Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
4TWEQh2HJb.xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Invoice 720710 from
Quickbooks, LLC, Author: Quickbooks, LLC, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date:
Wed Jul 14 09:38:23 2021, Last Saved Time/Date: Wed Jul 14 15:06:14 2021, Security: 0
|
initial sample
|
 |
|
|
C:\ProgramData\qDialogMainChartType.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\qRangeAutoFormatLocalFormat3.sct
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
|
|
C:\Windows\System32\mshta.exe
|
mshta 'C:\ProgramData\qRangeAutoFormatLocalFormat3.sct'
|
|
|
|
C:\ProgramData\qDialogMainChartType.exe
|
C:\ProgramData\qDialogMainChartType.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://fontfabrik.comQ
|
unknown
|
 |
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/images/details.bin
|
unknown
|
|
|
|
http://www.tiro.com;Copyright
|
unknown
|
|
|
|
http://www.fontbureau.com/designers?
|
unknown
|
|
|
|
http://insiderushings.com:8088/js/file13.binj
|
unknown
|
|
|
|
http://paymentadvisry.com:8088/wp-theme/file7.bin3.sct
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/js/file1.bin
|
unknown
|
|
|
|
http://www.ncst.ernet.in/~rkjoshi
|
unknown
|
|
|
|
http://www.typography.netD
|
unknown
|
|
|
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/images/file13.bin
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/tpls/file3.bind
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/tpls/file3.binc
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
|
|
http://buyer-remindment.com:8088/fonts/file8.bin
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://www.fonts.com
|
unknown
|
|
|
|
http://www.sandoll.co.kr
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/tpls/file3.binQ
|
unknown
|
|
|
|
http://www.urwpp.de
|
unknown
|
|
|
|
http://www.zhongyicts.com.cn
|
unknown
|
|
|
|
http://www.sakkal.com
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/tpls/file3.binX
|
unknown
|
|
|
|
http://www.bethmardutho.org.P
|
unknown
|
|
|
|
http://insiderushings.com:8088/js/file13.bin
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.fontbureau.com
|
unknown
|
|
|
|
http://www.galapagosdesign.com/
|
unknown
|
|
|
|
http://www.ascendercorp.com/
|
unknown
|
|
|
|
http://fasteasyupdates.com:8088/vendors/file4.bin
|
unknown
|
|
|
|
http://www.c-and-g.co.jp
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://paymentadvisry.com:8088/wp-theme/file7.bin
|
unknown
|
|
|
|
http://buyer-remindment.com:8088/tpls/file4.bin
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/js/file1.binT
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/images/details.binG
|
unknown
|
|
|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.founder.com.cn/cn/
|
unknown
|
|
|
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
|
|
|
http://www.founder.com.cn/cn
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://www.fontbureau.com/designers/frere-jones.html
|
unknown
|
|
|
|
http://onlinefastsolutions.com:8088/tpls/file3.bin
|
208.83.69.35
|
|
|
|
http://www.ascendercorp.com/typedesigners.htmlt
|
unknown
|
|
|
|
http://buyer-remindment.com:8088/tpls/file4.bin:
|
unknown
|
|
|
|
http://buyer-remindment.com:8088/css/file7.bin
|
unknown
|
|
|
|
http://www.fontbureau.com/designers/
|
unknown
|
|
There are 41 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
onlinefastsolutions.com
|
208.83.69.35
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
78.46.78.42
|
unknown
|
Germany
|
|
|
|
202.29.60.34
|
unknown
|
Thailand
|
|
|
|
66.175.217.172
|
unknown
|
United States
|
|
|
|
208.83.69.35
|
onlinefastsolutions.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
<~9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
MTTT
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
VBAFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ReviewToken
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EEEE1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
8f9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F51C8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Max Display
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 2
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 3
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 4
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 5
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 6
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 7
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 8
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 9
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 10
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 11
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 12
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 13
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 14
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 15
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 16
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 17
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 18
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 19
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
Item 20
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
F68D1
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
LastPurgeTime
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
1033
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
EXCELFiles
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
ProductFiles
|
|
There are 47 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
4D4C000
|
unkown
|
page read and write
|
|
|
|
D0000
|
heap default
|
page read and write
|
|
|
|
45D5000
|
unkown
|
page readonly
|
|
|
|
4536000
|
unkown
|
page readonly
|
|
|
|
2470000
|
unkown
|
page readonly
|
|
|
|
4542000
|
unkown
|
page readonly
|
|
|
|
2390000
|
unkown
|
page read and write
|
|
|
|
2495000
|
heap private
|
page read and write
|
|
|
|
5830000
|
heap private
|
page read and write
|
|
|
|
370000
|
heap default
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
4D5B000
|
unkown
|
page read and write
|
|
|
|
7DF60000
|
unkown
|
page read and write
|
|
|
|
25A4000
|
unkown
|
page read and write
|
|
|
|
2570000
|
unkown
|
page read and write
|
|
|
|
279B000
|
heap private
|
page read and write
|
|
|
|
1D10000
|
unkown
|
page readonly
|
|
|
|
53F0000
|
heap private
|
page read and write
|
|
|
|
546000
|
heap private
|
page read and write
|
|
|
|
4F0000
|
heap private
|
page read and write
|
|
|
|
2720000
|
unkown
|
page readonly
|
|
|
|
2540000
|
unkown
|
page read and write
|
|
|
|
259C000
|
unkown
|
page read and write
|
|
|
|
7DE80000
|
unkown
|
page read and write
|
|
|
|
1F4000
|
heap private
|
page read and write
|
|
|
|
1FA000
|
heap private
|
page read and write
|
|
|
|
2440000
|
unkown
|
page readonly
|
|
|
|
44F5000
|
unkown
|
page readonly
|
|
|
|
4DA0000
|
unkown
|
page read and write
|
|
|
|
47D0000
|
unkown
|
page readonly
|
|
|
|
4D76000
|
unkown
|
page read and write
|
|
|
|
3B4000
|
unkown
|
page read and write
|
|
|
|
362000
|
unkown
|
page read and write
|
|
|
|
3F00000
|
unkown
|
page readonly
|
|
|
|
25A8000
|
unkown
|
page read and write
|
|
|
|
4506000
|
unkown
|
page readonly
|
|
|
|
4D5C000
|
unkown
|
page read and write
|
|
|
|
251C000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
4D00000
|
unkown
|
page read and write
|
|
|
|
2B00000
|
heap private
|
page read and write
|
|
|
|
258C000
|
unkown
|
page read and write
|
|
|
|
4D70000
|
unkown
|
page read and write
|
|
|
|
4D5E000
|
unkown
|
page read and write
|
|
|
|
4D59000
|
unkown
|
page read and write
|
|
|
|
4482000
|
unkown
|
page readonly
|
|
|
|
4444000
|
unkown
|
page readonly
|
|
|
|
4772000
|
unkown
|
page readonly
|
|
|
|
394000
|
unkown
|
page read and write
|
|
|
|
24B2000
|
heap private
|
page read and write
|
|
|
|
220000
|
unkown
|
page readonly
|
|
|
|
25B4000
|
unkown
|
page read and write
|
|
|
|
7DFE0000
|
unkown
|
page read and write
|
|
|
|
22C0000
|
unkown
|
page read and write
|
|
|
|
1BF000
|
heap default
|
page read and write
|
|
|
|
4484000
|
unkown
|
page readonly
|
|
|
|
4D59000
|
unkown
|
page read and write
|
|
|
|
24D0000
|
unkown
|
page read and write
|
|
|
|
49F0000
|
unkown
|
page write copy
|
|
|
|
3E65000
|
heap private
|
page read and write
|
|
|
|
4C0B000
|
heap private
|
page read and write
|
|
|
|
2534000
|
unkown
|
page read and write
|
|
|
|
4288000
|
unkown
|
page readonly
|
|
|
|
DE0000
|
unkown
|
page readonly
|
|
|
|
44B2000
|
unkown
|
page readonly
|
|
|
|
2100000
|
unkown
|
page read and write
|
|
|
|
377000
|
heap default
|
page read and write
|
|
|
|
44D6000
|
unkown
|
page readonly
|
|
|
|
D7000
|
heap default
|
page read and write
|
|
|
|
2550000
|
unkown
|
page read and write
|
|
|
|
7DF71000
|
unkown
|
page read and write
|
|
|
|
7DF80000
|
unkown
|
page read and write
|
|
|
|
23A0000
|
unkown
|
page write copy
|
|
|
|
25C0000
|
unkown
|
page read and write
|
|
|
|
359000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
25C4000
|
unkown
|
page read and write
|
|
|
|
45E9000
|
unkown
|
page readonly
|
|
|
|
5510000
|
unkown
|
page read and write
|
|
|
|
47B0000
|
unkown
|
page readonly
|
|
|
|
1B0000
|
unkown
|
page readonly
|
|
|
|
39E0000
|
unkown
|
page readonly
|
|
|
|
8C000
|
unkown
|
page read and write
|
|
|
|
250C000
|
unkown
|
page read and write
|
|
|
|
4D64000
|
unkown
|
page read and write
|
|
|
|
2D0000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown
|
page readonly
|
|
|
|
25A0000
|
unkown
|
page read and write
|
|
|
|
306D000
|
unkown
|
page read and write
|
|
|
|
1001A000
|
unkown image
|
page readonly
|
|
|
|
2430000
|
unkown
|
page readonly
|
|
|
|
582F000
|
unkown
|
page read and write
|
|
|
|
45A5000
|
unkown
|
page readonly
|
|
|
|
4555000
|
unkown
|
page readonly
|
|
|
|
3EE0000
|
unkown
|
page readonly
|
|
|
|
2480000
|
heap private
|
page read and write
|
|
|
|
4D59000
|
unkown
|
page read and write
|
|
|
|
10016000
|
unkown image
|
page write copy
|
|
|
|
4970000
|
heap private
|
page read and write
|
|
|
|
2578000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
45E2000
|
unkown
|
page readonly
|
|
|
|
4589000
|
unkown
|
page readonly
|
|
|
|
1C9000
|
heap default
|
page read and write
|
|
|
|
2580000
|
unkown
|
page read and write
|
|
|
|
346000
|
unkown
|
page read and write
|
|
|
|
2490000
|
heap private
|
page read and write
|
|
|
|
394000
|
heap default
|
page read and write
|
|
|
|
44E2000
|
unkown
|
page readonly
|
|
|
|
4D6B000
|
unkown
|
page read and write
|
|
|
|
4582000
|
unkown
|
page readonly
|
|
|
|
1D00000
|
heap private
|
page read and write
|
|
|
|
2569000
|
unkown
|
page read and write
|
|
|
|
2730000
|
unkown
|
page readonly
|
|
|
|
2548000
|
unkown
|
page read and write
|
|
|
|
6B62000
|
unkown
|
page read and write
|
|
|
|
4569000
|
unkown
|
page readonly
|
|
|
|
2554000
|
unkown
|
page read and write
|
|
|
|
4DAB000
|
unkown
|
page read and write
|
|
|
|
4462000
|
unkown
|
page readonly
|
|
|
|
4D8A000
|
unkown
|
page read and write
|
|
|
|
211D000
|
unkown
|
page read and write
|
|
|
|
C60000
|
unkown
|
page readonly
|
|
|
|
25B0000
|
unkown
|
page read and write
|
|
|
|
4C80000
|
heap private
|
page read and write
|
|
|
|
10E000
|
heap default
|
page read and write
|
|
|
|
3B3000
|
unkown
|
page read and write
|
|
|
|
2B05000
|
heap private
|
page read and write
|
|
|
|
4E90000
|
heap private
|
page read and write
|
|
|
|
4B30000
|
heap private
|
page read and write
|
|
|
|
4BD0000
|
heap private
|
page read and write
|
|
|
|
4566000
|
unkown
|
page readonly
|
|
|
|
1F0000
|
heap private
|
page read and write
|
|
|
|
325B000
|
unkown
|
page read and write
|
|
|
|
4880000
|
heap private
|
page read and write
|
|
|
|
250000
|
heap default
|
page read and write
|
|
|
|
4D74000
|
unkown
|
page read and write
|
|
|
|
540000
|
heap private
|
page read and write
|
|
|
|
4282000
|
unkown
|
page readonly
|
|
|
|
2530000
|
unkown
|
page read and write
|
|
|
|
10000000
|
unkown image
|
page readonly
|
|
|
|
25AA000
|
unkown
|
page read and write
|
|
|
|
6D0000
|
unkown
|
page readonly
|
|
|
|
2C8E000
|
unkown
|
page read and write
|
|
|
|
2D00000
|
unkown
|
page read and write
|
|
|
|
4D8F000
|
unkown
|
page read and write
|
|
|
|
3600000
|
unkown
|
page readonly
|
|
|
|
4D79000
|
unkown
|
page read and write
|
|
|
|
4464000
|
unkown
|
page readonly
|
|
|
|
4512000
|
unkown
|
page readonly
|
|
|
|
239D000
|
unkown
|
page read and write
|
|
|
|
44C5000
|
unkown
|
page readonly
|
|
|
|
37D000
|
unkown
|
page read and write
|
|
|
|
2510000
|
unkown
|
page read and write
|
|
|
|
10015000
|
unkown image
|
page readonly
|
|
|
|
350000
|
unkown
|
page read and write
|
|
|
|
2760000
|
heap private
|
page read and write
|
|
|
|
4605000
|
unkown
|
page readonly
|
|
|
|
10001000
|
unkown image
|
page execute read
|
|
|
|
7DF77000
|
unkown
|
page read and write
|
|
|
|
16F000
|
heap default
|
page read and write
|
|
|
|
2528000
|
unkown
|
page read and write
|
|
|
|
6F52000
|
unkown
|
page readonly
|
|
|
|
5610000
|
heap private
|
page read and write
|
|
|
|
1FD000
|
heap private
|
page read and write
|
|
|
|
2524000
|
unkown
|
page read and write
|
|
|
|
2508000
|
unkown
|
page read and write
|
|
|
|
25C8000
|
unkown
|
page read and write
|
|
|
|
3E69000
|
heap private
|
page read and write
|
|
|
|
F80000
|
unkown
|
page readonly
|
|
|
|
346F000
|
unkown
|
page read and write
|
|
|
|
456D000
|
unkown
|
page readonly
|
|
|
|
5B3E000
|
unkown
|
page read and write
|
|
|
|
3470000
|
unkown
|
page readonly
|
|
|
|
2484000
|
heap private
|
page read and write
|
|
|
|
4525000
|
unkown
|
page readonly
|
|
|
|
27E0000
|
unkown
|
page readonly
|
|
|
|
306000
|
unkown
|
page read and write
|
|
|
|
2730000
|
unkown
|
page read and write
|
|
|
|
45B9000
|
unkown
|
page readonly
|
|
|
|
2600000
|
unkown
|
page readonly
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
4D0A000
|
unkown
|
page read and write
|
|
|
|
18E000
|
unkown
|
page read and write
|
|
|
|
398000
|
unkown
|
page read and write
|
|
|
|
5490000
|
heap private
|
page read and write
|
|
|
|
37E7000
|
unkown
|
page readonly
|
|
|
|
2538000
|
unkown
|
page read and write
|
|
|
|
1001D000
|
unkown image
|
page read and write
|
|
|
|
1001F000
|
unkown image
|
page readonly
|
|
|
|
254C000
|
unkown
|
page read and write
|
|
|
|
22C0000
|
unkown
|
page read and write
|
|
|
|
4D7B000
|
unkown
|
page read and write
|
|
|
|
2EFF000
|
unkown
|
page read and write
|
|
|
|
4442000
|
unkown
|
page readonly
|
|
|
|
240000
|
unkown
|
page execute and read and write
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
2730000
|
unkown
|
page read and write
|
|
|
|
2380000
|
unkown
|
page readonly
|
|
|
|
7DF74000
|
unkown
|
page read and write
|
|
|
|
23F0000
|
unkown
|
page read and write
|
|
|
|
26E0000
|
unkown
|
page read and write
|
|
|
|
870000
|
unkown
|
page readonly
|
|
|
|
4F10000
|
unkown
|
page read and write
|
|
|
|
5B44000
|
unkown
|
page readonly
|
|
|
|
2520000
|
unkown
|
page read and write
|
|
|
|
4D61000
|
unkown
|
page read and write
|
|
|
|
5310000
|
unkown
|
page readonly
|
|
|
|
2CFE000
|
unkown
|
page read and write
|
|
|
|
2544000
|
unkown
|
page read and write
|
|
|
|
4382000
|
unkown
|
page readonly
|
|
|
|
7DE70000
|
unkown
|
page read and write
|
|
|
|
2765000
|
heap private
|
page read and write
|
|
|
|
3E60000
|
heap private
|
page read and write
|
|
|
|
4D72000
|
unkown
|
page read and write
|
|
|
|
230000
|
unkown
|
page read and write
|
|
|
|
2588000
|
unkown
|
page read and write
|
|
|
|
2518000
|
unkown
|
page read and write
|
|
|
|
4BD4000
|
heap private
|
page read and write
|
|
|
|
23B0000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
257C000
|
unkown
|
page read and write
|
|
|
|
5623000
|
heap private
|
page read and write
|
|
|
|
25AD000
|
unkown
|
page read and write
|
|
|
|
30C0000
|
heap private
|
page read and write
|
|
|
|
252C000
|
unkown
|
page read and write
|
|
|
|
4D88000
|
unkown
|
page read and write
|
|
|
|
2559000
|
unkown
|
page read and write
|
|
|
|
239A000
|
unkown
|
page read and write
|
|
|
|
4D5E000
|
unkown
|
page read and write
|
|
|
|
4D82000
|
unkown
|
page read and write
|
|
|
|
550000
|
unkown
|
page readonly
|
|
|
|
19A000
|
heap default
|
page read and write
|
|
|
|
59AF000
|
unkown
|
page read and write
|
|
|
|
10028000
|
unkown image
|
page readonly
|
|
|
|
45B2000
|
unkown
|
page readonly
|
|
|
|
47F0000
|
unkown
|
page readonly
|
|
There are 228 hidden memdumps, click here to show them.