IOCReport

loading gif

Files

File Path
Type
Category
Malicious
New Order for April#89032.xlsx
CDFV2 Encrypted
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hkn[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
downloaded
 malicious
C:\Users\user\Desktop\~$New Order for April#89032.xlsx
data
dropped
 malicious
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2BCDEC9D.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\33C3DEE4.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\346FC870.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4A0B656B.png
PNG image data, 992 x 192, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4F4CB40C.png
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\611091FA.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 88x89, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\65BB8ECE.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6AF88CAF.png
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6D2F9C18.png
PNG image data, 992 x 192, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\70052995.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 88x89, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7DE011E6.png
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C1F47D39.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C96B05B3.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 178x124, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CE617A92.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 178x124, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D78A5477.png
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
dropped
 clean
There are 9 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
 malicious
C:\Users\Public\vbc.exe
'C:\Users\Public\vbc.exe'
malicious
C:\Users\Public\vbc.exe
C:\Users\Public\vbc.exe
 malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
 clean

URLs

Name
IP
Malicious
http://198.23.174.104/hkn.exe
198.23.174.104
 malicious
http://127.0.0.1:HTTP/1.1
unknown
 clean
http://DynDns.comDynDNS
unknown
 clean
https://api.telegram.org
unknown
 clean
http://crl.entrust.net/server1.crl0
unknown
 clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
unknown
 clean
http://ocsp.entrust.net03
unknown
 clean
http://certificates.godaddy.com/repository/0
unknown
 clean
https://dist.nuget.org/win-x86-commandline/latest/nuget.exe
unknown
 clean
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendDocumentdocument-----
unknown
 clean
https://github.com/d-haxton/HaxtonBot/archive/master.zip
unknown
 clean
http://certs.godaddy.com/repository/1301
unknown
 clean
https://api.telegram.orgP
unknown
 clean
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
 clean
http://www.diginotar.nl/cps/pkioverheid0
unknown
 clean
http://crl.godaddy.com/gdig2s1-1823.crl0
unknown
 clean
https://certs.godaddy.com/repository/0
unknown
 clean
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
unknown
 clean
http://crl.godaddy.com/gdroot-g2.crl0F
unknown
 clean
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/
unknown
 clean
http://WrqCET.com
unknown
 clean
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://crl.godaddy.com/gdroot.crl0F
unknown
 clean
http://www.%s.comPA
unknown
 clean
https://github.com/Spegeli/Pokemon-Go-Rocket-API/archive/master.zip
unknown
 clean
https://YiNu10TJVGgbJcx5.com
unknown
 clean
http://api.telegram.org
unknown
 clean
http://certificates.godaddy.com/repository/gdig2.crt0
unknown
 clean
http://ocsp.entrust.net0D
unknown
 clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
 clean
https://secure.comodo.com/CPS0
unknown
 clean
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendDocument
unknown
 clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
unknown
 clean
http://crl.entrust.net/2048ca.crl0
unknown
 clean
There are 25 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
api.telegram.org
149.154.167.220
 clean

IPs

IP
Domain
Country
Malicious
198.23.174.104
unknown
United States
malicious
149.154.167.220
api.telegram.org
United Kingdom
clean

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
wa7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F05DA
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
FontCachePath
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DefaultSheetR2L
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
UseSystemSeparators
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ThousandsSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DecimalSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
q7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F56A8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F6152
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 21
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EXCELFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F56A8
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
EquationEditorFilesIntl_1033
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
SavedLegacySettings
 clean
C:\Users\Public\vbc.exe
EnableFileTracing
 clean
C:\Users\Public\vbc.exe
EnableConsoleTracing
 clean
C:\Users\Public\vbc.exe
FileTracingMask
 clean
C:\Users\Public\vbc.exe
ConsoleTracingMask
 clean
C:\Users\Public\vbc.exe
MaxFileSize
 clean
C:\Users\Public\vbc.exe
FileDirectory
 clean
C:\Users\Public\vbc.exe
EnableFileTracing
 clean
C:\Users\Public\vbc.exe
EnableConsoleTracing
 clean
C:\Users\Public\vbc.exe
FileTracingMask
 clean
C:\Users\Public\vbc.exe
ConsoleTracingMask
 clean
C:\Users\Public\vbc.exe
MaxFileSize
 clean
C:\Users\Public\vbc.exe
FileDirectory
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
C:\Users\Public\vbc.exe
Blob
 clean
There are 69 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2560000
unkown
page read and write
 malicious
24C1000
unkown
page read and write
 malicious
23C3000
unkown
page read and write
 malicious
33AC000
unkown
page read and write
 malicious
402000
unkown
page execute and read and write
 malicious
680000
unkown
page read and write
 clean
5C2E000
unkown
page read and write
 clean
685000
unkown
page read and write
 clean
693000
unkown
page read and write
 clean
685000
unkown
page read and write
 clean
3A2000
heap default
page read and write
 clean
480000
unkown
page read and write
 clean
8C0000
unkown
page read and write
 clean
6F4000
unkown
page read and write
 clean
690000
unkown
page read and write
 clean
46DE000
unkown
page read and write
 clean
373000
heap default
page read and write
 clean
760000
unkown
page readonly
 clean
710000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
5B64000
unkown
page readonly
 clean
720000
heap private
page execute and read and write
 clean
25F8000
unkown
page read and write
 clean
4F40000
unkown
page read and write
 clean
4FCD000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
2F0000
heap default
page read and write
 clean
6AF0000
heap private
page read and write
 clean
DB2000
unkown image
page execute read
 clean
475000
unkown
page read and write
 clean
524F000
unkown
page read and write
 clean
230000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
6F2000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
9BE000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
70A000
unkown
page read and write
 clean
4FF5000
unkown
page read and write
 clean
B60000
unkown
page read and write
 clean
685000
unkown
page read and write
 clean
5705000
heap private
page read and write
 clean
AC0000
unkown
page read and write
 clean
7EF40000
unkown
page execute and read and write
 clean
AE0000
unkown
page read and write
 clean
500000
heap default
page read and write
 clean
890000
unkown
page readonly
 clean
C12E000
stack
page read and write
 clean
4670000
unkown
page read and write
 clean
4630000
unkown
page readonly
 clean
5CA5000
unkown
page readonly
 clean
5B5E000
unkown
page read and write
 clean
24BF000
unkown
page read and write
 clean
2D0000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
715000
unkown
page read and write
 clean
4690000
unkown
page read and write
 clean
C6D000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
4928000
heap private
page read and write
 clean
3E8F000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
6A0000
unkown
page read and write
 clean
8E0000
unkown
page readonly
 clean
680000
unkown
page read and write
 clean
4B0000
unkown
page read and write
 clean
452000
unkown
page read and write
 clean
5C42000
unkown
page readonly
 clean
5BB2000
unkown
page readonly
 clean
495E000
unkown
page read and write
 clean
6A0000
unkown
page read and write
 clean
6F0000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
2515000
unkown
page read and write
 clean
5722000
heap private
page read and write
 clean
BD3E000
stack
page read and write
 clean
C80000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
157000
unkown
page read and write
 clean
478000
unkown
page read and write
 clean
4ADE000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
5DC0000
unkown
page readonly
 clean
700000
unkown
page read and write
 clean
E56000
unkown image
page readonly
 clean
470000
unkown
page read and write
 clean
524E000
unkown
page read and write | page guard
 clean
34A000
heap default
page read and write
 clean
710000
unkown
page read and write
 clean
240000
heap default
page read and write
 clean
5C82000
unkown
page readonly
 clean
52B4000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
BF0000
heap private
page read and write
 clean
2B0000
heap default
page read and write
 clean
556E000
unkown
page read and write | page guard
 clean
4AA2000
heap private
page read and write
 clean
2E3000
unkown
page execute and read and write
 clean
6C5000
unkown
page read and write
 clean
4F77000
unkown
page read and write
 clean
5E0000
unkown
page readonly
 clean
9C0000
unkown
page readonly
 clean
475000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
B86C000
unkown
page read and write
 clean
6D0000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
25A1000
unkown
page read and write
 clean
4EE8000
unkown
page read and write
 clean
682000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
B7CD000
stack
page read and write
 clean
475000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
5F9E000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
325000
unkown
page execute and read and write
 clean
47B000
unkown
page read and write
 clean
BDE000
unkown
page read and write
 clean
6A0000
unkown
page read and write
 clean
6E7000
heap private
page read and write
 clean
470000
unkown
page read and write
 clean
910000
unkown
page read and write
 clean
5C36000
unkown
page readonly
 clean
C70000
unkown
page readonly
 clean
470000
unkown
page read and write
 clean
8B0000
unkown
page read and write
 clean
692F000
unkown
page read and write
 clean
5CB9000
unkown
page readonly
 clean
25A4000
unkown
page read and write
 clean
5A6F000
unkown
page read and write
 clean
D90000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
4C0000
heap default
page read and write
 clean
7EF58000
unkown
page execute and read and write
 clean
490000
unkown
page read and write
 clean
4FB0000
unkown
page read and write
 clean
5982000
unkown
page readonly
 clean
310000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
42D000
unkown
page execute and read and write
 clean
48FF000
stack
page read and write
 clean
680000
unkown
page execute and read and write
 clean
23AD000
unkown
page read and write
 clean
23A1000
unkown
page read and write
 clean
508E000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
6F0000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
2548000
unkown
page read and write
 clean
34C1000
unkown
page read and write
 clean
3665000
unkown
page read and write
 clean
8B0000
unkown
page read and write
 clean
5FDE000
unkown
page read and write
 clean
540000
heap private
page read and write
 clean
485000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
AD0000
unkown
page read and write
 clean
556F000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
685000
unkown
page read and write
 clean
51CE000
unkown
page read and write
 clean
D90000
unkown
page read and write
 clean
262E000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
239F000
unkown
page read and write
 clean
DB2000
unkown image
page execute read
 clean
470000
unkown
page read and write
 clean
5BD6000
unkown
page readonly
 clean
685000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
6D20000
heap private
page read and write
 clean
4F71000
unkown
page read and write
 clean
424000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
6B0000
unkown
page read and write
 clean
6B0000
unkown
page read and write
 clean
940000
heap private
page read and write
 clean
685000
unkown
page read and write
 clean
46E0000
unkown
page read and write
 clean
5B82000
unkown
page readonly
 clean
700000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
490000
unkown
page read and write
 clean
B20000
heap private
page execute and read and write
 clean
4FAE000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
DA0000
unkown
page read and write
 clean
3D0000
heap private
page execute and read and write
 clean
B6BE000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
685000
unkown
page read and write
 clean
6B0000
unkown
page read and write
 clean
5C69000
unkown
page readonly
 clean
5ED0000
unkown
page readonly
 clean
DB2000
unkown image
page execute read
 clean
6A4E000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
569D000
unkown
page read and write
 clean
32B000
unkown
page execute and read and write
 clean
260D000
unkown
page read and write
 clean
930000
unkown
page read and write
 clean
423000
unkown
page execute and read and write
 clean
AE0000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
700000
unkown
page read and write
 clean
602E000
unkown
page read and write
 clean
47AC000
unkown
page read and write
 clean
8A0000
unkown
page read and write
 clean
58BE000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
2290000
unkown
page read and write
 clean
530D000
unkown
page read and write
 clean
44A000
unkown
page execute and read and write
 clean
2290000
unkown
page read and write
 clean
53F0000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
D64000
heap private
page read and write
 clean
5C66000
unkown
page readonly
 clean
4F5F000
unkown
page read and write
 clean
5251000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
B0C000
unkown
page read and write
 clean
82B6000
unkown
page read and write
 clean
8B0000
unkown
page read and write
 clean
880000
unkown
page read and write
 clean
6D0000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
D60000
heap private
page read and write
 clean
53E0000
unkown
page read and write
 clean
BF6E000
stack
page read and write
 clean
4A6F000
unkown
page read and write
 clean
700000
unkown
page read and write
 clean
24BE000
unkown
page read and write | page guard
 clean
700000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
5B42000
unkown
page readonly
 clean
462E000
unkown
page read and write
 clean
5988000
unkown
page readonly
 clean
DB0000
unkown image
page readonly
 clean
39C000
heap default
page read and write
 clean
239E000
unkown
page read and write | page guard
 clean
6C0000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
49F0000
unkown
page read and write
 clean
645E000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
43A0000
unkown
page readonly
 clean
523E000
unkown
page read and write
 clean
49E5000
heap private
page read and write
 clean
4F8C000
unkown
page read and write
 clean
5D0000
unkown
page execute and read and write
 clean
475000
unkown
page read and write
 clean
685000
unkown
page read and write
 clean
690000
unkown
page read and write
 clean
BB9F000
unkown
page read and write
 clean
5CD5000
unkown
page readonly
 clean
DB0000
unkown image
page readonly
 clean
475000
unkown
page read and write
 clean
1C0000
unkown
page readonly
 clean
322000
unkown
page read and write
 clean
6F0000
unkown
page read and write
 clean
C7D000
stack
page read and write
 clean
DA0000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
AC0000
unkown
page execute and read and write
 clean
685000
unkown
page read and write
 clean
5AAE000
unkown
page read and write
 clean
6F0000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
4E4000
heap default
page read and write
 clean
532D000
unkown
page read and write
 clean
640000
heap private
page execute and read and write
 clean
714000
unkown
page read and write
 clean
47C0000
heap private
page read and write
 clean
6F0000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
5700000
heap private
page read and write
 clean
D90000
unkown
page read and write
 clean
4680000
unkown
page read and write
 clean
6C6000
unkown
page read and write
 clean
4700000
heap private
page execute and read and write
 clean
480000
unkown
page read and write
 clean
457000
unkown
page execute and read and write
 clean
5CE9000
unkown
page readonly
 clean
4F7D000
unkown
page read and write
 clean
910000
unkown
page read and write
 clean
690000
unkown
page readonly
 clean
5C06000
unkown
page readonly
 clean
717000
unkown
page read and write
 clean
5C89000
unkown
page readonly
 clean
680000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
4C60000
unkown
page readonly
 clean
5600000
unkown
page readonly
 clean
54D0000
heap private
page read and write
 clean
2FC000
heap default
page read and write
 clean
430000
unkown
page read and write
 clean
327000
unkown
page execute and read and write
 clean
6C0000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
140000
unkown
page readonly
 clean
43D000
unkown
page execute and read and write
 clean
685000
unkown
page read and write
 clean
410000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
6F5000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
AD5000
unkown
page read and write
 clean
693000
unkown
page read and write
 clean
549000
heap private
page read and write
 clean
710000
unkown
page read and write
 clean
DB0000
unkown image
page readonly
 clean
2ED000
unkown
page execute and read and write
 clean
AC0000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
700000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
442000
unkown
page read and write
 clean
5A82000
unkown
page readonly
 clean
20000
unkown
page read and write
 clean
5A7000
heap default
page read and write
 clean
612E000
stack
page read and write
 clean
5B44000
unkown
page readonly
 clean
5BE2000
unkown
page readonly
 clean
6F0000
unkown
page readonly
 clean
B4E000
unkown
page read and write
 clean
682000
unkown
page read and write
 clean
ABE000
unkown
page read and write
 clean
D90000
unkown
page read and write
 clean
62AE000
unkown
page read and write
 clean
33A1000
unkown
page read and write
 clean
5C12000
unkown
page readonly
 clean
5C25000
unkown
page readonly
 clean
2F0000
heap private
page read and write
 clean
5350000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
6B0000
unkown
page read and write
 clean
455000
unkown
page execute and read and write
 clean
56DE000
unkown
page read and write
 clean
555000
heap default
page read and write
 clean
4EAE000
stack
page read and write
 clean
690000
unkown
page read and write
 clean
398000
unkown
page read and write
 clean
6E0000
unkown
page readonly
 clean
45B000
unkown
page execute and read and write
 clean
488000
unkown
page read and write
 clean
90E000
unkown
page read and write
 clean
2608000
unkown
page read and write
 clean
5C0000
unkown
page read and write
 clean
6F0000
unkown
page read and write
 clean
4F5D000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
711000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
5BF5000
unkown
page readonly
 clean
DB0000
unkown image
page readonly
 clean
4A0000
unkown
page readonly
 clean
6D0000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
55E0000
unkown
page readonly
 clean
E56000
unkown image
page readonly
 clean
710000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
530000
unkown
page execute and read and write
 clean
470000
unkown
page read and write
 clean
655E000
unkown
page read and write
 clean
5E72000
unkown
page readonly
 clean
6D0000
unkown
page read and write
 clean
B50000
unkown
page read and write
 clean
5C55000
unkown
page readonly
 clean
8C0000
unkown
page read and write
 clean
300000
unkown
page read and write
 clean
31A000
unkown
page execute and read and write
 clean
591E000
unkown
page read and write
 clean
25E8000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
AD0000
unkown
page read and write
 clean
4AC0000
unkown
page readonly
 clean
4F39000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
6E0000
heap private
page read and write
 clean
440000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
25EE000
unkown
page read and write
 clean
316000
unkown
page execute and read and write
 clean
C80000
unkown
page read and write
 clean
6F0000
unkown
page read and write
 clean
2E4000
unkown
page read and write
 clean
50E000
unkown
page read and write
 clean
4C7000
heap default
page read and write
 clean
E56000
unkown image
page readonly
 clean
470000
unkown
page read and write
 clean
6DB000
unkown
page read and write
 clean
C0000
heap default
page read and write
 clean
2B7000
heap default
page read and write
 clean
700000
unkown
page read and write
 clean
BB9E000
unkown
page read and write | page guard
 clean
4920000
heap private
page read and write
 clean
312000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
D8E000
stack
page read and write
 clean
689000
unkown
page read and write
 clean
690000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
50D000
heap default
page read and write
 clean
D90000
unkown
page read and write
 clean
25F6000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
DA0000
unkown
page execute and read and write
 clean
4F46000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
30D000
unkown
page execute and read and write
 clean
475000
unkown
page read and write
 clean
690000
unkown
page read and write
 clean
2A8000
stack
page read and write
 clean
6C0000
unkown
page readonly
 clean
50B0000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
261D000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
475000
unkown
page read and write
 clean
DB0000
unkown image
page readonly
 clean
700000
unkown
page read and write
 clean
5EB0000
unkown
page readonly
 clean
470000
unkown
page read and write
 clean
447000
unkown
page execute and read and write
 clean
C80000
unkown
page read and write
 clean
E56000
unkown image
page readonly
 clean
66D0000
heap private
page read and write
 clean
4EB0000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
AE9000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
51BE000
unkown
page read and write
 clean
B70000
unkown
page read and write
 clean
5310000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
D90000
unkown
page read and write
 clean
4924000
heap private
page read and write
 clean
D82000
heap private
page read and write
 clean
710000
unkown
page read and write
 clean
711000
unkown
page read and write
 clean
480000
unkown
page read and write
 clean
8C4000
unkown
page read and write
 clean
5410000
unkown
page write copy
 clean
475000
unkown
page read and write
 clean
5CE2000
unkown
page readonly
 clean
475000
unkown
page read and write
 clean
DB2000
unkown image
page execute read
 clean
25F0000
unkown
page read and write
 clean
B65C000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
690000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
6A0000
unkown
page read and write
 clean
4B0000
unkown
page readonly
 clean
E90000
unkown
page readonly
 clean
DB0000
unkown image
page readonly
 clean
39E000
heap default
page read and write
 clean
6F0000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
5740000
unkown
page read and write
 clean
5B62000
unkown
page readonly
 clean
680000
unkown
page read and write
 clean
685000
unkown
page read and write
 clean
4F14000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
66AE000
unkown
page read and write
 clean
583000
heap default
page read and write
 clean
2D4000
heap default
page read and write
 clean
8AB000
unkown
page read and write
 clean
8A000
unkown
page read and write
 clean
450000
unkown
page execute and read and write
 clean
5B7000
heap default
page read and write
 clean
478000
unkown
page read and write
 clean
480000
unkown
page read and write
 clean
550000
heap private
page read and write
 clean
33A9000
unkown
page read and write
 clean
685000
unkown
page read and write
 clean
700000
unkown
page read and write
 clean
5C6D000
unkown
page readonly
 clean
480000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
5B84000
unkown
page readonly
 clean
4C20000
heap private
page execute and read and write
 clean
680000
unkown
page read and write
 clean
4F36000
unkown
page read and write
 clean
C80000
unkown
page read and write
 clean
B00000
unkown
page read and write
 clean
6F0000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
B9EE000
stack
page read and write
 clean
6C0000
unkown
page read and write
 clean
690000
unkown
page read and write
 clean
682E000
unkown
page read and write
 clean
4A84000
heap private
page read and write
 clean
44C0000
unkown
page readonly
 clean
19A000
unkown
page read and write
 clean
D90000
unkown
page read and write
 clean
5BC5000
unkown
page readonly
 clean
4960000
unkown
page readonly
 clean
49E0000
heap private
page read and write
 clean
480000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
5D05000
unkown
page readonly
 clean
63D000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
6A0000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
5DBC000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
470000
unkown
page read and write
 clean
685000
unkown
page read and write
 clean
D9E000
unkown
page read and write
 clean
6C0000
unkown
page read and write
 clean
5130000
unkown
page read and write
 clean
690000
unkown
page read and write
 clean
5EF0000
unkown
page readonly
 clean
20000
unkown
page read and write
 clean
560000
unkown
page readonly
 clean
6C5000
unkown
page read and write
 clean
57C000
heap default
page read and write
 clean
4A80000
heap private
page read and write
 clean
5250000
unkown
page read and write
 clean
5CB2000
unkown
page readonly
 clean
There are 547 hidden memdumps, click here to show them.