Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
statistic-2072807337.xlsm
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\~$statistic-2072807337.xlsm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4635BCA.png
|
PNG image data, 205 x 58, 8-bit/color RGB, non-interlaced
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C6582543.png
|
PNG image data, 485 x 185, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C9561349.png
|
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D4DD9668.png
|
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\suspendedpage[1].htm
|
HTML document, ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Temp\7B720000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu
Jun 27 18:52:18 2019, mtime=Tue May 4 19:34:22 2021, atime=Tue May 4 19:34:22 2021, length=12288, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\statistic-2072807337.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 14:27:01
2020, mtime=Tue May 4 19:34:22 2021, atime=Tue May 4 19:34:22 2021, length=107618, window=hide
|
dropped
|
|
|
|
C:\Users\user\Desktop\AC720000
|
data
|
dropped
|
|
|
|
C:\Users\user\jordji.nbvt11
|
HTML document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, 58596 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\suspendedpage[1].htm
|
HTML document, ASCII text
|
downloaded
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\11D9B08A.png
|
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3D04E4C7.png
|
PNG image data, 205 x 58, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\63D5E81C.png
|
PNG image data, 485 x 185, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F713F16D.png
|
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\15EE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\CabEFDC.tmp
|
Microsoft Cabinet archive data, 58596 bytes, 1 file
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\TarEFDD.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\D5EE0000
|
data
|
dropped
|
|
There are 16 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32 ..\jordji.nbvt1,DllRegisterServer
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32 ..\jordji.nbvt11,DllRegisterServer
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\jordji.nbvt1,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32 ..\jordji.nbvt11,DllRegisterServer
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://fwdssp.com/?dn=referer_detect&pid=5POL4F2O4
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
anaheimdermatologists.com
|
192.185.5.2
|
|
|
|
industrialarttextile.com
|
192.254.233.89
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.185.5.2
|
anaheimdermatologists.com
|
United States
|
|
|
|
192.254.233.89
|
industrialarttextile.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
e 9
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
f 9
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
27093
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
MSForms
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
MSComctlLib
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
27815
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
2798C
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
27A96
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
27C0D
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
27D07
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
259
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
3A385
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
3A9FE
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
en-US
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingConfigurableSettings
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastSyncTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
RoamingLastWriteTime
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
CacheReady
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastRequest
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
CacheReady
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastUpdate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
NextUpdate
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
|
LastBootTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
2s3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EDEDA
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EE2C1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EE3CA
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EE4A4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EE58E
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EE64A
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
e~3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\system32\qagentrt.dll,-10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-843
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\fveui.dll,-844
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
@%SystemRoot%\System32\wuaueng.dll,-400
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
106D05
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
107A1F
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Blob
|
|
There are 159 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
656CB7F000
|
unkown
|
page read and write
|
|
|
|
7FF4FFA31000
|
unkown
|
page readonly
|
|
|
|
1C4FBA30000
|
unkown
|
page readonly
|
|
|
|
24A9AA20000
|
unkown
|
page read and write
|
|
|
|
2DB0000
|
unkown
|
page readonly
|
|
|
|
7FF57E19A000
|
unkown
|
page readonly
|
|
|
|
1C4FBA70000
|
unkown
|
page readonly
|
|
|
|
7FF57E283000
|
unkown
|
page readonly
|
|
|
|
1C480030000
|
unkown
|
page read and write
|
|
|
|
284F000
|
unkown
|
page readonly
|
|
|
|
1C4800E0000
|
unkown
|
page readonly
|
|
|
|
1C4FB170000
|
unkown
|
page read and write
|
|
|
|
7FF500061000
|
unkown
|
page readonly
|
|
|
|
1C4802B4000
|
unkown
|
page read and write
|
|
|
|
1C4802B0000
|
unkown
|
page read and write
|
|
|
|
7FF5001FA000
|
unkown
|
page readonly
|
|
|
|
26A5000
|
unkown
|
page readonly
|
|
|
|
1C4800E4000
|
unkown
|
page readonly
|
|
|
|
24A9ABE4000
|
unkown
|
page read and write
|
|
|
|
1C4FAA90000
|
unkown
|
page read and write
|
|
|
|
1C4800F8000
|
unkown
|
page write copy
|
|
|
|
1C4801E0000
|
unkown
|
page readonly
|
|
|
|
1C4FFDC0000
|
unkown
|
page read and write
|
|
|
|
1C480110000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown
|
page readonly
|
|
|
|
6ED46F9000
|
unkown
|
page read and write
|
|
|
|
26F8000
|
unkown
|
page readonly
|
|
|
|
2657000
|
unkown
|
page readonly
|
|
|
|
656CFFE000
|
unkown
|
page read and write
|
|
|
|
1C4801A0000
|
unkown
|
page readonly
|
|
|
|
656C877000
|
unkown
|
page read and write
|
|
|
|
24A9ABCA000
|
unkown
|
page read and write
|
|
|
|
1C4FFE10000
|
unkown
|
page readonly
|
|
|
|
24A9AB7F000
|
unkown
|
page read and write
|
|
|
|
24A9AB4C000
|
unkown
|
page read and write
|
|
|
|
1C4FB401000
|
unkown
|
page read and write
|
|
|
|
2805000
|
unkown
|
page readonly
|
|
|
|
1C480200000
|
unkown
|
page read and write
|
|
|
|
24A9ABDC000
|
unkown
|
page read and write
|
|
|
|
2CEA000
|
unkown
|
page read and write
|
|
|
|
7FF4FFA46000
|
unkown
|
page readonly
|
|
|
|
7FF57E27D000
|
unkown
|
page readonly
|
|
|
|
335D000
|
unkown
|
page read and write
|
|
|
|
297D000
|
unkown
|
page readonly
|
|
|
|
7FF5001D4000
|
unkown
|
page readonly
|
|
|
|
6320000
|
unkown
|
page readonly
|
|
|
|
24A9AC00000
|
unkown
|
page read and write
|
|
|
|
7FF500166000
|
unkown
|
page readonly
|
|
|
|
24A9AB24000
|
unkown
|
page read and write
|
|
|
|
7FF57E4ED000
|
unkown
|
page readonly
|
|
|
|
1C480160000
|
unkown
|
page read and write
|
|
|
|
79D000
|
unkown
|
page read and write
|
|
|
|
7FF57E132000
|
unkown
|
page readonly
|
|
|
|
24A9ABCA000
|
unkown
|
page read and write
|
|
|
|
24A9ABCB000
|
unkown
|
page read and write
|
|
|
|
1C4FAA74000
|
unkown
|
page read and write
|
|
|
|
2DF0000
|
heap private
|
page read and write
|
|
|
|
79D000
|
unkown
|
page read and write
|
|
|
|
580000
|
heap default
|
page read and write
|
|
|
|
24A9AB00000
|
heap default
|
page read and write
|
|
|
|
590000
|
unkown
|
page readonly
|
|
|
|
7B9000
|
unkown
|
page read and write
|
|
|
|
7FF57E418000
|
unkown
|
page readonly
|
|
|
|
7FF4FFA2D000
|
unkown
|
page readonly
|
|
|
|
24A9AB4E000
|
unkown
|
page read and write
|
|
|
|
7FF4E50CB000
|
unkown
|
page readonly
|
|
|
|
1FE000
|
unkown
|
page read and write
|
|
|
|
6ED44F9000
|
unkown
|
page read and write
|
|
|
|
656D17D000
|
unkown
|
page read and write
|
|
|
|
7FF500177000
|
unkown
|
page readonly
|
|
|
|
1C4FB202000
|
unkown
|
page read and write
|
|
|
|
24A9B820000
|
unkown
|
page read and write
|
|
|
|
770000
|
heap default
|
page read and write
|
|
|
|
64C0000
|
heap private
|
page read and write
|
|
|
|
27A1000
|
unkown
|
page readonly
|
|
|
|
7FF5001D1000
|
unkown
|
page readonly
|
|
|
|
277F000
|
unkown
|
page readonly
|
|
|
|
24A9AB55000
|
unkown
|
page read and write
|
|
|
|
1C4FAAB8000
|
unkown
|
page read and write
|
|
|
|
656CF7E000
|
unkown
|
page read and write
|
|
|
|
1C4FFF70000
|
unkown
|
page read and write
|
|
|
|
1C4FAAFF000
|
unkown
|
page read and write
|
|
|
|
281D000
|
unkown
|
page readonly
|
|
|
|
7A4000
|
unkown
|
page read and write
|
|
|
|
24A9ABAC000
|
unkown
|
page read and write
|
|
|
|
247F000
|
unkown
|
page readonly
|
|
|
|
24A9ABE2000
|
unkown
|
page read and write
|
|
|
|
7FF4FF968000
|
unkown
|
page readonly
|
|
|
|
1C4FAA6C000
|
unkown
|
page read and write
|
|
|
|
1C4FB359000
|
unkown
|
page read and write
|
|
|
|
1C4FB300000
|
unkown
|
page read and write
|
|
|
|
7FF57E159000
|
unkown
|
page readonly
|
|
|
|
24A9AB94000
|
unkown
|
page read and write
|
|
|
|
7FF57DD06000
|
unkown
|
page readonly
|
|
|
|
7FF57E411000
|
unkown
|
page readonly
|
|
|
|
2A58000
|
unkown
|
page readonly
|
|
|
|
1C480000000
|
unkown
|
page read and write
|
|
|
|
1C4FB1D1000
|
unkown
|
page read and write
|
|
|
|
24A9AB94000
|
unkown
|
page read and write
|
|
|
|
3000000
|
unkown
|
page readonly
|
|
|
|
24A9AAB0000
|
unkown
|
page read and write
|
|
|
|
7FF57E441000
|
unkown
|
page readonly
|
|
|
|
24A9AA40000
|
unkown
|
page readonly
|
|
|
|
2518000
|
unkown
|
page readonly
|
|
|
|
7A7000
|
unkown
|
page read and write
|
|
|
|
3355000
|
unkown
|
page read and write
|
|
|
|
1C480400000
|
unkown
|
page readonly
|
|
|
|
1C4FBA40000
|
unkown
|
page readonly
|
|
|
|
7FF57E4CF000
|
unkown
|
page readonly
|
|
|
|
2EE9000
|
unkown
|
page read and write
|
|
|
|
24A9AA55000
|
heap private
|
page read and write
|
|
|
|
7FF5001D7000
|
unkown
|
page readonly
|
|
|
|
7B2000
|
unkown
|
page read and write
|
|
|
|
1C4FAA41000
|
unkown
|
page read and write
|
|
|
|
7FF500038000
|
unkown
|
page readonly
|
|
|
|
7FF57E31B000
|
unkown
|
page readonly
|
|
|
|
24A9AB4C000
|
unkown
|
page read and write
|
|
|
|
29D1000
|
unkown
|
page readonly
|
|
|
|
2D90000
|
unkown
|
page read and write
|
|
|
|
1C4FBA20000
|
unkown
|
page readonly
|
|
|
|
1C4FA910000
|
unkown
|
page readonly
|
|
|
|
510000
|
unkown
|
page readonly
|
|
|
|
1C480231000
|
unkown
|
page read and write
|
|
|
|
520000
|
unkown
|
page read and write
|
|
|
|
6ED4579000
|
unkown
|
page read and write
|
|
|
|
7FF4FFAA1000
|
unkown
|
page readonly
|
|
|
|
2A80000
|
unkown
|
page readonly
|
|
|
|
7FF57E5C6000
|
unkown
|
page readonly
|
|
|
|
2972000
|
unkown
|
page readonly
|
|
|
|
1C4FA900000
|
heap default
|
page read and write
|
|
|
|
2A22000
|
unkown
|
page readonly
|
|
|
|
656C77F000
|
unkown
|
page read and write
|
|
|
|
795000
|
unkown
|
page read and write
|
|
|
|
24A9B830000
|
unkown
|
page read and write
|
|
|
|
27A5000
|
unkown
|
page readonly
|
|
|
|
7FF57E5C3000
|
unkown
|
page readonly
|
|
|
|
265F000
|
unkown
|
page readonly
|
|
|
|
335E000
|
unkown
|
page read and write
|
|
|
|
29FD000
|
unkown
|
page readonly
|
|
|
|
7FF4FFFAC000
|
unkown
|
page readonly
|
|
|
|
2DFA000
|
heap private
|
page read and write
|
|
|
|
BE0000
|
unkown
|
page readonly
|
|
|
|
7FF57E502000
|
unkown
|
page readonly
|
|
|
|
1C4FAA00000
|
unkown
|
page read and write
|
|
|
|
1C4FB1F0000
|
unkown
|
page read and write
|
|
|
|
5BE0000
|
unkown
|
page read and write
|
|
|
|
656CDFF000
|
unkown
|
page read and write
|
|
|
|
264000
|
unkown
|
page read and write
|
|
|
|
7FF57E2C9000
|
unkown
|
page readonly
|
|
|
|
6890000
|
unkown
|
page read and write
|
|
|
|
2A50000
|
unkown
|
page readonly
|
|
|
|
29FB000
|
unkown
|
page readonly
|
|
|
|
24A9B880000
|
unkown
|
page read and write
|
|
|
|
1C4FAF90000
|
unkown
|
page readonly
|
|
|
|
3365000
|
unkown
|
page read and write
|
|
|
|
31E0000
|
heap default
|
page read and write
|
|
|
|
1C480030000
|
unkown
|
page read and write
|
|
|
|
7FF57E2A5000
|
unkown
|
page readonly
|
|
|
|
1C4FBA80000
|
unkown
|
page readonly
|
|
|
|
24A9B890000
|
unkown
|
page read and write
|
|
|
|
297A000
|
unkown
|
page readonly
|
|
|
|
1C480460000
|
unkown
|
page readonly
|
|
|
|
7FF57DE59000
|
unkown
|
page readonly
|
|
|
|
24A9ABAB000
|
unkown
|
page read and write
|
|
|
|
7FF57DDA5000
|
unkown
|
page readonly
|
|
|
|
24A9ABAB000
|
unkown
|
page read and write
|
|
|
|
6ED45FE000
|
unkown
|
page read and write
|
|
|
|
29E8000
|
unkown
|
page readonly
|
|
|
|
24A9ABAB000
|
unkown
|
page read and write
|
|
|
|
24A9ABCA000
|
unkown
|
page read and write
|
|
|
|
24A9AB6A000
|
unkown
|
page read and write
|
|
|
|
2792000
|
unkown
|
page readonly
|
|
|
|
2981000
|
unkown
|
page readonly
|
|
|
|
7FF50011F000
|
unkown
|
page readonly
|
|
|
|
24A9ABE8000
|
unkown
|
page read and write
|
|
|
|
1C4FFE50000
|
unkown
|
page read and write
|
|
|
|
56E000
|
unkown
|
page read and write
|
|
|
|
7FF57E4F6000
|
unkown
|
page readonly
|
|
|
|
656C97A000
|
unkown
|
page read and write
|
|
|
|
1C4FAB02000
|
unkown
|
page read and write
|
|
|
|
7FF57E197000
|
unkown
|
page readonly
|
|
|
|
79D000
|
unkown
|
page read and write
|
|
|
|
7FF57E597000
|
unkown
|
page readonly
|
|
|
|
24A9ABAB000
|
unkown
|
page read and write
|
|
|
|
3365000
|
unkown
|
page read and write
|
|
|
|
7FF57E310000
|
unkown
|
page readonly
|
|
|
|
24A9B880000
|
unkown
|
page read and write
|
|
|
|
656CE7F000
|
unkown
|
page read and write
|
|
|
|
7FF57E37D000
|
unkown
|
page readonly
|
|
|
|
7FF57E16A000
|
unkown
|
page readonly
|
|
|
|
1C4FB940000
|
unkown
|
page read and write
|
|
|
|
7FF50016D000
|
unkown
|
page readonly
|
|
|
|
2885000
|
unkown
|
page readonly
|
|
|
|
1C4FB318000
|
unkown
|
page read and write
|
|
|
|
24A9AAB0000
|
unkown
|
page read and write
|
|
|
|
1C4FAA13000
|
unkown
|
page read and write
|
|
|
|
1C48023C000
|
unkown
|
page read and write
|
|
|
|
2854000
|
unkown
|
page readonly
|
|
|
|
7FF57E2C2000
|
unkown
|
page readonly
|
|
|
|
170000
|
unkown
|
page readonly
|
|
|
|
279A000
|
unkown
|
page readonly
|
|
|
|
7FF57E14C000
|
unkown
|
page readonly
|
|
|
|
7FF57E4A4000
|
unkown
|
page readonly
|
|
|
|
798000
|
unkown
|
page read and write
|
|
|
|
3379000
|
unkown
|
page read and write
|
|
|
|
140000
|
unkown
|
page read and write
|
|
|
|
24A9AB7F000
|
unkown
|
page read and write
|
|
|
|
1C4802AC000
|
unkown
|
page read and write
|
|
|
|
2A58000
|
unkown
|
page readonly
|
|
|
|
1C4FB313000
|
unkown
|
page read and write
|
|
|
|
24A9A930000
|
unkown
|
page readonly
|
|
|
|
7FF500227000
|
unkown
|
page readonly
|
|
|
|
7FF57E5AA000
|
unkown
|
page readonly
|
|
|
|
7FF500068000
|
unkown
|
page readonly
|
|
|
|
7FF57E4B0000
|
unkown
|
page readonly
|
|
|
|
2826000
|
unkown
|
page readonly
|
|
|
|
656CD7B000
|
unkown
|
page read and write
|
|
|
|
7FF57E455000
|
unkown
|
page readonly
|
|
|
|
7FF57E5D2000
|
unkown
|
page readonly
|
|
|
|
7FF57E51D000
|
unkown
|
page readonly
|
|
|
|
3367000
|
unkown
|
page read and write
|
|
|
|
7FF57E4B9000
|
unkown
|
page readonly
|
|
|
|
1C480000000
|
unkown
|
page read and write
|
|
|
|
1C4FBDC0000
|
unkown
|
page read and write
|
|
|
|
335D000
|
unkown
|
page read and write
|
|
|
|
335D000
|
unkown
|
page read and write
|
|
|
|
7FF57E2D4000
|
unkown
|
page readonly
|
|
|
|
1C4FFDD0000
|
unkown
|
page read and write
|
|
|
|
333A000
|
heap default
|
page read and write
|
|
|
|
7FF57E4DF000
|
unkown
|
page readonly
|
|
|
|
7FF500213000
|
unkown
|
page readonly
|
|
|
|
1C4FB060000
|
unkown
|
page read and write
|
|
|
|
1C4FAA71000
|
unkown
|
page read and write
|
|
|
|
656C6FF000
|
unkown
|
page read and write
|
|
|
|
1C480225000
|
unkown
|
page read and write
|
|
|
|
7FF57E5D7000
|
unkown
|
page readonly
|
|
|
|
24A9ABED000
|
unkown
|
page read and write
|
|
|
|
1C4FFF60000
|
unkown
|
page read and write
|
|
|
|
1C4800D0000
|
unkown
|
page read and write
|
|
|
|
2DF7000
|
heap private
|
page read and write
|
|
|
|
2A13000
|
unkown
|
page readonly
|
|
|
|
24A9ABE1000
|
unkown
|
page read and write
|
|
|
|
31F0000
|
unkown
|
page readonly
|
|
|
|
24A9AA50000
|
heap private
|
page read and write
|
|
|
|
1C4FAAA4000
|
unkown
|
page read and write
|
|
|
|
7FF57DF88000
|
unkown
|
page readonly
|
|
|
|
260000
|
unkown
|
page read and write
|
|
|
|
7FF57E377000
|
unkown
|
page readonly
|
|
|
|
DB000
|
unkown
|
page read and write
|
|
|
|
24A9ABBA000
|
unkown
|
page read and write
|
|
|
|
7FF57E58D000
|
unkown
|
page readonly
|
|
|
|
1C480021000
|
unkown
|
page read and write
|
|
|
|
24A9AA00000
|
unkown
|
page read and write
|
|
|
|
7FF57E4FA000
|
unkown
|
page readonly
|
|
|
|
24A9ABE8000
|
unkown
|
page read and write
|
|
|
|
656D47B000
|
unkown
|
page read and write
|
|
|
|
7FF57DF8A000
|
unkown
|
page readonly
|
|
|
|
24A9B607000
|
unkown
|
page read and write
|
|
|
|
7FF57E4B4000
|
unkown
|
page readonly
|
|
|
|
1C480008000
|
unkown
|
page read and write
|
|
|
|
7FF57E581000
|
unkown
|
page readonly
|
|
|
|
7FF500227000
|
unkown
|
page readonly
|
|
|
|
7FF57E2DA000
|
unkown
|
page readonly
|
|
|
|
281B000
|
unkown
|
page readonly
|
|
|
|
24A9AA5A000
|
heap private
|
page read and write
|
|
|
|
6ED414C000
|
unkown
|
page read and write
|
|
|
|
2842000
|
unkown
|
page readonly
|
|
|
|
7FF57E36A000
|
unkown
|
page readonly
|
|
|
|
283E000
|
unkown
|
page readonly
|
|
|
|
64D0000
|
unkown
|
page readonly
|
|
|
|
1C4FB1F3000
|
unkown
|
page read and write
|
|
|
|
24A9AB55000
|
unkown
|
page read and write
|
|
|
|
1C4FB215000
|
unkown
|
page read and write
|
|
|
|
7FF57E2E0000
|
unkown
|
page readonly
|
|
|
|
7FF57E529000
|
unkown
|
page readonly
|
|
|
|
2663000
|
unkown
|
page readonly
|
|
|
|
1C480480000
|
unkown
|
page readonly
|
|
|
|
1C480040000
|
unkown
|
page read and write
|
|
|
|
279D000
|
unkown
|
page readonly
|
|
|
|
2D2B000
|
unkown
|
page read and write
|
|
|
|
7FF57E4D1000
|
unkown
|
page readonly
|
|
|
|
7FF57E527000
|
unkown
|
page readonly
|
|
|
|
7FF57E383000
|
unkown
|
page readonly
|
|
|
|
2870000
|
unkown
|
page readonly
|
|
|
|
656CEFF000
|
unkown
|
page read and write
|
|
|
|
282E000
|
unkown
|
page readonly
|
|
|
|
2843000
|
unkown
|
page readonly
|
|
|
|
3355000
|
unkown
|
page read and write
|
|
|
|
29E5000
|
unkown
|
page readonly
|
|
|
|
24A9AAC0000
|
unkown
|
page read and write
|
|
|
|
1C4802B0000
|
unkown
|
page read and write
|
|
|
|
276E000
|
unkown
|
page readonly
|
|
|
|
2878000
|
unkown
|
page readonly
|
|
|
|
7FF500179000
|
unkown
|
page readonly
|
|
|
|
298B000
|
unkown
|
page readonly
|
|
|
|
294E000
|
unkown
|
page readonly
|
|
|
|
24A9AB08000
|
heap default
|
page read and write
|
|
|
|
314F000
|
unkown
|
page read and write
|
|
|
|
1C4800D4000
|
unkown
|
page readonly
|
|
|
|
24A9ABAB000
|
unkown
|
page read and write
|
|
|
|
7FF57E594000
|
unkown
|
page readonly
|
|
|
|
1C4FB302000
|
unkown
|
page read and write
|
|
|
|
27F1000
|
unkown
|
page readonly
|
|
|
|
7FF500134000
|
unkown
|
page readonly
|
|
|
|
24A9ABA9000
|
unkown
|
page read and write
|
|
|
|
2DD0000
|
unkown
|
page readonly
|
|
|
|
1C4FB200000
|
unkown
|
page read and write
|
|
|
|
570000
|
unkown
|
page read and write
|
|
|
|
1C4FAB13000
|
unkown
|
page read and write
|
|
|
|
2878000
|
unkown
|
page readonly
|
|
|
|
1C480288000
|
unkown
|
page read and write
|
|
|
|
1C4FAA58000
|
unkown
|
page read and write
|
|
|
|
6ED4679000
|
unkown
|
page read and write
|
|
|
|
3359000
|
unkown
|
page read and write
|
|
|
|
24A9B270000
|
unkown
|
page readonly
|
|
|
|
2837000
|
unkown
|
page readonly
|
|
|
|
1C48000E000
|
unkown
|
page read and write
|
|
|
|
1C4FB318000
|
unkown
|
page read and write
|
|
|
|
1BE000
|
unkown
|
page read and write
|
|
|
|
656C67B000
|
unkown
|
page read and write
|
|
|
|
500000
|
unkown
|
page readonly
|
|
|
|
7FF57E298000
|
unkown
|
page readonly
|
|
|
|
791000
|
unkown
|
page read and write
|
|
|
|
7FF5001E4000
|
unkown
|
page readonly
|
|
|
|
7FF4FF961000
|
unkown
|
page readonly
|
|
|
|
79E000
|
unkown
|
page read and write
|
|
|
|
7FF57DF8F000
|
unkown
|
page readonly
|
|
|
|
9B000
|
unkown
|
page read and write
|
|
|
|
31BE000
|
unkown
|
page read and write
|
|
|
|
2A1E000
|
unkown
|
page readonly
|
|
|
|
3372000
|
unkown
|
page read and write
|
|
|
|
1C480120000
|
unkown
|
page read and write
|
|
|
|
4F4000
|
heap private
|
page read and write
|
|
|
|
24A9ABED000
|
unkown
|
page read and write
|
|
|
|
1C4FBA60000
|
unkown
|
page readonly
|
|
|
|
7FF500051000
|
unkown
|
page readonly
|
|
|
|
77A000
|
heap default
|
page read and write
|
|
|
|
24A9AB55000
|
unkown
|
page read and write
|
|
|
|
2A3D000
|
unkown
|
page readonly
|
|
|
|
24A9AAF0000
|
unkown
|
page read and write
|
|
|
|
7FF57E39F000
|
unkown
|
page readonly
|
|
|
|
6810000
|
unkown
|
page read and write
|
|
|
|
1C480130000
|
unkown
|
page read and write
|
|
|
|
677000
|
heap private
|
page read and write
|
|
|
|
1C480140000
|
unkown
|
page read and write
|
|
|
|
67A000
|
heap private
|
page read and write
|
|
|
|
3170000
|
unkown
|
page read and write
|
|
|
|
645F000
|
unkown
|
page read and write
|
|
|
|
1C4800D0000
|
unkown
|
page write copy
|
|
|
|
1C4FAA97000
|
unkown
|
page read and write
|
|
|
|
24A9AAB0000
|
unkown
|
page read and write
|
|
|
|
1C4802B6000
|
unkown
|
page read and write
|
|
|
|
285D000
|
unkown
|
page readonly
|
|
|
|
7FF57E4C4000
|
unkown
|
page readonly
|
|
|
|
24A9ABE8000
|
unkown
|
page read and write
|
|
|
|
795000
|
unkown
|
page read and write
|
|
|
|
7B9000
|
unkown
|
page read and write
|
|
|
|
57E0000
|
unkown
|
page readonly
|
|
|
|
7FF57E30E000
|
unkown
|
page readonly
|
|
|
|
7FF57E102000
|
unkown
|
page readonly
|
|
|
|
7FF500146000
|
unkown
|
page readonly
|
|
|
|
7FF57E4E3000
|
unkown
|
page readonly
|
|
|
|
2808000
|
unkown
|
page readonly
|
|
|
|
5B20000
|
unkown
|
page read and write
|
|
|
|
1C4FFE40000
|
unkown
|
page read and write
|
|
|
|
7A4000
|
unkown
|
page read and write
|
|
|
|
1C480044000
|
unkown
|
page read and write
|
|
|
|
7FF57E516000
|
unkown
|
page readonly
|
|
|
|
79A000
|
unkown
|
page read and write
|
|
|
|
7FF57E52E000
|
unkown
|
page readonly
|
|
|
|
1C4FB359000
|
unkown
|
page read and write
|
|
|
|
24A9A8D0000
|
unkown
|
page read and write
|
|
|
|
1C4801B0000
|
unkown
|
page readonly
|
|
|
|
24A9ABCA000
|
unkown
|
page read and write
|
|
|
|
24A9B600000
|
unkown
|
page read and write
|
|
|
|
4F0000
|
heap private
|
page read and write
|
|
|
|
1C4FA8A0000
|
heap private
|
page read and write
|
|
|
|
2EED000
|
unkown
|
page read and write
|
|
|
|
1C4FA9E0000
|
unkown
|
page readonly
|
|
|
|
670000
|
heap private
|
page read and write
|
|
|
|
7FF57E584000
|
unkown
|
page readonly
|
|
|
|
3430000
|
unkown
|
page readonly
|
|
|
|
7FF57E587000
|
unkown
|
page readonly
|
|
|
|
24A9AB4C000
|
unkown
|
page read and write
|
|
|
|
24A9ABDB000
|
unkown
|
page read and write
|
|
|
|
24A9ABBB000
|
unkown
|
page read and write
|
|
|
|
24A9AB6A000
|
unkown
|
page read and write
|
|
|
|
656D07E000
|
unkown
|
page read and write
|
|
|
|
24A9AB25000
|
unkown
|
page read and write
|
|
|
|
1C4800FC000
|
unkown
|
page readonly
|
|
|
|
1C4FAAAA000
|
unkown
|
page read and write
|
|
|
|
1C480160000
|
unkown
|
page readonly
|
|
|
|
24A9ABAB000
|
unkown
|
page read and write
|
|
|
|
7FF500216000
|
unkown
|
page readonly
|
|
|
|
2838000
|
unkown
|
page readonly
|
|
|
|
1C4FFE60000
|
unkown
|
page read and write
|
|
|
|
1C480249000
|
unkown
|
page read and write
|
|
|
|
7FF5001EB000
|
unkown
|
page readonly
|
|
|
|
31C0000
|
unkown
|
page read and write
|
|
|
|
79D000
|
unkown
|
page read and write
|
|
|
|
1C4FAA29000
|
unkown
|
page read and write
|
|
|
|
1C480160000
|
unkown
|
page read and write
|
|
|
|
2A34000
|
unkown
|
page readonly
|
|
|
|
641E000
|
unkown
|
page read and write
|
|
|
|
1C4FB860000
|
unkown
|
page read and write
|
|
|
|
1C4FAA8D000
|
unkown
|
page read and write
|
|
|
|
656CC79000
|
unkown
|
page read and write
|
|
|
|
24A9ABE8000
|
unkown
|
page read and write
|
|
|
|
335A000
|
unkown
|
page read and write
|
|
|
|
24A9AE10000
|
unkown
|
page readonly
|
|
|
|
2A18000
|
unkown
|
page readonly
|
|
|
|
24A9ABE8000
|
unkown
|
page read and write
|
|
|
|
24A9ABE2000
|
unkown
|
page read and write
|
|
|
|
7FF57E3A7000
|
unkown
|
page readonly
|
|
|
|
335D000
|
unkown
|
page read and write
|
|
|
|
680000
|
unkown
|
page readonly
|
|
|
|
400000
|
unkown
|
page readonly
|
|
|
|
1C480262000
|
unkown
|
page read and write
|
|
|
|
2A06000
|
unkown
|
page readonly
|
|
|
|
24A9ABCB000
|
unkown
|
page read and write
|
|
|
|
24A9AAA0000
|
unkown
|
page read and write
|
|
|
|
2833000
|
unkown
|
page readonly
|
|
|
|
24A9AB10000
|
heap default
|
page read and write
|
|
|
|
7FF5001E7000
|
unkown
|
page readonly
|
|
|
|
1C4FA9F0000
|
unkown
|
page readonly
|
|
|
|
295F000
|
unkown
|
page readonly
|
|
|
|
2985000
|
unkown
|
page readonly
|
|
|
|
1C480160000
|
unkown
|
page read and write
|
|
|
|
7FF57E4A7000
|
unkown
|
page readonly
|
|
|
|
2A2F000
|
unkown
|
page readonly
|
|
|
|
64C4000
|
heap private
|
page read and write
|
|
|
|
A3E000
|
unkown
|
page read and write
|
|
|
|
2A0E000
|
unkown
|
page readonly
|
|
|
|
7FF57E2D6000
|
unkown
|
page readonly
|
|
|
|
656D37F000
|
unkown
|
page read and write
|
|
|
|
3330000
|
heap default
|
page read and write
|
|
|
|
656CA7A000
|
unkown
|
page read and write
|
|
|
|
24A9AA60000
|
unkown
|
page readonly
|
|
|
|
24A9AB45000
|
unkown
|
page read and write
|
|
|
|
7FF57E485000
|
unkown
|
page readonly
|
|
|
|
331E000
|
unkown
|
page read and write
|
|
|
|
7FF4E50CB000
|
unkown
|
page readonly
|
|
|
|
3379000
|
unkown
|
page read and write
|
|
|
|
27AB000
|
unkown
|
page readonly
|
|
|
|
1C480024000
|
unkown
|
page read and write
|
|
|
|
24A9B810000
|
unkown
|
page readonly
|
|
|
|
7FF5001DD000
|
unkown
|
page readonly
|
|
|
|
7A1000
|
unkown
|
page read and write
|
|
|
|
4D0000
|
unkown
|
page read and write
|
|
|
|
2DC0000
|
unkown
|
page readonly
|
|
|
|
7FF57E393000
|
unkown
|
page readonly
|
|
|
|
2DE0000
|
unkown
|
page read and write
|
|
|
|
1C480020000
|
unkown
|
page read and write
|
|
|
|
7FF57E334000
|
unkown
|
page readonly
|
|
|
|
1C4FAC00000
|
unkown
|
page readonly
|
|
|
|
24A9ABED000
|
unkown
|
page read and write
|
|
|
|
7FF57E498000
|
unkown
|
page readonly
|
|
|
|
7FF57E37F000
|
unkown
|
page readonly
|
|
|
|
24A9B1A0000
|
unkown
|
page readonly
|
|
|
|
7FF57E2AF000
|
unkown
|
page readonly
|
|
|
|
310E000
|
unkown
|
page read and write
|
|
|
|
7FF57DDB7000
|
unkown
|
page readonly
|
|
|
|
24A9AB55000
|
unkown
|
page read and write
|
|
|
|
1C4FBA50000
|
unkown
|
page readonly
|
|
|
|
3160000
|
unkown
|
page readonly
|
|
|
|
24A9ABCA000
|
unkown
|
page read and write
|
|
There are 456 hidden memdumps, click here to show them.