Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Compensation-2100058996-09272021.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: Test, Last Saved By:
Test, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:17:20 2015, Last Saved Time/Date: Mon
Sep 27 10:38:52 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\44467.4314974537[1].dat
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Drezd.red
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 -silent ..\Drezd.red
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-silent ..\Drezd.red
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 -silent ..\Drezd1.red
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn uwqvoal /tr 'regsvr32.exe -s \'C:\Users\user\Drezd.red\''
/SC ONCE /Z /ST 10:25 /ET 10:37
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 -silent ..\Drezd2.red
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe -s 'C:\Users\user\Drezd.red'
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s 'C:\Users\user\Drezd.red'
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\reg.exe
|
C:\Windows\system32\reg.exe ADD 'HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths' /f /t REG_DWORD /v 'C:\ProgramData\Microsoft\Imqocbuplg'
/d '0'
|
|
|
|
C:\Windows\System32\reg.exe
|
C:\Windows\system32\reg.exe ADD 'HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths' /f /t REG_DWORD /v 'C:\Users\user\AppData\Roaming\Microsoft\Iaoaukbfna'
/d '0'
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe -s 'C:\Users\user\Drezd.red'
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s 'C:\Users\user\Drezd.red'
|
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://190.14.37.178/44467.4314974537.dat
|
190.14.37.178
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.183.96.67
|
unknown
|
Netherlands
|
|
|
|
190.14.37.178
|
unknown
|
Panama
|
|
|
|
185.250.148.213
|
unknown
|
Russian Federation
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
=<-
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2E408
|
2E408
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{764C8E42-17A3-4079-9422-2B955F5D82BB}\2.0
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{764C8E42-17A3-4079-9422-2B955F5D82BB}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{764C8E42-17A3-4079-9422-2B955F5D82BB}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{764C8E42-17A3-4079-9422-2B955F5D82BB}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{764C8E42-17A3-4079-9422-2B955F5D82BB}\2.0
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{764C8E42-17A3-4079-9422-2B955F5D82BB}\2.0\FLAGS
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{764C8E42-17A3-4079-9422-2B955F5D82BB}\2.0\0\win32
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{764C8E42-17A3-4079-9422-2B955F5D82BB}\2.0\HELPDIR
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F1EA10C-54A9-4557-8E84-AC7E59FFF990}\1.2
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F1EA10C-54A9-4557-8E84-AC7E59FFF990}\1.2\FLAGS
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F1EA10C-54A9-4557-8E84-AC7E59FFF990}\1.2\0\win32
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F1EA10C-54A9-4557-8E84-AC7E59FFF990}\1.2\HELPDIR
|
NULL
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00024518-0000-0000-C000-000000000046}
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
hg-
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\57407
|
57407
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\57658
|
57658
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Lrekauiesw
|
50b30089
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Lrekauiesw
|
652cd0c7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Lrekauiesw
|
676df0bb
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Lrekauiesw
|
dfd197de
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Lrekauiesw
|
a2d9d854
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Lrekauiesw
|
1a65bf31
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Lrekauiesw
|
dd90b7a2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Lrekauiesw
|
2ffa6f7f
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Lrekauiesw
|
50b30089
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Iexanqetkbici
|
83b6d542
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Iexanqetkbici
|
b629050c
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Iexanqetkbici
|
b4682570
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Iexanqetkbici
|
cd44215
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Iexanqetkbici
|
71dc0d9f
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Iexanqetkbici
|
c9606afa
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Iexanqetkbici
|
e956269
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Iexanqetkbici
|
fcffbab4
|
|
|
|
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Iexanqetkbici
|
83b6d542
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
C:\ProgramData\Microsoft\Imqocbuplg
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
C:\Users\user\AppData\Roaming\Microsoft\Iaoaukbfna
|
|
There are 212 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E0000
|
unkown image
|
page execute and read and write
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
C0000
|
unkown image
|
page execute and read and write
|
|
|
|
210000
|
unkown
|
page read and write
|
|
|
|
10001000
|
unkown image
|
page execute and read and write
|
|
|
|
890000
|
unkown
|
page read and write
|
|
|
|
920000
|
unkown image
|
page readonly
|
|
|
|
950000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
6B0000
|
unkown
|
page read and write
|
|
|
|
346000
|
unkown
|
page read and write
|
|
|
|
6C4000
|
unkown
|
page read and write
|
|
|
|
21E2000
|
heap private
|
page read and write
|
|
|
|
274000
|
heap default
|
page read and write
|
|
|
|
2020000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
820000
|
unkown image
|
page readonly
|
|
|
|
2A7000
|
heap default
|
page read and write
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
3B0000
|
unkown image
|
page readonly
|
|
|
|
151C000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
4A0000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
991000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
26E0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
A1E000
|
unkown
|
page read and write
|
|
|
|
1D20000
|
unkown image
|
page readonly
|
|
|
|
12C000
|
unkown
|
page read and write
|
|
|
|
F0000
|
heap default
|
page read and write
|
|
|
|
524000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
BF0000
|
unkown image
|
page readonly
|
|
|
|
120000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
1A9F000
|
unkown
|
page read and write
|
|
|
|
29C000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
8C000
|
unkown
|
page read and write
|
|
|
|
2C7000
|
heap default
|
page read and write
|
|
|
|
6F0000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
6C8000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2B0000
|
heap default
|
page read and write
|
|
|
|
12E000
|
heap default
|
page read and write
|
|
|
|
550000
|
heap private
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
264000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
306000
|
heap default
|
page read and write
|
|
|
|
D0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
300000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
530000
|
unkown
|
page read and write
|
|
|
|
2F3000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
26DC000
|
unkown
|
page read and write
|
|
|
|
2B7000
|
heap default
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
4B0000
|
heap default
|
page read and write
|
|
|
|
2FD000
|
heap default
|
page read and write
|
|
|
|
213F000
|
heap private
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
1E30000
|
unkown image
|
page readonly
|
|
|
|
2A0000
|
heap private
|
page read and write
|
|
|
|
8C000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
410000
|
unkown
|
page read and write
|
|
|
|
18C3000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
26CF000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
DEF000
|
unkown
|
page read and write
|
|
|
|
670000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
6FE000
|
unkown
|
page read and write
|
|
|
|
1D6000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
80000
|
unkown
|
page read and write
|
|
|
|
F20000
|
unkown image
|
page readonly
|
|
|
|
1530000
|
heap private
|
page read and write
|
|
|
|
284F000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
90000
|
unkown
|
page read and write
|
|
|
|
25AF000
|
unkown
|
page read and write
|
|
|
|
2C05000
|
heap private
|
page read and write
|
|
|
|
2205000
|
heap private
|
page read and write
|
|
|
|
6AD000
|
unkown
|
page read and write
|
|
|
|
8C6000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
143000
|
heap default
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2C0000
|
heap default
|
page read and write
|
|
|
|
262E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
310000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
4C0000
|
heap default
|
page read and write
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
560000
|
unkown image
|
page readonly
|
|
|
|
240000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
257000
|
heap default
|
page read and write
|
|
|
|
196000
|
unkown
|
page read and write
|
|
|
|
590000
|
heap private
|
page read and write
|
|
|
|
320000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
2EE000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
26CB000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
640000
|
heap default
|
page read and write
|
|
|
|
2C00000
|
heap private
|
page read and write
|
|
|
|
50F000
|
heap default
|
page read and write
|
|
|
|
2150000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
1360000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
950000
|
unkown
|
page execute and read and write
|
|
|
|
7AD000
|
unkown
|
page read and write
|
|
|
|
2A4000
|
heap private
|
page read and write
|
|
|
|
C40000
|
unkown
|
page read and write
|
|
|
|
20C0000
|
heap private
|
page read and write
|
|
|
|
C0000
|
heap private
|
page read and write
|
|
|
|
97000
|
heap default
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
4D0000
|
heap default
|
page read and write
|
|
|
|
490000
|
heap private
|
page read and write
|
|
|
|
804000
|
heap default
|
page read and write
|
|
|
|
18E000
|
unkown
|
page read and write
|
|
|
|
330000
|
unkown image
|
page readonly
|
|
|
|
15AF000
|
heap private
|
page read and write
|
|
|
|
131E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
B40000
|
heap private
|
page read and write
|
|
|
|
740000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
61E000
|
unkown
|
page read and write
|
|
|
|
8E2000
|
heap private
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
1FD0000
|
unkown image
|
page readonly
|
|
|
|
DB000
|
unkown
|
page read and write
|
|
|
|
D40000
|
unkown image
|
page readonly
|
|
|
|
C00000
|
unkown
|
page read and write
|
|
|
|
694000
|
heap default
|
page read and write
|
|
|
|
164000
|
unkown
|
page read and write
|
|
|
|
18A0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
195F000
|
unkown
|
page read and write
|
|
|
|
187C000
|
unkown
|
page read and write
|
|
|
|
2F3000
|
heap default
|
page read and write
|
|
|
|
780000
|
heap private
|
page read and write
|
|
|
|
10052000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
6C0000
|
unkown image
|
page readonly
|
|
|
|
540000
|
unkown image
|
page readonly
|
|
|
|
6C8000
|
unkown
|
page read and write
|
|
|
|
37E000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
174000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
heap default
|
page read and write
|
|
|
|
4D6000
|
unkown
|
page read and write
|
|
|
|
8E1000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
120000
|
unkown
|
page read and write
|
|
|
|
173000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown image
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
15AF000
|
heap private
|
page read and write
|
|
|
|
554000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
324000
|
heap private
|
page read and write
|
|
|
|
1F95000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
A60000
|
unkown image
|
page readonly
|
|
|
|
910000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
786000
|
heap private
|
page read and write
|
|
|
|
A0000
|
unkown image
|
page readonly
|
|
|
|
4A0000
|
unkown
|
page read and write
|
|
|
|
2EE000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2010000
|
unkown image
|
page readonly
|
|
|
|
6B5000
|
unkown
|
page read and write
|
|
|
|
630000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown image
|
page readonly
|
|
|
|
520000
|
heap private
|
page read and write
|
|
|
|
4F4000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
393000
|
heap default
|
page read and write
|
|
|
|
90000
|
unkown image
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
6B3000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
10044000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
556000
|
heap private
|
page read and write
|
|
|
|
CE000
|
heap default
|
page read and write
|
|
|
|
1FCB000
|
heap private
|
page read and write
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
4D4000
|
heap default
|
page read and write
|
|
|
|
9C0000
|
unkown image
|
page readonly
|
|
|
|
2DCC000
|
unkown
|
page read and write
|
|
|
|
6BD000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
3C0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
8C4000
|
heap private
|
page read and write
|
|
|
|
C70000
|
heap private
|
page read and write
|
|
|
|
1EE000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
4A0000
|
unkown
|
page read and write
|
|
|
|
246000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
213F000
|
heap private
|
page read and write
|
|
|
|
39A000
|
heap default
|
page read and write
|
|
|
|
13FE000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
A60000
|
unkown image
|
page readonly
|
|
|
|
1C0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
191F000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
2130000
|
unkown image
|
page readonly
|
|
|
|
78D000
|
unkown
|
page read and write
|
|
|
|
7E7000
|
heap default
|
page read and write
|
|
|
|
7C0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
4C0000
|
unkown
|
page read and write
|
|
|
|
494000
|
heap private
|
page read and write
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
270000
|
unkown image
|
page read and write
|
|
|
|
70000
|
unkown image
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
4B0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
51B000
|
unkown
|
page read and write
|
|
|
|
208F000
|
unkown
|
page read and write
|
|
|
|
EA000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
542000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
6B5000
|
unkown
|
page read and write
|
|
|
|
690000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
1450000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
1320000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
4B0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2C2000
|
heap default
|
page read and write
|
|
|
|
100000
|
unkown image
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
304000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3AD000
|
unkown
|
page read and write
|
|
|
|
2A0000
|
heap private
|
page read and write
|
|
|
|
280000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
19BF000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
694000
|
heap private
|
page read and write
|
|
|
|
1C80000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2B0000
|
heap default
|
page read and write
|
|
|
|
70000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
4A0000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
780000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
1CD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
20C000
|
unkown
|
page read and write
|
|
|
|
210000
|
unkown
|
page read and write
|
|
|
|
3D6000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
90000
|
heap default
|
page read and write
|
|
|
|
14A000
|
heap default
|
page read and write
|
|
|
|
1DC000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
940000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
4D6000
|
unkown
|
page read and write
|
|
|
|
2B7000
|
heap default
|
page read and write
|
|
|
|
175000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown
|
page read and write
|
|
|
|
7B0000
|
unkown image
|
page readonly
|
|
|
|
12A0000
|
heap private
|
page read and write
|
|
|
|
5DB000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
80000
|
unkown
|
page read and write
|
|
|
|
A0000
|
unkown image
|
page readonly
|
|
|
|
550000
|
heap private
|
page read and write
|
|
|
|
340000
|
heap default
|
page read and write
|
|
|
|
8A0000
|
unkown
|
page execute and read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2670000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
4A4000
|
heap private
|
page read and write
|
|
|
|
14C000
|
unkown
|
page read and write
|
|
|
|
985000
|
unkown
|
page execute and read and write
|
|
|
|
10052000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
1E0000
|
heap private
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
EC000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
1E4000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
4B7000
|
heap default
|
page read and write
|
|
|
|
21C0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2A7C000
|
unkown
|
page read and write
|
|
|
|
530000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
A50000
|
unkown image
|
page readonly
|
|
|
|
530000
|
unkown image
|
page readonly
|
|
|
|
2C7B000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
347000
|
heap default
|
page read and write
|
|
|
|
1F90000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
4D7000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
4EF000
|
heap default
|
page read and write
|
|
|
|
50A000
|
heap default
|
page read and write
|
|
|
|
149E000
|
unkown
|
page read and write
|
|
|
|
830000
|
unkown image
|
page readonly
|
|
|
|
5D0000
|
unkown image
|
page readonly
|
|
|
|
4A0000
|
unkown
|
page read and write
|
|
|
|
28B000
|
unkown
|
page read and write
|
|
|
|
128C000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
4F4000
|
heap default
|
page read and write
|
|
|
|
566000
|
unkown
|
page read and write
|
|
|
|
190000
|
heap default
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
266E000
|
unkown
|
page read and write
|
|
|
|
213F000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
90000
|
unkown
|
page read and write
|
|
|
|
596000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
4E6000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
2A0000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2C2E000
|
unkown
|
page read and write
|
|
|
|
930000
|
heap private
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
540000
|
unkown image
|
page readonly
|
|
|
|
126F000
|
unkown
|
page read and write
|
|
|
|
1B3E000
|
unkown
|
page read and write
|
|
|
|
DF0000
|
heap private
|
page read and write
|
|
|
|
47F000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
DC000
|
unkown
|
page read and write
|
|
|
|
8D5000
|
unkown
|
page execute and read and write
|
|
|
|
6E0000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
167000
|
heap default
|
page read and write
|
|
|
|
8C0000
|
heap private
|
page read and write
|
|
|
|
2A0000
|
heap default
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
11C000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
5B0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
90000
|
unkown image
|
page readonly
|
|
|
|
3D6000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2A0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
860000
|
heap private
|
page read and write
|
|
|
|
2125000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
730000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
6A0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
536000
|
unkown
|
page read and write
|
|
|
|
6C2000
|
unkown
|
page read and write
|
|
|
|
223B000
|
heap private
|
page read and write
|
|
|
|
268E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
90000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2DE000
|
heap default
|
page read and write
|
|
|
|
390000
|
unkown
|
page read and write
|
|
|
|
2D6000
|
unkown
|
page read and write
|
|
|
|
6BF000
|
unkown
|
page read and write
|
|
|
|
444000
|
heap private
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
1361000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
250000
|
heap default
|
page read and write
|
|
|
|
502000
|
heap default
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
940000
|
heap private
|
page read and write
|
|
|
|
F7000
|
heap default
|
page read and write
|
|
|
|
2D2F000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
121F000
|
unkown
|
page read and write
|
|
|
|
C5D000
|
unkown
|
page read and write
|
|
|
|
786000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
1ED000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
260000
|
heap private
|
page read and write
|
|
|
|
2BF000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
26BF000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2E00000
|
unkown image
|
page readonly
|
|
|
|
15AF000
|
heap private
|
page read and write
|
|
|
|
560000
|
unkown image
|
page readonly
|
|
|
|
6B8000
|
unkown
|
page read and write
|
|
|
|
CA000
|
unkown
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
2FA000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2F8F000
|
unkown
|
page read and write
|
|
|
|
440000
|
heap private
|
page read and write
|
|
|
|
6AE000
|
unkown
|
page read and write
|
|
|
|
6C6000
|
unkown
|
page read and write
|
|
|
|
30B000
|
heap default
|
page read and write
|
|
|
|
2200000
|
heap private
|
page read and write
|
|
|
|
268D000
|
unkown
|
page read and write
|
|
|
|
AB0000
|
unkown image
|
page readonly
|
|
|
|
E3000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2A7000
|
heap default
|
page read and write
|
|
|
|
2200000
|
unkown image
|
page readonly
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
178000
|
unkown
|
page read and write
|
|
|
|
4E9000
|
heap default
|
page read and write
|
|
|
|
263E000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
2B0000
|
heap default
|
page read and write
|
|
|
|
212B000
|
heap private
|
page read and write
|
|
|
|
18A5000
|
heap private
|
page read and write
|
|
|
|
C1D000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
77F000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
60F000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
8D0000
|
unkown image
|
page readonly
|
|
|
|
10042000
|
unkown image
|
page readonly
|
|
|
|
12B000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
289000
|
heap default
|
page read and write
|
|
|
|
1370000
|
heap private
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
540000
|
unkown image
|
page readonly
|
|
|
|
2C23000
|
heap private
|
page read and write
|
|
|
|
80000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
8BE000
|
unkown
|
page read and write
|
|
|
|
2123000
|
heap private
|
page read and write
|
|
|
|
677000
|
heap default
|
page read and write
|
|
|
|
EE0000
|
heap private
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
2C7F000
|
heap private
|
page read and write
|
|
|
|
3B0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
85E000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
24000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
2671000
|
unkown
|
page read and write
|
|
|
|
2FA000
|
heap default
|
page read and write
|
|
|
|
E30000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
28F000
|
heap default
|
page read and write
|
|
|
|
20000
|
heap private
|
page read and write
|
|
|
|
8C0000
|
heap private
|
page read and write
|
|
|
|
2DE000
|
heap default
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
8E0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
10044000
|
unkown image
|
page readonly
|
|
|
|
20F0000
|
heap private
|
page read and write
|
|
|
|
F0000
|
unkown image
|
page read and write
|
|
|
|
6CA000
|
unkown
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
21C4000
|
heap private
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
70000
|
unkown image
|
page read and write
|
|
|
|
20F5000
|
heap private
|
page read and write
|
|
|
|
4F0000
|
heap private
|
page read and write
|
|
|
|
80000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
172000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
2B00000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
A70000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
There are 591 hidden memdumps, click here to show them.