Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
 |
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
 |
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
https://ohemaa.org/HUVm9mDKLW9C/ocrafhh.html
|
172.93.99.178
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
https://madieandme.com.au/xnkpOLnvlN6T/ocrafh.html
|
101.0.112.4
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
https://amerident.com.do/xdOMlaB0XJ7/ocraf.html
|
108.179.242.179
|
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ohemaa.org
|
172.93.99.178
|
|
|
|
amerident.com.do
|
108.179.242.179
|
|
|
|
madieandme.com.au
|
101.0.112.4
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
101.0.112.4
|
madieandme.com.au
|
Australia
|
|
|
|
108.179.242.179
|
amerident.com.do
|
United States
|
|
|
|
172.93.99.178
|
ohemaa.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
9'$
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2EE64
|
2EE64
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
,+$
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39E13
|
39E13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39FC8
|
39FC8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
There are 59 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C6000
|
unkown
|
page read and write
|
|
|
|
2A0000
|
unkown image
|
page readonly
|
|
|
|
3FB9000
|
heap private
|
page read and write
|
|
|
|
2C4000
|
unkown
|
page read and write
|
|
|
|
2C5000
|
unkown
|
page read and write
|
|
|
|
2C7000
|
heap default
|
page read and write
|
|
|
|
27A000
|
heap default
|
page read and write
|
|
|
|
80000
|
unkown image
|
page read and write
|
|
|
|
324000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
32A000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2C4000
|
unkown
|
page read and write
|
|
|
|
365000
|
unkown
|
page read and write
|
|
|
|
342000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3C0000
|
unkown
|
page read and write
|
|
|
|
49E0000
|
unkown image
|
page readonly
|
|
|
|
3F6000
|
unkown
|
page read and write
|
|
|
|
730000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown
|
page execute and read and write
|
|
|
|
364000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
464000
|
heap private
|
page read and write
|
|
|
|
4E6000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
206000
|
unkown
|
page read and write
|
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
28E000
|
unkown
|
page read and write
|
|
|
|
20A0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
ABE000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
21AB000
|
heap private
|
page read and write
|
|
|
|
374000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
456000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
43A000
|
unkown
|
page read and write
|
|
|
|
356000
|
unkown
|
page read and write
|
|
|
|
454000
|
unkown
|
page read and write
|
|
|
|
4A0000
|
unkown
|
page read and write
|
|
|
|
289000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
4030000
|
heap private
|
page read and write
|
|
|
|
4BC7000
|
unkown image
|
page readonly
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
5D4000
|
heap private
|
page read and write
|
|
|
|
460000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
34C000
|
unkown
|
page read and write
|
|
|
|
2E0000
|
heap default
|
page read and write
|
|
|
|
30F000
|
unkown
|
page read and write
|
|
|
|
3FB0000
|
heap private
|
page read and write
|
|
|
|
315000
|
unkown
|
page read and write
|
|
|
|
227000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
730000
|
unkown image
|
page readonly
|
|
|
|
4039000
|
heap private
|
page read and write
|
|
|
|
454000
|
unkown
|
page read and write
|
|
|
|
2205000
|
heap private
|
page read and write
|
|
|
|
20000
|
heap private
|
page read and write
|
|
|
|
470000
|
unkown
|
page read and write
|
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
3B5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
70000
|
unkown image
|
page readonly
|
|
|
|
4A27000
|
unkown image
|
page readonly
|
|
|
|
2A0000
|
unkown
|
page execute and read and write
|
|
|
|
3FB5000
|
heap private
|
page read and write
|
|
|
|
590000
|
heap private
|
page read and write
|
|
|
|
273000
|
heap default
|
page read and write
|
|
|
|
3A50000
|
unkown image
|
page readonly
|
|
|
|
223B000
|
heap private
|
page read and write
|
|
|
|
3B0000
|
heap default
|
page read and write
|
|
|
|
43C000
|
unkown
|
page read and write
|
|
|
|
1D6000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
720000
|
unkown image
|
page readonly
|
|
|
|
2175000
|
heap private
|
page read and write
|
|
|
|
2080000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3E90000
|
heap private
|
page read and write
|
|
|
|
445000
|
unkown
|
page read and write
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
4A5000
|
unkown
|
page read and write
|
|
|
|
1CC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3E95000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2E7000
|
heap default
|
page read and write
|
|
|
|
3E99000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
2AA000
|
unkown
|
page read and write
|
|
|
|
2AC000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
650000
|
heap private
|
page read and write
|
|
|
|
2080000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
D9000
|
unkown
|
page read and write
|
|
|
|
1CC0000
|
unkown image
|
page readonly
|
|
|
|
463000
|
unkown
|
page read and write
|
|
|
|
2340000
|
unkown
|
page read and write
|
|
|
|
2D4000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
25E000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown
|
page read and write
|
|
|
|
355000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
21DF000
|
unkown
|
page read and write
|
|
|
|
364000
|
unkown
|
page read and write
|
|
|
|
41A000
|
unkown
|
page read and write
|
|
|
|
5A0000
|
unkown image
|
page readonly
|
|
|
|
1CD000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
366000
|
unkown
|
page read and write
|
|
|
|
594000
|
heap private
|
page read and write
|
|
|
|
40A000
|
heap default
|
page read and write
|
|
|
|
2100000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
455000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
5A0000
|
unkown image
|
page readonly
|
|
|
|
2FE000
|
heap default
|
page read and write
|
|
|
|
31D000
|
heap default
|
page read and write
|
|
|
|
2A2000
|
unkown
|
page read and write
|
|
|
|
2B5000
|
unkown
|
page read and write
|
|
|
|
4A6000
|
unkown
|
page read and write
|
|
|
|
290000
|
unkown
|
page execute and read and write
|
|
|
|
23EF000
|
unkown
|
page read and write
|
|
|
|
4B47000
|
unkown image
|
page readonly
|
|
|
|
464000
|
unkown
|
page read and write
|
|
|
|
1D80000
|
unkown image
|
page readonly
|
|
|
|
32B000
|
heap default
|
page read and write
|
|
|
|
2D3000
|
unkown
|
page read and write
|
|
|
|
21F0000
|
unkown
|
page read and write
|
|
|
|
3B40000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
57F000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
345000
|
unkown
|
page read and write
|
|
|
|
4960000
|
unkown image
|
page readonly
|
|
|
|
240F000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
2B0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
21E0000
|
unkown
|
page read and write
|
|
|
|
2200000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
90000
|
unkown
|
page read and write
|
|
|
|
355000
|
unkown
|
page read and write
|
|
|
|
31A000
|
heap default
|
page read and write
|
|
|
|
34A000
|
unkown
|
page read and write
|
|
|
|
326000
|
heap default
|
page read and write
|
|
|
|
7E0000
|
unkown image
|
page readonly
|
|
|
|
654000
|
heap private
|
page read and write
|
|
|
|
32E000
|
unkown
|
page read and write
|
|
|
|
594000
|
heap private
|
page read and write
|
|
|
|
24000
|
heap private
|
page read and write
|
|
|
|
345000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2085000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
403000
|
heap default
|
page read and write
|
|
|
|
7F0000
|
unkown image
|
page readonly
|
|
|
|
4035000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
320000
|
heap private
|
page read and write
|
|
|
|
3B7000
|
heap default
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2B5000
|
unkown
|
page read and write
|
|
|
|
373000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
1FC0000
|
unkown image
|
page readonly
|
|
|
|
3A40000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
590000
|
heap private
|
page read and write
|
|
|
|
41E000
|
unkown
|
page read and write
|
|
|
|
720000
|
unkown image
|
page readonly
|
|
|
|
9AF000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
660000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
5D0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
4B0000
|
unkown
|
page read and write
|
|
|
|
454000
|
unkown
|
page read and write
|
|
|
|
2C4000
|
unkown
|
page read and write
|
|
|
|
136000
|
unkown
|
page read and write
|
|
|
|
2C0000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3EE000
|
heap default
|
page read and write
|
|
|
|
2A5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
364000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
20BB000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
220000
|
heap default
|
page read and write
|
|
|
|
2170000
|
heap private
|
page read and write
|
|
|
|
313000
|
heap default
|
page read and write
|
|
|
|
445000
|
unkown
|
page read and write
|
|
|
|
2B0000
|
unkown
|
page read and write
|
|
|
|
129000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
28A000
|
unkown
|
page read and write
|
|
|
|
2A5000
|
unkown
|
page read and write
|
|
|
|
49F000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
432000
|
unkown
|
page read and write
|
|
|
|
4840000
|
unkown image
|
page readonly
|
|
There are 224 hidden memdumps, click here to show them.