
|
page read and write
|
||
|
232A2F71000
|
heap
|
page read and write
|
||
|
449207E000
|
stack
|
page read and write
|
||
|
232A8010000
|
trusted library allocation
|
page read and write
|
||
|
7E824FC000
|
stack
|
page read and write
|
||
|
163C5E82000
|
heap
|
page read and write
|
||
|
232A27EB000
|
heap
|
page read and write
|
||
|
24FDD690000
|
heap
|
page read and write
|
||
|
21F96C6B000
|
heap
|
page read and write
|
||
|
C9000
|
unkown
|
page readonly
|
||
|
232A268F000
|
heap
|
page read and write
|
||
|
232A817C000
|
trusted library allocation
|
page read and write
|
||
|
232A801E000
|
trusted library allocation
|
page read and write
|
||
|
232A8014000
|
trusted library allocation
|
page read and write
|
||
|
C9000
|
unkown
|
page readonly
|
||
|
232A31A9000
|
heap
|
page read and write
|
||
|
232A8010000
|
trusted library allocation
|
page read and write
|
||
|
4491C7B000
|
stack
|
page read and write
|
||
|
232A8000000
|
trusted library allocation
|
page read and write
|
||
|
15FC243C000
|
heap
|
page read and write
|
||
|
232A8170000
|
trusted library allocation
|
page read and write
|
||
|
31FA0FF000
|
stack
|
page read and write
|
||
|
DC2AC7B000
|
stack
|
page read and write
|
||
|
1BFEC48D000
|
heap
|
page read and write
|
||
|
15FC2429000
|
heap
|
page read and write
|
||
|
232A8018000
|
trusted library allocation
|
page read and write
|
||
|
232A2FF4000
|
heap
|
page read and write
|
||
|
283C000
|
stack
|
page read and write
|
||
|
15FC7AE1000
|
heap
|
page read and write
|
||
|
232A2F2C000
|
heap
|
page read and write
|
||
|
232A8160000
|
trusted library allocation
|
page read and write
|
||
|
232A8160000
|
trusted library allocation
|
page read and write
|
||
|
232A2F94000
|
heap
|
page read and write
|
||
|
15FC7A00000
|
trusted library allocation
|
page read and write
|
||
|
F089BFE000
|
stack
|
page read and write
|
||
|
232A3E40000
|
trusted library allocation
|
page read and write
|
||
|
4B9097E000
|
stack
|
page read and write
|
||
|
4B90AFF000
|
stack
|
page read and write
|
||
|
232A817C000
|
trusted library allocation
|
page read and write
|
||
|
232A864F000
|
unkown
|
page read and write
|
||
|
F08A1FF000
|
stack
|
page read and write
|
||
|
DC2B3FE000
|
unkown
|
page read and write
|
||
|
232A3A80000
|
trusted library allocation
|
page read and write
|
||
|
199A4029000
|
heap
|
page read and write
|
||
|
1883EF02000
|
heap
|
page read and write
|
||
|
15FC7A74000
|
heap
|
page read and write
|
||
|
21F96C63000
|
heap
|
page read and write
|
||
|
DC2A97A000
|
stack
|
page read and write
|
||
|
DC2A1AC000
|
stack
|
page read and write
|
||
|
232A8160000
|
trusted library allocation
|
page read and write
|
||
|
C0000
|
unkown
|
page readonly
|
||
|
2348864F000
|
heap
|
page read and write
|
||
|
232A3DB0000
|
trusted library section
|
page readonly
|
||
|
15FC7AF7000
|
heap
|
page read and write
|
||
|
23488648000
|
heap
|
page read and write
|
||
|
199A4041000
|
heap
|
page read and write
|
||
|
1FBD1CA0000
|
heap
|
page read and write
|
||
|
1883ECC0000
|
heap
|
page read and write
|
||
|
232A7FFC000
|
trusted library allocation
|
page read and write
|
||
|
232A31E9000
|
heap
|
page read and write
|
||
|
C1000
|
unkown
|
page execute read
|
||
|
232A87F2000
|
unkown
|
page read and write
|
||
|
163C5E4D000
|
heap
|
page read and write
|
||
|
232A8240000
|
trusted library allocation
|
page read and write
|
||
|
232A875D000
|
unkown
|
page read and write
|
||
|
31F9F7F000
|
stack
|
page read and write
|
||
|
24FDD8E3000
|
heap
|
page read and write
|
||
|
64B7BFD000
|
stack
|
page read and write
|
||
|
24FDE13A000
|
heap
|
page read and write
|
||
|
1FBD1E4A000
|
heap
|
page read and write
|
||
|
205E6C02000
|
heap
|
page read and write
|
||
|
1BFEC1F0000
|
heap
|
page read and write
|
||
|
CC000
|
unkown
|
page readonly
|
||
|
232A87C6000
|
unkown
|
page read and write
|
||
|
15FC2478000
|
heap
|
page read and write
|
||
|
693AFFB000
|
stack
|
page read and write
|
||
|
199A4058000
|
heap
|
page read and write
|
||
|
99C2EFE000
|
stack
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
199A4002000
|
heap
|
page read and write
|
||
|
232A8728000
|
unkown
|
page read and write
|
||
|
24FDD6F0000
|
heap
|
page read and write
|
||
|
15FC78F4000
|
trusted library allocation
|
page read and write
|
||
|
232A8012000
|
trusted library allocation
|
page read and write
|
||
|
232A8080000
|
trusted library allocation
|
page read and write
|
||
|
15FC78F0000
|
trusted library allocation
|
page read and write
|
||
|
232A2560000
|
heap
|
page read and write
|
||
|
15FC2350000
|
trusted library allocation
|
page read and write
|
||
|
232A8140000
|
trusted library allocation
|
page read and write
|
||
|
232A87F6000
|
unkown
|
page read and write
|
||
|
232A8014000
|
trusted library allocation
|
page read and write
|
||
|
232A301B000
|
heap
|
page read and write
|
||
|
1FBD1E6F000
|
heap
|
page read and write
|
||
|
232A2FB1000
|
heap
|
page read and write
|
||
|
205E6C43000
|
heap
|
page read and write
|
||
|
1883EE59000
|
heap
|
page read and write
|
||
|
232A266C000
|
heap
|
page read and write
|
||
|
DC2ADFE000
|
stack
|
page read and write
|
||
|
21F96C55000
|
heap
|
page read and write
|
||
|
7E820EB000
|
stack
|
page read and write
|
||
|
449237F000
|
stack
|
page read and write
|
||
|
99C307B000
|
stack
|
page read and write
|
||
|
232A87BA000
|
unkown
|
page read and write
|
||
|
232A2FE1000
|
heap
|
page read and write
|
||
|
15FC247A000
|
heap
|
page read and write
|
||
|
232A8016000
|
trusted library allocation
|
page read and write
|
||
|
163C5E8C000
|
heap
|
page read and write
|
||
|
4B90D7F000
|
stack
|
page read and write
|
||
|
232A2E00000
|
heap
|
page read and write
|
||
|
15FC24FC000
|
heap
|
page read and write
|
||
|
232A2613000
|
heap
|
page read and write
|
||
|
24E61E02000
|
trusted library allocation
|
page read and write
|
||
|
15FC7B04000
|
heap
|
page read and write
|
||
|
4B90B7E000
|
stack
|
page read and write
|
||
|
1883EE61000
|
heap
|
page read and write
|
||
|
15FC7AFD000
|
heap
|
page read and write
|
||
|
199A3F50000
|
heap
|
page read and write
|
||
|
15FC23F0000
|
trusted library allocation
|
page read and write
|
||
|
21F96C7B000
|
heap
|
page read and write
|
||
|
232A8200000
|
trusted library allocation
|
page read and write
|
||
|
232A8022000
|
trusted library allocation
|
page read and write
|
||
|
1FBD2602000
|
trusted library allocation
|
page read and write
|
||
|
15FC33E0000
|
trusted library section
|
page readonly
|
||
|
DC2B0FD000
|
unkown
|
page read and write
|
||
|
15FC21F0000
|
heap
|
page read and write
|
||
|
232A801A000
|
trusted library allocation
|
page read and write
|
||
|
4491D7E000
|
stack
|
page read and write
|
||
|
1883EF00000
|
heap
|
page read and write
|
||
|
232A801A000
|
trusted library allocation
|
page read and write
|
||
|
15FC2C00000
|
heap
|
page read and write
|
||
|
C9000
|
unkown
|
page readonly
|
||
|
232A31F5000
|
heap
|
page read and write
|
||
|
1883EE28000
|
heap
|
page read and write
|
||
|
205E6C29000
|
heap
|
page read and write
|
||
|
232A31A7000
|
heap
|
page read and write
|
||
|
232A3DD0000
|
trusted library section
|
page readonly
|
||
|
232A8170000
|
trusted library allocation
|
page read and write
|
||
|
1BFEC427000
|
heap
|
page read and write
|
||
|
24FDD829000
|
heap
|
page read and write
|
||
|
4B90F7B000
|
stack
|
page read and write
|
||
|
232A8020000
|
trusted library allocation
|
page read and write
|
||
|
15FC79C0000
|
trusted library allocation
|
page read and write
|
||
|
81E69FF000
|
stack
|
page read and write
|
||
|
15FC33C0000
|
trusted library section
|
page readonly
|
||
|
21F96C6D000
|
heap
|
page read and write
|
||
|
21F96A40000
|
heap
|
page read and write
|
||
|
693AD7F000
|
stack
|
page read and write
|
||
|
DC2B6FE000
|
unkown
|
page read and write
|
||
|
232A8170000
|
trusted library allocation
|
page read and write
|
||
|
15FC23E0000
|
trusted library allocation
|
page read and write
|
||
|
24FDE112000
|
heap
|
page read and write
|
||
|
232A8150000
|
trusted library allocation
|
page read and write
|
||
|
232A881F000
|
unkown
|
page read and write
|
||
|
163C5E58000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
1883EE02000
|
heap
|
page read and write
|
||
|
2890000
|
heap
|
page read and write
|
||
|
232A2570000
|
heap
|
page read and write
|
||
|
24FDD8CC000
|
heap
|
page read and write
|
||
|
199A4013000
|
heap
|
page read and write
|
||
|
1883EE00000
|
heap
|
page read and write
|
||
|
1BFEC260000
|
heap
|
page read and write
|
||
|
232A8008000
|
trusted library allocation
|
page read and write
|
||
|
99C33FE000
|
stack
|
page read and write
|
||
|
15FC7980000
|
trusted library allocation
|
page read and write
|
||
|
232A800C000
|
trusted library allocation
|
page read and write
|
||
|
21F97402000
|
trusted library allocation
|
page read and write
|
||
|
232A7FE0000
|
trusted library allocation
|
page read and write
|
||
|
163C5F08000
|
heap
|
page read and write
|
||
|
1FBD1E8B000
|
heap
|
page read and write
|
||
|
232A865F000
|
unkown
|
page read and write
|
||
|
24FDD874000
|
heap
|
page read and write
|
||
|
1FBD1E81000
|
heap
|
page read and write
|
||
|
205E6C13000
|
heap
|
page read and write
|
||
|
232A8174000
|
trusted library allocation
|
page read and write
|
||
|
232A8005000
|
trusted library allocation
|
page read and write
|
||
|
163C5D70000
|
heap
|
page read and write
|
||
|
15FC7A3D000
|
heap
|
page read and write
|
||
|
232A808C000
|
trusted library allocation
|
page read and write
|
||
|
232A31C5000
|
heap
|
page read and write
|
||
|
232A87FD000
|
unkown
|
page read and write
|
||
|
21F96C7A000
|
heap
|
page read and write
|
||
|
232A315F000
|
heap
|
page read and write
|
||
|
199A3EF0000
|
heap
|
page read and write
|
||
|
232A316E000
|
heap
|
page read and write
|
||
|
232A2656000
|
heap
|
page read and write
|
||
|
232A7E40000
|
trusted library allocation
|
page read and write
|
||
|
CC000
|
unkown
|
page readonly
|
||
|
163C6602000
|
trusted library allocation
|
page read and write
|
||
|
232A87D7000
|
unkown
|
page read and write
|
||
|
693B1FE000
|
stack
|
page read and write
|
||
|
232A804E000
|
trusted library allocation
|
page read and write
|
||
|
99C2E7C000
|
stack
|
page read and write
|
||
|
15FC78D4000
|
trusted library allocation
|
page read and write
|
||
|
F089B7E000
|
stack
|
page read and write
|
||
|
15FC7A62000
|
heap
|
page read and write
|
||
|
232A8430000
|
trusted library allocation
|
page read and write
|
||
|
15FC2C02000
|
heap
|
page read and write
|
||
|
232A8014000
|
trusted library allocation
|
page read and write
|
||
|
21F96C3D000
|
heap
|
page read and write
|
||
|
232A2F25000
|
heap
|
page read and write
|
||
|
232A2F00000
|
heap
|
page read and write
|
||
|
24E61600000
|
heap
|
page read and write
|
||
|
15FC2492000
|
heap
|
page read and write
|
||
|
F089AFC000
|
stack
|
page read and write
|
||
|
15FC7A1D000
|
heap
|
page read and write
|
||
|
23488649000
|
heap
|
page read and write
|
||
|
21F96C6A000
|
heap
|
page read and write
|
||
|
15FC2C15000
|
heap
|
page read and write
|
||
|
2B0F000
|
stack
|
page read and write
|
||
|
232A801C000
|
trusted library allocation
|
page read and write
|
||
|
232A2686000
|
heap
|
page read and write
|
||
|
232A2694000
|
heap
|
page read and write
|
||
|
F34037E000
|
stack
|
page read and write
|
||
|
15FC7790000
|
trusted library allocation
|
page read and write
|
||
|
1883EE41000
|
heap
|
page read and write
|
||
|
15FC7B05000
|
heap
|
page read and write
|
||
|
1FBD1E00000
|
heap
|
page read and write
|
||
|
1FBD1E13000
|
heap
|
page read and write
|
||
|
15FC248C000
|
heap
|
page read and write
|
||
|
232A3164000
|
heap
|
page read and write
|
||
|
199A3F80000
|
trusted library allocation
|
page read and write
|
||
|
1FBD1C40000
|
heap
|
page read and write
|
||
|
232A2683000
|
heap
|
page read and write
|
||
|
15FC3410000
|
trusted library section
|
page readonly
|
||
|
232A804A000
|
trusted library allocation
|
page read and write
|
||
|
15FC21E0000
|
heap
|
page read and write
|
||
|
267C6FE000
|
stack
|
page read and write
|
||
|
31FA3FF000
|
stack
|
page read and write
|
||
|
21F96C77000
|
heap
|
page read and write
|
||
|
232A81D0000
|
trusted library allocation
|
page read and write
|
||
|
21F96C5C000
|
heap
|
page read and write
|
||
|
693B3FF000
|
stack
|
page read and write
|
||
|
DC2A6FF000
|
stack
|
page read and write
|
||
|
F34027E000
|
stack
|
page read and write
|
||
|
15FC2400000
|
heap
|
page read and write
|
||
|
1BFEC360000
|
trusted library allocation
|
page read and write
|
||
|
232A31D5000
|
heap
|
page read and write
|
||
|
232A264C000
|
heap
|
page read and write
|
||
|
232A2F1D000
|
heap
|
page read and write
|
||
|
232A87B7000
|
unkown
|
page read and write
|
||
|
232A8018000
|
trusted library allocation
|
page read and write
|
||
|
15FC79E0000
|
trusted library allocation
|
page read and write
|
||
|
15FC7A2A000
|
heap
|
page read and write
|
||
|
23488570000
|
heap
|
page read and write
|
||
|
C1000
|
unkown
|
page execute read
|
||
|
232A2FC7000
|
heap
|
page read and write
|
||
|
205E6C00000
|
heap
|
page read and write
|
||
|
1BFEC43C000
|
heap
|
page read and write
|
||
|
232A8065000
|
trusted library allocation
|
page read and write
|
||
|
23488500000
|
heap
|
page read and write
|
||
|
163C5D60000
|
heap
|
page read and write
|
||
|
232A8170000
|
trusted library allocation
|
page read and write
|
||
|
232A800E000
|
trusted library allocation
|
page read and write
|
||
|
81E68FB000
|
stack
|
page read and write
|
||
|
232A800C000
|
trusted library allocation
|
page read and write
|
||
|
232A8022000
|
trusted library allocation
|
page read and write
|
||
|
21F96AB0000
|
heap
|
page read and write
|
||
|
81E6AFF000
|
stack
|
page read and write
|
||
|
232A8669000
|
unkown
|
page read and write
|
||
|
1FBD1E29000
|
heap
|
page read and write
|
||
|
23488613000
|
heap
|
page read and write
|
||
|
15FC7C10000
|
remote allocation
|
page read and write
|
||
|
1FBD1C30000
|
heap
|
page read and write
|
||
|
232A87A1000
|
unkown
|
page read and write
|
||
|
15FC7B00000
|
heap
|
page read and write
|
||
|
24FDE100000
|
heap
|
page read and write
|
||
|
C0000
|
unkown
|
page readonly
|
||
|
24FDD8BD000
|
heap
|
page read and write
|
||
|
163C5F13000
|
heap
|
page read and write
|
||
|
C0000
|
unkown
|
page readonly
|
||
|
24E6165C000
|
heap
|
page read and write
|
||
|
15FC248E000
|
heap
|
page read and write
|
||
|
64B730B000
|
stack
|
page read and write
|
||
|
232A7FFC000
|
trusted library allocation
|
page read and write
|
||
|
232A8160000
|
trusted library allocation
|
page read and write
|
||
|
1FBD1F08000
|
heap
|
page read and write
|
||
|
232A2E15000
|
heap
|
page read and write
|
||
|
99C317B000
|
stack
|
page read and write
|
||
|
15FC79D0000
|
trusted library allocation
|
page read and write
|
||
|
1FBD1E02000
|
heap
|
page read and write
|
||
|
232A3023000
|
heap
|
page read and write
|
||
|
232A2FCC000
|
heap
|
page read and write
|
||
|
232A2643000
|
heap
|
page read and write
|
||
|
232A3176000
|
heap
|
page read and write
|
||
|
15FC2470000
|
heap
|
page read and write
|
||
|
232A7EC0000
|
trusted library allocation
|
page read and write
|
||
|
21F96C62000
|
heap
|
page read and write
|
||
|
232A3100000
|
heap
|
page read and write
|
||
|
232A8602000
|
unkown
|
page read and write
|
||
|
24FDD844000
|
heap
|
page read and write
|
||
|
99C32FF000
|
stack
|
page read and write
|
||
|
1FBD1E49000
|
heap
|
page read and write
|
||
|
1FBD1E4C000
|
heap
|
page read and write
|
||
|
15FC7AAF000
|
heap
|
page read and write
|
||
|
21F96BB0000
|
trusted library allocation
|
page read and write
|
||
|
267BFBB000
|
stack
|
page read and write
|
||
|
232A31AF000
|
heap
|
page read and write
|
||
|
232A817C000
|
trusted library allocation
|
page read and write
|
||
|
232A87C1000
|
unkown
|
page read and write
|
||
|
232A3DF0000
|
trusted library section
|
page readonly
|
||
|
232A27C2000
|
heap
|
page read and write
|
||
|
31FA5FF000
|
stack
|
page read and write
|
||
|
CC000
|
unkown
|
page readonly
|
||
|
DC2AFFB000
|
unkown
|
page read and write
|
||
|
15FC78D0000
|
trusted library allocation
|
page read and write
|
||
|
232A8210000
|
trusted library allocation
|
page read and write
|
||
|
232A8010000
|
trusted library allocation
|
page read and write
|
||
|
232A817C000
|
trusted library allocation
|
page read and write
|
||
|
4B90A7B000
|
stack
|
page read and write
|
||
|
21F96C5F000
|
heap
|
page read and write
|
||
|
24FDD7F0000
|
trusted library allocation
|
page read and write
|
||
|
21F96C3B000
|
heap
|
page read and write
|
||
|
199A4102000
|
heap
|
page read and write
|
||
|
21F96C58000
|
heap
|
page read and write
|
||
|
4B9087B000
|
stack
|
page read and write
|
||
|
232A801C000
|
trusted library allocation
|
page read and write
|
||
|
15FC249E000
|
heap
|
page read and write
|
||
|
DC2AD7F000
|
stack
|
page read and write
|
||
|
232A268A000
|
heap
|
page read and write
|
||
|
232A8771000
|
unkown
|
page read and write
|
||
|
15FC33F0000
|
trusted library section
|
page readonly
|
||
|
232A8016000
|
trusted library allocation
|
page read and write
|
||
|
23488713000
|
heap
|
page read and write
|
||
|
163C5E3C000
|
heap
|
page read and write
|
||
|
205E6D02000
|
heap
|
page read and write
|
||
|
232A2F02000
|
heap
|
page read and write
|
||
|
24FDD800000
|
heap
|
page read and write
|
||
|
163C5E93000
|
heap
|
page read and write
|
||
|
232A87D5000
|
unkown
|
page read and write
|
||
|
15FC2D18000
|
heap
|
page read and write
|
||
|
28DE000
|
stack
|
page read and write
|
||
|
205E6C37000
|
heap
|
page read and write
|
||
|
693B0F7000
|
stack
|
page read and write
|
||
|
232A8174000
|
trusted library allocation
|
page read and write
|
||
|
F33FDDB000
|
stack
|
page read and write
|
||
|
232A314D000
|
heap
|
page read and write
|
||
|
21F96C40000
|
heap
|
page read and write
|
||
|
232A300A000
|
heap
|
page read and write
|
||
|
232A8170000
|
trusted library allocation
|
page read and write
|
||
|
DC2AB7E000
|
stack
|
page read and write
|
||
|
232A876C000
|
unkown
|
page read and write
|
||
|
232A2F58000
|
heap
|
page read and write
|
||
|
232A3002000
|
heap
|
page read and write
|
||
|
1883EE68000
|
heap
|
page read and write
|
||
|
15FC32E0000
|
trusted library allocation
|
page read and write
|
||
|
15FC2502000
|
heap
|
page read and write
|
||
|
449217F000
|
stack
|
page read and write
|
||
|
23488652000
|
heap
|
page read and write
|
||
|
232A8150000
|
trusted library allocation
|
page read and write
|
||
|
1883EE22000
|
heap
|
page read and write
|
||
|
24FDD8CE000
|
heap
|
page read and write
|
||
|
99C34FF000
|
stack
|
page read and write
|
||
|
199A3EE0000
|
heap
|
page read and write
|
||
|
24FDD88B000
|
heap
|
page read and write
|
||
|
1BFEC476000
|
heap
|
page read and write
|
||
|
81E6BFE000
|
stack
|
page read and write
|
||
|
F34047E000
|
stack
|
page read and write
|
||
|
232A2FDB000
|
heap
|
page read and write
|
||
|
F089FFB000
|
stack
|
page read and write
|
||
|
205E6A40000
|
heap
|
page read and write
|
||
|
232A8010000
|
trusted library allocation
|
page read and write
|
||
|
163C5E4F000
|
heap
|
page read and write
|
||
|
15FC78B0000
|
trusted library allocation
|
page read and write
|
||
|
24E61530000
|
heap
|
page read and write
|
||
|
232A8174000
|
trusted library allocation
|
page read and write
|
||
|
15FC2D13000
|
heap
|
page read and write
|
||
|
4B90BFE000
|
stack
|
page read and write
|
||
|
DC2A57E000
|
stack
|
page read and write
|
||
|
232A7FE0000
|
trusted library allocation
|
page read and write
|
||
|
DC2A879000
|
stack
|
page read and write
|
||
|
7E82C7C000
|
stack
|
page read and write
|
||
|
21F96C65000
|
heap
|
page read and write
|
||
|
449247E000
|
stack
|
page read and write
|
||
|
1BFECC02000
|
trusted library allocation
|
page read and write
|
||
|
1FBD1E4E000
|
heap
|
page read and write
|
||
|
232A8700000
|
unkown
|
page read and write
|
||
|
163C5E57000
|
heap
|
page read and write
|
||
|
15FC2D02000
|
heap
|
page read and write
|
||
|
F34057F000
|
stack
|
page read and write
|
||
|
232A81E0000
|
trusted library allocation
|
page read and write
|
||
|
21F96A50000
|
heap
|
page read and write
|
||
|
232A278E000
|
heap
|
page read and write
|
||
|
DC2ACFE000
|
stack
|
page read and write
|
||
|
163C5E52000
|
heap
|
page read and write
|
||
|
267C5F9000
|
stack
|
page read and write
|
||
|
163C5F00000
|
heap
|
page read and write
|
||
|
163C5E72000
|
heap
|
page read and write
|
||
|
163C5E6F000
|
heap
|
page read and write
|
||
|
15FC7C10000
|
remote allocation
|
page read and write
|
||
|
205E6A90000
|
heap
|
page read and write
|
||
|
21F96C7E000
|
heap
|
page read and write
|
||
|
15FC24AE000
|
heap
|
page read and write
|
||
|
232A874C000
|
unkown
|
page read and write
|
||
|
7E82D7F000
|
stack
|
page read and write
|
||
|
15FC78B8000
|
trusted library allocation
|
page read and write
|
||
|
232A8180000
|
trusted library allocation
|
page read and write
|
||
|
C0000
|
unkown
|
page readonly
|
||
|
2348863C000
|
heap
|
page read and write
|
||
|
232A316A000
|
heap
|
page read and write
|
||
|
199A4000000
|
heap
|
page read and write
|
||
|
232A8200000
|
trusted library allocation
|
page read and write
|
||
|
1BFEC200000
|
heap
|
page read and write
|
||
|
232A801C000
|
trusted library allocation
|
page read and write
|
||
|
232A8824000
|
unkown
|
page read and write
|
||
|
31FA1FB000
|
stack
|
page read and write
|
||
|
23488702000
|
heap
|
page read and write
|
||
|
232A8174000
|
trusted library allocation
|
page read and write
|
||
|
232A3DE0000
|
trusted library section
|
page readonly
|
||
|
21F96C47000
|
heap
|
page read and write
|
||
|
24FDD813000
|
heap
|
page read and write
|
||
|
232A8174000
|
trusted library allocation
|
page read and write
|
||
|
CC000
|
unkown
|
page readonly
|
||
|
24E615C0000
|
trusted library allocation
|
page read and write
|
||
|
1FBD1E80000
|
heap
|
page read and write
|
||
|
DC2B5FD000
|
unkown
|
page read and write
|
||
|
21F96C67000
|
heap
|
page read and write
|
||
|
232A8000000
|
trusted library allocation
|
page read and write
|
||
|
232A2600000
|
heap
|
page read and write
|
||
|
2850000
|
remote allocation
|
page read and write
|
||
|
21F96C84000
|
heap
|
page read and write
|
||
|
199A4802000
|
trusted library allocation
|
page read and write
|
||
|
21F96C32000
|
heap
|
page read and write
|
||
|
232A8280000
|
trusted library allocation
|
page read and write
|
||
|
31F9EFE000
|
stack
|
page read and write
|
||
|
232A2F2F000
|
heap
|
page read and write
|
||
|
81E63BC000
|
stack
|
page read and write
|
||
|
24FDD902000
|
heap
|
page read and write
|
||
|
232A8637000
|
unkown
|
page read and write
|
||
|
232A88FD000
|
unkown
|
page read and write
|
||
|
15FC3400000
|
trusted library section
|
page readonly
|
||
|
21F96C60000
|
heap
|
page read and write
|
||
|
64B787C000
|
stack
|
page read and write
|
||
|
232A817C000
|
trusted library allocation
|
page read and write
|
||
|
15FC7AE6000
|
heap
|
page read and write
|
||
|
163C5E49000
|
heap
|
page read and write
|
||
|
23488E02000
|
trusted library allocation
|
page read and write
|
||
|
4B9047B000
|
stack
|
page read and write
|
||
|
4B90C7F000
|
stack
|
page read and write
|
||
|
2348864A000
|
heap
|
page read and write
|
||
|
1FBD1E4F000
|
heap
|
page read and write
|
||
|
232A8012000
|
trusted library allocation
|
page read and write
|
||
|
21F96C00000
|
heap
|
page read and write
|
||
|
21F96C26000
|
heap
|
page read and write
|
||
|
15FC2475000
|
heap
|
page read and write
|
||
|
163C5E51000
|
heap
|
page read and write
|
||
|
234885A0000
|
trusted library allocation
|
page read and write
|
||
|
24FDE002000
|
heap
|
page read and write
|
||
|
232A2629000
|
heap
|
page read and write
|
||
|
21F96C56000
|
heap
|
page read and write
|
||
|
1FBD1DA0000
|
trusted library allocation
|
page read and write
|
||
|
24FDD680000
|
heap
|
page read and write
|
||
|
15FC8000000
|
heap
|
page read and write
|
||
|
232A31DE000
|
heap
|
page read and write
|
||
|
15FC79F0000
|
trusted library allocation
|
page read and write
|
||
|
23488700000
|
heap
|
page read and write
|
||
|
15FC2BC0000
|
trusted library allocation
|
page read and write
|
||
|
232A31C2000
|
heap
|
page read and write
|
||
|
15FC2D18000
|
heap
|
page read and write
|
||
|
163C6530000
|
trusted library allocation
|
page read and write
|
||
|
DC2A4FA000
|
stack
|
page read and write
|
||
|
21F96C13000
|
heap
|
page read and write
|
||
|
C1000
|
unkown
|
page execute read
|
||
|
31FA4FD000
|
stack
|
page read and write
|
||
|
693AE7D000
|
stack
|
page read and write
|
||
|
232A2D30000
|
trusted library allocation
|
page read and write
|
||
|
1BFEC471000
|
heap
|
page read and write
|
||
|
232A875A000
|
unkown
|
page read and write
|
||
|
DC2AE7E000
|
stack
|
page read and write
|
||
|
205E6C52000
|
heap
|
page read and write
|
||
|
1BFEC400000
|
heap
|
page read and write
|
||
|
31FA07C000
|
stack
|
page read and write
|
||
|
232A8000000
|
trusted library allocation
|
page read and write
|
||
|
232A2F1D000
|
heap
|
page read and write
|
||
|
23488688000
|
heap
|
page read and write
|
||
|
232A8000000
|
trusted library allocation
|
page read and write
|
||
|
693AC7B000
|
stack
|
page read and write
|
||
|
232A81C0000
|
trusted library allocation
|
page read and write
|
||
|
693B2FA000
|
stack
|
page read and write
|
||
|
232A7ED0000
|
trusted library allocation
|
page read and write
|
||
|
23488600000
|
heap
|
page read and write
|
||
|
205E6C3E000
|
heap
|
page read and write
|
||
|
232A8010000
|
trusted library allocation
|
page read and write
|
||
|
7E82A7C000
|
stack
|
page read and write
|
||
|
C1000
|
unkown
|
page execute read
|
||
|
232A265F000
|
heap
|
page read and write
|
||
|
64B76FE000
|
stack
|
page read and write
|
||
|
24E615F0000
|
remote allocation
|
page read and write
|
||
|
15FC78BE000
|
trusted library allocation
|
page read and write
|
||
|
205E6B90000
|
trusted library allocation
|
page read and write
|
||
|
DC2B4FF000
|
unkown
|
page read and write
|
||
|
1883ED20000
|
heap
|
page read and write
|
||
|
232A2643000
|
heap
|
page read and write
|
||
|
232A2658000
|
heap
|
page read and write
|
||
|
232A87AE000
|
unkown
|
page read and write
|
||
|
7E8297B000
|
stack
|
page read and write
|
||
|
199A4076000
|
heap
|
page read and write
|
||
|
24E61590000
|
heap
|
page read and write
|
||
|
1BFEC489000
|
heap
|
page read and write
|
||
|
232A8005000
|
trusted library allocation
|
page read and write
|
||
|
232A8065000
|
trusted library allocation
|
page read and write
|
||
|
232A8250000
|
trusted library allocation
|
page read and write
|
||
|
232A8813000
|
unkown
|
page read and write
|
||
|
64B797E000
|
stack
|
page read and write
|
||
|
24E61702000
|
heap
|
page read and write
|
||
|
4B90E7B000
|
stack
|
page read and write
|
||
|
232A87DA000
|
unkown
|
page read and write
|
||
|
21F96C57000
|
heap
|
page read and write
|
||
|
1BFEC48B000
|
heap
|
page read and write
|
||
|
7E827FC000
|
stack
|
page read and write
|
||
|
24E61613000
|
heap
|
page read and write
|
||
|
7E8267F000
|
stack
|
page read and write
|
||
|
4491E7C000
|
stack
|
page read and write
|
||
|
F08A2FE000
|
stack
|
page read and write
|
||
|
232A81B0000
|
trusted library allocation
|
page read and write
|
||
|
24E615F0000
|
remote allocation
|
page read and write
|
||
|
DC2AA7C000
|
stack
|
page read and write
|
||
|
15FC7A72000
|
heap
|
page read and write
|
||
|
232A3780000
|
trusted library allocation
|
page read and write
|
||
|
232A2FC3000
|
heap
|
page read and write
|
||
|
1883EF13000
|
heap
|
page read and write
|
||
|
15FC7A4A000
|
heap
|
page read and write
|
||
|
21F96D02000
|
heap
|
page read and write
|
||
|
15FC2250000
|
heap
|
page read and write
|
||
|
1883EE13000
|
heap
|
page read and write
|
||
|
232A8733000
|
unkown
|
page read and write
|
||
|
24E6163C000
|
heap
|
page read and write
|
||
|
232A8613000
|
unkown
|
page read and write
|
||
|
21F96C4D000
|
heap
|
page read and write
|
||
|
163C5E13000
|
heap
|
page read and write
|
||
|
15FC78B0000
|
trusted library allocation
|
page read and write
|
||
|
205E6C2F000
|
heap
|
page read and write
|
||
|
232A800E000
|
trusted library allocation
|
page read and write
|
||
|
232A8000000
|
trusted library allocation
|
page read and write
|
||
|
64B7A7D000
|
stack
|
page read and write
|
||
|
15FC23E3000
|
trusted library allocation
|
page read and write
|
||
|
232A877F000
|
unkown
|
page read and write
|
||
|
15FC3760000
|
trusted library allocation
|
page read and write
|
||
|
99C3277000
|
stack
|
page read and write
|
||
|
232A8653000
|
unkown
|
page read and write
|
||
|
F3401FE000
|
stack
|
page read and write
|
||
|
693AEFF000
|
stack
|
page read and write
|
||
|
23488645000
|
heap
|
page read and write
|
||
|
232A8130000
|
trusted library allocation
|
page read and write
|
||
|
1BFEC429000
|
heap
|
page read and write
|
||
|
232A2661000
|
heap
|
page read and write
|
There are 679 hidden memdumps, click here to show them.