Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
 |
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://recapitol.com/pl92fIeHE11X/filht.html
|
108.179.232.85
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
 |
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
https://iu.ac.bd/QpPq5lm6Xy/fikfh.html
|
103.28.121.60
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
https://boogieproductions.com.au/jJNW2LDF/filkfht.html
|
101.0.113.93
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
iu.ac.bd
|
103.28.121.60
|
|
|
|
boogieproductions.com.au
|
101.0.113.93
|
|
|
|
recapitol.com
|
108.179.232.85
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
101.0.113.93
|
boogieproductions.com.au
|
Australia
|
|
|
|
103.28.121.60
|
iu.ac.bd
|
Bangladesh
|
|
|
|
108.179.232.85
|
recapitol.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
i#'
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2F26A
|
2F26A
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
4''
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3B654
|
3B654
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3B8E3
|
3B8E3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
There are 59 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
255000
|
unkown
|
page read and write
|
|
|
|
5FF000
|
unkown
|
page read and write
|
|
|
|
40E000
|
unkown
|
page read and write
|
|
|
|
526000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
136000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
1F4000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
256000
|
unkown
|
page read and write
|
|
|
|
496000
|
unkown
|
page read and write
|
|
|
|
2BA000
|
unkown
|
page read and write
|
|
|
|
3A70000
|
unkown image
|
page readonly
|
|
|
|
31F000
|
unkown
|
page read and write
|
|
|
|
454000
|
heap private
|
page read and write
|
|
|
|
235000
|
unkown
|
page read and write
|
|
|
|
4BC7000
|
unkown image
|
page readonly
|
|
|
|
203000
|
heap default
|
page read and write
|
|
|
|
1B7000
|
heap default
|
page read and write
|
|
|
|
680000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
425000
|
unkown
|
page read and write
|
|
|
|
3E95000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
1F0000
|
heap private
|
page read and write
|
|
|
|
5F0000
|
unkown image
|
page readonly
|
|
|
|
2B0000
|
unkown
|
page read and write
|
|
|
|
3E99000
|
heap private
|
page read and write
|
|
|
|
2205000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
21A000
|
unkown
|
page read and write
|
|
|
|
42A000
|
unkown
|
page read and write
|
|
|
|
329000
|
heap default
|
page read and write
|
|
|
|
21E0000
|
heap private
|
page read and write
|
|
|
|
2240000
|
unkown
|
page read and write
|
|
|
|
444000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
230000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
290000
|
unkown
|
page execute and read and write
|
|
|
|
23A000
|
unkown
|
page read and write
|
|
|
|
ACF000
|
unkown
|
page read and write
|
|
|
|
453000
|
unkown
|
page read and write
|
|
|
|
366000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
20A000
|
heap default
|
page read and write
|
|
|
|
21E5000
|
heap private
|
page read and write
|
|
|
|
29F000
|
unkown
|
page read and write
|
|
|
|
3ED9000
|
heap private
|
page read and write
|
|
|
|
3DE000
|
heap default
|
page read and write
|
|
|
|
445000
|
unkown
|
page read and write
|
|
|
|
2E3000
|
unkown
|
page read and write
|
|
|
|
3ED5000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
554000
|
heap private
|
page read and write
|
|
|
|
42C000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
245000
|
unkown
|
page read and write
|
|
|
|
232000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
223B000
|
heap private
|
page read and write
|
|
|
|
205B000
|
heap private
|
page read and write
|
|
|
|
674000
|
heap private
|
page read and write
|
|
|
|
1DA0000
|
unkown image
|
page readonly
|
|
|
|
2C5000
|
unkown
|
page read and write
|
|
|
|
495000
|
unkown
|
page read and write
|
|
|
|
29A000
|
unkown
|
page read and write
|
|
|
|
28A000
|
heap default
|
page read and write
|
|
|
|
254000
|
unkown
|
page read and write
|
|
|
|
2D4000
|
unkown
|
page read and write
|
|
|
|
460000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
4039000
|
heap private
|
page read and write
|
|
|
|
4F0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
4CEF000
|
unkown
|
page read and write
|
|
|
|
810000
|
unkown image
|
page readonly
|
|
|
|
1FFE000
|
unkown
|
page read and write
|
|
|
|
245000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
3FA000
|
heap default
|
page read and write
|
|
|
|
6E0000
|
unkown image
|
page readonly
|
|
|
|
1EE000
|
heap default
|
page read and write
|
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
4035000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2E4000
|
unkown
|
page read and write
|
|
|
|
263000
|
unkown
|
page read and write
|
|
|
|
264000
|
unkown
|
page read and write
|
|
|
|
4D6000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
49E0000
|
unkown image
|
page readonly
|
|
|
|
2BC000
|
unkown
|
page read and write
|
|
|
|
2FD000
|
heap default
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
237000
|
heap default
|
page read and write
|
|
|
|
2020000
|
heap private
|
page read and write
|
|
|
|
350000
|
heap private
|
page read and write
|
|
|
|
2025000
|
heap private
|
page read and write
|
|
|
|
26E000
|
heap default
|
page read and write
|
|
|
|
435000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
4880000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
3ED0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
234F000
|
unkown
|
page read and write
|
|
|
|
199000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
550000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2B2000
|
unkown
|
page read and write
|
|
|
|
254000
|
unkown
|
page read and write
|
|
|
|
BD000
|
unkown
|
page read and write
|
|
|
|
4840000
|
unkown image
|
page readonly
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3B0000
|
unkown
|
page read and write
|
|
|
|
110000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2C0000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
440000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
444000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2A0000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
179000
|
unkown
|
page read and write
|
|
|
|
2D5000
|
unkown
|
page read and write
|
|
|
|
221B000
|
heap private
|
page read and write
|
|
|
|
6F0000
|
unkown image
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
2200000
|
heap private
|
page read and write
|
|
|
|
4A27000
|
unkown image
|
page readonly
|
|
|
|
40A000
|
unkown
|
page read and write
|
|
|
|
289000
|
unkown
|
page read and write
|
|
|
|
2D4000
|
unkown
|
page read and write
|
|
|
|
444000
|
heap private
|
page read and write
|
|
|
|
3A80000
|
unkown image
|
page readonly
|
|
|
|
800000
|
unkown image
|
page readonly
|
|
|
|
560000
|
unkown image
|
page readonly
|
|
|
|
3F3000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
4030000
|
heap private
|
page read and write
|
|
|
|
4E0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
21E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
325000
|
unkown
|
page read and write
|
|
|
|
3A7000
|
heap default
|
page read and write
|
|
|
|
283000
|
heap default
|
page read and write
|
|
|
|
2B0000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
4A0000
|
unkown
|
page read and write
|
|
|
|
3A0000
|
heap default
|
page read and write
|
|
|
|
20A0000
|
unkown image
|
page readonly
|
|
|
|
2340000
|
unkown
|
page read and write
|
|
|
|
23C000
|
unkown
|
page read and write
|
|
|
|
454000
|
unkown
|
page read and write
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
2390000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2D4000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
235000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
2B5000
|
unkown
|
page read and write
|
|
|
|
4CE000
|
unkown
|
page read and write
|
|
|
|
2E6000
|
unkown
|
page read and write
|
|
|
|
2010000
|
unkown image
|
page readonly
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
3AC0000
|
unkown image
|
page readonly
|
|
|
|
2C7000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
330000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2D6000
|
unkown
|
page read and write
|
|
|
|
1B0000
|
heap default
|
page read and write
|
|
|
|
4E4000
|
heap private
|
page read and write
|
|
|
|
20A0000
|
unkown image
|
page readonly
|
|
|
|
48F000
|
unkown
|
page read and write
|
|
|
|
2A0000
|
unkown image
|
page readonly
|
|
|
|
422000
|
unkown
|
page read and write
|
|
|
|
186000
|
unkown
|
page read and write
|
|
|
|
1C80000
|
unkown image
|
page readonly
|
|
|
|
2B5000
|
unkown
|
page read and write
|
|
|
|
3E90000
|
heap private
|
page read and write
|
|
|
|
354000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
254000
|
unkown
|
page read and write
|
|
|
|
1D10000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
444000
|
unkown
|
page read and write
|
|
|
|
425000
|
unkown
|
page read and write
|
|
|
|
2C5000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
C0000
|
unkown image
|
page readonly
|
|
|
|
2A5000
|
unkown
|
page read and write
|
|
|
|
670000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
306000
|
heap default
|
page read and write
|
|
|
|
4A67000
|
unkown image
|
page readonly
|
|
|
|
29E000
|
unkown
|
page read and write
|
|
|
|
490000
|
unkown
|
page read and write
|
|
|
|
450000
|
heap private
|
page read and write
|
|
|
|
CAE000
|
unkown
|
page read and write
|
|
There are 225 hidden memdumps, click here to show them.