Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
enjoin,12.27.2021.doc
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Comments: ta, Template: Normal,
Last Saved By: Windows, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Dec
27 11:02:00 2021, Last Saved Time/Date: Mon Dec 27 11:02:00 2021, Number of Pages: 1, Number of Words: 116, Number of Characters:
16118, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vaci3[1].htm
|
HTML document, ASCII text
|
dropped
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{64EB5F3D-FB2E-4BD3-8AEA-82C307C336B9}.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B70C9704-7AD7-458C-BF06-A25E66915659}.tmp
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\~DFDA21D6ED226BEFAA.TMP
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue
Oct 17 10:04:00 2017, mtime=Fri Dec 31 19:23:16 2021, atime=Fri Dec 31 19:23:16 2021, length=8192, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\enjoin,12.27.2021.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:55
2021, mtime=Mon Aug 30 20:08:55 2021, atime=Fri Dec 31 19:23:12 2021, length=80896, window=hide
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\i7Gigabyte.LNK
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Dec 31 19:23:16
2021, mtime=Fri Dec 31 19:23:16 2021, atime=Fri Dec 31 19:23:16 2021, length=4060, window=hide
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$join,12.27.2021.doc
|
data
|
dropped
|
|
|
|
C:\Users\user\Documents\i7Gigabyte.hta (copy)
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Documents\~$Gigabyte.hta
|
data
|
dropped
|
|
|
|
C:\Users\user\Documents\~WRD0000.tmp
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
|
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
|
|
|
|
C:\Windows\explorer.exe
|
explorer i7Gigabyte.hta
|
|
|
|
C:\Windows\explorer.exe
|
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
|
|
|
|
C:\Windows\SysWOW64\mshta.exe
|
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\user\Documents\i7Gigabyte.hta"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://patelboostg.com/frhe/L8dclCye7SQ5WTFva78FDxOjGBOF9iJro4DRgV/5inYIaSBt0KLfMB9kXwZBv6ZpTsny6/qAhIQjrAaLKJeTLQnbCarASpMADNe9u19Kylnkoreo7/SjqMh4eEx0Hx9b4h5e2fMcQgeIbFT/kKeSzfUaenwSFB/ISkVIHedx0p/49280/SruwcI68Yb5pVaVqfvyOHztDsbEuhGxtlV6bpgPIFvGFQ277/7FkN9pAcaWDfFlGNBeuaqGed8iDibaWexT/GyAAzLRbFAU1XErrU1F/vaci3?page=V8BBaQuem65&page=XYvyd0Dcrg6fJYLGHRVWp7s1tv&page=dvZwXcjcYCjBX8tPaALshiDAx85PEq&sid=10tOgWzOZj9xyAidNJAz3d9Ob0
|
45.67.229.54
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://patelboostg.com/frhe/L8dclCye7SQ5WTFva78FDxOjGBOF9iJro4DRgV/5inYIaSBt0KLfMB9kXwZBv6ZpTsny6/qA
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
patelboostg.com
|
45.67.229.54
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.67.229.54
|
patelboostg.com
|
Moldova Republic of
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
rx&
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
iy&
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
|
k{&
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\2D182
|
2D182
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 21
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Max Display
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 1
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 2
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 3
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 4
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 5
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 6
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 7
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 8
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 9
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 10
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 11
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 12
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 13
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 14
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 15
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 16
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 17
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 18
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 19
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 20
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\file mru
|
Item 21
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\2DBDE
|
2DBDE
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
WORDFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\2D182
|
2D182
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\OpenWithProgids
|
htafile
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
|
SavedLegacySettings
|
|
There are 55 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
33B000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
D59000
|
unkown
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
7EFDF000
|
unkown
|
page read and write
|
|
|
|
D9E000
|
unkown
|
page read and write
|
|
|
|
2FFE000
|
stack
|
page read and write
|
|
|
|
41E000
|
unkown
|
page read and write
|
|
|
|
220F000
|
stack
|
page read and write
|
|
|
|
41E000
|
unkown
|
page read and write
|
|
|
|
338000
|
unkown
|
page read and write
|
|
|
|
373000
|
unkown
|
page read and write
|
|
|
|
319000
|
unkown
|
page read and write
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
D6D000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
D2C000
|
unkown
|
page read and write
|
|
|
|
33C000
|
unkown
|
page read and write
|
|
|
|
6694000
|
heap private
|
page read and write
|
|
|
|
319E000
|
stack
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
2BC0000
|
unkown image
|
page readonly
|
|
|
|
347000
|
unkown
|
page read and write
|
|
|
|
3ED000
|
unkown
|
page read and write
|
|
|
|
2343000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
618C000
|
stack
|
page read and write
|
|
|
|
2E00000
|
unkown image
|
page readonly
|
|
|
|
2C32000
|
unkown
|
page read and write
|
|
|
|
6740000
|
unkown
|
page read and write
|
|
|
|
274E000
|
stack
|
page read and write
|
|
|
|
1FB000
|
unkown
|
page read and write
|
|
|
|
1A0000
|
heap default
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
64CD000
|
stack
|
page read and write
|
|
|
|
353000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
29A000
|
unkown
|
page read and write
|
|
|
|
2C30000
|
unkown
|
page read and write
|
|
|
|
416000
|
unkown
|
page read and write
|
|
|
|
373000
|
unkown
|
page read and write
|
|
|
|
2345000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2C26000
|
unkown
|
page read and write
|
|
|
|
DA4000
|
unkown
|
page read and write
|
|
|
|
30C000
|
unkown
|
page read and write
|
|
|
|
E80000
|
unkown image
|
page readonly
|
|
|
|
28BF000
|
stack
|
page read and write
|
|
|
|
34E000
|
unkown
|
page read and write
|
|
|
|
D86000
|
unkown
|
page read and write
|
|
|
|
D84000
|
unkown
|
page read and write
|
|
|
|
434000
|
unkown
|
page read and write
|
|
|
|
338000
|
unkown
|
page read and write
|
|
|
|
364000
|
unkown
|
page read and write
|
|
|
|
2D5000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
2350000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
2C25000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
6745000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
3FF000
|
heap default
|
page read and write
|
|
|
|
24A0000
|
unkown image
|
page readonly
|
|
|
|
347000
|
unkown
|
page read and write
|
|
|
|
100000
|
unkown
|
page read and write
|
|
|
|
58F000
|
heap private
|
page read and write
|
|
|
|
33B000
|
unkown
|
page read and write
|
|
|
|
43B000
|
unkown
|
page read and write
|
|
|
|
3E5000
|
heap default
|
page read and write
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
409000
|
unkown
|
page read and write
|
|
|
|
31E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
6EFD000
|
stack
|
page read and write
|
|
|
|
2C24000
|
unkown
|
page read and write
|
|
|
|
D9E000
|
unkown
|
page read and write
|
|
|
|
586000
|
heap private
|
page read and write
|
|
|
|
2BA0000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
332000
|
unkown
|
page read and write
|
|
|
|
D52000
|
unkown
|
page read and write
|
|
|
|
345000
|
unkown
|
page read and write
|
|
|
|
34E000
|
unkown
|
page read and write
|
|
|
|
1D4000
|
heap private
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
32C000
|
unkown
|
page read and write
|
|
|
|
1D0000
|
heap private
|
page read and write
|
|
|
|
5E70000
|
heap private
|
page read and write
|
|
|
|
3EB000
|
unkown
|
page read and write
|
|
|
|
2F8000
|
heap default
|
page read and write
|
|
|
|
347000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
DBA000
|
unkown
|
page read and write
|
|
|
|
2D5000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
343000
|
unkown
|
page read and write
|
|
|
|
2C33000
|
unkown
|
page read and write
|
|
|
|
258F000
|
unkown
|
page read and write
|
|
|
|
2C22000
|
unkown
|
page read and write
|
|
|
|
33E000
|
unkown
|
page read and write
|
|
|
|
2DC0000
|
unkown
|
page read and write
|
|
|
|
297000
|
heap default
|
page read and write
|
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
2D3F000
|
stack
|
page read and write
|
|
|
|
298F000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
34B000
|
unkown
|
page read and write
|
|
|
|
38B7000
|
unkown image
|
page readonly
|
|
|
|
D23000
|
unkown
|
page read and write
|
|
|
|
580000
|
heap private
|
page read and write
|
|
|
|
D0000
|
unkown image
|
page readonly
|
|
|
|
33B000
|
unkown
|
page read and write
|
|
|
|
416000
|
unkown
|
page read and write
|
|
|
|
3BE000
|
heap default
|
page read and write
|
|
|
|
33E000
|
unkown
|
page read and write
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
D87000
|
unkown
|
page read and write
|
|
|
|
2DA6000
|
unkown
|
page read and write
|
|
|
|
610000
|
unkown image
|
page readonly
|
|
|
|
611C000
|
stack
|
page read and write
|
|
|
|
27CE000
|
stack
|
page read and write
|
|
|
|
6DC0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
120000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
44A000
|
unkown
|
page read and write
|
|
|
|
2C2A000
|
unkown
|
page read and write
|
|
|
|
D86000
|
unkown
|
page read and write
|
|
|
|
D65000
|
unkown
|
page read and write
|
|
|
|
7EFC2000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
41E000
|
unkown
|
page read and write
|
|
|
|
1CC0000
|
heap private
|
page read and write
|
|
|
|
44B000
|
unkown
|
page read and write
|
|
|
|
404000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
228F000
|
stack
|
page read and write
|
|
|
|
6540000
|
heap private
|
page read and write
|
|
|
|
2584000
|
unkown
|
page read and write
|
|
|
|
2C2C000
|
unkown
|
page read and write
|
|
|
|
1BA0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
345000
|
unkown
|
page read and write
|
|
|
|
D9E000
|
unkown
|
page read and write
|
|
|
|
319000
|
unkown
|
page read and write
|
|
|
|
263E000
|
stack
|
page read and write
|
|
|
|
30E000
|
unkown
|
page read and write
|
|
|
|
60DC000
|
stack
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
600000
|
unkown image
|
page readonly
|
|
|
|
34B000
|
unkown
|
page read and write
|
|
|
|
720000
|
unkown image
|
page readonly
|
|
|
|
2C2E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
1C50000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
D9E000
|
unkown
|
page read and write
|
|
|
|
72A0000
|
heap private
|
page read and write
|
|
|
|
2990000
|
unkown
|
page execute
|
|
|
|
165000
|
unkown
|
page read and write
|
|
|
|
6700000
|
heap private
|
page read and write
|
|
|
|
590000
|
unkown image
|
page readonly
|
|
|
|
300000
|
unkown image
|
page readonly
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
3BE000
|
heap default
|
page read and write
|
|
|
|
6225000
|
unkown
|
page read and write
|
|
|
|
408000
|
unkown
|
page read and write
|
|
|
|
319000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown image
|
page readonly
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
2364000
|
heap private
|
page read and write
|
|
|
|
329000
|
unkown
|
page read and write
|
|
|
|
32BD000
|
stack
|
page read and write
|
|
|
|
2360000
|
heap private
|
page read and write
|
|
|
|
DA2000
|
unkown
|
page read and write
|
|
|
|
DA4000
|
unkown
|
page read and write
|
|
|
|
373000
|
unkown
|
page read and write
|
|
|
|
2F8000
|
unkown
|
page read and write
|
|
|
|
384000
|
unkown
|
page read and write
|
|
|
|
D68000
|
unkown
|
page read and write
|
|
|
|
72AB000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
38F000
|
unkown
|
page read and write
|
|
|
|
380000
|
heap default
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
1E0000
|
unkown image
|
page readonly
|
|
|
|
5FA0000
|
heap private
|
page read and write
|
|
|
|
3E0000
|
unkown
|
page read and write
|
|
|
|
3F5000
|
unkown
|
page read and write
|
|
|
|
22FF000
|
stack
|
page read and write
|
|
|
|
2DA0000
|
unkown
|
page read and write
|
|
|
|
6190000
|
heap private
|
page read and write
|
|
|
|
2D80000
|
unkown
|
page execute
|
|
|
|
26BE000
|
stack
|
page read and write
|
|
|
|
439000
|
unkown
|
page read and write
|
|
|
|
2310000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page read and write
|
|
|
|
42B000
|
unkown
|
page read and write
|
|
|
|
38F000
|
unkown
|
page read and write
|
|
|
|
D27000
|
unkown
|
page read and write
|
|
|
|
33B000
|
unkown
|
page read and write
|
|
|
|
16B000
|
unkown
|
page read and write
|
|
|
|
1C0B000
|
heap private
|
page read and write
|
|
|
|
387000
|
heap default
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
332000
|
unkown
|
page read and write
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
27EE000
|
stack
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
200000
|
unkown
|
page read and write
|
|
|
|
2D7D000
|
stack
|
page read and write
|
|
|
|
2C20000
|
unkown
|
page read and write
|
|
|
|
E40000
|
unkown
|
page read and write
|
|
|
|
38F000
|
unkown
|
page read and write
|
|
|
|
345000
|
unkown
|
page read and write
|
|
|
|
365000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
621B000
|
unkown
|
page read and write
|
|
|
|
6360000
|
heap private
|
page read and write
|
|
|
|
25B0000
|
heap private
|
page read and write
|
|
|
|
38F000
|
unkown
|
page read and write
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
352000
|
unkown
|
page read and write
|
|
|
|
72A8000
|
heap private
|
page read and write
|
|
|
|
6742000
|
unkown
|
page read and write
|
|
|
|
319000
|
unkown
|
page read and write
|
|
|
|
622B000
|
unkown
|
page read and write
|
|
|
|
40A000
|
heap default
|
page read and write
|
|
|
|
409000
|
unkown
|
page read and write
|
|
|
|
3DF000
|
heap default
|
page read and write
|
|
|
|
D83000
|
unkown
|
page read and write
|
|
|
|
61EE000
|
unkown
|
page read and write
|
|
|
|
319000
|
unkown
|
page read and write
|
|
|
|
2340000
|
unkown
|
page read and write
|
|
|
|
210000
|
unkown
|
page read and write
|
|
|
|
401000
|
unkown
|
page read and write
|
|
|
|
41E000
|
unkown
|
page read and write
|
|
|
|
2ED000
|
heap default
|
page read and write
|
|
|
|
33E000
|
unkown
|
page read and write
|
|
|
|
416000
|
unkown
|
page read and write
|
|
|
|
D65000
|
unkown
|
page read and write
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
459000
|
unkown
|
page read and write
|
|
|
|
2C28000
|
unkown
|
page read and write
|
|
|
|
445000
|
unkown
|
page read and write
|
|
|
|
6FFC000
|
stack
|
page read and write
|
|
|
|
2040000
|
unkown image
|
page readonly
|
|
|
|
370000
|
heap private
|
page read and write
|
|
|
|
36CF000
|
stack
|
page read and write
|
|
|
|
5F40000
|
heap private
|
page read and write
|
|
|
|
7EFC0000
|
unkown image
|
page readonly
|
|
|
|
290000
|
heap default
|
page read and write
|
|
|
|
DA5000
|
unkown
|
page read and write
|
|
|
|
2C21000
|
unkown
|
page read and write
|
|
|
|
335000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
unkown image
|
page read and write
|
|
|
|
6D30000
|
heap private
|
page read and write
|
|
|
|
106000
|
unkown
|
page read and write
|
|
|
|
362000
|
unkown
|
page read and write
|
|
|
|
2B00000
|
unkown
|
page read and write
|
|
|
|
D9E000
|
unkown
|
page read and write
|
|
|
|
236000
|
unkown
|
page read and write
|
|
|
|
2D5000
|
unkown
|
page read and write
|
|
|
|
50000
|
unkown image
|
page readonly
|
|
|
|
2C23000
|
unkown
|
page read and write
|
|
|
|
7EFB2000
|
unkown image
|
page readonly
|
|
|
|
34B000
|
unkown
|
page read and write
|
|
|
|
338000
|
unkown
|
page read and write
|
|
|
|
2F68000
|
heap private
|
page read and write
|
|
|
|
30E000
|
unkown
|
page read and write
|
|
|
|
2C31000
|
unkown
|
page read and write
|
|
|
|
373000
|
unkown
|
page read and write
|
|
|
|
31E000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
419000
|
unkown
|
page read and write
|
|
|
|
661C000
|
stack
|
page read and write
|
|
|
|
D9E000
|
unkown
|
page read and write
|
|
|
|
7EFB0000
|
unkown image
|
page readonly
|
|
|
|
402000
|
unkown
|
page read and write
|
|
|
|
2B4000
|
heap default
|
page read and write
|
|
|
|
2BA9000
|
unkown
|
page read and write
|
|
|
|
41E000
|
unkown
|
page read and write
|
|
|
|
34F000
|
unkown
|
page read and write
|
|
|
|
DB5000
|
unkown
|
page read and write
|
|
|
|
380000
|
heap default
|
page read and write
|
|
|
|
66B1000
|
heap private
|
page read and write
|
|
|
|
382000
|
unkown
|
page read and write
|
|
|
|
621A000
|
unkown
|
page read and write
|
|
|
|
290000
|
unkown
|
page read and write
|
|
|
|
6C5F000
|
stack
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
362000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
387000
|
heap default
|
page read and write
|
|
|
|
3DF000
|
heap default
|
page read and write
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
2DAB000
|
unkown
|
page read and write
|
|
|
|
343000
|
unkown
|
page read and write
|
|
|
|
2580000
|
unkown
|
page read and write
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
2C29000
|
unkown
|
page read and write
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
2F86000
|
heap private
|
page read and write
|
|
|
|
343000
|
unkown
|
page read and write
|
|
|
|
D88000
|
unkown
|
page read and write
|
|
|
|
D8A000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page read and write
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
408000
|
unkown
|
page read and write
|
|
|
|
374000
|
heap private
|
page read and write
|
|
|
|
41C000
|
unkown
|
page read and write
|
|
|
|
480000
|
unkown image
|
page readonly
|
|
|
|
D8A000
|
unkown
|
page read and write
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
6744000
|
unkown
|
page read and write
|
|
|
|
610000
|
unkown image
|
page readonly
|
|
|
|
1CC5000
|
heap private
|
page read and write
|
|
|
|
362000
|
unkown
|
page read and write
|
|
|
|
235B000
|
unkown
|
page read and write
|
|
|
|
712D000
|
stack
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
6743000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
382000
|
unkown
|
page read and write
|
|
|
|
2DB4000
|
unkown
|
page read and write
|
|
|
|
7EFD0000
|
unkown image
|
page readonly
|
|
|
|
382000
|
unkown
|
page read and write
|
|
|
|
382000
|
unkown
|
page read and write
|
|
|
|
359000
|
unkown
|
page read and write
|
|
|
|
362000
|
unkown
|
page read and write
|
|
|
|
297B000
|
unkown
|
page read and write
|
|
|
|
DA4000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
D4A000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
1BD0000
|
heap private
|
page read and write
|
|
|
|
3F6000
|
unkown
|
page read and write
|
|
|
|
25B4000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
61F8000
|
unkown
|
page read and write
|
|
|
|
710000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
298A000
|
unkown
|
page read and write
|
|
|
|
26A000
|
unkown
|
page read and write
|
|
|
|
72A4000
|
heap private
|
page read and write
|
|
|
|
1BD5000
|
heap private
|
page read and write
|
|
|
|
442000
|
unkown
|
page read and write
|
|
|
|
350000
|
unkown
|
page read and write
|
|
|
|
2ED000
|
unkown
|
page read and write
|
|
|
|
6222000
|
unkown
|
page read and write
|
|
|
|
36D0000
|
unkown image
|
page readonly
|
|
|
|
3AB0000
|
unkown image
|
page readonly
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
34DE000
|
stack
|
page read and write
|
|
|
|
2BC4000
|
unkown image
|
page readonly
|
|
|
|
2B0000
|
unkown
|
page read and write
|
|
|
|
480000
|
unkown image
|
page readonly
|
|
|
|
25D2000
|
heap private
|
page read and write
|
|
|
|
D5D000
|
unkown
|
page read and write
|
|
|
|
31E000
|
unkown
|
page read and write
|
|
|
|
382000
|
unkown
|
page read and write
|
|
|
|
416000
|
unkown
|
page read and write
|
|
|
|
43D000
|
unkown
|
page read and write
|
|
|
|
6690000
|
heap private
|
page read and write
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
2C2B000
|
unkown
|
page read and write
|
|
|
|
332000
|
unkown
|
page read and write
|
|
|
|
388000
|
unkown
|
page read and write
|
|
|
|
292E000
|
stack
|
page read and write
|
|
|
|
D86000
|
unkown
|
page read and write
|
|
|
|
335000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown
|
page read and write
|
|
|
|
327000
|
unkown
|
page read and write
|
|
|
|
31E000
|
unkown
|
page read and write
|
|
|
|
30E000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
6741000
|
unkown
|
page read and write
|
|
|
|
2F60000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2F8000
|
unkown
|
page read and write
|
|
|
|
2C2D000
|
unkown
|
page read and write
|
|
|
|
2E3000
|
unkown
|
page read and write
|
|
|
|
1CFB000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
1D40000
|
unkown image
|
page readonly
|
|
|
|
31E000
|
unkown
|
page read and write
|
|
|
|
32F0000
|
heap private
|
page read and write
|
|
|
|
44E000
|
unkown
|
page read and write
|
|
|
|
DA4000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
5E20000
|
heap private
|
page read and write
|
|
|
|
2BCF000
|
unkown image
|
page readonly
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
61D0000
|
unkown
|
page read and write
|
|
|
|
652E000
|
stack
|
page read and write
|
|
|
|
2C27000
|
unkown
|
page read and write
|
|
|
|
D9E000
|
unkown
|
page read and write
|
|
|
|
258B000
|
unkown
|
page read and write
|
|
There are 394 hidden memdumps, click here to show them.