IOCReport

loading gif

Files

File Path
Type
Category
Malicious
statistic-207394368.xlsm
Microsoft Excel 2007+
initial sample
malicious
C:\Users\user\Desktop\~$statistic-207394368.xlsm
data
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\44CD6028.png
PNG image data, 485 x 185, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5F386603.png
PNG image data, 205 x 58, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B6A5D209.png
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DAFC4076.png
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\suspendedpage[1].htm
HTML document, ASCII text
downloaded
clean
C:\Users\user\AppData\Local\Temp\32820000
data
dropped
clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu Jun 27 18:52:18 2019, mtime=Tue May 4 19:30:31 2021, atime=Tue May 4 19:30:31 2021, length=16384, window=hide
dropped
clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\statistic-207394368.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 14:27:01 2020, mtime=Tue May 4 19:30:31 2021, atime=Tue May 4 19:30:31 2021, length=107618, window=hide
dropped
clean
C:\Users\user\Desktop\33820000
data
dropped
clean
C:\Users\user\jordji.nbvt11
HTML document, ASCII text
dropped
clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Microsoft Cabinet archive data, 58596 bytes, 1 file
dropped
clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
dropped
clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
data
dropped
clean
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
data
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\suspendedpage[1].htm
HTML document, ASCII text
downloaded
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E71D9E51.png
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EE365390.png
PNG image data, 485 x 185, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FBA7750B.png
PNG image data, 205 x 58, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FF7E501E.png
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Temp\2FDE0000
data
dropped
clean
C:\Users\user\AppData\Local\Temp\CabE985.tmp
Microsoft Cabinet archive data, 58596 bytes, 1 file
dropped
clean
C:\Users\user\AppData\Local\Temp\TarE986.tmp
data
dropped
clean
C:\Users\user\Desktop\10EE0000
data
dropped
clean
There are 16 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 ..\jordji.nbvt1,DllRegisterServer
malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 ..\jordji.nbvt11,DllRegisterServer
malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
malicious
C:\Windows\System32\rundll32.exe
rundll32 ..\jordji.nbvt1,DllRegisterServer
malicious
C:\Windows\System32\rundll32.exe
rundll32 ..\jordji.nbvt11,DllRegisterServer
malicious

URLs

Name
IP
Malicious
http://fwdssp.com/?dn=referer_detect&pid=5POL4F2O4
unknown
clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
clean
http://www.windows.com/pctv.
unknown
clean
http://investor.msn.com
unknown
clean
http://www.msnbc.com/news/ticker.txt
unknown
clean
http://www.icra.org/vocabulary/.
unknown
clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
clean
http://www.hotmail.com/oe
unknown
clean
http://investor.msn.com/
unknown
clean

Domains

Name
IP
Malicious
anaheimdermatologists.com
192.185.5.2
clean
industrialarttextile.com
192.254.233.89
clean

IPs

IP
Domain
Country
Malicious
192.185.5.2
anaheimdermatologists.com
United States
clean
192.254.233.89
industrialarttextile.com
United States
clean

Registry

Path
Value
Malicious
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
c)&
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
d)&
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastBootTime
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ReviewToken
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
27769
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
VBAFiles
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
MSForms
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
MSComctlLib
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
DefaultSheetR2L
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
UseSystemSeparators
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ThousandsSeparator
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
DecimalSeparator
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
27EFB
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
28052
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
2815C
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
28295
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
2838F
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
+`&
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
3A877
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastPurgeTime
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
3AEE0
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
FileFormatBallotBoxAppIDBootedOnce
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
en-US
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
en-US
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
EXCELFiles
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
RoamingConfigurableSettings
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
RoamingLastSyncTime
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
RoamingLastWriteTime
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
CacheReady
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastRequest
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
CacheReady
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastUpdate
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
NextUpdate
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1036
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1033
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_3082
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1036
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1036
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1033
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_1033
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_3082
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
SpellingAndGrammarFiles_3082
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
ProductFiles
clean
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
LastBootTime
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
a23
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
MTTT
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ReviewToken
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ED9EB
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
VBAFiles
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DefaultSheetR2L
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
UseSystemSeparators
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ThousandsSeparator
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DecimalSeparator
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EDD54
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EDE2F
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EDEBB
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EDFC4
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EE08F
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
*=3
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
@%SystemRoot%\system32\qagentrt.dll,-10
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
@%SystemRoot%\System32\fveui.dll,-843
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
@%SystemRoot%\System32\fveui.dll,-844
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
@%SystemRoot%\System32\wuaueng.dll,-400
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
LastPurgeTime
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
102B06
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1037F2
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EXCELFiles
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SavedLegacySettings
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Blob
clean
There are 160 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
277B000
unkown
page readonly
clean
2A024D15000
unkown
page read and write
clean
2A024C10000
unkown
page readonly
clean
24740854000
unkown
page readonly
clean
2A025877000
unkown
page read and write
clean
7FF5438B4000
unkown
page readonly
clean
24740AB1000
unkown
page read and write
clean
9319B7F000
unkown
page read and write
clean
27AF000
unkown
page readonly
clean
2473B9F0000
unkown
page read and write
clean
2A024CDD000
unkown
page read and write
clean
2EA0000
heap default
page read and write
clean
2473BB18000
unkown
page read and write
clean
2473B26D000
unkown
page read and write
clean
2473B130000
unkown
page readonly
clean
2A024D0F000
unkown
page read and write
clean
24740A00000
unkown
page read and write
clean
27D8000
unkown
page readonly
clean
21F0000
unkown
page readonly
clean
2473B302000
unkown
page read and write
clean
2D87000
unkown
page read and write
clean
2C9D000
unkown
page read and write
clean
2E8A000
heap private
page read and write
clean
7FF543A82000
unkown
page readonly
clean
247E000
unkown
page readonly
clean
26D7000
unkown
page readonly
clean
7FF543927000
unkown
page readonly
clean
2473BB02000
unkown
page read and write
clean
2578000
unkown
page readonly
clean
2A024C7E000
unkown
page read and write
clean
2C95000
unkown
page read and write
clean
2A024CED000
unkown
page read and write
clean
7FF57E691000
unkown
page readonly
clean
2473BA15000
unkown
page read and write
clean
2474088C000
unkown
page readonly
clean
7FF57E75F000
unkown
page readonly
clean
2832000
unkown
page read and write
clean
2473C220000
unkown
page readonly
clean
7FF5438FD000
unkown
page readonly
clean
7FF543A30000
unkown
page readonly
clean
2C7A000
heap default
page read and write
clean
5EB0000
unkown
page readonly
clean
7FF543682000
unkown
page readonly
clean
2C50000
unkown
page readonly
clean
FA96D79000
unkown
page read and write
clean
7FF5439C1000
unkown
page readonly
clean
931997F000
unkown
page read and write
clean
2765000
unkown
page readonly
clean
2A024CDD000
unkown
page read and write
clean
2A024BF0000
unkown
page read and write
clean
2A024CFB000
unkown
page read and write
clean
7FF543A27000
unkown
page readonly
clean
2A024FC5000
heap private
page read and write
clean
3027000
heap private
page read and write
clean
247409C0000
unkown
page readonly
clean
2A025AA0000
unkown
page read and write
clean
2E87000
heap private
page read and write
clean
6010000
unkown
page readonly
clean
9319E7F000
unkown
page read and write
clean
2473C060000
unkown
page read and write
clean
27BD000
unkown
page readonly
clean
2601000
unkown
page readonly
clean
7FF543AA7000
unkown
page readonly
clean
7FF543860000
unkown
page readonly
clean
2A024CEB000
unkown
page read and write
clean
27D8000
unkown
page readonly
clean
24A1000
unkown
page readonly
clean
7FF57E5EC000
unkown
page readonly
clean
279E000
unkown
page readonly
clean
2FD0000
unkown
page readonly
clean
2473BA00000
unkown
page read and write
clean
2C9D000
unkown
page read and write
clean
2357000
unkown
page readonly
clean
FA96CFF000
unkown
page read and write
clean
2A025814000
unkown
page read and write
clean
5DE4000
heap private
page read and write
clean
23A1000
unkown
page readonly
clean
FA96BFB000
unkown
page read and write
clean
2A024C8F000
unkown
page read and write
clean
2C4F000
unkown
page read and write
clean
247407C4000
unkown
page read and write
clean
2473B120000
heap default
page read and write
clean
2D7D000
unkown
page read and write
clean
277D000
unkown
page readonly
clean
7FF57E075000
unkown
page readonly
clean
2473B0C0000
heap private
page read and write
clean
FA96C79000
unkown
page read and write
clean
24740680000
unkown
page read and write
clean
7FF543B07000
unkown
page readonly
clean
2D99000
unkown
page read and write
clean
2A024C8E000
unkown
page read and write
clean
2D30000
unkown
page readonly
clean
7FF5438FF000
unkown
page readonly
clean
6180000
heap private
page read and write
clean
931967F000
unkown
page read and write
clean
2A02581B000
unkown
page read and write
clean
7FF54389B000
unkown
page readonly
clean
7FF543290000
unkown
page readonly
clean
7FF5433D9000
unkown
page readonly
clean
2E80000
heap private
page read and write
clean
7FF57E7A6000
unkown
page readonly
clean
7FF57DFAD000
unkown
page readonly
clean
24740A78000
unkown
page read and write
clean
216C000
unkown
page readonly
clean
24740780000
unkown
page read and write
clean
255D000
unkown
page readonly
clean
2A024CDB000
unkown
page read and write
clean
2A025812000
unkown
page read and write
clean
2473BB13000
unkown
page read and write
clean
27A2000
unkown
page readonly
clean
2A024D12000
unkown
page read and write
clean
650E000
unkown
page read and write
clean
2E8E000
unkown
page read and write
clean
2473B313000
unkown
page read and write
clean
9318FAE000
unkown
page read and write
clean
7FF57E678000
unkown
page readonly
clean
2508000
unkown
page readonly
clean
2D99000
unkown
page read and write
clean
2C70000
heap default
page read and write
clean
26FA000
unkown
page readonly
clean
247408E0000
unkown
page read and write
clean
2A025B20000
unkown
page read and write
clean
2D75000
unkown
page read and write
clean
26E1000
unkown
page readonly
clean
2A024CDD000
unkown
page read and write
clean
2A025870000
unkown
page read and write
clean
7FF56370B000
unkown
page readonly
clean
7FF54371A000
unkown
page readonly
clean
24740780000
unkown
page read and write
clean
7FF543998000
unkown
page readonly
clean
2A025AB0000
unkown
page readonly
clean
9319F7C000
unkown
page read and write
clean
247409E0000
unkown
page readonly
clean
2E70000
unkown
page readonly
clean
2C9E000
unkown
page read and write
clean
27D0000
unkown
page readonly
clean
2BB0000
unkown
page readonly
clean
7FF5437FD000
unkown
page readonly
clean
2533000
unkown
page readonly
clean
7FF543A05000
unkown
page readonly
clean
2473B2B1000
unkown
page read and write
clean
24740940000
unkown
page readonly
clean
2473B990000
unkown
page read and write
clean
24740A23000
unkown
page read and write
clean
2473B2A5000
unkown
page read and write
clean
2473B2A0000
unkown
page read and write
clean
2A024D30000
unkown
page readonly
clean
2A35000
unkown
page read and write
clean
7FF543A96000
unkown
page readonly
clean
2A024CFB000
unkown
page read and write
clean
24740A2E000
unkown
page read and write
clean
247407C0000
unkown
page read and write
clean
7FF57E81D000
unkown
page readonly
clean
24740AAC000
unkown
page read and write
clean
2363000
unkown
page readonly
clean
2473B273000
unkown
page read and write
clean
2473C5E0000
unkown
page read and write
clean
7FF57E06F000
unkown
page readonly
clean
2A024D1A000
unkown
page read and write
clean
2C9A000
unkown
page read and write
clean
2A024CDD000
unkown
page read and write
clean
7FF543A39000
unkown
page readonly
clean
247408E0000
unkown
page readonly
clean
254F000
unkown
page readonly
clean
2473B28E000
unkown
page read and write
clean
6190000
unkown
page readonly
clean
FA96E79000
unkown
page read and write
clean
2D84000
unkown
page read and write
clean
62EF000
unkown
page read and write
clean
2526000
unkown
page readonly
clean
24A5000
unkown
page readonly
clean
7FF543825000
unkown
page readonly
clean
2A024CFB000
unkown
page read and write
clean
2A025819000
unkown
page read and write
clean
24F1000
unkown
page readonly
clean
9318F2B000
unkown
page read and write
clean
282E000
unkown
page read and write
clean
2A024C87000
unkown
page read and write
clean
2A024C87000
unkown
page read and write
clean
2473B276000
unkown
page read and write
clean
2473B241000
unkown
page read and write
clean
2C9D000
unkown
page read and write
clean
931947C000
unkown
page read and write
clean
7FF57E811000
unkown
page readonly
clean
7FF57E827000
unkown
page readonly
clean
2A024C8E000
unkown
page read and write
clean
7FF57E6A8000
unkown
page readonly
clean
5D90000
unkown
page read and write
clean
6184000
heap private
page read and write
clean
7FF543913000
unkown
page readonly
clean
7FF543849000
unkown
page readonly
clean
2473B295000
unkown
page read and write
clean
2A0251E0000
unkown
page readonly
clean
7FF543A4F000
unkown
page readonly
clean
2473B258000
unkown
page read and write
clean
2A024D10000
unkown
page read and write
clean
2D81000
unkown
page read and write
clean
7FF543B46000
unkown
page readonly
clean
24740A61000
unkown
page read and write
clean
2AD0000
unkown
page readonly
clean
2D78000
unkown
page read and write
clean
7FF54382F000
unkown
page readonly
clean
247407A1000
unkown
page read and write
clean
2473B2FD000
unkown
page read and write
clean
2A024FCA000
heap private
page read and write
clean
2473C230000
unkown
page readonly
clean
9319A7F000
unkown
page read and write
clean
2A024CFD000
unkown
page read and write
clean
2473C280000
unkown
page readonly
clean
2A024C9C000
unkown
page read and write
clean
247405E0000
unkown
page read and write
clean
7FF543A63000
unkown
page readonly
clean
931957B000
unkown
page read and write
clean
2D84000
unkown
page read and write
clean
7FF543890000
unkown
page readonly
clean
7FF543AAE000
unkown
page readonly
clean
2A024C7E000
unkown
page read and write
clean
2A024CFB000
unkown
page read and write
clean
24740888000
unkown
page write copy
clean
7FF57E0E1000
unkown
page readonly
clean
7FF56370B000
unkown
page readonly
clean
2D70000
unkown
page readonly
clean
2A025B30000
unkown
page read and write
clean
2A0254B0000
unkown
page readonly
clean
24740A49000
unkown
page read and write
clean
2A024C38000
heap default
page read and write
clean
2D7D000
unkown
page read and write
clean
7FF543A44000
unkown
page readonly
clean
2A024CFB000
unkown
page read and write
clean
2AB0000
unkown
page read and write
clean
2505000
unkown
page readonly
clean
24740860000
unkown
page readonly
clean
7FF543903000
unkown
page readonly
clean
7FF543991000
unkown
page readonly
clean
24740864000
unkown
page readonly
clean
24740C00000
unkown
page readonly
clean
7FF543A9D000
unkown
page readonly
clean
FA96A7B000
unkown
page read and write
clean
2538000
unkown
page readonly
clean
7FF5436CC000
unkown
page readonly
clean
2A024C40000
heap default
page read and write
clean
60D0000
unkown
page read and write
clean
9319C7F000
unkown
page read and write
clean
5D80000
unkown
page read and write
clean
2A024D1A000
unkown
page read and write
clean
2A025810000
unkown
page read and write
clean
2798000
unkown
page readonly
clean
62F0000
unkown
page read and write
clean
6590000
unkown
page read and write
clean
247408E0000
unkown
page read and write
clean
247407A0000
unkown
page read and write
clean
2450000
unkown
page readonly
clean
7FF543A51000
unkown
page readonly
clean
2A024C87000
unkown
page read and write
clean
2705000
unkown
page readonly
clean
7FF57E7B9000
unkown
page readonly
clean
7FF543B04000
unkown
page readonly
clean
7FF57E7AD000
unkown
page readonly
clean
2A0257F0000
unkown
page read and write
clean
247408A0000
unkown
page read and write
clean
93199FF000
unkown
page read and write
clean
2D75000
unkown
page read and write
clean
2473C270000
unkown
page readonly
clean
9319AFE000
unkown
page read and write
clean
47D0000
unkown
page readonly
clean
2473BB59000
unkown
page read and write
clean
2A025800000
unkown
page read and write
clean
2473C260000
unkown
page readonly
clean
7FF543A7A000
unkown
page readonly
clean
247405F0000
unkown
page read and write
clean
7FF57DFAB000
unkown
page readonly
clean
7FF57E853000
unkown
page readonly
clean
2C95000
unkown
page read and write
clean
247407B0000
unkown
page read and write
clean
2A024C20000
unkown
page readonly
clean
2473C240000
unkown
page readonly
clean
2A024C8F000
unkown
page read and write
clean
2A024C7E000
unkown
page read and write
clean
27B4000
unkown
page readonly
clean
2A024CDD000
unkown
page read and write
clean
2473B7A0000
unkown
page readonly
clean
2A024CDE000
unkown
page read and write
clean
247407A4000
unkown
page read and write
clean
24740A55000
unkown
page read and write
clean
2A025AC0000
unkown
page read and write
clean
2D5A000
heap default
page read and write
clean
7FF543854000
unkown
page readonly
clean
2A025800000
unkown
page read and write
clean
2A024FD0000
unkown
page read and write
clean
7FF543B2A000
unkown
page readonly
clean
7FF543803000
unkown
page readonly
clean
931977A000
unkown
page read and write
clean
7FF543856000
unkown
page readonly
clean
24740850000
unkown
page read and write
clean
7FF543B01000
unkown
page readonly
clean
2A024C30000
heap default
page read and write
clean
7FF543340000
unkown
page readonly
clean
302A000
heap private
page read and write
clean
24740850000
unkown
page write copy
clean
26CE000
unkown
page readonly
clean
2473B200000
unkown
page read and write
clean
7FF543A24000
unkown
page readonly
clean
25C3000
unkown
page readonly
clean
2570000
unkown
page readonly
clean
7FF57E82B000
unkown
page readonly
clean
7FF57E867000
unkown
page readonly
clean
2751000
unkown
page readonly
clean
7FF57E786000
unkown
page readonly
clean
7FF5438F7000
unkown
page readonly
clean
2473C140000
unkown
page read and write
clean
26F2000
unkown
page readonly
clean
2A024D12000
unkown
page read and write
clean
2473B28B000
unkown
page read and write
clean
7FF543A18000
unkown
page readonly
clean
654F000
unkown
page read and write
clean
2473B880000
unkown
page read and write
clean
2473BB58000
unkown
page read and write
clean
7FF57E824000
unkown
page readonly
clean
2A024CB1000
unkown
page read and write
clean
7FF5438EA000
unkown
page readonly
clean
2C0E000
unkown
page read and write
clean
7FF543AA9000
unkown
page readonly
clean
2A024C9C000
unkown
page read and write
clean
2A024CC6000
unkown
page read and write
clean
3000000
unkown
page read and write
clean
7FF57E856000
unkown
page readonly
clean
7FF57E817000
unkown
page readonly
clean
2A024D1A000
unkown
page read and write
clean
24740670000
unkown
page read and write
clean
7FF543717000
unkown
page readonly
clean
2A024C87000
unkown
page read and write
clean
9319377000
unkown
page read and write
clean
2768000
unkown
page readonly
clean
24740A10000
unkown
page read and write
clean
2D92000
unkown
page read and write
clean
270B000
unkown
page readonly
clean
2A3A000
unkown
page read and write
clean
247408B0000
unkown
page read and write
clean
62AE000
unkown
page read and write
clean
2FF0000
unkown
page read and write
clean
2D50000
heap default
page read and write
clean
2A39000
unkown
page read and write
clean
7FF54385A000
unkown
page readonly
clean
2BC0000
unkown
page readonly
clean
251D000
unkown
page readonly
clean
2473B9F3000
unkown
page read and write
clean
2C60000
unkown
page read and write
clean
2477000
unkown
page readonly
clean
24740890000
unkown
page read and write
clean
2FBF000
unkown
page read and write
clean
7FF54388E000
unkown
page readonly
clean
2CB9000
unkown
page read and write
clean
2CB9000
unkown
page read and write
clean
7FF543509000
unkown
page readonly
clean
7FF57E814000
unkown
page readonly
clean
24740920000
unkown
page readonly
clean
61F0000
unkown
page read and write
clean
7FF5436B2000
unkown
page readonly
clean
7FF543B43000
unkown
page readonly
clean
2D10000
unkown
page read and write
clean
7FF57DFA4000
unkown
page readonly
clean
2D7D000
unkown
page read and write
clean
93198FE000
unkown
page read and write
clean
2E90000
unkown
page readonly
clean
2C6A000
unkown
page read and write
clean
249A000
unkown
page readonly
clean
2473B213000
unkown
page read and write
clean
5DE0000
heap private
page read and write
clean
2CAB000
unkown
page read and write
clean
2D7E000
unkown
page read and write
clean
7FF543B14000
unkown
page readonly
clean
2A025816000
unkown
page read and write
clean
246E000
unkown
page readonly
clean
7FF5436D9000
unkown
page readonly
clean
2AC0000
heap default
page read and write
clean
7FF543818000
unkown
page readonly
clean
2A024FC0000
heap private
page read and write
clean
2CA5000
unkown
page read and write
clean
7FF543286000
unkown
page readonly
clean
251B000
unkown
page readonly
clean
2C99000
unkown
page read and write
clean
247408C0000
unkown
page read and write
clean
2C9D000
unkown
page read and write
clean
2A024D15000
unkown
page read and write
clean
2CA5000
unkown
page read and write
clean
2473BB18000
unkown
page read and write
clean
2A024CFB000
unkown
page read and write
clean
253E000
unkown
page readonly
clean
2473C5C1000
unkown
page read and write
clean
278E000
unkown
page readonly
clean
7FF543B0D000
unkown
page readonly
clean
7FF543A5F000
unkown
page readonly
clean
24740A3D000
unkown
page read and write
clean
2793000
unkown
page readonly
clean
7FF57E774000
unkown
page readonly
clean
7FF57E83A000
unkown
page readonly
clean
2492000
unkown
page readonly
clean
7FF543B17000
unkown
page readonly
clean
2473BA02000
unkown
page read and write
clean
24740AAF000
unkown
page read and write
clean
24740630000
unkown
page readonly
clean
7FF543B52000
unkown
page readonly
clean
2A024BD0000
unkown
page read and write
clean
2786000
unkown
page readonly
clean
2EB0000
unkown
page readonly
clean
2481000
unkown
page readonly
clean
2473B600000
unkown
page readonly
clean
24740AB3000
unkown
page read and write
clean
2A024CB1000
unkown
page read and write
clean
23CC000
unkown
page readonly
clean
2542000
unkown
page readonly
clean
2A024B70000
unkown
page read and write
clean
252E000
unkown
page readonly
clean
2FE0000
unkown
page readonly
clean
3030000
unkown
page readonly
clean
2A025B20000
unkown
page read and write
clean
2A024D1A000
unkown
page read and write
clean
2D40000
unkown
page readonly
clean
931927E000
unkown
page read and write
clean
2CA7000
unkown
page read and write
clean
26FD000
unkown
page readonly
clean
931987B000
unkown
page read and write
clean
7FF57E867000
unkown
page readonly
clean
2473C250000
unkown
page readonly
clean
2554000
unkown
page readonly
clean
2A0253E0000
unkown
page readonly
clean
2473B229000
unkown
page read and write
clean
7FF57E7B7000
unkown
page readonly
clean
2A024D1A000
unkown
page read and write
clean
2A02581D000
unkown
page read and write
clean
2A024C76000
unkown
page read and write
clean
2A024CFB000
unkown
page read and write
clean
7FF543A76000
unkown
page readonly
clean
2474078E000
unkown
page read and write
clean
25B7000
unkown
page readonly
clean
2473B870000
unkown
page readonly
clean
7FF54350F000
unkown
page readonly
clean
2A024CDC000
unkown
page read and write
clean
3020000
heap private
page read and write
clean
7FF57E6A1000
unkown
page readonly
clean
247408D0000
unkown
page read and write
clean
7FF543A6D000
unkown
page readonly
clean
2D71000
unkown
page read and write
clean
26DE000
unkown
page readonly
clean
247407B0000
unkown
page read and write
clean
2A024C87000
unkown
page read and write
clean
2A024CC6000
unkown
page read and write
clean
7FF543A34000
unkown
page readonly
clean
249D000
unkown
page readonly
clean
2A024CFD000
unkown
page read and write
clean
2A025AD0000
unkown
page read and write
clean
2E90000
unkown
page read and write
clean
247408E0000
unkown
page read and write
clean
7FF57DFB2000
unkown
page readonly
clean
24AB000
unkown
page readonly
clean
5DF0000
unkown
page readonly
clean
2473BB00000
unkown
page read and write
clean
2A025860000
unkown
page read and write
clean
247408E0000
unkown
page read and write
clean
24740930000
unkown
page readonly
clean
2A7B000
unkown
page read and write
clean
2701000
unkown
page readonly
clean
7FF543842000
unkown
page readonly
clean
24740660000
unkown
page read and write
clean
7FF5439D5000
unkown
page readonly
clean
2578000
unkown
page readonly
clean
7FF543B57000
unkown
page readonly
clean
7FF543344000
unkown
page readonly
clean
2473B400000
unkown
page readonly
clean
24740788000
unkown
page read and write
clean
2A025800000
unkown
page read and write
clean
There are 461 hidden memdumps, click here to show them.