Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SOL2021-03-14-NETC-NI-21-049-CEVA INV.xlsx
|
CDFV2 Encrypted
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nano[1].exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp2720.tmp
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
|
ISO-8859 text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\gmSlQSien.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$SOL2021-03-14-NETC-NI-21-049-CEVA INV.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\Public\vbc.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\27A56AD2.png
|
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\29AF82FC.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 550x310,
frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\365FCBB7.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4132FFE5.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5394A5DD.png
|
PNG image data, 199 x 126, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5A7818AB.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5DF1CC3E.png
|
PNG image data, 199 x 126, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\69EC2A79.png
|
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\98FE530E.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9EE93CA2.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A4A722F1.png
|
PNG image data, 110 x 167, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AB377A3A.png
|
PNG image data, 566 x 429, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B9A26101.png
|
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BC2E50F3.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 550x310,
frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D2E7424C.png
|
PNG image data, 110 x 167, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D3B54A74.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D6B60ECD.jpeg
|
[TIFF image data, big-endian, direntries=4], baseline, precision 8, 396x275, frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DAA062B0.jpeg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames
3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E3296E6A.png
|
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EA55EE58.jpeg
|
[TIFF image data, big-endian, direntries=4], baseline, precision 8, 396x275, frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EB61327.png
|
PNG image data, 566 x 429, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
|
data
|
dropped
|
|
There are 20 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
|
|
|
|
C:\Users\Public\vbc.exe
|
'C:\Users\Public\vbc.exe'
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gmSlQSien' /XML 'C:\Users\user\AppData\Local\Temp\tmp2720.tmp'
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
|
'C:\Program Files (x86)\SMTP Service\smtpsvc.exe'
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
nassiru1155.ddns.net
|
|
||
|
http://covid19vaccinations.hopto.org/nano.exe
|
13.235.115.155
|
|
|
|
79.134.225.30
|
|
||
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
covid19vaccinations.hopto.org
|
13.235.115.155
|
|
|
|
nassiru1155.ddns.net
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
13.235.115.155
|
covid19vaccinations.hopto.org
|
United States
|
|
|
|
79.134.225.30
|
unknown
|
Switzerland
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
$v3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F1F63
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
FontCachePath
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
q14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F6DFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F7C8F
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 21
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F6DFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F6DFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
NULL
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F6DFF
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
EquationEditorFilesIntl_1033
|
|
|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
SavedLegacySettings
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
|
SMTP Service
|
|
There are 193 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
840000
|
unkown
|
page read and write
|
|
|
|
36A1000
|
unkown
|
page read and write
|
|
|
|
26A1000
|
unkown
|
page read and write
|
|
|
|
37E6000
|
unkown
|
page read and write
|
|
|
|
402000
|
unkown
|
page execute and read and write
|
|
|
|
7EF50000
|
unkown
|
page execute and read and write
|
|
|
|
397E000
|
unkown
|
page read and write
|
|
|
|
2FB000
|
unkown
|
page execute and read and write
|
|
|
|
3A1F000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
506000
|
unkown
|
page read and write
|
|
|
|
1286000
|
unkown image
|
page readonly
|
|
|
|
3A3E000
|
unkown
|
page read and write
|
|
|
|
4E0000
|
unkown
|
page write copy
|
|
|
|
3B1E000
|
unkown
|
page read and write
|
|
|
|
60E000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
63FF000
|
unkown
|
page read and write
|
|
|
|
20000
|
heap private
|
page read and write
|
|
|
|
5B0000
|
unkown
|
page read and write
|
|
|
|
5A0000
|
unkown
|
page read and write
|
|
|
|
B60000
|
unkown
|
page read and write
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
2CA000
|
unkown
|
page execute and read and write
|
|
|
|
2130000
|
unkown
|
page readonly
|
|
|
|
38BE000
|
unkown
|
page read and write
|
|
|
|
21B0000
|
unkown
|
page read and write
|
|
|
|
39FE000
|
unkown
|
page read and write
|
|
|
|
13A000
|
unkown
|
page execute and read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
542E000
|
unkown
|
page read and write
|
|
|
|
505000
|
unkown
|
page read and write
|
|
|
|
730000
|
unkown
|
page readonly
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
heap private
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
5F8000
|
unkown
|
page read and write
|
|
|
|
23B000
|
unkown
|
page execute and read and write
|
|
|
|
120000
|
unkown
|
page read and write
|
|
|
|
9D0000
|
unkown
|
page readonly
|
|
|
|
39DF000
|
unkown
|
page read and write
|
|
|
|
4951000
|
unkown
|
page read and write
|
|
|
|
3A7E000
|
unkown
|
page read and write
|
|
|
|
B61000
|
unkown
|
page read and write
|
|
|
|
39FE000
|
unkown
|
page read and write
|
|
|
|
58F000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
3D6000
|
heap private
|
page read and write
|
|
|
|
29FC000
|
unkown
|
page read and write
|
|
|
|
3A3E000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
A9CD000
|
stack
|
page read and write
|
|
|
|
387E000
|
unkown
|
page read and write
|
|
|
|
492F000
|
unkown
|
page read and write
|
|
|
|
200000
|
unkown image
|
page readonly
|
|
|
|
5B5000
|
heap default
|
page read and write
|
|
|
|
38BE000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
715000
|
unkown
|
page read and write
|
|
|
|
3A7E000
|
unkown
|
page read and write
|
|
|
|
650000
|
unkown
|
page readonly
|
|
|
|
4AE7000
|
heap private
|
page execute and read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
214F000
|
unkown
|
page read and write
|
|
|
|
1114000
|
heap private
|
page read and write
|
|
|
|
6F0000
|
unkown
|
page read and write
|
|
|
|
715000
|
unkown
|
page read and write
|
|
|
|
232000
|
unkown
|
page read and write
|
|
|
|
1286000
|
unkown image
|
page readonly
|
|
|
|
20A000
|
unkown
|
page read and write
|
|
|
|
416000
|
unkown
|
page read and write | page guard
|
|
|
|
B70000
|
unkown
|
page read and write
|
|
|
|
1E0000
|
heap private
|
page read and write
|
|
|
|
3A9E000
|
unkown
|
page read and write
|
|
|
|
684000
|
heap default
|
page read and write
|
|
|
|
5A3E000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
2C2000
|
unkown
|
page execute and read and write
|
|
|
|
391E000
|
unkown
|
page read and write
|
|
|
|
46A0000
|
unkown
|
page read and write
|
|
|
|
5F0000
|
unkown
|
page read and write
|
|
|
|
2A0000
|
unkown
|
page readonly
|
|
|
|
495D000
|
unkown
|
page read and write
|
|
|
|
2F0000
|
unkown
|
page read and write
|
|
|
|
2D2000
|
unkown
|
page read and write
|
|
|
|
5AF000
|
heap default
|
page read and write
|
|
|
|
397E000
|
unkown
|
page read and write
|
|
|
|
480000
|
unkown
|
page read and write
|
|
|
|
39BE000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page readonly
|
|
|
|
6210000
|
heap private
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page readonly
|
|
|
|
4E80000
|
unkown
|
page read and write
|
|
|
|
37C1000
|
unkown
|
page read and write
|
|
|
|
290000
|
unkown
|
page read and write
|
|
|
|
2D7000
|
unkown
|
page execute and read and write
|
|
|
|
2C7000
|
unkown
|
page read and write
|
|
|
|
39FE000
|
unkown
|
page read and write
|
|
|
|
5F5E000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
160000
|
heap private
|
page read and write
|
|
|
|
393E000
|
unkown
|
page read and write
|
|
|
|
506000
|
unkown
|
page read and write
|
|
|
|
3A5E000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
340000
|
unkown
|
page execute and read and write
|
|
|
|
4DD0000
|
heap private
|
page read and write
|
|
|
|
5AFD000
|
unkown
|
page read and write
|
|
|
|
420000
|
unkown
|
page read and write
|
|
|
|
395E000
|
unkown
|
page read and write
|
|
|
|
354000
|
heap private
|
page read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
39DF000
|
unkown
|
page read and write
|
|
|
|
11D0000
|
unkown image
|
page readonly
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
590000
|
unkown
|
page readonly
|
|
|
|
39BE000
|
unkown
|
page read and write
|
|
|
|
202000
|
unkown image
|
page execute read
|
|
|
|
C7F000
|
stack
|
page read and write
|
|
|
|
38DE000
|
unkown
|
page read and write
|
|
|
|
781000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
370000
|
heap default
|
page read and write
|
|
|
|
4E7E000
|
unkown
|
page read and write | page guard
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
1160000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
6E2000
|
unkown
|
page execute and read and write
|
|
|
|
3A9E000
|
unkown
|
page read and write
|
|
|
|
781000
|
unkown
|
page read and write
|
|
|
|
5C1E000
|
stack
|
page read and write
|
|
|
|
496E000
|
unkown
|
page read and write
|
|
|
|
640000
|
unkown
|
page readonly
|
|
|
|
3421000
|
unkown
|
page read and write
|
|
|
|
1B6000
|
unkown
|
page execute and read and write
|
|
|
|
860000
|
heap private
|
page execute and read and write
|
|
|
|
393E000
|
unkown
|
page read and write
|
|
|
|
3A9E000
|
unkown
|
page read and write
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
2B0000
|
unkown
|
page readonly
|
|
|
|
387E000
|
unkown
|
page read and write
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
D30000
|
unkown
|
page readonly
|
|
|
|
4CE000
|
unkown
|
page read and write
|
|
|
|
39BE000
|
unkown
|
page read and write
|
|
|
|
597E000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page readonly
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
4E5E000
|
unkown
|
page read and write
|
|
|
|
208000
|
unkown image
|
page readonly
|
|
|
|
2198000
|
unkown
|
page read and write
|
|
|
|
667000
|
heap default
|
page read and write
|
|
|
|
3A9E000
|
unkown
|
page read and write
|
|
|
|
5A9D000
|
unkown
|
page read and write
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
80000
|
unkown
|
page readonly
|
|
|
|
3A1F000
|
unkown
|
page read and write
|
|
|
|
6D0000
|
unkown
|
page execute and read and write
|
|
|
|
3819000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
1CC000
|
unkown
|
page execute and read and write
|
|
|
|
399E000
|
unkown
|
page read and write
|
|
|
|
4E7F000
|
unkown
|
page read and write
|
|
|
|
590000
|
unkown
|
page read and write
|
|
|
|
4919000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page read and write
|
|
|
|
3B1E000
|
unkown
|
page read and write
|
|
|
|
3A3E000
|
unkown
|
page read and write
|
|
|
|
610000
|
unkown
|
page readonly
|
|
|
|
555F000
|
unkown
|
page read and write
|
|
|
|
4F0000
|
heap default
|
page read and write
|
|
|
|
850000
|
unkown
|
page read and write
|
|
|
|
4926000
|
unkown
|
page read and write
|
|
|
|
2F7000
|
unkown
|
page execute and read and write
|
|
|
|
B70000
|
unkown
|
page execute and read and write
|
|
|
|
4A97000
|
unkown
|
page read and write
|
|
|
|
22AD000
|
unkown
|
page read and write
|
|
|
|
26E1000
|
unkown
|
page read and write
|
|
|
|
214E000
|
unkown
|
page read and write | page guard
|
|
|
|
39DE000
|
unkown
|
page read and write
|
|
|
|
4F7000
|
heap default
|
page read and write
|
|
|
|
4D8F000
|
unkown
|
page read and write
|
|
|
|
550000
|
heap default
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
391E000
|
unkown
|
page read and write
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
3A7E000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
11D2000
|
unkown image
|
page execute read
|
|
|
|
391E000
|
unkown
|
page read and write
|
|
|
|
B98000
|
heap private
|
page read and write
|
|
|
|
5540000
|
unkown
|
page readonly
|
|
|
|
38BE000
|
unkown
|
page read and write
|
|
|
|
540000
|
unkown
|
page readonly
|
|
|
|
3A7E000
|
unkown
|
page read and write
|
|
|
|
3A5E000
|
unkown
|
page read and write
|
|
|
|
B70000
|
unkown
|
page read and write
|
|
|
|
385F000
|
unkown
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
150000
|
heap default
|
page read and write
|
|
|
|
1BA000
|
unkown
|
page execute and read and write
|
|
|
|
4A45000
|
heap private
|
page read and write
|
|
|
|
395E000
|
unkown
|
page read and write
|
|
|
|
514000
|
heap default
|
page read and write
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
2F1000
|
unkown
|
page read and write
|
|
|
|
50A0000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
9A7000
|
unkown
|
page read and write
|
|
|
|
62BF000
|
unkown
|
page read and write
|
|
|
|
1E0000
|
unkown
|
page readonly
|
|
|
|
7EF60000
|
unkown
|
page execute and read and write
|
|
|
|
22A000
|
unkown
|
page execute and read and write
|
|
|
|
395E000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
422000
|
unkown
|
page execute and read and write
|
|
|
|
540000
|
unkown
|
page read and write
|
|
|
|
9B0000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
590000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
4FDC000
|
unkown
|
page read and write
|
|
|
|
2B2000
|
unkown
|
page execute and read and write
|
|
|
|
3A3E000
|
unkown
|
page read and write
|
|
|
|
3A9E000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
unkown
|
page readonly
|
|
|
|
4AE0000
|
heap private
|
page execute and read and write
|
|
|
|
AE5E000
|
stack
|
page read and write
|
|
|
|
395E000
|
unkown
|
page read and write
|
|
|
|
200000
|
unkown image
|
page readonly
|
|
|
|
7F0000
|
unkown
|
page readonly
|
|
|
|
1CA000
|
stack
|
page read and write
|
|
|
|
4957000
|
unkown
|
page read and write
|
|
|
|
417000
|
stack
|
page read and write
|
|
|
|
8A0000
|
unkown
|
page read and write
|
|
|
|
542000
|
unkown
|
page read and write
|
|
|
|
389E000
|
unkown
|
page read and write
|
|
|
|
488D000
|
stack
|
page read and write
|
|
|
|
A5DF000
|
unkown
|
page read and write
|
|
|
|
3AFE000
|
unkown
|
page read and write
|
|
|
|
39BE000
|
unkown
|
page read and write
|
|
|
|
2150000
|
unkown
|
page readonly
|
|
|
|
63B000
|
unkown
|
page readonly
|
|
|
|
2814000
|
unkown
|
page read and write
|
|
|
|
1100000
|
unkown
|
page read and write
|
|
|
|
39DE000
|
unkown
|
page read and write
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
607E000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
2F0000
|
unkown
|
page readonly
|
|
|
|
393E000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
3B1E000
|
unkown
|
page read and write
|
|
|
|
237000
|
unkown
|
page execute and read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
650000
|
unkown
|
page read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
212000
|
unkown
|
page read and write
|
|
|
|
11D0000
|
unkown image
|
page readonly
|
|
|
|
504000
|
unkown
|
page read and write
|
|
|
|
389E000
|
unkown
|
page read and write
|
|
|
|
3AFE000
|
unkown
|
page read and write
|
|
|
|
2DD000
|
heap default
|
page read and write
|
|
|
|
39FE000
|
unkown
|
page read and write
|
|
|
|
39FE000
|
unkown
|
page read and write
|
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
770000
|
unkown
|
page execute and read and write
|
|
|
|
56C000
|
heap default
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
478D000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page readonly
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
7EF50000
|
unkown
|
page execute and read and write
|
|
|
|
3A5E000
|
unkown
|
page read and write
|
|
|
|
45B000
|
unkown
|
page readonly
|
|
|
|
61C000
|
unkown
|
page readonly
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
38FE000
|
unkown
|
page read and write
|
|
|
|
222000
|
unkown
|
page execute and read and write
|
|
|
|
285A000
|
unkown
|
page read and write
|
|
|
|
506000
|
unkown
|
page read and write
|
|
|
|
C80000
|
unkown
|
page read and write
|
|
|
|
B80000
|
unkown
|
page read and write
|
|
|
|
2421000
|
unkown
|
page read and write
|
|
|
|
4A8C000
|
unkown
|
page read and write
|
|
|
|
3B1E000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
7A8000
|
unkown
|
page read and write
|
|
|
|
2EA000
|
unkown
|
page execute and read and write
|
|
|
|
62BE000
|
unkown
|
page read and write | page guard
|
|
|
|
3AFE000
|
unkown
|
page read and write
|
|
|
|
5AE0000
|
unkown
|
page read and write
|
|
|
|
1DE7000
|
unkown
|
page readonly
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
1E80000
|
heap private
|
page execute and read and write
|
|
|
|
24F0000
|
unkown
|
page readonly
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
1DD0000
|
unkown
|
page read and write
|
|
|
|
3A9E000
|
unkown
|
page read and write
|
|
|
|
506000
|
unkown
|
page read and write
|
|
|
|
46AE000
|
stack
|
page read and write
|
|
|
|
437000
|
unkown
|
page readonly
|
|
|
|
660000
|
unkown
|
page readonly
|
|
|
|
3B1E000
|
unkown
|
page read and write
|
|
|
|
5B0000
|
unkown
|
page read and write
|
|
|
|
3A7E000
|
unkown
|
page read and write
|
|
|
|
1FFE000
|
unkown
|
page read and write
|
|
|
|
3B1000
|
unkown
|
page read and write
|
|
|
|
4A40000
|
heap private
|
page read and write
|
|
|
|
5C70000
|
heap private
|
page read and write
|
|
|
|
48C8000
|
unkown
|
page read and write
|
|
|
|
5A0000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
387F000
|
unkown
|
page read and write
|
|
|
|
4A50000
|
unkown
|
page read and write
|
|
|
|
22E5000
|
heap private
|
page execute and read and write
|
|
|
|
3B0000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
9A6000
|
unkown
|
page read and write
|
|
|
|
5F2000
|
unkown
|
page read and write
|
|
|
|
590000
|
unkown
|
page read and write
|
|
|
|
B70000
|
unkown
|
page read and write
|
|
|
|
38DE000
|
unkown
|
page read and write
|
|
|
|
542000
|
unkown
|
page read and write
|
|
|
|
10C0000
|
unkown
|
page read and write
|
|
|
|
387E000
|
unkown
|
page read and write
|
|
|
|
389E000
|
unkown
|
page read and write
|
|
|
|
448000
|
unkown
|
page read and write
|
|
|
|
3A1E000
|
unkown
|
page read and write
|
|
|
|
3AFE000
|
unkown
|
page read and write
|
|
|
|
9B0000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page readonly
|
|
|
|
420000
|
unkown
|
page readonly
|
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
3B1E000
|
unkown
|
page read and write
|
|
|
|
21A000
|
unkown
|
page execute and read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
38DE000
|
unkown
|
page read and write
|
|
|
|
11D0000
|
unkown image
|
page readonly
|
|
|
|
2E2000
|
unkown
|
page execute and read and write
|
|
|
|
4ECF000
|
unkown
|
page read and write
|
|
|
|
67F000
|
unkown
|
page read and write
|
|
|
|
6E3000
|
unkown
|
page read and write
|
|
|
|
3B3E000
|
unkown
|
page read and write
|
|
|
|
A71C000
|
unkown
|
page read and write
|
|
|
|
5B0000
|
unkown
|
page execute and read and write
|
|
|
|
538000
|
heap default
|
page read and write
|
|
|
|
24EF000
|
unkown
|
page read and write
|
|
|
|
7D0000
|
unkown
|
page readonly
|
|
|
|
320000
|
unkown
|
page readonly
|
|
|
|
7F0000
|
heap private
|
page read and write
|
|
|
|
553E000
|
stack
|
page read and write
|
|
|
|
FE0000
|
unkown
|
page readonly
|
|
|
|
4890000
|
unkown
|
page read and write
|
|
|
|
59A000
|
heap default
|
page read and write
|
|
|
|
2BA000
|
unkown
|
page execute and read and write
|
|
|
|
2E0000
|
unkown
|
page execute and read and write
|
|
|
|
3F0000
|
unkown
|
page read and write
|
|
|
|
5F0000
|
unkown
|
page read and write
|
|
|
|
210000
|
unkown
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
208000
|
unkown image
|
page readonly
|
|
|
|
19A000
|
unkown
|
page execute and read and write
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
6EA000
|
unkown
|
page read and write
|
|
|
|
840000
|
unkown
|
page read and write
|
|
|
|
A61C000
|
unkown
|
page read and write
|
|
|
|
4916000
|
unkown
|
page read and write
|
|
|
|
140000
|
unkown
|
page readonly
|
|
|
|
4A1E000
|
unkown
|
page read and write
|
|
|
|
239E000
|
unkown
|
page read and write
|
|
|
|
385F000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown
|
page readonly
|
|
|
|
5DDE000
|
unkown
|
page read and write
|
|
|
|
500000
|
heap private
|
page execute and read and write
|
|
|
|
390000
|
unkown
|
page readonly
|
|
|
|
1150000
|
unkown
|
page read and write
|
|
|
|
4C5E000
|
stack
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
60AE000
|
unkown
|
page read and write
|
|
|
|
10E0000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page readonly
|
|
|
|
393E000
|
unkown
|
page read and write
|
|
|
|
6A8000
|
heap default
|
page read and write
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
72B0000
|
unkown
|
page read and write
|
|
|
|
372000
|
heap private
|
page read and write
|
|
|
|
38FE000
|
unkown
|
page read and write
|
|
|
|
3A1E000
|
unkown
|
page read and write
|
|
|
|
1132000
|
heap private
|
page read and write
|
|
|
|
568E000
|
unkown
|
page read and write
|
|
|
|
48F4000
|
unkown
|
page read and write
|
|
|
|
5EEE000
|
stack
|
page read and write
|
|
|
|
BC000
|
unkown
|
page read and write
|
|
|
|
590E000
|
unkown
|
page read and write
|
|
|
|
11D2000
|
unkown image
|
page execute read
|
|
|
|
3B3E000
|
unkown
|
page read and write
|
|
|
|
506000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
506000
|
unkown
|
page read and write
|
|
|
|
506000
|
unkown
|
page read and write
|
|
|
|
29F6000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
574000
|
heap default
|
page read and write
|
|
|
|
5C7000
|
unkown
|
page read and write
|
|
|
|
9A8000
|
unkown
|
page read and write
|
|
|
|
617000
|
unkown
|
page readonly
|
|
|
|
350000
|
unkown
|
page readonly
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
9A5000
|
unkown
|
page read and write
|
|
|
|
3A0000
|
unkown
|
page read and write
|
|
|
|
5B0000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
5D9E000
|
stack
|
page read and write
|
|
|
|
2A0000
|
heap default
|
page read and write
|
|
|
|
B10000
|
unkown
|
page readonly
|
|
|
|
716000
|
unkown
|
page read and write
|
|
|
|
B65000
|
unkown
|
page read and write
|
|
|
|
2190000
|
unkown
|
page read and write
|
|
|
|
217000
|
unkown
|
page execute and read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
4FE0000
|
unkown
|
page readonly
|
|
|
|
200000
|
unkown image
|
page readonly
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
60B0000
|
unkown
|
page write copy
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
5290000
|
unkown
|
page read and write
|
|
|
|
5F0000
|
unkown
|
page read and write
|
|
|
|
38DE000
|
unkown
|
page read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
330000
|
unkown
|
page read and write
|
|
|
|
4A6D000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
3AFE000
|
unkown
|
page read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
21A0000
|
unkown
|
page read and write
|
|
|
|
21FC000
|
unkown
|
page read and write
|
|
|
|
3A9F000
|
unkown
|
page read and write
|
|
|
|
710000
|
unkown
|
page read and write
|
|
|
|
2F1000
|
unkown
|
page read and write
|
|
|
|
2EB000
|
heap default
|
page read and write
|
|
|
|
9A8000
|
unkown
|
page read and write
|
|
|
|
2C6000
|
unkown
|
page read and write | page guard
|
|
|
|
780000
|
unkown
|
page read and write
|
|
|
|
3B1E000
|
unkown
|
page read and write
|
|
|
|
4D8E000
|
unkown
|
page read and write | page guard
|
|
|
|
598000
|
unkown
|
page read and write
|
|
|
|
B70000
|
unkown
|
page read and write
|
|
|
|
11AC000
|
unkown
|
page read and write
|
|
|
|
3A5E000
|
unkown
|
page read and write
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
1100000
|
unkown
|
page read and write
|
|
|
|
660000
|
heap default
|
page read and write
|
|
|
|
6C9000
|
heap private
|
page read and write
|
|
|
|
399E000
|
unkown
|
page read and write
|
|
|
|
1AC000
|
unkown
|
page execute and read and write
|
|
|
|
1A0000
|
unkown
|
page read and write
|
|
|
|
39DE000
|
unkown
|
page read and write
|
|
|
|
2E6000
|
heap default
|
page read and write
|
|
|
|
1100000
|
unkown
|
page read and write
|
|
|
|
3A1E000
|
unkown
|
page read and write
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
1E4000
|
heap private
|
page read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
5A0000
|
unkown
|
page read and write
|
|
|
|
4F0000
|
unkown
|
page execute and read and write
|
|
|
|
4F0000
|
unkown
|
page execute and read and write
|
|
|
|
23DE000
|
unkown
|
page read and write
|
|
|
|
599E000
|
unkown
|
page read and write
|
|
|
|
AFF000
|
unkown
|
page read and write
|
|
|
|
140000
|
unkown
|
page read and write
|
|
|
|
1110000
|
heap private
|
page read and write
|
|
|
|
1DE0000
|
unkown
|
page readonly
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
132000
|
unkown
|
page execute and read and write
|
|
|
|
D10000
|
unkown
|
page readonly
|
|
|
|
385E000
|
unkown
|
page read and write
|
|
|
|
970000
|
unkown
|
page readonly
|
|
|
|
50C000
|
unkown
|
page read and write
|
|
|
|
39FE000
|
unkown
|
page read and write
|
|
|
|
C2F000
|
unkown
|
page read and write
|
|
|
|
505000
|
unkown
|
page read and write
|
|
|
|
3A5E000
|
unkown
|
page read and write
|
|
|
|
4CE000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
7B0000
|
heap private
|
page execute and read and write
|
|
|
|
2D0000
|
heap private
|
page read and write
|
|
|
|
6C0000
|
heap private
|
page read and write
|
|
|
|
760000
|
unkown
|
page readonly
|
|
|
|
10C0000
|
unkown
|
page readonly
|
|
|
|
540000
|
unkown
|
page read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
2A7000
|
heap default
|
page read and write
|
|
|
|
72F000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
3A3E000
|
unkown
|
page read and write
|
|
|
|
1E0B000
|
unkown
|
page readonly
|
|
|
|
5290000
|
unkown
|
page read and write
|
|
|
|
38FE000
|
unkown
|
page read and write
|
|
|
|
537E000
|
unkown
|
page read and write
|
|
|
|
5A5000
|
unkown
|
page read and write
|
|
|
|
5290000
|
unkown
|
page readonly
|
|
|
|
3B1E000
|
unkown
|
page read and write
|
|
|
|
1C2000
|
unkown
|
page execute and read and write
|
|
|
|
5ADE000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
3B5000
|
unkown
|
page read and write
|
|
|
|
430000
|
unkown
|
page readonly
|
|
|
|
385F000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown
|
page read and write
|
|
|
|
3A3E000
|
unkown
|
page read and write
|
|
|
|
3AFE000
|
unkown
|
page read and write
|
|
|
|
1D90000
|
unkown
|
page readonly
|
|
|
|
A89F000
|
stack
|
page read and write
|
|
|
|
142000
|
unkown
|
page execute and read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
63FE000
|
unkown
|
page read and write | page guard
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
3ADE000
|
unkown
|
page read and write
|
|
|
|
3A1E000
|
unkown
|
page read and write
|
|
|
|
3A9F000
|
unkown
|
page read and write
|
|
|
|
10D0000
|
unkown
|
page read and write
|
|
|
|
225D000
|
unkown
|
page read and write
|
|
|
|
3A3E000
|
unkown
|
page read and write
|
|
|
|
B50000
|
unkown
|
page readonly
|
|
|
|
43C000
|
unkown
|
page readonly
|
|
|
|
22E0000
|
heap private
|
page execute and read and write
|
|
|
|
543E000
|
unkown
|
page read and write
|
|
|
|
397E000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
3A3E000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
557000
|
heap default
|
page read and write
|
|
|
|
3AFE000
|
unkown
|
page read and write
|
|
|
|
507000
|
unkown
|
page read and write
|
|
|
|
3D0000
|
heap private
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
38BE000
|
unkown
|
page read and write
|
|
|
|
2DB000
|
unkown
|
page execute and read and write
|
|
|
|
3D6000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
1A2000
|
unkown
|
page execute and read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
510000
|
heap default
|
page read and write
|
|
|
|
202000
|
unkown image
|
page execute read
|
|
|
|
8BD000
|
unkown
|
page read and write
|
|
|
|
AA000
|
unkown
|
page read and write
|
|
|
|
3A1E000
|
unkown
|
page read and write
|
|
|
|
3A5E000
|
unkown
|
page read and write
|
|
|
|
3A5E000
|
unkown
|
page read and write
|
|
|
|
1DEC000
|
unkown
|
page readonly
|
|
|
|
4C60000
|
unkown
|
page read and write
|
|
|
|
600000
|
unkown
|
page read and write
|
|
|
|
790000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
5290000
|
unkown
|
page read and write
|
|
|
|
9A0000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
unkown
|
page read and write
|
|
|
|
7E0000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
3C0000
|
unkown
|
page execute and read and write
|
|
|
|
39DE000
|
unkown
|
page read and write
|
|
|
|
16D000
|
unkown
|
page read and write
|
|
|
|
5090000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
250000
|
heap private
|
page execute and read and write
|
|
|
|
2302000
|
heap private
|
page execute and read and write
|
|
|
|
397E000
|
unkown
|
page read and write
|
|
|
|
29FA000
|
unkown
|
page read and write
|
|
|
|
3A7E000
|
unkown
|
page read and write
|
|
|
|
391E000
|
unkown
|
page read and write
|
|
|
|
4C5F000
|
unkown
|
page read and write
|
|
|
|
496C000
|
unkown
|
page read and write
|
|
|
|
389E000
|
unkown
|
page read and write
|
|
|
|
5F0000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
38FE000
|
unkown
|
page read and write
|
|
|
|
ABAC000
|
stack
|
page read and write
|
|
|
|
399E000
|
unkown
|
page read and write
|
|
|
|
399E000
|
unkown
|
page read and write
|
|
|
|
5B5000
|
unkown
|
page read and write
|
|
|
|
5F1000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
350000
|
heap private
|
page read and write
|
|
|
|
500000
|
unkown
|
page read and write
|
|
|
|
47FE000
|
unkown
|
page read and write
|
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
493D000
|
unkown
|
page read and write
|
|
|
|
602D000
|
stack
|
page read and write
|
|
|
|
3A1E000
|
unkown
|
page read and write
|
|
|
|
27C1000
|
unkown
|
page read and write
|
|
|
|
2A0000
|
unkown
|
page read and write
|
|
|
|
5A0000
|
unkown
|
page read and write
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
3ABE000
|
unkown
|
page read and write
|
|
|
|
5F0000
|
unkown
|
page readonly
|
|
|
|
3AFE000
|
unkown
|
page read and write
|
|
|
|
507000
|
unkown
|
page read and write
|
|
|
|
4B04000
|
heap private
|
page execute and read and write
|
|
|
|
2190000
|
unkown
|
page read and write
|
|
|
|
1CA000
|
unkown
|
page execute and read and write
|
|
|
|
192000
|
unkown
|
page execute and read and write
|
|
|
|
34E000
|
unkown
|
page read and write
|
|
|
|
1C6000
|
unkown
|
page read and write
|
|
|
|
7A0000
|
unkown
|
page read and write
|
|
|
|
3A9E000
|
unkown
|
page read and write
|
|
|
|
B90000
|
heap private
|
page read and write
|
|
|
|
360000
|
heap private
|
page read and write
|
|
|
|
D00000
|
heap private
|
page read and write
|
|
|
|
3A7E000
|
unkown
|
page read and write
|
|
|
|
3A7E000
|
unkown
|
page read and write
|
|
|
|
4ACE000
|
unkown
|
page read and write
|
|
|
|
75C000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
unkown
|
page read and write
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
26F9000
|
unkown
|
page read and write
|
|
There are 629 hidden memdumps, click here to show them.