Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Complaint details 143595.xlsb
|
Microsoft Excel 2007+
|
initial sample
|
 |
|
|
C:\ProgramData\KBjfhfmoGRoN.rtf
|
HTML document, ASCII text, with very long lines, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\Desktop\~$Complaint details 143595.xlsb
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E2AB5816.png
|
PNG image data, 960 x 510, 8-bit/color RGBA, non-interlaced
|
dropped
|
 |
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
|
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
|
|
|
|
C:\Windows\System32\wbem\WMIC.exe
|
wmic process call create "mshta C:\ProgramData\KBjfhfmoGRoN.rtf"
|
|
|
|
C:\Windows\System32\mshta.exe
|
mshta C:\ProgramData\KBjfhfmoGRoN.rtf
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
|
unknown
|
|
|
|
http://www.windows.com/pctv.
|
unknown
|
|
|
|
http://investor.msn.com
|
unknown
|
|
|
|
http://www.msnbc.com/news/ticker.txt
|
unknown
|
|
|
|
http://www.%s.comPA
|
unknown
|
|
|
|
http://www.icra.org/vocabulary/.
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
|
unknown
|
|
|
|
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
|
unknown
|
|
|
|
http://www.hotmail.com/oe
|
unknown
|
|
|
|
http://servername/isapibackend.dll
|
unknown
|
|
|
|
http://investor.msn.com/
|
unknown
|
|
There are 1 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
)i(
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
|
MTTT
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
|
ReviewToken
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2F0D4
|
2F0D4
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
VBAFiles
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
|
r(
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
|
LastPurgeTime
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
|
1033
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
EXCELFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
|
ProductFiles
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
|
ProductNonBootFilesIntl_1033
|
|
There are 3 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
77F4000
|
unkown
|
page read and write
|
|
|
|
2DA7000
|
unkown
|
page read and write
|
|
|
|
6E84F000
|
unkown image
|
page readonly
|
|
|
|
32CF000
|
stack
|
page read and write
|
|
|
|
4875000
|
unkown
|
page read and write
|
|
|
|
228C000
|
unkown
|
page read and write
|
|
|
|
5760000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
37CD000
|
stack
|
page read and write
|
|
|
|
3B39000
|
heap private
|
page read and write
|
|
|
|
7360000
|
unkown
|
page read and write
|
|
|
|
1CE0000
|
unkown
|
page read and write
|
|
|
|
3570000
|
unkown
|
page read and write
|
|
|
|
3120000
|
unkown
|
page read and write
|
|
|
|
7B40000
|
unkown
|
page read and write
|
|
|
|
2130000
|
unkown image
|
page readonly
|
|
|
|
2DA3000
|
unkown
|
page read and write
|
|
|
|
45B0000
|
heap private
|
page read and write
|
|
|
|
376000
|
unkown
|
page read and write
|
|
|
|
35B000
|
heap private
|
page read and write
|
|
|
|
1F7C000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
36F000
|
heap private
|
page read and write
|
|
|
|
7B51000
|
unkown
|
page read and write
|
|
|
|
3190000
|
unkown
|
page read and write
|
|
|
|
3BE000
|
heap default
|
page read and write
|
|
|
|
20000
|
unkown image
|
page readonly
|
|
|
|
42C000
|
heap default
|
page read and write
|
|
|
|
5710000
|
unkown
|
page read and write
|
|
|
|
3335000
|
heap private
|
page read and write
|
|
|
|
266000
|
unkown
|
page read and write
|
|
|
|
70BF000
|
stack
|
page read and write
|
|
|
|
7D0000
|
unkown image
|
page readonly
|
|
|
|
6E521000
|
unkown image
|
page execute read
|
|
|
|
3870000
|
unkown
|
page read and write
|
|
|
|
3155000
|
unkown
|
page read and write
|
|
|
|
36C0000
|
unkown
|
page read and write
|
|
|
|
4DB0000
|
unkown
|
page read and write
|
|
|
|
2DA6000
|
unkown
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
41D0000
|
unkown
|
page read and write
|
|
|
|
5940000
|
unkown
|
page read and write
|
|
|
|
1F70000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
3340000
|
unkown
|
page read and write
|
|
|
|
2280000
|
heap private
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
3550000
|
unkown
|
page read and write
|
|
|
|
42F2000
|
unkown
|
page read and write
|
|
|
|
2250000
|
unkown
|
page read and write
|
|
|
|
1CD0000
|
unkown
|
page read and write
|
|
|
|
31A4000
|
heap private
|
page read and write
|
|
|
|
788B000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
7A51000
|
unkown
|
page read and write
|
|
|
|
485F000
|
unkown
|
page read and write
|
|
|
|
37F2000
|
unkown
|
page read and write
|
|
|
|
4879000
|
unkown
|
page read and write
|
|
|
|
438000
|
unkown
|
page read and write
|
|
|
|
5025000
|
unkown
|
page read and write
|
|
|
|
2020000
|
unkown
|
page read and write
|
|
|
|
87000
|
heap default
|
page read and write
|
|
|
|
474000
|
unkown
|
page read and write
|
|
|
|
3B0000
|
heap private
|
page read and write
|
|
|
|
2DAC000
|
unkown
|
page read and write
|
|
|
|
28CF000
|
stack
|
page read and write
|
|
|
|
E0000
|
unkown image
|
page read and write
|
|
|
|
42B000
|
unkown
|
page read and write
|
|
|
|
36B9000
|
unkown
|
page read and write
|
|
|
|
56F0000
|
unkown
|
page read and write
|
|
|
|
270F000
|
stack
|
page read and write
|
|
|
|
3318000
|
unkown
|
page read and write
|
|
|
|
22B0000
|
heap private
|
page read and write
|
|
|
|
40E000
|
heap default
|
page read and write
|
|
|
|
22B5000
|
heap private
|
page read and write
|
|
|
|
44A0000
|
unkown image
|
page readonly
|
|
|
|
4A27000
|
unkown
|
page read and write
|
|
|
|
2600000
|
unkown
|
page read and write
|
|
|
|
1F00000
|
unkown image
|
page read and write
|
|
|
|
54C0000
|
unkown
|
page read and write
|
|
|
|
45F000
|
unkown
|
page read and write
|
|
|
|
54F0000
|
unkown
|
page read and write
|
|
|
|
320000
|
heap private
|
page read and write
|
|
|
|
1CC3000
|
unkown
|
page read and write
|
|
|
|
1D00000
|
unkown
|
page read and write
|
|
|
|
31B0000
|
unkown
|
page read and write
|
|
|
|
36BD000
|
unkown
|
page read and write
|
|
|
|
325000
|
heap private
|
page read and write
|
|
|
|
5BA2000
|
unkown
|
page read and write
|
|
|
|
3350000
|
unkown
|
page read and write
|
|
|
|
6E844000
|
unkown image
|
page read and write
|
|
|
|
32A5000
|
heap private
|
page read and write
|
|
|
|
4D3D000
|
stack
|
page read and write
|
|
|
|
5B2B000
|
unkown
|
page read and write
|
|
|
|
3460000
|
unkown
|
page read and write
|
|
|
|
2004000
|
unkown
|
page read and write
|
|
|
|
5035000
|
unkown
|
page read and write
|
|
|
|
37F7000
|
unkown
|
page read and write
|
|
|
|
2DA9000
|
unkown
|
page read and write
|
|
|
|
32E8000
|
unkown
|
page read and write
|
|
|
|
5025000
|
unkown
|
page read and write
|
|
|
|
1DB6000
|
unkown
|
page read and write
|
|
|
|
38B000
|
heap private
|
page read and write
|
|
|
|
4D90000
|
unkown
|
page read and write
|
|
|
|
79D2000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
32F0000
|
unkown
|
page read and write
|
|
|
|
2014000
|
unkown
|
page read and write
|
|
|
|
3560000
|
unkown
|
page read and write
|
|
|
|
335000
|
unkown
|
page read and write
|
|
|
|
3CB000
|
unkown
|
page read and write
|
|
|
|
3300000
|
unkown
|
page read and write
|
|
|
|
1D70000
|
heap private
|
page read and write
|
|
|
|
5CDF000
|
unkown
|
page read and write
|
|
|
|
3496000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
6E84C000
|
unkown image
|
page read and write
|
|
|
|
26E000
|
unkown
|
page read and write
|
|
|
|
51A000
|
heap private
|
page read and write
|
|
|
|
3890000
|
heap private
|
page read and write
|
|
|
|
5037000
|
unkown
|
page read and write
|
|
|
|
37FA000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
31C0000
|
unkown
|
page read and write
|
|
|
|
1D80000
|
unkown
|
page read and write
|
|
|
|
4C30000
|
unkown
|
page read and write
|
|
|
|
2770000
|
heap private
|
page read and write
|
|
|
|
45D000
|
unkown
|
page read and write
|
|
|
|
20D0000
|
unkown image
|
page readonly
|
|
|
|
5930000
|
unkown
|
page read and write
|
|
|
|
1FDC000
|
unkown
|
page read and write
|
|
|
|
1D03000
|
unkown
|
page read and write
|
|
|
|
32A0000
|
heap private
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
336B000
|
heap private
|
page read and write
|
|
|
|
100000
|
unkown image
|
page readonly
|
|
|
|
2C0000
|
unkown
|
page read and write
|
|
|
|
5025000
|
unkown
|
page read and write
|
|
|
|
37D0000
|
unkown
|
page read and write
|
|
|
|
5B90000
|
unkown
|
page read and write
|
|
|
|
133000
|
unkown
|
page read and write
|
|
|
|
45A000
|
unkown
|
page read and write
|
|
|
|
1FEC000
|
unkown
|
page read and write
|
|
|
|
5940000
|
unkown
|
page read and write
|
|
|
|
5018000
|
unkown
|
page read and write
|
|
|
|
2230000
|
unkown image
|
page readonly
|
|
|
|
54FC000
|
unkown
|
page read and write
|
|
|
|
710000
|
unkown image
|
page readonly
|
|
|
|
7A40000
|
unkown
|
page read and write
|
|
|
|
2A0000
|
unkown
|
page read and write
|
|
|
|
59A5000
|
heap private
|
page read and write
|
|
|
|
20C0000
|
heap private
|
page read and write
|
|
|
|
BE000
|
heap default
|
page read and write
|
|
|
|
4710000
|
heap private
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
5510000
|
unkown
|
page read and write
|
|
|
|
42EF000
|
stack
|
page read and write
|
|
|
|
1BF0000
|
unkown image
|
page readonly
|
|
|
|
2010000
|
unkown
|
page read and write
|
|
|
|
1E0000
|
unkown
|
page read and write
|
|
|
|
49D0000
|
unkown
|
page read and write
|
|
|
|
1FB4000
|
unkown
|
page read and write
|
|
|
|
32D0000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
5BE3000
|
unkown
|
page read and write
|
|
|
|
7AA7000
|
unkown
|
page read and write
|
|
|
|
3800000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
3D0000
|
heap default
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
5730000
|
unkown
|
page read and write
|
|
|
|
2000000
|
unkown
|
page read and write
|
|
|
|
7A6B000
|
unkown
|
page read and write
|
|
|
|
580000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
22C0000
|
heap private
|
page read and write
|
|
|
|
438000
|
unkown
|
page read and write
|
|
|
|
28F0000
|
heap private
|
page read and write
|
|
|
|
2ABE000
|
stack
|
page read and write
|
|
|
|
78AA000
|
unkown
|
page read and write
|
|
|
|
290000
|
unkown image
|
page readonly
|
|
|
|
5B52000
|
unkown
|
page read and write
|
|
|
|
5D23000
|
unkown image
|
page read and write
|
|
|
|
4870000
|
unkown
|
page read and write
|
|
|
|
4D80000
|
unkown
|
page read and write
|
|
|
|
431000
|
heap default
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
6E7F1000
|
unkown image
|
page readonly
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
36BB000
|
unkown
|
page read and write
|
|
|
|
2B0000
|
unkown
|
page read and write
|
|
|
|
51D000
|
heap private
|
page read and write
|
|
|
|
1FFC000
|
unkown
|
page read and write
|
|
|
|
1CF0000
|
unkown
|
page read and write
|
|
|
|
7FEFF1A0000
|
unkown
|
page execute read
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
45A000
|
unkown
|
page read and write
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
52EF000
|
stack
|
page read and write
|
|
|
|
2240000
|
unkown
|
page read and write
|
|
|
|
387000
|
heap default
|
page read and write
|
|
|
|
1F84000
|
unkown
|
page read and write
|
|
|
|
2EBF000
|
stack
|
page read and write
|
|
|
|
415D000
|
unkown
|
page read and write
|
|
|
|
56F0000
|
unkown
|
page read and write
|
|
|
|
514000
|
heap private
|
page read and write
|
|
|
|
5650000
|
unkown
|
page read and write
|
|
|
|
2760000
|
unkown image
|
page read and write
|
|
|
|
650000
|
unkown image
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
2D20000
|
heap private
|
page read and write
|
|
|
|
45F000
|
unkown
|
page read and write
|
|
|
|
950000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
45F000
|
unkown
|
page read and write
|
|
|
|
3B4000
|
heap private
|
page read and write
|
|
|
|
7A43000
|
unkown
|
page read and write
|
|
|
|
37E0000
|
unkown
|
page read and write
|
|
|
|
3320000
|
unkown
|
page read and write
|
|
|
|
303000
|
unkown
|
page read and write
|
|
|
|
4960000
|
heap private
|
page read and write
|
|
|
|
4B10000
|
heap private
|
page read and write
|
|
|
|
785B000
|
unkown
|
page read and write
|
|
|
|
5670000
|
heap private
|
page read and write
|
|
|
|
141000
|
unkown
|
page read and write
|
|
|
|
4890000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
26CF000
|
stack
|
page read and write
|
|
|
|
77F2000
|
unkown
|
page read and write
|
|
|
|
7B00000
|
unkown
|
page read and write
|
|
|
|
1DA000
|
unkown
|
page read and write
|
|
|
|
420000
|
unkown
|
page read and write
|
|
|
|
700000
|
unkown image
|
page readonly
|
|
|
|
2210000
|
unkown
|
page read and write
|
|
|
|
D0000
|
unkown image
|
page readonly
|
|
|
|
5770000
|
unkown
|
page read and write
|
|
|
|
7AA1000
|
unkown
|
page read and write
|
|
|
|
370000
|
unkown
|
page read and write
|
|
|
|
2008000
|
unkown
|
page read and write
|
|
|
|
1CB0000
|
unkown image
|
page readonly
|
|
|
|
510000
|
heap private
|
page read and write
|
|
|
|
5B20000
|
unkown
|
page read and write
|
|
|
|
5B1E000
|
stack
|
page read and write
|
|
|
|
110000
|
unkown
|
page read and write
|
|
|
|
1D75000
|
heap private
|
page read and write
|
|
|
|
5035000
|
unkown
|
page read and write
|
|
|
|
228A000
|
unkown
|
page read and write
|
|
|
|
3B30000
|
heap private
|
page read and write
|
|
|
|
587E000
|
stack
|
page read and write
|
|
|
|
35A8000
|
unkown
|
page read and write
|
|
|
|
3170000
|
unkown image
|
page readonly
|
|
|
|
5B3B000
|
unkown
|
page read and write
|
|
|
|
6DD0000
|
heap private
|
page read and write
|
|
|
|
26E0000
|
heap private
|
page read and write
|
|
|
|
3B3000
|
unkown
|
page read and write
|
|
|
|
480000
|
unkown
|
page read and write
|
|
|
|
7976000
|
unkown
|
page read and write
|
|
|
|
660000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2D0000
|
unkown
|
page read and write
|
|
|
|
5019000
|
unkown
|
page read and write
|
|
|
|
384000
|
heap private
|
page read and write
|
|
|
|
3B2000
|
unkown
|
page read and write
|
|
|
|
484000
|
unkown
|
page read and write
|
|
|
|
2E0000
|
unkown
|
page read and write
|
|
|
|
2740000
|
unkown
|
page read and write
|
|
|
|
350000
|
heap private
|
page read and write
|
|
|
|
1FE8000
|
unkown
|
page read and write
|
|
|
|
1F80000
|
unkown
|
page read and write
|
|
|
|
3860000
|
unkown
|
page read and write
|
|
|
|
438000
|
unkown
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
80000
|
heap default
|
page read and write
|
|
|
|
5520000
|
unkown
|
page read and write
|
|
|
|
5037000
|
unkown
|
page read and write
|
|
|
|
8A0000
|
unkown image
|
page readonly
|
|
|
|
5650000
|
unkown
|
page read and write
|
|
|
|
42E000
|
heap default
|
page read and write
|
|
|
|
356000
|
unkown
|
page read and write
|
|
|
|
22EB000
|
heap private
|
page read and write
|
|
|
|
D0000
|
unkown image
|
page readonly
|
|
|
|
4388000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
5660000
|
unkown
|
page read and write
|
|
|
|
65300000
|
unkown image
|
page readonly
|
|
|
|
36B0000
|
unkown
|
page read and write
|
|
|
|
1EF0000
|
unkown image
|
page readonly
|
|
|
|
3580000
|
unkown
|
page read and write
|
|
|
|
45D000
|
unkown
|
page read and write
|
|
|
|
310000
|
unkown
|
page read and write
|
|
|
|
2260000
|
unkown
|
page read and write
|
|
|
|
7ADD000
|
unkown
|
page read and write
|
|
|
|
3CB000
|
unkown
|
page read and write
|
|
|
|
3C8000
|
unkown
|
page read and write
|
|
|
|
3170000
|
unkown
|
page read and write
|
|
|
|
24F0000
|
heap private
|
page read and write
|
|
|
|
7928000
|
unkown
|
page read and write
|
|
|
|
F0000
|
unkown
|
page read and write
|
|
|
|
487C000
|
unkown
|
page read and write
|
|
|
|
2020000
|
heap private
|
page read and write
|
|
|
|
6312000
|
unkown image
|
page read and write
|
|
|
|
316000
|
unkown
|
page read and write
|
|
|
|
7B60000
|
unkown
|
page read and write
|
|
|
|
486B000
|
unkown
|
page read and write
|
|
|
|
2750000
|
unkown image
|
page readonly
|
|
|
|
50D0000
|
unkown image
|
page readonly
|
|
|
|
2730000
|
unkown
|
page read and write
|
|
|
|
5720000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
5760000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
1F98000
|
unkown
|
page read and write
|
|
|
|
4861000
|
unkown
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
5039000
|
unkown
|
page read and write
|
|
|
|
5025000
|
unkown
|
page read and write
|
|
|
|
1FC9000
|
unkown
|
page read and write
|
|
|
|
1F78000
|
unkown
|
page read and write
|
|
|
|
2024000
|
unkown
|
page read and write
|
|
|
|
5035000
|
unkown
|
page read and write
|
|
|
|
35A0000
|
unkown
|
page read and write
|
|
|
|
345F000
|
stack
|
page read and write
|
|
|
|
20000
|
unkown image
|
page read and write
|
|
|
|
3AD000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
4883000
|
unkown
|
page read and write
|
|
|
|
148000
|
heap default
|
page read and write
|
|
|
|
380000
|
heap private
|
page read and write
|
|
|
|
7254000
|
heap private
|
page read and write
|
|
|
|
7250000
|
heap private
|
page read and write
|
|
|
|
2B7F000
|
stack
|
page read and write
|
|
|
|
2220000
|
unkown image
|
page readonly
|
|
|
|
7906000
|
unkown
|
page read and write
|
|
|
|
2DA4000
|
unkown
|
page read and write
|
|
|
|
563C000
|
stack
|
page read and write
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
2570000
|
unkown image
|
page readonly
|
|
|
|
4110000
|
unkown
|
page read and write
|
|
|
|
1CC0000
|
unkown
|
page read and write
|
|
|
|
1FB0000
|
unkown
|
page read and write
|
|
|
|
4877000
|
unkown
|
page read and write
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
3650000
|
unkown image
|
page readonly
|
|
|
|
228C000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
473000
|
unkown
|
page read and write
|
|
|
|
3590000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
316F000
|
stack
|
page read and write
|
|
|
|
45B5000
|
heap private
|
page read and write
|
|
|
|
79D4000
|
unkown
|
page read and write
|
|
|
|
2270000
|
unkown
|
page read and write
|
|
|
|
1FE0000
|
unkown
|
page read and write
|
|
|
|
2720000
|
unkown
|
page read and write
|
|
|
|
1D50000
|
unkown
|
page read and write
|
|
|
|
40000
|
unkown image
|
page readonly
|
|
|
|
32E0000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
4A20000
|
unkown
|
page read and write
|
|
|
|
2DA0000
|
unkown
|
page read and write
|
|
|
|
4ED0000
|
unkown
|
page read and write
|
|
|
|
13E000
|
unkown
|
page read and write
|
|
|
|
2DA1000
|
unkown
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
354000
|
heap private
|
page read and write
|
|
|
|
228C000
|
unkown
|
page read and write
|
|
|
|
271E000
|
stack
|
page read and write
|
|
|
|
456000
|
heap default
|
page read and write
|
|
|
|
78FD000
|
unkown
|
page read and write
|
|
|
|
3D7000
|
heap default
|
page read and write
|
|
|
|
438000
|
unkown
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
6EF0000
|
heap private
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC0000
|
unkown image
|
page readonly
|
|
|
|
359E000
|
unkown
|
page read and write
|
|
|
|
45D000
|
unkown
|
page read and write
|
|
|
|
1F90000
|
unkown
|
page read and write
|
|
|
|
5938000
|
unkown
|
page read and write
|
|
|
|
2290000
|
unkown
|
page read and write
|
|
|
|
2710000
|
unkown
|
page read and write
|
|
|
|
4188000
|
unkown
|
page read and write
|
|
|
|
7863000
|
unkown
|
page read and write
|
|
|
|
36B2000
|
unkown
|
page read and write
|
|
|
|
1FAC000
|
unkown
|
page read and write
|
|
|
|
300000
|
unkown image
|
page read and write
|
|
|
|
2B30000
|
heap private
|
page read and write
|
|
|
|
22FB000
|
heap private
|
page read and write
|
|
|
|
3357000
|
unkown image
|
page readonly
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
228C000
|
unkown
|
page read and write
|
|
|
|
31A0000
|
heap private
|
page read and write
|
|
|
|
396000
|
unkown
|
page read and write
|
|
|
|
5960000
|
unkown
|
page read and write
|
|
|
|
372000
|
unkown
|
page read and write
|
|
|
|
4FD0000
|
unkown
|
page read and write
|
|
|
|
5CDF000
|
unkown
|
page read and write
|
|
|
|
3140000
|
unkown
|
page read and write
|
|
|
|
7FFFFFD0000
|
unkown image
|
page readonly
|
|
|
|
300000
|
unkown
|
page read and write
|
|
|
|
1FA4000
|
unkown
|
page read and write
|
|
|
|
6E520000
|
unkown image
|
page readonly
|
|
|
|
4890000
|
unkown
|
page read and write
|
|
|
|
1FD0000
|
unkown
|
page read and write
|
|
|
|
4FE0000
|
unkown
|
page read and write
|
|
|
|
47D0000
|
heap private
|
page read and write
|
|
|
|
7AE6000
|
unkown
|
page read and write
|
|
|
|
4B6000
|
unkown
|
page read and write
|
|
|
|
5950000
|
unkown
|
page read and write
|
|
|
|
4863000
|
unkown
|
page read and write
|
|
|
|
4850000
|
unkown
|
page read and write
|
|
|
|
5740000
|
unkown
|
page read and write
|
|
|
|
281E000
|
stack
|
page read and write
|
|
|
|
6E83B000
|
unkown image
|
page read and write
|
|
|
|
2718000
|
unkown
|
page read and write
|
|
|
|
2210000
|
unkown image
|
page readonly
|
|
|
|
367000
|
unkown
|
page read and write
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
216000
|
unkown
|
page read and write
|
|
|
|
7B08000
|
unkown
|
page read and write
|
|
|
|
5510000
|
unkown
|
page read and write
|
|
|
|
1F68000
|
unkown
|
page read and write
|
|
|
|
7A80000
|
unkown
|
page read and write
|
|
|
|
1F8F000
|
stack
|
page read and write
|
|
|
|
5D05000
|
unkown
|
page read and write
|
|
|
|
E0000
|
unkown
|
page read and write
|
|
|
|
313000
|
unkown
|
page read and write
|
|
|
|
1CAE000
|
unkown
|
page read and write
|
|
|
|
41B000
|
unkown
|
page read and write
|
|
|
|
2775000
|
heap private
|
page read and write
|
|
|
|
2DA2000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
6E848000
|
unkown image
|
page write copy
|
|
|
|
20A0000
|
unkown image
|
page readonly
|
|
|
|
36B5000
|
unkown
|
page read and write
|
|
|
|
5B77000
|
unkown
|
page read and write
|
|
|
|
378000
|
unkown
|
page read and write
|
|
|
|
48A0000
|
unkown
|
page read and write
|
|
|
|
59A0000
|
heap private
|
page read and write
|
|
|
|
45A000
|
unkown
|
page read and write
|
|
|
|
366000
|
heap private
|
page read and write
|
|
|
|
36AE000
|
stack
|
page read and write
|
|
|
|
52B7000
|
unkown image
|
page readonly
|
|
|
|
1FD8000
|
unkown
|
page read and write
|
|
|
|
6702000
|
unkown image
|
page readonly
|
|
|
|
44A000
|
heap default
|
page read and write
|
|
|
|
4D0000
|
unkown image
|
page readonly
|
|
|
|
10000
|
unkown image
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
5038000
|
unkown
|
page read and write
|
|
|
|
1CE4000
|
unkown
|
page read and write
|
|
|
|
3AF000
|
unkown
|
page read and write
|
|
|
|
340000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
5700000
|
unkown
|
page read and write
|
|
|
|
37FE000
|
unkown
|
page read and write
|
|
|
|
4A29000
|
unkown
|
page read and write
|
|
|
|
22C5000
|
heap private
|
page read and write
|
|
|
|
42A000
|
unkown
|
page read and write
|
|
|
|
3B35000
|
heap private
|
page read and write
|
|
|
|
1FA0000
|
heap private
|
page read and write
|
|
|
|
3330000
|
heap private
|
page read and write
|
|
|
|
3CB000
|
unkown
|
page read and write
|
|
|
|
7EFE0000
|
unkown image
|
page readonly
|
|
|
|
120000
|
unkown
|
page read and write
|
|
|
|
4858000
|
unkown
|
page read and write
|
|
|
|
5025000
|
unkown
|
page read and write
|
|
|
|
22A0000
|
unkown
|
page read and write
|
|
|
|
1F88000
|
unkown
|
page read and write
|
|
|
|
7A3B000
|
unkown
|
page read and write
|
|
|
|
7A8A000
|
unkown
|
page read and write
|
|
|
|
1F6C000
|
unkown
|
page read and write
|
|
|
|
16D000
|
heap default
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
2DAA000
|
unkown
|
page read and write
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
5750000
|
unkown
|
page read and write
|
|
|
|
3180000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB0000
|
unkown image
|
page readonly
|
|
|
|
4873000
|
unkown
|
page read and write
|
|
|
|
1FB9000
|
unkown
|
page read and write
|
|
|
|
7100000
|
heap private
|
page read and write
|
|
|
|
1F20000
|
unkown
|
page read and write
|
|
|
|
3F4000
|
heap default
|
page read and write
|
|
|
|
501B000
|
unkown
|
page read and write
|
|
|
|
380B000
|
unkown
|
page read and write
|
|
|
|
37E000
|
unkown
|
page read and write
|
|
|
|
3330000
|
unkown
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
331000
|
unkown
|
page read and write
|
|
|
|
4889000
|
unkown
|
page read and write
|
|
|
|
488B000
|
unkown
|
page read and write
|
|
|
|
264000
|
unkown
|
page read and write
|
|
|
|
268000
|
unkown
|
page read and write
|
|
|
|
72E0000
|
heap private
|
page read and write
|
|
|
|
31D6000
|
unkown
|
page read and write
|
|
|
|
429000
|
unkown
|
page read and write
|
|
|
|
369000
|
unkown
|
page read and write
|
|
|
|
960000
|
unkown image
|
page readonly
|
|
|
|
2779000
|
heap private
|
page read and write
|
|
|
|
160000
|
unkown
|
page read and write
|
|
|
|
21B0000
|
unkown
|
page read and write
|
|
|
|
20B4000
|
heap private
|
page read and write
|
|
|
|
3AB0000
|
heap private
|
page read and write
|
|
|
|
5502000
|
unkown
|
page read and write
|
|
|
|
1FA8000
|
unkown
|
page read and write
|
|
|
|
2287000
|
heap private
|
page read and write
|
|
|
|
4D30000
|
heap private
|
page read and write
|
|
|
|
380000
|
heap default
|
page read and write
|
|
|
|
122000
|
heap default
|
page read and write
|
|
|
|
29FD000
|
stack
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
2DAB000
|
unkown
|
page read and write
|
|
|
|
2DA5000
|
unkown
|
page read and write
|
|
|
|
78C7000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
1F8C000
|
unkown
|
page read and write
|
|
|
|
2DA8000
|
unkown
|
page read and write
|
|
|
|
5BA6000
|
unkown
|
page read and write
|
|
|
|
5640000
|
unkown
|
page read and write
|
|
|
|
1F94000
|
unkown
|
page read and write
|
|
|
|
AF0000
|
unkown image
|
page readonly
|
|
|
|
320000
|
unkown
|
page read and write
|
|
|
|
30000
|
unkown image
|
page readonly
|
|
|
|
7FFFFFC2000
|
unkown image
|
page readonly
|
|
|
|
4300000
|
heap private
|
page execute and read and write
|
|
|
|
3810000
|
unkown
|
page read and write
|
|
|
|
428000
|
unkown
|
page read and write
|
|
|
|
20B0000
|
heap private
|
page read and write
|
|
|
|
7940000
|
unkown
|
page read and write
|
|
|
|
49C0000
|
unkown image
|
page readonly
|
|
|
|
487000
|
unkown
|
page read and write
|
|
|
|
7FFFFFB2000
|
unkown image
|
page readonly
|
|
|
|
5036000
|
unkown
|
page read and write
|
|
|
|
1FA0000
|
unkown
|
page read and write
|
|
|
|
5038000
|
unkown
|
page read and write
|
|
|
|
31A0000
|
unkown
|
page read and write
|
|
|
|
58B0000
|
heap private
|
page read and write
|
|
|
|
3CB000
|
unkown
|
page read and write
|
|
|
|
3153000
|
unkown
|
page read and write
|
|
|
|
502D000
|
unkown
|
page read and write
|
|
|
|
37F5000
|
unkown
|
page read and write
|
|
|
|
449E000
|
stack
|
page read and write
|
|
|
|
7B60000
|
unkown
|
page read and write
|
|
There are 537 hidden memdumps, click here to show them.