Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Compensation-1730406737-09272021.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Test, Last Saved By:
Test, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:17:20 2015, Last Saved Time/Date: Mon
Sep 27 10:38:52 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44466.7022844907[1].dat
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44466.7022844907[2].dat
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44466.7022844907[3].dat
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Drezd.red
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Drezd1.red
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Drezd2.red
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 -silent ..\Drezd.red
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-silent ..\Drezd.red
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 -silent ..\Drezd1.red
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn fpdnnxq /tr 'regsvr32.exe -s \'C:\Users\user\Drezd.red\''
/SC ONCE /Z /ST 16:53 /ET 17:05
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-silent ..\Drezd1.red
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe -s 'C:\Users\user\Drezd.red'
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s 'C:\Users\user\Drezd.red'
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 -silent ..\Drezd2.red
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-silent ..\Drezd2.red
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\reg.exe
|
C:\Windows\system32\reg.exe ADD 'HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths' /f /t REG_DWORD /v 'C:\ProgramData\Microsoft\Djryxcyvgoe'
/d '0'
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\reg.exe
|
C:\Windows\system32\reg.exe ADD 'HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths' /f /t REG_DWORD /v 'C:\Users\user\AppData\Roaming\Microsoft\Benqxuam'
/d '0'
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe -s 'C:\Users\user\Drezd.red'
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s 'C:\Users\user\Drezd.red'
|
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://190.14.37.178/44466.7022844907.dat
|
190.14.37.178
|
|
|
|
http://185.250.148.213/44466.7022844907.dat
|
185.250.148.213
|
|
|
|
http://185.183.96.67/44466.7022844907.dat
|
185.183.96.67
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.183.96.67
|
unknown
|
Netherlands
|
|
|
|
190.14.37.178
|
unknown
|
Panama
|
|
|
|
185.250.148.213
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
',-
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D49D
|
2D49D
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{79353955-DA68-4297-870E-CA8D594B50DB}\2.0
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{79353955-DA68-4297-870E-CA8D594B50DB}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{79353955-DA68-4297-870E-CA8D594B50DB}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{79353955-DA68-4297-870E-CA8D594B50DB}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{79353955-DA68-4297-870E-CA8D594B50DB}\2.0
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{79353955-DA68-4297-870E-CA8D594B50DB}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{79353955-DA68-4297-870E-CA8D594B50DB}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{79353955-DA68-4297-870E-CA8D594B50DB}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC904D23-768E-4B8B-AA7E-0E789305E902}\1.2
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC904D23-768E-4B8B-AA7E-0E789305E902}\1.2\FLAGS
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC904D23-768E-4B8B-AA7E-0E789305E902}\1.2\0\win32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CC904D23-768E-4B8B-AA7E-0E789305E902}\1.2\HELPDIR
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00024518-0000-0000-C000-000000000046}
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
}7-
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\38056
|
38056
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\382E6
|
382E6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Jhveyicyauzw
|
7f3945b5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Jhveyicyauzw
|
4aa695fb
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Jhveyicyauzw
|
48e7b587
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Jhveyicyauzw
|
f05bd2e2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Jhveyicyauzw
|
8d539d68
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Jhveyicyauzw
|
35effa0d
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Jhveyicyauzw
|
f21af29e
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Jhveyicyauzw
|
702a43
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Jhveyicyauzw
|
7f3945b5
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bbutlvs
|
f6f33628
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bbutlvs
|
c36ce666
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bbutlvs
|
c12dc61a
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bbutlvs
|
7991a17f
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bbutlvs
|
499eef5
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bbutlvs
|
bc258990
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bbutlvs
|
7bd08103
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bbutlvs
|
89ba59de
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bbutlvs
|
f6f33628
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
C:\ProgramData\Microsoft\Djryxcyvgoe
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
C:\Users\user\AppData\Roaming\Microsoft\Benqxuam
|
|
There are 212 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
32E000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
20E0000
|
unkown image
|
page readonly
|
|
|
|
39A000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
35C000
|
unkown
|
page read and write
|
|
|
|
590000
|
unkown image
|
page readonly
|
|
|
|
9E0000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2BBF000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
2DF3000
|
heap private
|
page read and write
|
|
|
|
C00000
|
heap private
|
page read and write
|
|
|
|
5F0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
9FF000
|
unkown
|
page read and write
|
|
|
|
247000
|
heap default
|
page read and write
|
|
|
|
570000
|
unkown
|
page read and write
|
|
|
|
80000
|
unkown image
|
page execute and read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
27FF000
|
heap private
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
6A4000
|
heap default
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
4B4000
|
heap default
|
page read and write
|
|
|
|
281C000
|
unkown
|
page read and write
|
|
|
|
470000
|
unkown
|
page read and write
|
|
|
|
5EF000
|
unkown
|
page read and write
|
|
|
|
5F4000
|
heap private
|
page read and write
|
|
|
|
2E7000
|
heap default
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
290000
|
heap default
|
page read and write
|
|
|
|
18DE000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
13E000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
200000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
A5F000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
1BC0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
209B000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
127C000
|
unkown
|
page read and write
|
|
|
|
1F4000
|
heap private
|
page read and write
|
|
|
|
226C000
|
unkown
|
page read and write
|
|
|
|
1790000
|
heap private
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
190000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
186000
|
unkown
|
page read and write
|
|
|
|
12BF000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
heap private
|
page read and write
|
|
|
|
E0000
|
heap default
|
page read and write
|
|
|
|
13EE000
|
unkown
|
page read and write
|
|
|
|
2C0000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
510000
|
heap private
|
page read and write
|
|
|
|
37A000
|
heap default
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
290000
|
heap private
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
5F0000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
530000
|
heap private
|
page read and write
|
|
|
|
950000
|
unkown image
|
page readonly
|
|
|
|
630000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
3D2000
|
heap default
|
page read and write
|
|
|
|
1F6000
|
unkown
|
page read and write
|
|
|
|
393000
|
heap default
|
page read and write
|
|
|
|
516000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
B0000
|
unkown
|
page read and write
|
|
|
|
330000
|
heap private
|
page read and write
|
|
|
|
2C03000
|
heap private
|
page read and write
|
|
|
|
2CE000
|
heap default
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
C10000
|
heap private
|
page read and write
|
|
|
|
1BB000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7C0000
|
unkown
|
page read and write
|
|
|
|
4D8000
|
unkown
|
page read and write
|
|
|
|
27CD000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
BA0000
|
unkown
|
page execute and read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
990000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
80000
|
unkown image
|
page execute and read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
280F000
|
unkown
|
page read and write
|
|
|
|
5E0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
A0000
|
unkown image
|
page readonly
|
|
|
|
80000
|
unkown image
|
page execute and read and write
|
|
|
|
10052000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
604000
|
heap default
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
22B0000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
D80000
|
unkown image
|
page readonly
|
|
|
|
FB000
|
unkown
|
page read and write
|
|
|
|
123F000
|
heap private
|
page read and write
|
|
|
|
22DF000
|
heap private
|
page read and write
|
|
|
|
2D8F000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
490000
|
heap default
|
page read and write
|
|
|
|
3F6000
|
heap private
|
page read and write
|
|
|
|
3C3000
|
heap default
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
279000
|
heap default
|
page read and write
|
|
|
|
264000
|
heap default
|
page read and write
|
|
|
|
104000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
4A6000
|
unkown
|
page read and write
|
|
|
|
D90000
|
unkown image
|
page readonly
|
|
|
|
416000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
200000
|
heap private
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
272000
|
heap default
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
64E000
|
unkown
|
page read and write
|
|
|
|
24B000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
300000
|
heap default
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
260000
|
unkown image
|
page read and write
|
|
|
|
8B0000
|
heap private
|
page read and write
|
|
|
|
4E2000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
164F000
|
unkown
|
page read and write
|
|
|
|
4D5000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
384000
|
heap default
|
page read and write
|
|
|
|
1FC0000
|
unkown image
|
page readonly
|
|
|
|
480000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
620000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
4DF000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
27B0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
77E000
|
unkown
|
page read and write
|
|
|
|
2125000
|
heap private
|
page read and write
|
|
|
|
600000
|
unkown
|
page read and write
|
|
|
|
8F0000
|
unkown image
|
page readonly
|
|
|
|
5E0000
|
heap default
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
340000
|
unkown
|
page execute and read and write
|
|
|
|
C0000
|
unkown image
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
350000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2B40000
|
heap private
|
page read and write
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
2075000
|
heap private
|
page read and write
|
|
|
|
100000
|
heap private
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
580000
|
heap private
|
page read and write
|
|
|
|
2CE000
|
unkown
|
page read and write
|
|
|
|
670000
|
unkown image
|
page readonly
|
|
|
|
C2F000
|
unkown
|
page read and write
|
|
|
|
B0000
|
unkown
|
page read and write
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
BE1000
|
unkown
|
page execute and read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
A0000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
22DF000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
27CE000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
1A0000
|
heap private
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
90000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page read and write
|
|
|
|
280B000
|
unkown
|
page read and write
|
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
1491000
|
unkown
|
page read and write
|
|
|
|
160000
|
heap default
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
276F000
|
unkown
|
page read and write
|
|
|
|
8E0000
|
unkown image
|
page readonly
|
|
|
|
497000
|
heap default
|
page read and write
|
|
|
|
4F4000
|
heap private
|
page read and write
|
|
|
|
23A2000
|
heap private
|
page read and write
|
|
|
|
327000
|
heap default
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
330000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
524000
|
heap default
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2AC0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2060000
|
heap private
|
page read and write
|
|
|
|
3B0000
|
heap private
|
page read and write
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
142F000
|
unkown
|
page read and write
|
|
|
|
2D2F000
|
unkown
|
page read and write
|
|
|
|
2190000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
17B3000
|
heap private
|
page read and write
|
|
|
|
2200000
|
unkown image
|
page readonly
|
|
|
|
760000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
1D2000
|
heap default
|
page read and write
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
4C0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
10044000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
B0000
|
unkown image
|
page readonly
|
|
|
|
2260000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
4E0000
|
unkown
|
page read and write
|
|
|
|
2E4F000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
16BE000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
580000
|
unkown image
|
page readonly
|
|
|
|
4E6000
|
unkown
|
page read and write
|
|
|
|
860000
|
unkown image
|
page readonly
|
|
|
|
460000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
D80000
|
unkown
|
page execute and read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
4E8000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
3BE000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
25C000
|
unkown
|
page read and write
|
|
|
|
8A0000
|
unkown image
|
page readonly
|
|
|
|
2380000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
10052000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
136E000
|
unkown
|
page read and write
|
|
|
|
336000
|
heap private
|
page read and write
|
|
|
|
BD5000
|
unkown
|
page execute and read and write
|
|
|
|
1F0000
|
heap private
|
page read and write
|
|
|
|
18A000
|
unkown
|
page read and write
|
|
|
|
8CD000
|
unkown
|
page read and write
|
|
|
|
420000
|
unkown
|
page read and write
|
|
|
|
199000
|
heap default
|
page read and write
|
|
|
|
4D2000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
680000
|
heap default
|
page read and write
|
|
|
|
5AF000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
1A9F000
|
unkown
|
page read and write
|
|
|
|
2190000
|
unkown image
|
page readonly
|
|
|
|
2871000
|
unkown
|
page execute and read and write
|
|
|
|
1C0000
|
unkown
|
page read and write
|
|
|
|
2A7C000
|
unkown
|
page read and write
|
|
|
|
294000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
280000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
2D0000
|
heap private
|
page read and write
|
|
|
|
8FE000
|
unkown
|
page read and write
|
|
|
|
687000
|
heap default
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
4DD000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
9A000
|
unkown
|
page read and write
|
|
|
|
590000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
320000
|
heap default
|
page read and write
|
|
|
|
2780000
|
heap private
|
page read and write
|
|
|
|
5A6000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
69F000
|
heap default
|
page read and write
|
|
|
|
8E0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
590000
|
unkown image
|
page readonly
|
|
|
|
476000
|
unkown
|
page read and write
|
|
|
|
5A6000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
39A000
|
heap default
|
page read and write
|
|
|
|
27B0000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
377000
|
heap default
|
page read and write
|
|
|
|
25CF000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
239E000
|
unkown
|
page read and write
|
|
|
|
167000
|
heap default
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
DC1000
|
unkown
|
page execute and read and write
|
|
|
|
69A000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
26C000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page read and write
|
|
|
|
37E000
|
heap default
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
18B000
|
unkown
|
page read and write
|
|
|
|
890000
|
heap private
|
page read and write
|
|
|
|
970000
|
heap private
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
123F000
|
heap private
|
page read and write
|
|
|
|
1CC0000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
D7F000
|
unkown
|
page read and write
|
|
|
|
136000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
370000
|
heap default
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
15B0000
|
heap private
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
2120000
|
heap private
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
23B0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
440000
|
heap default
|
page read and write
|
|
|
|
23F000
|
heap default
|
page read and write
|
|
|
|
584000
|
heap private
|
page read and write
|
|
|
|
B0000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
297000
|
heap default
|
page read and write
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
347000
|
heap default
|
page read and write
|
|
|
|
1D20000
|
unkown image
|
page readonly
|
|
|
|
3F0000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
2B45000
|
heap private
|
page read and write
|
|
|
|
500000
|
heap default
|
page read and write
|
|
|
|
13C000
|
unkown
|
page read and write
|
|
|
|
23C0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
375000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
EC000
|
unkown
|
page read and write
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
C50000
|
unkown image
|
page readonly
|
|
|
|
23A000
|
heap default
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
340000
|
unkown image
|
page readonly
|
|
|
|
784000
|
heap private
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
5F0000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
1795000
|
heap private
|
page read and write
|
|
|
|
15FF000
|
unkown
|
page read and write
|
|
|
|
D20000
|
heap private
|
page read and write
|
|
|
|
23A0000
|
heap private
|
page read and write
|
|
|
|
2E0000
|
heap default
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
180F000
|
heap private
|
page read and write
|
|
|
|
347000
|
heap default
|
page read and write
|
|
|
|
3AE000
|
heap default
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
400000
|
heap private
|
page read and write
|
|
|
|
131E000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
365000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
27B1000
|
unkown
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
3F0000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
27FF000
|
heap private
|
page read and write
|
|
|
|
2C5F000
|
heap private
|
page read and write
|
|
|
|
8B0000
|
unkown
|
page read and write
|
|
|
|
2384000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2671000
|
unkown
|
page read and write
|
|
|
|
20F0000
|
unkown image
|
page readonly
|
|
|
|
226000
|
unkown
|
page read and write
|
|
|
|
DC000
|
unkown
|
page read and write
|
|
|
|
35E000
|
heap default
|
page read and write
|
|
|
|
240000
|
heap default
|
page read and write
|
|
|
|
330000
|
heap private
|
page read and write
|
|
|
|
710000
|
unkown image
|
page readonly
|
|
|
|
61D000
|
unkown
|
page read and write
|
|
|
|
1EC000
|
unkown
|
page read and write
|
|
|
|
1B4F000
|
unkown
|
page read and write
|
|
|
|
255E000
|
unkown
|
page read and write
|
|
|
|
22DF000
|
heap private
|
page read and write
|
|
|
|
200000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
206000
|
heap private
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
307000
|
heap default
|
page read and write
|
|
|
|
7DD000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
393000
|
heap default
|
page read and write
|
|
|
|
476000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
11C0000
|
heap private
|
page read and write
|
|
|
|
148E000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
1D20000
|
unkown image
|
page readonly
|
|
|
|
19F000
|
heap default
|
page read and write
|
|
|
|
27B000
|
unkown
|
page read and write
|
|
|
|
4E0000
|
heap private
|
page read and write
|
|
|
|
E00000
|
unkown image
|
page readonly
|
|
|
|
23E0000
|
unkown image
|
page readonly
|
|
|
|
340000
|
heap default
|
page read and write
|
|
|
|
1A6000
|
heap private
|
page read and write
|
|
|
|
2B2000
|
heap private
|
page read and write
|
|
|
|
29CC000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
39A000
|
heap default
|
page read and write
|
|
|
|
536000
|
heap private
|
page read and write
|
|
|
|
2DD0000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
364000
|
unkown
|
page read and write
|
|
|
|
4F0000
|
heap private
|
page read and write
|
|
|
|
A7F000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
26E0000
|
heap private
|
page read and write
|
|
|
|
23A4000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
DC000
|
unkown
|
page read and write
|
|
|
|
1490000
|
unkown
|
page read and write
|
|
|
|
289F000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
92F000
|
heap private
|
page read and write
|
|
|
|
210000
|
heap default
|
page read and write
|
|
|
|
626000
|
heap private
|
page read and write
|
|
|
|
10044000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
196000
|
unkown
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
354000
|
unkown
|
page read and write
|
|
|
|
A5E000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
B0000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
560000
|
heap private
|
page read and write
|
|
|
|
460000
|
unkown image
|
page readonly
|
|
|
|
760000
|
unkown image
|
page readonly
|
|
|
|
330000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
367000
|
heap default
|
page read and write
|
|
|
|
20AB000
|
heap private
|
page read and write
|
|
|
|
2865000
|
unkown
|
page execute and read and write
|
|
|
|
507000
|
heap default
|
page read and write
|
|
|
|
E0000
|
heap default
|
page read and write
|
|
|
|
5C4000
|
heap private
|
page read and write
|
|
|
|
450000
|
heap private
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
250000
|
unkown image
|
page readonly
|
|
|
|
3E0000
|
heap default
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
25D0000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
294E000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
31E000
|
heap default
|
page read and write
|
|
|
|
2ADE000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
756000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
27D000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
6B0000
|
unkown image
|
page readonly
|
|
|
|
15C000
|
unkown
|
page read and write
|
|
|
|
FD000
|
unkown
|
page read and write
|
|
|
|
2830000
|
unkown
|
page execute and read and write
|
|
|
|
340000
|
heap default
|
page read and write
|
|
|
|
120000
|
heap default
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
590000
|
unkown image
|
page readonly
|
|
|
|
5F4000
|
heap private
|
page read and write
|
|
|
|
820000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
2BE0000
|
heap private
|
page read and write
|
|
|
|
340000
|
heap default
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
3CA000
|
heap default
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
7F0000
|
unkown image
|
page readonly
|
|
|
|
720000
|
heap private
|
page read and write
|
|
|
|
2F0000
|
unkown image
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
22C5000
|
heap private
|
page read and write
|
|
|
|
4F0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
370000
|
heap private
|
page read and write
|
|
|
|
260000
|
unkown image
|
page read and write
|
|
|
|
333000
|
heap default
|
page read and write
|
|
|
|
710000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
516000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
10044000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
200000
|
heap private
|
page read and write
|
|
|
|
34E000
|
unkown
|
page read and write
|
|
|
|
950000
|
heap private
|
page read and write
|
|
|
|
2070000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
6D2000
|
heap default
|
page read and write
|
|
|
|
D0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
33F000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
37E000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
368000
|
unkown
|
page read and write
|
|
|
|
215B000
|
heap private
|
page read and write
|
|
|
|
10052000
|
unkown image
|
page readonly
|
|
|
|
27CE000
|
unkown
|
page read and write
|
|
|
|
2C1C000
|
unkown
|
page read and write
|
|
|
|
1FC000
|
unkown
|
page read and write
|
|
|
|
564000
|
heap private
|
page read and write
|
|
|
|
31E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
363000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
1EDD000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
170000
|
unkown image
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
184000
|
heap default
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
8A000
|
unkown
|
page read and write
|
|
|
|
24DF000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
1EC0000
|
unkown
|
page read and write
|
|
|
|
362000
|
unkown
|
page read and write
|
|
|
|
5E7000
|
heap default
|
page read and write
|
|
|
|
340000
|
heap default
|
page read and write
|
|
|
|
22AC000
|
unkown
|
page read and write
|
|
|
|
176C000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
940000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
684000
|
heap default
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
5A0000
|
heap private
|
page read and write
|
|
|
|
660000
|
heap default
|
page read and write
|
|
|
|
2D90000
|
unkown image
|
page readonly
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
500000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
D90000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
8F0000
|
unkown image
|
page readonly
|
|
|
|
273C000
|
unkown
|
page read and write
|
|
|
|
2C4000
|
heap private
|
page read and write
|
|
|
|
130000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
292F000
|
unkown
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
23C2000
|
heap private
|
page read and write
|
|
|
|
690000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
540000
|
unkown image
|
page readonly
|
|
|
|
357000
|
heap default
|
page read and write
|
|
|
|
292000
|
heap default
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
85D000
|
unkown
|
page read and write
|
|
|
|
21D000
|
unkown
|
page read and write
|
|
|
|
6E0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
D40000
|
heap private
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
2DD5000
|
heap private
|
page read and write
|
|
|
|
1BC000
|
unkown
|
page read and write
|
|
|
|
7A2000
|
heap private
|
page read and write
|
|
|
|
A80000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
2CCA000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
6A0000
|
unkown image
|
page readonly
|
|
|
|
140000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
92F000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
25D1000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
39F000
|
heap default
|
page read and write
|
|
|
|
2BE5000
|
heap private
|
page read and write
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
520000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
2EBE000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
22C3000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
667000
|
heap default
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
2630000
|
heap private
|
page read and write
|
|
|
|
2320000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
960000
|
unkown image
|
page readonly
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
27F000
|
heap default
|
page read and write
|
|
|
|
170000
|
unkown image
|
page read and write
|
|
|
|
CEC000
|
unkown
|
page read and write
|
|
|
|
870000
|
unkown image
|
page readonly
|
|
|
|
24F0000
|
heap private
|
page read and write
|
|
|
|
800000
|
unkown image
|
page readonly
|
|
|
|
2C30000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
373000
|
heap default
|
page read and write
|
|
|
|
DB5000
|
unkown
|
page execute and read and write
|
|
|
|
381000
|
unkown
|
page execute and read and write
|
|
|
|
750000
|
heap private
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown image
|
page readonly
|
|
|
|
200000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
5F4000
|
heap private
|
page read and write
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
20D000
|
unkown
|
page read and write
|
|
|
|
470000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
2B63000
|
heap private
|
page read and write
|
|
|
|
1FC000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
D80000
|
heap private
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
2ACE000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
730000
|
unkown image
|
page readonly
|
|
|
|
224000
|
heap default
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
724000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
10052000
|
unkown image
|
page readonly
|
|
|
|
334000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
90000
|
unkown
|
page read and write
|
|
|
|
2065000
|
heap private
|
page read and write
|
|
|
|
80000
|
unkown image
|
page execute and read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
123F000
|
heap private
|
page read and write
|
|
|
|
7AD000
|
unkown
|
page read and write
|
|
|
|
1EC000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
720000
|
unkown image
|
page readonly
|
|
|
|
33E000
|
heap default
|
page read and write
|
|
|
|
10044000
|
unkown image
|
page readonly
|
|
|
|
456000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
200000
|
heap default
|
page read and write
|
|
|
|
2CC000
|
unkown
|
page read and write
|
|
|
|
2670000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
780000
|
heap private
|
page read and write
|
|
|
|
680000
|
unkown image
|
page readonly
|
|
|
|
25EE000
|
unkown
|
page read and write
|
|
|
|
580000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
33A000
|
heap default
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
207000
|
heap default
|
page read and write
|
|
|
|
126E000
|
unkown
|
page read and write
|
|
|
|
4C0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
There are 796 hidden memdumps, click here to show them.