IOC Report

loading gif

Files

File Path
Type
Category
Malicious
56449657.xlsm
Microsoft Excel 2007+
initial sample
 malicious
C:\ProgramData\vqcMnINBAOOJC.rtf
HTML document, ASCII text, with very long lines, with CRLF line terminators
modified
 malicious
C:\Users\user\Desktop\56449657.xlsm (copy)
Microsoft Excel 2007+
dropped
 malicious
C:\Users\user\Desktop\~$56449657.xlsm
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E02F0B76.png
PNG image data, 960 x 540, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\Desktop\FC330000
Microsoft Excel 2007+
dropped
 clean
C:\Users\user\Desktop\FC330000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\wbem\WMIC.exe
wmic process call create "mshta C:\ProgramData\vqcMnINBAOOJC.rtf"
 malicious
C:\Windows\System32\mshta.exe
mshta C:\ProgramData\vqcMnINBAOOJC.rtf
 clean

URLs

Name
IP
Malicious
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9
unknown
 clean
http://157.230.250.107:8
unknown
 clean
http://157.230.25ON
unknown
 clean
http://schemas.openformatrg/package/2006/content-t
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://schemas.open
unknown
 clean
http://157.230.250.107:80
unknown
 clean
http://157.230.25TP.6W?
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.openformatrg/package/2006/r
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://157.230.250.107ecz
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://g.F
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://157.230.250.10jeca
unknown
 clean
http://157.230.250.107:
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhor
unknown
 clean
http://157.230.250.107:8080/mfkrmotherfuckeru6y82sasswhorehf9e
157.230.250.107
 clean
http://servername/isapibackend.dll
unknown
 clean
There are 16 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
157.230.250.107
unknown
United States
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
yx#
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2DF38
2DF38
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
= #
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\33F13
33F13
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
There are 26 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1E28000
unkown
page read and write
 clean
3830000
heap private
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
480000
unkown image
page readonly
 clean
2A8000
unkown
page read and write
 clean
24B0000
heap private
page read and write
 clean
2C7E000
stack
page read and write
 clean
767A000
unkown
page read and write
 clean
399000
unkown
page read and write
 clean
7485000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
470000
heap private
page read and write
 clean
6DB0000
heap private
page read and write
 clean
3340000
unkown image
page readonly
 clean
59C3000
unkown
page read and write
 clean
3408000
unkown
page read and write
 clean
2649000
heap private
page read and write
 clean
6B90000
unkown
page read and write
 clean
1C50000
unkown
page read and write
 clean
1F26000
heap private
page read and write
 clean
1E89000
unkown
page read and write
 clean
5530000
unkown
page read and write
 clean
4460000
heap private
page read and write
 clean
740000
unkown image
page readonly
 clean
4980000
unkown
page read and write
 clean
1EE0000
unkown
page read and write
 clean
4100000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
55F5000
heap private
page read and write
 clean
6BD0000
unkown
page read and write
 clean
3470000
unkown
page read and write
 clean
5B0000
unkown image
page readonly
 clean
1E40000
unkown
page read and write
 clean
326B000
heap private
page read and write
 clean
210000
unkown image
page readonly
 clean
2040000
unkown
page read and write
 clean
33F0000
unkown
page read and write
 clean
26E000
stack
page read and write
 clean
5530000
unkown
page read and write
 clean
230000
heap default
page read and write
 clean
1E48000
unkown
page read and write
 clean
5530000
unkown
page read and write
 clean
2FF0000
unkown
page read and write
 clean
773D000
unkown
page read and write
 clean
1CD0000
unkown image
page readonly
 clean
36A0000
unkown
page read and write
 clean
6E6A000
unkown
page read and write
 clean
2C0000
heap default
page read and write
 clean
1D75000
unkown
page read and write
 clean
6C70000
unkown
page read and write
 clean
1CF0000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
204000
heap private
page read and write
 clean
5530000
unkown
page read and write
 clean
7790000
unkown
page read and write
 clean
3BC000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
2044000
unkown
page read and write
 clean
57C0000
unkown
page read and write
 clean
770000
unkown image
page readonly
 clean
4E6B000
unkown
page read and write
 clean
66F000
stack
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
4630000
heap private
page read and write
 clean
7812000
unkown
page read and write
 clean
77B0000
unkown
page read and write
 clean
1EE5000
heap private
page read and write
 clean
741C000
unkown
page read and write
 clean
437F000
stack
page read and write
 clean
37B0000
heap private
page read and write
 clean
7620000
unkown
page read and write
 clean
4384000
unkown
page read and write
 clean
40FA000
unkown
page read and write
 clean
7878000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
1C40000
unkown
page read and write
 clean
4700000
heap private
page read and write
 clean
1F7B000
heap private
page read and write
 clean
1C70000
heap private
page read and write
 clean
531E000
stack
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
1F0000
unkown
page read and write
 clean
3140000
unkown
page read and write
 clean
370000
unkown
page read and write
 clean
50E7000
unkown image
page readonly
 clean
1E60000
unkown
page read and write
 clean
6E858000
unkown image
page write copy
 clean
2F7000
unkown
page read and write
 clean
36C0000
heap private
page read and write
 clean
190000
heap private
page read and write
 clean
3698000
unkown
page read and write
 clean
3235000
heap private
page read and write
 clean
77F0000
unkown
page read and write
 clean
6E530000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
1D0000
unkown image
page read and write
 clean
6B8F000
unkown
page read and write
 clean
2066000
unkown
page read and write
 clean
420000
unkown image
page readonly
 clean
6E85F000
unkown image
page readonly
 clean
1F4B000
heap private
page read and write
 clean
3100000
unkown image
page readonly
 clean
6812000
unkown image
page readonly
 clean
437C000
unkown
page read and write
 clean
434B000
unkown
page read and write
 clean
6BE0000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
3057000
heap private
page read and write
 clean
32A0000
unkown
page read and write
 clean
36B4000
heap private
page read and write
 clean
1EA0000
unkown
page read and write
 clean
7820000
unkown
page read and write
 clean
1C0000
unkown
page read and write
 clean
5607000
unkown
page read and write
 clean
610000
unkown image
page readonly
 clean
3590000
unkown
page read and write
 clean
3430000
unkown
page read and write
 clean
2780000
heap private
page read and write
 clean
F0000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
6CC0000
unkown
page read and write
 clean
1EC4000
unkown
page read and write
 clean
454000
heap private
page read and write
 clean
1D0000
unkown
page read and write
 clean
2F4000
unkown
page read and write
 clean
399000
unkown
page read and write
 clean
7740000
unkown
page read and write
 clean
7876000
unkown
page read and write
 clean
1E6C000
unkown
page read and write
 clean
20CB000
heap private
page read and write
 clean
7820000
unkown
page read and write
 clean
77B0000
unkown
page read and write
 clean
3060000
unkown
page read and write
 clean
7870000
unkown
page read and write
 clean
23F0000
unkown
page read and write
 clean
36A2000
unkown
page read and write
 clean
1D10000
unkown
page read and write
 clean
75E0000
unkown
page read and write
 clean
2670000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
376000
unkown
page read and write
 clean
3395000
heap private
page read and write
 clean
1E58000
unkown
page read and write
 clean
2CA8000
unkown
page read and write
 clean
6CD0000
unkown
page read and write
 clean
30E0000
unkown
page read and write
 clean
4395000
unkown
page read and write
 clean
753D000
unkown
page read and write
 clean
5530000
unkown
page read and write
 clean
1E38000
unkown
page read and write
 clean
50EF000
stack
page read and write
 clean
4E62000
unkown
page read and write
 clean
36AD000
unkown
page read and write
 clean
32D0000
unkown
page read and write
 clean
1DA0000
heap private
page read and write
 clean
2CD000
unkown
page read and write
 clean
2C20000
heap private
page read and write
 clean
6D8A000
unkown image
page read and write
 clean
32B0000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
237000
heap default
page read and write
 clean
4110000
unkown
page read and write
 clean
38D000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
2F3000
heap default
page read and write
 clean
5958000
unkown
page read and write
 clean
1B76000
unkown
page read and write
 clean
3BC000
unkown
page read and write
 clean
2CA1000
unkown
page read and write
 clean
1D60000
unkown
page read and write
 clean
2CA2000
unkown
page read and write
 clean
1B40000
unkown
page read and write
 clean
29B000
unkown
page read and write
 clean
760000
unkown image
page readonly
 clean
3120000
unkown
page read and write
 clean
7FEFF1A0000
unkown
page execute read
 clean
2CA000
unkown
page read and write
 clean
2640000
heap private
page read and write
 clean
1DBE000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
2110000
unkown image
page readonly
 clean
497E000
stack
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
269D000
stack
page read and write
 clean
220000
heap default
page read and write
 clean
36A5000
unkown
page read and write
 clean
6E854000
unkown image
page read and write
 clean
4E0B000
unkown
page read and write
 clean
4DF8000
unkown
page read and write
 clean
3070000
unkown
page read and write
 clean
7676000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
2E4000
unkown
page read and write
 clean
4367000
unkown
page read and write
 clean
447E000
stack
page read and write
 clean
48BF000
stack
page read and write
 clean
318000
heap default
page read and write
 clean
24E0000
unkown
page read and write
 clean
277000
heap default
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
1F40000
heap private
page read and write
 clean
55FD000
unkown
page read and write
 clean
20000
unkown image
page read and write
 clean
2580000
unkown
page read and write
 clean
348E000
unkown
page read and write
 clean
2B4F000
stack
page read and write
 clean
4050000
unkown
page read and write
 clean
6BA0000
unkown
page read and write
 clean
74EE000
unkown
page read and write
 clean
5602000
unkown
page read and write
 clean
7860000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
3110000
unkown image
page read and write
 clean
42C5000
heap private
page read and write
 clean
1D30000
unkown
page read and write
 clean
45D000
heap private
page read and write
 clean
35C6000
unkown
page read and write
 clean
7685000
unkown
page read and write
 clean
1E64000
unkown
page read and write
 clean
262F000
stack
page read and write
 clean
2580000
unkown
page read and write
 clean
2023000
unkown
page read and write
 clean
1DA4000
heap private
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
6FD0000
unkown
page read and write
 clean
3030000
unkown image
page readonly
 clean
3255000
unkown
page read and write
 clean
2B6000
heap default
page read and write
 clean
3C0000
unkown
page read and write
 clean
6B64000
unkown
page read and write
 clean
75DA000
unkown
page read and write
 clean
1B8000
unkown
page read and write
 clean
1CA000
unkown
page read and write
 clean
1C6000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
578D000
stack
page read and write
 clean
6E85C000
unkown image
page read and write
 clean
1D40000
unkown
page read and write
 clean
3390000
heap private
page read and write
 clean
30F0000
unkown
page read and write
 clean
1E90000
unkown
page read and write
 clean
1D97000
unkown
page read and write
 clean
3D6000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
532C000
unkown
page read and write
 clean
4900000
heap private
page read and write
 clean
4109000
unkown
page read and write
 clean
5401000
unkown
page read and write
 clean
4F00000
heap private
page read and write
 clean
240000
heap default
page read and write
 clean
2CA3000
unkown
page read and write
 clean
5A0000
unkown image
page readonly
 clean
1C75000
heap private
page read and write
 clean
1EC0000
unkown
page read and write
 clean
32C0000
unkown
page read and write
 clean
1C80000
unkown
page read and write
 clean
36A9000
unkown
page read and write
 clean
6CE0000
heap private
page read and write
 clean
1F90000
heap private
page read and write
 clean
23CE000
stack
page read and write
 clean
6B6C000
unkown
page read and write
 clean
77B7000
unkown
page read and write
 clean
6D80000
unkown image
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
3F40000
unkown
page read and write
 clean
366000
unkown
page read and write
 clean
560A000
heap private
page read and write
 clean
32D8000
unkown
page read and write
 clean
324F000
stack
page read and write
 clean
27EF000
stack
page read and write
 clean
76A6000
unkown
page read and write
 clean
2E3000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
1CC0000
unkown
page read and write
 clean
2E60000
unkown image
page readonly
 clean
2010000
unkown image
page readonly
 clean
6B82000
unkown
page read and write
 clean
2095000
heap private
page read and write
 clean
1CE0000
unkown
page read and write
 clean
3440000
unkown
page read and write
 clean
77A2000
unkown
page read and write
 clean
6D60000
unkown
page read and write
 clean
6B90000
unkown
page read and write
 clean
6C70000
unkown
page read and write
 clean
1E2C000
unkown
page read and write
 clean
4070000
heap private
page execute and read and write
 clean
6BF0000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
40FE000
unkown
page read and write
 clean
5973000
unkown
page read and write
 clean
1D10000
unkown image
page read and write
 clean
2030000
unkown
page read and write
 clean
2370000
unkown image
page readonly
 clean
5B53000
unkown image
page read and write
 clean
290000
unkown
page read and write
 clean
4F00000
unkown image
page readonly
 clean
4E7E000
stack
page read and write
 clean
3A5000
unkown
page read and write
 clean
33A0000
unkown
page read and write
 clean
2CA9000
unkown
page read and write
 clean
779A000
unkown
page read and write
 clean
2CA000
unkown
page read and write
 clean
65300000
unkown image
page readonly
 clean
2530000
heap private
page read and write
 clean
30C0000
unkown
page read and write
 clean
29E0000
heap private
page read and write
 clean
36AB000
unkown
page read and write
 clean
45A000
heap private
page read and write
 clean
379000
unkown
page read and write
 clean
55FA000
heap private
page read and write
 clean
40F7000
unkown
page read and write
 clean
3240000
unkown
page read and write
 clean
1BA0000
unkown image
page readonly
 clean
75B7000
unkown
page read and write
 clean
1EC8000
unkown
page read and write
 clean
6E70000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
7630000
heap private
page read and write
 clean
57D0000
heap private
page read and write
 clean
3050000
heap private
page read and write
 clean
4348000
unkown
page read and write
 clean
2050000
unkown
page read and write
 clean
4480000
unkown image
page readonly
 clean
6B60000
unkown
page read and write
 clean
227000
heap default
page read and write
 clean
356000
unkown
page read and write
 clean
28AE000
stack
page read and write
 clean
4E00000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
2CA5000
unkown
page read and write
 clean
3230000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
4260000
unkown
page read and write
 clean
6D94000
unkown image
page read and write
 clean
2E5F000
stack
page read and write
 clean
52F000
stack
page read and write
 clean
74A6000
unkown
page read and write
 clean
1E3C000
unkown
page read and write
 clean
30A0000
unkown
page read and write
 clean
1F1B000
heap private
page read and write
 clean
6CA0000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
2ACF000
stack
page read and write
 clean
59D3000
unkown
page read and write
 clean
2CA0000
unkown
page read and write
 clean
6E84B000
unkown image
page read and write
 clean
7600000
unkown
page read and write
 clean
33EF000
stack
page read and write
 clean
53B0000
unkown
page read and write
 clean
270000
heap default
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
1E98000
unkown
page read and write
 clean
552C000
stack
page read and write
 clean
1E9C000
unkown
page read and write
 clean
2645000
heap private
page read and write
 clean
2BC000
heap default
page read and write
 clean
2CAC000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
30C8000
unkown
page read and write
 clean
38E000
unkown
page read and write
 clean
6DA0000
unkown image
page read and write
 clean
55E0000
unkown
page read and write
 clean
74CE000
unkown
page read and write
 clean
1EE4000
unkown
page read and write
 clean
76CE000
unkown
page read and write
 clean
1ED4000
unkown
page read and write
 clean
4E6A000
unkown
page read and write
 clean
3253000
unkown
page read and write
 clean
759A000
unkown
page read and write
 clean
73DA000
unkown
page read and write
 clean
299000
unkown
page read and write
 clean
3410000
unkown
page read and write
 clean
5530000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
254E000
stack
page read and write
 clean
36B0000
heap private
page read and write
 clean
1F30000
unkown image
page readonly
 clean
1EE0000
heap private
page read and write
 clean
2CA7000
unkown
page read and write
 clean
358E000
stack
page read and write
 clean
5408000
unkown
page read and write
 clean
7413000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
6E801000
unkown image
page readonly
 clean
1E68000
unkown
page read and write
 clean
21CF000
stack
page read and write
 clean
77E0000
unkown
page read and write
 clean
2520000
unkown
page read and write
 clean
75F0000
unkown
page read and write
 clean
900000
unkown image
page readonly
 clean
33D6000
unkown
page read and write
 clean
4DE5000
unkown
page read and write
 clean
1D50000
unkown
page read and write
 clean
7610000
unkown
page read and write
 clean
4E57000
unkown
page read and write
 clean
7A1E000
stack
page read and write
 clean
1ED0000
unkown
page read and write
 clean
1D71000
unkown
page read and write
 clean
2A8000
unkown
page read and write
 clean
2A8000
unkown
page read and write
 clean
6C90000
unkown
page read and write
 clean
77A0000
unkown
page read and write
 clean
30D0000
unkown
page read and write
 clean
1D80000
unkown
page read and write
 clean
6C80000
unkown
page read and write
 clean
4E10000
unkown
page read and write
 clean
4375000
unkown
page read and write
 clean
2B8000
heap default
page read and write
 clean
75C4000
unkown
page read and write
 clean
5606000
heap private
page read and write
 clean
5670000
unkown
page read and write
 clean
2960000
heap private
page read and write
 clean
74FF000
stack
page read and write
 clean
E0000
unkown image
page read and write
 clean
7743000
unkown
page read and write
 clean
5998000
unkown
page read and write
 clean
6BA0000
unkown
page read and write
 clean
4364000
unkown
page read and write
 clean
D0000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
4E5B000
unkown
page read and write
 clean
4980000
unkown
page read and write
 clean
4371000
unkown
page read and write
 clean
3047000
unkown image
page readonly
 clean
4BD2000
unkown
page read and write
 clean
6D60000
unkown
page read and write
 clean
32E0000
unkown
page read and write
 clean
76EE000
unkown
page read and write
 clean
298000
unkown
page read and write
 clean
32E000
heap default
page read and write
 clean
30000
unkown image
page readonly
 clean
1E4C000
unkown
page read and write
 clean
3270000
unkown
page read and write
 clean
5380000
heap private
page read and write
 clean
3450000
unkown
page read and write
 clean
4377000
unkown
page read and write
 clean
1D43000
unkown
page read and write
 clean
2CA000
unkown
page read and write
 clean
6E40000
unkown
page read and write
 clean
340000
unkown
page read and write
 clean
7810000
unkown
page read and write
 clean
1DAE000
unkown
page read and write
 clean
774F000
unkown
page read and write
 clean
1DA0000
unkown
page read and write
 clean
2070000
heap private
page read and write
 clean
55FF000
heap private
page read and write
 clean
1E79000
unkown
page read and write
 clean
1C77000
heap private
page read and write
 clean
4E66000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
320000
unkown
page read and write
 clean
6E80000
unkown
page read and write
 clean
2060000
unkown
page read and write
 clean
4E59000
unkown
page read and write
 clean
7BF000
stack
page read and write
 clean
3A5000
unkown
page read and write
 clean
594D000
stack
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
7FFFFFD0000
unkown image
page readonly
 clean
2D1000
heap default
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
3D6000
unkown
page read and write
 clean
7770000
unkown
page read and write
 clean
5410000
unkown
page read and write
 clean
D0000
unkown image
page readonly
 clean
330000
unkown
page read and write
 clean
5170000
heap private
page read and write
 clean
5530000
unkown
page read and write
 clean
5E0000
unkown image
page readonly
 clean
6D84000
unkown image
page read and write
 clean
2CD000
unkown
page read and write
 clean
3839000
heap private
page read and write
 clean
3090000
unkown
page read and write
 clean
1F2F000
heap private
page read and write
 clean
10000
unkown image
page read and write
 clean
75A1000
unkown
page read and write
 clean
77C4000
unkown
page read and write
 clean
2090000
heap private
page read and write
 clean
55F0000
heap private
page read and write
 clean
1F45000
heap private
page read and write
 clean
7816000
unkown
page read and write
 clean
4E6D000
unkown
page read and write
 clean
1F40000
heap private
page read and write
 clean
7690000
unkown
page read and write
 clean
6E531000
unkown image
page execute read
 clean
7FFFFFB0000
unkown image
page readonly
 clean
77A1000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
3280000
unkown
page read and write
 clean
29A000
unkown
page read and write
 clean
3460000
unkown
page read and write
 clean
40F2000
unkown
page read and write
 clean
2CAB000
unkown
page read and write
 clean
1D4E000
unkown
page read and write
 clean
600000
unkown image
page readonly
 clean
1E0000
unkown
page read and write
 clean
30B0000
unkown
page read and write
 clean
2CD000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
4D00000
unkown
page read and write
 clean
4E54000
unkown
page read and write
 clean
2CA6000
unkown
page read and write
 clean
1E50000
unkown
page read and write
 clean
6D90000
unkown image
page read and write
 clean
77B0000
unkown
page read and write
 clean
25E000
heap default
page read and write
 clean
4270000
unkown
page read and write
 clean
1D53000
unkown
page read and write
 clean
3080000
unkown
page read and write
 clean
1E44000
unkown
page read and write
 clean
6DAA000
unkown image
page read and write
 clean
6E30000
unkown
page read and write
 clean
3290000
unkown
page read and write
 clean
76DE000
unkown
page read and write
 clean
1E74000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
2CA4000
unkown
page read and write
 clean
6BB0000
unkown
page read and write
 clean
1E30000
unkown
page read and write
 clean
6B90000
unkown
page read and write
 clean
436B000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
4060000
unkown
page read and write
 clean
247000
heap default
page read and write
 clean
450000
heap private
page read and write
 clean
1EAC000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
6CB0000
unkown
page read and write
 clean
7780000
unkown
page read and write
 clean
26E000
heap default
page read and write
 clean
5560000
heap private
page read and write
 clean
200000
heap private
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
6E90000
heap private
page read and write
 clean
7613000
unkown
page read and write
 clean
1B4000
unkown
page read and write
 clean
1D00000
unkown
page read and write
 clean
194000
heap private
page read and write
 clean
3C0000
unkown
page read and write
 clean
474000
heap private
page read and write
 clean
1B6000
unkown
page read and write
 clean
4E47000
unkown
page read and write
 clean
4040000
unkown
page read and write
 clean
5950000
unkown
page read and write
 clean
2CAA000
unkown
page read and write
 clean
410F000
unkown
page read and write
 clean
1E70000
unkown
page read and write
 clean
5530000
unkown
page read and write
 clean
3A6000
unkown
page read and write
 clean
28B000
unkown
page read and write
 clean
2020000
unkown
page read and write
 clean
7640000
unkown
page read and write
 clean
52E0000
unkown
page read and write
 clean
3835000
heap private
page read and write
 clean
437A000
unkown
page read and write
 clean
3480000
unkown
page read and write
 clean
422E000
stack
page read and write
 clean
294000
heap default
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
5530000
unkown
page read and write
 clean
5EF000
stack
page read and write
 clean
2AD000
heap default
page read and write
 clean
4360000
unkown
page read and write
 clean
2630000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
1F44000
heap private
page read and write
 clean
75D0000
unkown
page read and write
 clean
6D9A000
unkown image
page read and write
 clean
44E0000
heap private
page read and write
 clean
6E50000
unkown
page read and write
 clean
747A000
unkown
page read and write
 clean
1FC0000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
1EA8000
unkown
page read and write
 clean
761C000
unkown
page read and write
 clean
74DE000
unkown
page read and write
 clean
7490000
unkown
page read and write
 clean
31BF000
stack
page read and write
 clean
40000
unkown image
page readonly
 clean
77A6000
unkown
page read and write
 clean
6D70000
unkown
page read and write
 clean
1D00000
unkown image
page readonly
 clean
7800000
unkown
page read and write
 clean
53A0000
unkown image
page readonly
 clean
7872000
unkown
page read and write
 clean
7634000
heap private
page read and write
 clean
2A8000
unkown
page read and write
 clean
1DA8000
unkown
page read and write
 clean
5A24000
unkown
page read and write
 clean
27E000
heap default
page read and write
 clean
10000
unkown image
page read and write
 clean
40F5000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
3059000
unkown
page read and write
 clean
3690000
unkown
page read and write
 clean
1C60000
unkown
page read and write
 clean
55F9000
unkown
page read and write
 clean
382000
unkown
page read and write
 clean
4340000
unkown
page read and write
 clean
16D000
unkown
page read and write
 clean
6DA4000
unkown image
page read and write
 clean
3420000
unkown
page read and write
 clean
3076000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
4373000
unkown
page read and write
 clean
1E54000
unkown
page read and write
 clean
59D7000
unkown
page read and write
 clean
438C000
unkown
page read and write
 clean
6422000
unkown image
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
42C0000
heap private
page read and write
 clean
1EBC000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
43A2000
unkown
page read and write
 clean
There are 605 hidden memdumps, click here to show them.