Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
survey-1384723731.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Thu Nov 25 10:07:14 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\survey-1384723731.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Thu Nov 25 10:07:14 2021, Security: 0
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\91C4.tmp
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\~DF22AC4F44EF579D15.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF8E36D078DBA15E72.TMP
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\besta.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestb.ocx
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestc.ocx
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
https://klevvrtech.com/zxywJAC24KJ/ji.html
|
192.185.79.2
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
https://srkcampus.org/OYcMRJbL/ji.html
|
192.185.129.7
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
https://rstebet.co.id/fbmKk6n48G/ji.html
|
103.247.11.218
|
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
klevvrtech.com
|
192.185.79.2
|
|
|
|
rstebet.co.id
|
103.247.11.218
|
|
|
|
srkcampus.org
|
192.185.129.7
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.185.129.7
|
srkcampus.org
|
United States
|
|
|
|
192.185.79.2
|
klevvrtech.com
|
United States
|
|
|
|
103.247.11.218
|
rstebet.co.id
|
Indonesia
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
-x*
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2EB58
|
2EB58
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
6*+
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39B55
|
39B55
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3A2C4
|
3A2C4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
There are 61 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C6000
|
unkown
|
page read and write
|
|
|
|
3F55000
|
heap private
|
page read and write
|
|
|
|
2A0000
|
unkown image
|
page readonly
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
1E0000
|
heap private
|
page read and write
|
|
|
|
25E000
|
heap default
|
page read and write
|
|
|
|
2130000
|
unkown image
|
page readonly
|
|
|
|
560000
|
unkown image
|
page readonly
|
|
|
|
554000
|
heap private
|
page read and write
|
|
|
|
207000
|
heap default
|
page read and write
|
|
|
|
336000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
365000
|
unkown
|
page read and write
|
|
|
|
2E7000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2AC000
|
unkown
|
page read and write
|
|
|
|
2B5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
2C4000
|
unkown
|
page read and write
|
|
|
|
20B5000
|
heap private
|
page read and write
|
|
|
|
219B000
|
heap private
|
page read and write
|
|
|
|
4A47000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown
|
page read and write
|
|
|
|
510000
|
heap private
|
page read and write
|
|
|
|
285000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3EB5000
|
heap private
|
page read and write
|
|
|
|
159000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
2A4000
|
unkown
|
page read and write
|
|
|
|
375000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page read and write
|
|
|
|
2E0000
|
heap default
|
page read and write
|
|
|
|
790000
|
unkown image
|
page readonly
|
|
|
|
3F50000
|
heap private
|
page read and write
|
|
|
|
4900000
|
unkown image
|
page readonly
|
|
|
|
220000
|
heap default
|
page read and write
|
|
|
|
26E000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
54B000
|
heap private
|
page read and write
|
|
|
|
4F4000
|
heap private
|
page read and write
|
|
|
|
170000
|
heap private
|
page read and write
|
|
|
|
436000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
384000
|
unkown
|
page read and write
|
|
|
|
1B0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
2C5000
|
unkown
|
page read and write
|
|
|
|
2F0000
|
unkown
|
page read and write
|
|
|
|
3D5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
22CE000
|
stack
|
page read and write
|
|
|
|
4AE7000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
2A4000
|
unkown
|
page read and write
|
|
|
|
295000
|
unkown
|
page read and write
|
|
|
|
33A000
|
heap default
|
page read and write
|
|
|
|
2B0000
|
heap private
|
page read and write
|
|
|
|
4D7F000
|
stack
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
2000000
|
unkown image
|
page readonly
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
273000
|
heap default
|
page read and write
|
|
|
|
2EF000
|
unkown
|
page read and write
|
|
|
|
6E0000
|
unkown image
|
page readonly
|
|
|
|
515000
|
heap private
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
1A0000
|
unkown
|
page execute and read and write
|
|
|
|
27A000
|
heap default
|
page read and write
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
5E0000
|
unkown image
|
page readonly
|
|
|
|
22B0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
200000
|
heap default
|
page read and write
|
|
|
|
28A000
|
unkown
|
page read and write
|
|
|
|
2A5000
|
unkown
|
page read and write
|
|
|
|
285000
|
unkown
|
page read and write
|
|
|
|
384000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown
|
page execute and read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3EF5000
|
heap private
|
page read and write
|
|
|
|
416000
|
unkown
|
page read and write
|
|
|
|
2165000
|
heap private
|
page read and write
|
|
|
|
28A000
|
unkown
|
page read and write
|
|
|
|
3EF9000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
356000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
290000
|
unkown
|
page execute and read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
174000
|
heap private
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
386000
|
unkown
|
page read and write
|
|
|
|
4CFF000
|
stack
|
page read and write
|
|
|
|
384000
|
unkown
|
page read and write
|
|
|
|
1F80000
|
unkown image
|
page readonly
|
|
|
|
536000
|
unkown
|
page read and write
|
|
|
|
39E0000
|
unkown image
|
page readonly
|
|
|
|
550000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
30F000
|
unkown
|
page read and write
|
|
|
|
2350000
|
unkown
|
page read and write
|
|
|
|
1E4000
|
heap private
|
page read and write
|
|
|
|
20EB000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
6F0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
315000
|
unkown
|
page read and write
|
|
|
|
2A4000
|
unkown
|
page read and write
|
|
|
|
385000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
2360000
|
unkown
|
page read and write
|
|
|
|
4A87000
|
unkown image
|
page readonly
|
|
|
|
20B0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2AA000
|
unkown
|
page read and write
|
|
|
|
2C4000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
48A0000
|
unkown image
|
page readonly
|
|
|
|
2B5000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown image
|
page readonly
|
|
|
|
282000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
333000
|
heap default
|
page read and write
|
|
|
|
3A90000
|
unkown image
|
page readonly
|
|
|
|
1B6000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
2F5000
|
unkown
|
page read and write
|
|
|
|
31E000
|
heap default
|
page read and write
|
|
|
|
C9000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
2A6000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2A2000
|
unkown
|
page read and write
|
|
|
|
375000
|
unkown
|
page read and write
|
|
|
|
227000
|
heap default
|
page read and write
|
|
|
|
3F59000
|
heap private
|
page read and write
|
|
|
|
1D20000
|
unkown image
|
page readonly
|
|
|
|
3CF000
|
unkown
|
page read and write
|
|
|
|
2B4000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
28E000
|
unkown
|
page read and write
|
|
|
|
34A000
|
unkown
|
page read and write
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
23E000
|
heap default
|
page read and write
|
|
|
|
3EB9000
|
heap private
|
page read and write
|
|
|
|
34E000
|
unkown
|
page read and write
|
|
|
|
4F0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
590000
|
unkown
|
page read and write
|
|
|
|
2A5000
|
unkown
|
page read and write
|
|
|
|
2C4000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
253000
|
heap default
|
page read and write
|
|
|
|
2A5000
|
unkown
|
page read and write
|
|
|
|
2160000
|
heap private
|
page read and write
|
|
|
|
365000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
E9000
|
unkown
|
page read and write
|
|
|
|
4E0000
|
unkown
|
page read and write
|
|
|
|
25A000
|
heap default
|
page read and write
|
|
|
|
1D00000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
26A000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
295000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
362000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
3D0000
|
unkown
|
page read and write
|
|
|
|
3EF0000
|
heap private
|
page read and write
|
|
|
|
36C000
|
unkown
|
page read and write
|
|
|
|
3A80000
|
unkown image
|
page readonly
|
|
|
|
5D4000
|
heap private
|
page read and write
|
|
|
|
28C000
|
unkown
|
page read and write
|
|
|
|
3EB0000
|
heap private
|
page read and write
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
780000
|
unkown image
|
page readonly
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
36A000
|
unkown
|
page read and write
|
|
|
|
4860000
|
unkown image
|
page readonly
|
|
|
|
1C80000
|
unkown image
|
page readonly
|
|
There are 191 hidden memdumps, click here to show them.