Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Decline-172917164-06242021.xlsm
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\~$Decline-172917164-06242021.xlsm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AD7B9C26.tif
|
TIFF image data, little-endian, direntries=19, height=1600, bps=53710, compression=LZW, PhotometricIntepretation=RGB, width=1600
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Temp\95DE0000
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Decline-172917164-06242021.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15
2020, mtime=Fri Jun 25 14:24:40 2021, atime=Fri Jun 25 14:24:40 2021, length=328749, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue
Oct 17 10:04:00 2017, mtime=Fri Jun 25 14:24:40 2021, atime=Fri Jun 25 14:24:40 2021, length=8192, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\66DE0000
|
data
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 ..\Kro.fis
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 ..\Kro.fis1
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32 ..\Kro.fis2
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://185.234.247.7/44372.3504680556.dat
|
185.234.247.7
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://5.253.62.174/44372.3504680556.dat
|
5.253.62.174
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
There are 3 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.234.247.7
|
unknown
|
Russian Federation
|
|
|
|
5.253.62.174
|
unknown
|
Russian Federation
|
|
|
|
185.117.73.74
|
unknown
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
p`8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED0B7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DefaultSheetR2L
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
UseSystemSeparators
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ThousandsSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
DecimalSeparator
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED4CC
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED5F5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ED6EE
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
)k8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
103949
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
104309
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_3082
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1036
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SpellingAndGrammarFiles_1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
SavedLegacySettings
|
|
There are 94 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
327000
|
unkown
|
page read and write
|
|
|
|
387000
|
heap default
|
page read and write
|
|
|
|
4582000
|
unkown
|
page readonly
|
|
|
|
710000
|
unkown
|
page readonly
|
|
|
|
70000
|
unkown
|
page readonly
|
|
|
|
3D3000
|
heap default
|
page read and write
|
|
|
|
230000
|
unkown
|
page read and write
|
|
|
|
5F4000
|
heap private
|
page read and write
|
|
|
|
1C3000
|
heap default
|
page read and write
|
|
|
|
45E2000
|
unkown
|
page readonly
|
|
|
|
203B000
|
heap private
|
page read and write
|
|
|
|
4720000
|
unkown
|
page readonly
|
|
|
|
432000
|
unkown
|
page read and write
|
|
|
|
4564000
|
unkown
|
page readonly
|
|
|
|
4522000
|
unkown
|
page readonly
|
|
|
|
484000
|
heap private
|
page read and write
|
|
|
|
4544000
|
unkown
|
page readonly
|
|
|
|
70000
|
unkown
|
page readonly
|
|
|
|
2200000
|
unkown
|
page write copy
|
|
|
|
600000
|
unkown
|
page readonly
|
|
|
|
4890000
|
unkown
|
page readonly
|
|
|
|
4524000
|
unkown
|
page readonly
|
|
|
|
2080000
|
heap private
|
page read and write
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
4672000
|
unkown
|
page readonly
|
|
|
|
2180000
|
heap private
|
page read and write
|
|
|
|
357000
|
unkown
|
page read and write
|
|
|
|
417000
|
unkown
|
page read and write
|
|
|
|
21BB000
|
heap private
|
page read and write
|
|
|
|
120000
|
unkown
|
page readonly
|
|
|
|
1AE000
|
heap default
|
page read and write
|
|
|
|
4545000
|
unkown
|
page readonly
|
|
|
|
3F65000
|
heap private
|
page read and write
|
|
|
|
3950000
|
unkown
|
page readonly
|
|
|
|
2FE000
|
unkown
|
page read and write
|
|
|
|
4585000
|
unkown
|
page readonly
|
|
|
|
45F6000
|
unkown
|
page readonly
|
|
|
|
490000
|
unkown
|
page read and write
|
|
|
|
42E000
|
unkown
|
page read and write
|
|
|
|
5C4000
|
heap private
|
page read and write
|
|
|
|
43B2000
|
unkown
|
page readonly
|
|
|
|
4832000
|
unkown
|
page readonly
|
|
|
|
1D20000
|
unkown
|
page readonly
|
|
|
|
4382000
|
unkown
|
page readonly
|
|
|
|
170000
|
unkown
|
page write copy
|
|
|
|
3FE0000
|
unkown
|
page readonly
|
|
|
|
4A0000
|
heap private
|
page read and write
|
|
|
|
46E2000
|
unkown
|
page readonly
|
|
|
|
43F4000
|
unkown
|
page readonly
|
|
|
|
434000
|
unkown
|
page read and write
|
|
|
|
4529000
|
unkown
|
page readonly
|
|
|
|
44D9000
|
unkown
|
page readonly
|
|
|
|
4388000
|
unkown
|
page readonly
|
|
|
|
46A9000
|
unkown
|
page readonly
|
|
|
|
5D0000
|
unkown
|
page readonly
|
|
|
|
4615000
|
unkown
|
page readonly
|
|
|
|
44D6000
|
unkown
|
page readonly
|
|
|
|
3F20000
|
heap private
|
page read and write
|
|
|
|
4872000
|
unkown
|
page readonly
|
|
|
|
3E50000
|
unkown
|
page readonly
|
|
|
|
4780000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
4B6000
|
heap default
|
page read and write
|
|
|
|
4AF7000
|
unkown
|
page readonly
|
|
|
|
45B2000
|
unkown
|
page readonly
|
|
|
|
3DA000
|
heap default
|
page read and write
|
|
|
|
24B0000
|
unkown
|
page readonly
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
48D0000
|
unkown
|
page readonly
|
|
|
|
1DE000
|
unkown
|
page read and write
|
|
|
|
350000
|
unkown
|
page read and write
|
|
|
|
2B0000
|
unkown
|
page read and write
|
|
|
|
2EA000
|
heap default
|
page read and write
|
|
|
|
357000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
heap private
|
page read and write
|
|
|
|
2F4000
|
heap private
|
page read and write
|
|
|
|
45E5000
|
unkown
|
page readonly
|
|
|
|
4665000
|
unkown
|
page readonly
|
|
|
|
1DA000
|
unkown
|
page read and write
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
46D5000
|
unkown
|
page readonly
|
|
|
|
280000
|
unkown
|
page read and write
|
|
|
|
44F2000
|
unkown
|
page readonly
|
|
|
|
336000
|
unkown
|
page read and write
|
|
|
|
4575000
|
unkown
|
page readonly
|
|
|
|
380000
|
heap default
|
page read and write
|
|
|
|
33D000
|
unkown
|
page read and write
|
|
|
|
3AE0000
|
unkown
|
page readonly
|
|
|
|
44C5000
|
unkown
|
page readonly
|
|
|
|
402000
|
unkown
|
page read and write
|
|
|
|
46F000
|
unkown
|
page read and write
|
|
|
|
4465000
|
unkown
|
page readonly
|
|
|
|
46E9000
|
unkown
|
page readonly
|
|
|
|
3F29000
|
heap private
|
page read and write
|
|
|
|
4A4000
|
heap private
|
page read and write
|
|
|
|
4596000
|
unkown
|
page readonly
|
|
|
|
170000
|
heap default
|
page read and write
|
|
|
|
236000
|
unkown
|
page read and write
|
|
|
|
297000
|
heap default
|
page read and write
|
|
|
|
3E70000
|
unkown
|
page readonly
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
4502000
|
unkown
|
page readonly
|
|
|
|
ACF000
|
unkown
|
page read and write
|
|
|
|
45B5000
|
unkown
|
page readonly
|
|
|
|
1D0000
|
heap private
|
page read and write
|
|
|
|
4760000
|
unkown
|
page readonly
|
|
|
|
41F8000
|
unkown
|
page readonly
|
|
|
|
2085000
|
heap private
|
page read and write
|
|
|
|
3F60000
|
heap private
|
page read and write
|
|
|
|
1F2000
|
unkown
|
page read and write
|
|
|
|
46A2000
|
unkown
|
page readonly
|
|
|
|
4666000
|
unkown
|
page readonly
|
|
|
|
21E000
|
unkown
|
page read and write
|
|
|
|
20BB000
|
heap private
|
page read and write
|
|
|
|
46B9000
|
unkown
|
page readonly
|
|
|
|
4348000
|
unkown
|
page readonly
|
|
|
|
470000
|
heap default
|
page read and write
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
2B6000
|
unkown
|
page read and write
|
|
|
|
4612000
|
unkown
|
page readonly
|
|
|
|
44A6000
|
unkown
|
page readonly
|
|
|
|
3DD9000
|
heap private
|
page read and write
|
|
|
|
45D2000
|
unkown
|
page readonly
|
|
|
|
110000
|
unkown
|
page execute and read and write
|
|
|
|
464000
|
unkown
|
page read and write
|
|
|
|
43F2000
|
unkown
|
page readonly
|
|
|
|
45D6000
|
unkown
|
page readonly
|
|
|
|
164000
|
heap private
|
page read and write
|
|
|
|
4452000
|
unkown
|
page readonly
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
44F9000
|
unkown
|
page readonly
|
|
|
|
110000
|
unkown
|
page execute and read and write
|
|
|
|
46C5000
|
unkown
|
page readonly
|
|
|
|
462D000
|
unkown
|
page readonly
|
|
|
|
323000
|
unkown
|
page read and write
|
|
|
|
4D2F000
|
unkown
|
page read and write
|
|
|
|
4AB7000
|
unkown
|
page readonly
|
|
|
|
45C6000
|
unkown
|
page readonly
|
|
|
|
1FB0000
|
unkown
|
page write copy
|
|
|
|
405000
|
unkown
|
page read and write
|
|
|
|
45F5000
|
unkown
|
page readonly
|
|
|
|
413000
|
unkown
|
page read and write
|
|
|
|
45B000
|
unkown
|
page read and write
|
|
|
|
4DCF000
|
unkown
|
page read and write
|
|
|
|
2FA000
|
unkown
|
page read and write
|
|
|
|
4522000
|
unkown
|
page readonly
|
|
|
|
69F000
|
unkown
|
page read and write
|
|
|
|
4626000
|
unkown
|
page readonly
|
|
|
|
F0000
|
unkown
|
page readonly
|
|
|
|
2000000
|
heap private
|
page read and write
|
|
|
|
236000
|
unkown
|
page read and write
|
|
|
|
4606000
|
unkown
|
page readonly
|
|
|
|
46E2000
|
unkown
|
page readonly
|
|
|
|
120000
|
unkown
|
page readonly
|
|
|
|
4482000
|
unkown
|
page readonly
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
4AD000
|
heap default
|
page read and write
|
|
|
|
350000
|
unkown
|
page read and write
|
|
|
|
42D000
|
unkown
|
page read and write
|
|
|
|
2100000
|
unkown
|
page readonly
|
|
|
|
3EE000
|
unkown
|
page read and write
|
|
|
|
315000
|
unkown
|
page read and write
|
|
|
|
36D000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
21E0000
|
unkown
|
page write copy
|
|
|
|
4967000
|
unkown
|
page readonly
|
|
|
|
203000
|
unkown
|
page read and write
|
|
|
|
4740000
|
unkown
|
page readonly
|
|
|
|
4435000
|
unkown
|
page readonly
|
|
|
|
357000
|
unkown
|
page read and write
|
|
|
|
1EE000
|
unkown
|
page read and write
|
|
|
|
4870000
|
unkown
|
page readonly
|
|
|
|
4342000
|
unkown
|
page readonly
|
|
|
|
41F2000
|
unkown
|
page readonly
|
|
|
|
2E3000
|
heap default
|
page read and write
|
|
|
|
3DD0000
|
heap private
|
page read and write
|
|
|
|
3A90000
|
unkown
|
page readonly
|
|
|
|
48B0000
|
unkown
|
page readonly
|
|
|
|
22A0000
|
unkown
|
page read and write
|
|
|
|
5F0000
|
heap private
|
page read and write
|
|
|
|
480000
|
heap private
|
page read and write
|
|
|
|
312000
|
unkown
|
page read and write
|
|
|
|
4482000
|
unkown
|
page readonly
|
|
|
|
46B2000
|
unkown
|
page readonly
|
|
|
|
230000
|
unkown
|
page read and write
|
|
|
|
1F5000
|
unkown
|
page read and write
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
1CF0000
|
unkown
|
page readonly
|
|
|
|
4000000
|
unkown
|
page readonly
|
|
|
|
4649000
|
unkown
|
page readonly
|
|
|
|
3F69000
|
heap private
|
page read and write
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
4625000
|
unkown
|
page readonly
|
|
|
|
3EA000
|
unkown
|
page read and write
|
|
|
|
D9000
|
unkown
|
page read and write
|
|
|
|
3DD5000
|
heap private
|
page read and write
|
|
|
|
21D000
|
unkown
|
page read and write
|
|
|
|
2005000
|
heap private
|
page read and write
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
40C000
|
unkown
|
page read and write
|
|
|
|
236000
|
unkown
|
page read and write
|
|
|
|
3DCF000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
390000
|
unkown
|
page read and write
|
|
|
|
4910000
|
unkown
|
page readonly
|
|
|
|
590000
|
unkown
|
page readonly
|
|
|
|
48D0000
|
unkown
|
page readonly
|
|
|
|
466D000
|
unkown
|
page readonly
|
|
|
|
130000
|
unkown
|
page read and write
|
|
|
|
3FA0000
|
unkown
|
page readonly
|
|
|
|
4422000
|
unkown
|
page readonly
|
|
|
|
4504000
|
unkown
|
page readonly
|
|
|
|
440000
|
unkown
|
page read and write
|
|
|
|
24D000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown
|
page readonly
|
|
|
|
4495000
|
unkown
|
page readonly
|
|
|
|
4629000
|
unkown
|
page readonly
|
|
|
|
36B000
|
unkown
|
page read and write
|
|
|
|
3BE000
|
heap default
|
page read and write
|
|
|
|
4682000
|
unkown
|
page readonly
|
|
|
|
4655000
|
unkown
|
page readonly
|
|
|
|
33E000
|
unkown
|
page read and write
|
|
|
|
236000
|
unkown
|
page read and write
|
|
|
|
374000
|
unkown
|
page read and write
|
|
|
|
4689000
|
unkown
|
page readonly
|
|
|
|
4584000
|
unkown
|
page readonly
|
|
|
|
3C6000
|
unkown
|
page read and write
|
|
|
|
350000
|
unkown
|
page read and write
|
|
|
|
1FC000
|
unkown
|
page read and write
|
|
|
|
222000
|
unkown
|
page read and write
|
|
|
|
4442000
|
unkown
|
page readonly
|
|
|
|
45D000
|
unkown
|
page read and write
|
|
|
|
1E9000
|
unkown
|
page read and write
|
|
|
|
4C6000
|
unkown
|
page read and write
|
|
|
|
2CE000
|
heap default
|
page read and write
|
|
|
|
2B6000
|
unkown
|
page read and write
|
|
|
|
1F5000
|
unkown
|
page read and write
|
|
|
|
44DD000
|
unkown
|
page readonly
|
|
|
|
357000
|
unkown
|
page read and write
|
|
|
|
2080000
|
unkown
|
page readonly
|
|
|
|
48B0000
|
unkown
|
page readonly
|
|
|
|
4515000
|
unkown
|
page readonly
|
|
|
|
4695000
|
unkown
|
page readonly
|
|
|
|
160000
|
heap private
|
page read and write
|
|
|
|
230000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
unkown
|
page write copy
|
|
|
|
4476000
|
unkown
|
page readonly
|
|
|
|
43D2000
|
unkown
|
page readonly
|
|
|
|
1FF0000
|
unkown
|
page readonly
|
|
|
|
4B0000
|
unkown
|
page read and write
|
|
|
|
4642000
|
unkown
|
page readonly
|
|
|
|
27D000
|
unkown
|
page read and write
|
|
|
|
315000
|
unkown
|
page read and write
|
|
|
|
1D4000
|
heap private
|
page read and write
|
|
|
|
1CA000
|
heap default
|
page read and write
|
|
|
|
2320000
|
unkown
|
page readonly
|
|
|
|
4562000
|
unkown
|
page readonly
|
|
|
|
280000
|
unkown
|
page read and write
|
|
|
|
207000
|
unkown
|
page read and write
|
|
|
|
2F0000
|
heap private
|
page read and write
|
|
|
|
4544000
|
unkown
|
page readonly
|
|
|
|
224000
|
unkown
|
page read and write
|
|
|
|
477000
|
heap default
|
page read and write
|
|
|
|
2160000
|
unkown
|
page write copy
|
|
|
|
3F25000
|
heap private
|
page read and write
|
|
|
|
22C0000
|
unkown
|
page read and write
|
|
|
|
290000
|
heap default
|
page read and write
|
|
|
|
43D4000
|
unkown
|
page readonly
|
|
|
|
279000
|
unkown
|
page read and write
|
|
|
|
4572000
|
unkown
|
page readonly
|
|
|
|
780000
|
unkown
|
page readonly
|
|
|
|
2A0000
|
unkown
|
page readonly
|
|
|
|
344000
|
unkown
|
page read and write
|
|
|
|
480000
|
unkown
|
page read and write
|
|
|
|
42F2000
|
unkown
|
page readonly
|
|
|
|
2185000
|
heap private
|
page read and write
|
|
|
|
1CB0000
|
unkown
|
page readonly
|
|
|
|
446000
|
unkown
|
page read and write
|
|
|
|
31C000
|
unkown
|
page read and write
|
|
|
|
2220000
|
unkown
|
page read and write
|
|
|
|
4542000
|
unkown
|
page readonly
|
|
|
|
230000
|
unkown
|
page read and write
|
|
|
|
45A2000
|
unkown
|
page readonly
|
|
|
|
4446000
|
unkown
|
page readonly
|
|
|
|
130000
|
unkown
|
page read and write
|
|
|
|
350000
|
unkown
|
page read and write
|
|
|
|
4669000
|
unkown
|
page readonly
|
|
|
|
4559000
|
unkown
|
page readonly
|
|
|
|
44B2000
|
unkown
|
page readonly
|
|
|
|
4542000
|
unkown
|
page readonly
|
|
|
|
4E6000
|
unkown
|
page read and write
|
|
|
|
4705000
|
unkown
|
page readonly
|
|
|
|
4552000
|
unkown
|
page readonly
|
|
|
|
405000
|
unkown
|
page read and write
|
|
|
|
342000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
45C5000
|
unkown
|
page readonly
|
|
|
|
48F0000
|
unkown
|
page readonly
|
|
|
|
4B6000
|
unkown
|
page read and write
|
|
|
|
290000
|
unkown
|
page execute and read and write
|
|
|
|
177000
|
heap default
|
page read and write
|
|
|
|
4636000
|
unkown
|
page readonly
|
|
|
|
4BB000
|
heap default
|
page read and write
|
|
|
|
4642000
|
unkown
|
page readonly
|
|
|
|
3FC0000
|
unkown
|
page readonly
|
|
|
|
43B4000
|
unkown
|
page readonly
|
|
|
|
4679000
|
unkown
|
page readonly
|
|
|
|
4602000
|
unkown
|
page readonly
|
|
|
|
24B000
|
unkown
|
page read and write
|
|
|
|
2460000
|
unkown
|
page readonly
|
|
|
|
46A5000
|
unkown
|
page readonly
|
|
|
|
254000
|
unkown
|
page read and write
|
|
|
|
6E0000
|
unkown
|
page readonly
|
|
|
|
750000
|
unkown
|
page readonly
|
|
There are 306 hidden memdumps, click here to show them.