Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
document-1055791644.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Name of Creating Application:
Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Feb 8 08:27:11 2021, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\0702[1].gif
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\iojhsfgv.dvers
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 58596 bytes, 1 file
|
dropped
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\06DE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\CabE310.tmp
|
Microsoft Cabinet archive data, 58596 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\TarE311.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue
Oct 17 10:04:00 2017, mtime=Wed Apr 7 00:40:40 2021, atime=Wed Apr 7 00:40:40 2021, length=8192, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-1055791644.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15
2020, mtime=Wed Apr 7 00:40:40 2021, atime=Wed Apr 7 00:40:40 2021, length=323072, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\Desktop\C7DE0000
|
Applesoft BASIC program data, first line number 16
|
dropped
|
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\iojhsfgv.dvers,DllRegisterServer
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32 ..\iojhsfgv.dvers,DllRegisterServer
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
'C:\Windows\system32\schtasks.exe' /Create /RU 'NT AUTHORITY\SYSTEM' /tn wwzkbggu /tr 'regsvr32.exe -s \'C:\Users\user\iojhsfgv.dvers\''
/SC ONCE /Z /ST 18:42 /ET 18:54
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe -s 'C:\Users\user\iojhsfgv.dvers'
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s 'C:\Users\user\iojhsfgv.dvers'
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe -s 'C:\Users\user\iojhsfgv.dvers'
|
|
|
|
C:\Windows\SysWOW64\regsvr32.exe
|
-s 'C:\Users\user\iojhsfgv.dvers'
|
|
|
|
C:\Windows\System32\taskeng.exe
|
taskeng.exe {E6DEB525-2047-4F0F-A2D9-FEDA7F895D14} S-1-5-18:NT AUTHORITY\System:Service:
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
tidymasters.com.au
|
103.50.162.157
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.50.162.157
|
tidymasters.com.au
|
India
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
$*3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED1FF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED597
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED77B
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED817
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
}53
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F46B1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F46FF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 21
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F46B1
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
5650f5b8
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
63cf25f6
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
d93262ef
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
a43a2d65
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
618e058a
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
1c864a00
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
db734293
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
29199a4e
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
5650f5b8
|
|
|
|
C:\Windows\System32\taskeng.exe
|
data
|
|
There are 117 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
420000
|
unkown
|
page execute and read and write
|
|
|
|
230000
|
unkown
|
page execute and read and write
|
|
|
|
3E0000
|
unkown
|
page execute and read and write
|
|
|
|
80000
|
unkown
|
page execute and read and write
|
|
|
|
710000
|
unkown
|
page readonly
|
|
|
|
8FA000
|
unkown image
|
page write copy
|
|
|
|
13B000
|
unkown
|
page read and write
|
|
|
|
985000
|
unkown
|
page read and write
|
|
|
|
43D000
|
unkown
|
page read and write
|
|
|
|
278F000
|
unkown
|
page read and write
|
|
|
|
1E07000
|
unkown
|
page readonly
|
|
|
|
3062000
|
unkown
|
page readonly
|
|
|
|
D40000
|
unkown
|
page readonly
|
|
|
|
467000
|
heap default
|
page read and write
|
|
|
|
B0D000
|
unkown
|
page read and write
|
|
|
|
27E5000
|
heap private
|
page read and write
|
|
|
|
510000
|
heap private
|
page read and write
|
|
|
|
8A1000
|
unkown image
|
page execute read
|
|
|
|
3E4000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page readonly
|
|
|
|
4E0000
|
heap default
|
page read and write
|
|
|
|
2924000
|
heap private
|
page read and write
|
|
|
|
2E0000
|
heap private
|
page read and write
|
|
|
|
994000
|
unkown
|
page read and write
|
|
|
|
3A0000
|
heap default
|
page read and write
|
|
|
|
3A0000
|
unkown
|
page write copy
|
|
|
|
51F000
|
unkown
|
page read and write
|
|
|
|
19C000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page readonly
|
|
|
|
285F000
|
heap private
|
page read and write
|
|
|
|
1CC000
|
unkown
|
page read and write
|
|
|
|
729000
|
heap default
|
page read and write
|
|
|
|
460000
|
heap default
|
page read and write
|
|
|
|
367000
|
heap default
|
page read and write
|
|
|
|
345F000
|
stack
|
page read and write
|
|
|
|
22D0000
|
unkown
|
page readonly
|
|
|
|
3250000
|
unkown
|
page readonly
|
|
|
|
3D4000
|
heap default
|
page read and write
|
|
|
|
8A0000
|
unkown image
|
page readonly
|
|
|
|
C0000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
unkown
|
page read and write
|
|
|
|
14BD000
|
unkown
|
page read and write
|
|
|
|
3E1000
|
unkown
|
page read and write
|
|
|
|
ED0000
|
unkown
|
page readonly
|
|
|
|
274000
|
heap private
|
page read and write
|
|
|
|
2D08000
|
unkown
|
page readonly
|
|
|
|
90000
|
unkown
|
page readonly
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
3A0000
|
heap default
|
page read and write
|
|
|
|
3DF000
|
unkown
|
page read and write
|
|
|
|
998000
|
unkown
|
page read and write
|
|
|
|
270000
|
heap default
|
page read and write
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
200000
|
heap private
|
page read and write
|
|
|
|
350000
|
heap private
|
page read and write
|
|
|
|
4F4000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
361E000
|
unkown
|
page read and write
|
|
|
|
536000
|
unkown
|
page read and write
|
|
|
|
206000
|
unkown
|
page read and write
|
|
|
|
31F000
|
heap private
|
page read and write
|
|
|
|
353000
|
heap default
|
page read and write
|
|
|
|
560000
|
unkown
|
page readonly
|
|
|
|
3BA000
|
heap default
|
page read and write
|
|
|
|
330000
|
heap private
|
page read and write
|
|
|
|
6F0000
|
heap private
|
page read and write
|
|
|
|
2F32000
|
unkown
|
page readonly
|
|
|
|
2DEF000
|
unkown
|
page read and write
|
|
|
|
110000
|
unkown
|
page read and write
|
|
|
|
BB0000
|
unkown
|
page readonly
|
|
|
|
AFF000
|
unkown
|
page read and write
|
|
|
|
24F0000
|
unkown
|
page readonly
|
|
|
|
646000
|
unkown
|
page read and write
|
|
|
|
C50000
|
heap private
|
page read and write
|
|
|
|
E2F000
|
unkown
|
page read and write
|
|
|
|
2F45000
|
unkown
|
page readonly
|
|
|
|
292B000
|
heap private
|
page read and write
|
|
|
|
2F62000
|
unkown
|
page readonly
|
|
|
|
130000
|
heap private
|
page read and write
|
|
|
|
3055000
|
unkown
|
page readonly
|
|
|
|
2840000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
2F02000
|
unkown
|
page readonly
|
|
|
|
4D0000
|
unkown
|
page readonly
|
|
|
|
98A000
|
heap default
|
page read and write
|
|
|
|
34CE000
|
unkown
|
page read and write
|
|
|
|
ED000
|
stack
|
page read and write
|
|
|
|
2390000
|
unkown
|
page readonly
|
|
|
|
C54000
|
heap private
|
page read and write
|
|
|
|
72F000
|
heap default
|
page read and write
|
|
|
|
436000
|
unkown
|
page read and write
|
|
|
|
39E000
|
heap default
|
page read and write
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
3025000
|
unkown
|
page readonly
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
890000
|
unkown
|
page readonly
|
|
|
|
1D0000
|
unkown
|
page execute and read and write
|
|
|
|
499000
|
heap default
|
page read and write
|
|
|
|
170000
|
unkown
|
page readonly
|
|
|
|
110000
|
heap private
|
page read and write
|
|
|
|
2800000
|
heap private
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
3085000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
3A0000
|
unkown image
|
page readonly
|
|
|
|
714000
|
heap default
|
page read and write
|
|
|
|
320000
|
heap default
|
page read and write
|
|
|
|
2AE000
|
heap default
|
page read and write
|
|
|
|
3002000
|
unkown
|
page readonly
|
|
|
|
49F000
|
heap default
|
page read and write
|
|
|
|
3D0000
|
unkown
|
page readonly
|
|
|
|
C8B000
|
heap private
|
page read and write
|
|
|
|
27C000
|
unkown
|
page read and write
|
|
|
|
3032000
|
unkown
|
page readonly
|
|
|
|
27E0000
|
heap private
|
page read and write
|
|
|
|
6E0000
|
unkown
|
page readonly
|
|
|
|
70000
|
unkown
|
page readonly
|
|
|
|
947000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
200000
|
unkown
|
page read and write
|
|
|
|
300000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
236000
|
unkown
|
page read and write
|
|
|
|
2F75000
|
unkown
|
page readonly
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
9B0000
|
heap private
|
page read and write
|
|
|
|
7F0000
|
unkown
|
page readonly
|
|
|
|
2D02000
|
unkown
|
page readonly
|
|
|
|
4A4000
|
heap default
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
2BC000
|
stack
|
page read and write
|
|
|
|
514000
|
heap private
|
page read and write
|
|
|
|
27EA000
|
unkown
|
page read and write
|
|
|
|
100000
|
unkown
|
page readonly
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
114000
|
heap private
|
page read and write
|
|
|
|
6A0000
|
unkown
|
page readonly
|
|
|
|
520000
|
heap private
|
page read and write
|
|
|
|
98F000
|
heap default
|
page read and write
|
|
|
|
2EE2000
|
unkown
|
page readonly
|
|
|
|
98D000
|
unkown
|
page read and write
|
|
|
|
A90000
|
unkown
|
page read and write
|
|
|
|
2F86000
|
unkown
|
page readonly
|
|
|
|
204000
|
heap private
|
page read and write
|
|
|
|
3270000
|
unkown
|
page readonly
|
|
|
|
610000
|
unkown
|
page read and write
|
|
|
|
30E000
|
heap default
|
page read and write
|
|
|
|
3B3000
|
heap default
|
page read and write
|
|
|
|
A50000
|
heap private
|
page read and write
|
|
|
|
2A20000
|
unkown
|
page readonly
|
|
|
|
101C000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown
|
page read and write
|
|
|
|
BA6000
|
heap private
|
page read and write
|
|
|
|
524000
|
heap private
|
page read and write
|
|
|
|
D10000
|
unkown
|
page readonly
|
|
|
|
700000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
BF0000
|
unkown image
|
page write copy
|
|
|
|
989000
|
unkown
|
page read and write
|
|
|
|
2FD5000
|
unkown
|
page readonly
|
|
|
|
2FED000
|
unkown
|
page readonly
|
|
|
|
600000
|
heap private
|
page read and write
|
|
|
|
991000
|
unkown
|
page read and write
|
|
|
|
2FB6000
|
unkown
|
page readonly
|
|
|
|
8BE000
|
unkown
|
page read and write
|
|
|
|
8A0000
|
unkown image
|
page readonly
|
|
|
|
890000
|
unkown
|
page readonly
|
|
|
|
EEF000
|
unkown
|
page read and write
|
|
|
|
24B4000
|
heap private
|
page read and write
|
|
|
|
120000
|
unkown
|
page readonly
|
|
|
|
BAD000
|
unkown
|
page read and write
|
|
|
|
BA0000
|
heap private
|
page read and write
|
|
|
|
140000
|
unkown
|
page readonly
|
|
|
|
137000
|
heap private
|
page read and write
|
|
|
|
484000
|
heap default
|
page read and write
|
|
|
|
487000
|
heap default
|
page read and write
|
|
|
|
33EE000
|
stack
|
page read and write
|
|
|
|
BA0000
|
heap private
|
page read and write
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
940000
|
heap default
|
page read and write
|
|
|
|
8F6000
|
unkown image
|
page read and write
|
|
|
|
3EB000
|
heap default
|
page read and write
|
|
|
|
3069000
|
unkown
|
page readonly
|
|
|
|
2FE9000
|
unkown
|
page readonly
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
2EE4000
|
unkown
|
page readonly
|
|
|
|
170000
|
heap private
|
page read and write
|
|
|
|
4B7000
|
heap default
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
6F7000
|
heap default
|
page read and write
|
|
|
|
2D0000
|
heap default
|
page read and write
|
|
|
|
1C8000
|
unkown
|
page read and write
|
|
|
|
1FB000
|
unkown
|
page read and write
|
|
|
|
2F92000
|
unkown
|
page readonly
|
|
|
|
987000
|
heap default
|
page read and write
|
|
|
|
307000
|
heap default
|
page read and write
|
|
|
|
5FE000
|
unkown
|
page read and write
|
|
|
|
2FC2000
|
unkown
|
page readonly
|
|
|
|
35BE000
|
stack
|
page read and write
|
|
|
|
D00000
|
heap private
|
page read and write
|
|
|
|
2D7E000
|
unkown
|
page read and write
|
|
|
|
BF0000
|
unkown
|
page write copy
|
|
|
|
1120000
|
unkown
|
page readonly
|
|
|
|
1C20000
|
unkown
|
page readonly
|
|
|
|
16C000
|
unkown
|
page read and write
|
|
|
|
4F0000
|
heap private
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
6F0000
|
heap default
|
page read and write
|
|
|
|
600000
|
unkown
|
page readonly
|
|
|
|
3A6000
|
unkown
|
page read and write
|
|
|
|
3DD000
|
heap default
|
page read and write
|
|
|
|
170000
|
unkown
|
page readonly
|
|
|
|
4BD000
|
heap default
|
page read and write
|
|
|
|
160000
|
unkown
|
page readonly
|
|
|
|
8FB000
|
unkown image
|
page readonly
|
|
|
|
24D2000
|
heap private
|
page read and write
|
|
|
|
80000
|
unkown
|
page read and write
|
|
|
|
21A0000
|
heap private
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown
|
page write copy
|
|
|
|
1CD000
|
unkown
|
page read and write
|
|
|
|
354000
|
heap private
|
page read and write
|
|
|
|
206000
|
unkown
|
page read and write
|
|
|
|
6F6000
|
heap private
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
2F04000
|
unkown
|
page readonly
|
|
|
|
BCF000
|
unkown
|
page read and write
|
|
|
|
3E8000
|
heap default
|
page read and write
|
|
|
|
604000
|
heap private
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
B90000
|
unkown
|
page read and write
|
|
|
|
3E6000
|
heap default
|
page read and write
|
|
|
|
2EC2000
|
unkown
|
page readonly
|
|
|
|
86E000
|
unkown
|
page read and write
|
|
|
|
680000
|
unkown
|
page readonly
|
|
|
|
3009000
|
unkown
|
page readonly
|
|
|
|
2A1E000
|
unkown
|
page read and write
|
|
|
|
1FB0000
|
unkown
|
page readonly
|
|
|
|
2960000
|
unkown
|
page readonly
|
|
|
|
3620000
|
unkown
|
page readonly
|
|
|
|
730000
|
unkown
|
page readonly
|
|
|
|
8FF000
|
unkown
|
page read and write
|
|
|
|
28F0000
|
unkown
|
page read and write
|
|
|
|
2803000
|
heap private
|
page read and write
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
277000
|
heap default
|
page read and write
|
|
|
|
24B0000
|
heap private
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
3D7000
|
unkown
|
page read and write
|
|
|
|
99A000
|
unkown
|
page read and write
|
|
|
|
480000
|
heap default
|
page read and write
|
|
|
|
520000
|
unkown
|
page readonly
|
|
|
|
2A0000
|
heap private
|
page read and write
|
|
|
|
14C000
|
unkown
|
page read and write
|
|
|
|
140000
|
unkown
|
page execute and read and write
|
|
|
|
A20000
|
heap private
|
page read and write
|
|
|
|
372000
|
heap private
|
page read and write
|
|
|
|
2E02000
|
unkown
|
page readonly
|
|
|
|
352E000
|
unkown
|
page read and write
|
|
|
|
840000
|
unkown
|
page readonly
|
|
|
|
2D7000
|
heap default
|
page read and write
|
|
|
|
A30000
|
unkown
|
page readonly
|
|
|
|
35A000
|
heap default
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
4DF000
|
heap default
|
page read and write
|
|
|
|
1020000
|
unkown
|
page read and write
|
|
|
|
2EC4000
|
unkown
|
page readonly
|
|
|
|
33E000
|
heap default
|
page read and write
|
|
|
|
366000
|
heap default
|
page read and write
|
|
|
|
3230000
|
unkown
|
page readonly
|
|
|
|
2980000
|
unkown
|
page readonly
|
|
|
|
1F0000
|
heap private
|
page read and write
|
|
|
|
90000
|
unkown
|
page read and write
|
|
|
|
964000
|
heap default
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
2F56000
|
unkown
|
page readonly
|
|
|
|
4D7000
|
heap default
|
page read and write
|
|
|
|
3A7000
|
heap default
|
page read and write
|
|
|
|
2E6000
|
heap private
|
page read and write
|
|
|
|
2197000
|
unkown
|
page readonly
|
|
|
|
2FE6000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
420000
|
unkown
|
page read and write
|
|
|
|
3039000
|
unkown
|
page readonly
|
|
|
|
28F0000
|
unkown
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
3290000
|
unkown
|
page read and write
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
2920000
|
heap private
|
page read and write
|
|
|
|
270000
|
heap private
|
page read and write
|
|
|
|
2FA5000
|
unkown
|
page readonly
|
|
|
|
2928000
|
heap private
|
page read and write
|
|
|
|
70000
|
unkown
|
page read and write
|
|
|
|
90000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
B4F000
|
unkown
|
page read and write
|
|
|
|
31F2000
|
unkown
|
page readonly
|
|
|
|
9E0000
|
unkown
|
page readonly
|
|
|
|
B8E000
|
unkown
|
page read and write
|
|
|
|
25D000
|
stack
|
page read and write
|
|
|
|
CD0000
|
heap private
|
page read and write
|
|
|
|
170000
|
unkown
|
page write copy
|
|
|
|
350000
|
unkown
|
page readonly
|
|
|
|
D30000
|
unkown
|
page readonly
|
|
|
|
AF0000
|
unkown
|
page read and write
|
|
|
|
580000
|
unkown
|
page readonly
|
|
There are 302 hidden memdumps, click here to show them.