IOC Report

loading gif

Files

File Path
Type
Category
Malicious
3762.xlsm
Microsoft Excel 2007+
initial sample
 malicious
C:\ProgramData\LZbir.rtf
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
 malicious
C:\Users\user\Desktop\3762.xlsm (copy)
Microsoft Excel 2007+
dropped
 malicious
C:\Users\user\Desktop\~$3762.xlsm
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4591166C.png
PNG image data, 960 x 540, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\Desktop\18430000
Microsoft Excel 2007+
dropped
 clean
C:\Users\user\Desktop\18430000:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\wbem\WMIC.exe
wmic process call create "mshta C:\ProgramData\LZbir.rtf"
 malicious
C:\Windows\System32\mshta.exe
mshta C:\ProgramData\LZbir.rtf
 clean

URLs

Name
IP
Malicious
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9
unknown
 clean
http://157.230.250.107:8
unknown
 clean
http://schemas.openformatrg/package/2006/content-t
unknown
 clean
http://157.230.250.10jec
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://schemas.open
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9e$
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.openformatrg/package/2006/r
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://157.230.250mObjec
unknown
 clean
http://157.230.250.10ject
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9e/
unknown
 clean
http://157.230.250.107:808
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9e
157.230.250.107
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhoreh=
unknown
 clean
http://servername/isapibackend.dll
unknown
 clean
There are 15 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
157.230.250.107
unknown
United States
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
nq,
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D4DC
2D4DC
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
%x,
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\34A78
34A78
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
There are 26 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5435000
heap private
page read and write
 clean
4089000
unkown
page read and write
 clean
2490000
unkown
page read and write
 clean
4AF000
unkown
page read and write
 clean
22C5000
heap private
page read and write
 clean
5410000
unkown
page read and write
 clean
25FC000
unkown
page read and write
 clean
40A5000
unkown
page read and write
 clean
2FAF000
stack
page read and write
 clean
3630000
unkown
page read and write
 clean
4340000
heap private
page read and write
 clean
75FA000
unkown
page read and write
 clean
29D5000
unkown
page read and write
 clean
27E0000
heap private
page read and write
 clean
5A68000
unkown
page read and write
 clean
2C2F000
stack
page read and write
 clean
29D3000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
2608000
unkown
page read and write
 clean
5702000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
22FB000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
4530000
heap private
page read and write
 clean
6D0A000
unkown image
page read and write
 clean
40000
unkown image
page readonly
 clean
5410000
unkown
page read and write
 clean
4F3B000
unkown
page read and write
 clean
562C000
stack
page read and write
 clean
4160000
heap private
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
7FFFFFD0000
unkown image
page readonly
 clean
543F000
heap private
page read and write
 clean
77E4000
unkown
page read and write
 clean
77F0000
unkown
page read and write
 clean
29D2000
unkown
page read and write
 clean
25D0000
heap private
page read and write
 clean
479000
unkown
page read and write
 clean
543A000
heap private
page read and write
 clean
33E0000
heap private
page read and write
 clean
174000
unkown
page read and write
 clean
106000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
40F0000
unkown
page read and write
 clean
591A000
unkown
page read and write
 clean
33F000
heap default
page read and write
 clean
7150000
unkown
page read and write
 clean
4070000
unkown
page read and write
 clean
45E000
heap default
page read and write
 clean
308F000
stack
page read and write
 clean
24C0000
unkown image
page readonly
 clean
6F90000
heap private
page read and write
 clean
5410000
unkown
page read and write
 clean
3526000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
6E858000
unkown image
page write copy
 clean
10000
unkown image
page read and write
 clean
421F000
stack
page read and write
 clean
2568000
unkown
page read and write
 clean
3310000
unkown image
page read and write
 clean
29D7000
unkown
page read and write
 clean
2020000
unkown
page read and write
 clean
790E000
unkown
page read and write
 clean
3810000
unkown
page read and write
 clean
7010000
unkown
page read and write
 clean
1D60000
unkown
page read and write
 clean
2DD0000
unkown image
page readonly
 clean
47B000
unkown
page read and write
 clean
5650000
heap private
page read and write
 clean
36C0000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
15E000
unkown
page read and write
 clean
79BA000
unkown
page read and write
 clean
3610000
heap private
page read and write
 clean
7870000
unkown
page read and write
 clean
33C5000
unkown
page read and write
 clean
4AF000
unkown
page read and write
 clean
2023000
unkown
page read and write
 clean
6F60000
unkown
page read and write
 clean
2598000
unkown
page read and write
 clean
43EE000
stack
page read and write
 clean
4050000
unkown
page read and write
 clean
356E000
stack
page read and write
 clean
2584000
unkown
page read and write
 clean
25A0000
unkown
page read and write
 clean
3D4000
heap private
page read and write
 clean
5A7F000
unkown
page read and write
 clean
500000
unkown image
page readonly
 clean
4090000
unkown
page read and write
 clean
256C000
unkown
page read and write
 clean
6F50000
unkown
page read and write
 clean
2DE000
heap default
page read and write
 clean
6EF0000
unkown
page read and write
 clean
2670000
unkown
page read and write
 clean
6A0000
unkown image
page readonly
 clean
2950000
heap private
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
5410000
unkown
page read and write
 clean
2324000
heap private
page read and write
 clean
31AF000
stack
page read and write
 clean
2590000
unkown
page read and write
 clean
5446000
heap private
page read and write
 clean
4AA000
unkown
page read and write
 clean
6C80000
heap private
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
31BD000
stack
page read and write
 clean
25B6000
unkown
page read and write
 clean
5ACD000
unkown
page read and write
 clean
2580000
unkown image
page readonly
 clean
34F0000
unkown
page read and write
 clean
3830000
unkown
page read and write
 clean
1B4000
unkown
page read and write
 clean
5930000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
6F40000
unkown
page read and write
 clean
78B0000
unkown
page read and write
 clean
4630000
heap private
page read and write
 clean
37D0000
unkown
page read and write
 clean
775D000
unkown
page read and write
 clean
1DA8000
unkown
page read and write
 clean
1D53000
unkown
page read and write
 clean
4AF000
unkown
page read and write
 clean
5410000
unkown
page read and write
 clean
4070000
unkown
page read and write
 clean
6D6C000
unkown
page read and write
 clean
31D0000
unkown
page read and write
 clean
15E000
unkown
page read and write
 clean
33C3000
unkown
page read and write
 clean
25D8000
unkown
page read and write
 clean
4D0000
unkown
page read and write
 clean
6D2A000
unkown image
page read and write
 clean
2FE0000
heap private
page read and write
 clean
37E0000
unkown
page read and write
 clean
46B000
unkown
page read and write
 clean
2624000
unkown
page read and write
 clean
26EB000
heap private
page read and write
 clean
4CB000
unkown
page read and write
 clean
7880000
unkown
page read and write
 clean
2F60000
unkown
page read and write
 clean
1C40000
unkown image
page readonly
 clean
36A000
heap default
page read and write
 clean
5B15000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
220000
unkown
page read and write
 clean
6D00000
unkown image
page read and write
 clean
26B5000
heap private
page read and write
 clean
680000
unkown image
page readonly
 clean
4F19000
unkown
page read and write
 clean
6E530000
unkown image
page readonly
 clean
1E0000
unkown
page read and write
 clean
6D14000
unkown image
page read and write
 clean
40AD000
unkown
page read and write
 clean
7046000
unkown
page read and write
 clean
79D7000
unkown
page read and write
 clean
5447000
unkown
page read and write
 clean
5C63000
unkown image
page read and write
 clean
770E000
unkown
page read and write
 clean
314000
heap default
page read and write
 clean
290000
unkown
page read and write
 clean
6F70000
unkown
page read and write
 clean
4B0000
unkown
page read and write
 clean
270000
unkown
page read and write
 clean
4F77000
unkown
page read and write
 clean
5ED000
heap private
page read and write
 clean
2150000
heap private
page read and write
 clean
3610000
unkown
page read and write
 clean
580E000
stack
page read and write
 clean
2045000
heap private
page read and write
 clean
427000
heap default
page read and write
 clean
40E2000
unkown
page read and write
 clean
54E0000
unkown
page read and write
 clean
4480000
unkown
page read and write
 clean
405A000
unkown
page read and write
 clean
78FE000
unkown
page read and write
 clean
31E0000
unkown
page read and write
 clean
3300000
unkown image
page readonly
 clean
60E2000
unkown image
page read and write
 clean
5830000
unkown
page read and write
 clean
33B0000
unkown
page read and write
 clean
5217000
unkown image
page readonly
 clean
6B0000
unkown image
page readonly
 clean
7886000
unkown
page read and write
 clean
2496000
unkown
page read and write
 clean
25D0000
unkown
page read and write
 clean
763C000
unkown
page read and write
 clean
258C000
unkown
page read and write
 clean
5860000
unkown image
page readonly
 clean
2A0000
heap default
page read and write
 clean
4E30000
unkown
page read and write
 clean
47A000
unkown
page read and write
 clean
4094000
unkown
page read and write
 clean
1DBE000
unkown
page read and write
 clean
3880000
unkown image
page readonly
 clean
6C60000
unkown
page read and write
 clean
25A8000
unkown
page read and write
 clean
5870000
unkown
page read and write
 clean
40BC000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
3800000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
4F40000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
2080000
heap private
page read and write
 clean
2320000
heap private
page read and write
 clean
795D000
unkown
page read and write
 clean
4F24000
unkown
page read and write
 clean
488000
unkown
page read and write
 clean
1C56000
unkown
page read and write
 clean
40A0000
unkown
page read and write
 clean
6F14000
unkown
page read and write
 clean
77F0000
unkown
page read and write
 clean
6C60000
unkown
page read and write
 clean
2040000
heap private
page read and write
 clean
40C0000
unkown
page read and write
 clean
1D43000
unkown
page read and write
 clean
79E4000
unkown
page read and write
 clean
24E4000
heap private
page read and write
 clean
2570000
unkown image
page readonly
 clean
230F000
heap private
page read and write
 clean
5AC9000
unkown
page read and write
 clean
4050000
unkown
page read and write
 clean
24E0000
unkown
page read and write
 clean
D0000
unkown image
page readonly
 clean
4092000
unkown
page read and write
 clean
7888000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
40E5000
unkown
page read and write
 clean
769A000
unkown
page read and write
 clean
35A000
heap default
page read and write
 clean
7833000
unkown
page read and write
 clean
3D6000
unkown
page read and write
 clean
1DA0000
unkown
page read and write
 clean
7810000
unkown
page read and write
 clean
1E0000
unkown image
page read and write
 clean
28A000
unkown
page read and write
 clean
30A5000
heap private
page read and write
 clean
5810000
unkown
page read and write
 clean
5AAF000
unkown
page read and write
 clean
405C000
unkown
page read and write
 clean
5030000
unkown image
page readonly
 clean
1D4E000
unkown
page read and write
 clean
7124000
heap private
page read and write
 clean
1D50000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
1DAE000
unkown
page read and write
 clean
1C0000
unkown
page read and write
 clean
4420000
unkown
page read and write
 clean
5880000
heap private
page read and write
 clean
232B000
heap private
page read and write
 clean
2F96000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
427C000
unkown
page read and write
 clean
820000
unkown image
page readonly
 clean
2570000
unkown
page read and write
 clean
4770000
unkown
page read and write
 clean
119000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7166000
unkown
page read and write
 clean
6E801000
unkown image
page readonly
 clean
7120000
heap private
page read and write
 clean
37C8000
unkown
page read and write
 clean
46F0000
heap private
page read and write
 clean
4430000
unkown
page read and write
 clean
77F0000
unkown
page read and write
 clean
4A0000
unkown image
page readonly
 clean
24B0000
unkown image
page readonly
 clean
5439000
unkown
page read and write
 clean
6D30000
unkown
page read and write
 clean
25C9000
unkown
page read and write
 clean
29D6000
unkown
page read and write
 clean
4096000
unkown
page read and write
 clean
4C0000
unkown
page read and write
 clean
7136000
unkown
page read and write
 clean
7882000
unkown
page read and write
 clean
5850000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
4098000
unkown
page read and write
 clean
4AA000
unkown
page read and write
 clean
423000
heap default
page read and write
 clean
3320000
heap private
page execute and read and write
 clean
4CB000
unkown
page read and write
 clean
7860000
unkown
page read and write
 clean
29DB000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
2400000
unkown image
page readonly
 clean
2F80000
unkown
page read and write
 clean
5410000
unkown
page read and write
 clean
E60000
unkown image
page readonly
 clean
3820000
unkown
page read and write
 clean
40B0000
unkown
page read and write
 clean
2010000
unkown image
page readonly
 clean
4D4000
unkown
page read and write
 clean
207B000
heap private
page read and write
 clean
77FA000
unkown
page read and write
 clean
1000000
unkown image
page readonly
 clean
33E0000
unkown
page read and write
 clean
25D9000
heap private
page read and write
 clean
142000
unkown
page read and write
 clean
25B0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
5410000
unkown
page read and write
 clean
64D2000
unkown image
page readonly
 clean
7FFFFFD0000
unkown image
page readonly
 clean
6DCF000
stack
page read and write
 clean
2230000
heap private
page read and write
 clean
2F5E000
stack
page read and write
 clean
6D80000
heap private
page read and write
 clean
31C0000
unkown
page read and write
 clean
2430000
unkown
page read and write
 clean
2730000
unkown image
page readonly
 clean
7FFFFFB2000
unkown image
page readonly
 clean
1D75000
unkown
page read and write
 clean
4AF000
unkown
page read and write
 clean
7633000
unkown
page read and write
 clean
4230000
unkown
page read and write
 clean
77BA000
unkown
page read and write
 clean
40A9000
unkown
page read and write
 clean
4D00000
heap private
page read and write
 clean
4062000
unkown
page read and write
 clean
29D0000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
2DE0000
heap private
page read and write
 clean
1C20000
unkown
page read and write
 clean
5430000
heap private
page read and write
 clean
30DB000
heap private
page read and write
 clean
25B0000
unkown
page read and write
 clean
25EC000
unkown
page read and write
 clean
2306000
heap private
page read and write
 clean
690000
unkown image
page readonly
 clean
7810000
unkown
page read and write
 clean
570F000
unkown
page read and write
 clean
5920000
unkown
page read and write
 clean
6F10000
unkown
page read and write
 clean
25A4000
unkown
page read and write
 clean
257C000
unkown
page read and write
 clean
7160000
unkown
page read and write
 clean
78EE000
unkown
page read and write
 clean
5910000
unkown
page read and write
 clean
5900000
unkown
page read and write
 clean
78C6000
unkown
page read and write
 clean
4F97000
unkown
page read and write
 clean
380000
heap default
page read and write
 clean
789A000
unkown
page read and write
 clean
4085000
unkown
page read and write
 clean
71F0000
unkown
page read and write
 clean
2578000
unkown
page read and write
 clean
3849000
unkown
page read and write
 clean
4D28000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
2604000
unkown
page read and write
 clean
2610000
unkown
page read and write
 clean
30A0000
heap private
page read and write
 clean
4D21000
unkown
page read and write
 clean
4100000
unkown
page read and write
 clean
29D1000
unkown
page read and write
 clean
6D40000
unkown
page read and write
 clean
40EA000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
5940000
unkown
page read and write
 clean
2030000
unkown
page read and write
 clean
25D5000
heap private
page read and write
 clean
6E84B000
unkown image
page read and write
 clean
6E531000
unkown image
page execute read
 clean
4090000
unkown
page read and write
 clean
56E4000
unkown
page read and write
 clean
40FF000
unkown
page read and write
 clean
420000
heap default
page read and write
 clean
2410000
unkown image
page read and write
 clean
4F0000
heap private
page read and write
 clean
2600000
unkown
page read and write
 clean
79C1000
unkown
page read and write
 clean
4099000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
5EA000
heap private
page read and write
 clean
2D6000
unkown
page read and write
 clean
488000
unkown
page read and write
 clean
5A60000
unkown
page read and write
 clean
37F8000
unkown
page read and write
 clean
3620000
unkown
page read and write
 clean
7132000
unkown
page read and write
 clean
20000
unkown image
page read and write
 clean
4080000
unkown
page read and write
 clean
2594000
unkown
page read and write
 clean
65300000
unkown image
page readonly
 clean
4E8F000
stack
page read and write
 clean
2500000
unkown
page read and write
 clean
4AF000
unkown
page read and write
 clean
3840000
heap private
page read and write
 clean
6D5F000
unkown
page read and write
 clean
56EC000
unkown
page read and write
 clean
25B4000
unkown
page read and write
 clean
4060000
unkown
page read and write
 clean
1D97000
unkown
page read and write
 clean
76FE000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
76A5000
unkown
page read and write
 clean
4D7000
unkown
page read and write
 clean
26B0000
heap private
page read and write
 clean
210000
heap private
page read and write
 clean
D0000
unkown
page read and write
 clean
7162000
unkown
page read and write
 clean
77D7000
unkown
page read and write
 clean
2730000
heap private
page read and write
 clean
6C70000
unkown
page read and write
 clean
29DA000
unkown
page read and write
 clean
5810000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
1D0000
unkown image
page readonly
 clean
122000
unkown
page read and write
 clean
335F000
stack
page read and write
 clean
2D7F000
stack
page read and write
 clean
35F0000
unkown
page read and write
 clean
158000
unkown
page read and write
 clean
387000
heap default
page read and write
 clean
478000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
5442000
unkown
page read and write
 clean
50BF000
stack
page read and write
 clean
328E000
stack
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
76C6000
unkown
page read and write
 clean
408E000
unkown
page read and write
 clean
76B0000
unkown
page read and write
 clean
488000
unkown
page read and write
 clean
3600000
unkown
page read and write
 clean
2C30000
unkown
page read and write
 clean
6D1A000
unkown image
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
4AA000
unkown
page read and write
 clean
2620000
unkown
page read and write
 clean
31F0000
unkown
page read and write
 clean
3BE000
heap default
page read and write
 clean
44F000
heap default
page read and write
 clean
4240000
heap private
page read and write
 clean
4C4000
unkown
page read and write
 clean
29D8000
unkown
page read and write
 clean
3C60000
unkown image
page readonly
 clean
4F30000
unkown
page read and write
 clean
473000
heap default
page read and write
 clean
7110000
unkown
page read and write
 clean
25B9000
unkown
page read and write
 clean
230000
unkown
page read and write
 clean
7FEFF1A0000
unkown
page execute read
 clean
6D04000
unkown image
page read and write
 clean
380000
unkown image
page read and write
 clean
2480000
unkown
page read and write
 clean
6ED0000
unkown
page read and write
 clean
4224000
heap private
page read and write
 clean
126000
unkown
page read and write
 clean
5810000
unkown
page read and write
 clean
2470000
unkown
page read and write
 clean
2474000
unkown
page read and write
 clean
1D80000
unkown
page read and write
 clean
4ABE000
stack
page read and write
 clean
372E000
stack
page read and write
 clean
10000
unkown image
page read and write
 clean
30000
unkown image
page readonly
 clean
25E0000
unkown
page read and write
 clean
3A67000
unkown image
page readonly
 clean
2D80000
unkown
page read and write
 clean
25E8000
unkown
page read and write
 clean
29D4000
unkown
page read and write
 clean
2588000
unkown
page read and write
 clean
40AB000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
37C0000
unkown
page read and write
 clean
2E0000
heap private
page read and write
 clean
29D9000
unkown
page read and write
 clean
8F4F000
stack
page read and write
 clean
2D80000
unkown
page read and write
 clean
24E0000
heap private
page read and write
 clean
6D50000
unkown
page read and write
 clean
5AA3000
unkown
page read and write
 clean
2580000
unkown
page read and write
 clean
1B7000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
4220000
heap private
page read and write
 clean
25A0000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
5840000
unkown
page read and write
 clean
543D000
unkown
page read and write
 clean
25C0000
unkown
page read and write
 clean
5950000
unkown
page read and write
 clean
7130000
unkown
page read and write
 clean
25DC000
unkown
page read and write
 clean
6D24000
unkown image
page read and write
 clean
E70000
unkown image
page readonly
 clean
5410000
unkown
page read and write
 clean
783C000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
3090000
unkown
page read and write
 clean
200000
unkown image
page readonly
 clean
44A2000
unkown
page read and write
 clean
45D0000
unkown image
page readonly
 clean
7140000
unkown
page read and write
 clean
5E4000
heap private
page read and write
 clean
1FEF000
stack
page read and write
 clean
40A2000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
6E854000
unkown image
page read and write
 clean
D0000
unkown
page read and write
 clean
20C0000
unkown image
page readonly
 clean
4AF000
unkown
page read and write
 clean
56E0000
unkown
page read and write
 clean
6D20000
unkown image
page read and write
 clean
4AC0000
unkown image
page readonly
 clean
7EFE0000
unkown image
page readonly
 clean
78A5000
unkown
page read and write
 clean
6D70000
unkown
page read and write
 clean
5410000
unkown
page read and write
 clean
5820000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
2560000
unkown
page read and write
 clean
6E85C000
unkown image
page read and write
 clean
30A0000
unkown
page read and write
 clean
6D10000
unkown image
page read and write
 clean
488000
unkown
page read and write
 clean
77F0000
unkown
page read and write
 clean
22C0000
heap private
page read and write
 clean
5410000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
40EE000
unkown
page read and write
 clean
40E7000
unkown
page read and write
 clean
40AD000
unkown
page read and write
 clean
2614000
unkown
page read and write
 clean
5AC1000
unkown
page read and write
 clean
3847000
heap private
page read and write
 clean
77C1000
unkown
page read and write
 clean
76EE000
unkown
page read and write
 clean
2690000
heap private
page read and write
 clean
4CD0000
unkown
page read and write
 clean
4CB000
unkown
page read and write
 clean
7A4E000
stack
page read and write
 clean
5820000
unkown
page read and write
 clean
4C2000
unkown
page read and write
 clean
43F0000
heap private
page read and write
 clean
31B8000
unkown
page read and write
 clean
431000
heap default
page read and write
 clean
544A000
heap private
page read and write
 clean
5E0000
heap private
page read and write
 clean
520000
unkown image
page readonly
 clean
3D0000
heap private
page read and write
 clean
2A7000
heap default
page read and write
 clean
40000
unkown image
page readonly
 clean
3640000
heap private
page read and write
 clean
2DE5000
heap private
page read and write
 clean
32FF000
stack
page read and write
 clean
6F80000
unkown
page read and write
 clean
7170000
heap private
page read and write
 clean
6EC3000
unkown
page read and write
 clean
25AC000
unkown
page read and write
 clean
31B0000
unkown
page read and write
 clean
1D71000
unkown
page read and write
 clean
360000
unkown
page read and write
 clean
6EE0000
unkown
page read and write
 clean
45CE000
stack
page read and write
 clean
3A0000
unkown
page read and write
 clean
106000
unkown
page read and write
 clean
1D40000
unkown
page read and write
 clean
54F0000
unkown
page read and write
 clean
29DC000
unkown
page read and write
 clean
40A7000
unkown
page read and write
 clean
3615000
heap private
page read and write
 clean
CE0000
unkown image
page readonly
 clean
34EE000
stack
page read and write
 clean
333E000
stack
page read and write
 clean
174000
unkown
page read and write
 clean
215000
heap private
page read and write
 clean
40F9000
unkown
page read and write
 clean
6F00000
unkown
page read and write
 clean
6E85F000
unkown image
page readonly
 clean
4F4000
heap private
page read and write
 clean
40D0000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
There are 565 hidden memdumps, click here to show them.