Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
protocol.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Oct 27 10:45:18 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\protocol.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Wed Oct 27 10:45:18 2021, Security: 0
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\CD1E.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\~DF2671737F09DCABAC.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF9858F0CABAD63058.TMP
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://atochagaleria.com.ar/CnijALAyxR/l.html
|
192.99.46.215
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
https://maberic.com/3XRJdBEjFc/l.html
|
199.79.62.121
|
|
|
|
https://ost.net.br/toXuNS00/l.html
|
162.241.2.103
|
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
atochagaleria.com.ar
|
192.99.46.215
|
|
|
|
maberic.com
|
199.79.62.121
|
|
|
|
ost.net.br
|
162.241.2.103
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.99.46.215
|
atochagaleria.com.ar
|
Canada
|
|
|
|
162.241.2.103
|
ost.net.br
|
United States
|
|
|
|
199.79.62.121
|
maberic.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
0=#
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D411
|
2D411
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
)a#
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3D5E5
|
3D5E5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3DDC1
|
3DDC1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
There are 61 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6F0000
|
heap private
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
4B6000
|
unkown
|
page read and write
|
|
|
|
2120000
|
unkown image
|
page readonly
|
|
|
|
253000
|
unkown
|
page read and write
|
|
|
|
3A90000
|
unkown image
|
page readonly
|
|
|
|
201B000
|
heap private
|
page read and write
|
|
|
|
3BE000
|
unkown
|
page read and write
|
|
|
|
3EA000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2165000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
43F000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
unkown image
|
page readonly
|
|
|
|
246000
|
unkown
|
page read and write
|
|
|
|
4B17000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3F5000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
heap default
|
page read and write
|
|
|
|
1FA000
|
heap default
|
page read and write
|
|
|
|
3E5000
|
unkown
|
page read and write
|
|
|
|
70000
|
unkown image
|
page read and write
|
|
|
|
1DE000
|
heap default
|
page read and write
|
|
|
|
406000
|
unkown
|
page read and write
|
|
|
|
235000
|
unkown
|
page read and write
|
|
|
|
1D9000
|
unkown
|
page read and write
|
|
|
|
140000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
3B3000
|
heap default
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
560000
|
unkown
|
page read and write
|
|
|
|
22E0000
|
unkown
|
page read and write
|
|
|
|
450000
|
unkown
|
page read and write
|
|
|
|
28F000
|
unkown
|
page read and write
|
|
|
|
2265000
|
heap private
|
page read and write
|
|
|
|
2320000
|
unkown
|
page read and write
|
|
|
|
3DC000
|
unkown
|
page read and write
|
|
|
|
4055000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2060000
|
unkown image
|
page readonly
|
|
|
|
244000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
403000
|
unkown
|
page read and write
|
|
|
|
450000
|
unkown
|
page read and write
|
|
|
|
22C000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page readonly
|
|
|
|
405000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
80000
|
unkown
|
page read and write
|
|
|
|
3E2000
|
unkown
|
page read and write
|
|
|
|
1E20000
|
unkown image
|
page readonly
|
|
|
|
1FF0000
|
unkown image
|
page readonly
|
|
|
|
1FE0000
|
heap private
|
page read and write
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
3AA000
|
heap default
|
page read and write
|
|
|
|
3A50000
|
unkown image
|
page readonly
|
|
|
|
295000
|
unkown
|
page read and write
|
|
|
|
1F3000
|
heap default
|
page read and write
|
|
|
|
254000
|
unkown
|
page read and write
|
|
|
|
580000
|
unkown
|
page read and write
|
|
|
|
251F000
|
stack
|
page read and write
|
|
|
|
22A000
|
unkown
|
page read and write
|
|
|
|
286000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
5C0000
|
heap private
|
page read and write
|
|
|
|
245000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3E5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
39E000
|
heap default
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
3F89000
|
heap private
|
page read and write
|
|
|
|
3DA000
|
unkown
|
page read and write
|
|
|
|
3F5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3B50000
|
unkown image
|
page readonly
|
|
|
|
4A00000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
20A000
|
unkown
|
page read and write
|
|
|
|
23BF000
|
stack
|
page read and write
|
|
|
|
1CF0000
|
unkown image
|
page readonly
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
4079000
|
heap private
|
page read and write
|
|
|
|
3E5000
|
unkown
|
page read and write
|
|
|
|
250000
|
unkown
|
page read and write
|
|
|
|
110000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
890000
|
unkown image
|
page readonly
|
|
|
|
6F4000
|
heap private
|
page read and write
|
|
|
|
370000
|
heap private
|
page read and write
|
|
|
|
3F80000
|
heap private
|
page read and write
|
|
|
|
109000
|
unkown
|
page read and write
|
|
|
|
244000
|
unkown
|
page read and write
|
|
|
|
3D2000
|
unkown
|
page read and write
|
|
|
|
3CA000
|
unkown
|
page read and write
|
|
|
|
3F5000
|
unkown
|
page read and write
|
|
|
|
3E5000
|
unkown
|
page read and write
|
|
|
|
880000
|
unkown image
|
page readonly
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
219B000
|
heap private
|
page read and write
|
|
|
|
404000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
720000
|
unkown image
|
page readonly
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
225000
|
unkown
|
page read and write
|
|
|
|
3F4000
|
unkown
|
page read and write
|
|
|
|
20000
|
heap private
|
page read and write
|
|
|
|
290000
|
unkown
|
page read and write
|
|
|
|
367000
|
heap default
|
page read and write
|
|
|
|
3F6000
|
unkown
|
page read and write
|
|
|
|
750000
|
unkown image
|
page readonly
|
|
|
|
24000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
1CC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
445000
|
unkown
|
page read and write
|
|
|
|
4059000
|
heap private
|
page read and write
|
|
|
|
596000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
5A0000
|
unkown image
|
page readonly
|
|
|
|
730000
|
unkown image
|
page readonly
|
|
|
|
4A20000
|
unkown image
|
page readonly
|
|
|
|
486000
|
unkown
|
page read and write
|
|
|
|
38E000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
1FE5000
|
heap private
|
page read and write
|
|
|
|
2A0000
|
unkown image
|
page readonly
|
|
|
|
2B4000
|
heap private
|
page read and write
|
|
|
|
480000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
404000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
460000
|
unkown
|
page read and write
|
|
|
|
413000
|
unkown
|
page read and write
|
|
|
|
3CE000
|
unkown
|
page read and write
|
|
|
|
3BA000
|
heap default
|
page read and write
|
|
|
|
3F85000
|
heap private
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
3EC000
|
unkown
|
page read and write
|
|
|
|
130000
|
unkown image
|
page readonly
|
|
|
|
404000
|
unkown
|
page read and write
|
|
|
|
225000
|
unkown
|
page read and write
|
|
|
|
4C07000
|
unkown image
|
page readonly
|
|
|
|
4075000
|
heap private
|
page read and write
|
|
|
|
3D5000
|
unkown
|
page read and write
|
|
|
|
2260000
|
heap private
|
page read and write
|
|
|
|
190000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3F4000
|
unkown
|
page read and write
|
|
|
|
120000
|
unkown image
|
page readonly
|
|
|
|
222000
|
unkown
|
page read and write
|
|
|
|
350000
|
heap default
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
4BE7000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3ECF000
|
stack
|
page read and write
|
|
|
|
229B000
|
heap private
|
page read and write
|
|
|
|
1A7000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
414000
|
unkown
|
page read and write
|
|
|
|
2B0000
|
heap private
|
page read and write
|
|
|
|
3D5000
|
unkown
|
page read and write
|
|
|
|
496000
|
unkown
|
page read and write
|
|
|
|
3B6000
|
unkown
|
page read and write
|
|
|
|
3BA000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown image
|
page read and write
|
|
|
|
700000
|
unkown image
|
page readonly
|
|
|
|
120000
|
unkown
|
page execute and read and write
|
|
|
|
4050000
|
heap private
|
page read and write
|
|
|
|
235000
|
unkown
|
page read and write
|
|
|
|
2160000
|
heap private
|
page read and write
|
|
|
|
244000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
249000
|
unkown
|
page read and write
|
|
|
|
2200000
|
unkown
|
page read and write
|
|
|
|
44F000
|
unkown
|
page read and write
|
|
|
|
20E000
|
unkown
|
page read and write
|
|
|
|
3A3000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
404000
|
unkown
|
page read and write
|
|
|
|
3F4000
|
unkown
|
page read and write
|
|
|
|
590000
|
heap private
|
page read and write
|
|
|
|
594000
|
heap private
|
page read and write
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
357000
|
heap default
|
page read and write
|
|
|
|
4070000
|
heap private
|
page read and write
|
|
|
|
4930000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
5C4000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
374000
|
heap private
|
page read and write
|
|
|
|
455000
|
unkown
|
page read and write
|
|
There are 197 hidden memdumps, click here to show them.