IOC Report

loading gif

Files

File Path
Type
Category
Malicious
Results12232021.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1200, Author: Use, Last Saved By: use, Name of Creating Application: Microsof, Create Time/Date: Thu Dec 16 12:07:56 2021, Last Saved Time/Date: Thu Dec 23 11:26:55 2021, Security: 1
initial sample
malicious
C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
HTML document, ASCII text, with very long lines, with CRLF line terminators
dropped
malicious
C:\Users\user\Desktop\Results12232021.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1200, Author: Use, Last Saved By: use, Name of Creating Application: Microsof, Create Time/Date: Thu Dec 16 12:07:56 2021, Last Saved Time/Date: Thu Dec 23 11:26:55 2021, Security: 1
dropped
malicious
C:\ProgramData\fvfnigger.bin
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\WIvRRHIemuhammadismyfriend[1].bin
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
downloaded
clean
C:\Users\user\AppData\Local\Temp\649C.tmp
Composite Document File V2 Document, Cannot read section info
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFA61A9980BD8D1A08.TMP
data
dropped
clean
C:\Users\user\AppData\Local\Temp\~DFB260A50E17C248B1.TMP
data
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
malicious
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe" process call create "mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
malicious
C:\Windows\System32\mshta.exe
mshta.exe C:\ProgramData\NxeBChwsIhYFkIhhSsLtP.rtf
malicious
C:\Windows\System32\wbem\WMIC.exe
wmic process call create "regsvr32.exe -s C:\\ProgramData\fvfnigger.bin"
malicious
C:\Windows\System32\regsvr32.exe
regsvr32.exe -s C:\\ProgramData\fvfnigger.bin
malicious
C:\Windows\SysWOW64\regsvr32.exe
-s C:\\ProgramData\fvfnigger.bin
malicious

URLs

Name
IP
Malicious
http://www.windows.com/pctv.
unknown
clean
http://investor.msn.com
unknown
clean
http://www.msnbc.com/news/ticker.txt
unknown
clean
http://crl.entrust.net/server1.crl0
unknown
clean
http://ocsp.entrust.net03
unknown
clean
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
clean
http://www.diginotar.nl/cps/pkioverheid0
unknown
clean
https://cdn.discordapp.com/attachments/914827690882781237/923509241996795935/iivKjRymuhammadismyfrie
unknown
clean
https://cdn.discordapp.com/
unknown
clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
clean
http://www.hotmail.com/oe
unknown
clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
clean
https://cdn.discordapp.com/attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfri
unknown
clean
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
unknown
clean
http://www.icra.org/vocabulary/.
unknown
clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
clean
http://investor.msn.com/
unknown
clean
https://cdn.discordapp.com/attachments/914827690882781237/923509513628307516/WIvRRHIemuhammadismyfriend.bin
162.159.135.233
clean
https://cdn.discordapp.com/attachments/914827690882781237/923509168294461500/rebXcmuhammadismyfriend
unknown
clean
http://www.baxleystamps.comDVarFileInfo$
unknown
clean
http://www.%s.comPA
unknown
clean
http://ocsp.entrust.net0D
unknown
clean
https://secure.comodo.com/CPS0
unknown
clean
http://servername/isapibackend.dll
unknown
clean
http://crl.entrust.net/2048ca.crl0
unknown
clean
There are 15 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
cdn.discordapp.com
162.159.135.233
clean

IPs

IP
Domain
Country
Malicious
185.4.135.27
unknown
Greece
malicious
85.10.248.28
unknown
Germany
malicious
80.211.3.13
unknown
Italy
malicious
144.91.122.102
unknown
Germany
malicious
162.159.135.233
cdn.discordapp.com
United States
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
ys,
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2DA38
2DA38
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
26.
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\66DC0
66DC0
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\6758D
6758D
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common
QMSessionCount
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\General
LastAutoSavePurgeTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\wuaueng.dll,-400
clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
clean
There are 65 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
72A61000
unkown image
page execute read
malicious
1FB4000
heap private
page read and write
clean
2D72000
unkown
page read and write
clean
50000
unkown image
page readonly
clean
6C00000
heap private
page read and write
clean
1E6000
heap default
page read and write
clean
26B000
heap default
page read and write
clean
2B90000
unkown
page read and write
clean
3E0000
heap default
page read and write
clean
36B000
unkown
page read and write
clean
6934000
unkown
page read and write
clean
7E82000
unkown image
page read and write
clean
6931000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
5D10000
unkown
page read and write
clean
140000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
7EFD0000
unkown image
page readonly
clean
5250000
heap private
page read and write
clean
2C4000
unkown
page read and write
clean
7EFDF000
unkown
page read and write
clean
240000
heap private
page read and write
clean
5D1E000
unkown
page read and write
clean
5AEB000
unkown
page read and write
clean
2700000
unkown
page read and write
clean
33A000
unkown
page read and write
clean
140000
heap private
page read and write
clean
106000
unkown
page read and write
clean
430000
unkown image
page readonly
clean
380000
unkown
page read and write
clean
3BA000
unkown
page read and write
clean
5B0000
unkown image
page readonly
clean
13C000
unkown
page read and write
clean
6154000
heap private
page read and write
clean
223B000
heap private
page read and write
clean
3330000
heap private
page read and write
clean
5AF4000
unkown
page read and write
clean
19A000
unkown
page read and write
clean
7DF77000
unkown
page read and write
clean
3BD000
unkown
page read and write
clean
27DD000
unkown
page read and write
clean
5A87000
unkown
page read and write
clean
1F0000
unkown
page read and write
clean
4FE000
stack
page read and write
clean
346000
unkown
page read and write
clean
348000
unkown
page read and write
clean
4E0000
heap private
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
29F0000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
4EA000
heap private
page read and write
clean
2C85000
unkown
page read and write
clean
2B1C000
unkown
page read and write
clean
22A000
unkown
page read and write
clean
60000
unkown image
page readonly
clean
358F000
stack
page read and write
clean
69BE000
unkown
page read and write
clean
1FBB000
heap private
page read and write
clean
2B44000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
2FD0000
unkown image
page readonly
clean
2100000
heap private
page read and write
clean
1F70000
heap private
page read and write
clean
1E0000
unkown image
page read and write
clean
5A52000
unkown
page read and write
clean
39A000
unkown
page read and write
clean
2810000
heap private
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
2D75000
unkown
page read and write
clean
2B58000
unkown
page read and write
clean
7EFE0000
unkown image
page readonly
clean
2D8000
heap default
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
330000
unkown
page read and write
clean
2420000
unkown image
page readonly
clean
BCF000
stack
page read and write
clean
398000
unkown
page read and write
clean
2D70000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
5E10000
heap private
page read and write
clean
2D7A000
unkown
page read and write
clean
230000
heap private
page read and write
clean
2FD000
heap default
page read and write
clean
360000
heap private
page read and write
clean
180000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
327F000
stack
page read and write
clean
36F000
unkown
page read and write
clean
5AFD000
unkown
page read and write
clean
3F0000
unkown
page read and write
clean
2BAC000
unkown
page read and write
clean
1F8B000
heap private
page read and write
clean
6140000
heap private
page read and write
clean
33D000
heap default
page read and write
clean
55A0000
heap private
page read and write
clean
660000
unkown image
page readonly
clean
136000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
6C0000
unkown image
page readonly
clean
38B000
unkown
page read and write
clean
4040000
unkown image
page readonly
clean
2710000
unkown image
page readonly
clean
7FFFFFB0000
unkown image
page readonly
clean
2D77000
unkown
page read and write
clean
416000
unkown
page read and write
clean
245000
heap private
page read and write
clean
34B0000
heap private
page read and write
clean
620000
heap private
page read and write
clean
2B60000
unkown
page read and write
clean
2B3C000
unkown
page read and write
clean
1260000
unkown image
page readonly
clean
4ED000
heap private
page read and write
clean
5AFB000
unkown
page read and write
clean
3335000
heap private
page read and write
clean
330000
heap default
page read and write
clean
36A000
unkown
page read and write
clean
75F000
stack
page read and write
clean
5C99000
heap private
page read and write
clean
2BC4000
unkown
page read and write
clean
40000
unkown image
page readonly
clean
7EFE0000
unkown image
page readonly
clean
30000
unkown image
page readonly
clean
7FFFFFB0000
unkown image
page readonly
clean
398000
unkown
page read and write
clean
2BDC000
unkown
page read and write
clean
2B30000
unkown
page read and write
clean
5A9F000
unkown
page read and write
clean
5020000
heap private
page read and write
clean
5AEE000
unkown
page read and write
clean
221F000
heap private
page read and write
clean
1C60000
unkown image
page readonly
clean
349000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
337000
heap default
page read and write
clean
630000
unkown image
page readonly
clean
30000
unkown image
page readonly
clean
348000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
343D000
stack
page read and write
clean
384000
unkown
page read and write
clean
359000
unkown
page read and write
clean
387000
unkown
page read and write
clean
2B1000
unkown
page read and write
clean
7EFE0000
unkown image
page readonly
clean
20000
heap private
page read and write
clean
2568000
unkown
page read and write
clean
40000
unkown image
page readonly
clean
2D65000
heap private
page read and write
clean
27C000
unkown
page read and write
clean
1F0000
unkown
page read and write
clean
1F96000
heap private
page read and write
clean
207F000
stack
page read and write
clean
2960000
heap private
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
404000
heap default
page read and write
clean
5A20000
unkown
page read and write
clean
36A000
unkown
page read and write
clean
7EFC2000
unkown image
page readonly
clean
33B000
unkown
page read and write
clean
346000
heap default
page read and write
clean
24E000
heap default
page read and write
clean
383000
unkown
page read and write
clean
325E000
stack
page read and write
clean
5E40000
heap private
page read and write
clean
1F30000
unkown
page read and write
clean
6D0000
unkown image
page readonly
clean
36E000
heap default
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
3C60000
unkown image
page readonly
clean
10000
unkown image
page read and write
clean
D0000
unkown image
page readonly
clean
7EFE0000
unkown image
page readonly
clean
10000
unkown image
page read and write
clean
30000
unkown image
page readonly
clean
2A0000
unkown
page read and write
clean
2CF0000
heap private
page read and write
clean
160000
unkown
page read and write
clean
6C3F000
heap private
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
BBF000
stack
page read and write
clean
5A6A000
unkown
page read and write
clean
384000
unkown
page read and write
clean
2BD5000
unkown
page read and write
clean
2216000
heap private
page read and write
clean
5B17000
unkown
page read and write
clean
2B54000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
3A2000
unkown
page read and write
clean
217000
heap default
page read and write
clean
34B5000
heap private
page read and write
clean
7EFE0000
unkown image
page readonly
clean
1F4D000
unkown
page read and write
clean
3D3000
unkown
page read and write
clean
144000
heap private
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
10000
unkown image
page read and write
clean
2C2000
unkown
page read and write
clean
4E4000
heap private
page read and write
clean
7DF71000
unkown
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
670000
unkown image
page readonly
clean
1FB0000
heap private
page read and write
clean
40000
unkown image
page readonly
clean
2BD9000
unkown
page read and write
clean
2600000
heap private
page read and write
clean
21D0000
heap private
page read and write
clean
7DF74000
unkown
page read and write
clean
36A000
unkown
page read and write
clean
2C3000
unkown
page read and write
clean
2BD2000
unkown
page read and write
clean
2B34000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
29A000
heap default
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
37A000
unkown
page read and write
clean
2E0000
heap default
page read and write
clean
348000
unkown
page read and write
clean
2A6000
heap default
page read and write
clean
4EF0000
heap private
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
7EFC2000
unkown image
page readonly
clean
2B38000
unkown
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
2710000
heap private
page read and write
clean
348000
unkown
page read and write
clean
7EFE0000
unkown image
page readonly
clean
2B4000
unkown
page read and write
clean
2B18000
unkown
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
5AD5000
unkown
page read and write
clean
3E0000
unkown
page read and write
clean
300000
heap default
page read and write
clean
104000
heap private
page read and write
clean
3E7000
heap default
page read and write
clean
2D6000
unkown
page read and write
clean
5AF9000
unkown
page read and write
clean
2C9000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
1D0000
unkown image
page readonly
clean
337000
unkown
page read and write
clean
30000
unkown image
page readonly
clean
10000
unkown image
page read and write
clean
490000
heap private
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
48F000
stack
page read and write
clean
2B50000
unkown
page read and write
clean
2B8000
unkown
page read and write
clean
2B80000
unkown
page read and write
clean
4EFE000
heap private
page read and write
clean
1A7000
heap default
page read and write
clean
2D9B000
heap private
page read and write
clean
43B000
heap default
page read and write
clean
267E000
stack
page read and write
clean
494000
heap private
page read and write
clean
2230000
heap private
page read and write
clean
6E5E000
stack
page read and write
clean
10000
unkown image
page read and write
clean
2A40000
unkown image
page readonly
clean
2B1000
heap default
page read and write
clean
2BD0000
unkown
page read and write
clean
8272000
unkown image
page readonly
clean
2A6000
unkown
page read and write
clean
2D73000
unkown
page read and write
clean
5C90000
heap private
page read and write
clean
340000
unkown
page read and write
clean
5B07000
unkown
page read and write
clean
4E0000
unkown image
page readonly
clean
800000
unkown image
page readonly
clean
7FFFFFC2000
unkown image
page readonly
clean
2420000
heap private
page read and write
clean
307000
heap default
page read and write
clean
3280000
unkown
page read and write
clean
32EF000
stack
page read and write
clean
28F000
heap default
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
5A72000
unkown
page read and write
clean
1A0000
heap default
page read and write
clean
7DE80000
unkown
page read and write
clean
31E000
heap default
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
664A000
stack
page read and write
clean
284000
unkown
page read and write
clean
2D79000
unkown
page read and write
clean
36F000
unkown
page read and write
clean
3B4000
unkown
page read and write
clean
36F000
unkown
page read and write
clean
54E0000
heap private
page read and write
clean
5B03000
unkown
page read and write
clean
397000
unkown
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
2D7C000
unkown
page read and write
clean
5AF7000
unkown
page read and write
clean
1F9F000
heap private
page read and write
clean
72A7F000
unkown image
page readonly
clean
27A000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
2D54000
unkown image
page readonly
clean
5620000
unkown
page read and write
clean
13E0000
unkown image
page readonly
clean
280000
heap default
page read and write
clean
2BD1000
unkown
page read and write
clean
2A75000
heap private
page read and write
clean
BD000
unkown
page read and write
clean
220B000
heap private
page read and write
clean
7DF60000
unkown
page read and write
clean
34B000
heap default
page read and write
clean
44C9000
heap private
page read and write
clean
28F000
unkown
page read and write
clean
5B09000
unkown
page read and write
clean
30000
unkown image
page readonly
clean
7DE70000
unkown
page read and write
clean
33D6000
unkown
page read and write
clean
3BA000
unkown
page read and write
clean
2700000
unkown
page read and write
clean
2500000
unkown
page read and write
clean
3170000
unkown image
page readonly
clean
2A90000
heap private
page read and write
clean
2060000
unkown image
page readonly
clean
1B0000
unkown image
page readonly
clean
339000
unkown
page read and write
clean
D0000
unkown
page read and write
clean
36A000
unkown
page read and write
clean
660000
unkown image
page readonly
clean
2BD8000
unkown
page read and write
clean
2B64000
unkown
page read and write
clean
3BFF000
stack
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
2D78000
unkown
page read and write
clean
190000
unkown image
page read and write
clean
27DA000
unkown
page read and write
clean
378000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
7EFC0000
unkown image
page readonly
clean
240000
heap private
page read and write
clean
2D7B000
unkown
page read and write
clean
2850000
unkown
page read and write
clean
33A0000
unkown
page read and write
clean
382000
heap private
page read and write
clean
210000
heap default
page read and write
clean
1A4000
heap private
page read and write
clean
2BD3000
unkown
page read and write
clean
2BD4000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
39D000
unkown
page read and write
clean
1DD000
heap default
page read and write
clean
6C3B000
heap private
page read and write
clean
36A000
unkown
page read and write
clean
72A7D000
unkown image
page read and write
clean
25E0000
heap private
page read and write
clean
5AD7000
unkown
page read and write
clean
36A000
unkown
page read and write
clean
32B000
unkown
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
310000
unkown
page read and write
clean
5AD7000
unkown
page read and write
clean
376000
unkown
page read and write
clean
6067000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
3E47000
unkown image
page readonly
clean
30000
unkown image
page read and write
clean
339000
unkown
page read and write
clean
388000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
5B05000
unkown
page read and write
clean
26F0000
heap private
page read and write
clean
44C5000
heap private
page read and write
clean
2BD0000
unkown
page read and write
clean
2A0F000
stack
page read and write
clean
2830000
heap private
page read and write
clean
13F0000
unkown image
page readonly
clean
2BC0000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
2BDA000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
2B20000
unkown
page read and write
clean
2A94000
heap private
page read and write
clean
4EF5000
heap private
page read and write
clean
6C04000
heap private
page read and write
clean
2BB8000
unkown
page read and write
clean
540000
unkown image
page readonly
clean
37EF000
stack
page read and write
clean
2E7000
heap default
page read and write
clean
624000
heap private
page read and write
clean
3BD000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
2B7000
heap default
page read and write
clean
394000
unkown
page read and write
clean
1BC0000
unkown image
page readonly
clean
72A60000
unkown image
page readonly
clean
2A1000
heap default
page read and write
clean
5A8B000
unkown
page read and write
clean
20EF000
stack
page read and write
clean
338000
unkown
page read and write
clean
3B7000
unkown
page read and write
clean
F0000
unkown image
page read and write
clean
2234000
heap private
page read and write
clean
2D0000
unkown image
page read and write
clean
5CCF000
heap private
page read and write
clean
2C80000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
20000
unkown image
page read and write
clean
2BB4000
unkown
page read and write
clean
1E0000
heap private
page read and write
clean
3D4000
unkown
page read and write
clean
3BD000
unkown
page read and write
clean
72A60000
unkown image
page readonly
clean
3BA000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
7FFFFFC0000
unkown image
page readonly
clean
7EFE0000
unkown image
page readonly
clean
2B2C000
unkown
page read and write
clean
390E000
stack
page read and write
clean
140000
unkown image
page readonly
clean
40000
unkown image
page readonly
clean
693E000
unkown
page read and write
clean
1F55000
heap private
page read and write
clean
1A0000
unkown
page execute and read and write
clean
2BD7000
unkown
page read and write
clean
398000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
1F50000
heap private
page read and write
clean
2E8000
heap default
page read and write
clean
201B000
heap private
page read and write
clean
293000
heap default
page read and write
clean
5FFE000
stack
page read and write
clean
37C000
unkown
page read and write
clean
2BB000
unkown
page read and write
clean
2B9000
heap default
page read and write
clean
2A8000
unkown
page read and write
clean
314F000
stack
page read and write
clean
2BD8000
unkown
page read and write
clean
7EFC0000
unkown image
page readonly
clean
2BDB000
unkown
page read and write
clean
21D5000
heap private
page read and write
clean
2D74000
unkown
page read and write
clean
263000
heap private
page read and write
clean
364000
heap private
page read and write
clean
2FD000
unkown
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
7FFFFFC0000
unkown image
page readonly
clean
2C10000
unkown image
page readonly
clean
394000
unkown
page read and write
clean
41F000
heap default
page read and write
clean
670000
unkown image
page readonly
clean
2D71000
unkown
page read and write
clean
20000
unkown image
page readonly
clean
7FFFFFC2000
unkown image
page readonly
clean
7FFFFFC2000
unkown image
page readonly
clean
7EFB2000
unkown image
page readonly
clean
17B000
unkown
page read and write
clean
2AAB000
heap private
page read and write
clean
3BA000
unkown
page read and write
clean
1C00000
unkown image
page readonly
clean
2B5C000
unkown
page read and write
clean
5130000
heap private
page read and write
clean
2B69000
unkown
page read and write
clean
1ED000
unkown
page read and write
clean
295F000
stack
page read and write
clean
2990000
unkown image
page read and write
clean
38A000
unkown
page read and write
clean
247000
heap default
page read and write
clean
2B98000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
7FFFFFB2000
unkown image
page readonly
clean
292A000
unkown
page read and write
clean
240000
heap default
page read and write
clean
3E4000
unkown
page read and write
clean
4E0000
unkown image
page readonly
clean
44C0000
heap private
page read and write
clean
1E8000
heap default
page read and write
clean
1C0000
unkown image
page readonly
clean
2030000
unkown image
page readonly
clean
226000
unkown
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
F0000
unkown
page read and write
clean
2B9C000
unkown
page read and write
clean
3E7000
unkown
page read and write
clean
396000
unkown
page read and write
clean
2B48000
unkown
page read and write
clean
860000
unkown image
page readonly
clean
2E8000
unkown
page read and write
clean
6000000
unkown
page read and write
clean
2C6000
unkown
page read and write
clean
2AD0000
heap private
page read and write
clean
1580000
unkown image
page readonly
clean
7DFE0000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
E0000
unkown image
page readonly
clean
7FFFFFC0000
unkown image
page readonly
clean
2B8C000
unkown
page read and write
clean
3970000
unkown
page read and write
clean
2690000
heap private
page read and write
clean
2980000
unkown image
page readonly
clean
36A000
unkown
page read and write
clean
28C0000
heap private
page read and write
clean
7EFB0000
unkown image
page readonly
clean
236000
heap private
page read and write
clean
6930000
unkown
page read and write
clean
7EFD0000
unkown image
page readonly
clean
7FFFFFB0000
unkown image
page readonly
clean
398000
unkown
page read and write
clean
2CF0000
unkown
page read and write
clean
6939000
unkown
page read and write
clean
B30000
unkown image
page readonly
clean
36F000
unkown
page read and write
clean
24000
heap private
page read and write
clean
2AAE000
stack
page read and write
clean
37B000
unkown
page read and write
clean
E0000
unkown image
page read and write
clean
362000
unkown
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
7FFFFFB0000
unkown image
page readonly
clean
20000
unkown image
page read and write
clean
2D8000
unkown
page read and write
clean
7EFB0000
unkown image
page readonly
clean
27E000
heap default
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
2B50000
unkown
page read and write
clean
24B0000
heap private
page read and write
clean
5AD5000
unkown
page read and write
clean
371000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
62EF000
stack
page read and write
clean
2AE000
heap default
page read and write
clean
3B3000
unkown
page read and write
clean
2B88000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
7FFFFFB0000
unkown image
page readonly
clean
2BD4000
unkown
page read and write
clean
2D50000
unkown image
page readonly
clean
3E7000
unkown
page read and write
clean
2B86000
unkown
page read and write
clean
2A30000
unkown image
page readonly
clean
7FFFFFB0000
unkown image
page readonly
clean
2A1000
unkown
page read and write
clean
68B0000
heap private
page read and write
clean
7DF80000
unkown
page read and write
clean
440000
unkown
page read and write
clean
2D76000
unkown
page read and write
clean
A1F000
stack
page read and write
clean
30000
unkown image
page readonly
clean
3280000
unkown
page read and write
clean
2B28000
unkown
page read and write
clean
1A0000
heap private
page read and write
clean
419000
heap default
page read and write
clean
1FE5000
heap private
page read and write
clean
1FE0000
heap private
page read and write
clean
2B50000
heap private
page read and write
clean
336B000
heap private
page read and write
clean
5AA7000
unkown
page read and write
clean
2D0000
unkown
page read and write
clean
20A0000
heap private
page read and write
clean
5380000
heap private
page read and write
clean
7EFB2000
unkown image
page readonly
clean
292D000
unkown
page read and write
clean
100000
heap private
page read and write
clean
C0000
unkown image
page readonly
clean
476000
unkown
page read and write
clean
2D60000
heap private
page read and write
clean
72A7A000
unkown image
page readonly
clean
2BB0000
unkown
page read and write
clean
2B79000
unkown
page read and write
clean
2B40000
unkown
page read and write
clean
2A70000
heap private
page read and write
clean
5AA4000
unkown
page read and write
clean
5EF000
stack
page read and write
clean
2BD6000
unkown
page read and write
clean
29B0000
unkown
page read and write
clean
There are 558 hidden memdumps, click here to show them.