IOC Report

loading gif

Files

File Path
Type
Category
Malicious
DOC-0212.xlsm
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\VZZdgPFp2xiOJtfpv[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
downloaded
 malicious
C:\Users\user\besta.ocx
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E8FA61E5.png
PNG image data, 1714 x 241, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Temp\CC82.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF09EB9009A60E04D7.TMP
data
dropped
 clean
C:\Users\user\Desktop\~$DOC-0212.xlsm
data
dropped
 clean
C:\Windows\SysWOW64\Hisdtuljbeshqtad\zvklxm.vbc (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWow64\rundll32.exe ..\besta.ocx,44532.6051013889
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\besta.ocx",Control_RunDLL
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hisdtuljbeshqtad\zvklxm.vbc",qEPqGlpBy
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
 clean

URLs

Name
IP
Malicious
http://www.duoyuhudong.cn/wp-content/we8xi/vvC:
unknown
 malicious
http://www.duoyuhudong.cn/wp-content/we8xi/
47.96.4.95
 malicious
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://schemas.openformatrg/drawml/2006/spreadsheetD
unknown
 clean
http://sadabahar.com.np/wp-includes/pUM)http://sadabahar.com.np/wp-includes/pUMqI
unknown
 clean
http://schemas.openformatrg/package/2006/content-t
unknown
 clean
http://sadabahar.com.np/wp-inclu
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://sadabahar.com.np/wp-i
unknown
 clean
http://schemas.open
unknown
 clean
http://sadabahar.com.n
unknown
 clean
http://sadabahar.c
unknown
 clean
http://sadabahar.com
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://sadabahar.co
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://sadabahar.com.np/wp-includes/pUMqITC-http://sadabahar.com.np/wp-includes/pUMqITCt8/http://sad
unknown
 clean
http://schemas.openformatrg/package/2006/r
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://sadabahar.com.np/wp-includes/pUMqITCt83a/
194.233.67.242
 clean
http://sadabahar.com.np/wp-includes/pUMqITCt83a/J
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://sadabahar.com.np/w
unknown
 clean
http://sadabahar.com.np/wp-inc
unknown
 clean
http://sadabahar.com.np/wp-includes/pUMqITCt83a/A
unknown
 clean
http://sadabahar.com.np/wp-include%http://sadabahar.com.np/wp-includes/p
unknown
 clean
There are 20 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.duoyuhudong.cn
47.96.4.95
 clean
sadabahar.com.np
194.233.67.242
 clean

IPs

IP
Domain
Country
Malicious
47.96.4.95
www.duoyuhudong.cn
China
clean
194.233.67.242
sadabahar.com.np
Germany
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
2i,
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2E14A
2E14A
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
"u,
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3DD16
3DD16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3E550
3E550
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
 clean
There are 48 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1EC0000
unkown
page execute and read and write
 malicious
1A0000
unkown
page execute and read and write
 malicious
29D000
heap default
page read and write
 malicious
7D18000
unkown
page read and write
 clean
7CD0000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
4E0000
unkown image
page readonly
 clean
212D000
unkown
page read and write
 clean
6E520000
unkown image
page readonly
 clean
330000
unkown
page read and write
 clean
77FF000
heap private
page read and write
 clean
1BD000
unkown
page read and write
 clean
6DF0000
unkown
page read and write
 clean
640000
heap default
page read and write
 clean
4BE5000
unkown
page read and write
 clean
650000
heap private
page read and write
 clean
2145000
heap private
page read and write
 clean
34B0000
unkown
page read and write
 clean
638000
heap default
page read and write
 clean
6CC0000
unkown
page read and write
 clean
7A5C000
unkown
page read and write
 clean
458E000
stack
page read and write
 clean
34A0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
5A30000
unkown image
page read and write
 clean
76C0000
unkown
page read and write
 clean
42F2000
unkown
page read and write
 clean
8075000
unkown
page read and write
 clean
3200000
unkown
page read and write
 clean
3B0000
heap default
page read and write
 clean
592000
heap private
page read and write
 clean
25F5000
heap private
page read and write
 clean
4980000
unkown
page read and write
 clean
55F0000
unkown
page read and write
 clean
228000
unkown
page read and write
 clean
5878000
unkown
page read and write
 clean
270D000
stack
page read and write
 clean
50000
unkown image
page readonly
 clean
7DE0000
stack
page read and write
 clean
3E06000
unkown
page read and write
 clean
33E0000
heap private
page read and write
 clean
7610000
unkown
page read and write
 clean
390000
unkown image
page readonly
 clean
6BD0000
unkown
page read and write
 clean
7CF0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
4F0000
heap private
page read and write
 clean
3400000
unkown
page read and write
 clean
6FC0000
unkown image
page readonly
 clean
6E48D000
unkown image
page readonly
 clean
6C0000
unkown image
page readonly
 clean
3020000
unkown image
page readonly
 clean
3E0000
heap private
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
430F000
unkown
page read and write
 clean
6DA0000
unkown
page read and write
 clean
71E0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
30000
unkown image
page read and write
 clean
55F0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
2170000
unkown image
page readonly
 clean
2B3000
unkown
page read and write
 clean
170000
heap private
page read and write
 clean
7160000
heap private
page read and write
 clean
50000
unkown image
page readonly
 clean
7600000
unkown image
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
2D1000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
60000
unkown image
page readonly
 clean
6FF0000
unkown
page read and write
 clean
6C30000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
3F10000
unkown
page read and write
 clean
7ADF000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
7EFE0000
unkown image
page readonly
 clean
1DA0000
unkown
page read and write
 clean
3230000
unkown
page read and write
 clean
55F0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
7D18000
unkown
page read and write
 clean
33D3000
unkown
page read and write
 clean
260C000
stack
page read and write
 clean
60000
unkown image
page readonly
 clean
640000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
50000
unkown image
page readonly
 clean
7DE0000
stack
page read and write
 clean
4BF7000
unkown
page read and write
 clean
4360000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
3EE000
heap default
page read and write
 clean
6E430000
unkown image
page readonly
 clean
1EE5000
unkown
page execute and read and write
 clean
7EFB2000
unkown image
page readonly
 clean
50000
unkown image
page readonly
 clean
4B0000
unkown image
page readonly
 clean
76B6000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
5830000
unkown
page read and write
 clean
6E7F1000
unkown image
page readonly
 clean
2124000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
60000
unkown image
page readonly
 clean
2C3000
unkown
page read and write
 clean
3F35000
unkown
page read and write
 clean
6E430000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
6E458000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
34C0000
unkown
page read and write
 clean
6D00000
unkown
page read and write
 clean
20F0000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
2100000
unkown
page read and write
 clean
1C40000
unkown
page read and write
 clean
6C1C000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
1DAE000
unkown
page read and write
 clean
3460000
unkown
page read and write
 clean
2E2E000
stack
page read and write
 clean
7000000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
6C27000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
80B2000
unkown
page read and write
 clean
6BD0000
unkown
page read and write
 clean
6CD0000
unkown
page read and write
 clean
2C0000
unkown image
page readonly
 clean
7CD0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
2C3000
unkown
page read and write
 clean
6B35000
heap private
page read and write
 clean
6E48A000
unkown image
page read and write
 clean
7A81000
unkown
page read and write
 clean
8100000
unkown
page read and write
 clean
5630000
unkown
page read and write
 clean
42F5000
unkown
page read and write
 clean
7022000
unkown
page read and write
 clean
77A0000
unkown
page read and write
 clean
803B000
stack
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
6B00000
unkown
page read and write
 clean
4BC7000
unkown
page read and write
 clean
33D5000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
677000
heap default
page read and write
 clean
77A6000
unkown
page read and write
 clean
6FCF000
unkown image
page readonly
 clean
76B2000
unkown
page read and write
 clean
2D6F000
stack
page read and write
 clean
7D4C000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
3DD0000
unkown
page read and write
 clean
286000
unkown
page read and write
 clean
3210000
unkown
page read and write
 clean
3F28000
unkown
page read and write
 clean
5270000
unkown
page read and write
 clean
6CC0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
6C3E000
unkown
page read and write
 clean
7066000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
3380000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
2130000
unkown
page read and write
 clean
2B4000
unkown
page read and write
 clean
260000
heap default
page read and write
 clean
840000
unkown image
page readonly
 clean
7A0000
unkown image
page readonly
 clean
7D35000
unkown
page read and write
 clean
6BC0000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
4BCD000
unkown
page read and write
 clean
7CD0000
unkown
page read and write
 clean
6E80000
unkown
page read and write
 clean
55F0000
unkown
page read and write
 clean
337E000
stack
page read and write
 clean
6E48A000
unkown image
page read and write
 clean
3440000
unkown
page read and write
 clean
7CC0000
heap private
page read and write
 clean
6C00000
unkown
page read and write
 clean
D0000
unkown image
page readonly
 clean
6E83B000
unkown image
page read and write
 clean
60000
unkown image
page readonly
 clean
6DA0000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
7630000
heap private
page read and write
 clean
3F3D000
unkown
page read and write
 clean
75E0000
unkown image
page read and write
 clean
6E430000
unkown image
page readonly
 clean
55A0000
unkown image
page readonly
 clean
6CD0000
unkown
page read and write
 clean
6BD0000
unkown
page read and write
 clean
120000
unkown
page read and write
 clean
76B0000
unkown
page read and write
 clean
3470000
unkown
page read and write
 clean
1E0000
unkown image
page readonly
 clean
3270000
unkown
page read and write
 clean
7CF0000
unkown
page read and write
 clean
4BE1000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
6E73000
unkown
page read and write
 clean
7AA1000
unkown
page read and write
 clean
6FD0000
unkown
page read and write
 clean
55F0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
160000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
6BD0000
unkown
page read and write
 clean
6DE0000
unkown
page read and write
 clean
6E04000
unkown
page read and write
 clean
65E000
stack
page read and write
 clean
40000
unkown image
page readonly
 clean
2D6000
unkown
page read and write
 clean
1D60000
unkown
page read and write
 clean
6E430000
unkown image
page readonly
 clean
50000
unkown image
page readonly
 clean
44C000
heap default
page read and write
 clean
7CD0000
unkown
page read and write
 clean
1A80000
unkown image
page readonly
 clean
6E44000
unkown
page read and write
 clean
1DE0000
unkown image
page readonly
 clean
6E48C000
unkown image
page write copy
 clean
DC000
unkown
page read and write
 clean
527000
heap default
page read and write
 clean
1C50000
heap private
page read and write
 clean
3410000
unkown
page read and write
 clean
6BF0000
unkown
page read and write
 clean
4310000
unkown
page read and write
 clean
6BD0000
unkown
page read and write
 clean
42D0000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
D60000
heap private
page read and write
 clean
33A0000
unkown
page read and write
 clean
3220000
unkown
page read and write
 clean
19A000
unkown
page read and write
 clean
7F0000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
7EFE0000
unkown image
page readonly
 clean
60000
unkown image
page readonly
 clean
6B20000
unkown
page read and write
 clean
1D84000
unkown
page read and write
 clean
4BE5000
unkown
page read and write
 clean
1C33000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
2BB000
unkown
page read and write
 clean
6CC0000
unkown
page read and write
 clean
76F0000
heap private
page read and write
 clean
3150000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
3430000
unkown
page read and write
 clean
520000
heap default
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
2490000
unkown
page read and write
 clean
3EE0000
unkown
page read and write
 clean
26D000
heap default
page read and write
 clean
E0000
heap default
page read and write
 clean
5883000
unkown
page read and write
 clean
424000
heap default
page read and write
 clean
1C96000
unkown
page read and write
 clean
620000
unkown image
page readonly
 clean
7024000
heap private
page read and write
 clean
7D4C000
unkown
page read and write
 clean
25F0000
heap private
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
42E0000
unkown
page read and write
 clean
6BC0000
unkown
page read and write
 clean
110000
unkown
page read and write
 clean
1BF0000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
3ED0000
unkown
page read and write
 clean
3F20000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
6D06000
unkown
page read and write
 clean
3390000
unkown image
page read and write
 clean
7010000
unkown
page read and write
 clean
217B000
heap private
page read and write
 clean
60000
unkown image
page readonly
 clean
75F0000
unkown image
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
3240000
heap private
page read and write
 clean
60000
unkown image
page readonly
 clean
6E34000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
6DC7000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
6E521000
unkown image
page execute read
 clean
5E4000
heap default
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
58F9000
unkown
page read and write
 clean
56F000
stack
page read and write
 clean
6E430000
unkown image
page readonly
 clean
4E8F000
stack
page read and write
 clean
4E90000
unkown image
page readonly
 clean
25CF000
stack
page read and write
 clean
557000
heap default
page read and write
 clean
7610000
unkown
page read and write
 clean
715A000
unkown
page read and write
 clean
250000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
5464000
stack
page read and write
 clean
230000
heap default
page read and write
 clean
3FC0000
unkown
page read and write
 clean
5610000
unkown
page read and write
 clean
5C7000
heap default
page read and write
 clean
6C0F000
unkown
page read and write
 clean
41CF000
stack
page read and write
 clean
6C20000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
3450000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
1DBE000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
6BD0000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
27B0000
unkown image
page readonly
 clean
1C60000
unkown
page read and write
 clean
21D000
unkown
page read and write
 clean
35CF000
stack
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
6B29000
unkown
page read and write
 clean
A60000
heap private
page read and write
 clean
6E844000
unkown image
page read and write
 clean
3EF0000
unkown
page read and write
 clean
6CCA000
unkown
page read and write
 clean
5640000
heap private
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
8100000
unkown
page read and write
 clean
5480000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
2DAE000
stack
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
1D97000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
2060000
unkown
page read and write
 clean
2490000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
240000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
5924000
unkown
page read and write
 clean
6FF2000
unkown
page read and write
 clean
76E0000
unkown
page read and write
 clean
2357000
unkown image
page readonly
 clean
6CD0000
unkown
page read and write
 clean
237000
heap default
page read and write
 clean
6D10000
unkown
page read and write
 clean
3498000
unkown
page read and write
 clean
77C9000
heap private
page read and write
 clean
6E00000
unkown
page read and write
 clean
1C43000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
6FF0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
6D08000
unkown
page read and write
 clean
4BE0000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
6DC0000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
42F7000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7780000
unkown
page read and write
 clean
7D35000
unkown
page read and write
 clean
6E28000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
7CD0000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
50000
unkown image
page readonly
 clean
7156000
unkown
page read and write
 clean
3468000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
2FB0000
unkown
page read and write
 clean
5472000
unkown
page read and write
 clean
447D000
stack
page read and write
 clean
52B7000
unkown
page read and write
 clean
1D75000
unkown
page read and write
 clean
3260000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
140000
unkown
page read and write
 clean
3238000
unkown
page read and write
 clean
7B00000
heap private
page read and write
 clean
560F000
unkown
page read and write
 clean
1C30000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
4BCA000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
7DE0000
stack
page read and write
 clean
6E48C000
unkown image
page write copy
 clean
55F0000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
8075000
unkown
page read and write
 clean
592C000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
7D18000
unkown
page read and write
 clean
3F39000
unkown
page read and write
 clean
7CD0000
unkown
page read and write
 clean
6FE5000
unkown
page read and write
 clean
2499000
unkown
page read and write
 clean
544000
heap default
page read and write
 clean
6BD0000
unkown
page read and write
 clean
560C000
unkown
page read and write
 clean
7CD0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
267000
heap default
page read and write
 clean
50000
unkown image
page readonly
 clean
6E48A000
unkown image
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
6E430000
unkown image
page readonly
 clean
3010000
unkown
page read and write
 clean
6E458000
unkown image
page readonly
 clean
6DB0000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
324C000
heap private
page read and write
 clean
F0000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
380000
unkown
page read and write
 clean
5C0000
heap default
page read and write
 clean
3E8000
heap private
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
7CD0000
unkown
page read and write
 clean
6FC4000
unkown image
page readonly
 clean
25F9000
heap private
page read and write
 clean
7A50000
unkown
page read and write
 clean
6E458000
unkown image
page readonly
 clean
6FE0000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
5CF000
stack
page read and write
 clean
1E80000
heap private
page read and write
 clean
4BD0000
unkown
page read and write
 clean
7030000
unkown
page read and write
 clean
56F0000
unkown
page read and write
 clean
4B80000
unkown
page read and write
 clean
7D4C000
unkown
page read and write
 clean
7780000
unkown
page read and write
 clean
76D0000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
7CF0000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
284000
heap default
page read and write
 clean
6E431000
unkown image
page execute read
 clean
6E84F000
unkown image
page readonly
 clean
25E0000
unkown
page read and write
 clean
4BE8000
unkown
page read and write
 clean
27AE000
stack
page read and write
 clean
10000
unkown image
page read and write
 clean
40C0000
unkown
page read and write
 clean
4FE000
stack
page read and write
 clean
6C22000
unkown
page read and write
 clean
3480000
unkown
page read and write
 clean
7A6D000
unkown
page read and write
 clean
1C55000
heap private
page read and write
 clean
13C000
unkown
page read and write
 clean
55D000
heap default
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
7020000
heap private
page read and write
 clean
266F000
stack
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
2010000
unkown image
page readonly
 clean
BB0000
heap private
page read and write
 clean
120000
unkown image
page readonly
 clean
1FC7000
unkown image
page readonly
 clean
7D35000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
360000
unkown image
page readonly
 clean
3247000
heap private
page read and write
 clean
4F4000
heap private
page read and write
 clean
6E848000
unkown image
page write copy
 clean
4BCF000
unkown
page read and write
 clean
3160000
heap private
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
42FE000
unkown
page read and write
 clean
1D80000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
5F7000
heap default
page read and write
 clean
6CC0000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
588B000
unkown
page read and write
 clean
6CC0000
unkown
page read and write
 clean
6B3E000
heap private
page read and write
 clean
60000
unkown image
page readonly
 clean
7DE0000
stack
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
7FEFF1A0000
unkown
page execute read
 clean
90000
unkown image
page read and write
 clean
7770000
unkown
page read and write
 clean
1C67000
unkown image
page readonly
 clean
6E84C000
unkown image
page read and write
 clean
7010000
unkown
page read and write
 clean
1C5000
unkown
page execute and read and write
 clean
3420000
unkown
page read and write
 clean
D70000
unkown image
page readonly
 clean
60000
unkown image
page readonly
 clean
55F0000
unkown
page read and write
 clean
42FA000
unkown
page read and write
 clean
3F00000
unkown
page read and write
 clean
1D0000
heap private
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
324C000
unkown
page read and write
 clean
31E0000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
6DD0000
unkown
page read and write
 clean
E0000
unkown
page read and write
 clean
582A000
stack
page read and write
 clean
6E73000
unkown
page read and write
 clean
30000
unkown image
page read and write
 clean
6CC0000
unkown
page read and write
 clean
6BD0000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
65300000
unkown image
page readonly
 clean
7EFE0000
unkown image
page readonly
 clean
4590000
unkown image
page readonly
 clean
6F30000
heap private
page read and write
 clean
33E4000
heap private
page read and write
 clean
6E90000
heap private
page read and write
 clean
26BD000
stack
page read and write
 clean
366000
unkown
page read and write
 clean
20000
unkown image
page readonly
 clean
3A0000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
2140000
heap private
page read and write
 clean
6E10000
unkown image
page readonly
 clean
4300000
unkown
page read and write
 clean
1C3E000
unkown
page read and write
 clean
6D20000
heap private
page read and write
 clean
6BEA000
unkown
page read and write
 clean
2A4000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
7E7F000
unkown
page read and write
 clean
6E431000
unkown image
page execute read
 clean
50000
unkown image
page readonly
 clean
4BE1000
unkown
page read and write
 clean
4F0000
unkown image
page readonly
 clean
7776000
unkown
page read and write
 clean
5600000
unkown
page read and write
 clean
6C04000
unkown
page read and write
 clean
160000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
52BB000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
1D70000
unkown
page read and write
 clean
2B3000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
360000
unkown
page read and write
 clean
7130000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
170000
heap private
page read and write
 clean
7610000
unkown
page read and write
 clean
6CE4000
unkown
page read and write
 clean
58DB000
unkown
page read and write
 clean
6DFF000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
6FF0000
unkown
page read and write
 clean
660000
unkown image
page readonly
 clean
6BD0000
unkown
page read and write
 clean
6B30000
heap private
page read and write
 clean
60000
unkown image
page readonly
 clean
7D35000
unkown
page read and write
 clean
7B0000
unkown image
page readonly
 clean
33C0000
unkown
page read and write
 clean
297000
heap default
page read and write
 clean
3030000
unkown image
page readonly
 clean
7DE0000
stack
page read and write
 clean
413000
heap default
page read and write
 clean
5077000
unkown image
page readonly
 clean
7D18000
unkown
page read and write
 clean
630000
unkown image
page readonly
 clean
6BD0000
unkown
page read and write
 clean
7010000
unkown
page read and write
 clean
7620000
unkown
page read and write
 clean
314F000
stack
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
5FD000
heap default
page read and write
 clean
6BDC000
unkown
page read and write
 clean
574000
heap private
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
2494000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
2A0000
unkown
page read and write
 clean
2120000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
77C0000
heap private
page read and write
 clean
7CD0000
unkown
page read and write
 clean
7620000
unkown
page read and write
 clean
55F0000
unkown
page read and write
 clean
654000
heap private
page read and write
 clean
7CF0000
unkown
page read and write
 clean
6BD0000
unkown
page read and write
 clean
2C0E000
stack
page read and write
 clean
20000
unkown image
page readonly
 clean
31F0000
unkown
page read and write
 clean
5488000
unkown
page read and write
 clean
6D0A000
unkown
page read and write
 clean
4A7F000
unkown
page read and write
 clean
76D0000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
6BF9000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
3A0000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
469000
heap default
page read and write
 clean
6E48C000
unkown image
page write copy
 clean
3F32000
unkown
page read and write
 clean
1DA8000
unkown
page read and write
 clean
216000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
850000
unkown image
page readonly
 clean
6BE0000
unkown
page read and write
 clean
3F1E000
unkown
page read and write
 clean
400000
heap default
page read and write
 clean
6E48D000
unkown image
page readonly
 clean
6E8D000
unkown
page read and write
 clean
7010000
unkown
page read and write
 clean
6E431000
unkown image
page execute read
 clean
7010000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
276000
heap default
page read and write
 clean
6C2A000
unkown
page read and write
 clean
15D000
unkown
page read and write
 clean
4C80000
unkown
page read and write
 clean
4BCF000
unkown
page read and write
 clean
651000
heap default
page read and write
 clean
3B7000
heap default
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
7012000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
1C00000
unkown
page read and write
 clean
55B0000
unkown
page read and write
 clean
7610000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
7790000
unkown
page read and write
 clean
6BD0000
unkown
page read and write
 clean
7CD0000
unkown
page read and write
 clean
100000
unkown image
page readonly
 clean
4BE8000
unkown
page read and write
 clean
2110000
unkown
page read and write
 clean
3F30000
unkown
page read and write
 clean
46C000
heap default
page read and write
 clean
100000
unkown
page read and write
 clean
3250000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
30000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
20000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
7130000
unkown
page read and write
 clean
380000
heap default
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
30000
unkown image
page readonly
 clean
7070000
unkown
page read and write
 clean
55F0000
unkown
page read and write
 clean
5594000
stack
page read and write
 clean
CD000
unkown
page read and write
 clean
570000
heap private
page read and write
 clean
7150000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
324A000
unkown
page read and write
 clean
6BD0000
unkown
page read and write
 clean
3F3B000
unkown
page read and write
 clean
130000
heap private
page read and write
 clean
7CD0000
unkown
page read and write
 clean
5853000
unkown
page read and write
 clean
5928000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
7CD0000
unkown
page read and write
 clean
7D4C000
unkown
page read and write
 clean
4DF000
stack
page read and write
 clean
7A8D000
unkown
page read and write
 clean
7A7C000
unkown
page read and write
 clean
6C40000
heap private
page read and write
 clean
7AE0000
unkown
page read and write
 clean
6E48D000
unkown image
page readonly
 clean
7CD0000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
4370000
unkown
page read and write
 clean
80B2000
unkown
page read and write
 clean
3F40000
heap private
page execute and read and write
 clean
27B000
heap default
page read and write
 clean
6C10000
unkown
page read and write
 clean
2103000
unkown
page read and write
 clean
2C7E000
stack
page read and write
 clean
There are 704 hidden memdumps, click here to show them.