IOC Report

loading gif

Files

File Path
Type
Category
Malicious
08676789691.xlsm
Microsoft Excel 2007+
initial sample
 malicious
C:\ProgramData\SKZbt.rtf
HTML document, ASCII text, with very long lines, with CRLF line terminators
modified
 malicious
C:\Users\user\Desktop\08676789691.xlsm (copy)
Microsoft Excel 2007+
dropped
 malicious
C:\Users\user\Desktop\~$08676789691.xlsm
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\87F2F9FF.png
PNG image data, 960 x 540, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\Desktop\AA330000
Microsoft Excel 2007+
dropped
 clean
C:\Users\user\Desktop\AA330000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\wbem\WMIC.exe
wmic process call create "mshta C:\ProgramData\SKZbt.rtf"
 malicious
C:\Windows\System32\mshta.exe
mshta C:\ProgramData\SKZbt.rtf
 clean

URLs

Name
IP
Malicious
http://www.windows.com/pctv.
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhoreh
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9
unknown
 clean
http://purl.or
unknown
 clean
http://schemas.openformatrg/package/2006/content-t
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhore
unknown
 clean
http://157.230.250.107:8t
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://157.230.250P.6.
unknown
 clean
http://schemas.open
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://157.230.HTTP.6.0
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.openformatrg/package/2006/r
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://157.230.250.107:8080
unknown
 clean
http://157.230.250.107:808
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9enM
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://157.230.250.107:
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9e
157.230.250.107
 clean
http://servername/isapibackend.dll
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9ez:vy
unknown
 clean
http://157.230.250.107t.rtf
unknown
 clean
There are 18 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
157.230.250.107
unknown
United States
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
;e+
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2DC5B
2DC5B
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
$k+
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33CD1
33CD1
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
There are 26 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3390000
unkown image
page read and write
 clean
2D42000
unkown
page read and write
 clean
2C0F000
stack
page read and write
 clean
5986000
unkown
page read and write
 clean
48E000
heap default
page read and write
 clean
2419000
unkown
page read and write
 clean
4733000
unkown
page read and write
 clean
1DA8000
unkown
page read and write
 clean
2468000
unkown
page read and write
 clean
450000
heap default
page read and write
 clean
2A90000
unkown
page read and write
 clean
2660000
unkown image
page readonly
 clean
4000000
unkown
page read and write
 clean
6B90000
unkown
page read and write
 clean
4708000
unkown
page read and write
 clean
23D8000
unkown
page read and write
 clean
4110000
unkown
page read and write
 clean
5580000
unkown
page read and write
 clean
3330000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
4D00000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
366000
unkown
page read and write
 clean
2200000
heap private
page read and write
 clean
2D46000
unkown
page read and write
 clean
7910000
unkown
page read and write
 clean
1BE0000
unkown
page read and write
 clean
7595000
unkown
page read and write
 clean
4870000
heap private
page read and write
 clean
3610000
unkown
page read and write
 clean
3EF000
heap default
page read and write
 clean
BFF000
stack
page read and write
 clean
4E10000
unkown
page read and write
 clean
7747000
unkown
page read and write
 clean
4AA000
unkown
page read and write
 clean
310E000
stack
page read and write
 clean
490000
unkown image
page readonly
 clean
7FFFFFD0000
unkown image
page readonly
 clean
21A5000
heap private
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
5580000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
46F000
heap default
page read and write
 clean
6E83B000
unkown image
page read and write
 clean
6CCA000
heap private
page read and write
 clean
23DC000
unkown
page read and write
 clean
5590000
unkown
page read and write
 clean
35F0000
unkown
page read and write
 clean
3660000
unkown
page read and write
 clean
6EC4000
unkown image
page read and write
 clean
40000
unkown image
page readonly
 clean
4E57000
unkown
page read and write
 clean
512000
unkown
page read and write
 clean
6B40000
unkown
page read and write
 clean
77A0000
unkown
page read and write
 clean
53B0000
unkown
page read and write
 clean
3FC0000
unkown
page read and write
 clean
56F0000
unkown
page read and write
 clean
59D000
heap private
page read and write
 clean
787E000
stack
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
6B90000
unkown
page read and write
 clean
7700000
unkown
page read and write
 clean
6DF0000
unkown
page read and write
 clean
471B000
unkown
page read and write
 clean
2430000
unkown
page read and write
 clean
2205000
heap private
page read and write
 clean
4DA000
unkown
page read and write
 clean
40D0000
unkown
page read and write
 clean
3310000
heap private
page read and write
 clean
6CC7000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
2414000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
50E7000
unkown image
page readonly
 clean
33C0000
heap private
page read and write
 clean
778A000
unkown
page read and write
 clean
4300000
unkown
page read and write
 clean
21E6000
heap private
page read and write
 clean
194000
heap private
page read and write
 clean
7710000
unkown
page read and write
 clean
6F54000
heap private
page read and write
 clean
370000
heap default
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
35D3000
unkown
page read and write
 clean
4AF0000
heap private
page read and write
 clean
126000
unkown
page read and write
 clean
3700000
unkown
page read and write
 clean
4A6000
unkown
page read and write
 clean
78C2000
unkown
page read and write
 clean
F50000
unkown image
page readonly
 clean
3E6000
heap default
page read and write
 clean
5588000
unkown
page read and write
 clean
4DF000
unkown
page read and write
 clean
1CE0000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
3120000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
4AFD000
stack
page read and write
 clean
4746000
unkown
page read and write
 clean
4E54000
unkown
page read and write
 clean
5A4E000
unkown
page read and write
 clean
594A000
unkown
page read and write
 clean
2400000
unkown
page read and write
 clean
29A000
unkown
page read and write
 clean
1DA0000
unkown
page read and write
 clean
3699000
unkown
page read and write
 clean
1E70000
heap private
page read and write
 clean
40FE000
unkown
page read and write
 clean
420000
unkown image
page readonly
 clean
2FCF000
stack
page read and write
 clean
3DD000
heap default
page read and write
 clean
4F4000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
6E20000
unkown
page read and write
 clean
40F5000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
2B9F000
stack
page read and write
 clean
6B64000
unkown
page read and write
 clean
6CBA000
heap private
page read and write
 clean
640000
unkown image
page readonly
 clean
4CFF000
stack
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
43BE000
stack
page read and write
 clean
1D61000
unkown
page read and write
 clean
245C000
unkown
page read and write
 clean
6E30000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
2D47000
unkown
page read and write
 clean
78C0000
unkown
page read and write
 clean
76AA000
unkown
page read and write
 clean
6F20000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
334B000
heap private
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
2D45000
unkown
page read and write
 clean
4160000
heap private
page read and write
 clean
21B0000
unkown
page read and write
 clean
77DE000
unkown
page read and write
 clean
3658000
unkown
page read and write
 clean
2DA000
heap default
page read and write
 clean
40A0000
unkown
page read and write
 clean
517000
unkown
page read and write
 clean
59A000
heap private
page read and write
 clean
23C8000
unkown
page read and write
 clean
74EA000
unkown
page read and write
 clean
3190000
heap private
page read and write
 clean
7720000
unkown
page read and write
 clean
6F96000
unkown
page read and write
 clean
23F0000
unkown
page read and write
 clean
3370000
unkown
page read and write
 clean
4A8000
unkown
page read and write
 clean
78D4000
unkown
page read and write
 clean
594000
heap private
page read and write
 clean
1FFF000
stack
page read and write
 clean
2A90000
unkown
page read and write
 clean
2429000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
40B0000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
4DF000
unkown
page read and write
 clean
4704000
unkown
page read and write
 clean
3CC0000
heap private
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
772C000
unkown
page read and write
 clean
6E84F000
unkown image
page readonly
 clean
78B0000
unkown
page read and write
 clean
75FE000
stack
page read and write
 clean
6C60000
unkown image
page readonly
 clean
4710000
unkown
page read and write
 clean
4E6A000
unkown
page read and write
 clean
5580000
unkown
page read and write
 clean
4E5B000
unkown
page read and write
 clean
4E59000
unkown
page read and write
 clean
35D5000
unkown
page read and write
 clean
6CAA000
unkown
page read and write
 clean
3FD0000
unkown
page read and write
 clean
2D4B000
unkown
page read and write
 clean
40B5000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
5630000
heap private
page read and write
 clean
2D44000
unkown
page read and write
 clean
590000
heap private
page read and write
 clean
2810000
heap private
page read and write
 clean
78D0000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
6F10000
unkown
page read and write
 clean
223B000
heap private
page read and write
 clean
7900000
unkown
page read and write
 clean
128000
unkown
page read and write
 clean
4E1000
unkown
page read and write
 clean
7730000
unkown
page read and write
 clean
C30000
unkown image
page readonly
 clean
3640000
unkown
page read and write
 clean
3630000
unkown
page read and write
 clean
23E0000
unkown
page read and write
 clean
1D65000
unkown
page read and write
 clean
1E0000
unkown image
page read and write
 clean
69F000
stack
page read and write
 clean
3F30000
heap private
page read and write
 clean
45CE000
stack
page read and write
 clean
78C6000
unkown
page read and write
 clean
504000
unkown
page read and write
 clean
4E0B000
unkown
page read and write
 clean
7940000
unkown
page read and write
 clean
6EE4000
unkown image
page read and write
 clean
2404000
unkown
page read and write
 clean
6C90000
unkown
page read and write
 clean
21EF000
heap private
page read and write
 clean
2A0000
unkown image
page readonly
 clean
4A0000
unkown
page read and write
 clean
1E30000
unkown image
page read and write
 clean
4B8000
unkown
page read and write
 clean
3300000
unkown
page read and write
 clean
5580000
unkown
page read and write
 clean
3506000
unkown
page read and write
 clean
6BB0000
unkown
page read and write
 clean
4FB000
unkown
page read and write
 clean
5580000
unkown
page read and write
 clean
1D80000
heap private
page read and write
 clean
7723000
unkown
page read and write
 clean
2E5F000
stack
page read and write
 clean
243C000
unkown
page read and write
 clean
3FB0000
unkown
page read and write
 clean
2D4C000
unkown
page read and write
 clean
4EBE000
stack
page read and write
 clean
4F3000
unkown
page read and write
 clean
7998000
unkown
page read and write
 clean
4DA000
unkown
page read and write
 clean
4B8000
unkown
page read and write
 clean
1DBE000
unkown
page read and write
 clean
7932000
unkown
page read and write
 clean
240C000
unkown
page read and write
 clean
76EA000
unkown
page read and write
 clean
532C000
unkown
page read and write
 clean
410F000
unkown
page read and write
 clean
32E0000
unkown
page read and write
 clean
6ED0000
unkown image
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
6E521000
unkown image
page execute read
 clean
3310000
unkown
page read and write
 clean
26D0000
unkown image
page readonly
 clean
1D97000
unkown
page read and write
 clean
5580000
unkown
page read and write
 clean
512000
unkown
page read and write
 clean
6EEA000
unkown image
page read and write
 clean
18E000
stack
page read and write
 clean
23F4000
unkown
page read and write
 clean
7740000
unkown
page read and write
 clean
2440000
unkown
page read and write
 clean
714000
heap private
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
260000
unkown
page read and write
 clean
650000
unkown image
page readonly
 clean
77EE000
unkown
page read and write
 clean
4050000
heap private
page read and write
 clean
2720000
heap private
page read and write
 clean
2A50000
heap private
page read and write
 clean
32DE000
stack
page read and write
 clean
5580000
unkown
page read and write
 clean
4AB000
unkown
page read and write
 clean
49D2000
unkown
page read and write
 clean
53A0000
unkown image
page readonly
 clean
4270000
unkown
page read and write
 clean
4769000
unkown
page read and write
 clean
5EE2000
unkown image
page read and write
 clean
3315000
heap private
page read and write
 clean
4E62000
unkown
page read and write
 clean
3650000
unkown
page read and write
 clean
6B82000
unkown
page read and write
 clean
518000
unkown
page read and write
 clean
220B000
heap private
page read and write
 clean
4DF8000
unkown
page read and write
 clean
6F3A000
unkown
page read and write
 clean
4E47000
unkown
page read and write
 clean
31D0000
unkown
page read and write
 clean
4109000
unkown
page read and write
 clean
5940000
unkown
page read and write
 clean
2D43000
unkown
page read and write
 clean
301000
heap default
page read and write
 clean
292E000
stack
page read and write
 clean
6E520000
unkown image
page readonly
 clean
472B000
unkown
page read and write
 clean
32F0000
unkown
page read and write
 clean
77B6000
unkown
page read and write
 clean
2124000
unkown
page read and write
 clean
23CC000
unkown
page read and write
 clean
6CB9000
unkown
page read and write
 clean
40FA000
unkown
page read and write
 clean
4730000
unkown
page read and write
 clean
2670000
unkown image
page readonly
 clean
1D70000
unkown
page read and write
 clean
76B1000
unkown
page read and write
 clean
1E0000
unkown
page read and write
 clean
2A4000
heap default
page read and write
 clean
2E90000
unkown
page read and write
 clean
DB0000
unkown image
page readonly
 clean
1D30000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
4090000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
6EF0000
unkown
page read and write
 clean
76C7000
unkown
page read and write
 clean
2103000
unkown
page read and write
 clean
6C50000
unkown
page read and write
 clean
4B4000
heap private
page read and write
 clean
2448000
unkown
page read and write
 clean
2120000
unkown
page read and write
 clean
72F000
stack
page read and write
 clean
6B6C000
unkown
page read and write
 clean
2488000
unkown
page read and write
 clean
3338000
unkown
page read and write
 clean
7E0000
unkown image
page readonly
 clean
3FA0000
unkown
page read and write
 clean
2CF000
heap default
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
2010000
unkown image
page readonly
 clean
3F35000
heap private
page read and write
 clean
4100000
unkown
page read and write
 clean
4E00000
unkown
page read and write
 clean
40F7000
unkown
page read and write
 clean
26E000
heap default
page read and write
 clean
7060000
heap private
page read and write
 clean
2460000
unkown
page read and write
 clean
56E0000
unkown
page read and write
 clean
1CF0000
unkown
page read and write
 clean
70E0000
unkown
page read and write
 clean
59FE000
unkown
page read and write
 clean
78C7000
unkown
page read and write
 clean
3340000
unkown
page read and write
 clean
6E10000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
2139000
heap private
page read and write
 clean
2050000
heap private
page read and write
 clean
3110000
unkown
page read and write
 clean
2470000
unkown
page read and write
 clean
276000
unkown
page read and write
 clean
2D40000
unkown
page read and write
 clean
2F6D000
stack
page read and write
 clean
2464000
unkown
page read and write
 clean
1C16000
unkown
page read and write
 clean
6CA0000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
7FFFFFB2000
unkown image
page readonly
 clean
59F1000
unkown
page read and write
 clean
2D48000
unkown
page read and write
 clean
40F2000
unkown
page read and write
 clean
3688000
unkown
page read and write
 clean
45A000
heap default
page read and write
 clean
1D40000
unkown
page read and write
 clean
21C6000
unkown
page read and write
 clean
3AE000
heap default
page read and write
 clean
3690000
heap private
page read and write
 clean
6EE0000
unkown image
page read and write
 clean
7930000
unkown
page read and write
 clean
55A0000
heap private
page read and write
 clean
78AA000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
7936000
unkown
page read and write
 clean
2500000
heap private
page read and write
 clean
3FF0000
unkown
page read and write
 clean
1B20000
unkown image
page readonly
 clean
4DA000
unkown
page read and write
 clean
4C0000
unkown image
page readonly
 clean
5B43000
unkown image
page read and write
 clean
557E000
stack
page read and write
 clean
7920000
unkown
page read and write
 clean
7880000
unkown
page read and write
 clean
2380000
unkown
page read and write
 clean
6F40000
unkown
page read and write
 clean
23EC000
unkown
page read and write
 clean
502000
unkown
page read and write
 clean
20F0000
unkown image
page readonly
 clean
2D4A000
unkown
page read and write
 clean
130000
unkown
page read and write
 clean
44B000
unkown
page read and write
 clean
4B0000
heap private
page read and write
 clean
31CF000
stack
page read and write
 clean
40BD000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
3380000
unkown image
page readonly
 clean
21A0000
heap private
page read and write
 clean
4B8000
unkown
page read and write
 clean
2580000
unkown image
page readonly
 clean
25D000
unkown
page read and write
 clean
6ECA000
unkown image
page read and write
 clean
7523000
unkown
page read and write
 clean
4B9000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
6CC6000
heap private
page read and write
 clean
1F0000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
52E0000
unkown
page read and write
 clean
7990000
unkown
page read and write
 clean
4B9000
unkown
page read and write
 clean
4DF000
unkown
page read and write
 clean
1D0000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
6EDA000
unkown image
page read and write
 clean
2135000
heap private
page read and write
 clean
6CBD000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
7770000
unkown
page read and write
 clean
75B6000
unkown
page read and write
 clean
6CB5000
heap private
page read and write
 clean
3E20000
heap private
page read and write
 clean
6C4F000
stack
page read and write
 clean
3620000
unkown
page read and write
 clean
6B90000
unkown
page read and write
 clean
77FE000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
6CC2000
unkown
page read and write
 clean
3A0000
heap default
page read and write
 clean
4748000
unkown
page read and write
 clean
422F000
stack
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
275B000
heap private
page read and write
 clean
1E40000
heap private
page read and write
 clean
3800000
unkown image
page readonly
 clean
34D0000
unkown
page read and write
 clean
2438000
unkown
page read and write
 clean
5961000
unkown
page read and write
 clean
330000
unkown
page read and write
 clean
4737000
unkown
page read and write
 clean
6F60000
unkown
page read and write
 clean
6C70000
unkown
page read and write
 clean
3350000
unkown
page read and write
 clean
2100000
unkown
page read and write
 clean
7795000
unkown
page read and write
 clean
4E6B000
unkown
page read and write
 clean
5580000
unkown
page read and write
 clean
34CE000
stack
page read and write
 clean
40B2000
unkown
page read and write
 clean
3320000
unkown
page read and write
 clean
6ED4000
unkown image
page read and write
 clean
60E000
stack
page read and write
 clean
308E000
stack
page read and write
 clean
78A0000
unkown
page read and write
 clean
2FD0000
unkown
page read and write
 clean
4DA000
unkown
page read and write
 clean
2100000
heap private
page read and write
 clean
4727000
unkown
page read and write
 clean
4E6D000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
59FA000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
409E000
unkown
page read and write
 clean
33B0000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
1D33000
unkown
page read and write
 clean
7980000
unkown
page read and write
 clean
62D2000
unkown image
page readonly
 clean
7996000
unkown
page read and write
 clean
3600000
unkown
page read and write
 clean
752C000
unkown
page read and write
 clean
3FE0000
unkown
page read and write
 clean
237000
heap default
page read and write
 clean
30000
unkown image
page readonly
 clean
550000
unkown image
page readonly
 clean
2490000
unkown
page read and write
 clean
6E844000
unkown image
page read and write
 clean
2EC000
heap default
page read and write
 clean
40E0000
unkown
page read and write
 clean
26EF000
stack
page read and write
 clean
6EC0000
unkown image
page read and write
 clean
758A000
unkown
page read and write
 clean
1D43000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
23E8000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
75DE000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
3ED000
heap default
page read and write
 clean
1D85000
heap private
page read and write
 clean
4735000
unkown
page read and write
 clean
475D000
unkown
page read and write
 clean
75EE000
unkown
page read and write
 clean
4DA000
unkown
page read and write
 clean
1E45000
heap private
page read and write
 clean
2110000
unkown
page read and write
 clean
190000
heap private
page read and write
 clean
23F8000
unkown
page read and write
 clean
6E848000
unkown image
page write copy
 clean
33C4000
heap private
page read and write
 clean
4F00000
unkown image
page readonly
 clean
784D000
unkown
page read and write
 clean
4DA000
unkown
page read and write
 clean
76E3000
unkown
page read and write
 clean
45D0000
unkown image
page readonly
 clean
2474000
unkown
page read and write
 clean
1D00000
unkown
page read and write
 clean
65300000
unkown image
page readonly
 clean
124000
unkown
page read and write
 clean
2CBF000
stack
page read and write
 clean
2350000
unkown image
page readonly
 clean
435000
heap default
page read and write
 clean
3320000
unkown image
page readonly
 clean
2650000
heap private
page read and write
 clean
6E84C000
unkown image
page read and write
 clean
4970000
heap private
page read and write
 clean
49B000
unkown
page read and write
 clean
377000
heap default
page read and write
 clean
470000
unkown
page read and write
 clean
3507000
unkown image
page readonly
 clean
6CB0000
heap private
page read and write
 clean
1D3E000
unkown
page read and write
 clean
1D0000
unkown image
page readonly
 clean
31D0000
unkown
page read and write
 clean
2725000
heap private
page read and write
 clean
413000
heap default
page read and write
 clean
DC0000
unkown image
page readonly
 clean
558A000
unkown
page read and write
 clean
2D41000
unkown
page read and write
 clean
106000
unkown
page read and write
 clean
23E4000
unkown
page read and write
 clean
6CBF000
heap private
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
2360000
unkown image
page read and write
 clean
4F7000
unkown
page read and write
 clean
2410000
unkown
page read and write
 clean
40C0000
unkown
page read and write
 clean
6F50000
heap private
page read and write
 clean
44C0000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
6C80000
unkown
page read and write
 clean
3EA0000
unkown
page read and write
 clean
457000
heap default
page read and write
 clean
21C0000
unkown
page read and write
 clean
23D0000
unkown
page read and write
 clean
210000
unkown
page read and write
 clean
4010000
heap private
page execute and read and write
 clean
3670000
unkown
page read and write
 clean
4C4000
unkown
page read and write
 clean
78D0000
unkown
page read and write
 clean
7940000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
2CC0000
heap private
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
2CC0000
unkown
page read and write
 clean
3130000
unkown image
page readonly
 clean
40A8000
unkown
page read and write
 clean
5580000
unkown
page read and write
 clean
2130000
heap private
page read and write
 clean
2D49000
unkown
page read and write
 clean
4E66000
unkown
page read and write
 clean
220000
unkown
page read and write
 clean
430000
unkown
page read and write
 clean
40BB000
unkown
page read and write
 clean
78B1000
unkown
page read and write
 clean
7FEFF1A0000
unkown
page execute read
 clean
598F000
unkown
page read and write
 clean
21DB000
heap private
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
318E000
stack
page read and write
 clean
1DAE000
unkown
page read and write
 clean
6BD0000
heap private
page read and write
 clean
2408000
unkown
page read and write
 clean
76D4000
unkown
page read and write
 clean
480000
unkown
page read and write
 clean
200000
unkown image
page readonly
 clean
3140000
heap private
page read and write
 clean
2204000
heap private
page read and write
 clean
3206000
unkown
page read and write
 clean
4B8000
unkown
page read and write
 clean
40B9000
unkown
page read and write
 clean
20000
unkown image
page read and write
 clean
6BA0000
unkown
page read and write
 clean
444000
unkown
page read and write
 clean
4D5F000
stack
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
296000
unkown
page read and write
 clean
4739000
unkown
page read and write
 clean
6B8F000
unkown
page read and write
 clean
710000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
230000
heap default
page read and write
 clean
6B60000
unkown
page read and write
 clean
2504000
heap private
page read and write
 clean
4C2000
unkown
page read and write
 clean
764D000
unkown
page read and write
 clean
75FE000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
6E40000
heap private
page read and write
 clean
3DA0000
heap private
page read and write
 clean
582C000
stack
page read and write
 clean
6E7F1000
unkown image
page readonly
 clean
30000
unkown image
page readonly
 clean
244C000
unkown
page read and write
 clean
6E00000
unkown
page read and write
 clean
4280000
heap private
page read and write
 clean
7992000
unkown
page read and write
 clean
32E6000
unkown
page read and write
 clean
76F0000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
78D0000
unkown
page read and write
 clean
6C50000
unkown
page read and write
 clean
4A9000
unkown
page read and write
 clean
2200000
heap private
page read and write
 clean
75A0000
unkown
page read and write
 clean
D0000
unkown
page read and write
 clean
3697000
heap private
page read and write
 clean
248C000
unkown
page read and write
 clean
6C50000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
4A0000
unkown
page read and write
 clean
5580000
unkown
page read and write
 clean
3360000
unkown
page read and write
 clean
5400000
heap private
page read and write
 clean
29B0000
heap private
page read and write
 clean
6F0000
unkown
page read and write
 clean
3A7000
heap default
page read and write
 clean
1D50000
unkown
page read and write
 clean
7890000
unkown
page read and write
 clean
6E20000
unkown
page read and write
 clean
There are 607 hidden memdumps, click here to show them.