Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
document-933340782.xlsm
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\~$document-933340782.xlsm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\suspendedpage[1].htm
|
HTML document, ASCII text, with very long lines
|
downloaded
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2D8BBC4.png
|
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7387CA72.png
|
PNG image data, 485 x 185, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\75F3850F.png
|
PNG image data, 205 x 58, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D5F5A0F5.png
|
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\C1DE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue
Oct 17 10:04:00 2017, mtime=Wed Apr 7 16:46:39 2021, atime=Wed Apr 7 16:46:39 2021, length=12288, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-933340782.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13
2020, mtime=Wed Apr 7 16:46:39 2021, atime=Wed Apr 7 16:46:39 2021, length=108482, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\82DE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\iekdhfe.dsk
|
HTML document, ASCII text, with very long lines
|
dropped
|
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\iekdhfe.dsk,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\iekdhfe.dsk1,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\iekdhfe.dsk2,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\iekdhfe.dsk3,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\iekdhfe.dsk4,DllRegisterServer
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://tienda.ventadigital.com.ar/ds/2803.gif
|
31.170.166.139
|
|
|
|
http://nellaimasthanbiryani.com/ds/2803.gif
|
66.36.231.40
|
|
|
|
http://thirdstringcalifornia.com/ds/2803.gif
|
143.95.33.96
|
|
|
|
http://holmesservices.mobiledevsite.co/ds/2803.gif
|
103.68.166.129
|
|
|
|
http://kristen.sbddev.com/ds/2803.gif
|
50.23.112.133
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://kristen.sbddev.com/cgi-sys/suspendedpage.cgi
|
50.23.112.133
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
holmesservices.mobiledevsite.co
|
103.68.166.129
|
|
|
|
kristen.sbddev.com
|
50.23.112.133
|
|
|
|
tienda.ventadigital.com.ar
|
31.170.166.139
|
|
|
|
nellaimasthanbiryani.com
|
66.36.231.40
|
|
|
|
thirdstringcalifornia.com
|
143.95.33.96
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.68.166.129
|
holmesservices.mobiledevsite.co
|
Singapore
|
|
|
|
143.95.33.96
|
thirdstringcalifornia.com
|
United States
|
|
|
|
66.36.231.40
|
nellaimasthanbiryani.com
|
United States
|
|
|
|
50.23.112.133
|
kristen.sbddev.com
|
United States
|
|
|
|
31.170.166.139
|
tienda.ventadigital.com.ar
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
+c8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ECE57
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED115
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED24D
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED2E9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
tk8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
FFCB6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1009D0
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
There are 95 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A42000
|
unkown
|
page readonly
|
|
|
|
110000
|
unkown
|
page read and write
|
|
|
|
2962000
|
unkown
|
page readonly
|
|
|
|
5D0000
|
unkown
|
page readonly
|
|
|
|
1D77000
|
unkown
|
page readonly
|
|
|
|
2A32000
|
unkown
|
page readonly
|
|
|
|
2DD5000
|
heap private
|
page read and write
|
|
|
|
2315000
|
heap private
|
page read and write
|
|
|
|
29D5000
|
unkown
|
page readonly
|
|
|
|
29A5000
|
unkown
|
page readonly
|
|
|
|
2792000
|
unkown
|
page readonly
|
|
|
|
27C2000
|
unkown
|
page readonly
|
|
|
|
2AC0000
|
unkown
|
page readonly
|
|
|
|
357000
|
heap default
|
page read and write
|
|
|
|
28B000
|
unkown
|
page read and write
|
|
|
|
28D9000
|
unkown
|
page readonly
|
|
|
|
450000
|
unkown
|
page readonly
|
|
|
|
460000
|
heap private
|
page read and write
|
|
|
|
2552000
|
unkown
|
page readonly
|
|
|
|
27B2000
|
unkown
|
page readonly
|
|
|
|
29F2000
|
unkown
|
page readonly
|
|
|
|
21B0000
|
heap private
|
page read and write
|
|
|
|
2832000
|
unkown
|
page readonly
|
|
|
|
2812000
|
unkown
|
page readonly
|
|
|
|
28D2000
|
unkown
|
page readonly
|
|
|
|
21CB000
|
heap private
|
page read and write
|
|
|
|
3A6000
|
unkown
|
page read and write
|
|
|
|
2230000
|
heap private
|
page read and write
|
|
|
|
1B90000
|
unkown
|
page readonly
|
|
|
|
2A1D000
|
unkown
|
page readonly
|
|
|
|
2806000
|
unkown
|
page readonly
|
|
|
|
27B4000
|
unkown
|
page readonly
|
|
|
|
2658000
|
unkown
|
page readonly
|
|
|
|
28B9000
|
unkown
|
page readonly
|
|
|
|
3C6000
|
unkown
|
page read and write
|
|
|
|
2AC2000
|
unkown
|
page readonly
|
|
|
|
2A16000
|
unkown
|
page readonly
|
|
|
|
2A50000
|
unkown
|
page readonly
|
|
|
|
2C00000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
2886000
|
unkown
|
page readonly
|
|
|
|
240000
|
heap private
|
page read and write
|
|
|
|
290000
|
heap default
|
page read and write
|
|
|
|
1F50000
|
unkown
|
page readonly
|
|
|
|
2A69000
|
unkown
|
page readonly
|
|
|
|
283D000
|
unkown
|
page readonly
|
|
|
|
2982000
|
unkown
|
page readonly
|
|
|
|
2A19000
|
unkown
|
page readonly
|
|
|
|
490000
|
unkown
|
page readonly
|
|
|
|
2A70000
|
unkown
|
page readonly
|
|
|
|
2502000
|
unkown
|
page readonly
|
|
|
|
277000
|
heap default
|
page read and write
|
|
|
|
21E000
|
heap default
|
page read and write
|
|
|
|
146000
|
unkown
|
page read and write
|
|
|
|
2745000
|
unkown
|
page readonly
|
|
|
|
27D5000
|
unkown
|
page readonly
|
|
|
|
20E5000
|
heap private
|
page read and write
|
|
|
|
2752000
|
unkown
|
page readonly
|
|
|
|
28B2000
|
unkown
|
page readonly
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
2875000
|
unkown
|
page readonly
|
|
|
|
1E0000
|
heap default
|
page read and write
|
|
|
|
2A55000
|
unkown
|
page readonly
|
|
|
|
2130000
|
heap private
|
page read and write
|
|
|
|
5F0000
|
unkown
|
page readonly
|
|
|
|
2040000
|
heap private
|
page read and write
|
|
|
|
2652000
|
unkown
|
page readonly
|
|
|
|
2CD000
|
heap default
|
page read and write
|
|
|
|
27B6000
|
unkown
|
page readonly
|
|
|
|
2852000
|
unkown
|
page readonly
|
|
|
|
610000
|
unkown
|
page readonly
|
|
|
|
27A5000
|
unkown
|
page readonly
|
|
|
|
2802000
|
unkown
|
page readonly
|
|
|
|
2A90000
|
unkown
|
page readonly
|
|
|
|
2135000
|
heap private
|
page read and write
|
|
|
|
29C2000
|
unkown
|
page readonly
|
|
|
|
19B000
|
unkown
|
page read and write
|
|
|
|
2932000
|
unkown
|
page readonly
|
|
|
|
28A5000
|
unkown
|
page readonly
|
|
|
|
2814000
|
unkown
|
page readonly
|
|
|
|
29F2000
|
unkown
|
page readonly
|
|
|
|
297000
|
heap default
|
page read and write
|
|
|
|
29B2000
|
unkown
|
page readonly
|
|
|
|
104000
|
heap private
|
page read and write
|
|
|
|
5F0000
|
unkown
|
page readonly
|
|
|
|
2ED0000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page readonly
|
|
|
|
2836000
|
unkown
|
page readonly
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
470000
|
unkown
|
page readonly
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
2839000
|
unkown
|
page readonly
|
|
|
|
2856000
|
unkown
|
page readonly
|
|
|
|
2139000
|
heap private
|
page read and write
|
|
|
|
27D6000
|
unkown
|
page readonly
|
|
|
|
2786000
|
unkown
|
page readonly
|
|
|
|
2912000
|
unkown
|
page readonly
|
|
|
|
2652000
|
unkown
|
page readonly
|
|
|
|
2892000
|
unkown
|
page readonly
|
|
|
|
2A39000
|
unkown
|
page readonly
|
|
|
|
1D7000
|
heap default
|
page read and write
|
|
|
|
2839000
|
unkown
|
page readonly
|
|
|
|
27E2000
|
unkown
|
page readonly
|
|
|
|
2508000
|
unkown
|
page readonly
|
|
|
|
27E9000
|
unkown
|
page readonly
|
|
|
|
2955000
|
unkown
|
page readonly
|
|
|
|
2AB5000
|
unkown
|
page readonly
|
|
|
|
20E000
|
heap default
|
page read and write
|
|
|
|
27D4000
|
unkown
|
page readonly
|
|
|
|
1B90000
|
unkown
|
page readonly
|
|
|
|
21D0000
|
unkown
|
page readonly
|
|
|
|
1A0000
|
heap private
|
page read and write
|
|
|
|
27ED000
|
unkown
|
page readonly
|
|
|
|
69F000
|
unkown
|
page read and write
|
|
|
|
2A92000
|
unkown
|
page readonly
|
|
|
|
28A6000
|
unkown
|
page readonly
|
|
|
|
28B6000
|
unkown
|
page readonly
|
|
|
|
2734000
|
unkown
|
page readonly
|
|
|
|
2959000
|
unkown
|
page readonly
|
|
|
|
100000
|
heap private
|
page read and write
|
|
|
|
2952000
|
unkown
|
page readonly
|
|
|
|
2195000
|
heap private
|
page read and write
|
|
|
|
2ED0000
|
unkown
|
page read and write
|
|
|
|
2D0000
|
unkown
|
page read and write
|
|
|
|
2BBB000
|
heap private
|
page read and write
|
|
|
|
28C5000
|
unkown
|
page readonly
|
|
|
|
16D000
|
unkown
|
page read and write
|
|
|
|
2875000
|
unkown
|
page readonly
|
|
|
|
1B90000
|
unkown
|
page readonly
|
|
|
|
2B80000
|
heap private
|
page read and write
|
|
|
|
2A62000
|
unkown
|
page readonly
|
|
|
|
28F4000
|
unkown
|
page readonly
|
|
|
|
390000
|
unkown
|
page read and write
|
|
|
|
180000
|
unkown
|
page readonly
|
|
|
|
2B80000
|
heap private
|
page read and write
|
|
|
|
2925000
|
unkown
|
page readonly
|
|
|
|
2889000
|
unkown
|
page readonly
|
|
|
|
2992000
|
unkown
|
page readonly
|
|
|
|
2A85000
|
unkown
|
page readonly
|
|
|
|
2F90000
|
unkown
|
page read and write
|
|
|
|
1D77000
|
unkown
|
page readonly
|
|
|
|
270000
|
heap default
|
page read and write
|
|
|
|
2CC0000
|
unkown
|
page readonly
|
|
|
|
2794000
|
unkown
|
page readonly
|
|
|
|
2914000
|
unkown
|
page readonly
|
|
|
|
190000
|
heap private
|
page read and write
|
|
|
|
26C4000
|
unkown
|
page readonly
|
|
|
|
2834000
|
unkown
|
page readonly
|
|
|
|
2862000
|
unkown
|
page readonly
|
|
|
|
2738000
|
unkown
|
page readonly
|
|
|
|
2A05000
|
unkown
|
page readonly
|
|
|
|
470000
|
unkown
|
page readonly
|
|
|
|
2752000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page readonly
|
|
|
|
1B70000
|
unkown
|
page readonly
|
|
|
|
2B20000
|
unkown
|
page readonly
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
28B9000
|
unkown
|
page readonly
|
|
|
|
2B85000
|
heap private
|
page read and write
|
|
|
|
2C3B000
|
heap private
|
page read and write
|
|
|
|
21B0000
|
unkown
|
page readonly
|
|
|
|
27A6000
|
unkown
|
page readonly
|
|
|
|
28D6000
|
unkown
|
page readonly
|
|
|
|
27E6000
|
unkown
|
page readonly
|
|
|
|
2602000
|
unkown
|
page readonly
|
|
|
|
23B0000
|
unkown
|
page readonly
|
|
|
|
290000
|
heap default
|
page read and write
|
|
|
|
2160000
|
unkown
|
page readonly
|
|
|
|
27F5000
|
unkown
|
page readonly
|
|
|
|
ABF000
|
unkown
|
page read and write
|
|
|
|
2E0B000
|
heap private
|
page read and write
|
|
|
|
2975000
|
unkown
|
page readonly
|
|
|
|
2CE000
|
heap default
|
page read and write
|
|
|
|
360000
|
heap private
|
page read and write
|
|
|
|
1F70000
|
unkown
|
page write copy
|
|
|
|
3A6000
|
unkown
|
page read and write
|
|
|
|
26D2000
|
unkown
|
page readonly
|
|
|
|
2AA0000
|
unkown
|
page readonly
|
|
|
|
2895000
|
unkown
|
page readonly
|
|
|
|
2825000
|
unkown
|
page readonly
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
2812000
|
unkown
|
page readonly
|
|
|
|
2B40000
|
unkown
|
page readonly
|
|
|
|
2906000
|
unkown
|
page readonly
|
|
|
|
364000
|
heap private
|
page read and write
|
|
|
|
2832000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
194000
|
heap private
|
page read and write
|
|
|
|
2832000
|
unkown
|
page readonly
|
|
|
|
1D0000
|
heap default
|
page read and write
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
2230000
|
unkown
|
page readonly
|
|
|
|
2869000
|
unkown
|
page readonly
|
|
|
|
2732000
|
unkown
|
page readonly
|
|
|
|
2C80000
|
unkown
|
page readonly
|
|
|
|
2934000
|
unkown
|
page readonly
|
|
|
|
22D0000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page readonly
|
|
|
|
28B2000
|
unkown
|
page readonly
|
|
|
|
2832000
|
unkown
|
page readonly
|
|
|
|
2792000
|
unkown
|
page readonly
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
28F5000
|
unkown
|
page readonly
|
|
|
|
29E6000
|
unkown
|
page readonly
|
|
|
|
2932000
|
unkown
|
page readonly
|
|
|
|
5F0000
|
unkown
|
page readonly
|
|
|
|
2235000
|
heap private
|
page read and write
|
|
|
|
1F70000
|
unkown
|
page write copy
|
|
|
|
2B80000
|
unkown
|
page readonly
|
|
|
|
2754000
|
unkown
|
page readonly
|
|
|
|
2989000
|
unkown
|
page readonly
|
|
|
|
28E2000
|
unkown
|
page readonly
|
|
|
|
25D8000
|
unkown
|
page readonly
|
|
|
|
2702000
|
unkown
|
page readonly
|
|
|
|
2C00000
|
heap private
|
page read and write
|
|
|
|
20E0000
|
heap private
|
page read and write
|
|
|
|
9FF000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
2180000
|
unkown
|
page readonly
|
|
|
|
1E7000
|
heap default
|
page read and write
|
|
|
|
2A80000
|
unkown
|
page readonly
|
|
|
|
2080000
|
unkown
|
page write copy
|
|
|
|
AC000
|
unkown
|
page read and write
|
|
|
|
2775000
|
unkown
|
page readonly
|
|
|
|
2909000
|
unkown
|
page readonly
|
|
|
|
28BD000
|
unkown
|
page readonly
|
|
|
|
2859000
|
unkown
|
page readonly
|
|
|
|
1D0000
|
heap private
|
page read and write
|
|
|
|
306000
|
unkown
|
page read and write
|
|
|
|
38E000
|
heap default
|
page read and write
|
|
|
|
2F50000
|
unkown
|
page read and write
|
|
|
|
1D77000
|
unkown
|
page readonly
|
|
|
|
2925000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
2000000
|
heap private
|
page read and write
|
|
|
|
20E9000
|
heap private
|
page read and write
|
|
|
|
2756000
|
unkown
|
page readonly
|
|
|
|
2802000
|
unkown
|
page readonly
|
|
|
|
1D97000
|
unkown
|
page readonly
|
|
|
|
2762000
|
unkown
|
page readonly
|
|
|
|
2732000
|
unkown
|
page readonly
|
|
|
|
2090000
|
heap private
|
page read and write
|
|
|
|
2D6000
|
heap default
|
page read and write
|
|
|
|
2DB000
|
heap default
|
page read and write
|
|
|
|
2C60000
|
unkown
|
page readonly
|
|
|
|
28F5000
|
unkown
|
page readonly
|
|
|
|
28F2000
|
unkown
|
page readonly
|
|
|
|
2809000
|
unkown
|
page readonly
|
|
|
|
26E2000
|
unkown
|
page readonly
|
|
|
|
26C2000
|
unkown
|
page readonly
|
|
|
|
2C00000
|
unkown
|
page readonly
|
|
|
|
2190000
|
heap private
|
page read and write
|
|
|
|
2DD0000
|
heap private
|
page read and write
|
|
|
|
24E000
|
unkown
|
page read and write
|
|
|
|
2E0000
|
heap private
|
page read and write
|
|
|
|
29D5000
|
unkown
|
page readonly
|
|
|
|
2826000
|
unkown
|
page readonly
|
|
|
|
1A4000
|
heap private
|
page read and write
|
|
|
|
21B9000
|
heap private
|
page read and write
|
|
|
|
1BB0000
|
unkown
|
page readonly
|
|
|
|
2825000
|
unkown
|
page readonly
|
|
|
|
2882000
|
unkown
|
page readonly
|
|
|
|
2E50000
|
unkown
|
page readonly
|
|
|
|
2310000
|
heap private
|
page read and write
|
|
|
|
2714000
|
unkown
|
page readonly
|
|
|
|
2986000
|
unkown
|
page readonly
|
|
|
|
2B85000
|
heap private
|
page read and write
|
|
|
|
26E4000
|
unkown
|
page readonly
|
|
|
|
22B0000
|
unkown
|
page readonly
|
|
|
|
464000
|
heap private
|
page read and write
|
|
|
|
2815000
|
unkown
|
page readonly
|
|
|
|
2110000
|
unkown
|
page readonly
|
|
|
|
2882000
|
unkown
|
page readonly
|
|
|
|
27B2000
|
unkown
|
page readonly
|
|
|
|
2BBB000
|
heap private
|
page read and write
|
|
|
|
29A5000
|
unkown
|
page readonly
|
|
|
|
1D57000
|
unkown
|
page readonly
|
|
|
|
2732000
|
unkown
|
page readonly
|
|
|
|
2782000
|
unkown
|
page readonly
|
|
|
|
2B42000
|
unkown
|
page readonly
|
|
|
|
CC000
|
unkown
|
page read and write
|
|
|
|
2936000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
2704000
|
unkown
|
page readonly
|
|
|
|
297000
|
heap default
|
page read and write
|
|
|
|
290000
|
unkown
|
page write copy
|
|
|
|
2BC0000
|
unkown
|
page readonly
|
|
|
|
2390000
|
unkown
|
page readonly
|
|
|
|
2CA0000
|
unkown
|
page readonly
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
2902000
|
unkown
|
page readonly
|
|
|
|
2BE0000
|
unkown
|
page read and write
|
|
|
|
2939000
|
unkown
|
page readonly
|
|
|
|
28A5000
|
unkown
|
page readonly
|
|
|
|
2939000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
1F90000
|
unkown
|
page write copy
|
|
|
|
350000
|
heap default
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
2C05000
|
heap private
|
page read and write
|
|
|
|
470000
|
unkown
|
page readonly
|
|
|
|
390000
|
unkown
|
page read and write
|
|
|
|
2712000
|
unkown
|
page readonly
|
|
|
|
2795000
|
unkown
|
page readonly
|
|
|
|
244000
|
heap private
|
page read and write
|
|
|
|
2B00000
|
unkown
|
page readonly
|
|
|
|
2854000
|
unkown
|
page readonly
|
|
|
|
2C80000
|
unkown
|
page readonly
|
|
|
|
2862000
|
unkown
|
page readonly
|
|
|
|
2BA0000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
2319000
|
heap private
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
6A0000
|
unkown
|
page readonly
|
|
|
|
293D000
|
unkown
|
page readonly
|
|
|
|
2975000
|
unkown
|
page readonly
|
|
|
|
2885000
|
unkown
|
page readonly
|
|
|
|
2845000
|
unkown
|
page readonly
|
|
|
|
29B9000
|
unkown
|
page readonly
|
|
|
|
25D2000
|
unkown
|
page readonly
|
|
|
|
2210000
|
unkown
|
page readonly
|
|
|
|
21B5000
|
heap private
|
page read and write
|
|
|
|
2A30000
|
unkown
|
page readonly
|
|
|
|
2558000
|
unkown
|
page readonly
|
|
|
|
2239000
|
heap private
|
page read and write
|
|
|
|
2855000
|
unkown
|
page readonly
|
|
|
|
29B6000
|
unkown
|
page readonly
|
|
|
|
2C22000
|
unkown
|
page readonly
|
|
|
|
27D2000
|
unkown
|
page readonly
|
|
|
|
2912000
|
unkown
|
page readonly
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
2030000
|
unkown
|
page readonly
|
|
|
|
18C000
|
unkown
|
page read and write
|
|
|
|
3C6000
|
unkown
|
page read and write
|
|
|
|
2AE000
|
heap default
|
page read and write
|
|
|
|
2852000
|
unkown
|
page readonly
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
28D5000
|
unkown
|
page readonly
|
|
|
|
2A99000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
27C5000
|
unkown
|
page readonly
|
|
There are 332 hidden memdumps, click here to show them.