Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
4310352755503838173672.xlsb
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\ProgramData\lvDMlIDBF.rtf
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$4310352755503838173672.xlsb
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9CBB1296.png
|
PNG image data, 800 x 400, 8-bit/color RGBA, non-interlaced
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\wbem\WMIC.exe
|
wmic process call create "mshta C:\ProgramData\lvDMlIDBF.rtf"
|
|
|
|
C:\Windows\System32\mshta.exe
|
mshta C:\ProgramData\lvDMlIDBF.rtf
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
There are 1 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
~y)
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D4CC
|
2D4CC
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
>!)
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
577D000
|
unkown
|
page read and write
|
|
|
|
2B22000
|
unkown
|
page read and write
|
|
|
|
4FD5000
|
unkown
|
page read and write
|
|
|
|
217B000
|
heap private
|
page read and write
|
|
|
|
34D000
|
unkown
|
page read and write
|
|
|
|
6EE0000
|
unkown
|
page read and write
|
|
|
|
2A30000
|
unkown
|
page read and write
|
|
|
|
5C00000
|
unkown
|
page read and write
|
|
|
|
270000
|
unkown
|
page read and write
|
|
|
|
1F90000
|
heap private
|
page read and write
|
|
|
|
5C17000
|
unkown
|
page read and write
|
|
|
|
31A000
|
unkown
|
page read and write
|
|
|
|
2124000
|
unkown
|
page read and write
|
|
|
|
2B27000
|
unkown
|
page read and write
|
|
|
|
6F80000
|
unkown
|
page read and write
|
|
|
|
450000
|
unkown image
|
page readonly
|
|
|
|
71C0000
|
heap private
|
page read and write
|
|
|
|
2C0000
|
heap default
|
page read and write
|
|
|
|
144000
|
unkown
|
page read and write
|
|
|
|
4F80000
|
unkown
|
page read and write
|
|
|
|
318000
|
unkown
|
page read and write
|
|
|
|
7768000
|
unkown
|
page read and write
|
|
|
|
3F3000
|
heap default
|
page read and write
|
|
|
|
340C000
|
unkown
|
page read and write
|
|
|
|
4BD000
|
unkown
|
page read and write
|
|
|
|
14E000
|
unkown
|
page read and write
|
|
|
|
3160000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
58D0000
|
unkown
|
page read and write
|
|
|
|
42F7000
|
unkown
|
page read and write
|
|
|
|
2960000
|
unkown image
|
page read and write
|
|
|
|
25B0000
|
unkown
|
page read and write
|
|
|
|
42D0000
|
unkown
|
page read and write
|
|
|
|
2980000
|
unkown
|
page read and write
|
|
|
|
30BF000
|
stack
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
54AD000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
3E27000
|
unkown image
|
page readonly
|
|
|
|
6EF0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
1D40000
|
heap private
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
430B000
|
unkown
|
page read and write
|
|
|
|
4DB000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
55E0000
|
unkown
|
page read and write
|
|
|
|
31F0000
|
heap private
|
page read and write
|
|
|
|
4300000
|
unkown
|
page read and write
|
|
|
|
442D000
|
stack
|
page read and write
|
|
|
|
328000
|
unkown
|
page read and write
|
|
|
|
3FE0000
|
unkown
|
page read and write
|
|
|
|
2B80000
|
unkown image
|
page readonly
|
|
|
|
5560000
|
unkown
|
page read and write
|
|
|
|
3440000
|
unkown
|
page read and write
|
|
|
|
5770000
|
unkown
|
page read and write
|
|
|
|
2040000
|
heap private
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
42FE000
|
unkown
|
page read and write
|
|
|
|
3C40000
|
unkown image
|
page readonly
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
4FD5000
|
unkown
|
page read and write
|
|
|
|
5BBF000
|
stack
|
page read and write
|
|
|
|
4FC9000
|
unkown
|
page read and write
|
|
|
|
34B0000
|
unkown
|
page read and write
|
|
|
|
4028000
|
unkown
|
page read and write
|
|
|
|
26E0000
|
heap private
|
page read and write
|
|
|
|
2B20000
|
unkown
|
page read and write
|
|
|
|
1C8F000
|
unkown
|
page read and write
|
|
|
|
65300000
|
unkown image
|
page readonly
|
|
|
|
2FB8000
|
unkown
|
page read and write
|
|
|
|
34F000
|
unkown
|
page read and write
|
|
|
|
58C0000
|
unkown
|
page read and write
|
|
|
|
2FAF000
|
stack
|
page read and write
|
|
|
|
4595000
|
heap private
|
page read and write
|
|
|
|
6D77000
|
unkown image
|
page read and write
|
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
13B0000
|
unkown image
|
page readonly
|
|
|
|
1CB0000
|
unkown
|
page read and write
|
|
|
|
207000
|
heap default
|
page read and write
|
|
|
|
1DBE000
|
unkown
|
page read and write
|
|
|
|
4D70000
|
unkown
|
page read and write
|
|
|
|
34A0000
|
unkown
|
page read and write
|
|
|
|
1F30000
|
unkown image
|
page read and write
|
|
|
|
319000
|
unkown
|
page read and write
|
|
|
|
2B26000
|
unkown
|
page read and write
|
|
|
|
58E0000
|
unkown
|
page read and write
|
|
|
|
5BDA000
|
unkown
|
page read and write
|
|
|
|
328000
|
unkown
|
page read and write
|
|
|
|
2B24000
|
unkown
|
page read and write
|
|
|
|
4960000
|
unkown
|
page read and write
|
|
|
|
42F5000
|
unkown
|
page read and write
|
|
|
|
4DB000
|
unkown
|
page read and write
|
|
|
|
14A000
|
unkown
|
page read and write
|
|
|
|
3704000
|
heap private
|
page read and write
|
|
|
|
34F000
|
unkown
|
page read and write
|
|
|
|
2600000
|
heap private
|
page read and write
|
|
|
|
3420000
|
unkown image
|
page read and write
|
|
|
|
1550000
|
unkown image
|
page readonly
|
|
|
|
3D1000
|
heap default
|
page read and write
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
2110000
|
unkown
|
page read and write
|
|
|
|
6FB4000
|
heap private
|
page read and write
|
|
|
|
6FF0000
|
heap private
|
page read and write
|
|
|
|
31F5000
|
heap private
|
page read and write
|
|
|
|
42F000
|
heap default
|
page read and write
|
|
|
|
4BB0000
|
unkown
|
page read and write
|
|
|
|
2186000
|
heap private
|
page read and write
|
|
|
|
32BF000
|
stack
|
page read and write
|
|
|
|
4000000
|
unkown
|
page read and write
|
|
|
|
2B2C000
|
unkown
|
page read and write
|
|
|
|
1F1F000
|
stack
|
page read and write
|
|
|
|
6D60000
|
unkown
|
page read and write
|
|
|
|
4039000
|
unkown
|
page read and write
|
|
|
|
545D000
|
unkown
|
page read and write
|
|
|
|
4020000
|
unkown
|
page read and write
|
|
|
|
3455000
|
unkown
|
page read and write
|
|
|
|
2890000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
3FD0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
4FD5000
|
unkown
|
page read and write
|
|
|
|
440000
|
heap private
|
page read and write
|
|
|
|
5D0000
|
unkown image
|
page readonly
|
|
|
|
6E858000
|
unkown image
|
page write copy
|
|
|
|
2A68000
|
unkown
|
page read and write
|
|
|
|
29E0000
|
unkown
|
page read and write
|
|
|
|
4140000
|
heap private
|
page execute and read and write
|
|
|
|
4C3000
|
unkown
|
page read and write
|
|
|
|
1D00000
|
unkown
|
page read and write
|
|
|
|
37AE000
|
stack
|
page read and write
|
|
|
|
5595000
|
heap private
|
page read and write
|
|
|
|
3700000
|
heap private
|
page read and write
|
|
|
|
2760000
|
unkown image
|
page readonly
|
|
|
|
34D000
|
unkown
|
page read and write
|
|
|
|
34A000
|
unkown
|
page read and write
|
|
|
|
77E8000
|
unkown
|
page read and write
|
|
|
|
35BF000
|
stack
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
4FDA000
|
unkown
|
page read and write
|
|
|
|
4FE5000
|
unkown
|
page read and write
|
|
|
|
3730000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
2A98000
|
unkown
|
page read and write
|
|
|
|
6CC0000
|
unkown
|
page read and write
|
|
|
|
3FC0000
|
unkown
|
page read and write
|
|
|
|
32F0000
|
unkown
|
page read and write
|
|
|
|
2AA0000
|
heap private
|
page read and write
|
|
|
|
340A000
|
unkown
|
page read and write
|
|
|
|
2B28000
|
unkown
|
page read and write
|
|
|
|
6FA0000
|
unkown
|
page read and write
|
|
|
|
2CB000
|
heap default
|
page read and write
|
|
|
|
6D87000
|
unkown image
|
page read and write
|
|
|
|
4D67000
|
unkown
|
page read and write
|
|
|
|
2A70000
|
unkown
|
page read and write
|
|
|
|
5910000
|
unkown
|
page read and write
|
|
|
|
34D000
|
unkown
|
page read and write
|
|
|
|
4310000
|
unkown
|
page read and write
|
|
|
|
2A40000
|
unkown
|
page read and write
|
|
|
|
6F79000
|
unkown
|
page read and write
|
|
|
|
4C2000
|
unkown
|
page read and write
|
|
|
|
5790000
|
unkown
|
page read and write
|
|
|
|
36C0000
|
unkown
|
page read and write
|
|
|
|
36B000
|
unkown
|
page read and write
|
|
|
|
576E000
|
stack
|
page read and write
|
|
|
|
7828000
|
unkown
|
page read and write
|
|
|
|
34F000
|
unkown
|
page read and write
|
|
|
|
4032000
|
unkown
|
page read and write
|
|
|
|
29C8000
|
unkown
|
page read and write
|
|
|
|
570000
|
unkown image
|
page readonly
|
|
|
|
176000
|
unkown
|
page read and write
|
|
|
|
5C2F000
|
unkown
|
page read and write
|
|
|
|
4A6000
|
unkown
|
page read and write
|
|
|
|
58C0000
|
unkown
|
page read and write
|
|
|
|
330000
|
heap default
|
page read and write
|
|
|
|
770000
|
unkown image
|
page readonly
|
|
|
|
6FB0000
|
heap private
|
page read and write
|
|
|
|
2B2A000
|
unkown
|
page read and write
|
|
|
|
540000
|
unkown image
|
page readonly
|
|
|
|
23E000
|
heap default
|
page read and write
|
|
|
|
2A0C000
|
unkown
|
page read and write
|
|
|
|
4C2000
|
unkown
|
page read and write
|
|
|
|
4590000
|
heap private
|
page read and write
|
|
|
|
2590000
|
heap private
|
page read and write
|
|
|
|
5A34000
|
unkown
|
page read and write
|
|
|
|
1D71000
|
unkown
|
page read and write
|
|
|
|
1C85000
|
unkown
|
page read and write
|
|
|
|
36B000
|
unkown
|
page read and write
|
|
|
|
2640000
|
heap private
|
page read and write
|
|
|
|
6E530000
|
unkown image
|
page readonly
|
|
|
|
36F0000
|
unkown
|
page read and write
|
|
|
|
1D30000
|
unkown
|
page read and write
|
|
|
|
7640000
|
unkown
|
page read and write
|
|
|
|
549F000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
1C8C000
|
unkown
|
page read and write
|
|
|
|
58D0000
|
unkown
|
page read and write
|
|
|
|
419000
|
heap default
|
page read and write
|
|
|
|
5485000
|
unkown
|
page read and write
|
|
|
|
29E4000
|
unkown
|
page read and write
|
|
|
|
444000
|
heap private
|
page read and write
|
|
|
|
2645000
|
heap private
|
page read and write
|
|
|
|
26D000
|
heap private
|
page read and write
|
|
|
|
58BE000
|
stack
|
page read and write
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
2FE000
|
heap default
|
page read and write
|
|
|
|
6F90000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
4FD5000
|
unkown
|
page read and write
|
|
|
|
4C2000
|
unkown
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
560000
|
heap private
|
page read and write
|
|
|
|
4FD5000
|
unkown
|
page read and write
|
|
|
|
21A0000
|
heap private
|
page read and write
|
|
|
|
25E0000
|
unkown
|
page read and write
|
|
|
|
2510000
|
unkown
|
page read and write
|
|
|
|
6E801000
|
unkown image
|
page readonly
|
|
|
|
4035000
|
unkown
|
page read and write
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
5476000
|
unkown
|
page read and write
|
|
|
|
42E0000
|
unkown
|
page read and write
|
|
|
|
401E000
|
unkown
|
page read and write
|
|
|
|
36D8000
|
unkown
|
page read and write
|
|
|
|
2BA4000
|
heap private
|
page read and write
|
|
|
|
35C0000
|
unkown
|
page read and write
|
|
|
|
358D000
|
stack
|
page read and write
|
|
|
|
1D60000
|
unkown
|
page read and write
|
|
|
|
4FCB000
|
unkown
|
page read and write
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
4FCC000
|
unkown
|
page read and write
|
|
|
|
4D00000
|
unkown image
|
page readonly
|
|
|
|
2A8C000
|
unkown
|
page read and write
|
|
|
|
25F0000
|
unkown
|
page read and write
|
|
|
|
5478000
|
unkown
|
page read and write
|
|
|
|
2A38000
|
unkown
|
page read and write
|
|
|
|
36B000
|
unkown
|
page read and write
|
|
|
|
5A7E000
|
unkown
|
page read and write
|
|
|
|
343F000
|
stack
|
page read and write
|
|
|
|
336000
|
unkown
|
page read and write
|
|
|
|
4DB000
|
unkown
|
page read and write
|
|
|
|
340C000
|
unkown
|
page read and write
|
|
|
|
2140000
|
heap private
|
page read and write
|
|
|
|
2560000
|
unkown
|
page read and write
|
|
|
|
4DB000
|
unkown
|
page read and write
|
|
|
|
79BF000
|
stack
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
5A2C000
|
stack
|
page read and write
|
|
|
|
484000
|
unkown
|
page read and write
|
|
|
|
29E0000
|
heap private
|
page read and write
|
|
|
|
5560000
|
heap private
|
page read and write
|
|
|
|
413F000
|
stack
|
page read and write
|
|
|
|
29D0000
|
unkown
|
page read and write
|
|
|
|
340A000
|
unkown
|
page read and write
|
|
|
|
2B2B000
|
unkown
|
page read and write
|
|
|
|
31B000
|
unkown
|
page read and write
|
|
|
|
2A88000
|
unkown
|
page read and write
|
|
|
|
6F80000
|
unkown
|
page read and write
|
|
|
|
1D53000
|
unkown
|
page read and write
|
|
|
|
6FD2000
|
unkown image
|
page readonly
|
|
|
|
33F0000
|
unkown
|
page read and write
|
|
|
|
1E00000
|
unkown
|
page read and write
|
|
|
|
5450000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7070000
|
unkown
|
page read and write
|
|
|
|
377000
|
unkown
|
page read and write
|
|
|
|
5920000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
42FA000
|
unkown
|
page read and write
|
|
|
|
274000
|
heap default
|
page read and write
|
|
|
|
1B00000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
4030000
|
unkown
|
page read and write
|
|
|
|
337000
|
heap default
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
32EF000
|
stack
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
5790000
|
unkown
|
page read and write
|
|
|
|
1D50000
|
unkown
|
page read and write
|
|
|
|
5BDA000
|
unkown
|
page read and write
|
|
|
|
482000
|
unkown
|
page read and write
|
|
|
|
3C0000
|
unkown image
|
page readonly
|
|
|
|
2A19000
|
unkown
|
page read and write
|
|
|
|
4560000
|
unkown image
|
page readonly
|
|
|
|
58F0000
|
unkown
|
page read and write
|
|
|
|
564000
|
heap private
|
page read and write
|
|
|
|
2B21000
|
unkown
|
page read and write
|
|
|
|
1CD0000
|
unkown
|
page read and write
|
|
|
|
4010000
|
unkown
|
page read and write
|
|
|
|
5E0000
|
unkown image
|
page readonly
|
|
|
|
403B000
|
unkown
|
page read and write
|
|
|
|
3480000
|
unkown
|
page read and write
|
|
|
|
260000
|
unkown image
|
page read and write
|
|
|
|
2A64000
|
unkown
|
page read and write
|
|
|
|
21C0000
|
heap private
|
page read and write
|
|
|
|
3720000
|
unkown
|
page read and write
|
|
|
|
2B90000
|
unkown image
|
page readonly
|
|
|
|
546D000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
3FB0000
|
unkown
|
page read and write
|
|
|
|
1C9D000
|
unkown
|
page read and write
|
|
|
|
218F000
|
heap private
|
page read and write
|
|
|
|
328000
|
unkown
|
page read and write
|
|
|
|
6F80000
|
unkown
|
page read and write
|
|
|
|
4F70000
|
unkown
|
page read and write
|
|
|
|
2C7000
|
heap default
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
311F000
|
stack
|
page read and write
|
|
|
|
5474000
|
unkown
|
page read and write
|
|
|
|
1E0000
|
unkown
|
page read and write
|
|
|
|
466000
|
unkown
|
page read and write
|
|
|
|
2010000
|
unkown image
|
page readonly
|
|
|
|
260000
|
heap private
|
page read and write
|
|
|
|
2190000
|
unkown
|
page read and write
|
|
|
|
5A59000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
1E20000
|
heap private
|
page read and write
|
|
|
|
3236000
|
unkown
|
page read and write
|
|
|
|
2C20000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
4599000
|
heap private
|
page read and write
|
|
|
|
548D000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
3490000
|
unkown
|
page read and write
|
|
|
|
3410000
|
unkown image
|
page readonly
|
|
|
|
3400000
|
heap private
|
page read and write
|
|
|
|
4FE7000
|
unkown
|
page read and write
|
|
|
|
29F8000
|
unkown
|
page read and write
|
|
|
|
36D0000
|
unkown
|
page read and write
|
|
|
|
2BA000
|
heap default
|
page read and write
|
|
|
|
4BF000
|
unkown
|
page read and write
|
|
|
|
6E531000
|
unkown image
|
page execute read
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
44C0000
|
heap private
|
page read and write
|
|
|
|
7240000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7676000
|
unkown
|
page read and write
|
|
|
|
2120000
|
unkown
|
page read and write
|
|
|
|
362000
|
unkown
|
page read and write
|
|
|
|
21C5000
|
heap private
|
page read and write
|
|
|
|
6CB0000
|
unkown
|
page read and write
|
|
|
|
1D80000
|
unkown
|
page read and write
|
|
|
|
1CE0000
|
unkown
|
page read and write
|
|
|
|
150000
|
unkown
|
page read and write
|
|
|
|
29D8000
|
unkown
|
page read and write
|
|
|
|
2103000
|
unkown
|
page read and write
|
|
|
|
5150000
|
heap private
|
page read and write
|
|
|
|
2A00000
|
unkown
|
page read and write
|
|
|
|
2A48000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
6E854000
|
unkown image
|
page read and write
|
|
|
|
1C70000
|
unkown
|
page read and write
|
|
|
|
4FE5000
|
unkown
|
page read and write
|
|
|
|
2605000
|
heap private
|
page read and write
|
|
|
|
340C000
|
unkown
|
page read and write
|
|
|
|
1230000
|
unkown image
|
page readonly
|
|
|
|
340C000
|
unkown
|
page read and write
|
|
|
|
1D33000
|
unkown
|
page read and write
|
|
|
|
250000
|
unkown image
|
page readonly
|
|
|
|
546F000
|
unkown
|
page read and write
|
|
|
|
1B70000
|
unkown
|
page read and write
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
2B23000
|
unkown
|
page read and write
|
|
|
|
42BD000
|
stack
|
page read and write
|
|
|
|
2A4C000
|
unkown
|
page read and write
|
|
|
|
1C93000
|
unkown
|
page read and write
|
|
|
|
3453000
|
unkown
|
page read and write
|
|
|
|
2570000
|
unkown image
|
page readonly
|
|
|
|
20F0000
|
unkown image
|
page readonly
|
|
|
|
7789000
|
unkown
|
page read and write
|
|
|
|
4C2000
|
unkown
|
page read and write
|
|
|
|
2B29000
|
unkown
|
page read and write
|
|
|
|
31DF000
|
stack
|
page read and write
|
|
|
|
146000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
1CC0000
|
unkown image
|
page readonly
|
|
|
|
5900000
|
unkown
|
page read and write
|
|
|
|
2145000
|
heap private
|
page read and write
|
|
|
|
3C3F000
|
stack
|
page read and write
|
|
|
|
545F000
|
unkown
|
page read and write
|
|
|
|
314E000
|
stack
|
page read and write
|
|
|
|
42F2000
|
unkown
|
page read and write
|
|
|
|
4BF000
|
unkown
|
page read and write
|
|
|
|
1BA6000
|
unkown
|
page read and write
|
|
|
|
2A08000
|
unkown
|
page read and write
|
|
|
|
30B000
|
unkown
|
page read and write
|
|
|
|
4FC8000
|
unkown
|
page read and write
|
|
|
|
5080000
|
unkown image
|
page readonly
|
|
|
|
53D0000
|
heap private
|
page read and write
|
|
|
|
416000
|
heap default
|
page read and write
|
|
|
|
2580000
|
unkown image
|
page readonly
|
|
|
|
5590000
|
heap private
|
page read and write
|
|
|
|
6F70000
|
unkown
|
page read and write
|
|
|
|
34A000
|
unkown
|
page read and write
|
|
|
|
21AB000
|
heap private
|
page read and write
|
|
|
|
4FD5000
|
unkown
|
page read and write
|
|
|
|
6FC3000
|
unkown
|
page read and write
|
|
|
|
60000
|
unkown image
|
page readonly
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
420000
|
unkown
|
page read and write
|
|
|
|
26A000
|
heap private
|
page read and write
|
|
|
|
29F0000
|
unkown
|
page read and write
|
|
|
|
2A14000
|
unkown
|
page read and write
|
|
|
|
1C96000
|
unkown
|
page read and write
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
364000
|
unkown
|
page read and write
|
|
|
|
3470000
|
unkown
|
page read and write
|
|
|
|
1C88000
|
unkown
|
page read and write
|
|
|
|
4020000
|
unkown image
|
page readonly
|
|
|
|
7741000
|
unkown
|
page read and write
|
|
|
|
6DA0000
|
heap private
|
page read and write
|
|
|
|
31E0000
|
unkown
|
page read and write
|
|
|
|
2950000
|
unkown image
|
page readonly
|
|
|
|
399F000
|
stack
|
page read and write
|
|
|
|
1DA8000
|
unkown
|
page read and write
|
|
|
|
21A4000
|
heap private
|
page read and write
|
|
|
|
1D97000
|
unkown
|
page read and write
|
|
|
|
1CF0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
6E85F000
|
unkown image
|
page readonly
|
|
|
|
455E000
|
stack
|
page read and write
|
|
|
|
5AAB000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
5570000
|
unkown
|
page read and write
|
|
|
|
6D90000
|
unkown image
|
page readonly
|
|
|
|
29E8000
|
unkown
|
page read and write
|
|
|
|
2A04000
|
unkown
|
page read and write
|
|
|
|
4F66000
|
unkown
|
page read and write
|
|
|
|
30C0000
|
unkown
|
page read and write
|
|
|
|
186000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
4BF000
|
unkown
|
page read and write
|
|
|
|
5783000
|
unkown
|
page read and write
|
|
|
|
34A000
|
unkown
|
page read and write
|
|
|
|
57A0000
|
unkown
|
page read and write
|
|
|
|
6E85C000
|
unkown image
|
page read and write
|
|
|
|
5290000
|
heap private
|
page read and write
|
|
|
|
6C30000
|
heap private
|
page read and write
|
|
|
|
410000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
4950000
|
unkown
|
page read and write
|
|
|
|
2A3C000
|
unkown
|
page read and write
|
|
|
|
545B000
|
unkown
|
page read and write
|
|
|
|
264000
|
heap private
|
page read and write
|
|
|
|
2BA0000
|
heap private
|
page read and write
|
|
|
|
25C0000
|
unkown
|
page read and write
|
|
|
|
21FB000
|
heap private
|
page read and write
|
|
|
|
5471000
|
unkown
|
page read and write
|
|
|
|
2A74000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
374000
|
unkown
|
page read and write
|
|
|
|
7640000
|
unkown
|
page read and write
|
|
|
|
4BD2000
|
unkown
|
page read and write
|
|
|
|
35A0000
|
heap private
|
page read and write
|
|
|
|
44C5000
|
heap private
|
page read and write
|
|
|
|
5AEB000
|
unkown
|
page read and write
|
|
|
|
3120000
|
unkown
|
page read and write
|
|
|
|
1C9A000
|
unkown
|
page read and write
|
|
|
|
2B25000
|
unkown
|
page read and write
|
|
|
|
36E000
|
heap default
|
page read and write
|
|
|
|
6CD0000
|
unkown
|
page read and write
|
|
|
|
13C0000
|
unkown image
|
page readonly
|
|
|
|
5467000
|
unkown
|
page read and write
|
|
|
|
29DC000
|
unkown
|
page read and write
|
|
|
|
54A7000
|
unkown
|
page read and write
|
|
|
|
2100000
|
unkown
|
page read and write
|
|
|
|
2140000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
4CEE000
|
stack
|
page read and write
|
|
|
|
5A30000
|
unkown
|
page read and write
|
|
|
|
3200000
|
unkown
|
page read and write
|
|
|
|
3718000
|
unkown
|
page read and write
|
|
|
|
2A29000
|
unkown
|
page read and write
|
|
|
|
5C33000
|
unkown image
|
page read and write
|
|
|
|
2AE5000
|
heap private
|
page read and write
|
|
|
|
29F000
|
heap default
|
page read and write
|
|
|
|
4FE7000
|
unkown
|
page read and write
|
|
|
|
200000
|
heap default
|
page read and write
|
|
|
|
1C81000
|
unkown
|
page read and write
|
|
|
|
5267000
|
unkown image
|
page readonly
|
|
|
|
4D10000
|
unkown
|
page read and write
|
|
|
|
148000
|
unkown
|
page read and write
|
|
|
|
4D8000
|
unkown
|
page read and write
|
|
|
|
2FB0000
|
unkown
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
25D0000
|
unkown
|
page read and write
|
|
|
|
54D8000
|
unkown
|
page read and write
|
|
|
|
3FF0000
|
unkown
|
page read and write
|
|
|
|
1D75000
|
unkown
|
page read and write
|
|
|
|
42C0000
|
unkown
|
page read and write
|
|
|
|
5C28000
|
unkown
|
page read and write
|
|
|
|
5A42000
|
unkown
|
page read and write
|
|
|
|
36E0000
|
unkown
|
page read and write
|
|
|
|
7FEFF1A0000
|
unkown
|
page execute read
|
|
|
|
328000
|
unkown
|
page read and write
|
|
|
|
6BE2000
|
unkown image
|
page read and write
|
|
|
|
4BE8000
|
unkown
|
page read and write
|
|
|
|
5458000
|
unkown
|
page read and write
|
|
|
|
4FF0000
|
heap private
|
page read and write
|
|
|
|
7740000
|
unkown
|
page read and write
|
|
|
|
3407000
|
heap private
|
page read and write
|
|
|
|
4D69000
|
unkown
|
page read and write
|
|
|
|
30D0000
|
unkown
|
page read and write
|
|
|
|
479000
|
unkown
|
page read and write
|
|
|
|
2609000
|
heap private
|
page read and write
|
|
|
|
2130000
|
unkown
|
page read and write
|
|
|
|
2A5C000
|
unkown
|
page read and write
|
|
|
|
547F000
|
unkown
|
page read and write
|
|
|
|
1DA0000
|
unkown
|
page read and write
|
|
|
|
5460000
|
unkown
|
page read and write
|
|
|
|
6CE0000
|
heap private
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
29F4000
|
unkown
|
page read and write
|
|
|
|
3326000
|
unkown
|
page read and write
|
|
|
|
267B000
|
heap private
|
page read and write
|
|
|
|
6E84B000
|
unkown image
|
page read and write
|
|
|
|
2A10000
|
unkown
|
page read and write
|
|
|
|
403D000
|
unkown
|
page read and write
|
|
|
|
4D60000
|
unkown
|
page read and write
|
|
|
|
6D67000
|
unkown image
|
page read and write
|
|
|
|
430000
|
unkown
|
page read and write
|
|
|
|
2AE0000
|
heap private
|
page read and write
|
|
|
|
400000
|
unkown image
|
page readonly
|
|
|
|
2B1B000
|
heap private
|
page read and write
|
|
|
|
2A60000
|
unkown
|
page read and write
|
|
|
|
1DAE000
|
unkown
|
page read and write
|
|
|
|
29EC000
|
unkown
|
page read and write
|
|
|
|
25A0000
|
unkown
|
page read and write
|
|
|
|
1D45000
|
heap private
|
page read and write
|
|
|
|
4E80000
|
unkown
|
page read and write
|
|
|
|
29CC000
|
unkown
|
page read and write
|
|
|
|
30BE000
|
stack
|
page read and write
|
|
|
|
5AB2000
|
unkown
|
page read and write
|
|
|
|
5C2F000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
There are 535 hidden memdumps, click here to show them.