Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Packing List.xlsx
|
CDFV2 Encrypted
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
downloaded
|
|
|
|
C:\Users\user\Desktop\~$Packing List.xlsx
|
data
|
dropped
|
|
|
|
C:\Users\Public\vbc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\251FF695.png
|
PNG image data, 550 x 360, 8-bit colormap, non-interlaced
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\27DB9FE4.emf
|
Windows Enhanced Metafile (EMF) image data version 0x10000
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5268BA6B.png
|
PNG image data, 838 x 469, 8-bit colormap, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\67EFF2A.png
|
PNG image data, 737 x 456, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6EA2EAB1.png
|
PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\731170FE.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650,
frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\84D2F0C8.jpeg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650,
frames 3
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9950728D.png
|
PNG image data, 838 x 469, 8-bit colormap, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C4C845BC.png
|
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D3B5F0E7.png
|
PNG image data, 550 x 360, 8-bit colormap, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D937B123.png
|
PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\dobvw7pi71yxrkawv
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\nsn3BBA.tmp\oxtrp.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF3DF424E48F9DA5FE.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF60529B904FCF6857.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DF63AE2933B69E3EF1.TMP
|
CDFV2 Encrypted
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFB3F4E2B4E1F422B3.TMP
|
data
|
dropped
|
|
There are 11 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
|
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
|
|
|
|
C:\Users\Public\vbc.exe
|
'C:\Users\Public\vbc.exe'
|
|
|
|
C:\Users\Public\vbc.exe
|
'C:\Users\Public\vbc.exe'
|
|
|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://192.227.228.38/0078/vbc.exe
|
192.227.228.38
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
|
|
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.227.228.38
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
w))
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2F289
|
2F289
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
=2)
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33E19
|
33E19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\354F3
|
354F3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 21
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
|
Name
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33E19
|
33E19
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
EquationEditorFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
There are 32 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
30BA000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
3190000
|
heap private
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
820000
|
unkown image
|
page readonly
|
|
|
|
2E0000
|
unkown
|
page read and write
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
28A0000
|
unkown
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
6DE000
|
stack
|
page read and write
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
160000
|
unkown image
|
page read and write
|
|
|
|
1D8000
|
unkown
|
page execute and read and write
|
|
|
|
9C0000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
42A000
|
unkown image
|
page read and write
|
|
|
|
494000
|
heap default
|
page read and write
|
|
|
|
67A000
|
stack
|
page read and write
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
150000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
215000
|
unkown
|
page read and write
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
880000
|
unkown image
|
page readonly
|
|
|
|
73230000
|
unkown image
|
page readonly
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
2A0000
|
unkown image
|
page readonly
|
|
|
|
6F6000
|
heap private
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
830000
|
unkown image
|
page readonly
|
|
|
|
21C2000
|
heap private
|
page read and write
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
48E000
|
stack
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
5C0000
|
unkown image
|
page readonly
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
21E0000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
2130000
|
heap private
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
470000
|
heap default
|
page read and write
|
|
|
|
1FF0000
|
heap private
|
page read and write
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
1F40000
|
unkown
|
page read and write
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
D30000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
1C9000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
212000
|
heap default
|
page read and write
|
|
|
|
1D5000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
417000
|
unkown image
|
page read and write
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
CD000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
360000
|
heap default
|
page read and write
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
28A0000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
700000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
890000
|
unkown image
|
page readonly
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
1D5000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page read and write
|
|
|
|
230000
|
unkown image
|
page readonly
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
1360000
|
heap private
|
page read and write
|
|
|
|
1DD000
|
heap default
|
page read and write
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
28A0000
|
unkown
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
21B000
|
heap default
|
page read and write
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
522000
|
heap default
|
page read and write
|
|
|
|
D20000
|
unkown image
|
page readonly
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
6A0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
1D8000
|
unkown
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
510000
|
heap default
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
477000
|
heap default
|
page read and write
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
21D000
|
stack
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
heap default
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
4C0000
|
heap default
|
page read and write
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
20FF000
|
stack
|
page read and write
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
30B0000
|
unkown
|
page read and write
|
|
|
|
73235000
|
unkown image
|
page execute and read and write
|
|
|
|
20A000
|
unkown
|
page read and write
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
51F000
|
stack
|
page read and write
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
3B6000
|
unkown
|
page read and write
|
|
|
|
3130000
|
heap private
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
1F1F000
|
stack
|
page read and write
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
3F0000
|
unkown image
|
page readonly
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
6F0000
|
heap private
|
page read and write
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
4C7000
|
heap default
|
page read and write
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
422000
|
unkown image
|
page read and write
|
|
|
|
73237000
|
unkown image
|
page readonly
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
205000
|
unkown
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
1D5000
|
unkown
|
page execute and read and write
|
|
|
|
6E0000
|
unkown image
|
page readonly
|
|
|
|
208000
|
heap default
|
page read and write
|
|
|
|
BA0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
170000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
31E000
|
stack
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
heap default
|
page read and write
|
|
|
|
370000
|
heap private
|
page read and write
|
|
|
|
73234000
|
unkown image
|
page readonly
|
|
|
|
21A4000
|
heap private
|
page read and write
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
380000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
374000
|
heap private
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
28A0000
|
unkown
|
page read and write
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
690000
|
heap private
|
page read and write
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
1D5000
|
unkown
|
page execute and read and write
|
|
|
|
73231000
|
unkown image
|
page execute read
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
1D8000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
1D5000
|
unkown
|
page execute and read and write
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
B9E000
|
stack
|
page read and write
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
F300000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
1D8000
|
unkown
|
page execute and read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
F460000
|
unkown
|
page read and write
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
4E4000
|
heap default
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
28A0000
|
unkown
|
page read and write
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
1D5000
|
unkown
|
page execute and read and write
|
|
|
|
F2F0000
|
unkown
|
page read and write
|
|
|
|
1D8000
|
unkown
|
page execute and read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
409000
|
unkown image
|
page write copy
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
8B000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
70F000
|
stack
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
28A0000
|
unkown
|
page read and write
|
|
|
|
F3F1000
|
unkown
|
page read and write
|
|
|
|
250000
|
heap default
|
page read and write
|
|
|
|
21A0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown
|
page read and write
|
|
|
|
333D000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
1E8000
|
heap default
|
page read and write
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
unkown image
|
page readonly
|
|
|
|
73230000
|
unkown image
|
page readonly
|
|
|
|
1E6000
|
heap default
|
page read and write
|
|
|
|
401000
|
unkown image
|
page execute read
|
|
|
|
1A7000
|
heap default
|
page read and write
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
F3E0000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown image
|
page readonly
|
|
|
|
3260000
|
unkown
|
page read and write
|
|
|
|
33F0000
|
heap private
|
page read and write
|
|
|
|
EC0000
|
unkown image
|
page readonly
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
1C0000
|
unkown
|
page execute and read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
F3F4000
|
unkown
|
page read and write
|
|
|
|
407000
|
unkown image
|
page readonly
|
|
|
|
F400000
|
unkown
|
page read and write
|
|
|
|
18B000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
F3F7000
|
unkown
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
42D000
|
unkown image
|
page readonly
|
|
|
|
3220000
|
heap private
|
page read and write
|
|
|
|
1D5000
|
unkown
|
page execute and read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
333A000
|
unkown
|
page read and write
|
|
|
|
1C1000
|
unkown
|
page execute read
|
|
|
|
1D5000
|
unkown
|
page execute and read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
240000
|
unkown image
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
There are 478 hidden memdumps, click here to show them.