IOCReport

loading gif

Files

File Path
Type
Category
Malicious
Files Specification.xlsx
CDFV2 Encrypted
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\loki[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
downloaded
 malicious
C:\Users\user\AppData\Local\Temp\tmp4C3D.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
Non-ISO extended-ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\tHyARuOEdFlN.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\115815B4.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 138x95, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\18B2D225.png
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2302D74A.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\36DE3ABF.png
PNG image data, 712 x 712, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3B5FB44E.png
PNG image data, 712 x 712, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\66C69E2.png
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\87748436.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 132x92, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8E7BF4C9.png
PNG image data, 145 x 220, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A23758C.png
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AB288440.png
PNG image data, 145 x 220, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C0003741.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 132x92, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C1513BF7.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 138x95, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DCC36C7B.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E0881DE8.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EF266AC3.png
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\Logs\user\KB_6319896.dat
data
dropped
 clean
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\catalog.dat
data
dropped
 clean
C:\Users\user\Desktop\~$Files Specification.xlsx
data
dropped
 clean
There are 15 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
 malicious
C:\Users\Public\vbc.exe
'C:\Users\Public\vbc.exe'
malicious
C:\Windows\SysWOW64\schtasks.exe
'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\tHyARuOEdFlN' /XML 'C:\Users\user\AppData\Local\Temp\tmp4C3D.tmp'
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
 malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
 clean
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
'C:\Program Files (x86)\SMTP Service\smtpsvc.exe'
clean

URLs

Name
IP
Malicious
http://covid19vaccinations.hopto.org/loki.exe
34.220.10.254
 malicious
nassiru1155.ddns.net
malicious
79.134.225.30
malicious
http://www.%s.comPA
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
 clean
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
unknown
 clean

Domains

Name
IP
Malicious
covid19vaccinations.hopto.org
34.220.10.254
 malicious

IPs

IP
Domain
Country
Malicious
34.220.10.254
covid19vaccinations.hopto.org
United States
malicious
79.134.225.30
unknown
Switzerland
malicious

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
hd7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EECB0
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
FontCachePath
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DefaultSheetR2L
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
UseSystemSeparators
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ThousandsSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DecimalSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
fq7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F3B0D
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F6B51
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 21
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EXCELFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F3B0D
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
EquationEditorFilesIntl_1033
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
SavedLegacySettings
 clean
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
SMTP Service
 clean
There are 52 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2501000
unkown
page read and write
 malicious
3549000
unkown
page read and write
 malicious
402000
unkown
page execute and read and write
 malicious
500000
unkown
page read and write
 malicious
25E7000
unkown
page read and write
 malicious
35AC000
unkown
page read and write
 malicious
293000
unkown
page read and write
 clean
5CD1000
unkown
page read and write
 clean
500F000
unkown
page read and write
 clean
184000
unkown
page read and write
 clean
304000
heap default
page read and write
 clean
25C9000
unkown
page read and write
 clean
4FAD000
unkown
page read and write
 clean
5623000
unkown
page read and write
 clean
79B000
unkown
page execute and read and write
 clean
611000
unkown
page read and write
 clean
4B00000
unkown
page readonly
 clean
610000
unkown
page read and write
 clean
870000
unkown
page read and write
 clean
110000
unkown image
page readonly
 clean
5880000
unkown
page write copy
 clean
1D20000
unkown
page read and write
 clean
D10000
unkown
page read and write
 clean
840000
unkown
page read and write
 clean
7D2000
unkown
page read and write
 clean
4CE0000
unkown
page readonly
 clean
2605000
unkown
page read and write
 clean
5600000
unkown
page read and write
 clean
2285000
heap private
page read and write
 clean
526000
unkown
page read and write
 clean
3C5000
unkown
page read and write
 clean
4A5E000
unkown
page read and write
 clean
980000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4ECE000
unkown
page read and write
 clean
E6E000
unkown
page read and write
 clean
458000
unkown
page read and write
 clean
547A000
unkown
page read and write
 clean
F00000
unkown
page read and write
 clean
960000
unkown
page readonly
 clean
33D000
heap default
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
8E0000
unkown
page read and write
 clean
540000
unkown
page execute and read and write
 clean
61D0000
unkown
page readonly
 clean
D10000
unkown
page read and write
 clean
535000
unkown
page read and write
 clean
5612000
unkown
page read and write
 clean
2A7000
heap default
page read and write
 clean
5C0000
heap private
page execute and read and write
 clean
F6C000
unkown
page read and write
 clean
29DD000
unkown
page read and write
 clean
D10000
unkown
page read and write
 clean
B96E000
unkown
page read and write
 clean
3E4000
heap default
page read and write
 clean
7EF40000
unkown
page execute and read and write
 clean
2C5000
unkown
page read and write
 clean
C58E000
stack
page read and write
 clean
BB3000
unkown
page read and write
 clean
1142000
unkown image
page readonly
 clean
D0E000
stack
page read and write
 clean
520000
unkown
page read and write
 clean
EB0000
unkown
page read and write
 clean
357000
unkown
page execute and read and write
 clean
620000
unkown
page read and write
 clean
527000
unkown
page read and write
 clean
D10000
unkown
page read and write
 clean
81E000
unkown
page read and write
 clean
485F000
stack
page read and write
 clean
5E84000
unkown
page readonly
 clean
630E000
unkown
page read and write
 clean
590000
unkown
page readonly
 clean
520000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
45A0000
unkown
page readonly
 clean
845000
unkown
page read and write
 clean
5F36000
unkown
page readonly
 clean
540000
unkown
page read and write
 clean
260000
unkown
page readonly
 clean
EB0000
unkown
page read and write
 clean
5605000
unkown
page read and write
 clean
5F5D000
unkown
page read and write
 clean
8D0000
unkown
page readonly
 clean
1D7E000
unkown
page read and write
 clean
845000
unkown
page read and write
 clean
5F06000
unkown
page readonly
 clean
19A000
unkown
page execute and read and write
 clean
520000
unkown
page read and write
 clean
381D000
unkown
page read and write
 clean
8C0000
unkown
page read and write
 clean
EAF000
unkown
page read and write
 clean
A0C000
unkown
page read and write
 clean
5239000
unkown
page read and write
 clean
8A6000
heap private
page read and write
 clean
5AA000
unkown
page execute and read and write
 clean
61F000
unkown
page read and write
 clean
5FB2000
unkown
page readonly
 clean
500000
unkown
page read and write
 clean
258000
stack
page read and write
 clean
82E000
unkown
page read and write
 clean
1DA0000
unkown
page read and write
 clean
390000
unkown
page read and write
 clean
4C40000
unkown
page readonly
 clean
5F12000
unkown
page readonly
 clean
3C0000
unkown
page read and write
 clean
5C0000
unkown
page readonly
 clean
3686000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
1D30000
unkown
page read and write
 clean
5616000
unkown
page read and write
 clean
2D0000
heap default
page read and write
 clean
180000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
1AB000
unkown
page execute and read and write
 clean
56E0000
unkown
page read and write
 clean
527D000
unkown
page read and write
 clean
F04000
unkown
page read and write
 clean
5EB2000
unkown
page readonly
 clean
EC4000
heap private
page read and write
 clean
3A0000
unkown
page readonly
 clean
5607000
unkown
page read and write
 clean
525D000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
5A2000
unkown
page read and write
 clean
211F000
unkown
page read and write
 clean
466000
unkown
page read and write
 clean
5612000
unkown
page read and write
 clean
684000
heap private
page read and write
 clean
525000
unkown
page read and write
 clean
D7E000
unkown
page read and write
 clean
20000
heap private
page read and write
 clean
520000
unkown
page read and write
 clean
17A000
unkown
page read and write
 clean
D30000
unkown
page readonly
 clean
5EE2000
unkown
page readonly
 clean
410000
unkown
page readonly
 clean
3C7000
heap default
page read and write
 clean
F00000
unkown
page read and write
 clean
528000
unkown
page read and write
 clean
5900000
unkown
page readonly
 clean
133000
unkown
page execute and read and write
 clean
C0D000
unkown
page read and write
 clean
23DE000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
546E000
heap private
page read and write
 clean
850000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
5236000
unkown
page read and write
 clean
25B5000
unkown
page read and write
 clean
1D30000
unkown
page read and write
 clean
C190000
unkown
page read and write
 clean
F10000
unkown
page read and write
 clean
5A7C000
unkown
page read and write
 clean
510000
unkown
page read and write
 clean
51B0000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
5B9000
heap private
page read and write
 clean
110000
unkown image
page readonly
 clean
1145000
unkown image
page readonly
 clean
5FA5000
unkown
page readonly
 clean
940000
heap private
page read and write
 clean
BAE000
unkown
page read and write | page guard
 clean
D10000
unkown
page read and write
 clean
874000
unkown
page read and write
 clean
5590000
unkown
page read and write
 clean
2607000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
382000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
F00000
unkown
page read and write
 clean
530000
unkown
page read and write
 clean
2552000
unkown
page read and write
 clean
5450000
heap private
page read and write
 clean
8D0000
unkown
page read and write
 clean
1A2000
unkown
page read and write
 clean
4B0000
unkown
page read and write
 clean
540000
unkown
page read and write
 clean
3D80000
unkown
page read and write
 clean
840000
unkown
page read and write
 clean
950000
unkown
page readonly
 clean
5454000
heap private
page read and write
 clean
100000
unkown
page read and write
 clean
FD0000
unkown image
page readonly
 clean
318000
unkown
page read and write
 clean
C3EE000
unkown
page read and write
 clean
5624000
unkown
page read and write
 clean
5B0000
heap private
page read and write
 clean
D30000
unkown
page read and write
 clean
548C000
unkown
page read and write
 clean
526000
unkown
page read and write
 clean
5B6D000
unkown
page read and write
 clean
11A000
unkown image
page readonly
 clean
6A2000
heap private
page read and write
 clean
56CE000
unkown
page read and write
 clean
F70000
unkown
page read and write
 clean
2A07000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
5AEC000
unkown
page read and write
 clean
560D000
unkown
page read and write
 clean
4AF0000
heap private
page read and write
 clean
990000
unkown
page read and write
 clean
830000
unkown
page read and write
 clean
5A7000
unkown
page execute and read and write
 clean
112000
unkown image
page execute read
 clean
52B0000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
287000
stack
page read and write
 clean
5E44000
unkown
page readonly
 clean
440000
unkown
page write copy
 clean
3696000
unkown
page read and write
 clean
D10000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4B0000
unkown
page read and write
 clean
422000
unkown
page execute and read and write
 clean
B2E000
unkown
page read and write
 clean
1182000
unkown image
page readonly
 clean
D20000
unkown
page read and write
 clean
5775000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
500000
unkown
page read and write
 clean
8C5000
unkown
page read and write
 clean
587D000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
740000
unkown
page readonly
 clean
D10000
unkown
page read and write
 clean
119B000
unkown image
page readonly
 clean
BB0D000
stack
page read and write
 clean
18D000
unkown
page execute and read and write
 clean
60E000
unkown
page read and write
 clean
3603000
unkown
page read and write
 clean
170000
unkown
page read and write
 clean
D34000
unkown
page read and write
 clean
D10000
unkown
page read and write
 clean
570000
unkown
page read and write
 clean
5E62000
unkown
page readonly
 clean
460000
unkown
page read and write
 clean
25B8000
unkown
page read and write
 clean
5EF5000
unkown
page readonly
 clean
E60000
unkown
page read and write
 clean
3509000
unkown
page read and write
 clean
5277000
unkown
page read and write
 clean
516E000
unkown
page read and write
 clean
860000
unkown
page read and write
 clean
5C82000
unkown
page readonly
 clean
4AC0000
unkown
page readonly
 clean
456000
unkown
page read and write
 clean
37CB000
unkown
page read and write
 clean
FB0000
unkown
page read and write
 clean
55FE000
unkown
page read and write
 clean
5F55000
unkown
page readonly
 clean
67E000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
2267000
heap private
page read and write
 clean
D30000
unkown
page read and write
 clean
530000
unkown
page read and write
 clean
D20000
unkown
page read and write
 clean
680000
heap private
page read and write
 clean
5EC5000
unkown
page readonly
 clean
5F69000
unkown
page readonly
 clean
4C0000
heap private
page execute and read and write
 clean
5F42000
unkown
page readonly
 clean
1A7000
unkown
page execute and read and write
 clean
840000
unkown
page read and write
 clean
FD2000
unkown image
page execute read
 clean
35B000
unkown
page execute and read and write
 clean
820000
unkown
page execute and read and write
 clean
C06E000
unkown
page read and write
 clean
4B5000
unkown
page read and write
 clean
13D000
unkown
page execute and read and write
 clean
3D0000
unkown
page readonly
 clean
4B0000
unkown
page read and write
 clean
1145000
unkown image
page readonly
 clean
860000
unkown
page read and write
 clean
3121000
unkown
page read and write
 clean
BB0000
unkown
page read and write
 clean
8ED000
unkown
page read and write
 clean
5FB9000
unkown
page readonly
 clean
840000
unkown
page read and write
 clean
5FE2000
unkown
page readonly
 clean
630000
unkown
page read and write
 clean
840000
unkown
page read and write
 clean
EC0000
heap private
page read and write
 clean
5ED6000
unkown
page readonly
 clean
610000
unkown
page read and write
 clean
13D000
unkown
page execute and read and write
 clean
1182000
unkown image
page readonly
 clean
383D000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
3F0000
unkown
page read and write
 clean
BC20000
unkown
page readonly
 clean
4F00000
heap private
page read and write
 clean
2260000
heap private
page read and write
 clean
35A1000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
550000
heap default
page read and write
 clean
8C0000
unkown
page read and write
 clean
382000
unkown
page read and write
 clean
8D0000
unkown
page read and write
 clean
7C9000
heap default
page read and write
 clean
5D82000
unkown
page readonly
 clean
970000
unkown
page read and write
 clean
500000
unkown
page read and write
 clean
615000
unkown
page read and write
 clean
36A6000
unkown
page read and write
 clean
4B0000
unkown
page read and write
 clean
546C000
heap private
page read and write
 clean
1E4E000
unkown
page read and write
 clean
196000
unkown
page execute and read and write
 clean
520000
unkown
page read and write
 clean
500E000
unkown
page read and write | page guard
 clean
528C000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
1CE0000
unkown
page readonly
 clean
656E000
unkown
page read and write
 clean
2E0000
heap default
page read and write
 clean
620000
unkown
page read and write
 clean
5B0000
heap private
page read and write
 clean
4B0000
unkown
page read and write
 clean
A60000
heap private
page execute and read and write
 clean
112000
unkown image
page execute read
 clean
100000
heap private
page read and write
 clean
1D10000
unkown
page read and write
 clean
90000
unkown
page readonly
 clean
AC000
unkown
page read and write
 clean
D00000
unkown
page readonly
 clean
24FF000
unkown
page read and write
 clean
560D000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
3501000
unkown
page read and write
 clean
562F000
unkown
page read and write
 clean
F20000
unkown
page execute and read and write
 clean
54D5000
unkown
page read and write
 clean
4B0000
unkown
page read and write
 clean
5F66000
unkown
page readonly
 clean
847000
unkown
page read and write
 clean
3666000
unkown
page read and write
 clean
42CE000
stack
page read and write
 clean
520000
unkown
page read and write
 clean
A40000
unkown
page read and write
 clean
4CDE000
stack
page read and write
 clean
632D000
unkown
page read and write
 clean
54AD000
unkown
page read and write
 clean
120000
unkown
page read and write
 clean
5246000
unkown
page read and write
 clean
390000
unkown
page read and write
 clean
14D000
unkown
page execute and read and write
 clean
5490000
unkown
page read and write
 clean
211E000
unkown
page read and write | page guard
 clean
531C000
unkown
page read and write
 clean
4FC0000
unkown
page read and write
 clean
840000
unkown
page read and write
 clean
628F000
unkown
page read and write
 clean
4B30000
heap private
page execute and read and write
 clean
3758000
unkown
page read and write
 clean
720000
heap default
page read and write
 clean
72D000
heap default
page read and write
 clean
4A60000
unkown
page read and write
 clean
2100000
unkown
page readonly
 clean
51E0000
heap private
page read and write
 clean
69EE000
unkown
page read and write
 clean
EB0000
unkown
page read and write
 clean
3E0000
unkown
page readonly
 clean
29F5000
unkown
page read and write
 clean
C92E000
unkown
page read and write | page guard
 clean
5613000
unkown
page read and write
 clean
7EF58000
unkown
page execute and read and write
 clean
C190000
unkown
page read and write
 clean
840000
unkown
page read and write
 clean
2C4000
heap default
page read and write
 clean
5F89000
unkown
page readonly
 clean
5E42000
unkown
page readonly
 clean
B8DE000
unkown
page read and write
 clean
1EC0000
heap private
page read and write
 clean
FD2000
unkown image
page execute read
 clean
400000
heap default
page read and write
 clean
840000
unkown
page read and write
 clean
C190000
unkown
page read and write
 clean
5F82000
unkown
page readonly
 clean
500000
unkown
page read and write
 clean
920000
unkown
page readonly
 clean
787000
heap default
page read and write
 clean
24FE000
unkown
page read and write | page guard
 clean
400000
unkown
page execute and read and write
 clean
8C8000
unkown
page read and write
 clean
4AD000
unkown
page read and write
 clean
610D000
unkown
page read and write
 clean
D20000
unkown
page read and write
 clean
3B0000
unkown
page read and write
 clean
518000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
541C000
unkown
page read and write
 clean
797000
unkown
page execute and read and write
 clean
7EF40000
unkown
page execute and read and write
 clean
740000
heap default
page read and write
 clean
2A0000
heap default
page read and write
 clean
8C0000
unkown
page read and write
 clean
1DC0000
heap private
page execute and read and write
 clean
35D3000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
5612000
unkown
page read and write
 clean
6E7000
heap default
page read and write
 clean
4680000
unkown
page readonly
 clean
871000
unkown
page read and write
 clean
D80000
unkown
page readonly
 clean
C2AF000
stack
page read and write
 clean
530000
unkown
page read and write
 clean
5591000
unkown
page read and write
 clean
B91C000
unkown
page read and write
 clean
2F0000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
562A000
unkown
page read and write
 clean
1D90000
unkown
page read and write
 clean
25A1000
unkown
page read and write
 clean
36E6000
unkown
page read and write
 clean
42D0000
unkown
page readonly
 clean
5214000
unkown
page read and write
 clean
560D000
unkown
page read and write
 clean
704000
heap default
page read and write
 clean
450000
unkown
page read and write
 clean
840000
unkown
page read and write
 clean
4A0F000
stack
page read and write
 clean
7D0000
unkown
page read and write
 clean
5C88000
unkown
page readonly
 clean
2310000
unkown
page readonly
 clean
2210000
heap private
page execute and read and write
 clean
5605000
unkown
page read and write
 clean
AD0000
unkown
page readonly
 clean
5040000
unkown
page readonly
 clean
889000
heap private
page read and write
 clean
BAF000
unkown
page read and write
 clean
910000
heap private
page read and write
 clean
4C00000
heap private
page execute and read and write
 clean
840000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
C18E000
stack
page read and write
 clean
FD0000
unkown image
page readonly
 clean
930000
unkown
page read and write
 clean
38A0000
unkown
page read and write
 clean
B30000
heap private
page execute and read and write
 clean
86D000
unkown
page read and write
 clean
BC1E000
stack
page read and write
 clean
5476000
unkown
page read and write
 clean
5FE9000
unkown
page readonly
 clean
85D8000
unkown
page read and write
 clean
110000
unkown image
page readonly
 clean
EAE000
unkown
page read and write | page guard
 clean
610000
unkown
page read and write
 clean
360000
unkown
page read and write
 clean
2121000
unkown
page read and write
 clean
4AF5000
heap private
page read and write
 clean
65AF000
stack
page read and write
 clean
5F6D000
unkown
page readonly
 clean
610000
unkown
page read and write
 clean
51AE000
stack
page read and write
 clean
380000
heap private
page execute and read and write
 clean
1142000
unkown image
page readonly
 clean
1FEE000
unkown
page read and write
 clean
465000
unkown
page read and write
 clean
37AB000
unkown
page read and write
 clean
D10000
unkown
page read and write
 clean
C6DE000
stack
page read and write
 clean
460000
unkown
page read and write
 clean
61F0000
unkown
page readonly
 clean
2A77000
unkown
page read and write
 clean
880000
heap private
page read and write
 clean
792000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4870000
unkown
page read and write
 clean
4BA0000
heap private
page read and write
 clean
D20000
unkown
page read and write
 clean
3656000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
120000
unkown
page read and write
 clean
3C0000
unkown
page read and write
 clean
960000
unkown
page read and write
 clean
562E000
unkown
page read and write
 clean
FD0000
unkown image
page readonly
 clean
6E0000
heap default
page read and write
 clean
3529000
unkown
page read and write
 clean
1F7D000
unkown
page read and write
 clean
2EC000
heap default
page read and write
 clean
642E000
unkown
page read and write
 clean
612000
unkown
page read and write
 clean
AA0000
unkown
page read and write
 clean
183000
unkown
page execute and read and write
 clean
7D6000
heap default
page read and write
 clean
6172000
unkown
page readonly
 clean
520000
unkown
page read and write
 clean
510D000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
5FD5000
unkown
page readonly
 clean
119B000
unkown image
page readonly
 clean
35A1000
unkown
page read and write
 clean
456D000
unkown
page read and write
 clean
18D000
unkown
page execute and read and write
 clean
4ABF000
unkown
page read and write
 clean
C82D000
stack
page read and write
 clean
1132000
unkown image
page readonly
 clean
3C0000
unkown
page read and write
 clean
850000
unkown
page read and write
 clean
D20000
unkown
page read and write
 clean
F1D000
unkown
page read and write
 clean
36B6000
unkown
page read and write
 clean
3738000
unkown
page read and write
 clean
59D0000
heap private
page read and write
 clean
840000
unkown
page read and write
 clean
49BF000
unkown
page read and write
 clean
940000
unkown
page readonly
 clean
850000
unkown
page read and write
 clean
456000
unkown
page read and write
 clean
98C000
unkown
page read and write
 clean
35A9000
unkown
page read and write
 clean
530000
unkown
page read and write
 clean
1D80000
unkown
page read and write
 clean
3646000
unkown
page read and write
 clean
3C0000
unkown
page read and write
 clean
3686000
unkown
page read and write
 clean
61B0000
unkown
page readonly
 clean
2E0000
unkown
page execute and read and write
 clean
5473000
unkown
page read and write
 clean
36C6000
unkown
page read and write
 clean
2EA000
heap default
page read and write
 clean
D0000
heap default
page read and write
 clean
5E64000
unkown
page readonly
 clean
560000
unkown
page execute and read and write
 clean
35F3000
unkown
page read and write
 clean
C92F000
unkown
page read and write
 clean
467E000
unkown
page read and write
 clean
29D000
unkown
page execute and read and write
 clean
AA000
unkown
page read and write
 clean
35E3000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
620000
unkown
page read and write
 clean
5F25000
unkown
page readonly
 clean
1D00000
unkown
page execute and read and write
 clean
58E0000
unkown
page readonly
 clean
7EFDF000
unkown
page read and write
 clean
390000
unkown
page read and write
 clean
133000
unkown
page execute and read and write
 clean
51E8000
unkown
page read and write
 clean
4A0E000
stack
page read and write
 clean
11A000
unkown image
page readonly
 clean
D10000
unkown
page read and write
 clean
40D000
heap default
page read and write
 clean
EE2000
heap private
page read and write
 clean
460000
unkown
page read and write
 clean
5271000
unkown
page read and write
 clean
110000
unkown
page read and write
 clean
3C0000
unkown
page readonly
 clean
134000
unkown
page read and write
 clean
5E82000
unkown
page readonly
 clean
520000
unkown
page read and write
 clean
672E000
unkown
page read and write
 clean
35D000
unkown
page read and write
 clean
BC0000
unkown
page read and write
 clean
D30000
unkown
page read and write
 clean
840000
unkown
page read and write
 clean
6005000
unkown
page readonly
 clean
450000
unkown
page read and write
 clean
795000
unkown
page execute and read and write
 clean
1132000
unkown image
page readonly
 clean
520000
unkown
page read and write
 clean
8AE000
unkown
page read and write
 clean
5320000
unkown
page readonly
 clean
134000
unkown
page read and write
 clean
25BB000
unkown
page read and write
 clean
3C0000
heap default
page read and write
 clean
140000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
532000
unkown
page read and write
 clean
5CCD000
stack
page read and write
 clean
510000
unkown
page read and write
 clean
36BC000
unkown
page read and write
 clean
F10000
unkown
page read and write
 clean
There are 565 hidden memdumps, click here to show them.