Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	2372
Target ID:	0
Parent PID:	584
Name:	EXCEL.EXE
Class:	excel
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Size:	27641504
MD5:	5FB0A0F93382ECD19F5F499A5CAA59F0
Time:	19:39:35
Date:	06/04/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13fe10000
Modulesize:	27758592
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32 ..\ksjvoefv.skd,DllRegisterServer

Details

Is windows:	true
Is dropped:	false
PID:	2540
Target ID:	3
Parent PID:	2372
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32 ..\ksjvoefv.skd,DllRegisterServer
Size:	45568
MD5:	DD81D91FF3B0763C392422865C9AC12E
Time:	19:39:47
Date:	06/04/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff3a0000
Modulesize:	61440
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected IcedID	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32 ..\ksjvoefv.skd1,DllRegisterServer

Details

Is windows:	true
Is dropped:	false
PID:	2708
Target ID:	4
Parent PID:	2372
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32 ..\ksjvoefv.skd1,DllRegisterServer
Size:	45568
MD5:	DD81D91FF3B0763C392422865C9AC12E
Time:	19:40:17
Date:	06/04/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff3a0000
Modulesize:	61440
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected IcedID	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32 ..\ksjvoefv.skd2,DllRegisterServer

Details

Is windows:	true
Is dropped:	false
PID:	2780
Target ID:	5
Parent PID:	2372
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32 ..\ksjvoefv.skd2,DllRegisterServer
Size:	45568
MD5:	DD81D91FF3B0763C392422865C9AC12E
Time:	19:40:18
Date:	06/04/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff3a0000
Modulesize:	61440
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected IcedID	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32 ..\ksjvoefv.skd3,DllRegisterServer

Details

Is windows:	true
Is dropped:	false
PID:	2796
Target ID:	6
Parent PID:	2372
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32 ..\ksjvoefv.skd3,DllRegisterServer
Size:	45568
MD5:	DD81D91FF3B0763C392422865C9AC12E
Time:	19:40:18
Date:	06/04/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff3a0000
Modulesize:	61440
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected IcedID	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32 ..\ksjvoefv.skd4,DllRegisterServer

Details

Is windows:	true
Is dropped:	false
PID:	2252
Target ID:	8
Parent PID:	2372
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32 ..\ksjvoefv.skd4,DllRegisterServer
Size:	45568
MD5:	DD81D91FF3B0763C392422865C9AC12E
Time:	19:40:49
Date:	06/04/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff3a0000
Modulesize:	61440
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Yara detected IcedID	AV Detection, E-Banking Fraud, Stealing of Sensitive Information, Remote Access Functionality
Document exploit detected (process start blacklist hit)	Software Vulnerabilities	Exploitation for Client Execution
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://twitter.com/awscloud

unknown

https://a0.awsstatic.com/libra-css/images/logo

unknown

https://aws.amazon.com/terms/?nc1=f_pr

unknown

https://dc.ads.linkedin.com/collect/?pid=3038&fmt=gif

unknown

https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.html

unknown

https://a0.awsstatic.com/plc/js/1.0.108/plc

unknown

https://aws.amazon.com/cn/

unknown

http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0

unknown

http://www.diginotar.nl/cps/pkioverheid0

unknown

https://a0.awsstatic.com/libra-css/images

unknown

https://a0.awsstatic.com/psf/null

unknown

https://aws.amazon.com/ar/

unknown

https://www.honeycode.aws/?&trk=el_a134p000003yC6YAAU&trkCampaign=pac-edm-2020-honeycode-hom

unknown

https://pages.awscloud.com/zillow-case-study?hp=tile&story=zllw

unknown

https://pages.awscloud.com/communication-preferences?trk=homepage

unknown

http://ocsp.rootg2.amazontrust.com08

unknown

https://aws.amazon.com/cn/?nc1=h_ls

unknown

https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&src=default

unknown

https://aws.amazon.com/ru/

unknown

https://aws.amazon.com/tw/?nc1=h_ls

unknown

https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowser

unknown

https://i18n-string.us-west-2.prod.pricing.aws.a2z.com

unknown

https://aws.amazon.com/ko/

unknown

https://aws.amazon.com/ru/?nc1=h_ls

unknown

https://a0.awsstatic.com/libra-css/images/site/fav/favicon.ico

unknown

https://aws.amazon.com/es/

unknown

http://crl.sca1b.amazontrust.com/sca1b.crl0

unknown

https://a0.awsstatic.com/target/1.0.113/aws-target-mediator.js

unknown

https://docs.aws.amazon.com/index.html?nc2=h_ql_doc

unknown

http://tvorartificialnature.xyz/

unknown

https://aws.amazon.com/ar/?nc1=h_ls

unknown

https://aws.amazon.com/j

unknown

http://tvorartificialnature.xyz/vorarti

unknown

https://aws.amazon.com/th/

unknown

http://www.windows.com/pctv.

unknown

https://a0.awsstatic.com/pricing-calculator/js/1.0.2

unknown

https://aws.amazon.com/marketplace/?nc2=h_mo

unknown

http://ocsp.sca1b.amazontrust.com06

unknown

https://amazon.com/

unknown

https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.png

unknown

https://console.aws.amazon.com/support/home/?nc2=h_ql_cu

unknown

http://crl.rootca1.amazontrust.com/rootca1.crl0

unknown

https://aws.amazon.com/search/

unknown

https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credential

unknown

https://aws.amazon.com/?nc2=h_lg

unknown

http://ocsp.rootca1.amazontrust.com0:

unknown

https://console.aws.amazon.com/support/home/?nc1=f_dr

unknown

https://a0.awsstatic.com/aws-blog/1.0.46/js

unknown

https://aws.amazon.com/fr/

unknown

http://windowsmedia.com/redir/services.asp?WMPFriendly=true

unknown

https://console.aws.amazon.com/console/home?nc1=f_ct&src=footer-signin-mobile

unknown

http://usaaforced.fun/j

unknown

https://aws.amazon.com/vi/

unknown

https://www.twitch.tv/aws

unknown

https://aws.amazon.com/marketplace/?nc2=h_ql_mp

unknown

https://aws.amazon.com/search

unknown

http://crl.rootg2.amazontrust.com/rootg2.crl0

unknown

http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.

unknown

https://a0.awsstatic.com/da/js/1.0.47/aws-da.js

unknown

https://aws.amazon.com/tw/

unknown

https://aws.amazon.com/tr/?nc1=h_ls

unknown

https://console.aws.amazon.com/?nc2=h_m_mc

unknown

https://aws.amazon.com/fr/?nc1=h_ls

unknown

https://a0.aws

unknown

http://o.ss2.us/0

unknown

https://aws.amazon.com/search/?searchQuery=

unknown

https://a0.awsstatic.com/libra-search/1.0.13/js

unknown

https://aws.amazon.com/privacy/?nc1=f_pr

unknown

https://aws.amazon.com/pt/?nc1=h_ls

unknown

https://aws.amazon.com/jp/?nc1=h_ls

unknown

http://crl.entrust.net/2048ca.crl0

unknown

https://aws.amazon.com/marketplace?aws=hp

unknown

https://aws.amazon.com/

unknown

http://www.msnbc.com/news/ticker.txt

unknown

https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.png

unknown

https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js

unknown

https://aws.amazon.com/podcasts/aws-podcast/

unknown

http://ocsp.entrust.net03

unknown

https://aws.amazon.com/jp/

unknown

http://crt.rootg2.amazontrust.com/rootg2.cer0=

unknown

https://aws.amazon.com/pt/

unknown

https://aws.amazon.com/?nc1=h_ls

unknown

https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.html

unknown

http://crt.comod

unknown

https://aws.amazon.com/es/?nc1=h_ls

unknown

http://www.icra.org/vocabulary/.

unknown

https://d1.awsstatic.com

unknown

https://aws.amazon.com/de/

unknown

http://investor.msn.com/

unknown

https://phd.aws.amazon.com/?nc2=h_m_sc

unknown

https://a0.awsstatic.com/libra/1.0.376/librastandardlib

unknown

https://aws.amazon.com/id/?nc1=h_ls

unknown

https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png

unknown

http://www.%s.comPA

unknown

https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&src=default

unknown

https://a0.awsstatic.com

unknown

http://ocsp.entrust.net0D

unknown

https://pages.awscloud.com/fico-case-study.html?hp=tile&story=fico

unknown

http://s.ss2.us/r.crl0

unknown

https://aws.amazon.com/th/?nc1=f_ls

unknown

There are 90 hidden URLs, click here to show them.

Domains

Name

Malicious

agenbolatermurah.com

unknown

usaaforced.fun

unknown

Details

Name:	usaaforced.fun
TargetID:	3
Current Path:	C:\Windows\System32\rundll32.exe

Signature Hits	Behavior Group	Mitre Attack
Found malware configuration	AV Detection
System process connects to network (likely due to code injection or exploit)	HIPS / PFW / Operating System Protection Evasion	Process Injection
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Urls found in memory or binary data	Networking

tvorartificialnature.xyz

unknown

Details

Name:	tvorartificialnature.xyz
TargetID:	6
Current Path:	C:\Windows\System32\rundll32.exe

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Performs DNS queries to domains with low reputation	Networking
Urls found in memory or binary data	Networking

metaflip.io

192.185.48.186

Details

Name:	metaflip.io
IP:	192.185.48.186
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Potential document exploit detected (performs DNS queries)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Uses secure TLS version for HTTPS connections	Compliance, Networking

tajushariya.com

199.79.62.99

Details

Name:	tajushariya.com
IP:	199.79.62.99
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

columbia.aula-web.net

50.87.146.86

Details

Name:	columbia.aula-web.net
IP:	50.87.146.86
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

dr49lng3n1n2s.cloudfront.net

143.204.3.74

Details

Name:	dr49lng3n1n2s.cloudfront.net
IP:	143.204.3.74
TargetID:	3
Current Path:	C:\Windows\System32\rundll32.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

partsapp.com.br

192.185.214.87

Details

Name:	partsapp.com.br
IP:	192.185.214.87
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

aws.amazon.com

unknown

Details

Name:	aws.amazon.com
TargetID:	6
Current Path:	C:\Windows\System32\rundll32.exe
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Urls found in memory or binary data	Networking

IPs

Domain

Country

Malicious

50.87.146.86

columbia.aula-web.net

United States

Details

IP:	50.87.146.86
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United States
Countrycode:	USA
ASN number:	46606
ASN name:	UNIFIEDLAYER-AS-1US
Private:	false
Domain:	columbia.aula-web.net

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

199.79.62.99

tajushariya.com

United States

Details

IP:	199.79.62.99
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United States
Countrycode:	USA
ASN number:	394695
ASN name:	PUBLIC-DOMAIN-REGISTRYUS
Private:	false
Domain:	tajushariya.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

192.185.214.87

partsapp.com.br

United States

Details

IP:	192.185.214.87
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United States
Countrycode:	USA
ASN number:	46606
ASN name:	UNIFIEDLAYER-AS-1US
Private:	false
Domain:	partsapp.com.br

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

143.204.3.74

dr49lng3n1n2s.cloudfront.net

United States

Details

IP:	143.204.3.74
TargetID:	3
Current Path:	C:\Windows\System32\rundll32.exe
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	dr49lng3n1n2s.cloudfront.net

Signature Hits	Behavior Group	Mitre Attack
System process connects to network (likely due to code injection or exploit)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Uses insecure TLS / SSL version for HTTPS connection	Compliance, Networking

192.185.48.186

metaflip.io

United States

Details

IP:	192.185.48.186
TargetID:	0
Current Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Country:	United States
Countrycode:	USA
ASN number:	46606
ASN name:	UNIFIEDLAYER-AS-1US
Private:	false
Domain:	metaflip.io

Signature Hits	Behavior Group	Mitre Attack
Potential document exploit detected (performs HTTP gets)	Software Vulnerabilities	Exploitation for Client Execution
Potential document exploit detected (unknown TCP traffic)	Software Vulnerabilities	Exploitation for Client Execution
Uses secure TLS version for HTTPS connections	Compliance, Networking

192.168.2.255

unknown

Registry

Path

Value

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

&<7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

MTTT

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ReviewToken

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EC7C2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

VBAFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DefaultSheetR2L

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

UseSystemSeparators

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ThousandsSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DecimalSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECACE

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECC06

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ECCE0

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

{e7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\system32\qagentrt.dll,-10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\System32\fveui.dll,-843

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\System32\fveui.dll,-844

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

@%SystemRoot%\System32\wuaueng.dll,-400

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

LastPurgeTime

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

10DA39

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Max Display

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 1

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 2

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 3

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 4

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 5

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 7

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 8

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 9

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 10

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 11

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 12

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 13

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 14

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 15

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 16

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 17

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 18

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 19

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Item 20

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

10EF5E

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EXCELFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SavedLegacySettings

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Blob

There are 109 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

38E000

heap default

page read and write

2E3000

unkown

page read and write

2E3000

unkown

page read and write

2E3000

unkown

page read and write

2E1000

heap default

page read and write

2E3000

unkown

page read and write

2E3000

unkown

page read and write

374000

unkown

page read and write

37A000

unkown

page read and write

29D5000

unkown

page read and write

374000

unkown

page read and write

2982000

unkown

page readonly

326000

heap default

page read and write

2120000

heap private

page read and write

2802000

unkown

page readonly

2FC3000

unkown

page read and write

273F000

heap private

page read and write

1CB7000

unkown

page readonly

37A000

unkown

page read and write

29D5000

unkown

page read and write

374000

unkown

page read and write

2939000

unkown

page readonly

150000

unkown

page read and write

1E0000

heap private

page read and write

29E2000

unkown

page read and write

2909000

unkown

page readonly

37A000

unkown

page read and write

397000

unkown

page read and write

29EC000

unkown

page read and write

1FC000

unkown

page read and write

35B000

heap default

page read and write

27A2000

unkown

page readonly

21A0000

unkown

page readonly

37B000

unkown

page read and write

3A7000

unkown

page read and write

29F3000

unkown

page read and write

20000

unkown

page readonly

2722000

unkown

page readonly

287000

heap default

page read and write

359000

unkown

page read and write

340000

heap default

page read and write

29CF000

unkown

page read and write

240000

unkown

page read and write

2A26000

unkown

page read and write

27B4000

unkown

page readonly

3A2000

unkown

page read and write

2622000

unkown

page readonly

37A000

unkown

page read and write

37E000

heap default

page read and write

2D7B000

heap private

page read and write

1FD0000

unkown

page write copy

28A6000

unkown

page readonly

2FCB000

unkown

page read and write

37B000

unkown

page read and write

1E77000

unkown

page readonly

28A2000

unkown

page readonly

2B7000

heap default

page read and write

2A26000

unkown

page read and write

374000

unkown

page read and write

374000

unkown

page read and write

2A26000

unkown

page read and write

29D5000

unkown

page read and write

7FEF4613000

unkown image

page write copy

29C1000

unkown

page read and write

190000

unkown

page read and write

2F51000

unkown

page read and write

2879000

unkown

page readonly

2A26000

unkown

page read and write

2628000

unkown

page readonly

2205000

heap private

page read and write

2250000

unkown

page readonly

397000

unkown

page read and write

2A26000

unkown

page read and write

2822000

unkown

page readonly

2A26000

unkown

page read and write

2802000

unkown

page readonly

29CF000

unkown

page read and write

3E6000

unkown

page read and write

2FB0000

unkown

page read and write

374000

unkown

page read and write

234000

unkown

page execute and read and write

2F87000

unkown

page read and write

32DC000

unkown

page read and write

2115000

heap private

page read and write

2742000

unkown

page readonly

220000

unkown

page read and write

60000

unkown

page readonly

270000

unkown

page read and write

2AE0000

heap private

page read and write

26BF000

unkown

page read and write

2E0000

heap default

page read and write

2922000

unkown

page readonly

280000

heap default

page read and write

21B0000

heap private

page read and write

2849000

unkown

page readonly

2CE0000

unkown

page readonly

374000

unkown

page read and write

29DA000

unkown

page read and write

374000

unkown

page read and write

367000

unkown

page read and write

37A000

unkown

page read and write

2B00000

unkown

page readonly

2E7000

heap default

page read and write

397000

unkown

page read and write

29CF000

unkown

page read and write

29D5000

unkown

page read and write

29C1000

unkown

page read and write

27D2000

unkown

page readonly

37A000

unkown

page read and write

2C60000

heap private

page read and write

3A2000

unkown

page read and write

2A26000

unkown

page read and write

2824000

unkown

page readonly

29EC000

unkown

page read and write

28A9000

unkown

page readonly

2842000

unkown

page readonly

52D000

unkown

page read and write

2952000

unkown

page readonly

29E2000

unkown

page read and write

29DA000

unkown

page read and write

7FEF4612000

unkown image

page readonly

2FCB000

unkown

page read and write

2724000

unkown

page readonly

2D40000

heap private

page read and write

27E2000

unkown

page readonly

29E2000

unkown

page read and write

29E2000

unkown

page read and write

2826000

unkown

page readonly

37A000

unkown

page read and write

1BF0000

unkown

page readonly

2802000

unkown

page readonly

374000

unkown

page read and write

29E2000

unkown

page read and write

20DF000

unkown

page read and write

35B000

unkown

page read and write

2110000

heap private

page read and write

28E2000

unkown

page readonly

374000

unkown

page read and write

29F4000

unkown

page read and write

351000

unkown

page read and write

29C1000

unkown

page read and write

37A000

unkown

page read and write

29D5000

unkown

page read and write

2A26000

unkown

page read and write

37A000

unkown

page read and write

2FC3000

unkown

page read and write

374000

unkown

page read and write

2FCB000

unkown

page read and write

359000

heap default

page read and write

290D000

unkown

page readonly

2A28000

unkown

page read and write

2548000

unkown

page readonly

29E2000

unkown

page read and write

2945000

unkown

page readonly

37A000

unkown

page read and write

374000

unkown

page read and write

2B0000

heap default

page read and write

2A26000

unkown

page read and write

2796000

unkown

page readonly

37E000

unkown

page read and write

397000

unkown

page read and write

2280000

unkown

page readonly

2FC3000

unkown

page read and write

E0000

unkown

page readonly

1C90000

unkown

page readonly

E0000

unkown

page read and write

2FCB000

unkown

page read and write

38E000

unkown

page read and write

2A26000

unkown

page read and write

359000

unkown

page read and write

2FCB000

unkown

page read and write

29EC000

unkown

page read and write

D0000

unkown

page read and write

2F87000

unkown

page read and write

330000

heap default

page read and write

37A000

unkown

page read and write

29CF000

unkown

page read and write

295C000

unkown

page read and write

37B000

unkown

page read and write

367000

unkown

page read and write

37A000

unkown

page read and write

1FC000

unkown

page read and write

34F000

unkown

page read and write

34F000

unkown

page read and write

3A2000

unkown

page read and write

37B000

unkown

page read and write

21C000

unkown

page read and write

2F50000

unkown

page read and write

2B7000

heap default

page read and write

374000

unkown

page read and write

3DE000

heap default

page read and write

35B000

unkown

page read and write

29DA000

unkown

page read and write

29C0000

heap private

page read and write

351000

unkown

page read and write

29E2000

unkown

page read and write

2AA0000

heap private

page read and write

37E000

unkown

page read and write

374000

unkown

page read and write

1F60000

unkown

page write copy

306000

unkown

page read and write

4A0000

unkown

page readonly

2FC3000

unkown

page read and write

37A000

unkown

page read and write

37A000

unkown

page read and write

2FC3000

unkown

page read and write

29EC000

unkown

page read and write

7FEF4610000

unkown image

page readonly

373000

unkown

page read and write

2542000

unkown

page readonly

25D2000

unkown

page readonly

2230000

unkown

page readonly

29E2000

unkown

page read and write

115000

heap private

page read and write

351000

heap default

page read and write

37B000

unkown

page read and write

28A5000

unkown

page readonly

29E2000

unkown

page read and write

29C2000

unkown

page read and write

20000

unkown

page readonly

2A26000

unkown

page read and write

564000

heap private

page read and write

367000

unkown

page read and write

351000

unkown

page read and write

397000

unkown

page read and write

654000

heap private

page read and write

2F51000

unkown

page read and write

29D9000

unkown

page read and write

37E000

unkown

page read and write

2702000

unkown

page readonly

2BE000

heap default

page read and write

2300000

unkown

page readonly

264000

heap private

page read and write

28BD000

unkown

page readonly

2900000

heap private

page read and write

21B000

heap private

page read and write

34F000

heap default

page read and write

260000

heap private

page read and write

2852000

unkown

page readonly

2FCB000

unkown

page read and write

2862000

unkown

page readonly

29C1000

unkown

page read and write

236000

unkown

page read and write

374000

unkown

page read and write

7A0000

unkown

page readonly

1AD0000

unkown

page readonly

1DC000

unkown

page read and write

280B000

unkown

page read and write

480000

unkown

page readonly

2700000

heap private

page read and write

2AC2000

unkown

page readonly

282D000

unkown

page readonly

37A000

unkown

page read and write

3A2000

unkown

page read and write

E0000

unkown

page read and write

720000

unkown

page readonly

2260000

heap private

page read and write

186000

unkown

page read and write

29C1000

unkown

page read and write

29C1000

unkown

page read and write

2F87000

unkown

page read and write

2FC3000

unkown

page read and write

374000

unkown

page read and write

2A90000

unkown

page readonly

37A000

unkown

page read and write

2709000

heap private

page read and write

186000

unkown

page read and write

600000

unkown

page readonly

3A7000

heap default

page read and write

37B000

unkown

page read and write

35B000

unkown

page read and write

37B000

unkown

page read and write

60000

unkown

page readonly

2832000

unkown

page readonly

27C6000

unkown

page readonly

359000

unkown

page read and write

37E000

unkown

page read and write

2C65000

heap private

page read and write

2A26000

unkown

page read and write

367000

unkown

page read and write

35B000

unkown

page read and write

374000

unkown

page read and write

374000

unkown

page read and write

2FCB000

unkown

page read and write

2772000

unkown

page readonly

29C1000

unkown

page read and write

3A8000

unkown

page read and write

2F87000

unkown

page read and write

29C1000

unkown

page read and write

29F3000

unkown

page read and write

29DA000

unkown

page read and write

7FEF4690000

unkown image

page readonly

29E2000

unkown

page read and write

27F6000

unkown

page readonly

200000

unkown

page read and write

384000

heap default

page read and write

374000

unkown

page read and write

359000

unkown

page read and write

200000

unkown

page read and write

37B000

unkown

page read and write

2815000

unkown

page readonly

2A26000

unkown

page read and write

367000

heap default

page read and write

37B000

unkown

page read and write

29DA000

unkown

page read and write

37A000

unkown

page read and write

2815000

unkown

page readonly

130000

unkown

page read and write

144000

unkown

page execute and read and write

20000

unkown

page readonly

2A26000

unkown

page read and write

31D000

heap default

page read and write

29C1000

unkown

page read and write

374000

unkown

page read and write

28B9000

unkown

page readonly

306000

unkown

page read and write

E0000

unkown

page read and write

150000

unkown

page read and write

2B0000

heap default

page read and write

351000

unkown

page read and write

29CA000

unkown

page read and write

2A26000

unkown

page read and write

2DC0000

unkown

page readonly

29D5000

unkown

page read and write

D0000

unkown

page read and write

D0000

unkown

page read and write

2F59000

unkown

page read and write

2CD0000

unkown

page readonly

570000

unkown

page readonly

2AD0000

unkown

page readonly

2F51000

unkown

page read and write

2812000

unkown

page read and write

3B6000

unkown

page read and write

3A2000

unkown

page read and write

28B2000

unkown

page readonly

27D4000

unkown

page readonly

351000

unkown

page read and write

1DD7000

unkown

page readonly

306000

heap default

page read and write

29D5000

unkown

page read and write

3B0000

unkown

page readonly

29C1000

unkown

page read and write

3A7000

unkown

page read and write

250000

unkown

page read and write

60000

unkown

page readonly

2070000

unkown

page readonly

1F80000

unkown

page readonly

14B000

heap private

page read and write

2A32000

unkown

page readonly

22E0000

unkown

page readonly

2B60000

unkown

page readonly

2856000

unkown

page readonly

2C8B000

heap private

page read and write

2A26000

unkown

page read and write

22FD000

unkown

page read and write

2952000

unkown

page read and write

590000

unkown

page readonly

380000

unkown

page read and write

306000

unkown

page read and write

21C0000

unkown

page readonly

2845000

unkown

page readonly

2A26000

unkown

page read and write

374000

unkown

page read and write

2F6D000

unkown

page read and write

47F000

unkown

page read and write

28F5000

unkown

page readonly

29C2000

unkown

page read and write

374000

unkown

page read and write

2DE000

unkown

page read and write

37B000

unkown

page read and write

7FEF46BA000

unkown image

page readonly

2B50000

unkown

page readonly

2FC3000

unkown

page read and write

2876000

unkown

page readonly

28D9000

unkown

page readonly

2020000

unkown

page readonly

2A26000

unkown

page read and write

2FC3000

unkown

page read and write

2929000

unkown

page readonly

367000

unkown

page read and write

2C50000

heap private

page read and write

27E4000

unkown

page readonly

37A000

unkown

page read and write

2A26000

unkown

page read and write

29D5000

unkown

page read and write

2875000

unkown

page readonly

1E97000

unkown

page readonly

29D5000

unkown

page read and write

263F000

unkown

page read and write

25D8000

unkown

page readonly

2865000

unkown

page readonly

29C8000

unkown

page read and write

7FEF46C0000

unkown image

page write copy

236000

unkown

page read and write

29CF000

unkown

page read and write

2B40000

unkown

page readonly

29E2000

unkown

page read and write

2FCB000

unkown

page read and write

2A26000

unkown

page read and write

28C5000

unkown

page readonly

890000

unkown

page readonly

2EE000

heap default

page read and write

35B000

unkown

page read and write

359000

unkown

page read and write

29E2000

unkown

page read and write

110000

unkown

page readonly

37A000

unkown

page read and write

620000

unkown

page readonly

397000

unkown

page read and write

29EC000

unkown

page read and write

2F87000

unkown

page read and write

29C1000

unkown

page read and write

351000

unkown

page read and write

3A0000

heap default

page read and write

29C1000

unkown

page read and write

2FCB000

unkown

page read and write

2A26000

unkown

page read and write

2882000

unkown

page readonly

7FEF4690000

unkown image

page readonly

21B9000

heap private

page read and write

240000

unkown

page read and write

2744000

unkown

page readonly

29D5000

unkown

page read and write

2A26000

unkown

page read and write

37E000

heap default

page read and write

2A26000

unkown

page read and write

2F51000

unkown

page read and write

27B2000

unkown

page readonly

386000

heap default

page read and write

E0000

unkown

page read and write

30B000

heap default

page read and write

27B5000

unkown

page readonly

37A000

unkown

page read and write

2119000

heap private

page read and write

2FC3000

unkown

page read and write

21EF000

heap private

page read and write

140000

unkown

page execute and read and write

2829000

unkown

page readonly

2D45000

heap private

page read and write

29F3000

unkown

page read and write

2F51000

unkown

page read and write

398000

unkown

page read and write

314C000

unkown

page read and write

3A2000

unkown

page read and write

26D2000

unkown

page readonly

14D000

unkown

page read and write

B9F000

unkown

page read and write

7FEF4618000

unkown image

page readonly

367000

unkown

page read and write

2F51000

unkown

page read and write

2FC3000

unkown

page read and write

2895000

unkown

page readonly

2200000

heap private

page read and write

3A2000

unkown

page read and write

2F87000

unkown

page read and write

374000

unkown

page read and write

2785000

unkown

page readonly

2F87000

unkown

page read and write

2AB0000

unkown

page readonly

2FCB000

unkown

page read and write

1D87000

unkown

page readonly

29DC000

unkown

page read and write

29CF000

unkown

page read and write

29CA000

unkown

page read and write

2989000

unkown

page readonly

317000

heap default

page read and write

2865000

unkown

page readonly

34F000

unkown

page read and write

2C60000

heap private

page read and write

37E000

unkown

page read and write

384000

unkown

page read and write

29D5000

unkown

page read and write

37E000

unkown

page read and write

2160000

unkown

page write copy

2704000

unkown

page readonly

2804000

unkown

page readonly

2895000

unkown

page readonly

2ABB000

unkown

page read and write

37E000

unkown

page read and write

27D2000

unkown

page readonly

29D5000

unkown

page read and write

3A2000

unkown

page read and write

37B000

unkown

page read and write

37A000

unkown

page read and write

100000

unkown

page readonly

306000

unkown

page read and write

7FEF46C5000

unkown image

page readonly

29A5000

unkown

page readonly

367000

unkown

page read and write

2892000

unkown

page readonly

2C9B000

heap private

page read and write

29EC000

unkown

page read and write

37B000

unkown

page read and write

2A26000

unkown

page read and write

29C1000

unkown

page read and write

2909000

unkown

page readonly

7FEF4619000

unkown image

page write copy

710000

unkown

page readonly

2980000

unkown

page read and write

2FCB000

unkown

page read and write

29DA000

unkown

page read and write

35B000

unkown

page read and write

2794000

unkown

page readonly

20E0000

heap private

page read and write

2100000

unkown

page read and write

2850000

heap private

page read and write

29EC000

unkown

page read and write

120000

unkown

page read and write

60000

unkown

page readonly

37A000

unkown

page read and write

374000

unkown

page read and write

37B000

unkown

page read and write

374000

unkown

page read and write

29E2000

unkown

page read and write

29C2000

unkown

page read and write

2209000

heap private

page read and write

2F88000

unkown

page read and write

29E2000

unkown

page read and write

2CE0000

unkown

page readonly

500000

heap private

page read and write

37B000

unkown

page read and write

2792000

unkown

page readonly

306000

unkown

page read and write

31DC000

unkown

page read and write

28C5000

unkown

page readonly

2FCB000

unkown

page read and write

230000

unkown

page execute and read and write

2A26000

unkown

page read and write

27E5000

unkown

page readonly

29CA000

unkown

page read and write

7FEF4611000

unkown image

page execute read

7FEF4610000

unkown image

page readonly

150000

unkown

page read and write

D0000

unkown

page read and write

29E2000

unkown

page read and write

2A26000

unkown

page read and write

2B60000

unkown

page readonly

2FCB000

unkown

page read and write

35B000

unkown

page read and write

37E000

unkown

page read and write

2B20000

unkown

page readonly

29D3000

heap private

page read and write

2129000

heap private

page read and write

2A26000

unkown

page read and write

2FC3000

unkown

page read and write

7FEF4691000

unkown image

page execute read

2A26000

unkown

page read and write

28B6000

unkown

page readonly

29D5000

unkown

page read and write

3A7000

unkown

page read and write

2B12000

unkown

page readonly

3B0000

unkown

page read and write

530000

unkown

page readonly

2E6000

unkown

page read and write

1EE0000

heap private

page read and write

37A000

unkown

page read and write

274000

heap private

page read and write

580000

heap private

page read and write

2640000

unkown

page write copy

367000

unkown

page read and write

37E000

unkown

page read and write

359000

unkown

page read and write

37A000

unkown

page read and write

100000

heap private

page read and write

29D5000

unkown

page read and write

29E2000

unkown

page read and write

2FCB000

unkown

page read and write

2A26000

unkown

page read and write

2FA0000

unkown

page read and write

584000

heap private

page read and write

270000

heap private

page read and write

2F87000

unkown

page read and write

305000

unkown

page read and write

60000

unkown

page readonly

2F51000

unkown

page read and write

359000

unkown

page read and write

311E000

unkown

page read and write

397000

unkown

page read and write

2A26000

unkown

page read and write

386000

unkown

page read and write

37A000

unkown

page read and write

20000

unkown

page readonly

2988000

unkown

page read and write

2A26000

unkown

page read and write

2642000

unkown

page readonly

2932000

unkown

page readonly

29DA000

unkown

page read and write

35B000

unkown

page read and write

29D5000

unkown

page read and write

374000

unkown

page read and write

332000

unkown

page read and write

2EE000

heap default

page read and write

2FC3000

unkown

page read and write

150000

unkown

page read and write

2A26000

unkown

page read and write

37E000

heap default

page read and write

351000

unkown

page read and write

2906000

unkown

page readonly

DB000

unkown

page read and write

306000

unkown

page read and write

2925000

unkown

page readonly

2872000

unkown

page readonly

2959000

unkown

page readonly

2886000

unkown

page readonly

37E000

unkown

page read and write

2AB3000

heap private

page read and write

37E000

unkown

page read and write

650000

heap private

page read and write

2955000

unkown

page readonly

29DA000

unkown

page read and write

2975000

unkown

page readonly

104000

heap private

page read and write

34F000

unkown

page read and write

37E000

unkown

page read and write

28D2000

unkown

page readonly

2A37000

unkown

page read and write

37A000

unkown

page read and write

2F59000

unkown

page read and write

2F51000

unkown

page read and write

373000

unkown

page read and write

29E2000

unkown

page read and write

2902000

unkown

page readonly

58E000

unkown

page read and write

21B0000

heap private

page read and write

2C55000

heap private

page read and write

2F51000

unkown

page read and write

359000

unkown

page read and write

28F5000

unkown

page readonly

281C000

unkown

page read and write

2826000

unkown

page readonly

6F0000

unkown

page readonly

34F000

unkown

page read and write

1CB0000

unkown

page readonly

2B90000

unkown

page readonly

29EC000

unkown

page read and write

306000

unkown

page read and write

374000

unkown

page read and write

2FCB000

unkown

page read and write

2B70000

unkown

page readonly

2722000

unkown

page readonly

560000

heap private

page read and write

29C1000

unkown

page read and write

2DB000

heap default

page read and write

32AC000

unkown

page read and write

1BA0000

unkown

page readonly

2FC3000

unkown

page read and write

37A000

unkown

page read and write

2125000

heap private

page read and write

2A26000

unkown

page read and write

29F4000

unkown

page read and write

20000

unkown

page readonly

34F000

unkown

page read and write

29C2000

unkown

page read and write

311000

heap default

page read and write

351000

unkown

page read and write

29D5000

unkown

page read and write

347000

heap default

page read and write

1E5000

heap private

page read and write

3AF000

unkown

page read and write

34F000

unkown

page read and write

2FC3000

unkown

page read and write

440000

unkown

page write copy

2A70000

unkown

page readonly

29D5000

unkown

page read and write

29C9000

unkown

page read and write

2FC1000

unkown

page read and write

29E2000

unkown

page read and write

37A000

unkown

page read and write

374000

unkown

page read and write

28D6000

unkown

page readonly

22A0000

unkown

page readonly

37A000

unkown

page read and write

29C1000

unkown

page read and write

2FCB000

unkown

page read and write

397000

unkown

page read and write

110000

heap private

page read and write

34F000

unkown

page read and write

29E2000

unkown

page read and write

There are 668 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

URLs

Domains

IPs

Registry

Memdumps