Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\acceptancy
|
ASCII text, with very long lines (28674), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut6C1C.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\aut6CC8.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\teer
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe
|
"C:\Users\user\Desktop\COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe"
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
"C:\Users\user\Desktop\COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe"
|
|
|
|
C:\Windows\explorer.exe
|
C:\Windows\Explorer.EXE
|
|
|
|
C:\Windows\SysWOW64\cscript.exe
|
"C:\Windows\SysWOW64\cscript.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
/c del "C:\Windows\SysWOW64\svchost.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.crucka.xyz/jd21/
|
|
||
|
http://www.thepowerofzeus.com/jd21/?tBZLfTtx=28cPGcaENb280W65HmbHU6pQLIPuemsbyE+toeghGUICUOM9gHK+zZW7s47qkPel79A7Dw==&oHEpRr=M2JpdRJ
|
185.107.56.60
|
|
|
|
http://www.00050591.xyz/jd21/?tBZLfTtx=+5nsDbzeImt5UbX4GDv04YNxDKhKydlr4q6vzHl7qi3uGOgXSU0vDET8vanb4niZtoheVA==&oHEpRr=M2JpdRJ
|
65.21.196.90
|
|
|
|
http://www.arthemis-168bet.site/jd21/?tBZLfTtx=4y1ij/qZRR1bNd/L/F5yLi+I0SkPKWffZZi+nDy9y9Wv5I2iqoZUG1btNWEB8myok8jbUg==&oHEpRr=M2JpdRJ
|
84.32.84.32
|
|
|
|
http://www.ilovetvs.com/jd21/?tBZLfTtx=Bo1mqRoziIz4wcXV2Hze6fEKc1jUulyNDnBrZ1tCE4J7kcYVEj/nayXnveqqwa6JZwq74w==&oHEpRr=M2JpdRJ
|
162.241.203.16
|
|
|
|
http://www.crucka.xyzReferer:
|
unknown
|
||
|
http://www.uhug.xyz/jd21/
|
unknown
|
||
|
http://www.alivioquantico.comReferer:
|
unknown
|
||
|
http://www.00050591.xyz/jd21/
|
unknown
|
||
|
http://www.freyja.info
|
unknown
|
||
|
http://www.alivioquantico.com/jd21/www.00050591.xyz
|
unknown
|
||
|
http://www.ilovetvs.com
|
unknown
|
||
|
http://www.mantapnagita777.com/jd21/
|
unknown
|
||
|
http://www.thepowerofzeus.com
|
unknown
|
||
|
http://www.gbqspj.club/jd21/
|
unknown
|
||
|
http://www.freyja.info/jd21/
|
unknown
|
||
|
http://www.mantapnagita777.com/jd21/www.kapten69pola.xyz
|
unknown
|
||
|
http://www.tyumk.xyzReferer:
|
unknown
|
||
|
http://www.00050591.xyz/jd21/www.kjsdhklssk73.xyz
|
unknown
|
||
|
http://www.arthemis-168bet.site/jd21/www.ilovetvs.com
|
unknown
|
||
|
http://www.bougeefilth.com
|
unknown
|
||
|
http://www.thepowerofzeus.comReferer:
|
unknown
|
||
|
http://www.amsya.comReferer:
|
unknown
|
||
|
http://www.gbqspj.clubReferer:
|
unknown
|
||
|
http://www.mantapnagita777.comReferer:
|
unknown
|
||
|
http://www.bougeefilth.com/jd21/
|
unknown
|
||
|
http://www.thepowerofzeus.com/jd21/www.alivioquantico.com
|
unknown
|
||
|
http://www.kapten69pola.xyz
|
unknown
|
||
|
http://www.tyumk.xyz/jd21/
|
unknown
|
||
|
http://www.00050591.xyzReferer:
|
unknown
|
||
|
http://www.amsya.com
|
unknown
|
||
|
http://www.autoitscript.com/autoit3
|
unknown
|
||
|
http://www.batremake.com/jd21/www.gbqspj.club
|
unknown
|
||
|
http://www.kjsdhklssk73.xyz/jd21/
|
unknown
|
||
|
http://www.tyumk.xyz/jd21/www.amsya.com
|
unknown
|
||
|
http://www.bougeefilth.com/jd21/www.uhug.xyz
|
unknown
|
||
|
http://www.batremake.com
|
unknown
|
||
|
http://www.ilovetvs.com/jd21/
|
unknown
|
||
|
http://www.piriform.com/ccleanerxe
|
unknown
|
||
|
http://www.uhug.xyz/jd21/www.crucka.xyz
|
unknown
|
||
|
http://www.alivioquantico.com/jd21/
|
unknown
|
||
|
http://www.freyja.infoReferer:
|
unknown
|
||
|
http://www.kjsdhklssk73.xyz/jd21/www.arthemis-168bet.site
|
unknown
|
||
|
http://www.batremake.com/jd21/
|
unknown
|
||
|
http://www.freyja.info/jd21/www.batremake.com
|
unknown
|
||
|
http://thebatcompany.fr/jd21?tBZLfTtx=GfbF6txqq2gI5hQXVs74X
|
unknown
|
||
|
http://www.arthemis-168bet.siteReferer:
|
unknown
|
||
|
http://www.crucka.xyz
|
unknown
|
||
|
http://www.ilovetvs.comReferer:
|
unknown
|
||
|
http://www.uhug.xyz
|
unknown
|
||
|
http://www.uhug.xyzReferer:
|
unknown
|
||
|
http://www.crucka.xyz/jd21/
|
unknown
|
||
|
http://java.sun.com
|
unknown
|
||
|
http://www.arthemis-168bet.site/jd21/
|
unknown
|
||
|
http://www.ilovetvs.com/jd21/www.bougeefilth.com
|
unknown
|
||
|
http://www.arthemis-168bet.site
|
unknown
|
||
|
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
|
unknown
|
||
|
http://www.gbqspj.club
|
unknown
|
||
|
http://www.kapten69pola.xyz/jd21/
|
unknown
|
||
|
http://www.batremake.comReferer:
|
unknown
|
||
|
http://www.kjsdhklssk73.xyzReferer:
|
unknown
|
||
|
http://www.alivioquantico.com
|
unknown
|
||
|
http://www.crucka.xyz/jd21/www.freyja.info
|
unknown
|
||
|
http://www.thepowerofzeus.com/jd21/
|
unknown
|
||
|
http://www.gbqspj.club/jd21/www.mantapnagita777.com
|
unknown
|
||
|
http://www.piriform.com/ccleaner
|
unknown
|
||
|
http://www.kapten69pola.xyzReferer:
|
unknown
|
||
|
http://www.amsya.com/jd21/
|
unknown
|
||
|
https://support.mozilla.org
|
unknown
|
||
|
http://www.00050591.xyz
|
unknown
|
||
|
http://www.kapten69pola.xyz/jd21/www.tyumk.xyz
|
unknown
|
||
|
http://www.tyumk.xyz
|
unknown
|
||
|
http://www.kjsdhklssk73.xyz
|
unknown
|
||
|
http://www.bougeefilth.comReferer:
|
unknown
|
||
|
http://www.mantapnagita777.com
|
unknown
|
There are 65 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
alivioquantico.com
|
192.185.209.182
|
|
|
|
ilovetvs.com
|
162.241.203.16
|
|
|
|
www.thepowerofzeus.com
|
185.107.56.60
|
|
|
|
arthemis-168bet.site
|
84.32.84.32
|
|
|
|
00050591.xyz
|
65.21.196.90
|
|
|
|
www.00050591.xyz
|
unknown
|
|
|
|
www.uhug.xyz
|
unknown
|
|
|
|
www.gbqspj.club
|
unknown
|
|
|
|
www.arthemis-168bet.site
|
unknown
|
|
|
|
www.bougeefilth.com
|
unknown
|
|
|
|
www.kjsdhklssk73.xyz
|
unknown
|
|
|
|
www.alivioquantico.com
|
unknown
|
|
|
|
www.crucka.xyz
|
unknown
|
|
|
|
www.ilovetvs.com
|
unknown
|
|
|
|
www.batremake.com
|
213.186.33.5
|
||
|
www.mantapnagita777.com
|
104.21.91.94
|
||
|
parkingpage.namecheap.com
|
91.195.240.19
|
||
|
www.freyja.info
|
76.223.54.146
|
There are 8 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.185.209.182
|
alivioquantico.com
|
United States
|
|
|
|
65.21.196.90
|
00050591.xyz
|
United States
|
|
|
|
185.107.56.60
|
www.thepowerofzeus.com
|
Netherlands
|
|
|
|
162.241.203.16
|
ilovetvs.com
|
United States
|
|
|
|
84.32.84.32
|
arthemis-168bet.site
|
Lithuania
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
unknown
|
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} {0000013A-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
|
{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
|
Unpacker
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
|
WMP11.AssocFile.3G2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
|
WMP11.AssocFile.3GP
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\OpenWithProgids
|
WMP11.AssocFile.ADTS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\OpenWithProgids
|
WMP11.AssocFile.ADTS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
|
WMP11.AssocFile.AIFF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
|
WMP11.AssocFile.ASF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
|
WMP11.AssocFile.ASX
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
|
WMP11.AssocFile.AU
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
|
AutoIt3Script
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
|
WMP11.AssocFile.AVI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
|
Paint.Picture
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
|
CABFolder
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
|
Microsoft.PowerShellCmdletDefinitionXML.1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.contact\OpenWithProgids
|
contact_wab_auto_file
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
|
CSSfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
|
dllfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
|
Word.Document.8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
|
Word.DocumentMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
|
Word.Document.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
|
Word.Template.8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
|
Word.TemplateMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
|
Word.Template.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR\OpenWithProgids
|
MediaCenter.DVR
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithProgids
|
MediaCenter.DVR-MS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dwfx\OpenWithProgids
|
Windows.XPSReachViewer
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
|
emffile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
|
exefile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
|
fonfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
|
giffile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
|
htmlfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
|
icofile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
|
inifile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
|
pjpegfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
|
jpegfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jtx\OpenWithProgids
|
Windows.XPSReachViewer
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
|
lnkfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
|
WMP11.AssocFile.MPEG
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\OpenWithProgids
|
WMP11.AssocFile.M2TS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
|
WMP11.AssocFile.m3u
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
|
WMP11.AssocFile.M4A
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
|
WMP11.AssocFile.MP4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
|
mhtmlfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
|
WMP11.AssocFile.MIDI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
|
WMP11.AssocFile.MOV
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithProgids
|
WMP11.AssocFile.MP3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
|
Outlook.File.msg.14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
|
ocxfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
|
Word.OpenDocumentText.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
|
otffile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
|
pngfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
|
PowerPoint.Template.8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
|
PowerPoint.TemplateMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
|
PowerPoint.Template.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
|
PowerPoint.Addin.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
|
PowerPoint.SlideShowMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
|
PowerPoint.SlideShow.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
|
PowerPoint.Show.8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
|
PowerPoint.ShowMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
|
PowerPoint.Show.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
|
Microsoft.PowerShellXMLData.1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
|
Microsoft.PowerShellSessionConfiguration.1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
|
rlefile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids
|
WMP11.AssocFile.MIDI
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
|
Word.RTF.8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
|
SHCmdFile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
|
SearchFolder
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
|
shtmlfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
|
PowerPoint.SlideMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
|
PowerPoint.Slide.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
|
sysfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
|
TIFImage.Document
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
|
WMP11.AssocFile.TTS
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
|
ttcfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
|
ttffile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
|
txtfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
|
bootstrap.vsto.1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
|
WMP11.AssocFile.WAV
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
|
WMP11.AssocFile.WAX
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
|
wdpfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
|
WMP11.AssocFile.ASF
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
|
WMP11.AssocFile.WMA
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
|
wmffile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
|
WMP11.AssocFile.WMV
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
|
WMP11.AssocFile.ASX
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\OpenWithProgids
|
WMP11.AssocFile.WPL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WTV\OpenWithProgids
|
MediaCenter.WTVFile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
|
WMP11.AssocFile.WVX
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
|
Excel.AddInMacroEnabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
|
Excel.Sheet.8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
|
Excel.SheetBinaryMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
|
Excel.SheetMacroEnabled.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
|
Excel.Sheet.12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
|
Excel.Template.8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
|
Excel.TemplateMacroEnabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
|
Excel.Template
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
|
xmlfile
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\OpenWithProgids
|
Windows.XPSReachViewer
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
|
xslfile
|
There are 91 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
110000
|
unclassified section
|
page execute and read and write
|
|
|
|
400000
|
system
|
page execute and read and write
|
|
|
|
80000
|
system
|
page execute and read and write
|
|
|
|
1A0000
|
unclassified section
|
page execute and read and write
|
|
|
|
2D0000
|
trusted library allocation
|
page read and write
|
|
|
|
1C0000
|
direct allocation
|
page read and write
|
|
|
|
480000
|
unclassified section
|
page execute and read and write
|
|
|
|
1A0000
|
unkown
|
page readonly
|
||
|
3F0F000
|
unkown
|
page read and write
|
||
|
7440000
|
heap
|
page read and write
|
||
|
226000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
6B90000
|
heap
|
page read and write
|
||
|
796E000
|
unkown
|
page read and write
|
||
|
5FE0000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
5FD0000
|
unkown
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
1FE7000
|
heap
|
page read and write
|
||
|
4200000
|
unkown
|
page read and write
|
||
|
2B00000
|
unkown
|
page readonly
|
||
|
3D17000
|
unkown
|
page read and write
|
||
|
12DC000
|
unkown
|
page readonly
|
||
|
5FB4000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6910000
|
heap
|
page read and write
|
||
|
3F03000
|
unkown
|
page read and write
|
||
|
7DE8000
|
unkown
|
page read and write
|
||
|
2D11000
|
direct allocation
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
3980000
|
unkown
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
2D11000
|
direct allocation
|
page read and write
|
||
|
A17000
|
heap
|
page read and write
|
||
|
3BB0000
|
unkown
|
page read and write
|
||
|
69BB000
|
stack
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
2D14000
|
direct allocation
|
page read and write
|
||
|
2080000
|
direct allocation
|
page execute and read and write
|
||
|
1FE4000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
3C60000
|
unkown
|
page readonly
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
26B000
|
heap
|
page read and write
|
||
|
110000
|
heap
|
page read and write
|
||
|
62B0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2D11000
|
direct allocation
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
2B0A000
|
direct allocation
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
8429000
|
unkown
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
8553000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
3D38000
|
unkown
|
page read and write
|
||
|
2A40000
|
unkown
|
page readonly
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
260A000
|
unkown
|
page read and write
|
||
|
26B6000
|
unclassified section
|
page read and write
|
||
|
85D3000
|
unkown
|
page read and write
|
||
|
3C10000
|
unkown
|
page read and write
|
||
|
2AF1000
|
unkown
|
page read and write
|
||
|
2D17000
|
direct allocation
|
page read and write
|
||
|
1314000
|
unkown
|
page readonly
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2CC000
|
stack
|
page read and write
|
||
|
226000
|
heap
|
page read and write
|
||
|
2D80000
|
direct allocation
|
page read and write
|
||
|
1CA000
|
heap
|
page read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
47D5000
|
heap
|
page read and write
|
||
|
25DF000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
3BC0000
|
unkown
|
page read and write
|
||
|
2420000
|
unkown
|
page read and write
|
||
|
6760000
|
stack
|
page read and write
|
||
|
801C000
|
stack
|
page read and write
|
||
|
3D17000
|
unkown
|
page read and write
|
||
|
720A000
|
heap
|
page read and write
|
||
|
997000
|
direct allocation
|
page execute and read and write
|
||
|
1FBD000
|
stack
|
page read and write
|
||
|
48B0000
|
heap
|
page read and write
|
||
|
380000
|
trusted library allocation
|
page execute and read and write
|
||
|
7DC0000
|
unkown
|
page read and write
|
||
|
3E47000
|
unkown
|
page read and write
|
||
|
3B97000
|
stack
|
page read and write
|
||
|
720000
|
unkown
|
page readonly
|
||
|
3C00000
|
unkown
|
page read and write
|
||
|
9570000
|
heap
|
page read and write
|
||
|
1BE000
|
heap
|
page read and write
|
||
|
4658000
|
unkown
|
page read and write
|
||
|
33C000
|
unkown
|
page read and write
|
||
|
A6B000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
47F9000
|
stack
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
7F05000
|
heap
|
page read and write
|
||
|
2160000
|
direct allocation
|
page execute and read and write
|
||
|
B03000
|
heap
|
page read and write
|
||
|
300000
|
unkown
|
page read and write
|
||
|
3F05000
|
unkown
|
page read and write
|
||
|
3E82000
|
unkown
|
page read and write
|
||
|
3CC0000
|
unkown
|
page read and write
|
||
|
3A60000
|
unkown
|
page readonly
|
||
|
20000
|
trusted library allocation
|
page read and write
|
||
|
2D17000
|
direct allocation
|
page read and write
|
||
|
69F0000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
1FE000
|
heap
|
page read and write
|
||
|
657D000
|
stack
|
page read and write
|
||
|
820000
|
direct allocation
|
page execute and read and write
|
||
|
3F05000
|
unkown
|
page read and write
|
||
|
23C0000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2D14000
|
direct allocation
|
page read and write
|
||
|
3BF0000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
48AC000
|
stack
|
page read and write
|
||
|
39B0000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
direct allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
A7B000
|
heap
|
page read and write
|
||
|
A5E000
|
stack
|
page read and write
|
||
|
1302000
|
unkown
|
page readonly
|
||
|
50D000
|
heap
|
page read and write
|
||
|
6090000
|
unkown
|
page read and write
|
||
|
2ACA000
|
stack
|
page read and write
|
||
|
6EC000
|
stack
|
page read and write
|
||
|
392E000
|
stack
|
page read and write
|
||
|
2A30000
|
direct allocation
|
page read and write
|
||
|
7F00000
|
heap
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
2C10000
|
direct allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
B12000
|
heap
|
page read and write
|
||
|
6760000
|
stack
|
page read and write
|
||
|
3C80000
|
unkown
|
page read and write
|
||
|
2050000
|
heap
|
page read and write
|
||
|
3980000
|
unkown
|
page read and write
|
||
|
B12000
|
heap
|
page read and write
|
||
|
83D3000
|
unkown
|
page read and write
|
||
|
2AF1000
|
unkown
|
page read and write
|
||
|
2D11000
|
direct allocation
|
page read and write
|
||
|
472E000
|
stack
|
page read and write
|
||
|
3EE0000
|
unkown
|
page read and write
|
||
|
74C0000
|
unkown
|
page read and write
|
||
|
2177000
|
direct allocation
|
page execute and read and write
|
||
|
27DE000
|
stack
|
page read and write
|
||
|
1F7000
|
heap
|
page read and write
|
||
|
6A13000
|
heap
|
page read and write
|
||
|
5ED9000
|
stack
|
page read and write
|
||
|
AD1000
|
heap
|
page read and write
|
||
|
6F50000
|
heap
|
page read and write
|
||
|
1CA000
|
heap
|
page read and write
|
||
|
2D20000
|
direct allocation
|
page read and write
|
||
|
1C4000
|
heap
|
page read and write
|
||
|
2607000
|
unkown
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
73B0000
|
heap
|
page read and write
|
||
|
1D6000
|
heap
|
page read and write
|
||
|
E0000
|
unkown
|
page read and write
|
||
|
B13000
|
heap
|
page read and write
|
||
|
2D20000
|
direct allocation
|
page read and write
|
||
|
23B0000
|
unkown
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
21E5000
|
unkown
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
8590000
|
unkown
|
page read and write
|
||
|
50A000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
1BED000
|
heap
|
page read and write
|
||
|
B12000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
3AA1000
|
unkown
|
page read and write
|
||
|
2B0A000
|
direct allocation
|
page read and write
|
||
|
2D9F000
|
unclassified section
|
page read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
1B65000
|
heap
|
page read and write
|
||
|
78E6000
|
unkown
|
page read and write
|
||
|
E0000
|
unkown
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
84D4000
|
unkown
|
page read and write
|
||
|
4050000
|
unkown
|
page readonly
|
||
|
A6C000
|
heap
|
page read and write
|
||
|
994000
|
direct allocation
|
page execute and read and write
|
||
|
2D00000
|
direct allocation
|
page read and write
|
||
|
5FC0000
|
unkown
|
page read and write
|
||
|
249F000
|
unkown
|
page read and write
|
||
|
1D30000
|
unkown
|
page readonly
|
||
|
80E7000
|
unkown
|
page execute and read and write
|
||
|
1FE1000
|
heap
|
page read and write
|
||
|
4B0000
|
unclassified section
|
page execute and read and write
|
||
|
2D20000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
3C50000
|
unkown
|
page readonly
|
||
|
39C0000
|
unkown
|
page read and write
|
||
|
371000
|
trusted library allocation
|
page execute and read and write
|
||
|
720000
|
direct allocation
|
page execute and read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
684000
|
heap
|
page read and write
|
||
|
22B000
|
stack
|
page read and write
|
||
|
69F4000
|
heap
|
page read and write
|
||
|
676B000
|
stack
|
page read and write
|
||
|
8126000
|
unkown
|
page execute and read and write
|
||
|
5FD4000
|
unkown
|
page read and write
|
||
|
6B7E000
|
stack
|
page read and write
|
||
|
2A30000
|
direct allocation
|
page read and write
|
||
|
6F73000
|
heap
|
page read and write
|
||
|
676B000
|
stack
|
page read and write
|
||
|
2CB0000
|
unkown
|
page readonly
|
||
|
2D17000
|
direct allocation
|
page read and write
|
||
|
2C10000
|
direct allocation
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
47D0000
|
heap
|
page read and write
|
||
|
A58000
|
heap
|
page read and write
|
||
|
2380000
|
unkown
|
page read and write
|
||
|
3AB0000
|
unkown
|
page read and write
|
||
|
5E08000
|
stack
|
page read and write
|
||
|
3ED0000
|
unkown
|
page read and write
|
||
|
1B65000
|
heap
|
page read and write
|
||
|
21D000
|
stack
|
page read and write
|
||
|
3D10000
|
unkown
|
page read and write
|
||
|
3E59000
|
unkown
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
179000
|
stack
|
page read and write
|
||
|
22F1000
|
direct allocation
|
page execute and read and write
|
||
|
2B00000
|
unkown
|
page readonly
|
||
|
3BC0000
|
unkown
|
page read and write
|
||
|
2B0D000
|
direct allocation
|
page read and write
|
||
|
90A3000
|
system
|
page execute and read and write
|
||
|
1BD0000
|
heap
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
681000
|
heap
|
page read and write
|
||
|
3A4E000
|
stack
|
page read and write
|
||
|
810000
|
direct allocation
|
page execute and read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
1CD2000
|
unkown
|
page read and write
|
||
|
1B7000
|
heap
|
page read and write
|
||
|
3B97000
|
stack
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2070000
|
direct allocation
|
page execute and read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
880000
|
direct allocation
|
page execute and read and write
|
||
|
3B00000
|
unkown
|
page read and write
|
||
|
21E0000
|
direct allocation
|
page execute and read and write
|
||
|
49CD000
|
stack
|
page read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
6F7000
|
heap
|
page read and write
|
||
|
2B0A000
|
direct allocation
|
page read and write
|
||
|
3F03000
|
unkown
|
page read and write
|
||
|
2CB0000
|
unkown
|
page readonly
|
||
|
2D14000
|
direct allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
D6000
|
heap
|
page read and write
|
||
|
2B0000
|
unkown
|
page read and write
|
||
|
31E000
|
unkown
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
4040000
|
unkown
|
page readonly
|
||
|
A57000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
3E98000
|
unkown
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
1D10000
|
unkown
|
page readonly
|
||
|
1310000
|
unkown
|
page write copy
|
||
|
1B60000
|
heap
|
page read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
1F9000
|
heap
|
page read and write
|
||
|
3ED0000
|
unkown
|
page read and write
|
||
|
350000
|
system
|
page execute and read and write
|
||
|
3D00000
|
unkown
|
page readonly
|
||
|
401E000
|
stack
|
page read and write
|
||
|
2420000
|
unkown
|
page read and write
|
||
|
2D80000
|
direct allocation
|
page read and write
|
||
|
1B30000
|
unkown
|
page readonly
|
||
|
347000
|
heap
|
page read and write
|
||
|
2D9E000
|
heap
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
2D14000
|
direct allocation
|
page read and write
|
||
|
683B000
|
stack
|
page read and write
|
||
|
7200000
|
heap
|
page read and write
|
||
|
2407000
|
unkown
|
page read and write
|
||
|
7DE0000
|
unkown
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
3BF0000
|
unkown
|
page read and write
|
||
|
234E000
|
unkown
|
page read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
2D95000
|
heap
|
page read and write
|
||
|
2A5000
|
heap
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
880F000
|
system
|
page read and write
|
||
|
23B0000
|
unkown
|
page read and write
|
||
|
39A0000
|
unkown
|
page read and write
|
||
|
3C80000
|
unkown
|
page read and write
|
||
|
A6B000
|
heap
|
page read and write
|
||
|
6F2000
|
heap
|
page read and write
|
||
|
A00000
|
direct allocation
|
page execute and read and write
|
||
|
4658000
|
unkown
|
page read and write
|
||
|
3AD0000
|
unkown
|
page read and write
|
||
|
676000
|
unclassified section
|
page execute and read and write
|
||
|
83D3000
|
unkown
|
page read and write
|
||
|
6C90000
|
heap
|
page read and write
|
||
|
25E0000
|
unkown
|
page read and write
|
||
|
21E5000
|
unkown
|
page read and write
|
||
|
3B00000
|
unkown
|
page read and write
|
||
|
6CF000
|
stack
|
page read and write
|
||
|
8FE0000
|
system
|
page execute and read and write
|
||
|
2C10000
|
direct allocation
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
720000
|
unkown
|
page readonly
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
7DE8000
|
unkown
|
page read and write
|
||
|
1D10000
|
unkown
|
page readonly
|
||
|
6DEE000
|
stack
|
page read and write
|
||
|
1B60000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
8020000
|
unkown
|
page execute and read and write
|
||
|
20000
|
unkown
|
page readonly
|
||
|
6699000
|
stack
|
page read and write
|
||
|
2174000
|
direct allocation
|
page execute and read and write
|
||
|
23D0000
|
unkown
|
page read and write
|
||
|
298000
|
heap
|
page read and write
|
||
|
2D00000
|
direct allocation
|
page read and write
|
||
|
2B0D000
|
direct allocation
|
page read and write
|
||
|
3BD0000
|
unkown
|
page read and write
|
||
|
90A5000
|
system
|
page execute and read and write
|
||
|
1B7000
|
heap
|
page read and write
|
||
|
41FC000
|
stack
|
page read and write
|
||
|
300000
|
unkown
|
page read and write
|
||
|
340000
|
heap
|
page read and write
|
||
|
6FF000
|
stack
|
page read and write
|
||
|
799B000
|
unkown
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
3E47000
|
unkown
|
page read and write
|
||
|
7DC0000
|
heap
|
page read and write
|
||
|
3B10000
|
unkown
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
8553000
|
unkown
|
page read and write
|
||
|
28E000
|
heap
|
page read and write
|
||
|
4630000
|
unkown
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
5B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3870000
|
unkown
|
page read and write
|
||
|
4630000
|
unkown
|
page read and write
|
||
|
23E0000
|
unkown
|
page readonly
|
||
|
3C70000
|
unkown
|
page readonly
|
||
|
415E000
|
stack
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
3ECA000
|
unkown
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
78F1000
|
unkown
|
page read and write
|
||
|
A6B000
|
heap
|
page read and write
|
||
|
7972000
|
unkown
|
page read and write
|
||
|
1CD2000
|
unkown
|
page read and write
|
||
|
62B0000
|
heap
|
page read and write
|
||
|
8CFF000
|
system
|
page read and write
|
||
|
6699000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1240000
|
unkown
|
page readonly
|
||
|
84D4000
|
unkown
|
page read and write
|
||
|
9410000
|
heap
|
page read and write
|
||
|
3B90000
|
stack
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
6B90000
|
heap
|
page read and write
|
||
|
23D0000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
1CFA000
|
unkown
|
page read and write
|
||
|
3EE000
|
stack
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
8412000
|
unkown
|
page read and write
|
||
|
9B2000
|
heap
|
page read and write
|
||
|
1B83000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
22F7000
|
direct allocation
|
page execute and read and write
|
||
|
1B40000
|
unkown
|
page read and write
|
||
|
5FFE000
|
unkown
|
page read and write
|
||
|
63A000
|
heap
|
page read and write
|
||
|
682F000
|
stack
|
page read and write
|
||
|
2170000
|
direct allocation
|
page execute and read and write
|
||
|
2AC0000
|
stack
|
page read and write
|
||
|
2AE0000
|
unkown
|
page read and write
|
||
|
6DF000
|
stack
|
page read and write
|
||
|
23C0000
|
unkown
|
page read and write
|
||
|
7968000
|
unkown
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
7170000
|
heap
|
page read and write
|
||
|
2A30000
|
direct allocation
|
page read and write
|
||
|
8490000
|
unkown
|
page read and write
|
||
|
6EA000
|
stack
|
page read and write
|
||
|
2968000
|
stack
|
page read and write
|
||
|
A5C000
|
heap
|
page read and write
|
||
|
7200000
|
heap
|
page read and write
|
||
|
1BE0000
|
unkown
|
page readonly
|
||
|
2D00000
|
direct allocation
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
3BB0000
|
unkown
|
page read and write
|
||
|
3C70000
|
unkown
|
page readonly
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
8616000
|
system
|
page read and write
|
||
|
249F000
|
unkown
|
page read and write
|
||
|
5FDE000
|
unkown
|
page read and write
|
||
|
90B5000
|
system
|
page execute and read and write
|
||
|
1C0000
|
trusted library allocation
|
page read and write
|
||
|
3B90000
|
stack
|
page read and write
|
||
|
3E82000
|
unkown
|
page read and write
|
||
|
3AA1000
|
unkown
|
page read and write
|
||
|
7DDE000
|
unkown
|
page read and write
|
||
|
7964000
|
unkown
|
page read and write
|
||
|
A34000
|
heap
|
page read and write
|
||
|
3DB1000
|
unkown
|
page read and write
|
||
|
2D9E000
|
heap
|
page read and write
|
||
|
1EF0000
|
heap
|
page read and write
|
||
|
3AC0000
|
unkown
|
page read and write
|
||
|
472E000
|
stack
|
page read and write
|
||
|
2D00000
|
direct allocation
|
page read and write
|
||
|
2C20000
|
direct allocation
|
page read and write
|
||
|
2B0D000
|
direct allocation
|
page read and write
|
||
|
2B0D000
|
direct allocation
|
page read and write
|
||
|
A7A000
|
heap
|
page read and write
|
||
|
3970000
|
unkown
|
page readonly
|
||
|
1C4000
|
heap
|
page read and write
|
||
|
64F0000
|
heap
|
page read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
3BD0000
|
unkown
|
page read and write
|
||
|
68B8000
|
stack
|
page read and write
|
||
|
710000
|
direct allocation
|
page execute and read and write
|
||
|
7972000
|
unkown
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
20000
|
unkown
|
page readonly
|
||
|
A57000
|
heap
|
page read and write
|
||
|
2430000
|
unkown
|
page read and write
|
||
|
8C000
|
stack
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2A30000
|
direct allocation
|
page read and write
|
||
|
2C90000
|
unkown
|
page readonly
|
||
|
6F55000
|
heap
|
page read and write
|
||
|
800000
|
direct allocation
|
page execute and read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2D00000
|
direct allocation
|
page read and write
|
||
|
683B000
|
stack
|
page read and write
|
||
|
3E59000
|
unkown
|
page read and write
|
||
|
391000
|
trusted library allocation
|
page execute and read and write
|
||
|
798D000
|
unkown
|
page read and write
|
||
|
5E02000
|
stack
|
page read and write
|
||
|
1CFA000
|
unkown
|
page read and write
|
||
|
3CC0000
|
unkown
|
page read and write
|
||
|
657D000
|
stack
|
page read and write
|
||
|
2D80000
|
direct allocation
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
6C90000
|
heap
|
page read and write
|
||
|
3C50000
|
unkown
|
page readonly
|
||
|
890000
|
direct allocation
|
page execute and read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
2D17000
|
direct allocation
|
page read and write
|
||
|
A6C000
|
heap
|
page read and write
|
||
|
4638000
|
unkown
|
page read and write
|
||
|
1302000
|
unkown
|
page readonly
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
2D20000
|
direct allocation
|
page read and write
|
||
|
3EE7000
|
unkown
|
page read and write
|
||
|
5E10000
|
unkown
|
page read and write
|
||
|
2D17000
|
direct allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
direct allocation
|
page read and write
|
||
|
1B83000
|
heap
|
page read and write
|
||
|
49CD000
|
stack
|
page read and write
|
||
|
9260000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2F4000
|
heap
|
page read and write
|
||
|
380000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B0D000
|
direct allocation
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
382B000
|
stack
|
page read and write
|
||
|
6AEF000
|
stack
|
page read and write
|
||
|
3B92000
|
stack
|
page read and write
|
||
|
8453000
|
unkown
|
page read and write
|
||
|
3A4E000
|
stack
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
1BE0000
|
unkown
|
page readonly
|
||
|
A5C000
|
heap
|
page read and write
|
||
|
28AF000
|
unclassified section
|
page read and write
|
||
|
2177000
|
stack
|
page read and write
|
||
|
78E6000
|
unkown
|
page read and write
|
||
|
23E0000
|
unkown
|
page readonly
|
||
|
1241000
|
unkown
|
page execute read
|
||
|
3F0F000
|
unkown
|
page read and write
|
||
|
202E000
|
stack
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
7170000
|
heap
|
page read and write
|
||
|
1314000
|
unkown
|
page readonly
|
||
|
170000
|
stack
|
page read and write
|
||
|
669B000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
3DDA000
|
unkown
|
page read and write
|
||
|
720A000
|
heap
|
page read and write
|
||
|
39B0000
|
unkown
|
page read and write
|
||
|
991000
|
direct allocation
|
page execute and read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
3C90000
|
unkown
|
page readonly
|
||
|
214000
|
heap
|
page read and write
|
||
|
260D000
|
unkown
|
page read and write
|
||
|
5FB0000
|
heap
|
page read and write
|
||
|
3970000
|
unkown
|
page readonly
|
||
|
1D30000
|
unkown
|
page readonly
|
||
|
2B0A000
|
direct allocation
|
page read and write
|
||
|
69BB000
|
stack
|
page read and write
|
||
|
8429000
|
unkown
|
page read and write
|
||
|
637000
|
unclassified section
|
page execute and read and write
|
||
|
A6C000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
3870000
|
unkown
|
page read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2407000
|
unkown
|
page read and write
|
||
|
1DBF000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
841B000
|
unkown
|
page read and write
|
||
|
2BA0000
|
unkown
|
page read and write
|
||
|
74C0000
|
unkown
|
page read and write
|
||
|
1B40000
|
unkown
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
391000
|
trusted library allocation
|
page execute and read and write
|
||
|
3AF0000
|
unkown
|
page read and write
|
||
|
6BB7000
|
heap
|
page read and write
|
||
|
1BE000
|
heap
|
page read and write
|
||
|
1FF0000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
24AF000
|
stack
|
page read and write
|
||
|
1D20000
|
unkown
|
page readonly
|
||
|
6910000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
5C1000
|
trusted library allocation
|
page execute and read and write
|
||
|
415E000
|
stack
|
page read and write
|
||
|
2D14000
|
direct allocation
|
page read and write
|
||
|
3B92000
|
stack
|
page read and write
|
||
|
3A50000
|
unkown
|
page readonly
|
||
|
4040000
|
unkown
|
page readonly
|
||
|
3A80000
|
unkown
|
page execute and read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
8590000
|
unkown
|
page read and write
|
||
|
48A9000
|
stack
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
3AD0000
|
unkown
|
page read and write
|
||
|
24E0000
|
unkown
|
page read and write
|
||
|
2360000
|
direct allocation
|
page execute and read and write
|
||
|
2807000
|
unkown
|
page read and write
|
||
|
64F0000
|
heap
|
page read and write
|
||
|
6E00000
|
heap
|
page read and write
|
||
|
AD1000
|
heap
|
page read and write
|
||
|
6B99000
|
heap
|
page read and write
|
||
|
ACF000
|
heap
|
page read and write
|
||
|
5E07000
|
stack
|
page read and write
|
||
|
570000
|
unclassified section
|
page execute and read and write
|
||
|
1FD0000
|
heap
|
page read and write
|
||
|
69F4000
|
heap
|
page read and write
|
||
|
1EE0000
|
heap
|
page read and write
|
||
|
3A50000
|
unkown
|
page readonly
|
||
|
4020000
|
unkown
|
page readonly
|
||
|
295E000
|
stack
|
page read and write
|
||
|
2D80000
|
direct allocation
|
page read and write
|
||
|
6E00000
|
heap
|
page read and write
|
||
|
3C10000
|
unkown
|
page read and write
|
||
|
3AB0000
|
unkown
|
page read and write
|
||
|
382B000
|
stack
|
page read and write
|
||
|
364000
|
heap
|
page read and write
|
||
|
2D80000
|
direct allocation
|
page read and write
|
||
|
298000
|
heap
|
page read and write
|
||
|
3F70000
|
unkown
|
page execute read
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
24E0000
|
unkown
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
A4C000
|
heap
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
6F73000
|
heap
|
page read and write
|
||
|
130C000
|
unkown
|
page read and write
|
||
|
2AE0000
|
unkown
|
page read and write
|
||
|
7E40000
|
heap
|
page read and write
|
||
|
360000
|
trusted library allocation
|
page execute and read and write
|
||
|
2968000
|
stack
|
page read and write
|
||
|
2D99000
|
heap
|
page read and write
|
||
|
3C90000
|
unkown
|
page readonly
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2D80000
|
direct allocation
|
page read and write
|
||
|
3ECA000
|
unkown
|
page read and write
|
||
|
2A30000
|
direct allocation
|
page read and write
|
||
|
2370000
|
direct allocation
|
page execute and read and write
|
||
|
4020000
|
unkown
|
page readonly
|
||
|
2D14000
|
direct allocation
|
page read and write
|
||
|
33C000
|
unkown
|
page read and write
|
||
|
78D6000
|
unkown
|
page read and write
|
||
|
2380000
|
unkown
|
page read and write
|
||
|
7440000
|
heap
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
90CA000
|
system
|
page execute and read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
3A60000
|
unkown
|
page readonly
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
2C90000
|
unkown
|
page readonly
|
||
|
260E000
|
unkown
|
page read and write
|
||
|
41FC000
|
stack
|
page read and write
|
||
|
814000
|
direct allocation
|
page execute and read and write
|
||
|
3DB1000
|
unkown
|
page read and write
|
||
|
2607000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
78D6000
|
unkown
|
page read and write
|
||
|
7F05000
|
heap
|
page read and write
|
||
|
3EE7000
|
unkown
|
page read and write
|
||
|
2180000
|
direct allocation
|
page execute and read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
31E000
|
unkown
|
page read and write
|
||
|
21F0000
|
direct allocation
|
page execute and read and write
|
||
|
1DBF000
|
stack
|
page read and write
|
||
|
9A0000
|
direct allocation
|
page execute and read and write
|
||
|
2D00000
|
direct allocation
|
page read and write
|
||
|
63D000
|
heap
|
page read and write
|
||
|
3B10000
|
unkown
|
page read and write
|
||
|
980000
|
direct allocation
|
page execute and read and write
|
||
|
7DDE000
|
unkown
|
page read and write
|
||
|
22E0000
|
direct allocation
|
page execute and read and write
|
||
|
116000
|
heap
|
page read and write
|
||
|
801C000
|
stack
|
page read and write
|
||
|
2B0D000
|
direct allocation
|
page read and write
|
||
|
2B0000
|
unkown
|
page read and write
|
||
|
63CC000
|
unkown
|
page read and write
|
||
|
3A80000
|
unkown
|
page execute and read and write
|
||
|
2D99000
|
heap
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
1240000
|
unkown
|
page readonly
|
||
|
260A000
|
unkown
|
page read and write
|
||
|
22F4000
|
direct allocation
|
page execute and read and write
|
||
|
1D20000
|
unkown
|
page readonly
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2D20000
|
direct allocation
|
page read and write
|
||
|
682F000
|
stack
|
page read and write
|
||
|
A4E000
|
heap
|
page read and write
|
||
|
39C0000
|
unkown
|
page read and write
|
||
|
6F50000
|
heap
|
page read and write
|
||
|
1241000
|
unkown
|
page execute read
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
69F0000
|
heap
|
page read and write
|
||
|
2D17000
|
direct allocation
|
page read and write
|
||
|
1B30000
|
unkown
|
page readonly
|
||
|
85D3000
|
unkown
|
page read and write
|
||
|
A6B000
|
heap
|
page read and write
|
||
|
8412000
|
unkown
|
page read and write
|
||
|
3945000
|
stack
|
page read and write
|
||
|
3CD0000
|
unkown
|
page readonly
|
||
|
A57000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
12DC000
|
unkown
|
page readonly
|
||
|
7DC0000
|
unkown
|
page read and write
|
||
|
1D6000
|
heap
|
page read and write
|
||
|
3C60000
|
unkown
|
page readonly
|
||
|
A5C000
|
heap
|
page read and write
|
||
|
2B0A000
|
direct allocation
|
page read and write
|
||
|
3C00000
|
unkown
|
page read and write
|
||
|
2D11000
|
direct allocation
|
page read and write
|
||
|
3F70000
|
unkown
|
page execute read
|
||
|
130C000
|
unkown
|
page write copy
|
||
|
4050000
|
unkown
|
page readonly
|
||
|
234E000
|
unkown
|
page read and write
|
||
|
3AF0000
|
unkown
|
page read and write
|
||
|
3EE0000
|
unkown
|
page read and write
|
||
|
2D11000
|
direct allocation
|
page read and write
|
||
|
4638000
|
unkown
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
2807000
|
unkown
|
page read and write
|
||
|
CB000
|
stack
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
796E000
|
unkown
|
page read and write
|
||
|
130000
|
trusted library allocation
|
page read and write
|
||
|
2200000
|
direct allocation
|
page execute and read and write
|
||
|
7968000
|
unkown
|
page read and write
|
||
|
40D8000
|
stack
|
page read and write
|
||
|
2300000
|
direct allocation
|
page execute and read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
2D70000
|
unkown
|
page read and write
|
||
|
8453000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
3AC0000
|
unkown
|
page read and write
|
||
|
817000
|
direct allocation
|
page execute and read and write
|
||
|
2C10000
|
direct allocation
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
direct allocation
|
page read and write
|
||
|
A10000
|
direct allocation
|
page execute and read and write
|
||
|
47F000
|
stack
|
page read and write
|
||
|
4200000
|
unkown
|
page read and write
|
||
|
3D38000
|
unkown
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
28E000
|
heap
|
page read and write
|
||
|
70F000
|
stack
|
page read and write
|
||
|
1FF000
|
heap
|
page read and write
|
||
|
2B0A000
|
direct allocation
|
page read and write
|
||
|
1A0000
|
unkown
|
page readonly
|
||
|
A8D000
|
heap
|
page read and write
|
||
|
25E0000
|
unkown
|
page read and write
|
||
|
AD1000
|
heap
|
page read and write
|
||
|
2A40000
|
unkown
|
page readonly
|
||
|
669B000
|
stack
|
page read and write
|
||
|
2A30000
|
direct allocation
|
page read and write
|
||
|
4170000
|
unkown
|
page readonly
|
||
|
5FD0000
|
unkown
|
page read and write
|
||
|
2BD0000
|
unkown
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
3CD0000
|
unkown
|
page readonly
|
||
|
2D95000
|
heap
|
page read and write
|
||
|
2430000
|
unkown
|
page read and write
|
||
|
401E000
|
stack
|
page read and write
|
||
|
372E000
|
stack
|
page read and write
|
||
|
6EE000
|
heap
|
page read and write
|
||
|
B6F000
|
stack
|
page read and write
|
||
|
489F000
|
stack
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
48B0000
|
heap
|
page read and write
|
||
|
6B7E000
|
stack
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
6F55000
|
heap
|
page read and write
|
||
|
170000
|
stack
|
page read and write
|
||
|
140000
|
trusted library allocation
|
page read and write
|
||
|
8490000
|
unkown
|
page read and write
|
||
|
2D70000
|
unkown
|
page read and write
|
||
|
3DDA000
|
unkown
|
page read and write
|
||
|
841B000
|
unkown
|
page read and write
|
||
|
7F00000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
5E00000
|
stack
|
page read and write
|
||
|
3D10000
|
unkown
|
page read and write
|
||
|
64D0000
|
heap
|
page read and write
|
||
|
5E2E000
|
unkown
|
page read and write
|
||
|
2440000
|
unkown
|
page read and write
|
||
|
3D00000
|
unkown
|
page readonly
|
||
|
6A13000
|
heap
|
page read and write
|
||
|
8A0000
|
direct allocation
|
page execute and read and write
|
||
|
6E4000
|
heap
|
page read and write
|
||
|
39A0000
|
unkown
|
page read and write
|
||
|
64D0000
|
heap
|
page read and write
|
||
|
45E000
|
stack
|
page read and write
|
||
|
179000
|
stack
|
page read and write
|
There are 748 hidden memdumps, click here to show them.