IOCReport

loading gif

Files

File Path
Type
Category
Malicious
0AX4532QWSA.xlsx
CDFV2 Encrypted
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\new[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
downloaded
 malicious
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58936 bytes, 1 file
dropped
 clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\26ECC369.jpeg
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\825E1F08.jpeg
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C5384863.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
 clean
C:\Users\user\AppData\Local\Temp\Cab5D20.tmp
Microsoft Cabinet archive data, 58936 bytes, 1 file
dropped
 clean
C:\Users\user\AppData\Local\Temp\Tar5D21.tmp
data
modified
 clean
C:\Users\user\Desktop\~$0AX4532QWSA.xlsx
data
dropped
 clean
There are 3 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
 malicious
C:\Users\Public\vbc.exe
'C:\Users\Public\vbc.exe'
malicious
C:\Users\Public\vbc.exe
{path}
 malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
 clean

URLs

Name
IP
Malicious
http://191.96.149.225/new.exe
191.96.149.225
 malicious
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
 clean
http://127.0.0.1:
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://crl.entrust.net/server1.crl0
unknown
 clean
http://cps.letsencrypt.org0
unknown
 clean
http://gammavilla.org
unknown
 clean
http://ocsp.entrust.net03
unknown
 clean
https://api.telegram.org/bot%telegramapi%/
unknown
 clean
http://r3.o.lencr.org0
unknown
 clean
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://www.diginotar.nl/cps/pkioverheid0
unknown
 clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/U
unknown
 clean
http://mail.gammavilla.org
unknown
 clean
http://ocsp.entrust.net0D
unknown
 clean
https://secure.comodo.com/CPS0
unknown
 clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
unknown
 clean
http://servername/isapibackend.dll
unknown
 clean
http://crl.entrust.net/2048ca.crl0
unknown
 clean
http://cps.root-x1.letsencrypt.org0
unknown
 clean
http://r3.i.lencr.org/0
unknown
 clean
There are 12 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
gammavilla.org
217.174.152.38
 malicious
mail.gammavilla.org
unknown
 malicious

IPs

IP
Domain
Country
Active
Malicious
217.174.152.38
unknown
Bulgaria
unknown
 malicious
191.96.149.225
unknown
Chile
unknown
 malicious

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
{ 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EF7E6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DefaultSheetR2L
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
UseSystemSeparators
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ThousandsSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DecimalSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
$&8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F3FED
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F4BEF
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 21
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EXCELFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F3FED
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
EquationEditorFilesIntl_1033
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
SavedLegacySettings
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
There are 60 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
27E1000
unkown
page read and write
 malicious
37E9000
unkown
page read and write
 malicious
402000
unkown
page execute and read and write
 malicious
27FE000
unkown
page read and write
 malicious
950000
unkown
page read and write
 clean
88F000
heap default
page read and write
 clean
BD0000
unkown
page read and write
 clean
7AA000
unkown
page read and write
 clean
530E000
unkown
page read and write
 clean
2BD000
unkown
page execute and read and write
 clean
EC0000
unkown
page readonly
 clean
4E0000
unkown
page readonly
 clean
580000
unkown
page execute and read and write
 clean
760000
unkown
page read and write
 clean
4A0F000
stack
page read and write
 clean
8490000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
940000
unkown
page read and write
 clean
C20000
unkown
page read and write
 clean
AB0000
unkown
page read and write
 clean
5250000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
590000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
CE5000
unkown
page read and write
 clean
67AE000
unkown
page read and write
 clean
47E0000
unkown
page read and write
 clean
53BE000
unkown
page read and write
 clean
2C2000
unkown
page read and write
 clean
A30000
unkown
page readonly
 clean
8B0000
unkown
page readonly
 clean
1310000
unkown image
page readonly
 clean
6352000
unkown
page read and write
 clean
B80000
heap private
page read and write
 clean
62F0000
unkown
page read and write
 clean
650000
unkown
page read and write
 clean
400000
unkown
page readonly
 clean
566E000
stack
page read and write
 clean
6B0000
heap default
page read and write
 clean
C40000
heap private
page read and write
 clean
7FA000
heap default
page read and write
 clean
790000
unkown
page read and write
 clean
563D000
heap private
page read and write
 clean
754000
unkown
page read and write
 clean
1300000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
3871000
unkown
page read and write
 clean
790000
unkown
page read and write
 clean
790000
unkown
page read and write
 clean
5B3000
unkown
page read and write
 clean
740000
heap default
page read and write
 clean
670000
heap default
page read and write
 clean
6358000
unkown
page read and write
 clean
780000
unkown
page execute and read and write
 clean
4920000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
610000
unkown
page readonly
 clean
7FC0000
unkown
page read and write
 clean
BD9000
unkown
page read and write
 clean
595C000
unkown
page read and write
 clean
C30000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
5000000
heap private
page read and write
 clean
549D000
unkown
page read and write
 clean
2CD000
unkown
page execute and read and write
 clean
7A0000
unkown
page read and write
 clean
4990000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
8028000
unkown
page read and write
 clean
3FA000
unkown
page read and write
 clean
2841000
unkown
page read and write
 clean
27FC000
unkown
page read and write
 clean
537E000
unkown
page read and write | page guard
 clean
752000
unkown
page read and write
 clean
CF0000
unkown
page read and write
 clean
6322000
unkown
page read and write
 clean
C90000
unkown
page read and write
 clean
C20000
unkown
page read and write
 clean
1312000
unkown image
page execute read
 clean
762000
unkown
page read and write
 clean
C0000
unkown
page readonly
 clean
12C0000
unkown
page read and write
 clean
620000
unkown
page read and write
 clean
490000
unkown
page readonly
 clean
7A0000
unkown
page read and write
 clean
724000
heap default
page read and write
 clean
4950000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
C30000
unkown
page read and write
 clean
AB0000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
3E0000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
1310000
unkown image
page readonly
 clean
1312000
unkown image
page execute read
 clean
7B0000
heap default
page read and write
 clean
478000
unkown
page read and write
 clean
5B5C000
unkown
page read and write
 clean
11DE000
unkown
page read and write
 clean
5A0000
unkown
page read and write
 clean
51AE000
unkown
page read and write
 clean
283B000
unkown
page read and write
 clean
6280000
unkown
page read and write
 clean
3891000
unkown
page read and write
 clean
568D000
unkown
page read and write
 clean
6358000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
AB0000
unkown
page read and write
 clean
634D000
unkown
page read and write
 clean
5A0000
unkown
page read and write
 clean
5480000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
250000
heap private
page execute and read and write
 clean
950000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
910000
unkown
page read and write
 clean
7B00000
unkown
page readonly
 clean
3B1F000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
C30000
unkown
page read and write
 clean
7A7000
unkown
page read and write
 clean
5E90000
unkown
page readonly
 clean
950000
unkown
page read and write
 clean
1290000
unkown
page read and write
 clean
770000
unkown
page read and write
 clean
67B0000
unkown
page read and write
 clean
240000
heap private
page execute and read and write
 clean
290000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
BE0000
unkown
page read and write
 clean
790000
unkown
page read and write
 clean
536E000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
67B0000
unkown
page read and write
 clean
940000
unkown
page read and write
 clean
1270000
unkown
page read and write
 clean
3F0000
unkown
page read and write
 clean
13D8000
unkown image
page readonly
 clean
B00000
unkown
page read and write
 clean
47F0000
unkown
page read and write
 clean
637E000
unkown
page read and write
 clean
1150000
unkown
page read and write
 clean
57F3000
unkown
page read and write
 clean
1140000
unkown
page execute and read and write
 clean
2859000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
634C000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
1312000
unkown image
page execute read
 clean
4EDE000
unkown
page read and write
 clean
3F5000
unkown
page read and write
 clean
5390000
unkown
page read and write
 clean
541C000
unkown
page read and write
 clean
694000
heap default
page read and write
 clean
470000
unkown
page read and write
 clean
227000
unkown
page read and write
 clean
3B0000
heap private
page read and write
 clean
637C000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
CA0000
unkown
page execute and read and write
 clean
634D000
unkown
page read and write
 clean
4B6D000
unkown
page read and write
 clean
2C6000
unkown
page execute and read and write
 clean
C80000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
5C0000
unkown
page read and write
 clean
790000
unkown
page read and write
 clean
12A0000
unkown
page read and write
 clean
780000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
4B7E000
stack
page read and write
 clean
12E0000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
1310000
unkown image
page readonly
 clean
28AB000
unkown
page read and write
 clean
BB000
unkown
page read and write
 clean
C90000
unkown
page read and write
 clean
47E0000
unkown
page write copy
 clean
EBE000
unkown
page read and write | page guard
 clean
BC0000
unkown
page read and write
 clean
BD7000
unkown
page read and write
 clean
C30000
unkown
page read and write
 clean
2EB000
unkown
page execute and read and write
 clean
660000
unkown
page read and write
 clean
E3E000
stack
page read and write
 clean
2861000
unkown
page read and write
 clean
940000
unkown
page read and write
 clean
5D7E000
unkown
page read and write
 clean
230000
unkown
page read and write
 clean
AFE000
unkown
page read and write
 clean
634E000
unkown
page read and write
 clean
4D0000
unkown
page read and write
 clean
8028000
unkown
page read and write
 clean
2A0000
unkown
page read and write
 clean
5040000
unkown
page readonly
 clean
C1E000
unkown
page read and write
 clean
67B0000
unkown
page read and write
 clean
4C0000
unkown
page read and write
 clean
74E000
unkown
page read and write
 clean
AB0000
unkown
page read and write
 clean
7F0000
heap default
page read and write
 clean
13D8000
unkown image
page readonly
 clean
BD0000
unkown
page read and write
 clean
4980000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
834C000
unkown
page read and write
 clean
C10000
unkown
page read and write
 clean
C30000
unkown
page read and write
 clean
2E7000
unkown
page execute and read and write
 clean
618E000
stack
page read and write
 clean
5C0000
unkown
page read and write
 clean
AB0000
unkown
page read and write
 clean
CB0000
unkown
page read and write
 clean
530000
unkown
page read and write
 clean
4910000
unkown
page read and write
 clean
2DA000
unkown
page execute and read and write
 clean
2E7000
heap private
page read and write
 clean
7A0000
unkown
page read and write
 clean
7D4000
heap default
page read and write
 clean
5B0000
unkown
page read and write
 clean
62EC000
unkown
page read and write
 clean
C90000
unkown
page read and write
 clean
BE0000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
284D000
unkown
page read and write
 clean
C30000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
7FBF000
unkown
page read and write
 clean
4930000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
634C000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
62F9000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
650000
unkown
page read and write
 clean
2BD000
unkown
page execute and read and write
 clean
4E9C000
unkown
page read and write
 clean
563D000
unkown
page read and write
 clean
62D7000
unkown
page read and write
 clean
4D0000
unkown
page read and write
 clean
2C0000
unkown
page read and write
 clean
7A7000
unkown
page read and write
 clean
848E000
unkown
page read and write
 clean
3B8000
heap private
page read and write
 clean
3809000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
59CE000
stack
page read and write
 clean
3F0000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
D60000
unkown
page read and write
 clean
4F00000
heap private
page execute and read and write
 clean
5B0000
unkown
page read and write
 clean
6CD000
heap default
page read and write
 clean
3851000
unkown
page read and write
 clean
119C000
unkown
page read and write
 clean
1310000
unkown image
page readonly
 clean
750000
unkown
page read and write
 clean
900000
unkown
page read and write
 clean
842000
heap default
page read and write
 clean
5600000
heap private
page read and write
 clean
5628000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
632F000
unkown
page read and write
 clean
900000
unkown
page read and write
 clean
2D7000
unkown
page execute and read and write
 clean
2B3000
unkown
page execute and read and write
 clean
6F1F000
unkown
page read and write
 clean
580000
unkown
page read and write
 clean
330000
heap private
page read and write
 clean
5629000
heap private
page read and write
 clean
2AD000
unkown
page execute and read and write
 clean
5CEE000
stack
page read and write
 clean
BD0000
unkown
page read and write
 clean
318000
unkown
page read and write
 clean
410000
heap default
page read and write
 clean
BC0000
unkown
page read and write
 clean
650000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
BE0000
unkown
page read and write
 clean
320000
unkown
page execute and read and write
 clean
5A5E000
unkown
page read and write
 clean
370000
unkown
page read and write
 clean
BE0000
unkown
page read and write
 clean
72A0000
heap private
page read and write
 clean
589E000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
49B0000
unkown
page read and write
 clean
5AEC000
unkown
page read and write
 clean
2A0000
heap private
page read and write
 clean
2C0000
unkown
page read and write
 clean
3F0000
unkown
page read and write
 clean
2CA000
unkown
page execute and read and write
 clean
7A0000
unkown
page read and write
 clean
BE0000
unkown
page read and write
 clean
5628000
unkown
page read and write
 clean
290000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
2A4000
unkown
page read and write
 clean
3C0000
unkown
page read and write
 clean
3829000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
49DC000
unkown
page read and write
 clean
7FC1000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
7A2000
unkown
page read and write
 clean
DAE000
unkown
page read and write
 clean
54A0000
heap private
page execute and read and write
 clean
490F000
unkown
page read and write
 clean
C90000
unkown
page read and write
 clean
13D8000
unkown image
page readonly
 clean
71EE000
unkown
page read and write
 clean
1310000
unkown image
page readonly
 clean
3F0000
heap private
page read and write
 clean
7A0000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
C1C000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
DB0000
unkown
page read and write
 clean
590000
unkown
page read and write
 clean
9A8000
unkown
page read and write
 clean
5008000
heap private
page read and write
 clean
AB0000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
52D000
unkown
page read and write
 clean
37E1000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
52CE000
unkown
page read and write
 clean
7A2000
unkown
page read and write
 clean
650000
unkown
page execute and read and write
 clean
760000
unkown
page read and write
 clean
5750000
unkown
page read and write
 clean
227000
stack
page read and write
 clean
67B0000
unkown
page read and write
 clean
751000
unkown
page read and write
 clean
3EF000
unkown
page read and write
 clean
C27000
unkown
page read and write
 clean
2DB000
unkown
page execute and read and write
 clean
475000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
13E0000
unkown
page readonly
 clean
6304000
unkown
page read and write
 clean
5E8C000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
5BEF000
unkown
page read and write
 clean
7A5000
unkown
page read and write
 clean
4A3E000
unkown
page read and write
 clean
1120000
unkown
page read and write
 clean
D50000
unkown
page read and write
 clean
2E0000
heap private
page read and write
 clean
BC0000
unkown
page read and write
 clean
6550000
heap private
page read and write
 clean
470000
unkown
page read and write
 clean
8A000
unkown
page read and write
 clean
1130000
unkown
page read and write
 clean
3831000
unkown
page read and write
 clean
5C0000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
37E1000
unkown
page read and write
 clean
709000
heap default
page read and write
 clean
6600000
heap private
page read and write
 clean
49D0000
unkown
page read and write
 clean
7A00000
unkown
page read and write
 clean
7B7000
heap default
page read and write
 clean
2D7000
unkown
page execute and read and write
 clean
79FD000
unkown
page read and write
 clean
6562000
heap private
page read and write
 clean
5D0000
heap default
page read and write
 clean
4BE000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
57EE000
unkown
page read and write
 clean
7A7000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
4F40000
unkown
page write copy
 clean
2A3000
unkown
page execute and read and write
 clean
5605000
heap private
page read and write
 clean
62EC000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
1190000
unkown
page readonly
 clean
49A0000
unkown
page read and write
 clean
CA0000
unkown
page read and write
 clean
47E000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
C30000
unkown
page read and write
 clean
647D000
unkown
page read and write
 clean
67B0000
unkown
page read and write
 clean
540000
heap private
page read and write
 clean
BA2000
heap private
page read and write
 clean
285B000
unkown
page read and write
 clean
11E0000
unkown
page readonly
 clean
4800000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
753E000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
380000
unkown
page read and write
 clean
1280000
unkown
page read and write
 clean
C44000
heap private
page read and write
 clean
AB0000
unkown
page read and write
 clean
285D000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
3F0000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
27E1000
unkown
page read and write
 clean
770000
unkown
page read and write
 clean
C3D000
unkown
page read and write
 clean
7610000
heap private
page read and write
 clean
475000
unkown
page read and write
 clean
38F000
unkown
page read and write
 clean
BE0000
unkown
page read and write
 clean
D2E000
unkown
page read and write | page guard
 clean
2D5000
unkown
page execute and read and write
 clean
12B0000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
C90000
unkown
page read and write
 clean
660000
unkown
page read and write
 clean
CF0000
unkown
page read and write
 clean
3D0000
unkown
page execute and read and write
 clean
AB0000
unkown
page read and write
 clean
13D8000
unkown image
page readonly
 clean
660C000
heap private
page read and write
 clean
5670000
unkown
page read and write
 clean
5B0000
unkown
page readonly
 clean
4960000
unkown
page read and write
 clean
650000
unkown
page read and write
 clean
6B9000
heap default
page read and write
 clean
E40000
unkown
page readonly
 clean
753000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
537F000
unkown
page read and write
 clean
57F5000
unkown
page read and write
 clean
2D2000
unkown
page read and write
 clean
B84000
heap private
page read and write
 clean
4E0000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
67B0000
unkown
page read and write
 clean
634E000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
49E0000
unkown
page execute and read and write
 clean
7FC1000
unkown
page read and write
 clean
D40000
unkown
page read and write
 clean
5622000
heap private
page read and write
 clean
1110000
unkown
page read and write
 clean
5D2A000
unkown
page read and write
 clean
7FC000
heap default
page read and write
 clean
12F0000
unkown
page read and write
 clean
AB0000
unkown
page read and write
 clean
5026000
heap private
page read and write
 clean
562B000
unkown
page read and write
 clean
4D0000
unkown
page read and write
 clean
5C0000
unkown
page read and write
 clean
C62000
heap private
page read and write
 clean
57F8000
unkown
page read and write
 clean
5B5000
unkown
page read and write
 clean
960000
heap private
page execute and read and write
 clean
2849000
unkown
page read and write
 clean
6530000
heap private
page read and write
 clean
5B0000
unkown
page read and write
 clean
2B0000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
57F0000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
479000
unkown
page read and write
 clean
5C0000
unkown
page read and write
 clean
BE2000
unkown
page read and write
 clean
AB0000
unkown
page read and write
 clean
CF0000
unkown
page read and write
 clean
750000
unkown
page read and write
 clean
C0000
unkown
page readonly
 clean
530000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
1312000
unkown image
page execute read
 clean
48DE000
unkown
page read and write
 clean
62F0000
unkown
page read and write
 clean
940000
unkown
page read and write
 clean
900000
unkown
page read and write
 clean
2B4000
unkown
page read and write
 clean
BD0000
unkown
page read and write
 clean
5B2000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
743E000
unkown
page read and write
 clean
4E60000
unkown
page readonly
 clean
7A0000
unkown
page read and write
 clean
660000
unkown
page read and write
 clean
1310000
unkown image
page readonly
 clean
12D0000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
8A0000
heap default
page read and write
 clean
4B80000
unkown
page readonly
 clean
790000
unkown
page read and write
 clean
BC0000
unkown
page read and write
 clean
78CE000
unkown
page read and write
 clean
896000
heap default
page read and write
 clean
12EE000
unkown
page read and write
 clean
62AB000
unkown
page read and write
 clean
2845000
unkown
page read and write
 clean
2853000
unkown
page read and write
 clean
D00000
heap private
page execute and read and write
 clean
BE0000
unkown
page read and write
 clean
950000
unkown
page read and write
 clean
545C000
unkown
page read and write
 clean
4D5000
unkown
page read and write
 clean
49C0000
unkown
page read and write
 clean
53AD000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
5BEE000
unkown
page read and write
 clean
EBF000
unkown
page read and write
 clean
477000
unkown
page read and write
 clean
4A7E000
unkown
page read and write
 clean
4B70000
unkown
page readonly
 clean
C30000
unkown
page read and write
 clean
660000
heap private
page read and write
 clean
65DE000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
5C0000
unkown
page read and write
 clean
4C0000
unkown
page read and write
 clean
5BEE000
unkown
page read and write | page guard
 clean
62F0000
unkown
page read and write
 clean
390000
unkown
page readonly
 clean
7A0000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
677000
heap default
page read and write
 clean
C35000
unkown
page read and write
 clean
4970000
unkown
page read and write
 clean
A40000
unkown
page readonly
 clean
950000
unkown
page read and write
 clean
3F9000
heap private
page read and write
 clean
C80000
unkown
page read and write
 clean
D2F000
unkown
page read and write
 clean
7A0000
unkown
page read and write
 clean
6BC000
heap default
page read and write
 clean
62EA000
unkown
page read and write
 clean
75C000
unkown
page read and write
 clean
5380000
heap private
page read and write
 clean
D30000
unkown
page read and write
 clean
37E4000
unkown
page read and write
 clean
5F1E000
stack
page read and write
 clean
750000
unkown
page read and write
 clean
There are 542 hidden memdumps, click here to show them.