IOC Report

loading gif

Files

File Path
Type
Category
Malicious
FILE_915494026923219.xlsm
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\gb[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Desktop\~$FILE_915494026923219.xlsm
data
dropped
 malicious
C:\Users\user\besta.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3326FDF8.png
PNG image data, 1714 x 241, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\B960.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF331C8CD839ED59BF.TMP
data
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.4022966435
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\besta.ocx",Control_RunDLL
 malicious

URLs

Name
IP
Malicious
https://www.escapelle.uz/wp-includes/n1vS/a
unknown
 malicious
https://www.escapelle.uz/wp-includ$https://www.escapelle.uz/wp-includes
unknown
 malicious
https://www.escapelle.uz/wp-in
unknown
 malicious
https://www.escapelle.uz/wp-includes/n1
unknown
 malicious
https://www.escapelle.uz/wp-includes/n1vS/D
unknown
 malicious
https://www.escapelle.uz/w
unknown
 malicious
https://www.escapelle.uz/1
unknown
 malicious
https://www.escapelle.uz/wp-incl
unknown
 malicious
https://www.escapelle.uz/)
unknown
 malicious
https://www.escapelle.uz/wp-includes/n1vS/
62.209.128.105
 malicious
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://crl.entrust.net/server1.crl0
unknown
 clean
http://schemas.openformatrg/drawml/2006/spreadsheetD
unknown
 clean
http://ocsp.entrust.net03
unknown
 clean
http://schemas.openformatrg/package/2006/content-t
unknown
 clean
https://www.escapelle.u
unknown
 clean
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
 clean
http://www.diginotar.nl/cps/pkioverheid0
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://schemas.open
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.openformatrg/package/2006/r
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://ocsp.entrust.net0D
unknown
 clean
https://secure.comodo.com/CPS0
unknown
 clean
http://crl.entrust.net/2048ca.crl0
unknown
 clean
There are 21 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
escapelle.uz
62.209.128.105
 malicious
www.escapelle.uz
unknown
 malicious

IPs

IP
Domain
Country
Malicious
195.154.133.20
unknown
France
malicious
212.237.17.99
unknown
Italy
malicious
110.232.117.186
unknown
Australia
malicious
104.245.52.73
unknown
United States
malicious
138.185.72.26
unknown
Brazil
malicious
81.0.236.90
unknown
Czech Republic
malicious
45.118.115.99
unknown
Indonesia
malicious
103.75.201.2
unknown
Thailand
malicious
216.158.226.206
unknown
United States
malicious
107.182.225.142
unknown
United States
malicious
45.118.135.203
unknown
Japan
malicious
50.116.54.215
unknown
United States
malicious
51.68.175.8
unknown
France
malicious
62.209.128.105
escapelle.uz
Uzbekistan
malicious
103.8.26.102
unknown
Malaysia
malicious
46.55.222.11
unknown
Bulgaria
malicious
41.76.108.46
unknown
South Africa
malicious
103.8.26.103
unknown
Malaysia
malicious
178.79.147.66
unknown
United Kingdom
malicious
212.237.5.209
unknown
Italy
malicious
176.104.106.96
unknown
Serbia
malicious
207.38.84.195
unknown
United States
malicious
212.237.56.116
unknown
Italy
malicious
45.142.114.231
unknown
Germany
malicious
203.114.109.124
unknown
Thailand
malicious
210.57.217.132
unknown
Indonesia
malicious
58.227.42.236
unknown
Korea Republic of
malicious
185.184.25.237
unknown
Turkey
malicious
158.69.222.101
unknown
Canada
malicious
104.251.214.46
unknown
United States
malicious
There are 20 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
kp$
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D7E8
2D7E8
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
.|$
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\wuaueng.dll,-400
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3C2C2
3C2C2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3D95E
3D95E
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 clean
There are 59 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2F0000
unkown
page execute and read and write
 malicious
41D000
heap default
page read and write
 malicious
46D000
heap default
page read and write
 malicious
5A37000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
144000
heap private
page read and write
 clean
530000
unkown image
page readonly
 clean
65300000
unkown image
page readonly
 clean
35BD000
unkown
page read and write
 clean
5938000
unkown
page read and write
 clean
5AE0000
unkown image
page read and write
 clean
2060000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
7C80000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
7CC8000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7C80000
unkown
page read and write
 clean
7250000
unkown
page read and write
 clean
59AF000
unkown
page read and write
 clean
4E0000
unkown image
page readonly
 clean
8232000
unkown
page read and write
 clean
7220000
unkown
page read and write
 clean
59EA000
unkown
page read and write
 clean
5971000
unkown
page read and write
 clean
2010000
unkown image
page readonly
 clean
7334000
unkown
page read and write
 clean
5714000
stack
page read and write
 clean
6B0000
unkown image
page readonly
 clean
5584000
stack
page read and write
 clean
4250000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
360000
heap private
page read and write
 clean
33C0000
unkown
page read and write
 clean
7B60000
heap private
page read and write
 clean
7080000
unkown
page read and write
 clean
1D70000
unkown
page read and write
 clean
58FF000
unkown
page read and write
 clean
6C10000
unkown
page read and write
 clean
59AF000
unkown
page read and write
 clean
74F0000
unkown
page read and write
 clean
4FB0000
unkown
page read and write
 clean
460000
heap default
page read and write
 clean
7222000
unkown
page read and write
 clean
3365000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
3F60000
unkown
page read and write
 clean
427000
unkown
page read and write
 clean
1D97000
unkown
page read and write
 clean
6E45D000
unkown image
page read and write
 clean
10000
unkown image
page read and write
 clean
4B30000
stack
page read and write
 clean
2B0000
heap default
page read and write
 clean
6C0000
unkown image
page readonly
 clean
6AE0000
unkown
page read and write
 clean
6B40000
unkown
page read and write
 clean
55F0000
unkown
page read and write
 clean
40FF000
stack
page read and write
 clean
72F0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
A0000
unkown image
page readonly
 clean
6E84000
unkown image
page readonly
 clean
41D7000
unkown
page read and write
 clean
7C80000
unkown
page read and write
 clean
6C60000
unkown
page read and write
 clean
4F56000
unkown
page read and write
 clean
7076000
unkown
page read and write
 clean
3F50000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
3B0000
unkown
page read and write
 clean
5AE0000
unkown
page read and write
 clean
6E44A000
unkown image
page readonly
 clean
6E520000
unkown image
page readonly
 clean
6E410000
unkown image
page readonly
 clean
6B10000
unkown
page read and write
 clean
4A6000
heap default
page read and write
 clean
20B0000
heap private
page read and write
 clean
7C80000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
3F8F000
unkown
page read and write
 clean
3540000
unkown
page read and write
 clean
3F7A000
unkown
page read and write
 clean
5973000
unkown
page read and write
 clean
2E0000
heap default
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
70F000
stack
page read and write
 clean
670000
unkown image
page readonly
 clean
4AA0000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
240000
unkown
page read and write
 clean
3380000
unkown
page read and write
 clean
83A0000
heap private
page read and write
 clean
81B0000
heap private
page read and write
 clean
4AA8000
unkown
page read and write
 clean
417000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
6B30000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
81F5000
unkown
page read and write
 clean
A0000
unkown
page read and write
 clean
7210000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
1D40000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
204D000
unkown
page read and write
 clean
6E90000
unkown
page read and write
 clean
8421000
unkown
page read and write
 clean
5930000
unkown
page read and write
 clean
A0000
unkown image
page readonly
 clean
7C80000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
417000
heap default
page read and write
 clean
6DF4000
unkown
page read and write
 clean
2044000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
3040000
heap private
page read and write
 clean
803A000
stack
page read and write
 clean
8430000
unkown
page read and write
 clean
6B40000
unkown
page read and write
 clean
3070000
unkown
page read and write
 clean
4A92000
unkown
page read and write
 clean
4FAA000
unkown
page read and write
 clean
6B22000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
55C0000
unkown
page read and write
 clean
4B20000
unkown
page read and write
 clean
5925000
unkown
page read and write
 clean
2064000
unkown
page read and write
 clean
4B0000
unkown
page read and write
 clean
35B2000
unkown
page read and write
 clean
33A0000
unkown
page read and write
 clean
6C30000
unkown
page read and write
 clean
1D53000
unkown
page read and write
 clean
359E000
unkown
page read and write
 clean
2565000
heap private
page read and write
 clean
20B5000
heap private
page read and write
 clean
1D50000
unkown
page read and write
 clean
790D000
unkown
page read and write
 clean
8430000
unkown
page read and write
 clean
3FE0000
unkown
page read and write
 clean
7CFC000
unkown
page read and write
 clean
7FEFF1A0000
unkown
page execute read
 clean
7EFD0000
unkown image
page readonly
 clean
4C0000
unkown
page read and write
 clean
1E60000
unkown image
page readonly
 clean
3F7E000
unkown
page read and write
 clean
6E411000
unkown image
page execute read
 clean
7EFE0000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
4D50000
unkown
page read and write
 clean
4FAD000
unkown
page read and write
 clean
20C000
unkown
page read and write
 clean
90000
unkown image
page readonly
 clean
79B0000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
34C000
heap default
page read and write
 clean
7C00000
heap private
page read and write
 clean
303F000
stack
page read and write
 clean
4190000
unkown
page read and write
 clean
7060000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
6B95000
heap private
page read and write
 clean
35B0000
unkown
page read and write
 clean
6C20000
unkown
page read and write
 clean
26D000
unkown
page read and write
 clean
2020000
unkown
page read and write
 clean
7020000
unkown
page read and write
 clean
31A0000
unkown
page read and write
 clean
840000
unkown image
page readonly
 clean
3E76000
unkown
page read and write
 clean
7C80000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
49D000
heap default
page read and write
 clean
6EA0000
heap private
page read and write
 clean
6B50000
unkown
page read and write
 clean
304C000
heap private
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
790D000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
58E0000
unkown
page read and write
 clean
3FE000
stack
page read and write
 clean
31F0000
unkown
page read and write
 clean
6B64000
unkown
page read and write
 clean
6E521000
unkown image
page execute read
 clean
4F48000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
6B9E000
heap private
page read and write
 clean
4FAF000
unkown
page read and write
 clean
7226000
unkown
page read and write
 clean
6E89000
unkown image
page readonly
 clean
A0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
4E5F000
stack
page read and write
 clean
3F40000
unkown
page read and write
 clean
7921000
unkown
page read and write
 clean
59CD000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
90000
unkown image
page readonly
 clean
4FAF000
unkown
page read and write
 clean
1C76000
unkown
page read and write
 clean
7B1E000
stack
page read and write
 clean
324000
heap default
page read and write
 clean
7CFC000
unkown
page read and write
 clean
7925000
unkown
page read and write
 clean
4110000
heap private
page execute and read and write
 clean
8D000
unkown
page read and write
 clean
3210000
unkown image
page read and write
 clean
7CA0000
unkown
page read and write
 clean
C0000
heap private
page read and write
 clean
4FC5000
unkown
page read and write
 clean
3F77000
unkown
page read and write
 clean
6E411000
unkown image
page execute read
 clean
2069000
unkown
page read and write
 clean
78FC000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
7040000
unkown
page read and write
 clean
7030000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
3FF0000
unkown
page read and write
 clean
5A3E000
unkown
page read and write
 clean
404000
heap default
page read and write
 clean
20000
unkown image
page readonly
 clean
2F10000
unkown
page read and write
 clean
2F30000
unkown image
page readonly
 clean
7210000
unkown
page read and write
 clean
8088000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
4B2F000
unkown
page read and write
 clean
55F7000
unkown
page read and write
 clean
6B0000
unkown image
page readonly
 clean
6E20000
unkown image
page readonly
 clean
6B20000
unkown
page read and write
 clean
467000
heap default
page read and write
 clean
33D0000
unkown
page read and write
 clean
3244000
heap private
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
33B0000
unkown
page read and write
 clean
7240000
unkown
page read and write
 clean
1D4E000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
2D0000
heap private
page read and write
 clean
7316000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
400000
unkown
page read and write
 clean
7090000
heap private
page read and write
 clean
2A0000
unkown image
page readonly
 clean
7FFFFFB2000
unkown image
page readonly
 clean
41DB000
unkown
page read and write
 clean
404000
unkown
page read and write
 clean
6D00000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
7240000
unkown
page read and write
 clean
31C0000
unkown
page read and write
 clean
A60000
unkown image
page readonly
 clean
190000
heap private
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
35A0000
unkown
page read and write
 clean
5AE0000
unkown
page read and write
 clean
90000
unkown image
page readonly
 clean
4FC8000
unkown
page read and write
 clean
3570000
unkown
page read and write
 clean
3418000
unkown
page read and write
 clean
436000
unkown
page read and write
 clean
6E460000
unkown image
page readonly
 clean
8060000
unkown
page read and write
 clean
6E70000
heap private
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
7C80000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
304A000
unkown
page read and write
 clean
7CE5000
unkown
page read and write
 clean
7230000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
2130000
unkown image
page readonly
 clean
6AE0000
unkown
page read and write
 clean
6E80000
unkown image
page readonly
 clean
6A0000
unkown image
page readonly
 clean
30000
unkown image
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
4570000
unkown image
page readonly
 clean
58E8000
unkown
page read and write
 clean
4AB000
heap default
page read and write
 clean
6F56000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
2047000
unkown image
page readonly
 clean
6F20000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
707A000
unkown
page read and write
 clean
3080000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7C80000
unkown
page read and write
 clean
4AD0000
unkown
page read and write
 clean
59F2000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
135000
heap private
page read and write
 clean
6B40000
unkown
page read and write
 clean
6E44A000
unkown image
page readonly
 clean
315000
unkown
page execute and read and write
 clean
1D60000
unkown
page read and write
 clean
1DA0000
unkown
page read and write
 clean
6B1B000
unkown
page read and write
 clean
4D0000
unkown
page read and write
 clean
6E844000
unkown image
page read and write
 clean
7C80000
unkown
page read and write
 clean
180000
heap private
page read and write
 clean
7C80000
unkown
page read and write
 clean
6E30000
unkown
page read and write
 clean
7020000
unkown
page read and write
 clean
7260000
unkown
page read and write
 clean
1DBE000
unkown
page read and write
 clean
7080000
unkown
page read and write
 clean
78FC000
unkown
page read and write
 clean
7CE5000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
1DA8000
unkown
page read and write
 clean
3240000
heap private
page read and write
 clean
2500000
unkown
page read and write
 clean
520000
unkown image
page readonly
 clean
4FC1000
unkown
page read and write
 clean
6B88000
unkown
page read and write
 clean
A0000
unkown image
page readonly
 clean
7020000
unkown
page read and write
 clean
6CF0000
unkown
page read and write
 clean
4FC0000
unkown
page read and write
 clean
31D0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
33E8000
unkown
page read and write
 clean
3060000
unkown
page read and write
 clean
6E8F000
unkown image
page readonly
 clean
130000
heap private
page read and write
 clean
100000
unkown image
page readonly
 clean
2EE000
heap default
page read and write
 clean
4FC8000
unkown
page read and write
 clean
7BE0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
1D43000
unkown
page read and write
 clean
5A1E000
unkown
page read and write
 clean
6B86000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
6D40000
unkown image
page read and write
 clean
6E410000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
6E84F000
unkown image
page readonly
 clean
90000
unkown image
page readonly
 clean
1D75000
unkown
page read and write
 clean
206000
unkown
page read and write
 clean
3560000
unkown
page read and write
 clean
6E410000
unkown image
page readonly
 clean
6B09000
unkown
page read and write
 clean
4FD7000
unkown
page read and write
 clean
8280000
unkown
page read and write
 clean
2A6000
unkown
page read and write
 clean
7320000
unkown
page read and write
 clean
7C80000
unkown
page read and write
 clean
3220000
unkown
page read and write
 clean
2040000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
31B0000
unkown
page read and write
 clean
4FC1000
unkown
page read and write
 clean
6B8A000
unkown
page read and write
 clean
3F75000
unkown
page read and write
 clean
3E6000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7270000
heap private
page read and write
 clean
304C000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
417000
unkown
page read and write
 clean
2050000
unkown
page read and write
 clean
4370000
unkown
page read and write
 clean
3F80000
unkown
page read and write
 clean
33F0000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
20EB000
heap private
page read and write
 clean
5A40000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
6E848000
unkown image
page write copy
 clean
270000
unkown
page read and write
 clean
6B4B000
unkown
page read and write
 clean
2030000
unkown
page read and write
 clean
1DAE000
unkown
page read and write
 clean
3F90000
unkown
page read and write
 clean
4E60000
unkown
page read and write
 clean
3550000
unkown
page read and write
 clean
6E90000
unkown
page read and write
 clean
7C80000
unkown
page read and write
 clean
35A8000
unkown
page read and write
 clean
5994000
unkown
page read and write
 clean
7C80000
unkown
page read and write
 clean
3E0000
heap default
page read and write
 clean
3200000
unkown image
page readonly
 clean
571E000
stack
page read and write
 clean
7CA0000
unkown
page read and write
 clean
F0000
unkown
page read and write
 clean
7470000
heap private
page read and write
 clean
746E000
stack
page read and write
 clean
170000
unkown image
page readonly
 clean
4F60000
unkown
page read and write
 clean
1E60000
unkown image
page readonly
 clean
6B50000
unkown
page read and write
 clean
6DD8000
unkown
page read and write
 clean
416000
unkown
page read and write
 clean
2B7000
heap default
page read and write
 clean
2560000
heap private
page read and write
 clean
6E74000
heap private
page read and write
 clean
7040000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
6AE6000
unkown
page read and write
 clean
120000
unkown image
page readonly
 clean
7062000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
7070000
unkown
page read and write
 clean
467000
heap default
page read and write
 clean
910000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
6B3E000
unkown
page read and write
 clean
6B40000
unkown
page read and write
 clean
6E3C000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
59D7000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
7C80000
unkown
page read and write
 clean
430000
heap default
page read and write
 clean
3520000
unkown
page read and write
 clean
24E0000
unkown
page read and write
 clean
90000
unkown image
page readonly
 clean
7C3F000
heap private
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
2047000
unkown image
page readonly
 clean
7300000
unkown
page read and write
 clean
270000
unkown
page read and write
 clean
35C0000
heap private
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
59CD000
unkown
page read and write
 clean
7240000
unkown
page read and write
 clean
6B40000
unkown
page read and write
 clean
437000
heap default
page read and write
 clean
6E7F1000
unkown image
page readonly
 clean
6B27000
unkown
page read and write
 clean
A0000
unkown image
page readonly
 clean
6CFF000
unkown
page read and write
 clean
7CC8000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
140000
unkown
page read and write
 clean
80BC000
unkown
page read and write
 clean
6D50000
heap private
page read and write
 clean
3047000
heap private
page read and write
 clean
290000
unkown
page read and write
 clean
454000
heap default
page read and write
 clean
110000
unkown
page read and write
 clean
3530000
unkown
page read and write
 clean
7022000
unkown
page read and write
 clean
4D30000
unkown
page read and write
 clean
290000
unkown
page execute and read and write
 clean
7DE0000
heap private
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
81F5000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
31E0000
unkown
page read and write
 clean
D0000
unkown image
page readonly
 clean
6AE0000
unkown
page read and write
 clean
3400000
unkown
page read and write
 clean
8280000
unkown
page read and write
 clean
6E23000
unkown
page read and write
 clean
7240000
unkown
page read and write
 clean
5AE0000
unkown
page read and write
 clean
35BB000
unkown
page read and write
 clean
5994000
unkown
page read and write
 clean
A0000
unkown image
page readonly
 clean
3590000
unkown
page read and write
 clean
10C000
unkown
page read and write
 clean
59F2000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
7CE5000
unkown
page read and write
 clean
1C40000
unkown
page read and write
 clean
90000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
2400000
heap private
page read and write
 clean
7060000
unkown
page read and write
 clean
6E90000
unkown
page read and write
 clean
5600000
unkown
page read and write
 clean
80A5000
unkown
page read and write
 clean
7C80000
unkown
page read and write
 clean
2F20000
unkown image
page readonly
 clean
510000
heap private
page read and write
 clean
5470000
unkown
page read and write
 clean
90000
unkown image
page readonly
 clean
7CA0000
unkown
page read and write
 clean
5247000
unkown image
page readonly
 clean
660000
unkown image
page readonly
 clean
7CC8000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
6B13000
unkown
page read and write
 clean
8232000
unkown
page read and write
 clean
7060000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
3090000
unkown
page read and write
 clean
5610000
unkown
page read and write
 clean
6D10000
unkown image
page readonly
 clean
6AE0000
unkown
page read and write
 clean
17C000
unkown
page read and write
 clean
456C000
stack
page read and write
 clean
82CF000
stack
page read and write
 clean
6E45D000
unkown image
page read and write
 clean
6C40000
unkown
page read and write
 clean
6E410000
unkown image
page readonly
 clean
6DE4000
unkown
page read and write
 clean
270000
heap default
page read and write
 clean
4FC5000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7266000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
6AE0000
unkown
page read and write
 clean
7310000
unkown
page read and write
 clean
160000
unkown image
page readonly
 clean
6D20000
unkown image
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
90000
unkown image
page read and write
 clean
431000
unkown
page read and write
 clean
1D84000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
7FFFFFD0000
unkown image
page readonly
 clean
6AE0000
unkown
page read and write
 clean
334F000
stack
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
6B90000
heap private
page read and write
 clean
319E000
stack
page read and write
 clean
6C70000
heap private
page read and write
 clean
6AE0000
unkown
page read and write
 clean
6D04000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
7C80000
unkown
page read and write
 clean
7C80000
unkown
page read and write
 clean
2023000
unkown
page read and write
 clean
6E460000
unkown image
page readonly
 clean
55FC000
unkown
page read and write
 clean
3580000
unkown
page read and write
 clean
351F000
stack
page read and write
 clean
7921000
unkown
page read and write
 clean
6E83B000
unkown image
page read and write
 clean
9F0000
heap private
page read and write
 clean
8420000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
5060000
unkown image
page readonly
 clean
110000
unkown image
page readonly
 clean
3E40000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
514000
heap private
page read and write
 clean
6C20000
unkown
page read and write
 clean
A0000
unkown image
page readonly
 clean
3E7000
heap default
page read and write
 clean
4AC0000
unkown image
page readonly
 clean
7CFC000
unkown
page read and write
 clean
6B40000
unkown
page read and write
 clean
6B50000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
140000
heap private
page read and write
 clean
7C80000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
E0000
unkown
page read and write
 clean
33E0000
unkown
page read and write
 clean
6D30000
unkown image
page read and write
 clean
6AFD000
unkown
page read and write
 clean
5A1E000
unkown
page read and write
 clean
1CF000
stack
page read and write
 clean
9D0000
heap private
page read and write
 clean
3363000
unkown
page read and write
 clean
6E84C000
unkown image
page read and write
 clean
3F72000
unkown
page read and write
 clean
31C8000
unkown
page read and write
 clean
6C50000
unkown
page read and write
 clean
1D80000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
90000
unkown image
page readonly
 clean
7962000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
436E000
stack
page read and write
 clean
561B000
unkown
page read and write
 clean
2569000
heap private
page read and write
 clean
6B2A000
unkown
page read and write
 clean
35B9000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
6AF0000
unkown
page read and write
 clean
210000
unkown
page read and write
 clean
8421000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
7060000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
4FA7000
unkown
page read and write
 clean
5AE0000
unkown
page read and write
 clean
7C09000
heap private
page read and write
 clean
10000
unkown image
page read and write
 clean
4A8B000
stack
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
6B80000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
204000
unkown
page read and write
 clean
3350000
unkown
page read and write
 clean
A0000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
4B2C000
unkown
page read and write
 clean
6B00000
unkown
page read and write
 clean
35B5000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
6B40000
unkown
page read and write
 clean
6AE0000
unkown
page read and write
 clean
37B000
heap default
page read and write
 clean
72F0000
unkown
page read and write
 clean
6B40000
unkown
page read and write
 clean
3390000
unkown
page read and write
 clean
There are 611 hidden memdumps, click here to show them.