Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PAGO.xlsx
|
CDFV2 Encrypted
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\svchost[1].exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\Desktop\~$PAGO.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\Public\vbc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\3F6ihf[1].htm
|
ASCII text, with CRLF line terminators
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1015AEA3.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2EF57FF8.png
|
PNG image data, 992 x 192, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\41D443A9.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 178x124,
frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4890E2DA.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 88x89, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4B3408F0.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5E7712AA.png
|
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\696809D7.png
|
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6CA41431.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\715928FD.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\806800C6.jpeg
|
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8299D048.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 88x89, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\84B2BE14.jpeg
|
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\863DC596.png
|
PNG image data, 992 x 192, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91086113.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 178x124,
frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A1EB740D.png
|
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B2AC4F99.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B982CC9F.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C43329EC.png
|
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DD298C7E.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
|
data
|
dropped
|
|
There are 15 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
|
|
|
|
C:\Users\Public\vbc.exe
|
'C:\Users\Public\vbc.exe'
|
|
|
|
C:\Users\Public\vbc.exe
|
C:\Users\Public\vbc.exe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://wsdysuresbonescagegp.dns.army/documenpt/svchost.exe
|
103.153.76.181
|
|
|
|
http://127.0.0.1:HTTP/1.1
|
unknown
|
|
|
|
http://DynDns.comDynDNS
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
|
unknown
|
|
|
|
http://smtp.lpsinvest.com
|
unknown
|
|
|
|
https://dist.nuget.org/win-x86-commandline/latest/nuget.exe
|
unknown
|
|
|
|
https://github.com/d-haxton/HaxtonBot/archive/master.zip
|
unknown
|
|
|
|
http://AFplKq.com
|
unknown
|
|
|
|
https://api.ipify.org%GETMozilla/5.0
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
https://github.com/Spegeli/Pokemon-Go-Rocket-API/archive/master.zip
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
|
|
|
https://api.ipify.org%
|
unknown
|
|
|
|
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
|
unknown
|
|
|
|
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
|
unknown
|
|
|
|
https://x8nMk45g8ETcNqX.org
|
unknown
|
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
wsdysuresbonescagegp.dns.army
|
103.153.76.181
|
|
|
|
smtp.lpsinvest.com
|
5.10.29.169
|
|
|
|
is.gd
|
104.25.234.53
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
5.10.29.169
|
smtp.lpsinvest.com
|
United Kingdom
|
|
|
|
103.153.76.181
|
wsdysuresbonescagegp.dns.army
|
unknown
|
|
|
|
104.25.234.53
|
is.gd
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{ 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EF325
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
FontCachePath
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
h<2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F4319
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F5BD6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 21
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F4319
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F4319
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F4319
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationEditorFilesIntl_1033
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Blob
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Blob
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Blob
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Blob
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Blob
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
Blob
|
|
There are 197 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
unkown
|
page execute and read and write
|
|
|
|
2658000
|
unkown
|
page read and write
|
|
|
|
347C000
|
unkown
|
page read and write
|
|
|
|
25B1000
|
unkown
|
page read and write
|
|
|
|
24AB000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
835000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
F80000
|
unkown image
|
page readonly
|
|
|
|
249F000
|
unkown
|
page read and write
|
|
|
|
51D000
|
heap default
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
15B000
|
unkown
|
page execute and read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
831000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
2E0000
|
unkown
|
page execute and read and write
|
|
|
|
308000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
282000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5E0000
|
heap private
|
page read and write
|
|
|
|
990000
|
heap private
|
page read and write
|
|
|
|
124000
|
unkown
|
page read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
50CE000
|
stack
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5EF5000
|
unkown
|
page readonly
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5E8D000
|
unkown
|
page readonly
|
|
|
|
28A000
|
unkown
|
page execute and read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
772000
|
unkown
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
13A000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
A50000
|
unkown
|
page read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
A50000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
999000
|
heap private
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
6B40000
|
heap private
|
page read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
51AC000
|
unkown
|
page read and write
|
|
|
|
C40000
|
unkown
|
page read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
5D84000
|
unkown
|
page readonly
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
772000
|
unkown
|
page read and write
|
|
|
|
5DA2000
|
unkown
|
page readonly
|
|
|
|
5E15000
|
unkown
|
page readonly
|
|
|
|
553000
|
heap default
|
page read and write
|
|
|
|
519D000
|
unkown
|
page read and write
|
|
|
|
29B000
|
unkown
|
page execute and read and write
|
|
|
|
41E000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
5191000
|
unkown
|
page read and write
|
|
|
|
5360000
|
unkown
|
page read and write
|
|
|
|
51B0000
|
heap private
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
760000
|
unkown
|
page read and write
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
45B0000
|
unkown
|
page readonly
|
|
|
|
12D000
|
unkown
|
page execute and read and write
|
|
|
|
7B0000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
A54000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
unkown
|
page readonly
|
|
|
|
A55000
|
unkown
|
page read and write
|
|
|
|
295000
|
unkown
|
page execute and read and write
|
|
|
|
780000
|
unkown
|
page execute and read and write
|
|
|
|
5BE7000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page readonly
|
|
|
|
B30000
|
unkown
|
page read and write
|
|
|
|
25AF000
|
unkown
|
page read and write
|
|
|
|
375A000
|
unkown
|
page read and write
|
|
|
|
157000
|
unkown
|
page execute and read and write
|
|
|
|
4D3E000
|
unkown
|
page read and write
|
|
|
|
F82000
|
unkown image
|
page execute read
|
|
|
|
380000
|
heap private
|
page read and write
|
|
|
|
A50000
|
unkown
|
page read and write
|
|
|
|
6B5000
|
heap default
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
5215000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5CE000
|
unkown
|
page read and write
|
|
|
|
4F00000
|
heap private
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
4A1E000
|
unkown
|
page read and write | page guard
|
|
|
|
152000
|
unkown
|
page read and write
|
|
|
|
680000
|
unkown
|
page read and write
|
|
|
|
660000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
26B7000
|
unkown
|
page read and write
|
|
|
|
155000
|
unkown
|
page execute and read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
575000
|
heap default
|
page read and write
|
|
|
|
2D0000
|
unkown
|
page execute and read and write
|
|
|
|
292000
|
unkown
|
page read and write
|
|
|
|
627000
|
heap default
|
page read and write
|
|
|
|
688000
|
unkown
|
page read and write
|
|
|
|
84B000
|
unkown
|
page read and write
|
|
|
|
690000
|
unkown
|
page read and write
|
|
|
|
5E62000
|
unkown
|
page readonly
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
3471000
|
unkown
|
page read and write
|
|
|
|
130000
|
unkown
|
page read and write
|
|
|
|
5F09000
|
unkown
|
page readonly
|
|
|
|
140000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
F80000
|
unkown image
|
page readonly
|
|
|
|
BF2E000
|
stack
|
page read and write
|
|
|
|
7C3000
|
unkown
|
page read and write
|
|
|
|
3FE000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
660000
|
unkown
|
page read and write
|
|
|
|
2D7000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
5E6C000
|
unkown
|
page read and write
|
|
|
|
A51000
|
unkown
|
page read and write
|
|
|
|
5D62000
|
unkown
|
page readonly
|
|
|
|
663000
|
unkown
|
page read and write
|
|
|
|
2F0000
|
unkown
|
page readonly
|
|
|
|
B8C000
|
unkown
|
page read and write
|
|
|
|
572000
|
unkown
|
page read and write
|
|
|
|
720000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
2F0000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
5F25000
|
unkown
|
page readonly
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
DFB000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
56CE000
|
unkown
|
page read and write
|
|
|
|
50D0000
|
unkown
|
page read and write
|
|
|
|
F80000
|
unkown image
|
page readonly
|
|
|
|
6D2000
|
heap default
|
page read and write
|
|
|
|
4D0000
|
heap default
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
7EF58000
|
unkown
|
page execute and read and write
|
|
|
|
75D000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
559000
|
heap default
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
27D000
|
unkown
|
page execute and read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
102C000
|
unkown image
|
page readonly
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
24B8000
|
unkown
|
page read and write
|
|
|
|
F80000
|
unkown image
|
page readonly
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
102C000
|
unkown image
|
page readonly
|
|
|
|
3C4000
|
unkown
|
page read and write
|
|
|
|
45C0000
|
unkown
|
page readonly
|
|
|
|
4B05000
|
heap private
|
page read and write
|
|
|
|
51ED000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5BF5000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
F82000
|
unkown image
|
page execute read
|
|
|
|
450000
|
heap private
|
page read and write
|
|
|
|
86E000
|
unkown
|
page read and write
|
|
|
|
DF0000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
26EC000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
850000
|
unkown
|
page read and write
|
|
|
|
7C6000
|
unkown
|
page read and write
|
|
|
|
59DF000
|
unkown
|
page read and write
|
|
|
|
5820000
|
unkown
|
page readonly
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
5E4000
|
heap private
|
page read and write
|
|
|
|
52D0000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
1AA000
|
unkown
|
page read and write
|
|
|
|
5E45000
|
unkown
|
page readonly
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5AC0000
|
heap private
|
page read and write
|
|
|
|
7D0000
|
unkown
|
page read and write
|
|
|
|
662E000
|
unkown
|
page read and write
|
|
|
|
680000
|
unkown
|
page read and write
|
|
|
|
795000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5398000
|
heap private
|
page read and write
|
|
|
|
F6E000
|
unkown
|
page read and write
|
|
|
|
C10000
|
unkown
|
page readonly
|
|
|
|
4A40000
|
heap private
|
page read and write
|
|
|
|
5820000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5610000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
4B4E000
|
stack
|
page read and write
|
|
|
|
5390000
|
heap private
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
4E30000
|
unkown
|
page read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
unkown
|
page read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
851000
|
unkown
|
page read and write
|
|
|
|
6092000
|
unkown
|
page readonly
|
|
|
|
35B1000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
A77000
|
heap private
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
55FE000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
4F10000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
7B0000
|
unkown
|
page read and write
|
|
|
|
660000
|
unkown
|
page read and write
|
|
|
|
24A3000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
490000
|
heap default
|
page read and write
|
|
|
|
45BE000
|
stack
|
page read and write
|
|
|
|
850000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
heap private
|
page execute and read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
DF0000
|
unkown
|
page execute and read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
B9CE000
|
stack
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
A40000
|
unkown
|
page readonly
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
63BE000
|
unkown
|
page read and write
|
|
|
|
5800000
|
unkown
|
page readonly
|
|
|
|
5108000
|
unkown
|
page read and write
|
|
|
|
860000
|
unkown
|
page read and write
|
|
|
|
7D0000
|
unkown
|
page read and write
|
|
|
|
264E000
|
unkown
|
page read and write
|
|
|
|
550E000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
F1F000
|
stack
|
page read and write
|
|
|
|
660000
|
heap default
|
page read and write
|
|
|
|
4EFC000
|
unkown
|
page read and write
|
|
|
|
5E89000
|
unkown
|
page readonly
|
|
|
|
4B50000
|
unkown
|
page readonly
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
102C000
|
unkown image
|
page readonly
|
|
|
|
5BA2000
|
unkown
|
page readonly
|
|
|
|
110000
|
unkown
|
page read and write
|
|
|
|
792000
|
unkown
|
page read and write
|
|
|
|
581D000
|
unkown
|
page read and write
|
|
|
|
5E70000
|
unkown
|
page readonly
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
A50000
|
unkown
|
page read and write
|
|
|
|
268000
|
stack
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
unkown
|
page read and write
|
|
|
|
340000
|
heap default
|
page read and write
|
|
|
|
543B000
|
unkown
|
page read and write
|
|
|
|
DE0000
|
heap private
|
page execute and read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
7D0000
|
unkown
|
page read and write
|
|
|
|
644000
|
heap default
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
BD8F000
|
unkown
|
page read and write
|
|
|
|
D8E000
|
unkown
|
page read and write | page guard
|
|
|
|
83A000
|
unkown
|
page read and write
|
|
|
|
60D0000
|
unkown
|
page readonly
|
|
|
|
5BA8000
|
unkown
|
page readonly
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
320000
|
heap private
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
2603000
|
unkown
|
page read and write
|
|
|
|
69CF000
|
unkown
|
page read and write
|
|
|
|
5DF6000
|
unkown
|
page readonly
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
834000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
5E56000
|
unkown
|
page readonly
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5E32000
|
unkown
|
page readonly
|
|
|
|
5BE0000
|
unkown
|
page read and write
|
|
|
|
2E0000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
E00000
|
unkown
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
620000
|
heap default
|
page read and write
|
|
|
|
53D1000
|
unkown
|
page read and write
|
|
|
|
24A1000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page readonly
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
4F2000
|
heap default
|
page read and write
|
|
|
|
7EF40000
|
unkown
|
page execute and read and write
|
|
|
|
870000
|
heap private
|
page execute and read and write
|
|
|
|
123000
|
unkown
|
page execute and read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
164000
|
unkown
|
page read and write
|
|
|
|
5EC5000
|
unkown
|
page readonly
|
|
|
|
C3E000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
unkown
|
page read and write
|
|
|
|
4970000
|
unkown
|
page readonly
|
|
|
|
3C0000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
517D000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
330000
|
unkown
|
page read and write
|
|
|
|
384000
|
heap private
|
page read and write
|
|
|
|
54F0000
|
heap private
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
84D7000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
7B0000
|
unkown
|
page read and write
|
|
|
|
860000
|
unkown
|
page read and write
|
|
|
|
F82000
|
unkown image
|
page execute read
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
3A2000
|
heap private
|
page read and write
|
|
|
|
60F0000
|
unkown
|
page readonly
|
|
|
|
4B00000
|
heap private
|
page read and write
|
|
|
|
F80000
|
unkown image
|
page readonly
|
|
|
|
6110000
|
unkown
|
page readonly
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
5ED9000
|
unkown
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
80000
|
unkown
|
page readonly
|
|
|
|
622F000
|
stack
|
page read and write
|
|
|
|
779000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
980000
|
unkown
|
page readonly
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
4F8F000
|
unkown
|
page read and write
|
|
|
|
61D000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
830000
|
unkown
|
page read and write
|
|
|
|
5DD2000
|
unkown
|
page readonly
|
|
|
|
5DA4000
|
unkown
|
page readonly
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
D8F000
|
unkown
|
page read and write
|
|
|
|
4C8E000
|
unkown
|
page read and write
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
5197000
|
unkown
|
page read and write
|
|
|
|
142000
|
unkown
|
page read and write
|
|
|
|
5394000
|
heap private
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
370000
|
unkown
|
page readonly
|
|
|
|
4DC000
|
heap default
|
page read and write
|
|
|
|
4DD0000
|
heap private
|
page execute and read and write
|
|
|
|
5B3E000
|
unkown
|
page read and write
|
|
|
|
5E26000
|
unkown
|
page readonly
|
|
|
|
5D0000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
5170000
|
heap private
|
page read and write
|
|
|
|
573000
|
heap default
|
page read and write
|
|
|
|
6FD000
|
heap default
|
page read and write
|
|
|
|
7BF000
|
unkown
|
page read and write
|
|
|
|
537000
|
heap default
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
1070000
|
unkown
|
page readonly
|
|
|
|
5156000
|
unkown
|
page read and write
|
|
|
|
16D000
|
unkown
|
page execute and read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
5CA2000
|
unkown
|
page readonly
|
|
|
|
4A1F000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
597E000
|
unkown
|
page read and write
|
|
|
|
7C0000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
3479000
|
unkown
|
page read and write
|
|
|
|
CF0000
|
unkown
|
page write copy
|
|
|
|
B40000
|
unkown
|
page read and write
|
|
|
|
537D000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
24B4000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
BEC000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
unkown
|
page read and write
|
|
|
|
850000
|
unkown
|
page read and write
|
|
|
|
76E000
|
unkown
|
page read and write
|
|
|
|
26EA000
|
unkown
|
page read and write
|
|
|
|
5600000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
unkown
|
page readonly
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
4890000
|
unkown
|
page readonly
|
|
|
|
5EA2000
|
unkown
|
page readonly
|
|
|
|
65E000
|
unkown
|
page read and write
|
|
|
|
80000
|
unkown
|
page readonly
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
580000
|
unkown
|
page execute and read and write
|
|
|
|
146000
|
unkown
|
page execute and read and write
|
|
|
|
860000
|
unkown
|
page read and write
|
|
|
|
E10000
|
unkown
|
page read and write
|
|
|
|
DDE000
|
unkown
|
page read and write
|
|
|
|
5DE5000
|
unkown
|
page readonly
|
|
|
|
4F0000
|
heap default
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
5BEC000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
4750000
|
unkown
|
page readonly
|
|
|
|
30B000
|
unkown
|
page read and write
|
|
|
|
53D0000
|
unkown
|
page read and write
|
|
|
|
5F02000
|
unkown
|
page readonly
|
|
|
|
7B0000
|
unkown
|
page read and write
|
|
|
|
13D000
|
unkown
|
page execute and read and write
|
|
|
|
25AE000
|
unkown
|
page read and write | page guard
|
|
|
|
660000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
287000
|
unkown
|
page execute and read and write
|
|
|
|
5B0000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
5D0000
|
unkown
|
page execute and read and write
|
|
|
|
5C3000
|
unkown
|
page read and write
|
|
|
|
682E000
|
unkown
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
4B22000
|
heap private
|
page read and write
|
|
|
|
308000
|
unkown
|
page read and write
|
|
|
|
633E000
|
stack
|
page read and write
|
|
|
|
8B0000
|
heap private
|
page read and write
|
|
|
|
5D64000
|
unkown
|
page readonly
|
|
|
|
51D0000
|
unkown
|
page read and write
|
|
|
|
26F4000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
5E75000
|
unkown
|
page readonly
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
F82000
|
unkown image
|
page execute read
|
|
|
|
4A6E000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
5E02000
|
unkown
|
page readonly
|
|
|
|
A70000
|
heap private
|
page read and write
|
|
|
|
4F05000
|
heap private
|
page read and write
|
|
|
|
670000
|
heap private
|
page read and write
|
|
|
|
102C000
|
unkown image
|
page readonly
|
|
|
|
4E0000
|
unkown
|
page readonly
|
|
|
|
26B4000
|
unkown
|
page read and write
|
|
|
|
66D000
|
heap default
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
F20000
|
unkown
|
page read and write
|
|
|
|
5B9E000
|
unkown
|
page read and write
|
|
|
|
30B000
|
unkown
|
page read and write
|
|
|
|
4B4000
|
heap default
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page execute and read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
800000
|
unkown
|
page readonly
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
4DA000
|
heap default
|
page read and write
|
|
|
|
474F000
|
unkown
|
page read and write
|
|
|
|
6DC000
|
heap default
|
page read and write
|
|
|
|
8C0000
|
unkown
|
page readonly
|
|
|
|
5134000
|
unkown
|
page read and write
|
|
|
|
5159000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
4E10000
|
unkown
|
page readonly
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
783000
|
unkown
|
page read and write
|
|
|
|
5A0000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
6DE000
|
heap default
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
F80000
|
unkown image
|
page readonly
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
2471000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
570000
|
unkown
|
page read and write
|
|
|
|
BBCD000
|
stack
|
page read and write
|
|
|
|
602000
|
heap private
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
2636000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
DB0000
|
heap private
|
page execute and read and write
|
|
|
|
5ED2000
|
unkown
|
page readonly
|
|
|
|
305000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
770000
|
heap private
|
page execute and read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
F1E000
|
unkown
|
page read and write
|
|
|
|
4D7E000
|
unkown
|
page read and write
|
|
|
|
5D82000
|
unkown
|
page readonly
|
|
|
|
5EA9000
|
unkown
|
page readonly
|
|
|
|
556C000
|
unkown
|
page read and write
|
|
|
|
5166000
|
unkown
|
page read and write
|
|
|
|
BD8E000
|
unkown
|
page read and write | page guard
|
|
|
|
5E86000
|
unkown
|
page readonly
|
|
|
|
720000
|
unkown
|
page read and write
|
|
|
|
775000
|
unkown
|
page read and write
|
|
|
|
52EE000
|
unkown
|
page read and write
|
|
|
|
497000
|
heap default
|
page read and write
|
|
|
|
770000
|
unkown
|
page read and write
|
|
|
|
5C0B000
|
unkown
|
page read and write
|
|
|
|
82E000
|
unkown
|
page read and write
|
|
|
|
297000
|
unkown
|
page execute and read and write
|
|
|
|
B90000
|
unkown
|
page read and write
|
|
|
|
163000
|
unkown
|
page execute and read and write
|
|
There are 541 hidden memdumps, click here to show them.