IOCReport

loading gif

Files

File Path
Type
Category
Malicious
presupuesto.xlsx
CDFV2 Encrypted
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
downloaded
 malicious
C:\Users\user\Desktop\~$presupuesto.xlsx
data
dropped
 malicious
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
modified
 malicious
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58596 bytes, 1 file
dropped
 clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
 clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\234E901.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\48B2E23A.jpeg
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\55794626.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 550x310, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\82D1B3EF.jpeg
gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\87FB93B7.png
PNG image data, 399 x 605, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8CCFB279.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91806A4C.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EE298F3.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EF4BADDD.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 550x310, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F29F3B0E.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FA2D9658.png
PNG image data, 399 x 605, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\CabE532.tmp
Microsoft Cabinet archive data, 58596 bytes, 1 file
dropped
 clean
C:\Users\user\AppData\Local\Temp\TarE533.tmp
data
dropped
 clean
There are 11 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
 malicious
C:\Users\Public\vbc.exe
'C:\Users\Public\vbc.exe'
malicious
C:\Users\Public\vbc.exe
C:\Users\Public\vbc.exe
 malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
 clean

URLs

Name
IP
Malicious
http://surestdysbonescagecv.dns.army/documenpt/svchost.exe
103.153.76.181
 malicious
http://d2rIi4JlBhFsgbEW3nM.com
unknown
 clean
http://smtp.oucabem.com.br
unknown
 clean
http://127.0.0.1:HTTP/1.1
unknown
 clean
http://DynDns.comDynDNS
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
unknown
 clean
http://epVtFD.com
unknown
 clean
https://api.ipify.org%GETMozilla/5.0
unknown
 clean
http://mail.ita.locaweb.com.br
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
 clean
https://api.ipify.org%
unknown
 clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
unknown
 clean
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
unknown
 clean
There are 5 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
surestdysbonescagecv.dns.army
103.153.76.181
 malicious
smtp.oucabem.com.br
unknown
 malicious
fqe.short.gy
52.59.165.42
 clean
mail.ita.locaweb.com.br
191.252.112.194
 clean

IPs

IP
Domain
Country
Malicious
103.153.76.181
surestdysbonescagecv.dns.army
unknown
malicious
52.59.165.42
fqe.short.gy
United States
clean

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
a{7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ECBA8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
FontCachePath
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DefaultSheetR2L
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
UseSystemSeparators
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ThousandsSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DecimalSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
)f7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F1842
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F314D
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 21
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EXCELFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F1842
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
EquationEditorFilesIntl_1033
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
SavedLegacySettings
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Blob
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Blob
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Blob
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Blob
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Blob
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Blob
 clean
There are 58 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2361000
unkown
page read and write
 malicious
230A000
unkown
page read and write
 malicious
240E000
unkown
page read and write
 malicious
402000
unkown
page execute and read and write
 malicious
32C9000
unkown
page read and write
 malicious
5795000
unkown
page readonly
 clean
2326000
unkown
page read and write
 clean
57CE000
unkown
page read and write | page guard
 clean
4CA0000
heap private
page read and write
 clean
459000
unkown
page read and write
 clean
4970000
unkown
page write copy
 clean
280000
unkown
page read and write
 clean
616E000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
4CD0000
unkown
page read and write
 clean
45FE000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
9E0000
unkown
page read and write
 clean
1FB0000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
5F0000
unkown
page readonly
 clean
450000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4510000
unkown
page readonly
 clean
AF0000
unkown image
page readonly
 clean
6FE000
unkown
page read and write
 clean
59E2000
unkown
page readonly
 clean
4A72000
heap private
page read and write
 clean
67FE000
unkown
page read and write
 clean
500000
unkown
page read and write
 clean
6B0000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
591E000
unkown
page read and write
 clean
AE0000
unkown
page read and write
 clean
5A20000
unkown
page readonly
 clean
5B0000
unkown
page read and write
 clean
56B2000
unkown
page readonly
 clean
5852000
unkown
page readonly
 clean
280000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
665D000
stack
page read and write
 clean
760000
unkown
page read and write
 clean
6D0000
heap private
page read and write
 clean
4AD4000
heap private
page read and write
 clean
223E000
unkown
page read and write
 clean
75C000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
614F000
unkown
page read and write
 clean
4BA7000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
453000
unkown
page read and write
 clean
187000
unkown
page execute and read and write
 clean
280000
unkown
page read and write
 clean
1D0000
unkown
page execute and read and write
 clean
4A0000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
4B0000
heap default
page read and write
 clean
452000
unkown
page read and write
 clean
5859000
unkown
page readonly
 clean
4D1000
heap default
page read and write
 clean
44BE000
unkown
page read and write
 clean
225F000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
AEE000
stack
page read and write
 clean
420000
heap default
page read and write
 clean
19B000
unkown
page execute and read and write
 clean
450000
unkown
page read and write
 clean
370000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
249E000
unkown
page read and write
 clean
54F2000
unkown
page readonly
 clean
4D4000
heap default
page read and write
 clean
5A81000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
110000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
566D000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
4700000
unkown
page readonly
 clean
18B000
unkown
page read and write
 clean
22C1000
unkown
page read and write
 clean
49B8000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
1E0000
unkown
page execute and read and write
 clean
49E2000
unkown
page read and write
 clean
AF2000
unkown image
page execute read
 clean
450000
unkown
page read and write
 clean
64BC000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
4CCE000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
AF2000
unkown image
page execute read
 clean
285000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
49E4000
unkown
page read and write
 clean
B78000
unkown image
page readonly
 clean
528E000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
49E000
unkown
page read and write
 clean
5B2000
unkown
page read and write
 clean
46FF000
stack
page read and write
 clean
235F000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4CA5000
heap private
page read and write
 clean
285000
unkown
page read and write
 clean
249C000
unkown
page read and write
 clean
770000
unkown
page read and write
 clean
57DD000
unkown
page readonly
 clean
56B4000
unkown
page readonly
 clean
450000
unkown
page read and write
 clean
5410000
unkown
page read and write
 clean
2400000
unkown
page read and write
 clean
5815000
unkown
page readonly
 clean
450000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
57F9000
unkown
page readonly
 clean
AA0000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
120000
unkown
page read and write
 clean
3D0000
unkown
page read and write
 clean
32C1000
unkown
page read and write
 clean
B78000
unkown image
page readonly
 clean
4CC000
heap default
page read and write
 clean
1FAB000
unkown
page read and write
 clean
404000
heap default
page read and write
 clean
AF0000
unkown image
page readonly
 clean
450000
unkown
page read and write
 clean
3DC0000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
590000
heap private
page execute and read and write
 clean
5B0000
unkown
page read and write
 clean
4B5F000
stack
page read and write
 clean
810000
unkown
page readonly
 clean
AF2000
unkown image
page execute read
 clean
130000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
5A00000
heap private
page read and write
 clean
455000
unkown
page read and write
 clean
57E000
unkown
page read and write
 clean
55F2000
unkown
page readonly
 clean
288000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
5BDE000
unkown
page read and write
 clean
5D5C000
unkown
page read and write
 clean
56F4000
unkown
page readonly
 clean
4A50000
heap private
page read and write
 clean
450000
unkown
page read and write
 clean
6A0000
heap private
page read and write
 clean
13D000
unkown
page execute and read and write
 clean
5DFE000
unkown
page read and write
 clean
49EC000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
760000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
5735000
unkown
page readonly
 clean
21F0000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
3591000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
110000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
760000
unkown
page read and write
 clean
5B7C000
unkown
page read and write
 clean
AB0000
unkown
page read and write
 clean
580000
unkown
page read and write
 clean
540E000
unkown
page read and write
 clean
3E7000
heap default
page read and write
 clean
5AD000
heap default
page read and write
 clean
455000
unkown
page read and write
 clean
675E000
stack
page read and write
 clean
450000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
6C0000
heap private
page read and write
 clean
4F0000
unkown
page read and write
 clean
57D6000
unkown
page readonly
 clean
455000
unkown
page read and write
 clean
288000
unkown
page read and write
 clean
B78000
unkown image
page readonly
 clean
5B0000
unkown
page read and write
 clean
ABA000
unkown
page read and write
 clean
23B5000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
6E0000
unkown
page readonly
 clean
450000
unkown
page read and write
 clean
700000
unkown
page read and write
 clean
5829000
unkown
page readonly
 clean
AD0000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
AD0000
unkown
page read and write
 clean
203E000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
42C0000
unkown
page readonly
 clean
57A6000
unkown
page readonly
 clean
AA4000
unkown
page read and write
 clean
4B60000
unkown
page read and write
 clean
6F6B000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
182000
unkown
page read and write
 clean
542D000
unkown
page read and write
 clean
658E000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
4B5E000
unkown
page read and write
 clean
5FBE000
unkown
page read and write
 clean
4AD0000
heap private
page read and write
 clean
454000
unkown
page read and write
 clean
124000
unkown
page read and write
 clean
4F0000
unkown
page read and write
 clean
5C0000
unkown
page execute and read and write
 clean
4E0000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
5B80000
unkown
page readonly
 clean
1E0000
heap default
page read and write
 clean
5776000
unkown
page readonly
 clean
3C0000
unkown
page readonly
 clean
510000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
2040000
unkown
page readonly
 clean
455000
unkown
page read and write
 clean
770000
unkown
page read and write
 clean
123000
unkown
page execute and read and write
 clean
5D0000
unkown
page read and write
 clean
2280000
heap private
page read and write
 clean
280000
unkown
page read and write
 clean
6B4F000
stack
page read and write
 clean
245E000
unkown
page read and write
 clean
3D0000
unkown
page read and write
 clean
49B4000
unkown
page read and write
 clean
5845000
unkown
page readonly
 clean
63B000
heap private
page read and write
 clean
62EE000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4A55000
heap private
page read and write
 clean
AC5000
unkown
page read and write
 clean
770000
unkown
page execute and read and write
 clean
4A0000
unkown
page read and write
 clean
5D0000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
4E7000
unkown
page read and write
 clean
4928000
unkown
page read and write
 clean
47E0000
unkown
page readonly
 clean
280000
unkown
page read and write
 clean
4CE7000
unkown
page read and write
 clean
770000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
57F2000
unkown
page readonly
 clean
43AE000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
4A3000
unkown
page read and write
 clean
500000
unkown
page read and write
 clean
60C000
unkown
page read and write
 clean
469F000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
5722000
unkown
page readonly
 clean
710000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
800000
heap private
page read and write
 clean
3BE000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
5D0000
unkown
page readonly
 clean
700000
unkown
page read and write
 clean
580000
unkown
page read and write
 clean
4A00000
heap private
page execute and read and write
 clean
4B7000
heap default
page read and write
 clean
5B0000
unkown
page read and write
 clean
17D000
unkown
page execute and read and write
 clean
170000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4E30000
heap private
page execute and read and write
 clean
450000
unkown
page read and write
 clean
6A3F000
unkown
page read and write
 clean
634000
heap private
page read and write
 clean
5D0000
unkown
page read and write
 clean
7D0000
unkown
page read and write
 clean
3D7000
unkown
page read and write
 clean
4CE0000
unkown
page readonly
 clean
2C0000
unkown
page readonly
 clean
AF0000
unkown image
page readonly
 clean
53BE000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
14A000
unkown
page execute and read and write
 clean
285000
unkown
page read and write
 clean
2130000
heap private
page execute and read and write
 clean
B78000
unkown image
page readonly
 clean
450000
unkown
page read and write
 clean
2302000
unkown
page read and write
 clean
514E000
stack
page read and write
 clean
56D4000
unkown
page readonly
 clean
3E0000
heap default
page read and write
 clean
67D000
unkown
page read and write
 clean
4AB000
unkown
page read and write
 clean
BA0000
unkown
page readonly
 clean
280000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
6C7000
heap private
page read and write
 clean
280000
unkown
page read and write
 clean
440000
unkown
page read and write
 clean
6F50000
unkown
page read and write
 clean
AD0000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
5A40000
unkown
page readonly
 clean
23E8000
unkown
page read and write
 clean
452000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
450E000
unkown
page read and write
 clean
80000
unkown
page readonly
 clean
450000
unkown
page read and write
 clean
142000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
2B0000
unkown
page readonly
 clean
AC0000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
5765000
unkown
page readonly
 clean
5170000
unkown
page readonly
 clean
280000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
5875000
unkown
page readonly
 clean
26D000
unkown
page read and write
 clean
48F0000
unkown
page read and write
 clean
5746000
unkown
page readonly
 clean
285000
unkown
page read and write
 clean
710000
unkown
page read and write
 clean
4AF2000
heap private
page read and write
 clean
290000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
195000
unkown
page execute and read and write
 clean
450000
unkown
page read and write
 clean
49E000
heap default
page read and write
 clean
456000
unkown
page read and write
 clean
2120000
unkown
page read and write
 clean
56D2000
unkown
page readonly
 clean
4A0000
unkown
page read and write
 clean
5A80000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
638000
heap private
page read and write
 clean
200000
heap default
page read and write
 clean
48D2000
heap private
page read and write
 clean
56F2000
unkown
page readonly
 clean
5C0000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
57D9000
unkown
page readonly
 clean
285000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
760000
unkown
page read and write
 clean
4E70000
unkown
page readonly
 clean
24A6000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
990000
unkown
page readonly
 clean
5A60000
unkown
page readonly
 clean
20000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
48B4000
heap private
page read and write
 clean
AC0000
unkown
page read and write
 clean
F0000
unkown
page read and write
 clean
7E0000
unkown
page read and write
 clean
600000
heap private
page execute and read and write
 clean
225E000
unkown
page read and write | page guard
 clean
790000
heap private
page execute and read and write
 clean
AD5000
unkown
page read and write
 clean
42C000
heap default
page read and write
 clean
4FD000
heap default
page read and write
 clean
5C0000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
290000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
21ED000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
5782000
unkown
page readonly
 clean
AF0000
unkown image
page readonly
 clean
400000
unkown
page execute and read and write
 clean
4B7D000
unkown
page read and write
 clean
28B000
unkown
page read and write
 clean
4F0000
heap default
page read and write
 clean
57CF000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
4CE000
heap default
page read and write
 clean
760000
unkown
page read and write
 clean
5E0000
unkown
page read and write
 clean
4E8000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
197000
unkown
page execute and read and write
 clean
809000
heap private
page read and write
 clean
AF0000
unkown image
page readonly
 clean
80000
unkown
page readonly
 clean
AF2000
unkown image
page execute read
 clean
7EFDF000
unkown
page read and write
 clean
5670000
unkown
page read and write
 clean
5150000
unkown
page readonly
 clean
12D000
unkown
page execute and read and write
 clean
6FAA000
unkown
page read and write
 clean
5F1000
unkown
page read and write
 clean
5822000
unkown
page readonly
 clean
AA0000
unkown
page readonly
 clean
5C00000
unkown
page read and write
 clean
48B0000
heap private
page read and write
 clean
3F0000
unkown
page readonly
 clean
450000
unkown
page read and write
 clean
6F65000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
54F8000
unkown
page readonly
 clean
6C6E000
stack
page read and write
 clean
285000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
532E000
unkown
page read and write
 clean
760000
unkown
page read and write
 clean
12D000
unkown
page execute and read and write
 clean
57C5000
unkown
page readonly
 clean
22D0000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
1FA0000
unkown
page read and write
 clean
451000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
140000
unkown
page read and write
 clean
5E5E000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
7F0000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
3361000
unkown
page read and write
 clean
760000
unkown
page read and write
 clean
AF0000
unkown image
page readonly
 clean
860000
unkown
page readonly
 clean
7EFDF000
unkown
page read and write
 clean
780000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
3E0000
unkown
page execute and read and write
 clean
450000
unkown
page read and write
 clean
19B000
unkown
page execute and read and write
 clean
4FC0000
unkown
page read and write
 clean
124000
unkown
page read and write
 clean
680000
heap private
page read and write
 clean
280000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
192000
unkown
page read and write
 clean
AB0000
unkown
page read and write
 clean
760000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
5AE6000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
6F61000
unkown
page read and write
 clean
245B000
unkown
page read and write
 clean
197000
unkown
page execute and read and write
 clean
5752000
unkown
page readonly
 clean
4A0000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
760000
unkown
page read and write
 clean
AC1000
unkown
page read and write
 clean
4993000
unkown
page read and write
 clean
59F000
heap default
page read and write
 clean
AD0000
unkown
page read and write
 clean
6F7A000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
AE0000
unkown
page read and write
 clean
21AE000
unkown
page read and write
 clean
1FC0000
heap private
page read and write
 clean
450000
unkown
page read and write
 clean
5B80000
unkown
page read and write
 clean
192000
unkown
page read and write
 clean
9A0000
unkown
page read and write
 clean
18A000
unkown
page execute and read and write
 clean
5B0000
unkown
page execute and read and write
 clean
285000
unkown
page read and write
 clean
16B000
unkown
page read and write
 clean
5A9000
heap default
page read and write
 clean
685E000
stack
page read and write
 clean
5B0000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
4CD0000
heap private
page read and write
 clean
146000
unkown
page execute and read and write
 clean
285000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
5F6E000
stack
page read and write
 clean
49C3000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
6300000
heap private
page read and write
 clean
450000
unkown
page read and write
 clean
488E000
unkown
page read and write
 clean
123000
unkown
page execute and read and write
 clean
368000
stack
page read and write
 clean
AA0000
unkown
page read and write
 clean
56C000
heap default
page read and write
 clean
66B0000
heap private
page read and write
 clean
5B0000
unkown
page read and write
 clean
450000
unkown
page read and write
 clean
630000
heap private
page read and write
 clean
290000
unkown
page read and write
 clean
4BBD000
unkown
page read and write
 clean
2D0000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
260000
unkown
page read and write
 clean
46A0000
unkown
page readonly
 clean
57B2000
unkown
page readonly
 clean
783000
unkown
page read and write
 clean
285000
unkown
page read and write
 clean
280000
unkown
page read and write
 clean
455000
unkown
page read and write
 clean
There are 529 hidden memdumps, click here to show them.