IOC Report

loading gif

Files

File Path
Type
Category
Malicious
Invoice.xlsm
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\Desktop\~$Invoice.xlsm
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\suspendedpage[1].htm
HTML document, ASCII text, with very long lines
downloaded
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5EEDDA76.png
PNG image data, 1714 x 241, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\3F61.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFF5ECB97273E842F1.TMP
data
dropped
 clean
C:\Users\user\besta.ocx
HTML document, ASCII text, with very long lines
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.2932256944
 malicious

URLs

Name
IP
Malicious
http://crackedshop.org/9/q080U0ARYYL/
94.102.59.39
 malicious
https://ascarya.digital/wp-content/ZH4rirU
unknown
 malicious
https://ascarya.digital/wp-content/ZH4rirU/
unknown
 malicious
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://crackedshop.org/cgi-sys/suspendedpage.cgi
94.102.59.39
 clean
http://purl.or
unknown
 clean
http://crackedshop.org/cgi-sys/suspendedpage.cgi5
unknown
 clean
https://ascarya.digital/wp-con
unknown
 clean
https://ascarya.digit
unknown
 clean
https://ascarya.digital/wp-conte
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://schemas.open
unknown
 clean
https://ascarya.digital/wp-content%https://ascarya.digital/wp-content/ZH&https://ascarya.digital/wp-
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.openformatrg/package/2006/r
unknown
 clean
https://ascarya.digital/w
unknown
 clean
http://investor.msn.com/
unknown
 clean
https://ascarya.digital
unknown
 clean
https://ascarya.digital/
unknown
 clean
https://ascarya.dig
unknown
 clean
https://ascarya.digital/wp-c
unknown
 clean
There are 15 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
crackedshop.org
94.102.59.39
 clean
ascarya.digital
67.207.81.73
 clean

IPs

IP
Domain
Country
Malicious
94.102.59.39
crackedshop.org
Netherlands
clean
67.207.81.73
ascarya.digital
United States
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
/|%
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2CAFC
2CAFC
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
}e%
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\7472E
7472E
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\74E6E
74E6E
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common
QMSessionCount
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\General
LastAutoSavePurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
There are 52 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7EFC0000
unkown image
page readonly
 clean
3888000
unkown
page read and write
 clean
4AE2000
stack
page read and write
 clean
38B0000
unkown
page read and write
 clean
6C28000
unkown
page read and write
 clean
5AA9000
unkown
page read and write
 clean
35D0000
unkown
page read and write
 clean
6E854000
unkown image
page read and write
 clean
58B0000
stack
page read and write
 clean
31E0000
unkown
page read and write
 clean
377000
unkown
page read and write
 clean
537000
heap default
page read and write
 clean
346000
unkown
page read and write
 clean
6C44000
unkown
page read and write
 clean
6E80000
heap private
page read and write
 clean
44FF000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
5A45000
unkown
page read and write
 clean
C0000
unkown image
page readonly
 clean
58A6000
unkown
page read and write
 clean
584A000
unkown
page read and write
 clean
3160000
unkown
page read and write
 clean
718C000
unkown
page read and write
 clean
5510000
unkown
page read and write
 clean
7502000
unkown
page read and write
 clean
7110000
unkown
page read and write
 clean
5850000
unkown
page read and write
 clean
1C56000
unkown
page read and write
 clean
3210000
unkown image
page read and write
 clean
3810000
unkown
page read and write
 clean
1D43000
unkown
page read and write
 clean
4DF0000
stack
page read and write
 clean
30000
unkown image
page read and write
 clean
54C8000
unkown
page read and write
 clean
4AE2000
stack
page read and write
 clean
1D3E000
unkown
page read and write
 clean
5AD1000
unkown
page read and write
 clean
22A000
unkown
page read and write
 clean
4E20000
stack
page read and write
 clean
59B0000
unkown
page read and write
 clean
5A7F000
unkown
page read and write
 clean
4F66000
unkown
page read and write
 clean
5530000
unkown
page read and write
 clean
23B0000
heap private
page read and write
 clean
5510000
unkown
page read and write
 clean
5A9D000
unkown
page read and write
 clean
259B000
heap private
page read and write
 clean
1D74000
unkown
page read and write
 clean
7110000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
155000
unkown
page read and write
 clean
7800000
heap private
page read and write
 clean
1D65000
unkown
page read and write
 clean
31F0000
unkown
page read and write
 clean
5510000
unkown
page read and write
 clean
38C0000
unkown
page read and write
 clean
530000
heap default
page read and write
 clean
2DB000
heap default
page read and write
 clean
38D0000
unkown
page read and write
 clean
90000
unkown
page read and write
 clean
860000
unkown
page read and write
 clean
16E0000
unkown image
page readonly
 clean
2E0000
unkown
page read and write
 clean
5864000
unkown
page read and write
 clean
710000
unkown image
page readonly
 clean
7110000
unkown
page read and write
 clean
1DE000
heap default
page read and write
 clean
1DAE000
unkown
page read and write
 clean
3AD0000
unkown
page read and write
 clean
554000
heap default
page read and write
 clean
4E70000
unkown
page read and write
 clean
5AC2000
unkown
page read and write
 clean
D0000
heap private
page read and write
 clean
EC0000
unkown
page read and write
 clean
5510000
unkown
page read and write
 clean
13C000
unkown
page read and write
 clean
5BB0000
unkown
page read and write
 clean
3260000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
43D1000
stack
page read and write
 clean
4F0000
heap private
page read and write
 clean
3200000
unkown image
page readonly
 clean
2064000
unkown
page read and write
 clean
360000
unkown
page read and write
 clean
6E50000
heap private
page read and write
 clean
7410000
heap private
page read and write
 clean
59B8000
unkown
page read and write
 clean
7FB0000
unkown
page read and write
 clean
7130000
unkown
page read and write
 clean
554F000
unkown
page read and write
 clean
A9F000
stack
page read and write
 clean
7175000
unkown
page read and write
 clean
A0000
unkown image
page read and write
 clean
4EE000
stack
page read and write
 clean
7110000
unkown
page read and write
 clean
3870000
unkown
page read and write
 clean
6E84B000
unkown image
page read and write
 clean
2560000
unkown
page read and write
 clean
3880000
unkown
page read and write
 clean
43AC000
stack
page read and write
 clean
6BB0000
unkown
page read and write
 clean
6F90000
unkown
page read and write
 clean
4BD0000
stack
page read and write
 clean
5A7F000
unkown
page read and write
 clean
556A000
unkown
page read and write
 clean
31B0000
unkown
page read and write
 clean
6C70000
unkown image
page read and write
 clean
5510000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
BBF000
stack
page read and write
 clean
3850000
unkown
page read and write
 clean
20CB000
heap private
page read and write
 clean
90000
unkown image
page readonly
 clean
5BB0000
unkown
page read and write
 clean
370000
heap default
page read and write
 clean
90F000
stack
page read and write
 clean
2110000
unkown image
page readonly
 clean
80000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
490000
unkown image
page readonly
 clean
7175000
unkown
page read and write
 clean
2040000
unkown
page read and write
 clean
4B90000
stack
page read and write
 clean
46DE000
stack
page read and write
 clean
31C0000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
4E46000
stack
page read and write
 clean
410000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
B37000
unkown image
page readonly
 clean
3243000
unkown
page read and write
 clean
36E000
heap default
page read and write
 clean
B4000
heap private
page read and write
 clean
75C0000
heap private
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
2095000
heap private
page read and write
 clean
6C00000
unkown
page read and write
 clean
364000
unkown
page read and write
 clean
583E000
stack
page read and write
 clean
30C2000
heap private
page read and write
 clean
7F62000
unkown
page read and write
 clean
5070000
unkown image
page readonly
 clean
C0000
unkown image
page readonly
 clean
43B0000
stack
page read and write
 clean
5A9D000
unkown
page read and write
 clean
2598000
heap private
page read and write
 clean
4F4000
heap private
page read and write
 clean
2595000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
6CAE000
heap private
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
45D0000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
30000
unkown image
page readonly
 clean
290000
heap default
page read and write
 clean
2F0000
heap default
page read and write
 clean
2044000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
4B0000
unkown
page read and write
 clean
349F000
stack
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
46E0000
unkown image
page readonly
 clean
4FD0000
unkown
page read and write
 clean
3890000
heap private
page read and write
 clean
3050000
unkown
page read and write
 clean
7F25000
unkown
page read and write
 clean
6BB0000
unkown
page read and write
 clean
551C000
unkown
page read and write
 clean
2590000
heap private
page read and write
 clean
480000
unkown
page read and write
 clean
3AE0000
unkown
page read and write
 clean
5A89000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
2594000
heap private
page read and write
 clean
6BC0000
unkown
page read and write
 clean
D30000
unkown
page read and write
 clean
2020000
unkown
page read and write
 clean
250000
unkown
page read and write
 clean
176000
unkown
page read and write
 clean
58A0000
unkown
page read and write
 clean
7158000
unkown
page read and write
 clean
1D33000
unkown
page read and write
 clean
5539000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
7F62000
unkown
page read and write
 clean
82C0000
unkown
page read and write
 clean
58ED000
stack
page read and write
 clean
31D0000
unkown
page read and write
 clean
580000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
5850000
unkown
page read and write
 clean
43BD000
stack
page read and write
 clean
34A0000
unkown
page read and write
 clean
2CD000
heap default
page read and write
 clean
7158000
unkown
page read and write
 clean
315E000
stack
page read and write
 clean
4BB0000
stack
page read and write
 clean
3B50000
heap private
page read and write
 clean
2599000
heap private
page read and write
 clean
5550000
unkown
page read and write
 clean
5886000
unkown
page read and write
 clean
34B0000
unkown
page read and write
 clean
7110000
unkown
page read and write
 clean
3B1000
heap default
page read and write
 clean
5A08000
unkown
page read and write
 clean
2060000
unkown
page read and write
 clean
5A00000
unkown
page read and write
 clean
65300000
unkown image
page readonly
 clean
23F000
heap default
page read and write
 clean
4AE0000
stack
page read and write
 clean
570000
unkown image
page readonly
 clean
80D0000
heap private
page read and write
 clean
AD000
unkown
page read and write
 clean
6F09000
unkown image
page readonly
 clean
3840000
unkown
page read and write
 clean
72C0000
unkown
page read and write
 clean
5540000
unkown
page read and write
 clean
460000
unkown
page read and write
 clean
630000
unkown image
page readonly
 clean
6BC7000
unkown
page read and write
 clean
2069000
unkown
page read and write
 clean
7DBA000
unkown
page read and write
 clean
3B7000
heap default
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
5510000
unkown
page read and write
 clean
4C0000
unkown
page read and write
 clean
3170000
unkown
page read and write
 clean
3800000
unkown
page read and write
 clean
36F0000
unkown
page read and write
 clean
3F0000
unkown image
page readonly
 clean
5560000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
4F70000
unkown
page read and write
 clean
555B000
unkown
page read and write
 clean
5840000
unkown
page read and write
 clean
4B90000
stack
page read and write
 clean
4BD0000
stack
page read and write
 clean
1A7000
heap default
page read and write
 clean
44A0000
unkown
page read and write
 clean
1DCD000
heap private
page read and write
 clean
388000
unkown
page read and write
 clean
38C000
heap default
page read and write
 clean
7240000
heap private
page read and write
 clean
2D6000
heap default
page read and write
 clean
5AC2000
unkown
page read and write
 clean
38C4000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
6C04000
unkown
page read and write
 clean
361000
heap default
page read and write
 clean
5888000
unkown
page read and write
 clean
5570000
unkown
page read and write
 clean
1D50000
unkown
page read and write
 clean
6E23000
unkown
page read and write
 clean
5AA9000
unkown
page read and write
 clean
5510000
unkown
page read and write
 clean
4B00000
stack
page read and write
 clean
4D40000
unkown
page read and write
 clean
396E000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
370000
heap default
page read and write
 clean
6E530000
unkown image
page readonly
 clean
7FFFFFB2000
unkown image
page readonly
 clean
1DC0000
heap private
page read and write
 clean
5510000
unkown
page read and write
 clean
310000
unkown
page read and write
 clean
6E85C000
unkown image
page read and write
 clean
5BB0000
unkown
page read and write
 clean
718C000
unkown
page read and write
 clean
4AE0000
stack
page read and write
 clean
59D0000
unkown
page read and write
 clean
5901000
stack
page read and write
 clean
6BE0000
unkown
page read and write
 clean
524000
heap private
page read and write
 clean
5510000
unkown
page read and write
 clean
6E3D000
unkown
page read and write
 clean
4370000
unkown
page read and write
 clean
3B57000
heap private
page read and write
 clean
6F0F000
unkown image
page readonly
 clean
58DC000
stack
page read and write
 clean
7110000
unkown
page read and write
 clean
31A0000
unkown
page read and write
 clean
7110000
unkown
page read and write
 clean
6D56000
unkown
page read and write
 clean
44F0000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
5510000
unkown
page read and write
 clean
5AA1000
unkown
page read and write
 clean
7B0000
unkown image
page readonly
 clean
35C0000
unkown
page read and write
 clean
87CE000
stack
page read and write
 clean
6BB0000
unkown
page read and write
 clean
7110000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
718C000
unkown
page read and write
 clean
4390000
unkown image
page readonly
 clean
4AD0000
unkown
page read and write
 clean
77AE000
stack
page read and write
 clean
1D87000
unkown
page read and write
 clean
6F4F000
heap private
page read and write
 clean
4D49000
unkown
page read and write
 clean
214000
heap default
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
3820000
unkown
page read and write
 clean
820000
unkown image
page readonly
 clean
5510000
unkown
page read and write
 clean
7175000
unkown
page read and write
 clean
7630000
heap private
page read and write
 clean
6FD0000
heap private
page read and write
 clean
7C0000
unkown image
page readonly
 clean
5840000
unkown
page read and write
 clean
4450000
stack
page read and write
 clean
2080000
heap private
page read and write
 clean
6F19000
heap private
page read and write
 clean
394000
heap default
page read and write
 clean
5890000
unkown
page read and write
 clean
6E858000
unkown image
page write copy
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
6F10000
heap private
page read and write
 clean
3970000
unkown
page read and write
 clean
7110000
unkown
page read and write
 clean
297000
heap default
page read and write
 clean
3980000
unkown
page read and write
 clean
4378000
unkown
page read and write
 clean
31B8000
unkown
page read and write
 clean
1DC5000
heap private
page read and write
 clean
387D000
unkown
page read and write
 clean
397F000
unkown
page read and write
 clean
6C90000
unkown image
page read and write
 clean
557E000
unkown
page read and write
 clean
4FB7000
unkown
page read and write
 clean
5257000
unkown image
page readonly
 clean
3894000
heap private
page read and write
 clean
5450000
unkown
page read and write
 clean
6E54000
heap private
page read and write
 clean
5BB0000
unkown
page read and write
 clean
186000
unkown
page read and write
 clean
5543000
unkown
page read and write
 clean
36EF000
stack
page read and write
 clean
70000
unkown
page read and write
 clean
35C8000
unkown
page read and write
 clean
567000
heap default
page read and write
 clean
6E30000
unkown
page read and write
 clean
6CA0000
heap private
page read and write
 clean
44F000
stack
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
6E801000
unkown image
page readonly
 clean
72C0000
unkown
page read and write
 clean
2F50000
unkown
page read and write
 clean
56D000
heap default
page read and write
 clean
391000
unkown
page read and write
 clean
420000
unkown
page read and write
 clean
5840000
unkown
page read and write
 clean
1DB0000
unkown image
page readonly
 clean
37F8000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
58A0000
unkown
page read and write
 clean
7110000
unkown
page read and write
 clean
4D60000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
32D000
heap default
page read and write
 clean
3830000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
150000
unkown
page read and write
 clean
5567000
unkown
page read and write
 clean
2500000
unkown
page read and write
 clean
591C000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
59F5000
unkown
page read and write
 clean
388000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
5BB0000
unkown image
page read and write
 clean
520000
heap private
page read and write
 clean
3967000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
5905000
unkown
page read and write
 clean
6BB0000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
396000
unkown
page read and write
 clean
4E20000
stack
page read and write
 clean
6C34000
unkown
page read and write
 clean
35E0000
unkown
page read and write
 clean
4E40000
stack
page read and write
 clean
5562000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
6F90000
unkown
page read and write
 clean
3962000
unkown
page read and write
 clean
5510000
unkown
page read and write
 clean
5840000
unkown
page read and write
 clean
1D9E000
unkown
page read and write
 clean
6C80000
unkown image
page read and write
 clean
2030000
unkown
page read and write
 clean
6F00000
unkown image
page readonly
 clean
74C5000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
6C10000
unkown image
page readonly
 clean
190000
unkown image
page readonly
 clean
3230000
unkown
page read and write
 clean
7110000
unkown
page read and write
 clean
3245000
unkown
page read and write
 clean
1C20000
unkown
page read and write
 clean
6BB0000
unkown
page read and write
 clean
5A85000
unkown
page read and write
 clean
7090000
heap private
page read and write
 clean
6F04000
unkown image
page readonly
 clean
4BC0000
stack
page read and write
 clean
690000
unkown image
page readonly
 clean
2570000
unkown image
page readonly
 clean
3380000
unkown
page read and write
 clean
6E531000
unkown image
page execute read
 clean
72C0000
unkown
page read and write
 clean
4E02000
stack
page read and write
 clean
680000
unkown image
page readonly
 clean
4500000
unkown
page read and write
 clean
6BB0000
unkown
page read and write
 clean
4D0000
unkown
page read and write
 clean
336F000
stack
page read and write
 clean
3965000
unkown
page read and write
 clean
2580000
unkown image
page readonly
 clean
7FFFFFB2000
unkown image
page readonly
 clean
5880000
unkown
page read and write
 clean
B0000
heap private
page read and write
 clean
549D000
unkown
page read and write
 clean
7130000
unkown
page read and write
 clean
204D000
unkown
page read and write
 clean
2B0000
unkown
page read and write
 clean
4DF0000
stack
page read and write
 clean
12D000
unkown
page read and write
 clean
4E50000
stack
page read and write
 clean
4550000
heap private
page execute and read and write
 clean
3B30000
unkown
page read and write
 clean
6D20000
unkown
page read and write
 clean
3190000
unkown
page read and write
 clean
B0000
unkown image
page readonly
 clean
802F000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
1DC7000
heap private
page read and write
 clean
3370000
unkown
page read and write
 clean
388000
unkown
page read and write
 clean
5510000
unkown
page read and write
 clean
1D70000
unkown
page read and write
 clean
5520000
unkown
page read and write
 clean
4AE0000
stack
page read and write
 clean
12D0000
unkown
page read and write
 clean
38A0000
unkown
page read and write
 clean
140000
unkown
page read and write
 clean
4F55000
unkown
page read and write
 clean
4E50000
stack
page read and write
 clean
38E0000
heap private
page read and write
 clean
A6D000
stack
page read and write
 clean
5A7F000
unkown
page read and write
 clean
4BC6000
stack
page read and write
 clean
5840000
unkown
page read and write
 clean
2050000
unkown
page read and write
 clean
5A42000
unkown
page read and write
 clean
6CA5000
heap private
page read and write
 clean
30A0000
heap private
page read and write
 clean
17B000
unkown
page read and write
 clean
2090000
heap private
page read and write
 clean
7550000
unkown
page read and write
 clean
377000
unkown
page read and write
 clean
4A0000
unkown
page read and write
 clean
2023000
unkown
page read and write
 clean
35BF000
stack
page read and write
 clean
5A9D000
unkown
page read and write
 clean
1D60000
unkown
page read and write
 clean
5510000
unkown
page read and write
 clean
82D0000
unkown
page read and write
 clean
3F0000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
1D30000
unkown
page read and write
 clean
6F90000
unkown
page read and write
 clean
5AA9000
unkown
page read and write
 clean
6BFF000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
4FCD000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
552A000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
376000
unkown
page read and write
 clean
396A000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
7110000
unkown
page read and write
 clean
82BA000
stack
page read and write
 clean
58B5000
stack
page read and write
 clean
4E50000
stack
page read and write
 clean
3860000
unkown
page read and write
 clean
7FB0000
unkown
page read and write
 clean
5850000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
588A000
unkown
page read and write
 clean
3ACD000
stack
page read and write
 clean
500000
unkown image
page readonly
 clean
4E20000
stack
page read and write
 clean
34F000
heap default
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
2590000
heap private
page read and write
 clean
2F6000
heap default
page read and write
 clean
50000
unkown image
page readonly
 clean
58E8000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
7130000
unkown
page read and write
 clean
7E70000
heap private
page read and write
 clean
1D98000
unkown
page read and write
 clean
6BD0000
unkown
page read and write
 clean
6BF0000
unkown
page read and write
 clean
5674000
stack
page read and write
 clean
6E85F000
unkown image
page readonly
 clean
7F25000
unkown
page read and write
 clean
4E00000
stack
page read and write
 clean
7FEFF1A0000
unkown
page execute read
 clean
24E0000
unkown
page read and write
 clean
5840000
unkown
page read and write
 clean
300000
heap private
page read and write
 clean
5AA9000
unkown
page read and write
 clean
1D90000
unkown
page read and write
 clean
58C0000
unkown
page read and write
 clean
3390000
unkown
page read and write
 clean
30A4000
heap private
page read and write
 clean
10000
unkown image
page read and write
 clean
43A0000
stack
page read and write
 clean
7880000
unkown
page read and write
 clean
4362000
unkown
page read and write
 clean
4E10000
stack
page read and write
 clean
377000
unkown
page read and write
 clean
4AE0000
stack
page read and write
 clean
4AE0000
stack
page read and write
 clean
4E06000
stack
page read and write
 clean
4AE0000
stack
page read and write
 clean
2F86000
unkown
page read and write
 clean
4E20000
stack
page read and write
 clean
7110000
unkown
page read and write
 clean
1AD0000
unkown
page read and write
 clean
3180000
unkown
page read and write
 clean
1A0000
heap default
page read and write
 clean
1D40000
unkown
page read and write
 clean
B0000
heap private
page read and write
 clean
4BCA000
stack
page read and write
 clean
7158000
unkown
page read and write
 clean
7110000
unkown
page read and write
 clean
950000
unkown image
page readonly
 clean
377000
unkown
page read and write
 clean
44FC000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
4BB0000
stack
page read and write
 clean
7110000
unkown
page read and write
 clean
4D20000
unkown
page read and write
 clean
There are 542 hidden memdumps, click here to show them.