IOCReport

loading gif

Files

File Path
Type
Category
Malicious
astro-grep-setup.exe.doc
Microsoft OOXML
initial sample
 malicious
C:\ProgramData\Memsys\ms.exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
 malicious
C:\Users\user\AppData\Local\Temp\ASTRO-GREP.EXE
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\astro-grep.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\AstroGrep\AstroGrep.AdminProcess.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Program Files (x86)\AstroGrep\AstroGrep.AdminProcess.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
 clean
C:\Program Files (x86)\AstroGrep\AstroGrep.Common.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Program Files (x86)\AstroGrep\AstroGrep.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Program Files (x86)\AstroGrep\AstroGrep.exe.config
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
 clean
C:\Program Files (x86)\AstroGrep\AstroGrep_256x256.png
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Program Files (x86)\AstroGrep\ICSharpCode.AvalonEdit.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Program Files (x86)\AstroGrep\NLog.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Program Files (x86)\AstroGrep\Uninstall.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
 clean
C:\Program Files (x86)\AstroGrep\astrogrep.VisualElementsManifest.xml
ASCII text, with CRLF line terminators
dropped
 clean
C:\Program Files (x86)\AstroGrep\libAstroGrep.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Program Files (x86)\AstroGrep\license.txt
ASCII text, with CRLF line terminators
dropped
 clean
C:\Program Files (x86)\AstroGrep\readme.txt
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
 clean
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroGrep\AstroGrep.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Apr 4 19:57:44 2019, mtime=Sun Jul 18 03:42:39 2021, atime=Thu Apr 4 19:57:44 2019, length=573440, window=hide
dropped
 clean
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroGrep\Uninstall AstroGrep.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Jul 18 03:42:40 2021, mtime=Sun Jul 18 03:42:40 2021, atime=Sun Jul 18 03:42:40 2021, length=61854, window=hide
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\78FF0AD.png
PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5BCB44D4-31CD-44E2-A821-3408DFB7CA1A}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8DB8CC3B-9141-43B7-951A-41190F623D30}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{90768F62-679A-419C-A2B1-C0B28319F5E4}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FBF58E38-2270-4D70-A99C-79301888F689}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
dropped
 clean
C:\Users\user\AppData\Local\Temp\msoB754.tmp
GIF image data, version 89a, 15 x 15
dropped
 clean
C:\Users\user\AppData\Local\Temp\nsa2731.tmp\LangDLL.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Temp\nsa2731.tmp\StartMenu.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Temp\nsa2731.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Temp\nsa2731.tmp\modern-wizard.bmp
PC bitmap, Windows 3.x format, 164 x 314 x 4
dropped
 clean
C:\Users\user\AppData\Local\Temp\nsa2731.tmp\nsDialogs.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Temp\tmp3E29.tmp.bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\astro-grep-setup.exe.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Wed Aug 26 14:08:12 2020, atime=Sun Jul 18 03:39:30 2021, length=1443117, window=hide
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
 clean
C:\Users\user\Desktop\~$tro-grep-setup.exe.doc
data
dropped
 clean
\Device\Null
ASCII text, with CRLF line terminators, with overstriking
dropped
 clean
There are 27 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
 malicious
C:\ProgramData\Memsys\ms.exe
C:\ProgramData\Memsys\ms.exe
 malicious
C:\Users\user\AppData\Local\Temp\ASTRO-GREP.EXE
'C:\Users\user\AppData\Local\Temp\ASTRO-GREP.EXE'
malicious
C:\Windows\SysWOW64\cmd.exe
'C:\Windows\System32\cmd.exe' /c schtasks /create /f /sc onlogon /rl highest /tn 'astro-grep' /tr ''C:\Users\user\AppData\Roaming\astro-grep.exe'' & exit
malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ''C:\Users\user\AppData\Local\Temp\tmp3E29.tmp.bat''
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn 'astro-grep' /tr ''C:\Users\user\AppData\Roaming\astro-grep.exe''
malicious
C:\Users\user\AppData\Roaming\astro-grep.exe
C:\Users\user\AppData\Roaming\astro-grep.exe
malicious
C:\Users\user\AppData\Roaming\astro-grep.exe
'C:\Users\user\AppData\Roaming\astro-grep.exe'
malicious
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
'C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE'
clean
C:\Windows\SysWOW64\timeout.exe
timeout 3
clean
C:\Windows\System32\taskeng.exe
taskeng.exe {E0184388-4CC0-4E79-AF38-011207705295} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
 clean
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://crl.entrust.net/server1.crl0
unknown
 clean
http://ocsp.entrust.net03
unknown
 clean
https://pastebin.com/raw
unknown
 clean
https://pastebin.com/raw/VTByvKGM
unknown
 clean
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
 clean
https://nlog-project.org/
unknown
 clean
http://www.diginotar.nl/cps/pkioverheid0
unknown
 clean
https://pastebin.com/raw/VTByvKGMHD
unknown
 clean
https://pastebin.comP
unknown
 clean
http://nsis.sf.net/NSIS_ErrorError
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
https://pastebin.com/raw/VTByvKGMHD9mPHD9m0HD9m
unknown
 clean
https://www.nuget.org/packages/NLog.Web.AspNetCore
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://nsis.sf.net/NSIS_Error
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://ocsp.entrust.net0D
unknown
 clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
 clean
https://secure.comodo.com/CPS0
unknown
 clean
http://pastebin.com
unknown
 clean
https://pastebin.com
unknown
 clean
http://crl.entrust.net/2048ca.crl0
unknown
 clean
https://pastebin.com/raw/VTByvKGMHD9m
unknown
 clean
There are 21 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
pastebin.com
104.23.98.190
 clean

IPs

IP
Domain
Country
Malicious
185.195.232.251
unknown
Sweden
clean
104.23.98.190
pastebin.com
United States
clean

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
t#9
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
m$9
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
$&9
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TCWP5FilesIntl_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TCWP6FilesIntl_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Name
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Path
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Extensions
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Name
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Path
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Extensions
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Name
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Path
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Extensions
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
EBA79
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
WORDFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TCWP5FilesIntl_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TCWP6FilesIntl_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TCWP5FilesIntl_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
TCWP6FilesIntl_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
NULL
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
DisplayName
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
DisplayIcon
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
Publisher
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
DisplayVersion
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
UninstallString
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
QuietUninstallString
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
NoModify
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
NoRepair
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
EstimatedSize
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
Start Menu Folder
 clean
C:\Users\user\AppData\Local\Temp\ASTROGREP_SETUP_V4.4.7.EXE
Installer Language
 clean
C:\Windows\System32\taskeng.exe
data
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
EnableFileTracing
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
EnableConsoleTracing
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
FileTracingMask
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
ConsoleTracingMask
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
MaxFileSize
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
FileDirectory
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
EnableFileTracing
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
EnableConsoleTracing
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
FileTracingMask
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
ConsoleTracingMask
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
MaxFileSize
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
FileDirectory
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
Blob
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
Blob
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
Blob
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
Blob
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
Blob
 clean
C:\Users\user\AppData\Roaming\astro-grep.exe
Blob
 clean
There are 63 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
922000
unkown image
page execute read
 malicious
192000
unkown image
page execute read
 malicious
B7F000
unkown image
page readonly
 malicious
192000
unkown image
page execute read
 malicious
192000
unkown image
page execute read
 malicious
922000
unkown image
page execute read
 malicious
192000
unkown image
page execute read
 malicious
24AF000
unkown
page read and write
 malicious
B7F000
unkown image
page readonly
 malicious
4889000
unkown
page read and write
 clean
80000
unkown
page readonly
 clean
4948000
unkown
page read and write
 clean
4889000
unkown
page read and write
 clean
2368000
unkown
page read and write
 clean
1C70000
unkown
page readonly
 clean
4948000
unkown
page read and write
 clean
1C0000
unkown
page execute and read and write
 clean
30F2000
unkown
page readonly
 clean
1F0000
unkown
page read and write
 clean
600000
heap private
page read and write
 clean
23D0000
unkown
page readonly
 clean
71F000
unkown
page read and write
 clean
700000
unkown
page readonly
 clean
80000
unkown
page readonly
 clean
2431000
unkown
page read and write
 clean
4952000
unkown
page read and write
 clean
2860000
unkown
page readonly
 clean
1FC000
unkown
page read and write
 clean
409000
unkown image
page write copy
 clean
4A20000
unkown
page read and write
 clean
3A9000
unkown
page read and write
 clean
20000
heap private
page read and write
 clean
24C1000
unkown
page read and write
 clean
56A0000
heap private
page read and write
 clean
2210000
heap private
page read and write
 clean
5F0000
heap private
page execute and read and write
 clean
F0000
unkown
page read and write
 clean
140000
unkown
page readonly
 clean
687000
heap default
page read and write
 clean
325000
heap default
page read and write
 clean
F4000
heap private
page read and write
 clean
4A22000
unkown
page read and write
 clean
2F39000
unkown
page readonly
 clean
48D2000
unkown
page read and write
 clean
245A000
unkown
page read and write
 clean
220000
unkown
page read and write
 clean
609000
unkown
page read and write
 clean
280000
unkown
page readonly
 clean
420000
unkown
page read and write
 clean
F0000
heap private
page read and write
 clean
4A8E000
unkown
page read and write
 clean
4952000
unkown
page read and write
 clean
4B20000
unkown
page readonly
 clean
4D0D000
unkown
page read and write
 clean
190000
unkown image
page readonly
 clean
147000
unkown
page execute and read and write
 clean
13D000
unkown
page read and write
 clean
604F000
unkown
page read and write
 clean
60FF000
unkown
page read and write
 clean
2EA5000
unkown
page readonly
 clean
4952000
unkown
page read and write
 clean
520000
heap default
page read and write
 clean
710000
heap default
page read and write
 clean
9F0000
unkown
page read and write
 clean
457000
heap default
page read and write
 clean
48D2000
unkown
page read and write
 clean
AF0000
unkown image
page readonly
 clean
3DB000
heap default
page read and write
 clean
3C0000
heap private
page read and write
 clean
15C000
unkown
page read and write
 clean
9F0000
unkown
page read and write
 clean
19E000
unkown image
page readonly
 clean
92E000
unkown image
page readonly
 clean
190000
unkown image
page readonly
 clean
9F0000
unkown
page read and write
 clean
446E000
unkown
page read and write
 clean
9F0000
unkown
page read and write
 clean
123000
unkown
page execute and read and write
 clean
9F0000
unkown
page read and write
 clean
23FE000
unkown
page read and write
 clean
B7D000
unkown image
page read and write
 clean
21AE000
unkown
page read and write | page guard
 clean
6D1000
heap default
page read and write
 clean
400000
unkown image
page readonly
 clean
397000
heap default
page read and write
 clean
5EC1000
heap private
page read and write
 clean
3D0000
unkown
page readonly
 clean
20000
unkown
page readonly
 clean
487E000
unkown
page read and write
 clean
230000
heap private
page execute and read and write
 clean
21D0000
heap private
page read and write
 clean
216E000
unkown
page read and write
 clean
609000
heap default
page read and write
 clean
4872000
unkown
page read and write
 clean
5C10000
unkown
page read and write
 clean
9F0000
unkown
page read and write
 clean
4F30000
heap private
page execute and read and write
 clean
2E04000
unkown
page readonly
 clean
2828000
heap private
page read and write
 clean
48D2000
unkown
page read and write
 clean
1C0000
unkown
page read and write
 clean
18A000
unkown
page read and write
 clean
220000
unkown
page read and write
 clean
2927000
unkown
page readonly
 clean
827000
heap private
page read and write
 clean
2AE000
unkown
page read and write
 clean
16D000
unkown
page execute and read and write
 clean
5560000
unkown
page read and write
 clean
230000
unkown
page read and write
 clean
4948000
unkown
page read and write
 clean
4948000
unkown
page read and write
 clean
58A0000
heap private
page read and write
 clean
49A000
heap default
page read and write
 clean
282B000
heap private
page read and write
 clean
450000
unkown
page readonly
 clean
677000
heap default
page read and write
 clean
3C0000
unkown
page write copy
 clean
70000
unkown
page readonly
 clean
7EFDF000
unkown
page read and write
 clean
920000
unkown image
page readonly
 clean
320000
heap default
page read and write
 clean
694000
heap default
page read and write
 clean
60F000
unkown
page read and write
 clean
164000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
407000
unkown image
page readonly
 clean
15B000
unkown
page execute and read and write
 clean
56B0000
heap private
page read and write
 clean
6F1000
heap default
page read and write
 clean
2E32000
unkown
page readonly
 clean
89E000
unkown
page read and write
 clean
2F09000
unkown
page readonly
 clean
2357000
unkown
page read and write
 clean
8B0000
heap private
page execute and read and write
 clean
2E62000
unkown
page readonly
 clean
401000
unkown image
page execute read
 clean
60000
unkown
page readonly
 clean
2E92000
unkown
page readonly
 clean
331F000
unkown
page read and write
 clean
233B000
unkown
page read and write
 clean
60000
unkown
page read and write
 clean
9F0000
unkown
page read and write
 clean
3D6000
unkown
page read and write
 clean
26F000
unkown
page read and write
 clean
19B000
unkown
page execute and read and write
 clean
550000
unkown
page readonly
 clean
5EE000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
250000
unkown
page read and write
 clean
5C10000
unkown
page read and write
 clean
4948000
unkown
page read and write
 clean
4952000
unkown
page read and write
 clean
15B000
unkown
page execute and read and write
 clean
3A7000
heap default
page read and write
 clean
6F3000
heap default
page read and write
 clean
26CF000
unkown
page read and write
 clean
434000
unkown image
page read and write
 clean
69E000
unkown
page read and write
 clean
31E000
unkown
page read and write
 clean
19E000
unkown image
page readonly
 clean
5BBE000
unkown
page read and write
 clean
4885000
unkown
page read and write
 clean
28AD000
unkown
page read and write
 clean
1CB000
unkown
page read and write
 clean
142000
unkown
page read and write
 clean
5D3000
unkown
page read and write
 clean
4A0000
heap private
page execute and read and write
 clean
9F0000
unkown
page read and write
 clean
5BF2000
heap private
page read and write
 clean
48D2000
unkown
page read and write
 clean
420000
unkown
page readonly
 clean
6B0000
heap default
page read and write
 clean
628000
unkown
page read and write
 clean
360000
heap private
page read and write
 clean
49D000
heap default
page read and write
 clean
570000
heap private
page read and write
 clean
920000
unkown image
page readonly
 clean
187000
unkown
page execute and read and write
 clean
6A0000
unkown
page readonly
 clean
490000
heap default
page read and write
 clean
4871000
unkown
page read and write
 clean
4948000
unkown
page read and write
 clean
4885000
unkown
page read and write
 clean
22E1000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
440000
unkown
page read and write
 clean
680000
heap default
page read and write
 clean
9C0000
heap private
page read and write
 clean
2060000
unkown
page read and write
 clean
6F1000
unkown
page read and write
 clean
B70000
unkown image
page readonly
 clean
20FE000
unkown
page read and write
 clean
2EC2000
unkown
page readonly
 clean
AC0000
unkown
page readonly
 clean
B71000
unkown image
page execute read
 clean
9F0000
unkown
page read and write
 clean
4881000
unkown
page read and write
 clean
5DD000
unkown
page read and write
 clean
3170000
unkown
page readonly
 clean
29D000
unkown
page read and write
 clean
4A90000
unkown
page readonly
 clean
2EE9000
unkown
page readonly
 clean
60F000
unkown
page read and write
 clean
556E000
unkown
page read and write
 clean
613000
unkown
page read and write
 clean
31C000
heap default
page read and write
 clean
48D000
unkown
page read and write
 clean
7E0000
unkown
page readonly
 clean
9F0000
unkown
page read and write
 clean
2A7000
heap default
page read and write
 clean
4880000
unkown
page read and write
 clean
4F70000
unkown
page readonly
 clean
401000
unkown image
page execute read
 clean
407000
unkown image
page readonly
 clean
48D2000
unkown
page read and write
 clean
B60000
unkown
page readonly
 clean
4E0000
heap default
page read and write
 clean
4948000
unkown
page read and write
 clean
80000
unkown
page readonly
 clean
247C000
unkown
page read and write
 clean
130000
unkown
page read and write
 clean
890000
heap private
page read and write
 clean
259E000
unkown
page read and write
 clean
33F000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
4CA000
unkown
page read and write
 clean
74F000
unkown
page read and write
 clean
487E000
unkown
page read and write
 clean
9F0000
unkown
page read and write
 clean
520000
heap private
page read and write
 clean
52F000
heap default
page read and write
 clean
2F25000
unkown
page readonly
 clean
820000
heap private
page read and write
 clean
4952000
unkown
page read and write
 clean
6F4000
heap default
page read and write
 clean
3190000
unkown
page readonly
 clean
1D0000
unkown
page readonly
 clean
9F0000
unkown
page read and write
 clean
2E75000
unkown
page readonly
 clean
3A0000
heap default
page read and write
 clean
1F0000
unkown
page read and write
 clean
609000
unkown
page read and write
 clean
910000
unkown
page readonly
 clean
440000
unkown image
page read and write
 clean
2DE000
unkown
page read and write
 clean
2164000
heap private
page read and write
 clean
220000
unkown
page read and write
 clean
19E000
unkown image
page readonly
 clean
630000
unkown
page readonly
 clean
23F3000
unkown
page read and write
 clean
23FE000
unkown
page read and write | page guard
 clean
870000
unkown
page readonly
 clean
4ED0000
unkown
page readonly
 clean
22DF000
unkown
page read and write
 clean
1D0000
unkown
page execute and read and write
 clean
4948000
unkown
page read and write
 clean
62D000
unkown
page read and write
 clean
5BD0000
heap private
page read and write
 clean
1D0000
unkown
page read and write
 clean
48D2000
unkown
page read and write
 clean
4C7000
unkown
page read and write
 clean
1B0000
unkown
page execute and read and write
 clean
2080000
unkown
page readonly
 clean
2F32000
unkown
page readonly
 clean
20000
unkown
page read and write
 clean
5340000
unkown
page write copy
 clean
248A000
unkown
page read and write
 clean
2F62000
unkown
page readonly
 clean
550000
unkown
page read and write
 clean
440000
unkown image
page readonly
 clean
458E000
unkown
page read and write
 clean
2150000
heap private
page read and write
 clean
310000
unkown
page read and write
 clean
487E000
unkown
page read and write
 clean
190000
unkown image
page readonly
 clean
9F0000
unkown
page read and write
 clean
2415000
unkown
page read and write
 clean
56F0000
unkown
page write copy
 clean
1F0000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
830000
unkown
page read and write
 clean
2E86000
unkown
page readonly
 clean
48D2000
unkown
page read and write
 clean
250000
unkown
page read and write
 clean
4948000
unkown
page read and write
 clean
521000
heap default
page read and write
 clean
21AF000
unkown
page read and write
 clean
5870000
heap private
page read and write
 clean
737000
heap default
page read and write
 clean
570000
unkown
page readonly
 clean
540000
heap private
page read and write
 clean
60F000
heap default
page read and write
 clean
1D0000
unkown
page readonly
 clean
3431000
unkown
page read and write
 clean
23AE000
unkown
page read and write
 clean
6BA000
heap default
page read and write
 clean
4DB0000
heap private
page execute and read and write
 clean
670000
unkown
page readonly
 clean
6D0000
heap private
page execute and read and write
 clean
3150000
unkown
page readonly
 clean
4952000
unkown
page read and write
 clean
4952000
unkown
page read and write
 clean
27D0000
unkown
page read and write
 clean
4948000
unkown
page read and write
 clean
2DC2000
unkown
page readonly
 clean
5EB0000
heap private
page read and write
 clean
62D000
unkown
page read and write
 clean
5A7000
heap default
page read and write
 clean
2B00000
unkown
page readonly
 clean
9F0000
unkown
page read and write
 clean
1E0000
unkown
page readonly
 clean
48F6000
unkown
page read and write
 clean
2F69000
unkown
page readonly
 clean
2B8000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
950000
unkown
page readonly
 clean
140000
unkown
page readonly
 clean
5A60000
unkown
page readonly
 clean
250000
unkown
page read and write
 clean
9F0000
unkown
page read and write
 clean
4A21000
unkown
page read and write
 clean
4750000
unkown
page readonly
 clean
5A0000
heap default
page read and write
 clean
170000
heap private
page read and write
 clean
3130000
unkown
page readonly
 clean
470000
heap default
page read and write
 clean
163000
unkown
page execute and read and write
 clean
110000
unkown
page read and write
 clean
860000
unkown image
page readonly
 clean
474000
heap default
page read and write
 clean
20BF000
unkown
page read and write
 clean
487F000
unkown
page read and write
 clean
4E90000
heap private
page execute and read and write
 clean
2B20000
unkown
page readonly
 clean
63C000
unkown
page read and write
 clean
6CF000
unkown
page read and write
 clean
1CA0000
unkown
page readonly
 clean
2344000
unkown
page read and write
 clean
2DC4000
unkown
page readonly
 clean
243E000
unkown
page read and write
 clean
4870000
unkown
page read and write
 clean
9F0000
unkown
page read and write
 clean
13C000
unkown
page read and write
 clean
3A0000
unkown
page read and write
 clean
554000
heap private
page read and write
 clean
48D2000
unkown
page read and write
 clean
5410000
heap private
page read and write
 clean
5D6000
heap default
page read and write
 clean
4DDE000
unkown
page read and write
 clean
44A000
unkown image
page readonly
 clean
2DE000
heap default
page read and write
 clean
35F0000
unkown
page read and write
 clean
2824000
heap private
page read and write
 clean
B79000
unkown image
page readonly
 clean
290000
unkown
page read and write
 clean
4970000
unkown
page readonly
 clean
71A000
heap default
page read and write
 clean
2740000
unkown
page readonly
 clean
23FF000
unkown
page read and write
 clean
7D0000
unkown
page readonly
 clean
5E0000
unkown
page readonly
 clean
2A85000
heap private
page read and write
 clean
4C3000
unkown
page read and write
 clean
5CDE000
unkown
page read and write
 clean
2A0000
heap default
page read and write
 clean
4885000
unkown
page read and write
 clean
896000
heap private
page read and write
 clean
4877000
unkown
page read and write
 clean
5C4000
heap default
page read and write
 clean
197000
unkown
page execute and read and write
 clean
35E000
unkown
page read and write
 clean
440000
unkown
page read and write
 clean
2F55000
unkown
page readonly
 clean
572000
heap private
page read and write
 clean
54E000
unkown
page read and write
 clean
4DA000
heap default
page read and write
 clean
5780000
heap private
page read and write
 clean
570000
unkown
page read and write
 clean
5F0000
heap default
page read and write
 clean
260000
unkown
page read and write
 clean
10000000
unkown image
page readonly
 clean
2EED000
unkown
page readonly
 clean
22C000
unkown
page read and write
 clean
6BC000
heap default
page read and write
 clean
6F8000
unkown
page read and write
 clean
487D000
unkown
page read and write
 clean
7DE000
unkown
page read and write
 clean
23D0000
unkown
page read and write
 clean
364000
heap private
page read and write
 clean
557D000
unkown
page read and write
 clean
382000
heap private
page read and write
 clean
2DB000
unkown
page read and write
 clean
81D000
unkown
page read and write
 clean
62E000
unkown
page read and write
 clean
4952000
unkown
page read and write
 clean
150000
unkown
page read and write
 clean
2F02000
unkown
page readonly
 clean
87000
unkown
page read and write
 clean
2E02000
unkown
page readonly
 clean
820000
unkown
page readonly
 clean
449000
unkown
page read and write
 clean
27D0000
unkown
page read and write
 clean
4952000
unkown
page read and write
 clean
4B01000
unkown
page read and write
 clean
2ED5000
unkown
page readonly
 clean
124000
unkown
page read and write
 clean
9F0000
unkown
page read and write
 clean
6BD000
heap default
page read and write
 clean
157000
unkown
page execute and read and write
 clean
200000
heap default
page read and write
 clean
544000
heap private
page read and write
 clean
2DE4000
unkown
page readonly
 clean
209E000
unkown
page read and write
 clean
486F000
unkown
page read and write
 clean
9F0000
unkown
page read and write
 clean
4948000
unkown
page read and write
 clean
4952000
unkown
page read and write
 clean
940000
unkown
page readonly
 clean
110000
unkown
page read and write
 clean
B70000
unkown image
page readonly
 clean
545E000
unkown
page read and write
 clean
6D7000
heap default
page read and write
 clean
7EF40000
unkown
page execute and read and write
 clean
48D2000
unkown
page read and write
 clean
757000
heap default
page read and write
 clean
9F0000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
2E45000
unkown
page readonly
 clean
6AE000
heap default
page read and write
 clean
930000
heap private
page read and write
 clean
3C4000
heap default
page read and write
 clean
240000
unkown
page readonly
 clean
6EE000
unkown
page read and write
 clean
210000
unkown
page read and write
 clean
6D0000
heap default
page read and write
 clean
4CCE000
unkown
page read and write
 clean
420000
unkown
page read and write
 clean
378000
unkown
page read and write
 clean
590000
unkown image
page readonly
 clean
1D0000
unkown
page read and write
 clean
19E000
unkown image
page readonly
 clean
27CF000
unkown
page read and write
 clean
450000
heap default
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
59FE000
unkown
page read and write
 clean
152000
unkown
page read and write
 clean
489B000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
8DE000
unkown
page read and write
 clean
580000
unkown
page readonly
 clean
4DF0000
unkown
page readonly
 clean
6CD000
heap default
page read and write
 clean
426000
unkown
page read and write
 clean
4CA000
unkown
page read and write
 clean
550000
unkown
page read and write
 clean
3401000
unkown
page read and write
 clean
410000
heap private
page read and write
 clean
474E000
unkown
page read and write
 clean
4470000
unkown
page readonly
 clean
538000
heap default
page read and write
 clean
6A4000
heap default
page read and write
 clean
157000
unkown
page execute and read and write
 clean
AC0000
unkown
page readonly
 clean
4A82000
unkown
page read and write
 clean
531000
heap default
page read and write
 clean
130000
unkown
page read and write
 clean
100000
unkown
page readonly
 clean
2C02000
unkown
page readonly
 clean
9F0000
unkown
page read and write
 clean
6D0000
unkown
page readonly
 clean
621000
unkown
page read and write
 clean
3D6000
heap default
page read and write
 clean
5E2000
heap default
page read and write
 clean
18A000
unkown
page execute and read and write
 clean
180000
unkown
page readonly
 clean
1FBE000
unkown
page read and write
 clean
2DE2000
unkown
page readonly
 clean
62D000
unkown
page read and write
 clean
12D000
unkown
page execute and read and write
 clean
2EB6000
unkown
page readonly
 clean
170000
unkown
page read and write
 clean
249F000
unkown
page read and write
 clean
110000
unkown
page read and write
 clean
250000
unkown
page read and write
 clean
B70000
unkown image
page readonly
 clean
48D2000
unkown
page read and write
 clean
3CD000
heap default
page read and write
 clean
136000
unkown
page read and write
 clean
23F0000
heap private
page execute and read and write
 clean
850000
unkown
page read and write
 clean
5EE000
unkown
page read and write
 clean
4F0000
unkown
page readonly
 clean
48D2000
unkown
page read and write
 clean
372F000
unkown
page read and write
 clean
3B8000
unkown
page read and write
 clean
369000
unkown
page read and write
 clean
5C10000
unkown
page read and write
 clean
430000
unkown
page read and write
 clean
190000
unkown image
page readonly
 clean
450000
unkown
page read and write
 clean
23AE000
unkown
page read and write
 clean
750000
heap default
page read and write
 clean
2D02000
unkown
page readonly
 clean
2300000
unkown
page readonly
 clean
20000
unkown
page read and write
 clean
3570000
unkown
page read and write
 clean
24E6000
unkown
page read and write
 clean
5BD4000
heap private
page read and write
 clean
22DF000
unkown
page read and write
 clean
382F000
unkown
page read and write
 clean
2A80000
heap private
page read and write
 clean
20000
unkown
page read and write
 clean
124000
unkown
page read and write
 clean
533E000
unkown
page read and write
 clean
100000
unkown
page read and write
 clean
12D000
unkown
page execute and read and write
 clean
1E0000
unkown
page read and write
 clean
4952000
unkown
page read and write
 clean
2E0000
unkown
page readonly
 clean
2220000
unkown
page readonly
 clean
5E1000
unkown
page read and write
 clean
5432000
heap private
page read and write
 clean
5415000
heap private
page read and write
 clean
550000
unkown
page read and write
 clean
3377000
unkown
page readonly
 clean
2C08000
unkown
page readonly
 clean
3C6000
heap private
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
234D000
unkown
page read and write
 clean
24E4000
unkown
page read and write
 clean
10000000
unkown image
page readonly
 clean
147000
unkown
page execute and read and write
 clean
32E1000
unkown
page read and write
 clean
390000
heap default
page read and write
 clean
920000
unkown image
page readonly
 clean
9F0000
unkown
page read and write
 clean
B79000
unkown image
page readonly
 clean
5F0000
unkown
page read and write
 clean
76E000
heap default
page read and write
 clean
92E000
unkown image
page readonly
 clean
F0000
unkown
page read and write
 clean
71C000
heap default
page read and write
 clean
219B000
heap private
page read and write
 clean
409000
unkown image
page read and write
 clean
B71000
unkown image
page execute read
 clean
238B000
unkown
page read and write
 clean
20D000
unkown
page read and write
 clean
22DE000
unkown
page read and write | page guard
 clean
62E000
unkown
page read and write
 clean
2160000
heap private
page read and write
 clean
2ABB000
heap private
page read and write
 clean
140000
unkown
page write copy
 clean
14A000
unkown
page execute and read and write
 clean
1E30000
unkown
page readonly
 clean
5570000
unkown
page read and write
 clean
614000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
550000
unkown
page read and write
 clean
2F85000
unkown
page readonly
 clean
2364000
unkown
page read and write
 clean
2880000
unkown
page readonly
 clean
4D8D000
unkown
page read and write
 clean
80000
unkown
page readonly
 clean
2D0000
heap default
page read and write
 clean
2820000
heap private
page read and write
 clean
182000
unkown
page read and write
 clean
44A000
unkown image
page readonly
 clean
27D0000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
2E56000
unkown
page readonly
 clean
9C7000
heap private
page read and write
 clean
9F0000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
23CF000
unkown
page read and write
 clean
4430000
unkown
page readonly
 clean
100000
unkown
page read and write
 clean
1D0000
unkown
page read and write
 clean
2EE6000
unkown
page readonly
 clean
2437000
unkown
page read and write
 clean
190000
unkown image
page readonly
 clean
5875000
heap private
page read and write
 clean
670000
heap default
page read and write
 clean
6A0000
unkown
page readonly
 clean
474F000
unkown
page read and write
 clean
B7D000
unkown image
page write copy
 clean
940000
unkown
page readonly
 clean
190000
unkown image
page readonly
 clean
220000
unkown
page read and write
 clean
F0000
heap private
page read and write
 clean
77B000
unkown
page read and write
 clean
123000
unkown
page execute and read and write
 clean
30FE000
unkown
page read and write
 clean
70000
unkown
page read and write
 clean
50C000
heap default
page read and write
 clean
550000
heap private
page read and write
 clean
4AF8000
unkown
page read and write
 clean
5AE000
unkown
page read and write
 clean
29AC000
unkown
page read and write
 clean
24C1000
unkown
page read and write
 clean
7BE000
unkown
page read and write
 clean
710000
unkown
page readonly
 clean
487F000
unkown
page read and write
 clean
2401000
unkown
page read and write
 clean
4A28000
unkown
page read and write
 clean
220000
unkown
page read and write
 clean
5892000
heap private
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
There are 598 hidden memdumps, click here to show them.