IOCReport

loading gif

Files

File Path
Type
Category
Malicious
PR0078966.xlsx
CDFV2 Encrypted
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nass[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
downloaded
 malicious
C:\Users\user\AppData\Local\Temp\tmpE206.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
ISO-8859 text, with LF, NEL line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\blFUun.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Desktop\~$PR0078966.xlsx
data
dropped
 malicious
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\10C739BF.png
PNG image data, 768 x 560, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\119EB898.png
PNG image data, 768 x 560, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1741232F.png
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2973EFB9.png
PNG image data, 613 x 80, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4F5A1AF7.png
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\55401A7A.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 440x248, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5773E24A.png
PNG image data, 1268 x 540, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\59667E41.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F68BF36.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 364x117, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74B7F433.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 364x117, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\77272925.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 297x206, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7B6BD21E.png
PNG image data, 294 x 262, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\871C60E8.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8FD63A2D.png
PNG image data, 399 x 605, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9070C88C.png
PNG image data, 620 x 392, 8-bit/color RGB, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A1B55BC9.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 440x248, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A992A851.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ABFED4E2.png
PNG image data, 1686 x 725, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B4DB4F4E.png
PNG image data, 399 x 605, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B577E266.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 297x206, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B645F9C3.png
PNG image data, 620 x 392, 8-bit/color RGB, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BF1F9F87.jpeg
[TIFF image data, big-endian, direntries=4], baseline, precision 8, 403x242, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DB4DF71D.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DEC708B4.png
PNG image data, 613 x 80, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E259E3DC.jpeg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ED4DB7B.png
PNG image data, 294 x 262, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FF452740.jpeg
[TIFF image data, big-endian, direntries=4], baseline, precision 8, 403x242, frames 3
dropped
 clean
There are 25 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
 malicious
C:\Users\Public\vbc.exe
'C:\Users\Public\vbc.exe'
malicious
C:\Windows\SysWOW64\schtasks.exe
'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\blFUun' /XML 'C:\Users\user\AppData\Local\Temp\tmpE206.tmp'
 malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
 malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
 clean
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
'C:\Program Files (x86)\SMTP Service\smtpsvc.exe'
clean

URLs

Name
IP
Malicious
nassiru1155.ddns.net
malicious
http://covid19vaccinations.hopto.org/nass.exe
13.235.115.155
 malicious
79.134.225.30
malicious
http://www.%s.comPA
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
unknown
 clean

Domains

Name
IP
Malicious
covid19vaccinations.hopto.org
13.235.115.155
 malicious
nassiru1155.ddns.net
unknown
 malicious

IPs

IP
Domain
Country
Malicious
13.235.115.155
covid19vaccinations.hopto.org
United States
malicious
79.134.225.30
unknown
Switzerland
malicious

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
yv5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EF6AE
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
FontCachePath
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DefaultSheetR2L
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
UseSystemSeparators
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ThousandsSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DecimalSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
/$6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F46E0
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F5551
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 21
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EXCELFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F46E0
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
EquationEditorFilesIntl_1033
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
SavedLegacySettings
 clean
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
SMTP Service
 clean
There are 52 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3791000
unkown
page read and write
 malicious
34E6000
unkown
page read and write
 malicious
2791000
unkown
page read and write
 malicious
D10000
unkown
page read and write
 malicious
402000
unkown
page execute and read and write
 malicious
371F000
unkown
page read and write
 clean
5540000
unkown
page read and write
 clean
1BA000
unkown
page read and write
 clean
47C000
unkown
page execute and read and write
 clean
8D0000
unkown
page read and write
 clean
4B0000
unkown
page readonly
 clean
425000
heap default
page read and write
 clean
9FE000
unkown
page read and write | page guard
 clean
36BF000
unkown
page read and write
 clean
9BC000
unkown
page readonly
 clean
A00000
unkown
page read and write
 clean
36DF000
unkown
page read and write
 clean
629E000
unkown
page read and write
 clean
361F000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
373F000
unkown
page read and write
 clean
5CD0000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
3580000
unkown
page read and write
 clean
36BF000
unkown
page read and write
 clean
3E0000
unkown
page read and write
 clean
466000
unkown
page execute and read and write
 clean
3921000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
B7C000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
5CD0000
unkown
page read and write
 clean
C50000
unkown
page read and write
 clean
262000
unkown image
page execute read
 clean
12B0000
unkown
page readonly
 clean
110000
unkown
page readonly
 clean
5B5E000
unkown
page read and write
 clean
603E000
stack
page read and write
 clean
5D0000
unkown
page execute and read and write
 clean
36DF000
unkown
page read and write
 clean
36DF000
unkown
page read and write
 clean
B130000
unkown
page read and write
 clean
550000
unkown
page readonly
 clean
361F000
unkown
page read and write
 clean
363F000
unkown
page read and write
 clean
A07000
unkown
page read and write
 clean
930000
unkown
page execute and read and write
 clean
5546000
unkown
page read and write
 clean
35DF000
unkown
page read and write
 clean
990000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
530000
unkown
page read and write
 clean
6CC000
unkown
page readonly
 clean
B44F000
stack
page read and write
 clean
A00000
unkown
page read and write
 clean
367F000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
D10000
unkown
page read and write
 clean
5240000
unkown
page readonly
 clean
A00000
unkown
page read and write
 clean
4790000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
4FF9000
unkown
page readonly
 clean
C06000
heap private
page read and write
 clean
5EFE000
stack
page read and write
 clean
A00000
unkown
page read and write
 clean
20A0000
heap private
page execute and read and write
 clean
C00000
heap private
page read and write
 clean
35FF000
unkown
page read and write
 clean
472000
unkown
page execute and read and write
 clean
A00000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
4F22000
unkown
page readonly
 clean
A00000
unkown
page read and write
 clean
160000
unkown
page readonly
 clean
363F000
unkown
page read and write
 clean
CA0000
unkown
page read and write
 clean
357000
unkown
page execute and read and write
 clean
4914000
heap private
page read and write
 clean
D0000
heap default
page read and write
 clean
37BF000
unkown
page read and write
 clean
51E2000
unkown
page readonly
 clean
740000
unkown
page write copy
 clean
460000
unkown
page read and write
 clean
290000
unkown
page readonly
 clean
12B0000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
A00000
unkown
page readonly
 clean
A00000
unkown
page read and write
 clean
367F000
unkown
page read and write
 clean
950000
heap private
page execute and read and write
 clean
1270000
unkown
page read and write
 clean
32F000
unkown
page read and write
 clean
A00000
heap private
page read and write
 clean
6865000
unkown
page read and write
 clean
4EF2000
unkown
page readonly
 clean
5220000
unkown
page readonly
 clean
510000
unkown
page execute and read and write
 clean
12C2000
unkown image
page execute read
 clean
361F000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
363F000
unkown
page read and write
 clean
4884000
unkown
page read and write
 clean
160000
unkown
page read and write
 clean
5AAE000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
369F000
unkown
page read and write
 clean
370000
unkown
page readonly
 clean
3580000
unkown
page read and write
 clean
46A000
unkown
page execute and read and write
 clean
7EFDF000
unkown
page read and write
 clean
4FD6000
unkown
page readonly
 clean
5260000
unkown
page readonly
 clean
35DF000
unkown
page read and write
 clean
1E2000
unkown
page execute and read and write
 clean
600000
unkown
page read and write
 clean
35FF000
unkown
page read and write
 clean
660000
unkown
page read and write
 clean
3F0000
unkown
page read and write
 clean
361F000
unkown
page read and write
 clean
D20000
unkown
page read and write
 clean
371F000
unkown
page read and write
 clean
32F000
heap default
page read and write
 clean
335000
unkown
page read and write
 clean
379F000
unkown
page read and write
 clean
6C7000
unkown
page readonly
 clean
A4E000
unkown
page read and write
 clean
4B9E000
unkown
page read and write
 clean
373F000
unkown
page read and write
 clean
379F000
unkown
page read and write
 clean
352000
unkown
page read and write
 clean
4F0000
unkown
page read and write
 clean
9B7000
unkown
page readonly
 clean
371F000
unkown
page read and write
 clean
367F000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
377F000
unkown
page read and write
 clean
36FF000
unkown
page read and write
 clean
490000
unkown
page read and write
 clean
63AF000
unkown
page read and write
 clean
B22E000
unkown
page read and write
 clean
369F000
unkown
page read and write
 clean
35FF000
unkown
page read and write
 clean
36FF000
unkown
page read and write
 clean
4650000
heap private
page execute and read and write
 clean
510000
unkown
page readonly
 clean
373F000
unkown
page read and write
 clean
367F000
unkown
page read and write
 clean
36FF000
unkown
page read and write
 clean
210000
heap private
page read and write
 clean
59DE000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
5590000
unkown
page read and write
 clean
359F000
unkown
page read and write
 clean
422000
unkown
page execute and read and write
 clean
361F000
unkown
page read and write
 clean
5029000
unkown
page readonly
 clean
768000
heap private
page read and write
 clean
A00000
unkown
page read and write
 clean
35FF000
unkown
page read and write
 clean
35FF000
unkown
page read and write
 clean
530000
unkown
page read and write
 clean
12A0000
unkown
page read and write
 clean
52DE000
unkown
page read and write
 clean
488C000
unkown
page read and write
 clean
36FF000
unkown
page read and write
 clean
D00000
unkown
page read and write
 clean
4F0000
unkown
page read and write
 clean
3580000
unkown
page read and write
 clean
359F000
unkown
page read and write
 clean
367F000
unkown
page read and write
 clean
C60000
unkown
page read and write
 clean
DB0000
unkown
page read and write
 clean
590000
heap private
page read and write
 clean
47C8000
unkown
page read and write
 clean
591E000
unkown
page read and write
 clean
A06000
unkown
page read and write
 clean
D0000
unkown
page read and write
 clean
35BF000
unkown
page read and write
 clean
DA0000
unkown
page read and write
 clean
5480000
unkown
page read and write
 clean
D05000
unkown
page read and write
 clean
F50000
unkown
page read and write
 clean
48B000
unkown
page execute and read and write
 clean
35BF000
unkown
page read and write
 clean
35BF000
unkown
page read and write
 clean
3580000
unkown
page read and write
 clean
68AA000
unkown
page read and write
 clean
65E000
unkown
page read and write
 clean
377F000
unkown
page read and write
 clean
B89D000
stack
page read and write
 clean
A06000
unkown
page read and write
 clean
44A0000
unkown
page readonly
 clean
4A1D000
unkown
page read and write
 clean
27B000
unkown
page execute and read and write
 clean
359F000
unkown
page read and write
 clean
8C1000
unkown
page read and write
 clean
A05000
heap private
page read and write
 clean
232000
unkown
page execute and read and write
 clean
4FC5000
unkown
page readonly
 clean
930000
unkown
page readonly
 clean
48AF000
unkown
page read and write
 clean
5059000
unkown
page readonly
 clean
384000
heap default
page read and write
 clean
720000
unkown
page read and write
 clean
500000
unkown
page readonly
 clean
3580000
unkown
page read and write
 clean
5E0000
unkown
page read and write
 clean
367F000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
4690000
unkown
page read and write
 clean
A05000
unkown
page read and write
 clean
3580000
unkown
page read and write
 clean
500000
unkown
page read and write
 clean
6C0000
unkown
page readonly
 clean
541F000
unkown
page read and write
 clean
531000
unkown
page read and write
 clean
63AE000
unkown
page read and write | page guard
 clean
4854000
unkown
page read and write
 clean
4F52000
unkown
page readonly
 clean
371F000
unkown
page read and write
 clean
687A000
unkown
page read and write
 clean
346000
unkown
page read and write | page guard
 clean
3580000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
35BF000
unkown
page read and write
 clean
D30000
unkown
page read and write
 clean
36BF000
unkown
page read and write
 clean
A05000
unkown
page read and write
 clean
363F000
unkown
page read and write
 clean
D80000
unkown
page read and write
 clean
270000
heap default
page read and write
 clean
680000
heap private
page execute and read and write
 clean
8D0000
unkown
page read and write
 clean
242000
unkown
page execute and read and write
 clean
625E000
unkown
page read and write
 clean
379F000
unkown
page read and write
 clean
4657000
heap private
page execute and read and write
 clean
41D000
heap default
page read and write
 clean
379F000
unkown
page read and write
 clean
36BF000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
277000
unkown
page execute and read and write
 clean
550000
heap private
page execute and read and write
 clean
D91000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
5A0000
unkown
page readonly
 clean
750000
unkown
page execute and read and write
 clean
63CE000
unkown
page read and write
 clean
134E000
unkown image
page readonly
 clean
C80000
unkown
page readonly
 clean
123B000
heap private
page read and write
 clean
442000
unkown
page execute and read and write
 clean
1230000
heap private
page read and write
 clean
E0000
heap default
page read and write
 clean
45E0000
unkown
page read and write
 clean
36BF000
unkown
page read and write
 clean
1E0000
heap private
page execute and read and write
 clean
379F000
unkown
page read and write
 clean
4C0000
unkown
page readonly
 clean
4F0000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
353E000
unkown
page read and write
 clean
361F000
unkown
page read and write
 clean
379F000
unkown
page read and write
 clean
9A0000
unkown
page readonly
 clean
64FD000
stack
page read and write
 clean
363F000
unkown
page read and write
 clean
4F0000
unkown
page read and write
 clean
3A7B000
unkown
page read and write
 clean
5540000
unkown
page read and write
 clean
59E0000
heap private
page read and write
 clean
45C000
unkown
page execute and read and write
 clean
12B0000
unkown
page read and write
 clean
367000
heap default
page read and write
 clean
4D2C000
unkown
page read and write
 clean
36BF000
unkown
page read and write
 clean
452000
unkown
page execute and read and write
 clean
377F000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
1F9E000
unkown
page read and write
 clean
462D000
unkown
page read and write
 clean
4F0000
unkown
page readonly
 clean
4D0000
unkown
page execute and read and write
 clean
371F000
unkown
page read and write
 clean
5E2000
unkown
page read and write
 clean
CF0000
unkown
page execute and read and write
 clean
3A9000
heap default
page read and write
 clean
5015000
unkown
page readonly
 clean
530000
unkown
page read and write
 clean
4A0000
unkown
page readonly
 clean
4E0000
heap private
page read and write
 clean
369F000
unkown
page read and write
 clean
37BF000
unkown
page read and write
 clean
375F000
unkown
page read and write
 clean
35BF000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
371F000
unkown
page read and write
 clean
373F000
unkown
page read and write
 clean
35DF000
unkown
page read and write
 clean
5590000
unkown
page read and write
 clean
4F8000
unkown
page read and write
 clean
530000
unkown
page read and write
 clean
46AD000
unkown
page read and write
 clean
560000
unkown
page read and write
 clean
377F000
unkown
page read and write
 clean
D30000
unkown
page read and write
 clean
37BF000
unkown
page read and write
 clean
36DF000
unkown
page read and write
 clean
600000
unkown
page readonly
 clean
37DF000
unkown
page read and write
 clean
262000
unkown image
page execute read
 clean
377F000
unkown
page read and write
 clean
379F000
unkown
page read and write
 clean
5D80000
unkown
page read and write
 clean
363F000
unkown
page read and write
 clean
32F000
unkown
page read and write
 clean
2528000
unkown
page read and write
 clean
4BDE000
unkown
page read and write
 clean
610000
unkown
page read and write
 clean
369F000
unkown
page read and write
 clean
A0C000
unkown
page read and write
 clean
477000
unkown
page execute and read and write
 clean
361F000
unkown
page read and write
 clean
730000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
36FF000
unkown
page read and write
 clean
35FF000
unkown
page read and write
 clean
371F000
unkown
page read and write
 clean
49D000
unkown
page read and write
 clean
BFE000
unkown
page read and write
 clean
720000
unkown
page readonly
 clean
35BF000
unkown
page read and write
 clean
35BF000
unkown
page read and write
 clean
1EA000
unkown
page execute and read and write
 clean
D30000
unkown
page read and write
 clean
35DF000
unkown
page read and write
 clean
7EF50000
unkown
page execute and read and write
 clean
359F000
unkown
page read and write
 clean
8C1000
unkown
page read and write
 clean
476000
unkown
page read and write
 clean
9DB000
unkown
page readonly
 clean
355F000
unkown
page read and write
 clean
36FF000
unkown
page read and write
 clean
4ED4000
unkown
page readonly
 clean
4F1000
unkown
page read and write
 clean
B140000
unkown
page read and write
 clean
4932000
heap private
page read and write
 clean
C50000
unkown
page readonly
 clean
35BF000
unkown
page read and write
 clean
369F000
unkown
page read and write
 clean
377F000
unkown
page read and write
 clean
4FA6000
unkown
page readonly
 clean
4C0000
unkown
page read and write
 clean
B30000
heap private
page read and write
 clean
4970000
unkown
page readonly
 clean
C7E000
unkown
page read and write | page guard
 clean
AF0000
unkown
page read and write
 clean
357F000
unkown
page read and write
 clean
602000
unkown
page read and write
 clean
A58000
unkown
page read and write
 clean
36DF000
unkown
page read and write
 clean
C7B000
unkown
page readonly
 clean
359F000
unkown
page read and write
 clean
1090000
unkown
page readonly
 clean
4FF2000
unkown
page readonly
 clean
277000
heap default
page read and write
 clean
4F0000
unkown
page read and write
 clean
12C0000
unkown image
page readonly
 clean
375F000
unkown
page read and write
 clean
36DF000
unkown
page read and write
 clean
4F0000
unkown
page read and write
 clean
A50000
unkown
page readonly
 clean
27EE000
unkown
page read and write
 clean
32F000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
4EB4000
unkown
page readonly
 clean
A00000
unkown
page read and write
 clean
36FF000
unkown
page read and write
 clean
46A000
unkown
page execute and read and write
 clean
470000
unkown
page read and write
 clean
4863000
unkown
page read and write
 clean
4F76000
unkown
page readonly
 clean
A06000
unkown
page read and write
 clean
373F000
unkown
page read and write
 clean
369F000
unkown
page read and write
 clean
20000
heap private
page read and write
 clean
450000
unkown
page read and write
 clean
240000
unkown
page read and write
 clean
35DF000
unkown
page read and write
 clean
8D0000
unkown
page read and write
 clean
369F000
unkown
page read and write
 clean
379F000
unkown
page read and write
 clean
36DF000
unkown
page read and write
 clean
371F000
unkown
page read and write
 clean
4FB2000
unkown
page readonly
 clean
64CF000
unkown
page read and write
 clean
720000
unkown
page readonly
 clean
CA000
unkown
page read and write
 clean
5B80000
unkown
page readonly
 clean
35DF000
unkown
page read and write
 clean
4F95000
unkown
page readonly
 clean
608E000
unkown
page read and write
 clean
24A1000
unkown
page read and write
 clean
9FF000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
360000
heap default
page read and write
 clean
5D9D000
unkown
page read and write
 clean
4A8E000
unkown
page read and write
 clean
260000
unkown image
page readonly
 clean
359F000
unkown
page read and write
 clean
367F000
unkown
page read and write
 clean
C7F000
unkown
page read and write
 clean
4A0000
unkown
page readonly
 clean
373F000
unkown
page read and write
 clean
367F000
unkown
page read and write
 clean
573D000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
D38000
unkown
page read and write
 clean
8C0000
unkown
page readonly
 clean
80000
unkown
page readonly
 clean
5D7E000
unkown
page read and write
 clean
5280000
unkown
page read and write
 clean
363F000
unkown
page read and write
 clean
260000
unkown image
page readonly
 clean
12B0000
unkown
page read and write
 clean
361F000
unkown
page read and write
 clean
4F35000
unkown
page readonly
 clean
4CF8000
unkown
page readonly
 clean
5540000
unkown
page read and write
 clean
4F4000
heap default
page read and write
 clean
D30000
unkown
page read and write
 clean
377F000
unkown
page read and write
 clean
375F000
unkown
page read and write
 clean
4B0000
unkown
page read and write
 clean
375F000
unkown
page read and write
 clean
373F000
unkown
page read and write
 clean
379F000
unkown
page read and write
 clean
26C7000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
4D0000
heap default
page read and write
 clean
3551000
unkown
page read and write
 clean
5B10000
unkown
page read and write
 clean
36DF000
unkown
page read and write
 clean
35BF000
unkown
page read and write
 clean
D00000
unkown
page read and write
 clean
5022000
unkown
page readonly
 clean
D36000
unkown
page read and write
 clean
5540000
unkown
page read and write
 clean
D07000
unkown
page read and write
 clean
35FF000
unkown
page read and write
 clean
45E0000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
CA0000
unkown
page read and write
 clean
4ED2000
unkown
page readonly
 clean
12A0000
unkown
page read and write
 clean
4BE0000
heap private
page read and write
 clean
373F000
unkown
page read and write
 clean
AF8000
unkown
page read and write
 clean
7B0000
unkown
page readonly
 clean
36BF000
unkown
page read and write
 clean
48AE000
unkown
page read and write | page guard
 clean
1E0000
unkown
page read and write
 clean
377F000
unkown
page read and write
 clean
92C000
unkown
page read and write
 clean
108F000
stack
page read and write
 clean
4674000
heap private
page execute and read and write
 clean
A00000
unkown
page read and write
 clean
375F000
unkown
page read and write
 clean
4CF2000
unkown
page readonly
 clean
2B0000
unkown
page read and write
 clean
7A0000
heap private
page read and write
 clean
361F000
unkown
page read and write
 clean
375F000
unkown
page read and write
 clean
490000
heap private
page read and write
 clean
F3000
heap default
page read and write
 clean
21D0000
unkown
page readonly
 clean
268000
unkown image
page readonly
 clean
335000
unkown
page read and write
 clean
4FE000
unkown
page read and write
 clean
359F000
unkown
page read and write
 clean
57B0000
heap private
page read and write
 clean
25B000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
7EF50000
unkown
page execute and read and write
 clean
570000
unkown
page readonly
 clean
472000
unkown
page read and write
 clean
320000
unkown
page read and write
 clean
1238000
heap private
page read and write
 clean
37BF000
unkown
page read and write
 clean
36DF000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
2692000
unkown
page read and write
 clean
2A0000
unkown
page readonly
 clean
23A000
unkown
page execute and read and write
 clean
530000
unkown
page readonly
 clean
64CE000
unkown
page read and write | page guard
 clean
365F000
unkown
page read and write
 clean
5DBF000
unkown
page read and write
 clean
4580000
unkown
page readonly
 clean
12A1000
unkown
page read and write
 clean
373F000
unkown
page read and write
 clean
5380000
unkown
page read and write
 clean
90000
heap default
page read and write
 clean
1234000
heap private
page read and write
 clean
A10000
heap private
page execute and read and write
 clean
47B000
unkown
page execute and read and write
 clean
36FF000
unkown
page read and write
 clean
44A000
unkown
page execute and read and write
 clean
487000
unkown
page execute and read and write
 clean
A04000
unkown
page read and write
 clean
375F000
unkown
page read and write
 clean
CB4000
heap private
page read and write
 clean
37BF000
unkown
page read and write
 clean
4882000
unkown
page read and write
 clean
6EB000
unkown
page readonly
 clean
4D30000
unkown
page readonly
 clean
379F000
unkown
page read and write
 clean
4F65000
unkown
page readonly
 clean
56A0000
unkown
page read and write
 clean
5045000
unkown
page readonly
 clean
4EF4000
unkown
page readonly
 clean
51AD000
unkown
page read and write
 clean
60CE000
unkown
page read and write
 clean
4833000
unkown
page read and write
 clean
369F000
unkown
page read and write
 clean
359F000
unkown
page read and write
 clean
4E9000
heap private
page read and write
 clean
36FF000
unkown
page read and write
 clean
482000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
CB0000
heap private
page read and write
 clean
3580000
unkown
page read and write
 clean
2551000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
5075000
unkown
page readonly
 clean
371F000
unkown
page read and write
 clean
134E000
unkown image
page readonly
 clean
35FF000
unkown
page read and write
 clean
4858000
unkown
page read and write
 clean
369F000
unkown
page read and write
 clean
150000
unkown
page readonly
 clean
367F000
unkown
page read and write
 clean
477000
unkown
page read and write | page guard
 clean
35DF000
unkown
page read and write
 clean
5BB0000
unkown
page read and write
 clean
375F000
unkown
page read and write
 clean
5052000
unkown
page readonly
 clean
A06000
unkown
page read and write
 clean
4F46000
unkown
page readonly
 clean
C5C000
unkown
page readonly
 clean
A00000
unkown
page read and write
 clean
1290000
unkown
page execute and read and write
 clean
535000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
12A0000
unkown
page read and write
 clean
A06000
unkown
page read and write
 clean
AF0000
unkown
page readonly
 clean
12C2000
unkown image
page execute read
 clean
A32000
heap private
page execute and read and write
 clean
F72000
unkown
page execute and read and write
 clean
A00000
unkown
page read and write
 clean
A06000
unkown
page read and write
 clean
35BF000
unkown
page read and write
 clean
36BF000
unkown
page read and write
 clean
377F000
unkown
page read and write
 clean
35FF000
unkown
page read and write
 clean
12B0000
unkown
page read and write
 clean
A0000
unkown
page readonly
 clean
35DF000
unkown
page read and write
 clean
37BF000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
367F000
unkown
page read and write
 clean
B99E000
stack
page read and write
 clean
5500000
unkown
page read and write
 clean
35DF000
unkown
page read and write
 clean
37BF000
unkown
page read and write
 clean
26B7000
unkown
page read and write
 clean
202000
unkown
page execute and read and write
 clean
379F000
unkown
page read and write
 clean
C50000
unkown
page read and write
 clean
36BF000
unkown
page read and write
 clean
D10000
unkown
page read and write
 clean
D7E000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
335000
heap default
page read and write
 clean
6861000
unkown
page read and write
 clean
4B3C000
unkown
page read and write
 clean
326000
unkown
page read and write
 clean
4FD9000
unkown
page readonly
 clean
A07000
unkown
page read and write
 clean
375F000
unkown
page read and write
 clean
8D0000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
4910000
heap private
page read and write
 clean
5B70000
unkown
page write copy
 clean
CD2000
heap private
page read and write
 clean
DA0000
unkown
page read and write
 clean
D10000
unkown
page read and write
 clean
294000
heap default
page read and write
 clean
B150000
unkown
page read and write
 clean
710000
unkown
page readonly
 clean
52C7000
unkown
page read and write
 clean
338000
unkown
page read and write
 clean
A15000
heap private
page execute and read and write
 clean
36BF000
unkown
page read and write
 clean
34A1000
unkown
page read and write
 clean
D30000
unkown
page read and write
 clean
D30000
unkown
page read and write
 clean
37BF000
unkown
page read and write
 clean
20A000
unkown
page execute and read and write
 clean
36FF000
unkown
page read and write
 clean
55BF000
unkown
page read and write
 clean
363F000
unkown
page read and write
 clean
37DF000
unkown
page read and write
 clean
5540000
unkown
page read and write
 clean
467E000
stack
page read and write
 clean
A00000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
266000
unkown
page read and write
 clean
220000
unkown
page read and write
 clean
5590000
unkown
page read and write
 clean
4F82000
unkown
page readonly
 clean
373F000
unkown
page read and write
 clean
1D2000
unkown
page execute and read and write
 clean
B6CD000
stack
page read and write
 clean
4950000
unkown
page readonly
 clean
2280000
unkown
page readonly
 clean
5720000
unkown
page readonly
 clean
369F000
unkown
page read and write
 clean
371F000
unkown
page read and write
 clean
D30000
unkown
page read and write
 clean
A00000
unkown
page read and write
 clean
530000
unkown
page read and write
 clean
540000
unkown
page execute and read and write
 clean
F80000
unkown
page read and write
 clean
35DF000
unkown
page read and write
 clean
ACE0000
unkown
page read and write
 clean
DD0000
unkown
page readonly
 clean
7EF60000
unkown
page execute and read and write
 clean
8E0000
unkown
page read and write
 clean
3580000
unkown
page read and write
 clean
569F000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
2670000
unkown
page read and write
 clean
369F000
unkown
page read and write
 clean
4DF2000
unkown
page readonly
 clean
4D7000
heap default
page read and write
 clean
A06000
unkown
page read and write
 clean
590000
unkown
page readonly
 clean
2C0000
heap private
page read and write
 clean
529D000
unkown
page read and write
 clean
3C8000
heap default
page read and write
 clean
27D5000
unkown
page read and write
 clean
D35000
unkown
page read and write
 clean
D30000
unkown
page read and write
 clean
B26C000
unkown
page read and write
 clean
D80000
unkown
page read and write
 clean
12C0000
unkown image
page readonly
 clean
359F000
unkown
page read and write
 clean
361F000
unkown
page read and write
 clean
27D3000
unkown
page read and write
 clean
1DA000
unkown
page execute and read and write
 clean
A00000
unkown
page read and write
 clean
9B0000
unkown
page readonly
 clean
268000
unkown image
page readonly
 clean
AF0000
unkown
page read and write
 clean
47A000
unkown
page execute and read and write
 clean
B1DE000
unkown
page read and write
 clean
36DF000
unkown
page read and write
 clean
377F000
unkown
page read and write
 clean
36BF000
unkown
page read and write
 clean
11ED000
stack
page read and write
 clean
6850000
unkown
page read and write
 clean
5CD0000
unkown
page read and write
 clean
4EB2000
unkown
page readonly
 clean
5CCE000
stack
page read and write
 clean
359F000
unkown
page read and write
 clean
686B000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
227F000
stack
page read and write
 clean
515E000
unkown
page read and write
 clean
61FE000
stack
page read and write
 clean
60EE000
unkown
page read and write
 clean
C57000
unkown
page readonly
 clean
35A000
unkown
page execute and read and write
 clean
370000
unkown
page execute and read and write
 clean
491E000
unkown
page read and write
 clean
347000
stack
page read and write
 clean
D37000
unkown
page read and write
 clean
462000
unkown
page execute and read and write
 clean
12C0000
unkown image
page readonly
 clean
479000
stack
page read and write
 clean
4FDD000
unkown
page readonly
 clean
35FF000
unkown
page read and write
 clean
4ADE000
unkown
page read and write
 clean
569E000
unkown
page read and write | page guard
 clean
375F000
unkown
page read and write
 clean
558E000
unkown
page read and write
 clean
4890000
unkown
page read and write
 clean
363F000
unkown
page read and write
 clean
2B8000
heap default
page read and write
 clean
361F000
unkown
page read and write
 clean
35BF000
unkown
page read and write
 clean
260000
unkown image
page readonly
 clean
51A000
heap default
page read and write
 clean
760000
heap private
page read and write
 clean
5CD0000
unkown
page readonly
 clean
C4E000
unkown
page read and write
 clean
D00000
unkown
page read and write
 clean
34C6000
unkown
page read and write
 clean
359F000
unkown
page read and write
 clean
B17C000
unkown
page read and write
 clean
There are 709 hidden memdumps, click here to show them.