IOC Report

loading gif

Files

File Path
Type
Category
Malicious
ComplaintDetails-1244065104-Nov-17.xlsb
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\Desktop\ComplaintDetails-1244065104-Nov-17.xlsb17 (copy)
Microsoft Excel 2007+
dropped
 malicious
C:\Users\user\Desktop\~$ComplaintDetails-1244065104-Nov-17.xlsb
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DC095B18.jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1098x988, frames 3
dropped
 clean
C:\Users\user\Desktop\D1440000
Microsoft Excel 2007+
dropped
 clean
C:\Users\user\Desktop\D1440000:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32.exe ..\Tot1.ocx
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32.exe ..\Tot2.ocx
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32.exe ..\Tot3.ocx
 malicious

URLs

Name
IP
Malicious
http://185.138.164.244/44532.8710387731.date9:00
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.openformatrg/package/2006/r
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://185.138.164.244/E
unknown
 clean
http://schemas.openformatrg/package/2006/content-t
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://190.14.37.101/A
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://190.14.37.101/44532.8710387731.dat
190.14.37.101
 clean
http://185.138.164.244/44532.8710387731.datc9:00
unknown
 clean
http://schemas.open
unknown
 clean
http://servername/isapibackend.dll
unknown
 clean
http://185.81.114.236/C
unknown
 clean
http://185.138.164.244/44532.8710387731.dat
185.138.164.244
 clean
There are 11 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
190.14.37.101
unknown
Panama
clean
185.138.164.244
unknown
Germany
clean
185.81.114.236
unknown
United Kingdom
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
da-
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D864
2D864
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
`i-
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\44431
44431
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
 clean
There are 25 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
420000
unkown
page read and write
 clean
8148000
unkown
page read and write
 clean
802B000
unkown
page read and write
 clean
7899000
unkown
page read and write
 clean
2279000
heap private
page read and write
 clean
110000
heap default
page read and write
 clean
8074000
unkown
page read and write
 clean
226B000
heap private
page read and write
 clean
1DAE000
unkown
page read and write
 clean
4E86000
unkown
page read and write
 clean
339D000
unkown
page read and write
 clean
77AB000
unkown
page read and write
 clean
322000
unkown
page read and write
 clean
A5F000
stack
page read and write
 clean
505F000
unkown
page read and write
 clean
25F0000
unkown
page read and write
 clean
2275000
heap private
page read and write
 clean
7CE0000
unkown
page read and write
 clean
339B000
unkown
page read and write
 clean
37C0000
unkown
page read and write
 clean
2230000
heap private
page read and write
 clean
6E85C000
unkown image
page read and write
 clean
5C43000
unkown
page read and write
 clean
5BCB000
unkown
page read and write
 clean
294000
heap private
page read and write
 clean
5BF8000
unkown
page read and write
 clean
6E531000
unkown image
page execute read
 clean
5C0D000
unkown
page read and write
 clean
8038000
unkown
page read and write
 clean
8037000
unkown
page read and write
 clean
E0000
unkown image
page read and write
 clean
70E0000
unkown
page read and write
 clean
4E78000
unkown
page read and write
 clean
2040000
unkown image
page readonly
 clean
5A90000
stack
page read and write
 clean
84E3000
unkown
page read and write
 clean
1D6000
unkown
page read and write
 clean
7CC4000
unkown
page read and write
 clean
2190000
unkown
page read and write
 clean
5B78000
unkown
page read and write
 clean
1A3000
unkown
page read and write
 clean
25E0000
unkown
page read and write
 clean
31C0000
unkown
page read and write
 clean
8220000
unkown
page read and write
 clean
5C77000
unkown
page read and write
 clean
3A0000
heap default
page read and write
 clean
4E2F000
stack
page read and write
 clean
170000
unkown
page read and write
 clean
8422000
unkown
page read and write
 clean
1E0000
unkown
page read and write
 clean
3370000
unkown
page read and write
 clean
5D0D000
unkown
page read and write
 clean
64F000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
349000
unkown
page read and write
 clean
413000
unkown
page read and write
 clean
5B00000
stack
page read and write
 clean
5CDD000
unkown
page read and write
 clean
110000
unkown
page execute and read and write
 clean
5CB1000
unkown
page read and write
 clean
1EB000
unkown
page read and write
 clean
7EE4000
unkown
page read and write
 clean
5A80000
stack
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
7310000
heap private
page read and write
 clean
5AB0000
stack
page read and write
 clean
20000
unkown image
page readonly
 clean
8051000
unkown
page read and write
 clean
70F0000
heap private
page read and write
 clean
2630000
unkown
page read and write
 clean
427F000
stack
page read and write
 clean
842F000
unkown
page read and write
 clean
5B00000
stack
page read and write
 clean
5110000
unkown
page read and write
 clean
2580000
unkown image
page readonly
 clean
336000
unkown
page read and write
 clean
1DD0000
unkown
page read and write
 clean
71BE000
stack
page read and write
 clean
7F0000
unkown image
page readonly
 clean
3F79000
heap private
page read and write
 clean
30000
unkown image
page readonly
 clean
4B07000
unkown image
page readonly
 clean
58F0000
unkown
page read and write
 clean
2310000
unkown
page read and write
 clean
8620000
unkown
page read and write
 clean
457000
heap default
page read and write
 clean
120000
unkown image
page readonly
 clean
852A000
unkown
page read and write
 clean
680000
unkown image
page readonly
 clean
140000
unkown
page read and write
 clean
5A70000
stack
page read and write
 clean
1FD5000
heap private
page read and write
 clean
31B000
heap private
page read and write
 clean
8077000
unkown
page read and write
 clean
7944000
unkown
page read and write
 clean
4138000
unkown
page read and write
 clean
6E858000
unkown image
page write copy
 clean
30000
unkown image
page readonly
 clean
857F000
unkown
page read and write
 clean
21B0000
unkown
page read and write
 clean
7170000
stack
page read and write
 clean
25B0000
unkown
page read and write
 clean
3190000
unkown
page read and write
 clean
85A1000
unkown
page read and write
 clean
371000
unkown
page read and write
 clean
366000
unkown
page read and write
 clean
6DA6000
unkown
page read and write
 clean
5AC0000
stack
page read and write
 clean
2190000
unkown image
page readonly
 clean
6EA0000
heap private
page read and write
 clean
5C46000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
F0000
unkown
page read and write
 clean
3EC5000
heap private
page read and write
 clean
84ED000
unkown
page read and write
 clean
2130000
unkown
page read and write
 clean
5600000
unkown
page read and write
 clean
81B2000
unkown
page read and write
 clean
6FC2000
unkown
page read and write
 clean
843C000
unkown
page read and write
 clean
244000
heap private
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
2115000
heap private
page read and write
 clean
7840000
unkown
page read and write
 clean
51F000
stack
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
8056000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
2A7000
heap default
page read and write
 clean
5CA2000
unkown
page read and write
 clean
8542000
unkown
page read and write
 clean
1C9000
unkown
page read and write
 clean
39D0000
unkown image
page readonly
 clean
8030000
unkown
page read and write
 clean
5720000
unkown
page read and write
 clean
1DC3000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
71B0000
stack
page read and write
 clean
5C25000
unkown
page read and write
 clean
806D000
unkown
page read and write
 clean
6E7F000
unkown image
page readonly
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
5CFE000
unkown
page read and write
 clean
5C48000
unkown
page read and write
 clean
5BE9000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
5BC8000
unkown
page read and write
 clean
5BE9000
unkown
page read and write
 clean
5C7E000
unkown
page read and write
 clean
5C03000
unkown
page read and write
 clean
1EF0000
unkown image
page readonly
 clean
466000
unkown
page read and write
 clean
31D0000
unkown
page read and write
 clean
801E000
unkown
page read and write
 clean
441000
unkown
page read and write
 clean
5020000
unkown
page read and write
 clean
6D0000
unkown image
page readonly
 clean
21B0000
unkown
page read and write
 clean
6D70000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
1B0000
unkown
page read and write
 clean
3F70000
heap private
page read and write
 clean
34C0000
unkown
page read and write
 clean
84F0000
unkown
page read and write
 clean
7A59000
unkown
page read and write
 clean
59B0000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
5D2F000
unkown
page read and write
 clean
1DD6000
unkown
page read and write
 clean
3380000
unkown
page read and write
 clean
4C6F000
stack
page read and write
 clean
8067000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
48E000
heap default
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
3819000
unkown
page read and write
 clean
3690000
unkown
page read and write
 clean
81EF000
unkown
page read and write
 clean
3EC0000
heap private
page read and write
 clean
2235000
heap private
page read and write
 clean
2110000
heap private
page read and write
 clean
7170000
stack
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
4150000
unkown image
page readonly
 clean
1D98000
unkown
page read and write
 clean
650000
unkown image
page readonly
 clean
5C34000
unkown
page read and write
 clean
8588000
unkown
page read and write
 clean
360000
unkown
page read and write
 clean
2660000
unkown image
page read and write
 clean
803F000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
80AC000
unkown
page read and write
 clean
3830000
unkown
page read and write
 clean
5D19000
unkown
page read and write
 clean
8033000
unkown
page read and write
 clean
7196000
stack
page read and write
 clean
20000
unkown image
page readonly
 clean
3D6000
unkown
page read and write
 clean
7E98000
unkown
page read and write
 clean
80F8000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
1EC000
unkown
page read and write
 clean
842B000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
5066000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
2D8000
unkown
page read and write
 clean
5610000
unkown
page read and write
 clean
3794000
heap private
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
1BE0000
unkown image
page readonly
 clean
8012000
unkown
page read and write
 clean
2F3000
heap default
page read and write
 clean
8070000
unkown
page read and write
 clean
6E85F000
unkown image
page readonly
 clean
5C10000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7FFFFFB2000
unkown image
page readonly
 clean
5066000
unkown
page read and write
 clean
360000
unkown
page read and write
 clean
31C8000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
5B18000
stack
page read and write
 clean
6E70000
unkown image
page readonly
 clean
8036000
unkown
page read and write
 clean
5B40000
stack
page read and write
 clean
3580000
unkown
page read and write
 clean
821B000
unkown
page read and write
 clean
84DF000
unkown
page read and write
 clean
5AE0000
stack
page read and write
 clean
3819000
unkown
page read and write
 clean
859D000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
466000
unkown
page read and write
 clean
D0000
unkown image
page readonly
 clean
8045000
unkown
page read and write
 clean
3160000
unkown
page read and write
 clean
31F8000
unkown
page read and write
 clean
126000
heap default
page read and write
 clean
8030000
unkown
page read and write
 clean
7192000
stack
page read and write
 clean
8548000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
1D90000
unkown image
page readonly
 clean
454000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
5D30000
unkown
page read and write
 clean
855B000
unkown
page read and write
 clean
8083000
unkown
page read and write
 clean
2608000
unkown
page read and write
 clean
2650000
unkown image
page readonly
 clean
337E000
unkown
page read and write
 clean
6E530000
unkown image
page readonly
 clean
3D6000
unkown
page read and write
 clean
7CBF000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
366000
unkown
page read and write
 clean
81EB000
unkown
page read and write
 clean
3850000
heap private
page read and write
 clean
7A78000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
1FD0000
heap private
page read and write
 clean
7C42000
unkown
page read and write
 clean
423000
unkown
page read and write
 clean
240000
heap private
page read and write
 clean
8474000
unkown
page read and write
 clean
2E5000
heap private
page read and write
 clean
806B000
unkown
page read and write
 clean
7C40000
unkown
page read and write
 clean
37BA000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
2680000
heap private
page read and write
 clean
3810000
heap private
page read and write
 clean
5BE7000
unkown
page read and write
 clean
5CDC000
unkown
page read and write
 clean
192000
unkown
page read and write
 clean
5C7C000
unkown
page read and write
 clean
325000
unkown
page read and write
 clean
5BC4000
unkown
page read and write
 clean
6FC6000
unkown
page read and write
 clean
1D70000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
100000
unkown
page read and write
 clean
6FA0000
unkown
page read and write
 clean
425000
unkown
page read and write
 clean
1CA6000
unkown
page read and write
 clean
37B000
unkown
page read and write
 clean
85EF000
unkown
page read and write
 clean
37A2000
unkown
page read and write
 clean
1DE5000
heap private
page read and write
 clean
8131000
unkown
page read and write
 clean
4E90000
unkown
page read and write
 clean
5CDC000
unkown
page read and write
 clean
34BF000
stack
page read and write
 clean
4A70000
unkown
page read and write
 clean
57D0000
unkown
page read and write
 clean
33A0000
unkown
page read and write
 clean
81AA000
unkown
page read and write
 clean
360000
heap private
page read and write
 clean
850D000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
5ACC000
stack
page read and write
 clean
72FE000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
5C38000
unkown
page read and write
 clean
571E000
stack
page read and write
 clean
47B000
unkown
page read and write
 clean
7180000
stack
page read and write
 clean
8617000
unkown
page read and write
 clean
6F20000
heap private
page read and write
 clean
1D90000
unkown
page read and write
 clean
4EA0000
unkown
page read and write
 clean
5066000
unkown
page read and write
 clean
8034000
unkown
page read and write
 clean
85F8000
unkown
page read and write
 clean
812D000
unkown
page read and write
 clean
8026000
unkown
page read and write
 clean
33B0000
unkown
page read and write
 clean
5B30000
stack
page read and write
 clean
8152000
unkown
page read and write
 clean
5C48000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
810000
unkown image
page readonly
 clean
4B4000
heap private
page read and write
 clean
58F0000
unkown
page read and write
 clean
8480000
unkown
page read and write
 clean
58F0000
unkown
page read and write
 clean
32C000
unkown
page read and write
 clean
4D8A000
stack
page read and write
 clean
80F0000
unkown
page read and write
 clean
5C1C000
unkown
page read and write
 clean
5057000
unkown
page read and write
 clean
80B1000
unkown
page read and write
 clean
11D000
heap default
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
5C09000
unkown
page read and write
 clean
3E5F000
stack
page read and write
 clean
7060000
heap private
page read and write
 clean
845A000
unkown
page read and write
 clean
550000
unkown image
page readonly
 clean
5CBE000
unkown
page read and write
 clean
5C2C000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
166000
unkown
page read and write
 clean
8120000
unkown
page read and write
 clean
2124000
unkown
page read and write
 clean
79FB000
unkown
page read and write
 clean
4EA0000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
466000
unkown
page read and write
 clean
58F0000
unkown
page read and write
 clean
117000
heap default
page read and write
 clean
85DE000
unkown
page read and write
 clean
2220000
unkown image
page readonly
 clean
6FD0000
heap private
page read and write
 clean
4680000
unkown image
page readonly
 clean
8088000
unkown
page read and write
 clean
1DE0000
heap private
page read and write
 clean
8427000
unkown
page read and write
 clean
4EF0000
unkown
page read and write
 clean
6E84B000
unkown image
page read and write
 clean
670000
unkown image
page readonly
 clean
8456000
unkown
page read and write
 clean
5C0D000
unkown
page read and write
 clean
7A5D000
unkown
page read and write
 clean
7C44000
unkown
page read and write
 clean
58F0000
unkown
page read and write
 clean
7815000
unkown
page read and write
 clean
37B0000
unkown
page read and write
 clean
5220000
unkown image
page readonly
 clean
7915000
unkown
page read and write
 clean
787C000
unkown
page read and write
 clean
5C10000
unkown
page read and write
 clean
25A0000
unkown
page read and write
 clean
466000
unkown
page read and write
 clean
85AE000
unkown
page read and write
 clean
39F0000
unkown image
page readonly
 clean
58EE000
stack
page read and write
 clean
5CBA000
unkown
page read and write
 clean
2146000
unkown
page read and write
 clean
4500000
heap private
page read and write
 clean
17A000
unkown
page read and write
 clean
1F4000
unkown
page read and write
 clean
81AE000
unkown
page read and write
 clean
5C2E000
unkown
page read and write
 clean
368F000
stack
page read and write
 clean
5740000
heap private
page read and write
 clean
4EC0000
unkown
page read and write
 clean
5BF6000
unkown
page read and write
 clean
5C38000
unkown
page read and write
 clean
128000
heap default
page read and write
 clean
5C09000
unkown
page read and write
 clean
3043000
unkown
page read and write
 clean
5BBA000
unkown
page read and write
 clean
80CE000
unkown
page read and write
 clean
2140000
unkown
page read and write
 clean
819D000
unkown
page read and write
 clean
4EE0000
unkown
page read and write
 clean
8010000
unkown
page read and write
 clean
5C6C000
unkown
page read and write
 clean
16A000
heap default
page read and write
 clean
206000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7FFFFFB2000
unkown image
page readonly
 clean
640000
unkown image
page readonly
 clean
800000
unkown image
page readonly
 clean
5C07000
unkown
page read and write
 clean
7B3A000
unkown
page read and write
 clean
65300000
unkown image
page readonly
 clean
7C61000
unkown
page read and write
 clean
815B000
unkown
page read and write
 clean
5C25000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
7CC1000
unkown
page read and write
 clean
5C86000
unkown
page read and write
 clean
84B1000
unkown
page read and write
 clean
364000
heap private
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
2E0000
unkown
page read and write
 clean
130000
heap private
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
7FFFFFD0000
unkown image
page readonly
 clean
3790000
heap private
page read and write
 clean
7C8A000
unkown
page read and write
 clean
360000
unkown
page read and write
 clean
8584000
unkown
page read and write
 clean
352000
unkown
page read and write
 clean
315F000
stack
page read and write
 clean
16D000
unkown
page read and write
 clean
1C70000
unkown
page read and write
 clean
44AD000
stack
page read and write
 clean
5B1E000
stack
page read and write
 clean
7D1E000
stack
page read and write
 clean
1A0000
unkown image
page readonly
 clean
80E3000
unkown
page read and write
 clean
4A0000
unkown
page execute and read and write
 clean
325000
unkown
page read and write
 clean
2210000
unkown
page read and write
 clean
2DE000
heap default
page read and write
 clean
36E000
unkown
page read and write
 clean
5B8E000
unkown
page read and write
 clean
84CE000
unkown
page read and write
 clean
58F0000
unkown
page read and write
 clean
802F000
unkown
page read and write
 clean
7D7E000
unkown
page read and write
 clean
84E0000
heap private
page read and write
 clean
6E79000
unkown image
page readonly
 clean
452000
unkown
page read and write
 clean
7390000
unkown
page read and write
 clean
8096000
unkown
page read and write
 clean
4122000
unkown
page read and write
 clean
46F0000
unkown image
page readonly
 clean
8041000
unkown
page read and write
 clean
4C4000
heap default
page read and write
 clean
2689000
heap private
page read and write
 clean
6E854000
unkown image
page read and write
 clean
849F000
unkown
page read and write
 clean
8142000
unkown
page read and write
 clean
445000
unkown
page read and write
 clean
84AC000
unkown
page read and write
 clean
31A0000
unkown
page read and write
 clean
2090000
unkown image
page readonly
 clean
19C000
unkown
page read and write
 clean
5C46000
unkown
page read and write
 clean
58F0000
unkown
page read and write
 clean
4EC000
heap default
page read and write
 clean
422000
unkown
page read and write
 clean
1D6000
unkown
page read and write
 clean
79B1000
unkown
page read and write
 clean
5C34000
unkown
page read and write
 clean
85EB000
unkown
page read and write
 clean
1C0000
unkown
page read and write
 clean
1A7000
unkown
page read and write
 clean
5B66000
stack
page read and write
 clean
3030000
unkown
page read and write
 clean
59C0000
heap private
page read and write
 clean
85E2000
unkown
page read and write
 clean
506F000
unkown
page read and write
 clean
7E37000
unkown
page read and write
 clean
855F000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
7FFFFFB2000
unkown image
page readonly
 clean
800000
unkown image
page readonly
 clean
4EB0000
unkown
page read and write
 clean
E0000
heap default
page read and write
 clean
5CC9000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
7050000
unkown
page read and write
 clean
BD000
unkown
page read and write
 clean
5BF1000
unkown
page read and write
 clean
5AC8000
stack
page read and write
 clean
2270000
heap private
page read and write
 clean
3330000
unkown
page read and write
 clean
8438000
unkown
page read and write
 clean
3200000
unkown
page read and write
 clean
5C2C000
unkown
page read and write
 clean
2D6000
unkown
page read and write
 clean
30A000
unkown
page read and write
 clean
8028000
unkown
page read and write
 clean
3820000
unkown
page read and write
 clean
2620000
unkown
page read and write
 clean
7DCF000
heap private
page read and write
 clean
3350000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
7064000
heap private
page read and write
 clean
6E801000
unkown image
page readonly
 clean
3A40000
unkown image
page readonly
 clean
195000
unkown
page read and write
 clean
8198000
unkown
page read and write
 clean
8531000
unkown
page read and write
 clean
316000
unkown
page read and write
 clean
3045000
unkown
page read and write
 clean
81DC000
unkown
page read and write
 clean
8441000
unkown
page read and write
 clean
4B0000
heap private
page read and write
 clean
4920000
unkown image
page readonly
 clean
25D0000
unkown
page read and write
 clean
37A5000
unkown
page read and write
 clean
3180000
unkown
page read and write
 clean
8598000
unkown
page read and write
 clean
5C00000
unkown
page read and write
 clean
57E0000
unkown image
page readonly
 clean
163000
heap default
page read and write
 clean
37A7000
unkown
page read and write
 clean
7BFB000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
5C07000
unkown
page read and write
 clean
3F3000
heap default
page read and write
 clean
6FC0000
unkown
page read and write
 clean
1C9000
unkown
page read and write
 clean
815F000
unkown
page read and write
 clean
1D6000
unkown
page read and write
 clean
84A8000
unkown
page read and write
 clean
8188000
unkown
page read and write
 clean
373000
unkown
page read and write
 clean
2A0000
unkown
page read and write
 clean
1DA0000
unkown image
page readonly
 clean
40E000
unkown
page read and write
 clean
E7000
heap default
page read and write
 clean
30000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
5BF1000
unkown
page read and write
 clean
8080000
unkown
page read and write
 clean
849B000
unkown
page read and write
 clean
5BC2000
unkown
page read and write
 clean
425000
unkown
page read and write
 clean
58F0000
unkown
page read and write
 clean
330F000
stack
page read and write
 clean
84F8000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
3388000
unkown
page read and write
 clean
F0000
unkown
page read and write
 clean
37AE000
unkown
page read and write
 clean
41E000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
4330000
unkown
page read and write
 clean
44F0000
unkown
page read and write
 clean
3A7000
heap default
page read and write
 clean
5C72000
unkown
page read and write
 clean
430000
unkown
page read and write
 clean
3A0000
unkown
page read and write
 clean
660000
heap private
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
7D58000
unkown
page read and write
 clean
3392000
unkown
page read and write
 clean
2150000
unkown
page read and write
 clean
8467000
unkown
page read and write
 clean
5B70000
unkown
page read and write
 clean
809B000
unkown
page read and write
 clean
8046000
unkown
page read and write
 clean
664000
heap private
page read and write
 clean
5C8D000
unkown
page read and write
 clean
85AA000
unkown
page read and write
 clean
3A0000
unkown
page read and write
 clean
809F000
unkown
page read and write
 clean
360000
unkown
page read and write
 clean
81DE000
unkown
page read and write
 clean
6F25000
heap private
page read and write
 clean
3399000
unkown
page read and write
 clean
7BB7000
unkown
page read and write
 clean
5BED000
unkown
page read and write
 clean
3340000
unkown
page read and write
 clean
5B53000
stack
page read and write
 clean
4390000
unkown
page read and write
 clean
350C000
unkown
page read and write
 clean
8184000
unkown
page read and write
 clean
5C43000
unkown
page read and write
 clean
2685000
heap private
page read and write
 clean
2E0000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
80A8000
unkown
page read and write
 clean
2170000
unkown
page read and write
 clean
574000
heap private
page read and write
 clean
2640000
unkown
page read and write
 clean
384000
unkown
page read and write
 clean
805A000
unkown
page read and write
 clean
433000
unkown
page read and write
 clean
3310000
unkown
page read and write
 clean
450000
heap default
page read and write
 clean
3819000
unkown
page read and write
 clean
5AF0000
stack
page read and write
 clean
58F0000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
810D000
unkown
page read and write
 clean
813F000
unkown
page read and write
 clean
3170000
unkown
page read and write
 clean
4EB0000
unkown
page read and write
 clean
2E0000
heap private
page read and write
 clean
4280000
heap private
page execute and read and write
 clean
7F6C000
unkown
page read and write
 clean
77F7000
unkown
page read and write
 clean
7190000
stack
page read and write
 clean
467C000
stack
page read and write
 clean
2110000
unkown
page read and write
 clean
1DB0000
unkown image
page readonly
 clean
5D30000
unkown
page read and write
 clean
5AA0000
stack
page read and write
 clean
2610000
unkown
page read and write
 clean
3320000
unkown
page read and write
 clean
8780000
heap private
page read and write
 clean
5B1A000
stack
page read and write
 clean
120000
unkown image
page readonly
 clean
5D2F000
unkown
page read and write
 clean
7EB0000
unkown
page read and write
 clean
853F000
unkown
page read and write
 clean
805B000
unkown
page read and write
 clean
6E0000
unkown image
page readonly
 clean
8073000
unkown
page read and write
 clean
2120000
unkown
page read and write
 clean
7FEFF1A0000
unkown
page execute read
 clean
8520000
unkown
page read and write
 clean
366000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
195000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
40A000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
870000
unkown image
page readonly
 clean
2D4000
heap private
page read and write
 clean
505F000
unkown
page read and write
 clean
3390000
unkown
page read and write
 clean
366000
unkown
page read and write
 clean
3395000
unkown
page read and write
 clean
80ED000
unkown
page read and write
 clean
110000
unkown
page read and write
 clean
4160000
unkown
page read and write
 clean
2FA000
heap default
page read and write
 clean
80A4000
unkown
page read and write
 clean
5C00000
unkown
page read and write
 clean
437000
unkown
page read and write
 clean
1D9E000
unkown
page read and write
 clean
E0000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
460000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
2600000
unkown
page read and write
 clean
37AA000
unkown
page read and write
 clean
4100000
unkown
page read and write
 clean
300000
unkown
page read and write
 clean
5010000
unkown
page read and write
 clean
59B4000
heap private
page read and write
 clean
E9000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
8470000
unkown
page read and write
 clean
806B000
unkown
page read and write
 clean
2A0000
heap default
page read and write
 clean
214B000
heap private
page read and write
 clean
1D6000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
81E2000
unkown
page read and write
 clean
134000
heap private
page read and write
 clean
337000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
BAE000
stack
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
1D87000
unkown
page read and write
 clean
5BC4000
unkown
page read and write
 clean
861B000
unkown
page read and write
 clean
25C0000
unkown
page read and write
 clean
7D99000
heap private
page read and write
 clean
57D0000
unkown
page read and write
 clean
80DF000
unkown
page read and write
 clean
8496000
unkown
page read and write
 clean
31B0000
unkown
page read and write
 clean
8217000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
6FB0000
unkown
page read and write
 clean
6E74000
unkown image
page readonly
 clean
5B6000
unkown
page read and write
 clean
484000
unkown
page read and write
 clean
3FA000
heap default
page read and write
 clean
817F000
unkown
page read and write
 clean
1DC0000
unkown
page read and write
 clean
35E000
unkown
page read and write
 clean
7876000
unkown
page read and write
 clean
3DE000
heap default
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
333000
unkown
page read and write
 clean
48D7000
unkown image
page readonly
 clean
8036000
unkown
page read and write
 clean
42C000
unkown
page read and write
 clean
4870000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
4C0000
unkown image
page readonly
 clean
5730000
unkown
page read and write
 clean
81A1000
unkown
page read and write
 clean
81D9000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
803C000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
5D06000
unkown
page read and write
 clean
5BF6000
unkown
page read and write
 clean
410000
unkown
page read and write
 clean
8451000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
846B000
unkown
page read and write
 clean
8022000
unkown
page read and write
 clean
5C03000
unkown
page read and write
 clean
5B62000
stack
page read and write
 clean
57C0000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
C0000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
2D0000
heap private
page read and write
 clean
110000
unkown
page execute and read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
E0000
unkown image
page read and write
 clean
190000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
43A0000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
17E000
unkown
page read and write
 clean
7D8D000
unkown
page read and write
 clean
8434000
unkown
page read and write
 clean
570000
heap private
page read and write
 clean
7DEF000
unkown
page read and write
 clean
7D90000
heap private
page read and write
 clean
1C2000
unkown
page read and write
 clean
290000
heap private
page read and write
 clean
1C4000
unkown
page read and write
 clean
5B50000
stack
page read and write
 clean
47C000
unkown
page read and write
 clean
5BED000
unkown
page read and write
 clean
4340000
unkown
page read and write
 clean
37C000
unkown
page read and write
 clean
4D90000
unkown
page read and write
 clean
78FF000
stack
page read and write
 clean
1D0000
unkown
page read and write
 clean
81F8000
unkown
page read and write
 clean
33F000
unkown
page read and write
 clean
8027000
unkown
page read and write
 clean
802C000
unkown
page read and write
 clean
30E000
unkown
page read and write
 clean
5BE7000
unkown
page read and write
 clean
3817000
heap private
page read and write
 clean
4D6000
unkown
page read and write
 clean
3360000
unkown
page read and write
 clean
506F000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
4A57000
unkown image
page readonly
 clean
85DC000
unkown
page read and write
 clean
8552000
unkown
page read and write
 clean
84A4000
unkown
page read and write
 clean
200B000
heap private
page read and write
 clean
5B60000
stack
page read and write
 clean
5407000
unkown image
page readonly
 clean
5AD0000
stack
page read and write
 clean
1EE0000
unkown image
page readonly
 clean
852D000
unkown
page read and write
 clean
37BC000
unkown
page read and write
 clean
5C1C000
unkown
page read and write
 clean
7AAE000
unkown
page read and write
 clean
85D9000
unkown
page read and write
 clean
812A000
unkown
page read and write
 clean
580000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
31E0000
unkown
page read and write
 clean
5C2E000
unkown
page read and write
 clean
841E000
unkown
page read and write
 clean
100000
unkown image
page readonly
 clean
F0000
unkown image
page read and write
 clean
787A000
unkown
page read and write
 clean
2D4000
unkown
page read and write
 clean
36C6000
unkown
page read and write
 clean
7E96000
unkown
page read and write
 clean
14E000
heap default
page read and write
 clean
7E9B000
unkown
page read and write
 clean
7FE5000
unkown
page read and write
 clean
F0000
unkown
page read and write
 clean
5BF8000
unkown
page read and write
 clean
85B2000
unkown
page read and write
 clean
5BB3000
unkown
page read and write
 clean
5D2F000
unkown
page read and write
 clean
3F75000
heap private
page read and write
 clean
521F000
stack
page read and write
 clean
3EC9000
heap private
page read and write
 clean
354000
unkown
page read and write
 clean
5D73000
unkown image
page read and write
 clean
There are 793 hidden memdumps, click here to show them.