Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
sample20210113-01.xlsm
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\dyu828kp[1].rar
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lpxtpiw[1].zip
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\ndrztpo.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\pgjasrqd.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$sample20210113-01.xlsm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 58936 bytes, 1 file
|
dropped
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\272CF97F.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\46184574.png
|
PNG image data, 496 x 323, 8-bit colormap, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Cab7485.tmp
|
Microsoft Cabinet archive data, 58936 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\FDFE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Tar7486.tmp
|
data
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue
Oct 17 10:04:00 2017, mtime=Wed Jan 13 23:38:54 2021, atime=Wed Jan 13 23:38:54 2021, length=8192, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\sample20210113-01.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13
2020, mtime=Wed Jan 13 23:38:54 2021, atime=Wed Jan 13 23:38:57 2021, length=61904, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WBLPQVYT.txt
|
ASCII text
|
downloaded
|
|
|
|
C:\Users\user\Desktop\EF0F0000
|
data
|
dropped
|
|
There are 9 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\pgjasrqd.dll.
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s C:\Users\user\AppData\Local\Temp\pgjasrqd.dll.
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\ndrztpo.dll.
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s C:\Users\user\AppData\Local\Temp\ndrztpo.dll.
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\jvkhmoba.dll.
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://bipolarmalta.mccarthy.ws/lpxtpiw.zip
|
35.214.225.210
|
|
|
|
http://crl.entrust.net/server1.crl0
|
unknown
|
|
|
|
http://ocsp.entrust.net03
|
unknown
|
|
|
|
https://221.126.244.72/3
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
|
|
|
https://157.7.166.26:5353/
|
unknown
|
|
|
|
https://221.126.244.72/O
|
unknown
|
|
|
|
http://sendgrid.invoteqleads.com/usc3d1.rar
|
104.24.124.127
|
|
|
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
|
|
|
https://221.126.244.72/
|
unknown
|
|
|
|
https://157.7.166.26/
|
unknown
|
|
|
|
https://195.231.69.151:3889/G
|
unknown
|
|
|
|
https://195.231.69.151/c7
|
unknown
|
|
|
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
|
|
|
http://oudtshoornpharmacies.co.za/dyu828kp.rar
|
154.66.197.71
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
https://195.231.69.151:3889/
|
unknown
|
|
|
|
http://crl.microsoft.v&
|
unknown
|
|
|
|
http://ocsp.entrust.net0D
|
unknown
|
|
|
|
https://195.231.69.151/
|
unknown
|
|
|
|
https://195.231.69.151:3889/hy
|
unknown
|
|
|
|
https://secure.comodo.com/CPS0
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
https://195.231.69.151/d7
|
unknown
|
|
|
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sendgrid.invoteqleads.com
|
104.24.124.127
|
|
|
|
bipolarmalta.mccarthy.ws
|
35.214.225.210
|
|
|
|
oudtshoornpharmacies.co.za
|
154.66.197.71
|
|
IPs
|
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
|---|---|---|---|---|---|
|
195.231.69.151
|
unknown
|
Italy
|
unknown
|
|
|
|
157.7.166.26
|
unknown
|
Japan
|
unknown
|
|
|
|
221.126.244.72
|
unknown
|
Hong Kong
|
unknown
|
|
|
|
154.66.197.71
|
unknown
|
South Africa
|
unknown
|
|
|
|
104.24.124.127
|
unknown
|
United States
|
unknown
|
|
|
|
35.214.225.210
|
unknown
|
United States
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
)`7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EEB97
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
FontCachePath
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EFD43
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductNonBootFilesIntl_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F0C40
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F196A
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
u=8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F7ED1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F8B10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductNonBootFilesIntl_1033
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
SavedLegacySettings
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
Blob
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
Blob
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
Blob
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
Blob
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
Blob
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
Blob
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
SavedLegacySettings
|
|
There are 265 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E29000
|
heap private
|
page read and write
|
|
|
|
4C4000
|
heap private
|
page read and write
|
|
|
|
9B0000
|
unkown
|
page readonly
|
|
|
|
671000
|
heap default
|
page read and write
|
|
|
|
340000
|
heap default
|
page read and write
|
|
|
|
3425000
|
unkown
|
page read and write
|
|
|
|
4C4000
|
unkown
|
page read and write
|
|
|
|
240000
|
heap private
|
page read and write
|
|
|
|
E20000
|
heap private
|
page read and write
|
|
|
|
32EA000
|
unkown
|
page read and write
|
|
|
|
329C000
|
unkown
|
page read and write
|
|
|
|
9BF000
|
unkown
|
page read and write
|
|
|
|
3292000
|
unkown
|
page read and write
|
|
|
|
250000
|
unkown
|
page execute and read and write
|
|
|
|
65A000
|
heap default
|
page read and write
|
|
|
|
3425000
|
unkown
|
page read and write
|
|
|
|
205000
|
heap private
|
page read and write
|
|
|
|
280000
|
unkown
|
page readonly
|
|
|
|
E1D000
|
unkown
|
page read and write
|
|
|
|
4D4000
|
unkown
|
page read and write
|
|
|
|
2F0000
|
unkown
|
page read and write
|
|
|
|
544000
|
heap default
|
page read and write
|
|
|
|
591000
|
heap default
|
page read and write
|
|
|
|
3401000
|
unkown
|
page read and write
|
|
|
|
E47000
|
heap private
|
page read and write
|
|
|
|
1DA000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
120000
|
unkown
|
page readonly
|
|
|
|
1D0000
|
unkown
|
page readonly
|
|
|
|
450000
|
heap default
|
page read and write
|
|
|
|
4C0000
|
heap private
|
page read and write
|
|
|
|
671000
|
unkown
|
page read and write
|
|
|
|
90000
|
unkown
|
page readonly
|
|
|
|
146000
|
heap private
|
page read and write
|
|
|
|
130000
|
unkown
|
page readonly
|
|
|
|
329C000
|
unkown
|
page read and write
|
|
|
|
120000
|
heap private
|
page read and write
|
|
|
|
880000
|
unkown
|
page readonly
|
|
|
|
F80000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
550000
|
unkown
|
page read and write
|
|
|
|
3459000
|
unkown
|
page read and write
|
|
|
|
586000
|
unkown
|
page read and write
|
|
|
|
A90000
|
heap private
|
page read and write
|
|
|
|
EAD000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
4C4000
|
heap private
|
page read and write
|
|
|
|
187000
|
heap default
|
page read and write
|
|
|
|
140000
|
heap private
|
page read and write
|
|
|
|
D5D000
|
unkown
|
page read and write
|
|
|
|
BF0000
|
unkown
|
page execute and read and write
|
|
|
|
E45000
|
heap private
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
527000
|
heap default
|
page read and write
|
|
|
|
2DE000
|
heap default
|
page read and write
|
|
|
|
4AA000
|
heap default
|
page read and write
|
|
|
|
D00000
|
unkown
|
page readonly
|
|
|
|
21B5000
|
heap private
|
page read and write
|
|
|
|
3C0000
|
unkown
|
page read and write
|
|
|
|
22B0000
|
heap private
|
page read and write
|
|
|
|
5B4000
|
heap default
|
page read and write
|
|
|
|
19B000
|
unkown
|
page read and write
|
|
|
|
2A6000
|
unkown
|
page read and write
|
|
|
|
1FF0000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
2A0000
|
heap default
|
page read and write
|
|
|
|
5D0000
|
unkown
|
page readonly
|
|
|
|
EBE000
|
unkown
|
page read and write
|
|
|
|
20D0000
|
unkown
|
page write copy
|
|
|
|
32C6000
|
unkown
|
page read and write
|
|
|
|
3FF000
|
unkown
|
page read and write
|
|
|
|
326D000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
5E6000
|
heap default
|
page read and write
|
|
|
|
130000
|
unkown
|
page readonly
|
|
|
|
290000
|
unkown
|
page execute and read and write
|
|
|
|
C60000
|
heap private
|
page read and write
|
|
|
|
65A000
|
unkown
|
page read and write
|
|
|
|
4D8000
|
unkown
|
page read and write
|
|
|
|
4D3000
|
unkown
|
page read and write
|
|
|
|
690000
|
unkown
|
page readonly
|
|
|
|
CB0000
|
unkown
|
page readonly
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
810000
|
heap private
|
page read and write
|
|
|
|
3292000
|
unkown
|
page read and write
|
|
|
|
1C4000
|
heap private
|
page read and write
|
|
|
|
21B0000
|
heap private
|
page read and write
|
|
|
|
CB0000
|
unkown
|
page execute and read and write
|
|
|
|
3449000
|
unkown
|
page read and write
|
|
|
|
22EB000
|
heap private
|
page read and write
|
|
|
|
48E000
|
heap default
|
page read and write
|
|
|
|
F5D000
|
unkown
|
page read and write
|
|
|
|
200000
|
heap private
|
page read and write
|
|
|
|
13C000
|
unkown
|
page read and write
|
|
|
|
590000
|
heap default
|
page read and write
|
|
|
|
597000
|
heap default
|
page read and write
|
|
|
|
329C000
|
unkown
|
page read and write
|
|
|
|
652000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
heap private
|
page read and write
|
|
|
|
32AF000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
328B000
|
unkown
|
page read and write
|
|
|
|
3292000
|
unkown
|
page read and write
|
|
|
|
6F0000
|
heap private
|
page read and write
|
|
|
|
3290000
|
unkown
|
page read and write
|
|
|
|
329C000
|
unkown
|
page read and write
|
|
|
|
61A000
|
heap default
|
page read and write
|
|
|
|
520000
|
heap default
|
page read and write
|
|
|
|
ED5000
|
heap private
|
page read and write
|
|
|
|
EE0000
|
heap private
|
page read and write
|
|
|
|
330000
|
unkown
|
page readonly
|
|
|
|
70000
|
unkown
|
page read and write
|
|
|
|
328B000
|
unkown
|
page read and write
|
|
|
|
700000
|
unkown
|
page readonly
|
|
|
|
3290000
|
unkown
|
page read and write
|
|
|
|
9D4000
|
unkown
|
page read and write
|
|
|
|
506000
|
unkown
|
page read and write
|
|
|
|
70000
|
unkown
|
page readonly
|
|
|
|
AB2000
|
heap private
|
page read and write
|
|
|
|
5CA000
|
heap default
|
page read and write
|
|
|
|
23B000
|
heap private
|
page read and write
|
|
|
|
404000
|
unkown
|
page read and write
|
|
|
|
124000
|
heap private
|
page read and write
|
|
|
|
3241000
|
unkown
|
page read and write
|
|
|
|
604000
|
heap default
|
page read and write
|
|
|
|
329C000
|
unkown
|
page read and write
|
|
|
|
22B5000
|
heap private
|
page read and write
|
|
|
|
576000
|
heap default
|
page read and write
|
|
|
|
1E20000
|
unkown
|
page readonly
|
|
|
|
326000
|
unkown
|
page read and write
|
|
|
|
990000
|
unkown
|
page read and write
|
|
|
|
90000
|
unkown
|
page readonly
|
|
|
|
E20000
|
heap private
|
page read and write
|
|
|
|
32FA000
|
unkown
|
page read and write
|
|
|
|
D10000
|
unkown
|
page read and write
|
|
|
|
9CF000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
unkown
|
page readonly
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
457000
|
heap default
|
page read and write
|
|
|
|
E0E000
|
unkown
|
page read and write
|
|
|
|
BB0000
|
unkown
|
page execute and read and write
|
|
|
|
80000
|
unkown
|
page read and write
|
|
|
|
EB8000
|
heap private
|
page read and write
|
|
|
|
58F000
|
heap default
|
page read and write
|
|
|
|
4CC000
|
unkown
|
page read and write
|
|
|
|
2F3000
|
heap default
|
page read and write
|
|
|
|
1BE000
|
heap default
|
page read and write
|
|
|
|
2E0000
|
heap private
|
page read and write
|
|
|
|
A0000
|
heap private
|
page read and write
|
|
|
|
55A000
|
heap default
|
page read and write
|
|
|
|
1CF0000
|
unkown
|
page readonly
|
|
|
|
DA0000
|
heap private
|
page read and write
|
|
|
|
620000
|
unkown
|
page readonly
|
|
|
|
E50000
|
heap private
|
page read and write
|
|
|
|
D10000
|
unkown
|
page read and write
|
|
|
|
2E4000
|
heap private
|
page read and write
|
|
|
|
3D6000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
4C0000
|
heap private
|
page read and write
|
|
|
|
A94000
|
heap private
|
page read and write
|
|
|
|
5E1000
|
heap default
|
page read and write
|
|
|
|
4A3000
|
heap default
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
5CF000
|
heap default
|
page read and write
|
|
|
|
1D3000
|
heap default
|
page read and write
|
|
|
|
350000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
18B000
|
unkown
|
page read and write
|
|
|
|
8F0000
|
unkown
|
page readonly
|
|
|
|
1DA000
|
heap default
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
F80000
|
unkown
|
page readonly
|
|
|
|
329C000
|
unkown
|
page read and write
|
|
|
|
1CC000
|
unkown
|
page read and write
|
|
|
|
506000
|
unkown
|
page read and write
|
|
|
|
2380000
|
unkown
|
page readonly
|
|
|
|
32A7000
|
unkown
|
page read and write
|
|
|
|
3DD000
|
unkown
|
page read and write
|
|
|
|
C70000
|
unkown
|
page execute and read and write
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
6F4000
|
heap private
|
page read and write
|
|
|
|
26B000
|
unkown
|
page read and write
|
|
|
|
E28000
|
heap private
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page readonly
|
|
|
|
3449000
|
unkown
|
page read and write
|
|
|
|
3290000
|
unkown
|
page read and write
|
|
|
|
329C000
|
unkown
|
page read and write
|
|
|
|
370000
|
unkown
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
4D6000
|
unkown
|
page read and write
|
|
|
|
70000
|
unkown
|
page readonly
|
|
|
|
750000
|
unkown
|
page readonly
|
|
|
|
4D2000
|
unkown
|
page read and write
|
|
|
|
1CA000
|
unkown
|
page read and write
|
|
|
|
180000
|
heap default
|
page read and write
|
|
|
|
55F000
|
heap default
|
page read and write
|
|
|
|
1CF0000
|
unkown
|
page readonly
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
3EF000
|
unkown
|
page read and write
|
|
|
|
EB0000
|
heap private
|
page read and write
|
|
|
|
2FA000
|
heap default
|
page read and write
|
|
|
|
A4000
|
heap private
|
page read and write
|
|
|
|
3292000
|
unkown
|
page read and write
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
816000
|
heap private
|
page read and write
|
|
|
|
598000
|
heap default
|
page read and write
|
|
|
|
370000
|
heap default
|
page read and write
|
|
|
|
2A7000
|
heap default
|
page read and write
|
|
|
|
302000
|
heap private
|
page read and write
|
|
|
|
2380000
|
unkown
|
page readonly
|
|
|
|
1FF0000
|
unkown
|
page readonly
|
|
|
|
AD0000
|
unkown
|
page readonly
|
|
|
|
750000
|
unkown
|
page readonly
|
|
|
|
1E0000
|
unkown
|
page execute and read and write
|
|
|
|
140000
|
unkown
|
page readonly
|
|
|
|
A20000
|
unkown
|
page readonly
|
|
|
|
4C0000
|
unkown
|
page execute and read and write
|
|
|
|
329C000
|
unkown
|
page read and write
|
|
|
|
DAC000
|
unkown
|
page read and write
|
|
|
|
9AD000
|
unkown
|
page read and write
|
|
|
|
21EB000
|
heap private
|
page read and write
|
|
|
|
4C8000
|
heap default
|
page read and write
|
|
|
|
3290000
|
unkown
|
page read and write
|
|
|
|
5FF000
|
heap default
|
page read and write
|
|
There are 217 hidden memdumps, click here to show them.