IOC Report

loading gif

Files

File Path
Type
Category
Malicious
order 4544471372.xls
Microsoft Excel 2007+
initial sample
 malicious
C:\ProgramData\tCeltZ.rtf
HTML document, ASCII text, with very long lines, with CRLF line terminators
modified
 malicious
C:\Users\user\Desktop\order 4544471372.xls (copy)
Microsoft Excel 2007+
dropped
 malicious
C:\Users\user\Desktop\~$order 4544471372.xls
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\83027875.png
PNG image data, 1170 x 183, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\Desktop\7E530000
Microsoft Excel 2007+
dropped
 clean
C:\Users\user\Desktop\7E530000:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\wbem\WMIC.exe
wmic process call create "mshta C:\ProgramData\tCeltZ.rtf"
 malicious
C:\Windows\System32\mshta.exe
mshta C:\ProgramData\tCeltZ.rtf
 clean

URLs

Name
IP
Malicious
http://www.windows.com/pctv.
unknown
 clean
http://149.129.254.152tf
unknown
 clean
http://149.129.254.152:8080/6tfcnfucknugget4gpenis3dade5z6cpcY
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://schemas.op
unknown
 clean
http://ns.adobe.co
unknown
 clean
http://149.K
unknown
 clean
http://ns.adobe.c
unknown
 clean
http://schemas.openformatrg/package/2006/content-t
unknown
 clean
http://149.129.254.152:8080/6tfcnfucknugget4gpenis3dade5z6cpc
149.129.254.152
 clean
http://ns.a
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://ns.ad
unknown
 clean
http://149.129.254.152:8080/6tfcnfucknugget4gpenis3dad.12
unknown
 clean
http://schemas.open
unknown
 clean
http://149.129.254.152:8080
unknown
 clean
http://149.129.254..6.0?_
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.openformatrg/package/2006/r
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://149.129.254.152:8080/6tfcnfucknugget4gpenis3dade5.macroE
unknown
 clean
http://149.129.254.152:8080/6tfcnfucknugget4gpenis3dade5z6cpcd.ms-m
unknown
 clean
http://149.129.254.152:8080/6tfcnfucknugget4gpenis3dade5z6cacro
unknown
 clean
http://149.129.254.152:8080/6tfcnfucknugget4gpenis3dade5z6cpcation/
unknown
 clean
http://149.129.254.152:8080/6tfcnfucknugget4gpenis3dade5z6cpcel.tem
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://ns.ado
unknown
 clean
http://149.129.254.152:8080/6tfcnfucknugget4gpenis3dade5z6cpcu
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://ns.adobe.
unknown
 clean
http://servername/isapibackend.dll
unknown
 clean
http://149.129.254.152:8V
unknown
 clean
There are 25 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
149.129.254.152
unknown
Singapore
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
e$-
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\30010
30010
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
8+-
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\36162
36162
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
There are 26 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2EB5000
heap private
page read and write
 clean
4D70000
unkown
page read and write
 clean
2910000
unkown
page read and write
 clean
10C000
heap default
page read and write
 clean
547A000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
30000
unkown image
page readonly
 clean
7820000
unkown
page read and write
 clean
2050000
heap private
page read and write
 clean
1D43000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
3F50000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
290000
heap default
page read and write
 clean
36D0000
unkown
page read and write
 clean
3A6000
heap default
page read and write
 clean
1D97000
unkown
page read and write
 clean
21CB000
heap private
page read and write
 clean
4F19000
unkown
page read and write
 clean
8ECF000
stack
page read and write
 clean
7150000
unkown
page read and write
 clean
6E83B000
unkown image
page read and write
 clean
2878000
unkown
page read and write
 clean
300000
unkown image
page readonly
 clean
40D0000
unkown
page read and write
 clean
5760000
unkown
page read and write
 clean
6D40000
unkown
page read and write
 clean
2920000
unkown image
page readonly
 clean
7FFFFFD0000
unkown image
page readonly
 clean
3642000
unkown
page read and write
 clean
5487000
unkown
page read and write
 clean
2868000
unkown
page read and write
 clean
1FC0000
heap private
page read and write
 clean
40000
unkown image
page readonly
 clean
270000
unkown image
page read and write
 clean
3F30000
unkown
page read and write
 clean
2B0000
unkown
page read and write
 clean
355000
unkown
page read and write
 clean
35F1000
unkown
page read and write
 clean
5870000
unkown
page read and write
 clean
47DF000
stack
page read and write
 clean
3250000
heap private
page read and write
 clean
1D40000
unkown
page read and write
 clean
352000
unkown
page read and write
 clean
4B13000
unkown
page read and write
 clean
4810000
heap private
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
77C0000
unkown
page read and write
 clean
77C0000
unkown
page read and write
 clean
24E0000
unkown
page read and write
 clean
2818000
unkown
page read and write
 clean
32B5000
heap private
page read and write
 clean
71E0000
heap private
page read and write
 clean
280C000
unkown
page read and write
 clean
390000
unkown image
page readonly
 clean
4AB0000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
35F8000
unkown
page read and write
 clean
3653000
unkown
page read and write
 clean
524000
heap default
page read and write
 clean
421D000
stack
page read and write
 clean
5820000
unkown
page read and write
 clean
7976000
unkown
page read and write
 clean
5760000
unkown
page read and write
 clean
65300000
unkown image
page readonly
 clean
2EC0000
unkown
page read and write
 clean
4760000
unkown
page read and write
 clean
5486000
unkown
page read and write
 clean
33C000
unkown
page read and write
 clean
4960000
unkown
page read and write
 clean
2830000
unkown
page read and write
 clean
2055000
heap private
page read and write
 clean
1F80000
unkown
page read and write
 clean
4090000
unkown
page read and write
 clean
2824000
unkown
page read and write
 clean
5A9F000
unkown
page read and write
 clean
2849000
unkown
page read and write
 clean
1D20000
heap private
page read and write
 clean
6D50000
heap private
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
4365000
heap private
page read and write
 clean
1D53000
unkown
page read and write
 clean
3680000
unkown
page read and write
 clean
7133000
unkown
page read and write
 clean
2044000
unkown
page read and write
 clean
17D000
heap private
page read and write
 clean
31A000
unkown
page read and write
 clean
5A4D000
stack
page read and write
 clean
64D2000
unkown image
page read and write
 clean
2519000
heap private
page read and write
 clean
3F18000
unkown
page read and write
 clean
71D0000
unkown
page read and write
 clean
3480000
unkown image
page readonly
 clean
5480000
unkown
page read and write
 clean
2774000
heap private
page read and write
 clean
219B000
heap private
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
33C0000
unkown
page read and write
 clean
2860000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
2828000
unkown
page read and write
 clean
6E520000
unkown image
page readonly
 clean
4100000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
2670000
heap private
page read and write
 clean
32BE000
stack
page read and write
 clean
33FD000
stack
page read and write
 clean
4C30000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
6F80000
unkown
page read and write
 clean
19D000
unkown
page read and write
 clean
320F000
stack
page read and write
 clean
7190000
unkown
page read and write
 clean
1A0000
unkown
page read and write
 clean
33E0000
unkown
page read and write
 clean
1D60000
unkown
page read and write
 clean
21C4000
heap private
page read and write
 clean
5780000
unkown
page read and write
 clean
3180000
heap private
page read and write
 clean
5430000
heap private
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
5770000
unkown
page read and write
 clean
E4000
heap default
page read and write
 clean
58A0000
unkown
page read and write
 clean
7160000
unkown
page read and write
 clean
28A4000
unkown
page read and write
 clean
58AA000
unkown
page read and write
 clean
4B19000
unkown
page read and write
 clean
268000
unkown
page read and write
 clean
3615000
unkown
page read and write
 clean
4360000
heap private
page read and write
 clean
3010000
unkown
page read and write
 clean
49F0000
heap private
page read and write
 clean
3166000
unkown
page read and write
 clean
40F5000
unkown
page read and write
 clean
342000
unkown
page read and write
 clean
5460000
unkown
page read and write
 clean
7120000
unkown
page read and write
 clean
40BB000
unkown
page read and write
 clean
71BF000
stack
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
4070000
unkown
page read and write
 clean
7820000
unkown
page read and write
 clean
5890000
unkown
page read and write
 clean
5760000
unkown
page read and write
 clean
409E000
unkown
page read and write
 clean
77BE000
stack
page read and write
 clean
208B000
heap private
page read and write
 clean
339000
unkown
page read and write
 clean
7690000
unkown
page read and write
 clean
5481000
unkown
page read and write
 clean
322000
unkown
page read and write
 clean
6DD0000
unkown
page read and write
 clean
4D60000
unkown
page read and write
 clean
577000
heap default
page read and write
 clean
4B00000
unkown image
page readonly
 clean
287C000
unkown
page read and write
 clean
314F000
stack
page read and write
 clean
5479000
unkown
page read and write
 clean
40FA000
unkown
page read and write
 clean
250000
heap private
page read and write
 clean
7E0000
unkown image
page readonly
 clean
2490000
unkown
page read and write
 clean
2955000
heap private
page read and write
 clean
57A0000
heap private
page read and write
 clean
7800000
unkown
page read and write
 clean
6EC1000
unkown image
page read and write
 clean
1BE0000
unkown
page read and write
 clean
519F000
stack
page read and write
 clean
7970000
unkown
page read and write
 clean
2917000
unkown
page read and write
 clean
58D0000
heap private
page read and write
 clean
71E4000
heap private
page read and write
 clean
170000
unkown
page read and write
 clean
4EF7000
unkown
page read and write
 clean
7810000
unkown
page read and write
 clean
6D30000
unkown image
page readonly
 clean
362D000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
40B2000
unkown
page read and write
 clean
76A6000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
1F7F000
stack
page read and write
 clean
7020000
unkown
page read and write
 clean
58B000
heap default
page read and write
 clean
2950000
heap private
page read and write
 clean
4C0000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
3651000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
360E000
unkown
page read and write
 clean
2FFF000
stack
page read and write
 clean
3670000
unkown
page read and write
 clean
5390000
unkown
page read and write
 clean
27FC000
unkown
page read and write
 clean
4650000
heap private
page read and write
 clean
3020000
unkown image
page readonly
 clean
6E84C000
unkown image
page read and write
 clean
2496000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
186000
unkown
page read and write
 clean
2A6000
unkown
page read and write
 clean
2870000
unkown
page read and write
 clean
2D80000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
36D8000
unkown
page read and write
 clean
3618000
unkown
page read and write
 clean
CA000
unkown
page read and write
 clean
174000
heap private
page read and write
 clean
3610000
unkown image
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
4D6A000
unkown
page read and write
 clean
26F0000
unkown image
page read and write
 clean
1150000
unkown image
page readonly
 clean
4C20000
heap private
page read and write
 clean
4EB0000
unkown
page read and write
 clean
5A58000
unkown
page read and write
 clean
7020000
unkown
page read and write
 clean
5197000
unkown image
page readonly
 clean
2814000
unkown
page read and write
 clean
291C000
unkown
page read and write
 clean
4F09000
unkown
page read and write
 clean
304000
unkown
page read and write
 clean
AE000
heap default
page read and write
 clean
300E000
stack
page read and write
 clean
1AB0000
unkown image
page readonly
 clean
1C16000
unkown
page read and write
 clean
1D70000
unkown
page read and write
 clean
352000
unkown
page read and write
 clean
264000
unkown
page read and write
 clean
2913000
unkown
page read and write
 clean
40B0000
unkown
page read and write
 clean
287F000
stack
page read and write
 clean
20000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
390000
unkown image
page readonly
 clean
4110000
unkown
page read and write
 clean
1D6000
unkown
page read and write
 clean
77F0000
unkown
page read and write
 clean
3EF0000
unkown
page read and write
 clean
575C000
stack
page read and write
 clean
3B0000
heap private
page read and write
 clean
59E000
stack
page read and write
 clean
1DA8000
unkown
page read and write
 clean
360000
heap default
page read and write
 clean
5B0A000
unkown
page read and write
 clean
341000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
3F00000
unkown
page read and write
 clean
2898000
unkown
page read and write
 clean
40BD000
unkown
page read and write
 clean
33F0000
unkown
page read and write
 clean
5790000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
2E9000
unkown
page read and write
 clean
2834000
unkown
page read and write
 clean
5880000
unkown
page read and write
 clean
4D68000
unkown
page read and write
 clean
3400000
heap private
page read and write
 clean
7196000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
1D80000
unkown
page read and write
 clean
2910000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
32F6000
unkown
page read and write
 clean
6D20000
unkown
page read and write
 clean
20000
unkown image
page read and write
 clean
36EA000
unkown
page read and write
 clean
297000
heap default
page read and write
 clean
2CE000
heap default
page read and write
 clean
2FCE000
stack
page read and write
 clean
510000
unkown image
page readonly
 clean
2859000
unkown
page read and write
 clean
270000
unkown
page read and write
 clean
5820000
unkown
page read and write
 clean
40FE000
unkown
page read and write
 clean
42C0000
heap private
page read and write
 clean
352000
unkown
page read and write
 clean
70000
heap default
page read and write
 clean
7290000
unkown
page read and write
 clean
3F60000
unkown
page read and write
 clean
302000
unkown
page read and write
 clean
21C0000
heap private
page read and write
 clean
380000
unkown
page read and write
 clean
6E84F000
unkown image
page readonly
 clean
7056000
unkown
page read and write
 clean
320000
unkown
page read and write
 clean
3B4000
heap private
page read and write
 clean
298B000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
2040000
unkown
page read and write
 clean
4580000
heap private
page read and write
 clean
345000
unkown
page read and write
 clean
2160000
heap private
page read and write
 clean
3A0000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
3404000
heap private
page read and write
 clean
6ED1000
unkown image
page read and write
 clean
5850000
unkown
page read and write
 clean
2515000
heap private
page read and write
 clean
7210000
heap private
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
6F90000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
3010000
unkown
page read and write
 clean
31D000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
266000
unkown
page read and write
 clean
6EB1000
unkown image
page read and write
 clean
68C2000
unkown image
page readonly
 clean
3AB000
heap default
page read and write
 clean
76A2000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
520000
unkown image
page readonly
 clean
2890000
unkown
page read and write
 clean
3160000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
497000
heap default
page read and write
 clean
31A0000
unkown
page read and write
 clean
254000
heap private
page read and write
 clean
1CF0000
unkown
page read and write
 clean
358F000
stack
page read and write
 clean
31A000
unkown
page read and write
 clean
36A0000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
5408000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
3E10000
unkown image
page readonly
 clean
21A6000
heap private
page read and write
 clean
2EEB000
heap private
page read and write
 clean
291B000
unkown
page read and write
 clean
40E0000
unkown
page read and write
 clean
26E0000
unkown image
page readonly
 clean
3657000
unkown
page read and write
 clean
40B5000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7978000
unkown
page read and write
 clean
360000
unkown
page read and write
 clean
2838000
unkown
page read and write
 clean
546000
heap default
page read and write
 clean
29D0000
unkown image
page readonly
 clean
7972000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
27F8000
unkown
page read and write
 clean
286C000
unkown
page read and write
 clean
2F8000
unkown
page read and write
 clean
5475000
heap private
page read and write
 clean
36C0000
unkown
page read and write
 clean
291A000
unkown
page read and write
 clean
4B10000
unkown
page read and write
 clean
1DBE000
unkown
page read and write
 clean
283C000
unkown
page read and write
 clean
2916000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
260000
unkown image
page readonly
 clean
2770000
heap private
page read and write
 clean
12E0000
unkown image
page readonly
 clean
3F20000
unkown
page read and write
 clean
6DD0000
unkown
page read and write
 clean
362B000
unkown
page read and write
 clean
7170000
unkown
page read and write
 clean
40A0000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
6E521000
unkown image
page execute read
 clean
2060000
heap private
page read and write
 clean
7200000
unkown
page read and write
 clean
40F2000
unkown
page read and write
 clean
31A000
unkown
page read and write
 clean
5A88000
unkown
page read and write
 clean
33C8000
unkown
page read and write
 clean
281C000
unkown
page read and write
 clean
7960000
unkown
page read and write
 clean
332000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
2510000
heap private
page read and write
 clean
1D75000
unkown
page read and write
 clean
2E8000
unkown
page read and write
 clean
361C000
unkown
page read and write
 clean
5A50000
unkown
page read and write
 clean
1140000
unkown image
page readonly
 clean
4AD2000
unkown
page read and write
 clean
FC0000
unkown image
page readonly
 clean
4D26000
unkown
page read and write
 clean
2480000
unkown
page read and write
 clean
288C000
unkown
page read and write
 clean
4F19000
unkown
page read and write
 clean
36B0000
unkown
page read and write
 clean
355000
unkown
page read and write
 clean
58C0000
unkown
page read and write
 clean
2890000
heap private
page read and write
 clean
6E848000
unkown image
page write copy
 clean
2EA000
unkown
page read and write
 clean
40C0000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
33D0000
unkown
page read and write
 clean
39D000
heap default
page read and write
 clean
31D000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
3F40000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
2F8000
unkown
page read and write
 clean
2840000
unkown
page read and write
 clean
2F9000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
2710000
unkown
page read and write
 clean
6DD0000
unkown
page read and write
 clean
3C0000
unkown
page read and write
 clean
2E6000
unkown
page read and write
 clean
6FA0000
heap private
page read and write
 clean
3640000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
6DD0000
unkown
page read and write
 clean
4FB0000
unkown image
page readonly
 clean
2820000
unkown
page read and write
 clean
35E0000
unkown
page read and write
 clean
2030000
unkown
page read and write
 clean
2DC0000
unkown
page read and write
 clean
170000
heap private
page read and write
 clean
5790000
unkown
page read and write
 clean
2800000
unkown
page read and write
 clean
2808000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
1D50000
unkown
page read and write
 clean
35CE000
stack
page read and write
 clean
795E000
stack
page read and write
 clean
6EF0000
heap private
page read and write
 clean
BFF000
stack
page read and write
 clean
77C0000
unkown
page read and write
 clean
55FE000
stack
page read and write
 clean
3150000
unkown
page read and write
 clean
7812000
unkown
page read and write
 clean
5830000
unkown
page read and write
 clean
406F000
stack
page read and write
 clean
2010000
unkown image
page readonly
 clean
17A000
heap private
page read and write
 clean
1DE0000
heap private
page read and write
 clean
6D10000
unkown
page read and write
 clean
2EB0000
heap private
page read and write
 clean
2F8000
unkown
page read and write
 clean
402000
unkown
page read and write
 clean
5481000
unkown
page read and write
 clean
1F80000
unkown image
page read and write
 clean
2EB000
unkown
page read and write
 clean
4F14000
unkown
page read and write
 clean
6EE0000
unkown
page read and write
 clean
2DB000
unkown
page read and write
 clean
6DD0000
unkown
page read and write
 clean
4CE000
heap default
page read and write
 clean
37CF000
stack
page read and write
 clean
1DAE000
unkown
page read and write
 clean
7140000
unkown
page read and write
 clean
5470000
heap private
page read and write
 clean
2020000
unkown
page read and write
 clean
5840000
unkown
page read and write
 clean
7FEFF1A0000
unkown
page execute read
 clean
4370000
unkown image
page readonly
 clean
2894000
unkown
page read and write
 clean
3190000
unkown
page read and write
 clean
28B0000
unkown
page read and write
 clean
65F000
stack
page read and write
 clean
3690000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
3655000
unkown
page read and write
 clean
650000
unkown image
page readonly
 clean
6DE000
stack
page read and write
 clean
71F0000
unkown
page read and write
 clean
1E80000
heap private
page read and write
 clean
5760000
unkown
page read and write
 clean
2023000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
2919000
unkown
page read and write
 clean
32C0000
unkown
page read and write
 clean
58B0000
unkown
page read and write
 clean
2912000
unkown
page read and write
 clean
6E7F1000
unkown image
page readonly
 clean
12B000
heap default
page read and write
 clean
310000
unkown
page read and write
 clean
33C000
unkown
page read and write
 clean
3F6000
unkown
page read and write
 clean
440000
unkown
page read and write
 clean
4F1C000
unkown
page read and write
 clean
6D20000
unkown
page read and write
 clean
367000
heap default
page read and write
 clean
77000
heap default
page read and write
 clean
5B0E000
unkown
page read and write
 clean
5B5F000
unkown
page read and write
 clean
4470000
heap private
page read and write
 clean
76B0000
unkown
page read and write
 clean
4D14000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
6DD0000
unkown
page read and write
 clean
361E000
unkown
page read and write
 clean
3A30000
unkown image
page readonly
 clean
3590000
heap private
page execute and read and write
 clean
2F4000
heap private
page read and write
 clean
31A6000
unkown
page read and write
 clean
38EE000
stack
page read and write
 clean
40B9000
unkown
page read and write
 clean
5C53000
unkown image
page read and write
 clean
30AF000
stack
page read and write
 clean
2915000
unkown
page read and write
 clean
350000
unkown
page read and write
 clean
35F4000
unkown
page read and write
 clean
442000
unkown
page read and write
 clean
3010000
unkown
page read and write
 clean
3170000
unkown
page read and write
 clean
330000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
20D0000
unkown image
page readonly
 clean
7FFFFFD0000
unkown image
page readonly
 clean
150000
unkown
page read and write
 clean
363B000
unkown
page read and write
 clean
1CE0000
unkown
page read and write
 clean
548A000
unkown
page read and write
 clean
1D25000
heap private
page read and write
 clean
4080000
unkown
page read and write
 clean
35F6000
unkown
page read and write
 clean
31D000
unkown
page read and write
 clean
3620000
unkown
page read and write
 clean
5820000
unkown
page read and write
 clean
5772000
unkown
page read and write
 clean
2914000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
5481000
unkown
page read and write
 clean
577A000
unkown
page read and write
 clean
6E844000
unkown image
page read and write
 clean
28B4000
unkown
page read and write
 clean
2918000
unkown
page read and write
 clean
2F8000
unkown
page read and write
 clean
4CA0000
unkown
page read and write
 clean
180000
unkown
page read and write
 clean
53DD000
unkown
page read and write
 clean
307F000
stack
page read and write
 clean
3626000
unkown
page read and write
 clean
2F0000
heap private
page read and write
 clean
640000
unkown image
page readonly
 clean
5486000
unkown
page read and write
 clean
3C17000
unkown image
page readonly
 clean
76A0000
unkown
page read and write
 clean
4EC0000
unkown
page read and write
 clean
7180000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
5A64000
unkown
page read and write
 clean
2844000
unkown
page read and write
 clean
36E7000
heap private
page read and write
 clean
7816000
unkown
page read and write
 clean
3030000
unkown image
page readonly
 clean
5250000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
2810000
unkown
page read and write
 clean
490000
heap default
page read and write
 clean
21AF000
heap private
page read and write
 clean
553000
heap default
page read and write
 clean
4F0B000
unkown
page read and write
 clean
578F000
unkown
page read and write
 clean
28A0000
unkown
page read and write
 clean
2D10000
unkown image
page readonly
 clean
5B01000
unkown
page read and write
 clean
2580000
heap private
page read and write
 clean
2911000
unkown
page read and write
 clean
40A8000
unkown
page read and write
 clean
2165000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
2760000
heap private
page read and write
 clean
2E0000
unkown
page read and write
 clean
31B0000
unkown
page read and write
 clean
3603000
unkown
page read and write
 clean
436E000
stack
page read and write
 clean
36E0000
heap private
page read and write
 clean
361A000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
54F0000
unkown
page read and write
 clean
1DA0000
unkown
page read and write
 clean
339000
unkown
page read and write
 clean
5487000
unkown
page read and write
 clean
3184000
heap private
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
547B000
unkown
page read and write
 clean
40F7000
unkown
page read and write
 clean
1D00000
unkown
page read and write
 clean
71C0000
unkown
page read and write
 clean
32B0000
heap private
page read and write
 clean
3170000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
There are 575 hidden memdumps, click here to show them.