Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Complaint-447781983-02182021.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Last Saved By: Friner, Name
of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Feb 18 13:42:21
2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\30D802E0E248FEE17AAF4A62594CC75A
|
data
|
dropped
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 59134 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\30D802E0E248FEE17AAF4A62594CC75A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\CabDC6B.tmp
|
Microsoft Cabinet archive data, 59134 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\F2CE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\TarDC6C.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Complaint-447781983-02182021.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12
2020, mtime=Tue Feb 23 21:18:35 2021, atime=Tue Feb 23 21:18:35 2021, length=57856, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue
Oct 17 10:04:00 2017, mtime=Tue Feb 23 21:18:35 2021, atime=Tue Feb 23 21:18:35 2021, length=12288, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\A3CE0000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\JDFR.hdfgr,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\JDFR.hdfgr1,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\JDFR.hdfgr2,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\JDFR.hdfgr3,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\JDFR.hdfgr4,DllRegisterServer
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pathinanchilearthmovers.com/eznwcdhx/44250596245254600000.dat
|
162.241.80.6
|
|
|
|
http://biblicalisraeltours.com/otmchxmxeg/44250596245254600000.dat
|
68.66.216.42
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://jugueterialatorre.com.ar/xjzpfwc/44250596245254600000.dat
|
138.36.237.100
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://rzminc.com/fdzgprclatqo/44250596245254600000.dat
|
72.52.227.180
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://rzminc.com/xklyulyijvn/44250596245254600000.dat
|
72.52.227.180
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
There are 3 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
rzminc.com
|
72.52.227.180
|
|
|
|
biblicalisraeltours.com
|
68.66.216.42
|
|
|
|
crt.sectigo.com
|
91.199.212.52
|
|
|
|
jugueterialatorre.com.ar
|
138.36.237.100
|
|
|
|
pathinanchilearthmovers.com
|
162.241.80.6
|
|
IPs
|
IP
|
Domain
|
Country
|
Active
|
Malicious
|
|
|---|---|---|---|---|---|
|
162.241.80.6
|
unknown
|
United States
|
unknown
|
|
|
|
138.36.237.100
|
unknown
|
Argentina
|
unknown
|
|
|
|
68.66.216.42
|
unknown
|
United States
|
unknown
|
|
|
|
72.52.227.180
|
unknown
|
United States
|
unknown
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{45
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EBF97
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC1C9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC284
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC34F
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EC40A
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
6<5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F8630
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F87F5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
There are 108 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2945000
|
unkown
|
page readonly
|
|
|
|
4AF000
|
unkown
|
page read and write
|
|
|
|
340000
|
heap default
|
page read and write
|
|
|
|
28DD000
|
unkown
|
page readonly
|
|
|
|
25F2000
|
unkown
|
page readonly
|
|
|
|
1FE0000
|
heap private
|
page read and write
|
|
|
|
28BD000
|
unkown
|
page readonly
|
|
|
|
2B00000
|
unkown
|
page readonly
|
|
|
|
2912000
|
unkown
|
page readonly
|
|
|
|
26B2000
|
unkown
|
page readonly
|
|
|
|
2EF0000
|
unkown
|
page read and write
|
|
|
|
25D8000
|
unkown
|
page readonly
|
|
|
|
2796000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page readonly
|
|
|
|
22F0000
|
unkown
|
page readonly
|
|
|
|
2270000
|
unkown
|
page readonly
|
|
|
|
2919000
|
unkown
|
page readonly
|
|
|
|
2952000
|
unkown
|
page readonly
|
|
|
|
207000
|
heap default
|
page read and write
|
|
|
|
27D2000
|
unkown
|
page readonly
|
|
|
|
2742000
|
unkown
|
page readonly
|
|
|
|
2832000
|
unkown
|
page readonly
|
|
|
|
344000
|
heap private
|
page read and write
|
|
|
|
20C0000
|
unkown
|
page readonly
|
|
|
|
37E000
|
heap default
|
page read and write
|
|
|
|
2755000
|
unkown
|
page readonly
|
|
|
|
28F6000
|
unkown
|
page readonly
|
|
|
|
2230000
|
unkown
|
page readonly
|
|
|
|
26F5000
|
unkown
|
page readonly
|
|
|
|
28B5000
|
unkown
|
page readonly
|
|
|
|
1F00000
|
unkown
|
page write copy
|
|
|
|
29A2000
|
unkown
|
page readonly
|
|
|
|
2792000
|
unkown
|
page readonly
|
|
|
|
1CC000
|
unkown
|
page read and write
|
|
|
|
2834000
|
unkown
|
page readonly
|
|
|
|
2259000
|
heap private
|
page read and write
|
|
|
|
2A7000
|
heap default
|
page read and write
|
|
|
|
21B0000
|
heap private
|
page read and write
|
|
|
|
670000
|
unkown
|
page readonly
|
|
|
|
2886000
|
unkown
|
page readonly
|
|
|
|
28FD000
|
unkown
|
page readonly
|
|
|
|
27F4000
|
unkown
|
page readonly
|
|
|
|
1FE9000
|
heap private
|
page read and write
|
|
|
|
39E000
|
heap default
|
page read and write
|
|
|
|
1B0000
|
heap private
|
page read and write
|
|
|
|
28B6000
|
unkown
|
page readonly
|
|
|
|
279D000
|
unkown
|
page readonly
|
|
|
|
2956000
|
unkown
|
page readonly
|
|
|
|
2945000
|
unkown
|
page readonly
|
|
|
|
27B2000
|
unkown
|
page readonly
|
|
|
|
29A9000
|
unkown
|
page readonly
|
|
|
|
2250000
|
unkown
|
page readonly
|
|
|
|
2872000
|
unkown
|
page readonly
|
|
|
|
2975000
|
unkown
|
page readonly
|
|
|
|
2B62000
|
unkown
|
page readonly
|
|
|
|
2902000
|
unkown
|
page readonly
|
|
|
|
2000000
|
unkown
|
page write copy
|
|
|
|
28D2000
|
unkown
|
page readonly
|
|
|
|
2C60000
|
unkown
|
page readonly
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
2692000
|
unkown
|
page readonly
|
|
|
|
1F40000
|
heap private
|
page read and write
|
|
|
|
2110000
|
unkown
|
page readonly
|
|
|
|
2D40000
|
heap private
|
page read and write
|
|
|
|
2E6000
|
heap default
|
page read and write
|
|
|
|
2F30000
|
unkown
|
page read and write
|
|
|
|
2B80000
|
unkown
|
page readonly
|
|
|
|
2835000
|
unkown
|
page readonly
|
|
|
|
2255000
|
heap private
|
page read and write
|
|
|
|
2DD000
|
heap default
|
page read and write
|
|
|
|
2B40000
|
unkown
|
page readonly
|
|
|
|
20C5000
|
heap private
|
page read and write
|
|
|
|
26F2000
|
unkown
|
page readonly
|
|
|
|
2979000
|
unkown
|
page readonly
|
|
|
|
27D4000
|
unkown
|
page readonly
|
|
|
|
2130000
|
unkown
|
page readonly
|
|
|
|
27B2000
|
unkown
|
page readonly
|
|
|
|
2785000
|
unkown
|
page readonly
|
|
|
|
DD000
|
unkown
|
page read and write
|
|
|
|
1F7000
|
heap default
|
page read and write
|
|
|
|
2712000
|
unkown
|
page readonly
|
|
|
|
27D4000
|
unkown
|
page readonly
|
|
|
|
21F0000
|
heap private
|
page read and write
|
|
|
|
28D6000
|
unkown
|
page readonly
|
|
|
|
2922000
|
unkown
|
page readonly
|
|
|
|
1DF7000
|
unkown
|
page readonly
|
|
|
|
2F10000
|
unkown
|
page read and write
|
|
|
|
130000
|
unkown
|
page readonly
|
|
|
|
2875000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
16B000
|
unkown
|
page read and write
|
|
|
|
2BE0000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
2B60000
|
unkown
|
page readonly
|
|
|
|
4F0000
|
unkown
|
page readonly
|
|
|
|
2979000
|
unkown
|
page readonly
|
|
|
|
2854000
|
unkown
|
page readonly
|
|
|
|
2892000
|
unkown
|
page readonly
|
|
|
|
25F8000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
410000
|
heap private
|
page read and write
|
|
|
|
2932000
|
unkown
|
page readonly
|
|
|
|
28B2000
|
unkown
|
page readonly
|
|
|
|
1B80000
|
unkown
|
page readonly
|
|
|
|
2AC5000
|
heap private
|
page read and write
|
|
|
|
206B000
|
heap private
|
page read and write
|
|
|
|
2712000
|
unkown
|
page readonly
|
|
|
|
29D9000
|
unkown
|
page readonly
|
|
|
|
28B9000
|
unkown
|
page readonly
|
|
|
|
27F2000
|
unkown
|
page readonly
|
|
|
|
28B5000
|
unkown
|
page readonly
|
|
|
|
2D05000
|
heap private
|
page read and write
|
|
|
|
200000
|
heap default
|
page read and write
|
|
|
|
2766000
|
unkown
|
page readonly
|
|
|
|
1FE5000
|
heap private
|
page read and write
|
|
|
|
28D2000
|
unkown
|
page readonly
|
|
|
|
2926000
|
unkown
|
page readonly
|
|
|
|
1D67000
|
unkown
|
page readonly
|
|
|
|
28F9000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
29F5000
|
unkown
|
page readonly
|
|
|
|
4E4000
|
heap private
|
page read and write
|
|
|
|
2D3B000
|
heap private
|
page read and write
|
|
|
|
26B4000
|
unkown
|
page readonly
|
|
|
|
2949000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
2A0000
|
heap default
|
page read and write
|
|
|
|
460000
|
unkown
|
page readonly
|
|
|
|
1FF0000
|
heap private
|
page read and write
|
|
|
|
2896000
|
unkown
|
page readonly
|
|
|
|
2939000
|
unkown
|
page readonly
|
|
|
|
1B4000
|
heap private
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
1D27000
|
unkown
|
page readonly
|
|
|
|
2959000
|
unkown
|
page readonly
|
|
|
|
2855000
|
unkown
|
page readonly
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
2F0000
|
unkown
|
page read and write
|
|
|
|
70000
|
unkown
|
page read and write
|
|
|
|
2942000
|
unkown
|
page readonly
|
|
|
|
2846000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
2AE2000
|
unkown
|
page readonly
|
|
|
|
27B4000
|
unkown
|
page readonly
|
|
|
|
1D07000
|
unkown
|
page readonly
|
|
|
|
28E5000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
2D80000
|
unkown
|
page readonly
|
|
|
|
27D2000
|
unkown
|
page readonly
|
|
|
|
2995000
|
unkown
|
page readonly
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
2812000
|
unkown
|
page readonly
|
|
|
|
2B02000
|
unkown
|
page readonly
|
|
|
|
2706000
|
unkown
|
page readonly
|
|
|
|
5F0000
|
heap private
|
page read and write
|
|
|
|
2972000
|
unkown
|
page readonly
|
|
|
|
2C00000
|
unkown
|
page read and write
|
|
|
|
2AFB000
|
heap private
|
page read and write
|
|
|
|
2D45000
|
heap private
|
page read and write
|
|
|
|
24B2000
|
unkown
|
page readonly
|
|
|
|
2B60000
|
unkown
|
page readonly
|
|
|
|
2794000
|
unkown
|
page readonly
|
|
|
|
20C0000
|
heap private
|
page read and write
|
|
|
|
2725000
|
unkown
|
page readonly
|
|
|
|
27F4000
|
unkown
|
page readonly
|
|
|
|
2865000
|
unkown
|
page readonly
|
|
|
|
2070000
|
unkown
|
page readonly
|
|
|
|
2090000
|
heap private
|
page read and write
|
|
|
|
2972000
|
unkown
|
page readonly
|
|
|
|
2866000
|
unkown
|
page readonly
|
|
|
|
2815000
|
unkown
|
page readonly
|
|
|
|
1B40000
|
unkown
|
page readonly
|
|
|
|
2A00000
|
unkown
|
page readonly
|
|
|
|
25B2000
|
unkown
|
page readonly
|
|
|
|
28C5000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
2250000
|
heap private
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
2895000
|
unkown
|
page readonly
|
|
|
|
24B8000
|
unkown
|
page readonly
|
|
|
|
16B000
|
unkown
|
page read and write
|
|
|
|
194000
|
heap private
|
page read and write
|
|
|
|
27E2000
|
unkown
|
page readonly
|
|
|
|
2B20000
|
unkown
|
page readonly
|
|
|
|
28A5000
|
unkown
|
page readonly
|
|
|
|
2D00000
|
heap private
|
page read and write
|
|
|
|
2BA0000
|
unkown
|
page readonly
|
|
|
|
20C9000
|
heap private
|
page read and write
|
|
|
|
367000
|
heap default
|
page read and write
|
|
|
|
28F5000
|
unkown
|
page readonly
|
|
|
|
28F2000
|
unkown
|
page readonly
|
|
|
|
7C0000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
27E9000
|
unkown
|
page readonly
|
|
|
|
5C0000
|
unkown
|
page readonly
|
|
|
|
2915000
|
unkown
|
page readonly
|
|
|
|
2814000
|
unkown
|
page readonly
|
|
|
|
27D2000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
1F0000
|
heap default
|
page read and write
|
|
|
|
336000
|
unkown
|
page read and write
|
|
|
|
26D2000
|
unkown
|
page readonly
|
|
|
|
2826000
|
unkown
|
page readonly
|
|
|
|
28C6000
|
unkown
|
page readonly
|
|
|
|
20C0000
|
heap private
|
page read and write
|
|
|
|
2736000
|
unkown
|
page readonly
|
|
|
|
2799000
|
unkown
|
page readonly
|
|
|
|
2AC0000
|
heap private
|
page read and write
|
|
|
|
290000
|
heap default
|
page read and write
|
|
|
|
27B2000
|
unkown
|
page readonly
|
|
|
|
28A6000
|
unkown
|
page readonly
|
|
|
|
2852000
|
unkown
|
page readonly
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
206000
|
unkown
|
page read and write
|
|
|
|
2909000
|
unkown
|
page readonly
|
|
|
|
2965000
|
unkown
|
page readonly
|
|
|
|
2B40000
|
unkown
|
page readonly
|
|
|
|
2902000
|
unkown
|
page readonly
|
|
|
|
2862000
|
unkown
|
page readonly
|
|
|
|
2935000
|
unkown
|
page readonly
|
|
|
|
1A6000
|
unkown
|
page read and write
|
|
|
|
4E0000
|
heap private
|
page read and write
|
|
|
|
280000
|
unkown
|
page write copy
|
|
|
|
29E0000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
28D2000
|
unkown
|
page readonly
|
|
|
|
29A2000
|
unkown
|
page readonly
|
|
|
|
2C40000
|
unkown
|
page readonly
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
2959000
|
unkown
|
page readonly
|
|
|
|
2250000
|
unkown
|
page readonly
|
|
|
|
2822000
|
unkown
|
page readonly
|
|
|
|
2B80000
|
unkown
|
page readonly
|
|
|
|
2852000
|
unkown
|
page readonly
|
|
|
|
5E0000
|
unkown
|
page readonly
|
|
|
|
2A20000
|
unkown
|
page readonly
|
|
|
|
420000
|
unkown
|
page readonly
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
2842000
|
unkown
|
page readonly
|
|
|
|
2AC2000
|
unkown
|
page readonly
|
|
|
|
390000
|
unkown
|
page write copy
|
|
|
|
2035000
|
heap private
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
2BA0000
|
unkown
|
page read and write
|
|
|
|
2995000
|
unkown
|
page readonly
|
|
|
|
21B9000
|
heap private
|
page read and write
|
|
|
|
2925000
|
unkown
|
page readonly
|
|
|
|
2B60000
|
unkown
|
page readonly
|
|
|
|
29C5000
|
unkown
|
page readonly
|
|
|
|
28C6000
|
unkown
|
page readonly
|
|
|
|
28D9000
|
unkown
|
page readonly
|
|
|
|
295D000
|
unkown
|
page readonly
|
|
|
|
1A0000
|
unkown
|
page read and write
|
|
|
|
21F9000
|
heap private
|
page read and write
|
|
|
|
2872000
|
unkown
|
page readonly
|
|
|
|
28E5000
|
unkown
|
page readonly
|
|
|
|
1B20000
|
unkown
|
page readonly
|
|
|
|
190000
|
heap private
|
page read and write
|
|
|
|
347000
|
heap default
|
page read and write
|
|
|
|
27F2000
|
unkown
|
page readonly
|
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
2672000
|
unkown
|
page readonly
|
|
|
|
2270000
|
unkown
|
page readonly
|
|
|
|
2876000
|
unkown
|
page readonly
|
|
|
|
28D9000
|
unkown
|
page readonly
|
|
|
|
21B5000
|
heap private
|
page read and write
|
|
|
|
29D2000
|
unkown
|
page readonly
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
440000
|
unkown
|
page readonly
|
|
|
|
414000
|
heap private
|
page read and write
|
|
|
|
28F6000
|
unkown
|
page readonly
|
|
|
|
2802000
|
unkown
|
page readonly
|
|
|
|
2932000
|
unkown
|
page readonly
|
|
|
|
2885000
|
unkown
|
page readonly
|
|
|
|
20FB000
|
heap private
|
page read and write
|
|
|
|
1A6000
|
unkown
|
page read and write
|
|
|
|
2B40000
|
unkown
|
page readonly
|
|
|
|
2772000
|
unkown
|
page readonly
|
|
|
|
2856000
|
unkown
|
page readonly
|
|
|
|
2DC0000
|
unkown
|
page readonly
|
|
|
|
1D6000
|
unkown
|
page read and write
|
|
|
|
5A0000
|
unkown
|
page readonly
|
|
|
|
22E000
|
heap default
|
page read and write
|
|
|
|
2618000
|
unkown
|
page readonly
|
|
|
|
28A2000
|
unkown
|
page readonly
|
|
|
|
1C10000
|
unkown
|
page readonly
|
|
|
|
2915000
|
unkown
|
page readonly
|
|
|
|
2929000
|
unkown
|
page readonly
|
|
|
|
580000
|
unkown
|
page readonly
|
|
|
|
54F000
|
unkown
|
page read and write
|
|
|
|
2030000
|
heap private
|
page read and write
|
|
|
|
2C20000
|
unkown
|
page readonly
|
|
|
|
28F9000
|
unkown
|
page readonly
|
|
|
|
20C5000
|
heap private
|
page read and write
|
|
|
|
340000
|
heap private
|
page read and write
|
|
|
|
12B000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page read and write
|
|
|
|
27D5000
|
unkown
|
page readonly
|
|
|
|
2835000
|
unkown
|
page readonly
|
|
|
|
2955000
|
unkown
|
page readonly
|
|
|
|
27D4000
|
unkown
|
page readonly
|
|
|
|
22D0000
|
unkown
|
page readonly
|
|
|
|
2772000
|
unkown
|
page readonly
|
|
|
|
2882000
|
unkown
|
page readonly
|
|
|
|
23E000
|
heap default
|
page read and write
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
297000
|
heap default
|
page read and write
|
|
|
|
2B20000
|
unkown
|
page readonly
|
|
|
|
2832000
|
unkown
|
page readonly
|
|
|
|
326000
|
unkown
|
page read and write
|
|
|
|
60F000
|
unkown
|
page read and write
|
|
|
|
2694000
|
unkown
|
page readonly
|
|
|
|
27B4000
|
unkown
|
page readonly
|
|
|
|
2BC0000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
5F4000
|
heap private
|
page read and write
|
|
|
|
25D2000
|
unkown
|
page readonly
|
|
|
|
2845000
|
unkown
|
page readonly
|
|
|
|
2D7B000
|
heap private
|
page read and write
|
|
|
|
1D77000
|
unkown
|
page readonly
|
|
|
|
21D0000
|
heap private
|
page read and write
|
|
|
|
2812000
|
unkown
|
page readonly
|
|
|
|
2B40000
|
unkown
|
page readonly
|
|
|
|
1B90000
|
unkown
|
page readonly
|
|
|
|
2CE000
|
heap default
|
page read and write
|
|
|
|
28A2000
|
unkown
|
page readonly
|
|
|
|
27B9000
|
unkown
|
page readonly
|
|
|
|
2672000
|
unkown
|
page readonly
|
|
|
|
BAE000
|
unkown
|
page read and write
|
|
|
|
2678000
|
unkown
|
page readonly
|
|
|
|
2E8000
|
heap default
|
page read and write
|
|
|
|
2874000
|
unkown
|
page readonly
|
|
|
|
2290000
|
unkown
|
page readonly
|
|
|
|
2819000
|
unkown
|
page readonly
|
|
|
|
26E2000
|
unkown
|
page readonly
|
|
|
|
21F5000
|
heap private
|
page read and write
|
|
|
|
1FC0000
|
unkown
|
page write copy
|
|
|
|
2805000
|
unkown
|
page readonly
|
|
|
|
1F80000
|
heap private
|
page read and write
|
|
|
|
2674000
|
unkown
|
page readonly
|
|
|
|
2612000
|
unkown
|
page readonly
|
|
There are 331 hidden memdumps, click here to show them.