Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
 |
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
 |
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
https://ohemaa.org/HUVm9mDKLW9C/ocrafhh.html
|
172.93.99.178
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
https://madieandme.com.au/xnkpOLnvlN6T/ocrafh.html
|
101.0.112.4
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
https://amerident.com.do/xdOMlaB0XJ7/ocraf.html
|
108.179.242.179
|
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ohemaa.org
|
172.93.99.178
|
|
|
|
amerident.com.do
|
108.179.242.179
|
|
|
|
madieandme.com.au
|
101.0.112.4
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
101.0.112.4
|
madieandme.com.au
|
Australia
|
|
|
|
108.179.242.179
|
amerident.com.do
|
United States
|
|
|
|
172.93.99.178
|
ohemaa.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
v:*
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\30973
|
30973
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
i>*
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39C4F
|
39C4F
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39E42
|
39E42
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
There are 59 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EE000
|
unkown
|
page read and write
|
|
|
|
3C4000
|
unkown
|
page read and write
|
|
|
|
5E0000
|
heap private
|
page read and write
|
|
|
|
1FA0000
|
unkown image
|
page readonly
|
|
|
|
1CA0000
|
unkown image
|
page readonly
|
|
|
|
3C0000
|
unkown
|
page read and write
|
|
|
|
375000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
3F45000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
236000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
4B0000
|
heap private
|
page read and write
|
|
|
|
574000
|
heap private
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
3B5000
|
unkown
|
page read and write
|
|
|
|
3A40000
|
unkown image
|
page readonly
|
|
|
|
2D0000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
287000
|
heap default
|
page read and write
|
|
|
|
374000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
700000
|
unkown image
|
page readonly
|
|
|
|
35E000
|
heap default
|
page read and write
|
|
|
|
1A6000
|
unkown
|
page read and write
|
|
|
|
C0000
|
unkown image
|
page readonly
|
|
|
|
4C0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2A0000
|
unkown image
|
page readonly
|
|
|
|
159000
|
unkown
|
page read and write
|
|
|
|
20C0000
|
heap private
|
page read and write
|
|
|
|
35A000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
3C4000
|
unkown
|
page read and write
|
|
|
|
3FF5000
|
heap private
|
page read and write
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
21A5000
|
heap private
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
38A000
|
unkown
|
page read and write
|
|
|
|
280000
|
heap default
|
page read and write
|
|
|
|
2D3000
|
heap default
|
page read and write
|
|
|
|
2BE000
|
heap default
|
page read and write
|
|
|
|
490000
|
unkown
|
page execute and read and write
|
|
|
|
3A2000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
F9000
|
unkown
|
page read and write
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
4960000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
365000
|
unkown
|
page read and write
|
|
|
|
324000
|
unkown
|
page read and write
|
|
|
|
B9000
|
unkown
|
page read and write
|
|
|
|
3C6000
|
unkown
|
page read and write
|
|
|
|
3C4000
|
unkown
|
page read and write
|
|
|
|
3F1F000
|
unkown
|
page read and write
|
|
|
|
21A0000
|
heap private
|
page read and write
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
290000
|
unkown
|
page execute and read and write
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
352000
|
unkown
|
page read and write
|
|
|
|
2DA000
|
heap default
|
page read and write
|
|
|
|
30C000
|
unkown
|
page read and write
|
|
|
|
37A000
|
heap default
|
page read and write
|
|
|
|
3FB9000
|
heap private
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
560000
|
heap private
|
page read and write
|
|
|
|
4F4000
|
heap private
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
325000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
406000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
3C5000
|
unkown
|
page read and write
|
|
|
|
355000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
3D4000
|
unkown
|
page read and write
|
|
|
|
30A000
|
unkown
|
page read and write
|
|
|
|
36F000
|
unkown
|
page read and write
|
|
|
|
3F40000
|
heap private
|
page read and write
|
|
|
|
302000
|
unkown
|
page read and write
|
|
|
|
324000
|
unkown
|
page read and write
|
|
|
|
3FB0000
|
heap private
|
page read and write
|
|
|
|
383000
|
unkown
|
page read and write
|
|
|
|
323000
|
heap default
|
page read and write
|
|
|
|
1F0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2270000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
3FF0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
30E000
|
heap default
|
page read and write
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
222B000
|
heap private
|
page read and write
|
|
|
|
21F0000
|
heap private
|
page read and write
|
|
|
|
3F49000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
5A0000
|
unkown
|
page read and write
|
|
|
|
33A000
|
unkown
|
page read and write
|
|
|
|
3A5000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
unkown
|
page read and write
|
|
|
|
32A000
|
heap default
|
page read and write
|
|
|
|
4AD7000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
376000
|
unkown
|
page read and write
|
|
|
|
3B6000
|
unkown
|
page read and write
|
|
|
|
410000
|
unkown
|
page read and write
|
|
|
|
4F0000
|
heap private
|
page read and write
|
|
|
|
536000
|
unkown
|
page read and write
|
|
|
|
2D7000
|
heap default
|
page read and write
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
3D3000
|
unkown
|
page read and write
|
|
|
|
564000
|
heap private
|
page read and write
|
|
|
|
326000
|
unkown
|
page read and write
|
|
|
|
3A5000
|
unkown
|
page read and write
|
|
|
|
415000
|
unkown
|
page read and write
|
|
|
|
3AC000
|
unkown
|
page read and write
|
|
|
|
365000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
21DB000
|
heap private
|
page read and write
|
|
|
|
327000
|
heap default
|
page read and write
|
|
|
|
38E000
|
unkown
|
page read and write
|
|
|
|
1D10000
|
unkown image
|
page readonly
|
|
|
|
334000
|
unkown
|
page read and write
|
|
|
|
48F0000
|
unkown image
|
page readonly
|
|
|
|
40F000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
5F0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3C5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
1B6000
|
unkown
|
page read and write
|
|
|
|
375000
|
unkown
|
page read and write
|
|
|
|
3FB5000
|
heap private
|
page read and write
|
|
|
|
1D20000
|
unkown image
|
page readonly
|
|
|
|
2200000
|
unkown
|
page read and write
|
|
|
|
570000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
33E000
|
unkown
|
page read and write
|
|
|
|
3BF000
|
unkown
|
page read and write
|
|
|
|
3E2F000
|
unkown
|
page read and write
|
|
|
|
710000
|
unkown image
|
page readonly
|
|
|
|
35C000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
315000
|
unkown
|
page read and write
|
|
|
|
320000
|
heap default
|
page read and write
|
|
|
|
2310000
|
unkown
|
page read and write
|
|
|
|
3AA000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
20C5000
|
heap private
|
page read and write
|
|
|
|
49A0000
|
unkown image
|
page readonly
|
|
|
|
2EA000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
324000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
22AE000
|
unkown
|
page read and write
|
|
|
|
70000
|
unkown image
|
page read and write
|
|
|
|
355000
|
unkown
|
page read and write
|
|
|
|
3A40000
|
unkown image
|
page readonly
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
4B87000
|
unkown image
|
page readonly
|
|
|
|
20FB000
|
heap private
|
page read and write
|
|
|
|
200000
|
unkown
|
page read and write
|
|
|
|
374000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2020000
|
unkown image
|
page readonly
|
|
|
|
4A0000
|
unkown image
|
page readonly
|
|
|
|
3B5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
4B4000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
1F4000
|
heap private
|
page read and write
|
|
|
|
384000
|
unkown
|
page read and write
|
|
|
|
374000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
315000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
4B47000
|
unkown image
|
page readonly
|
|
|
|
333000
|
unkown
|
page read and write
|
|
|
|
580000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
5E4000
|
heap private
|
page read and write
|
|
|
|
3FF9000
|
heap private
|
page read and write
|
|
|
|
39A0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
373000
|
heap default
|
page read and write
|
|
|
|
21F5000
|
heap private
|
page read and write
|
|
There are 197 hidden memdumps, click here to show them.