Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
#Qbot downloader.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Test, Last Saved By:
Test, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:17:20 2015, Last Saved Time/Date: Mon
Sep 27 10:38:52 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44466.8890891204[1].dat
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44466.8890891204[2].dat
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Drezd.red
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Drezd1.red
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 -silent ..\Drezd.red
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-silent ..\Drezd.red
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 -silent ..\Drezd1.red
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn vevmwwj /tr 'regsvr32.exe -s \'C:\Users\user\Drezd.red\''
/SC ONCE /Z /ST 21:23 /ET 21:35
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-silent ..\Drezd1.red
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe -s 'C:\Users\user\Drezd.red'
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s 'C:\Users\user\Drezd.red'
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 -silent ..\Drezd2.red
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\reg.exe
|
C:\Windows\system32\reg.exe ADD 'HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths' /f /t REG_DWORD /v 'C:\ProgramData\Microsoft\Krngnamoimcp'
/d '0'
|
|
|
|
C:\Windows\System32\reg.exe
|
C:\Windows\system32\reg.exe ADD 'HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths' /f /t REG_DWORD /v 'C:\Users\user\AppData\Roaming\Microsoft\Waizacawzvcu'
/d '0'
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe -s 'C:\Users\user\Drezd.red'
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s 'C:\Users\user\Drezd.red'
|
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://185.183.96.67/44466.8890891204.dat
|
185.183.96.67
|
|
|
|
http://190.14.37.178/44466.8890891204.dat
|
190.14.37.178
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.183.96.67
|
unknown
|
Netherlands
|
|
|
|
190.14.37.178
|
unknown
|
Panama
|
|
|
|
185.250.148.213
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
9|%
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D3B3
|
2D3B3
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A697CDF-B101-4FF3-9D9F-82FCCD82AABE}\2.0
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A697CDF-B101-4FF3-9D9F-82FCCD82AABE}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A697CDF-B101-4FF3-9D9F-82FCCD82AABE}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8A697CDF-B101-4FF3-9D9F-82FCCD82AABE}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{8A697CDF-B101-4FF3-9D9F-82FCCD82AABE}\2.0
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{8A697CDF-B101-4FF3-9D9F-82FCCD82AABE}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{8A697CDF-B101-4FF3-9D9F-82FCCD82AABE}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{8A697CDF-B101-4FF3-9D9F-82FCCD82AABE}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EE786B9-C102-4775-8FD9-C5CB86B313A1}\1.2
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EE786B9-C102-4775-8FD9-C5CB86B313A1}\1.2\FLAGS
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EE786B9-C102-4775-8FD9-C5CB86B313A1}\1.2\0\win32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0EE786B9-C102-4775-8FD9-C5CB86B313A1}\1.2\HELPDIR
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00024518-0000-0000-C000-000000000046}
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
s&%
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\44F77
|
44F77
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\451D8
|
451D8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Aknouuyuwy
|
2cbbc103
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Aknouuyuwy
|
1924114d
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Aknouuyuwy
|
1b653131
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Aknouuyuwy
|
a3d95654
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Aknouuyuwy
|
ded119de
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Aknouuyuwy
|
666d7ebb
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Aknouuyuwy
|
a1987628
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Aknouuyuwy
|
53f2aef5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Aknouuyuwy
|
2cbbc103
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bjuybfbrscu
|
aeb92bad
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bjuybfbrscu
|
9b26fbe3
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bjuybfbrscu
|
9967db9f
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bjuybfbrscu
|
21dbbcfa
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bjuybfbrscu
|
5cd3f370
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bjuybfbrscu
|
e46f9415
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bjuybfbrscu
|
239a9c86
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bjuybfbrscu
|
d1f0445b
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Bjuybfbrscu
|
aeb92bad
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
C:\ProgramData\Microsoft\Krngnamoimcp
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
C:\Users\user\AppData\Roaming\Microsoft\Waizacawzvcu
|
|
There are 212 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
80000
|
unkown image
|
page execute and read and write
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page read and write
|
|
|
|
80000
|
unkown image
|
page execute and read and write
|
|
|
|
80000
|
unkown image
|
page execute and read and write
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
2860000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
BFE000
|
unkown
|
page read and write
|
|
|
|
17AE000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
390000
|
heap private
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
1E6000
|
unkown
|
page read and write
|
|
|
|
2E50000
|
heap private
|
page read and write
|
|
|
|
470000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
394000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
6F0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
367000
|
heap default
|
page read and write
|
|
|
|
E9F000
|
heap private
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
1EA0000
|
unkown image
|
page readonly
|
|
|
|
7F0000
|
unkown image
|
page readonly
|
|
|
|
510000
|
unkown
|
page read and write
|
|
|
|
3FD000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2A2000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
220000
|
heap default
|
page read and write
|
|
|
|
3D4000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
464000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
924000
|
heap private
|
page read and write
|
|
|
|
C0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
2E0000
|
heap default
|
page read and write
|
|
|
|
4F0000
|
unkown
|
page read and write
|
|
|
|
26EA000
|
unkown
|
page read and write
|
|
|
|
356000
|
unkown
|
page read and write
|
|
|
|
70000
|
unkown image
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
220000
|
heap default
|
page read and write
|
|
|
|
487000
|
heap default
|
page read and write
|
|
|
|
45D000
|
unkown
|
page read and write
|
|
|
|
27A000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
32D000
|
heap default
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
164F000
|
heap private
|
page read and write
|
|
|
|
325000
|
heap default
|
page read and write
|
|
|
|
2700000
|
heap private
|
page read and write
|
|
|
|
496000
|
unkown
|
page read and write
|
|
|
|
130E000
|
unkown
|
page read and write
|
|
|
|
FD000
|
unkown
|
page read and write
|
|
|
|
950000
|
unkown image
|
page readonly
|
|
|
|
5F0000
|
unkown image
|
page readonly
|
|
|
|
B0F000
|
unkown
|
page read and write
|
|
|
|
BB000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2274000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
4F2000
|
heap default
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
264F000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
240000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
18AF000
|
unkown
|
page read and write
|
|
|
|
4D1000
|
unkown
|
page execute and read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
460000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
100000
|
unkown image
|
page read and write
|
|
|
|
25FF000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
1DB000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
510000
|
unkown image
|
page readonly
|
|
|
|
217B000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
29E0000
|
heap private
|
page read and write
|
|
|
|
190000
|
heap default
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
514000
|
heap private
|
page read and write
|
|
|
|
3E0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
B0000
|
unkown image
|
page readonly
|
|
|
|
7BA000
|
heap default
|
page read and write
|
|
|
|
1F0000
|
heap default
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2A3000
|
unkown
|
page read and write
|
|
|
|
13BF000
|
unkown
|
page read and write
|
|
|
|
2AD000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
2C6C000
|
unkown
|
page read and write
|
|
|
|
780000
|
heap default
|
page read and write
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
10052000
|
unkown image
|
page readonly
|
|
|
|
664000
|
heap private
|
page read and write
|
|
|
|
510000
|
heap private
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown image
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
800000
|
unkown image
|
page readonly
|
|
|
|
15F3000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
2E4000
|
heap default
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
55E000
|
unkown
|
page read and write
|
|
|
|
DF0000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
447000
|
heap default
|
page read and write
|
|
|
|
6B4000
|
heap private
|
page read and write
|
|
|
|
32B000
|
unkown
|
page read and write
|
|
|
|
6D0000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
140000
|
heap private
|
page read and write
|
|
|
|
1B4000
|
heap private
|
page read and write
|
|
|
|
546000
|
unkown
|
page read and write
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
280F000
|
unkown
|
page read and write
|
|
|
|
297000
|
heap default
|
page read and write
|
|
|
|
2A4000
|
unkown
|
page read and write
|
|
|
|
7BF000
|
heap default
|
page read and write
|
|
|
|
4A4000
|
heap default
|
page read and write
|
|
|
|
6E0000
|
unkown image
|
page readonly
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
940000
|
heap private
|
page read and write
|
|
|
|
220E000
|
unkown
|
page read and write
|
|
|
|
2B8000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
570000
|
unkown image
|
page readonly
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
5CF000
|
heap default
|
page read and write
|
|
|
|
1A0000
|
heap default
|
page read and write
|
|
|
|
10052000
|
unkown image
|
page readonly
|
|
|
|
2CDE000
|
unkown
|
page read and write
|
|
|
|
25E000
|
heap default
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
EAF000
|
unkown
|
page read and write
|
|
|
|
24A000
|
heap default
|
page read and write
|
|
|
|
1E3000
|
heap default
|
page read and write
|
|
|
|
605000
|
unkown
|
page execute and read and write
|
|
|
|
74E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
C60000
|
unkown
|
page read and write
|
|
|
|
42C000
|
unkown
|
page read and write
|
|
|
|
410000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
22D000
|
unkown
|
page read and write
|
|
|
|
C0000
|
unkown image
|
page read and write
|
|
|
|
940000
|
unkown image
|
page readonly
|
|
|
|
3F0000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
16FE000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
277000
|
heap default
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
910000
|
unkown image
|
page readonly
|
|
|
|
156E000
|
unkown
|
page read and write
|
|
|
|
1D40000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
10044000
|
unkown image
|
page readonly
|
|
|
|
26FF000
|
unkown
|
page read and write
|
|
|
|
426000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
2E1F000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
2B70000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
2DC3000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
3D0000
|
heap private
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
15A000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
840000
|
unkown image
|
page readonly
|
|
|
|
FD000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
B0000
|
unkown
|
page read and write
|
|
|
|
2C0000
|
heap default
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
26D000
|
unkown
|
page read and write
|
|
|
|
2C4E000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
19C000
|
unkown
|
page read and write
|
|
|
|
12B0000
|
heap private
|
page read and write
|
|
|
|
590000
|
heap default
|
page read and write
|
|
|
|
510000
|
heap private
|
page read and write
|
|
|
|
336000
|
unkown
|
page read and write
|
|
|
|
597000
|
heap default
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
22B0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
11C0000
|
heap private
|
page read and write
|
|
|
|
A0000
|
unkown image
|
page readonly
|
|
|
|
E7E000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
5E0000
|
heap private
|
page read and write
|
|
|
|
410000
|
heap private
|
page read and write
|
|
|
|
370000
|
unkown image
|
page read and write
|
|
|
|
FE0000
|
unkown image
|
page readonly
|
|
|
|
10052000
|
unkown image
|
page readonly
|
|
|
|
2C7000
|
heap default
|
page read and write
|
|
|
|
7B0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
228B000
|
heap private
|
page read and write
|
|
|
|
240000
|
heap default
|
page read and write
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
2D6F000
|
unkown
|
page read and write
|
|
|
|
304000
|
heap default
|
page read and write
|
|
|
|
6C0000
|
unkown image
|
page readonly
|
|
|
|
850000
|
unkown image
|
page readonly
|
|
|
|
90000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
2741000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
6F0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
AE0000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
283000
|
heap default
|
page read and write
|
|
|
|
243000
|
heap default
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
390000
|
heap default
|
page read and write
|
|
|
|
13D000
|
unkown
|
page read and write
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
540000
|
unkown image
|
page readonly
|
|
|
|
110000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
11D1000
|
unkown
|
page read and write
|
|
|
|
5E0000
|
unkown image
|
page readonly
|
|
|
|
2110000
|
unkown
|
page execute and read and write
|
|
|
|
2B0000
|
heap default
|
page read and write
|
|
|
|
450000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
200000
|
unkown image
|
page readonly
|
|
|
|
7A0000
|
unkown image
|
page readonly
|
|
|
|
2B6000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
787000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3C0000
|
heap default
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
920000
|
heap private
|
page read and write
|
|
|
|
2DFE000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
2740000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
21DB000
|
heap private
|
page read and write
|
|
|
|
27C1000
|
unkown
|
page read and write
|
|
|
|
27CE000
|
unkown
|
page read and write
|
|
|
|
940000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
611000
|
unkown
|
page execute and read and write
|
|
|
|
273000
|
heap default
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
1EC000
|
unkown
|
page read and write
|
|
|
|
2E0000
|
heap default
|
page read and write
|
|
|
|
140F000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
5E6000
|
heap private
|
page read and write
|
|
|
|
2870000
|
heap private
|
page read and write
|
|
|
|
38C000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
197000
|
heap default
|
page read and write
|
|
|
|
E6F000
|
heap private
|
page read and write
|
|
|
|
22E000
|
heap default
|
page read and write
|
|
|
|
1D10000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2250000
|
heap private
|
page read and write
|
|
|
|
20000
|
heap private
|
page read and write
|
|
|
|
870000
|
unkown image
|
page readonly
|
|
|
|
1C0000
|
unkown
|
page read and write
|
|
|
|
237000
|
heap default
|
page read and write
|
|
|
|
410000
|
unkown
|
page read and write
|
|
|
|
5B4000
|
heap default
|
page read and write
|
|
|
|
21A0000
|
unkown image
|
page readonly
|
|
|
|
2A8000
|
unkown
|
page read and write
|
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
460000
|
unkown image
|
page readonly
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
39E000
|
heap default
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
1DC000
|
unkown
|
page read and write
|
|
|
|
322000
|
heap default
|
page read and write
|
|
|
|
B0000
|
unkown
|
page read and write
|
|
|
|
28A000
|
heap default
|
page read and write
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
10044000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
364000
|
heap private
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
150000
|
heap default
|
page read and write
|
|
|
|
5CE000
|
unkown
|
page read and write
|
|
|
|
1BB000
|
unkown
|
page read and write
|
|
|
|
414000
|
heap private
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
2780000
|
heap private
|
page read and write
|
|
|
|
6D6000
|
heap private
|
page read and write
|
|
|
|
2F0000
|
unkown image
|
page readonly
|
|
|
|
2A80000
|
heap private
|
page read and write
|
|
|
|
2BF000
|
unkown
|
page read and write
|
|
|
|
2A5000
|
unkown
|
page read and write
|
|
|
|
1ED000
|
unkown
|
page read and write
|
|
|
|
28DF000
|
heap private
|
page read and write
|
|
|
|
2255000
|
heap private
|
page read and write
|
|
|
|
294000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
146F000
|
unkown
|
page read and write
|
|
|
|
2140000
|
heap private
|
page read and write
|
|
|
|
2DA0000
|
heap private
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
2C6000
|
unkown
|
page read and write
|
|
|
|
2DA5000
|
heap private
|
page read and write
|
|
|
|
1F7000
|
heap default
|
page read and write
|
|
|
|
198C000
|
unkown
|
page read and write
|
|
|
|
338000
|
unkown
|
page read and write
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
2270000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
C7D000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
28DF000
|
heap private
|
page read and write
|
|
|
|
2801000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
E6F000
|
heap private
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
2D4000
|
heap default
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
21A0000
|
heap private
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
4BF000
|
heap default
|
page read and write
|
|
|
|
261F000
|
unkown
|
page read and write
|
|
|
|
5E2000
|
heap default
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
5CF000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
144000
|
heap private
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
500000
|
heap private
|
page read and write
|
|
|
|
1BC000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
26BE000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
660000
|
heap private
|
page read and write
|
|
|
|
946000
|
heap private
|
page read and write
|
|
|
|
AC000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
130000
|
unkown image
|
page read and write
|
|
|
|
520000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
293000
|
heap default
|
page read and write
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
700000
|
unkown image
|
page readonly
|
|
|
|
360000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2E0000
|
heap default
|
page read and write
|
|
|
|
2E9000
|
heap default
|
page read and write
|
|
|
|
1EA000
|
heap default
|
page read and write
|
|
|
|
1ADE000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
5F0000
|
unkown image
|
page readonly
|
|
|
|
556000
|
unkown
|
page read and write
|
|
|
|
480000
|
heap private
|
page read and write
|
|
|
|
670000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
5D0000
|
unkown
|
page execute and read and write
|
|
|
|
920000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
1B0000
|
heap private
|
page read and write
|
|
|
|
470000
|
heap private
|
page read and write
|
|
|
|
A00000
|
unkown image
|
page readonly
|
|
|
|
D80000
|
heap private
|
page read and write
|
|
|
|
3B0000
|
heap private
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
2B0000
|
heap private
|
page read and write
|
|
|
|
7B0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
420000
|
unkown
|
page read and write
|
|
|
|
11CE000
|
unkown
|
page read and write
|
|
|
|
1E10000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2B4000
|
heap private
|
page read and write
|
|
|
|
27C1000
|
unkown
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
5F0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
B0000
|
unkown
|
page read and write
|
|
|
|
590000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
18F0000
|
heap private
|
page read and write
|
|
|
|
900000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
BD0000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
2E55000
|
heap private
|
page read and write
|
|
|
|
D0000
|
unkown image
|
page readonly
|
|
|
|
4BA000
|
heap default
|
page read and write
|
|
|
|
360000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
4C5000
|
unkown
|
page execute and read and write
|
|
|
|
98E000
|
unkown
|
page read and write
|
|
|
|
247000
|
heap default
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
29CC000
|
unkown
|
page read and write
|
|
|
|
566000
|
heap private
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
170000
|
unkown image
|
page read and write
|
|
|
|
960000
|
unkown image
|
page readonly
|
|
|
|
E9F000
|
heap private
|
page read and write
|
|
|
|
E20000
|
heap private
|
page read and write
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
332000
|
unkown
|
page read and write
|
|
|
|
27C0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
323000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
20C000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
270000
|
heap default
|
page read and write
|
|
|
|
18E000
|
heap default
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
29AC000
|
unkown
|
page read and write
|
|
|
|
6E0000
|
unkown image
|
page readonly
|
|
|
|
7B0000
|
unkown image
|
page readonly
|
|
|
|
266000
|
heap private
|
page read and write
|
|
|
|
620000
|
unkown image
|
page readonly
|
|
|
|
7A4000
|
heap default
|
page read and write
|
|
|
|
1CE000
|
heap default
|
page read and write
|
|
|
|
2145000
|
unkown
|
page execute and read and write
|
|
|
|
526000
|
unkown
|
page read and write
|
|
|
|
404000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
FA0000
|
heap private
|
page read and write
|
|
|
|
19C000
|
unkown
|
page read and write
|
|
|
|
210000
|
unkown
|
page read and write
|
|
|
|
29C000
|
unkown
|
page read and write
|
|
|
|
2090000
|
unkown image
|
page readonly
|
|
|
|
6BF000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
1FC000
|
unkown
|
page read and write
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
290000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
27F2000
|
unkown
|
page read and write
|
|
|
|
D20000
|
unkown image
|
page readonly
|
|
|
|
C0000
|
unkown image
|
page readonly
|
|
|
|
E9F000
|
heap private
|
page read and write
|
|
|
|
3A6000
|
unkown
|
page read and write
|
|
|
|
10044000
|
unkown image
|
page readonly
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
157000
|
heap default
|
page read and write
|
|
|
|
160000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
560000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
1190000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
454000
|
heap private
|
page read and write
|
|
|
|
117C000
|
unkown
|
page read and write
|
|
|
|
420000
|
unkown image
|
page readonly
|
|
|
|
8C000
|
unkown
|
page read and write
|
|
|
|
197F000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
2151000
|
unkown
|
page execute and read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
29A000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
1AC000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
3E4000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
6D2000
|
heap private
|
page read and write
|
|
|
|
264000
|
heap private
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
140000
|
unkown
|
page read and write
|
|
|
|
490000
|
unkown
|
page execute and read and write
|
|
|
|
8DF000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
5C9000
|
heap default
|
page read and write
|
|
|
|
7F2000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
26E000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
456000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
260000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2E73000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
2A7E000
|
unkown
|
page read and write
|
|
|
|
506000
|
heap private
|
page read and write
|
|
|
|
3A6000
|
unkown
|
page read and write
|
|
|
|
2145000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
27E000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
2BEE000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
480000
|
heap default
|
page read and write
|
|
|
|
880000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2ED0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
11D0000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
690000
|
unkown image
|
page readonly
|
|
|
|
C3D000
|
unkown
|
page read and write
|
|
|
|
2D0000
|
unkown
|
page read and write
|
|
|
|
15D5000
|
heap private
|
page read and write
|
|
|
|
21A5000
|
heap private
|
page read and write
|
|
|
|
6B0000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
230000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
6F6000
|
heap private
|
page read and write
|
|
|
|
520000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
660000
|
heap private
|
page read and write
|
|
|
|
942000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
9C0000
|
heap private
|
page read and write
|
|
|
|
125F000
|
unkown
|
page read and write
|
|
|
|
560000
|
unkown image
|
page readonly
|
|
|
|
15D0000
|
heap private
|
page read and write
|
|
|
|
1D90000
|
unkown image
|
page readonly
|
|
|
|
2E0000
|
heap private
|
page read and write
|
|
|
|
2EF000
|
heap default
|
page read and write
|
|
|
|
2ECF000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
19FF000
|
unkown
|
page read and write
|
|
|
|
1AC000
|
unkown
|
page read and write
|
|
|
|
227000
|
heap default
|
page read and write
|
|
|
|
556000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
C20000
|
unkown
|
page read and write
|
|
|
|
EB000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
E6F000
|
heap private
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
32F000
|
unkown
|
page read and write
|
|
|
|
2B7000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
260000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
930000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
8CF000
|
unkown
|
page read and write
|
|
|
|
27FE000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2C0000
|
heap default
|
page read and write
|
|
|
|
2E7000
|
heap default
|
page read and write
|
|
|
|
E9F000
|
heap private
|
page read and write
|
|
|
|
6A0000
|
unkown image
|
page readonly
|
|
|
|
6F0000
|
heap private
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
400000
|
heap private
|
page read and write
|
|
|
|
91E000
|
unkown
|
page read and write
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
440000
|
heap default
|
page read and write
|
|
|
|
620000
|
unkown image
|
page readonly
|
|
|
|
2292000
|
heap private
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
There are 702 hidden memdumps, click here to show them.