Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Contract_132508562.xlsm
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\~$Contract_132508562.xlsm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\46F474E4.gif
|
GIF image data, version 89a, 1600 x 1600
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\A4DE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Contract_132508562.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15
2020, mtime=Tue Apr 6 19:55:39 2021, atime=Tue Apr 6 19:55:39 2021, length=181141, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue
Oct 17 10:04:00 2017, mtime=Tue Apr 6 19:55:39 2021, atime=Tue Apr 6 19:55:39 2021, length=8192, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\55DE0000
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\Hodas.vyur,PluginInit
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\Hodas.vyur1,PluginInit
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\Hodas.vyur2,PluginInit
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.212.131.194/44285,5327891204.dat
|
185.212.131.194
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
83.136.232.110
|
unknown
|
Russian Federation
|
|
|
|
190.14.37.247
|
unknown
|
Panama
|
|
|
|
185.212.131.194
|
unknown
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
rh8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ECFDD
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED2F8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED3B4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED45F
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED52A
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED5A7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
#r8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
109B27
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
109CFB
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
There are 96 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2946000
|
unkown
|
page readonly
|
|
|
|
2DA0000
|
unkown
|
page readonly
|
|
|
|
2B19000
|
unkown
|
page readonly
|
|
|
|
2916000
|
unkown
|
page readonly
|
|
|
|
2CD2000
|
unkown
|
page readonly
|
|
|
|
6D0000
|
unkown
|
page readonly
|
|
|
|
2852000
|
unkown
|
page readonly
|
|
|
|
29C2000
|
unkown
|
page readonly
|
|
|
|
2B05000
|
unkown
|
page readonly
|
|
|
|
28E6000
|
unkown
|
page readonly
|
|
|
|
22F0000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
2F0000
|
heap private
|
page read and write
|
|
|
|
2762000
|
unkown
|
page readonly
|
|
|
|
2440000
|
unkown
|
page readonly
|
|
|
|
260000
|
unkown
|
page readonly
|
|
|
|
29A4000
|
unkown
|
page readonly
|
|
|
|
190000
|
heap default
|
page read and write
|
|
|
|
2A36000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
22E0000
|
unkown
|
page readonly
|
|
|
|
29C4000
|
unkown
|
page readonly
|
|
|
|
28E2000
|
unkown
|
page readonly
|
|
|
|
29E5000
|
unkown
|
page readonly
|
|
|
|
2C40000
|
heap private
|
page read and write
|
|
|
|
2698000
|
unkown
|
page readonly
|
|
|
|
2935000
|
unkown
|
page readonly
|
|
|
|
2A66000
|
unkown
|
page readonly
|
|
|
|
2999000
|
unkown
|
page readonly
|
|
|
|
336000
|
unkown
|
page read and write
|
|
|
|
28B6000
|
unkown
|
page readonly
|
|
|
|
16D000
|
heap default
|
page read and write
|
|
|
|
2B35000
|
unkown
|
page readonly
|
|
|
|
2B65000
|
unkown
|
page readonly
|
|
|
|
216000
|
unkown
|
page read and write
|
|
|
|
28F2000
|
unkown
|
page readonly
|
|
|
|
2B12000
|
unkown
|
page readonly
|
|
|
|
2D70000
|
unkown
|
page readonly
|
|
|
|
2844000
|
unkown
|
page readonly
|
|
|
|
29F9000
|
unkown
|
page readonly
|
|
|
|
2B42000
|
unkown
|
page readonly
|
|
|
|
25C000
|
unkown
|
page read and write
|
|
|
|
2842000
|
unkown
|
page readonly
|
|
|
|
2B82000
|
unkown
|
page readonly
|
|
|
|
1F40000
|
unkown
|
page write copy
|
|
|
|
23C5000
|
heap private
|
page read and write
|
|
|
|
22C0000
|
unkown
|
page read and write
|
|
|
|
29C2000
|
unkown
|
page readonly
|
|
|
|
130000
|
heap default
|
page read and write
|
|
|
|
2992000
|
unkown
|
page readonly
|
|
|
|
430000
|
unkown
|
page write copy
|
|
|
|
390000
|
unkown
|
page write copy
|
|
|
|
297D000
|
unkown
|
page readonly
|
|
|
|
2892000
|
unkown
|
page readonly
|
|
|
|
2C7B000
|
heap private
|
page read and write
|
|
|
|
29C2000
|
unkown
|
page readonly
|
|
|
|
29E5000
|
unkown
|
page readonly
|
|
|
|
176000
|
heap default
|
page read and write
|
|
|
|
5B0000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
70000
|
unkown
|
page read and write
|
|
|
|
2C45000
|
heap private
|
page read and write
|
|
|
|
2BE0000
|
unkown
|
page readonly
|
|
|
|
1D47000
|
unkown
|
page readonly
|
|
|
|
2AA2000
|
unkown
|
page readonly
|
|
|
|
1E0000
|
unkown
|
page read and write
|
|
|
|
28F2000
|
unkown
|
page readonly
|
|
|
|
29B5000
|
unkown
|
page readonly
|
|
|
|
2985000
|
unkown
|
page readonly
|
|
|
|
2A55000
|
unkown
|
page readonly
|
|
|
|
2A42000
|
unkown
|
page readonly
|
|
|
|
27E2000
|
unkown
|
page readonly
|
|
|
|
5C0000
|
unkown
|
page readonly
|
|
|
|
376000
|
unkown
|
page read and write
|
|
|
|
23C0000
|
heap private
|
page read and write
|
|
|
|
5F0000
|
unkown
|
page readonly
|
|
|
|
2892000
|
unkown
|
page readonly
|
|
|
|
2A72000
|
unkown
|
page readonly
|
|
|
|
3070000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
2A25000
|
unkown
|
page readonly
|
|
|
|
2D30000
|
unkown
|
page readonly
|
|
|
|
29E4000
|
unkown
|
page readonly
|
|
|
|
2922000
|
unkown
|
page readonly
|
|
|
|
2A12000
|
unkown
|
page readonly
|
|
|
|
2AE2000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page read and write
|
|
|
|
1B90000
|
unkown
|
page readonly
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
5B4000
|
heap private
|
page read and write
|
|
|
|
2460000
|
unkown
|
page readonly
|
|
|
|
2F4000
|
heap private
|
page read and write
|
|
|
|
337000
|
heap default
|
page read and write
|
|
|
|
294D000
|
unkown
|
page readonly
|
|
|
|
2279000
|
heap private
|
page read and write
|
|
|
|
2C6000
|
unkown
|
page read and write
|
|
|
|
2AB5000
|
unkown
|
page readonly
|
|
|
|
460000
|
heap private
|
page read and write
|
|
|
|
2D50000
|
unkown
|
page readonly
|
|
|
|
2B90000
|
unkown
|
page readonly
|
|
|
|
28C2000
|
unkown
|
page readonly
|
|
|
|
2979000
|
unkown
|
page readonly
|
|
|
|
29F2000
|
unkown
|
page readonly
|
|
|
|
2ACD000
|
unkown
|
page readonly
|
|
|
|
2862000
|
unkown
|
page readonly
|
|
|
|
2A96000
|
unkown
|
page readonly
|
|
|
|
197000
|
heap default
|
page read and write
|
|
|
|
21E0000
|
unkown
|
page readonly
|
|
|
|
334000
|
heap private
|
page read and write
|
|
|
|
330000
|
heap default
|
page read and write
|
|
|
|
ED000
|
unkown
|
page read and write
|
|
|
|
29C9000
|
unkown
|
page readonly
|
|
|
|
330000
|
heap private
|
page read and write
|
|
|
|
2872000
|
unkown
|
page readonly
|
|
|
|
2946000
|
unkown
|
page readonly
|
|
|
|
BE000
|
heap default
|
page read and write
|
|
|
|
27E8000
|
unkown
|
page readonly
|
|
|
|
2150000
|
unkown
|
page readonly
|
|
|
|
5C0000
|
unkown
|
page readonly
|
|
|
|
2992000
|
unkown
|
page readonly
|
|
|
|
1CE0000
|
unkown
|
page readonly
|
|
|
|
290000
|
unkown
|
page read and write
|
|
|
|
2AC9000
|
unkown
|
page readonly
|
|
|
|
2792000
|
unkown
|
page readonly
|
|
|
|
2854000
|
unkown
|
page readonly
|
|
|
|
2999000
|
unkown
|
page readonly
|
|
|
|
2240000
|
heap private
|
page read and write
|
|
|
|
20D0000
|
heap private
|
page read and write
|
|
|
|
2035000
|
heap private
|
page read and write
|
|
|
|
29A2000
|
unkown
|
page readonly
|
|
|
|
2270000
|
heap private
|
page read and write
|
|
|
|
2662000
|
unkown
|
page readonly
|
|
|
|
2310000
|
unkown
|
page readonly
|
|
|
|
2668000
|
unkown
|
page readonly
|
|
|
|
2170000
|
heap private
|
page read and write
|
|
|
|
2B49000
|
unkown
|
page readonly
|
|
|
|
2935000
|
unkown
|
page readonly
|
|
|
|
2949000
|
unkown
|
page readonly
|
|
|
|
2969000
|
unkown
|
page readonly
|
|
|
|
2905000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page read and write
|
|
|
|
2275000
|
heap private
|
page read and write
|
|
|
|
137000
|
heap default
|
page read and write
|
|
|
|
29C9000
|
unkown
|
page readonly
|
|
|
|
2864000
|
unkown
|
page readonly
|
|
|
|
28D5000
|
unkown
|
page readonly
|
|
|
|
22C0000
|
unkown
|
page readonly
|
|
|
|
2DEB000
|
heap private
|
page read and write
|
|
|
|
2B52000
|
unkown
|
page readonly
|
|
|
|
17B000
|
heap default
|
page read and write
|
|
|
|
29E2000
|
unkown
|
page readonly
|
|
|
|
2BC0000
|
unkown
|
page readonly
|
|
|
|
23C9000
|
heap private
|
page read and write
|
|
|
|
2905000
|
unkown
|
page readonly
|
|
|
|
36E000
|
heap default
|
page read and write
|
|
|
|
2DB5000
|
heap private
|
page read and write
|
|
|
|
2D10000
|
unkown
|
page readonly
|
|
|
|
1D77000
|
unkown
|
page readonly
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
2C20000
|
unkown
|
page read and write
|
|
|
|
28D5000
|
unkown
|
page readonly
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
2BB0000
|
unkown
|
page readonly
|
|
|
|
2160000
|
heap private
|
page read and write
|
|
|
|
2A85000
|
unkown
|
page readonly
|
|
|
|
28E6000
|
unkown
|
page readonly
|
|
|
|
740000
|
unkown
|
page readonly
|
|
|
|
87000
|
heap default
|
page read and write
|
|
|
|
2952000
|
unkown
|
page readonly
|
|
|
|
1CE000
|
heap default
|
page read and write
|
|
|
|
2962000
|
unkown
|
page readonly
|
|
|
|
80000
|
heap default
|
page read and write
|
|
|
|
29B5000
|
unkown
|
page readonly
|
|
|
|
2824000
|
unkown
|
page readonly
|
|
|
|
2AC6000
|
unkown
|
page readonly
|
|
|
|
1EC7000
|
unkown
|
page readonly
|
|
|
|
28C2000
|
unkown
|
page readonly
|
|
|
|
6BF000
|
unkown
|
page read and write
|
|
|
|
2A15000
|
unkown
|
page readonly
|
|
|
|
2976000
|
unkown
|
page readonly
|
|
|
|
2916000
|
unkown
|
page readonly
|
|
|
|
2BD0000
|
unkown
|
page readonly
|
|
|
|
2E30000
|
unkown
|
page readonly
|
|
|
|
F0000
|
unkown
|
page readonly
|
|
|
|
2175000
|
heap private
|
page read and write
|
|
|
|
A5E000
|
unkown
|
page read and write
|
|
|
|
48F000
|
unkown
|
page read and write
|
|
|
|
2922000
|
unkown
|
page readonly
|
|
|
|
EB000
|
unkown
|
page read and write
|
|
|
|
2030000
|
heap private
|
page read and write
|
|
|
|
470000
|
unkown
|
page readonly
|
|
|
|
2179000
|
heap private
|
page read and write
|
|
|
|
206B000
|
heap private
|
page read and write
|
|
|
|
2CC0000
|
unkown
|
page readonly
|
|
|
|
B3F000
|
unkown
|
page read and write
|
|
|
|
1DB000
|
unkown
|
page read and write
|
|
|
|
2C00000
|
unkown
|
page readonly
|
|
|
|
28A5000
|
unkown
|
page readonly
|
|
|
|
2692000
|
unkown
|
page readonly
|
|
|
|
2822000
|
unkown
|
page readonly
|
|
|
|
2874000
|
unkown
|
page readonly
|
|
|
|
2894000
|
unkown
|
page readonly
|
|
|
|
440000
|
unkown
|
page readonly
|
|
|
|
2965000
|
unkown
|
page readonly
|
|
|
|
1B60000
|
unkown
|
page readonly
|
|
|
|
2DB0000
|
heap private
|
page read and write
|
|
|
|
464000
|
heap private
|
page read and write
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
230000
|
unkown
|
page readonly
|
|
|
|
2AE9000
|
unkown
|
page readonly
|
|
There are 201 hidden memdumps, click here to show them.