Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
 |
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://mercanets.com/9DPZqAfZdq5z/key.xml
|
162.222.225.250
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
 |
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
https://geit.in/MeOlE9Xxd/key.xml
|
162.251.80.22
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
https://gillcart.com/Cdpmoyhr/key.xml
|
199.79.63.251
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mercanets.com
|
162.222.225.250
|
|
|
|
geit.in
|
162.251.80.22
|
|
|
|
gillcart.com
|
199.79.63.251
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
199.79.63.251
|
gillcart.com
|
United States
|
|
|
|
162.251.80.22
|
geit.in
|
United States
|
|
|
|
162.222.225.250
|
mercanets.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
o4-
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2CF50
|
2CF50
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
:8-
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39E04
|
39E04
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39F6A
|
39F6A
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
There are 61 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown
|
page execute and read and write
|
|
|
|
204000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
11E000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
165000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
82E000
|
unkown
|
page read and write
|
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
237000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
E7000
|
heap default
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
48F000
|
unkown
|
page read and write
|
|
|
|
22DF000
|
unkown
|
page read and write
|
|
|
|
466000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
4850000
|
unkown image
|
page readonly
|
|
|
|
830000
|
unkown image
|
page readonly
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
40E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3FC5000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
4DF000
|
unkown
|
page read and write
|
|
|
|
420000
|
heap private
|
page read and write
|
|
|
|
5A0000
|
unkown image
|
page readonly
|
|
|
|
200000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
2B5000
|
unkown
|
page read and write
|
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
3A7000
|
heap default
|
page read and write
|
|
|
|
2D6000
|
unkown
|
page read and write
|
|
|
|
26E000
|
heap default
|
page read and write
|
|
|
|
120000
|
unkown
|
page execute and read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
1E0000
|
unkown image
|
page read and write
|
|
|
|
6A0000
|
unkown image
|
page readonly
|
|
|
|
1DC0000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
229F000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
13A000
|
heap default
|
page read and write
|
|
|
|
370000
|
heap private
|
page read and write
|
|
|
|
175000
|
unkown
|
page read and write
|
|
|
|
396000
|
unkown
|
page read and write
|
|
|
|
186000
|
unkown
|
page read and write
|
|
|
|
133000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
444000
|
unkown
|
page read and write
|
|
|
|
466000
|
unkown
|
page read and write
|
|
|
|
2BC000
|
unkown
|
page read and write
|
|
|
|
2A0000
|
unkown
|
page execute and read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
1D5000
|
unkown
|
page read and write
|
|
|
|
424000
|
heap private
|
page read and write
|
|
|
|
2E3000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
2B5000
|
unkown
|
page read and write
|
|
|
|
24000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
283000
|
heap default
|
page read and write
|
|
|
|
3AB000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
330000
|
unkown
|
page read and write
|
|
|
|
28A000
|
heap default
|
page read and write
|
|
|
|
175000
|
unkown
|
page read and write
|
|
|
|
4A0000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
200000
|
heap private
|
page read and write
|
|
|
|
530000
|
unkown image
|
page readonly
|
|
|
|
20A0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
3FE0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
6C0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
3FA000
|
heap default
|
page read and write
|
|
|
|
BEF000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
193000
|
unkown
|
page read and write
|
|
|
|
325000
|
unkown
|
page read and write
|
|
|
|
42C000
|
unkown
|
page read and write
|
|
|
|
300000
|
heap private
|
page read and write
|
|
|
|
4A37000
|
unkown image
|
page readonly
|
|
|
|
1AD000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
690000
|
heap private
|
page read and write
|
|
|
|
2B2000
|
unkown
|
page read and write
|
|
|
|
1CF000
|
unkown
|
page read and write
|
|
|
|
40A000
|
unkown
|
page read and write
|
|
|
|
31F000
|
unkown
|
page read and write
|
|
|
|
3FC9000
|
heap private
|
page read and write
|
|
|
|
33B000
|
heap private
|
page read and write
|
|
|
|
22D0000
|
unkown
|
page read and write
|
|
|
|
2BA000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
unkown image
|
page readonly
|
|
|
|
2D4000
|
unkown
|
page read and write
|
|
|
|
165000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
454000
|
unkown
|
page read and write
|
|
|
|
4970000
|
unkown image
|
page readonly
|
|
|
|
7B0000
|
unkown image
|
page readonly
|
|
|
|
3A10000
|
unkown image
|
page readonly
|
|
|
|
16A000
|
unkown
|
page read and write
|
|
|
|
444000
|
unkown
|
page read and write
|
|
|
|
3FC0000
|
heap private
|
page read and write
|
|
|
|
22B0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2A6000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
324000
|
heap private
|
page read and write
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
236000
|
unkown
|
page read and write
|
|
|
|
6B0000
|
unkown image
|
page readonly
|
|
|
|
4990000
|
unkown image
|
page readonly
|
|
|
|
3EA5000
|
heap private
|
page read and write
|
|
|
|
3FE5000
|
heap private
|
page read and write
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
366000
|
unkown
|
page read and write
|
|
|
|
530000
|
unkown
|
page read and write
|
|
|
|
260000
|
heap default
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
3ECE000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page readonly
|
|
|
|
2C5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
70000
|
unkown image
|
page read and write
|
|
|
|
630000
|
unkown image
|
page readonly
|
|
|
|
2AB000
|
heap default
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3DE000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
566000
|
unkown
|
page read and write
|
|
|
|
320000
|
heap private
|
page read and write
|
|
|
|
1D50000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2B0000
|
unkown image
|
page readonly
|
|
|
|
224000
|
heap private
|
page read and write
|
|
|
|
162000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
425000
|
unkown
|
page read and write
|
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
184000
|
unkown
|
page read and write
|
|
|
|
2050000
|
unkown image
|
page readonly
|
|
|
|
2D4000
|
unkown
|
page read and write
|
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
444000
|
unkown
|
page read and write
|
|
|
|
22E0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
74F000
|
unkown
|
page read and write
|
|
|
|
360000
|
unkown
|
page read and write
|
|
|
|
267000
|
heap default
|
page read and write
|
|
|
|
220000
|
heap private
|
page read and write
|
|
|
|
39E0000
|
unkown image
|
page readonly
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
204000
|
heap private
|
page read and write
|
|
|
|
1F9000
|
unkown
|
page read and write
|
|
|
|
2D5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
20DB000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
184000
|
unkown
|
page read and write
|
|
|
|
29A000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
445000
|
unkown
|
page read and write
|
|
|
|
140000
|
unkown
|
page read and write
|
|
|
|
425000
|
unkown
|
page read and write
|
|
|
|
375000
|
heap private
|
page read and write
|
|
|
|
130000
|
unkown image
|
page readonly
|
|
|
|
4B77000
|
unkown image
|
page readonly
|
|
|
|
14E000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
495000
|
unkown
|
page read and write
|
|
|
|
4D6000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
29D000
|
heap default
|
page read and write
|
|
|
|
694000
|
heap private
|
page read and write
|
|
|
|
20000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2D4000
|
unkown
|
page read and write
|
|
|
|
3EA0000
|
heap private
|
page read and write
|
|
|
|
3FE9000
|
heap private
|
page read and write
|
|
|
|
200000
|
unkown
|
page read and write
|
|
|
|
42A000
|
unkown
|
page read and write
|
|
|
|
305000
|
heap private
|
page read and write
|
|
|
|
422000
|
unkown
|
page read and write
|
|
|
|
1F50000
|
unkown image
|
page readonly
|
|
|
|
299000
|
unkown
|
page read and write
|
|
|
|
194000
|
unkown
|
page read and write
|
|
|
|
3A00000
|
unkown image
|
page readonly
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
1C50000
|
unkown image
|
page readonly
|
|
|
|
453000
|
unkown
|
page read and write
|
|
|
|
820000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
185000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2C5000
|
unkown
|
page read and write
|
|
|
|
184000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3EA9000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2E4000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3A0000
|
heap default
|
page read and write
|
|
|
|
490000
|
unkown
|
page read and write
|
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
230000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
20A5000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
3F3000
|
heap default
|
page read and write
|
|
|
|
4B57000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
29E000
|
unkown
|
page read and write
|
|
There are 225 hidden memdumps, click here to show them.