IOCReport

loading gif

Files

File Path
Type
Category
Malicious
PO-14092021.doc
Rich Text Format data, unknown version
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\plugmanzx[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
downloaded
 malicious
C:\Users\user\AppData\Local\Temp\tmp3709.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
Non-ISO extended-ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\RWbqWnnjDWI.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\plugmangd5693.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33484DAD-E27E-45D9-8C45-49A85BDC4F7E}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EE6AB4D1-7B2E-4321-A676-4477150FF17C}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\tmp2DF5.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\tmp3FEE.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\task.dat
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\PO-14092021.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:57 2021, mtime=Mon Aug 30 20:08:57 2021, atime=Tue Sep 14 19:16:15 2021, length=19250, window=hide
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
 clean
C:\Users\user\Desktop\~$-14092021.doc
data
dropped
 clean
There are 6 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
 malicious
C:\Users\user\AppData\Roaming\plugmangd5693.exe
C:\Users\user\AppData\Roaming\plugmangd5693.exe
 malicious
C:\Windows\SysWOW64\schtasks.exe
'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\RWbqWnnjDWI' /XML 'C:\Users\user\AppData\Local\Temp\tmp3709.tmp'
 malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
 malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
 malicious
C:\Windows\SysWOW64\schtasks.exe
'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp3FEE.tmp'
 malicious
C:\Windows\SysWOW64\schtasks.exe
'schtasks.exe' /create /f /tn 'SMTP Service Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp2DF5.tmp'
 malicious
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe 0
 malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
 clean
C:\Windows\System32\taskeng.exe
taskeng.exe {AC07D2CB-425B-43FA-983F-3B14071F638D} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
 clean
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
'C:\Program Files (x86)\SMTP Service\smtpsvc.exe' 0
 clean
C:\Program Files (x86)\SMTP Service\smtpsvc.exe
'C:\Program Files (x86)\SMTP Service\smtpsvc.exe'
clean
There are 2 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://lg-tv.tk/plugmanzx.exe
185.239.243.112
 malicious
blackbladeinc52.ddns.net
malicious
Backup Connection Host
malicious
http://www.%s.comPA
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean

Domains

Name
IP
Malicious
lg-tv.tk
185.239.243.112
 malicious
blackbladeinc52.ddns.net
31.210.20.61
 malicious

IPs

IP
Domain
Country
Malicious
185.239.243.112
lg-tv.tk
Moldova Republic of
malicious
31.210.20.61
blackbladeinc52.ddns.net
Netherlands
malicious

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
iq$
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
2s$
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
it$
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
2E408
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Arial Unicode MS
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Batang
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@BatangChe
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@DFKai-SB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Dotum
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@DotumChe
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@FangSong
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Gulim
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@GulimChe
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Gungsuh
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@GungsuhChe
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@KaiTi
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Malgun Gothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Meiryo
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Meiryo UI
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Microsoft JhengHei
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@Microsoft YaHei
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@MingLiU
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@MingLiU_HKSCS
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@MingLiU_HKSCS-ExtB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@MingLiU-ExtB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@MS Gothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@MS Mincho
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@MS PGothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@MS PMincho
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@MS UI Gothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@NSimSun
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@PMingLiU
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@PMingLiU-ExtB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@SimHei
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@SimSun
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@SimSun-ExtB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Agency FB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Aharoni
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Algerian
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Andalus
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Angsana New
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
AngsanaUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Aparajita
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Arabic Typesetting
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Arial
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Arial Black
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Arial Narrow
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Arial Rounded MT Bold
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Arial Unicode MS
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Baskerville Old Face
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Batang
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
BatangChe
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bauhaus 93
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bell MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Berlin Sans FB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Berlin Sans FB Demi
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bernard MT Condensed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Blackadder ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bodoni MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bodoni MT Black
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bodoni MT Condensed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bodoni MT Poster Compressed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Book Antiqua
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bookman Old Style
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bookshelf Symbol 7
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Bradley Hand ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Britannic Bold
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Broadway
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Browallia New
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
BrowalliaUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Brush Script MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Calibri
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Calibri Light
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Californian FB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Calisto MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Cambria
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Cambria Math
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Candara
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Castellar
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Centaur
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Century
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Century Gothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Century Schoolbook
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Chiller
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Colonna MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Comic Sans MS
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Consolas
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Constantia
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Cooper Black
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Copperplate Gothic Bold
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Copperplate Gothic Light
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Corbel
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Cordia New
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
CordiaUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Courier New
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Curlz MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
DaunPenh
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
David
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
DFKai-SB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
DilleniaUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
DokChampa
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Dotum
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
DotumChe
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Ebrima
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Edwardian Script ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Elephant
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Engravers MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Eras Bold ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Eras Demi ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Eras Light ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Eras Medium ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Estrangelo Edessa
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
EucrosiaUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Euphemia
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
FangSong
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Felix Titling
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Footlight MT Light
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Forte
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Franklin Gothic Book
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Franklin Gothic Demi
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Franklin Gothic Demi Cond
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Franklin Gothic Heavy
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Franklin Gothic Medium
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Franklin Gothic Medium Cond
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
FrankRuehl
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
FreesiaUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Freestyle Script
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
French Script MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gabriola
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Garamond
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gautami
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Georgia
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gigi
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gill Sans MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gill Sans MT Condensed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gill Sans MT Ext Condensed Bold
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gill Sans Ultra Bold
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gill Sans Ultra Bold Condensed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gisha
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gloucester MT Extra Condensed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Goudy Old Style
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Goudy Stout
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gulim
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
GulimChe
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Gungsuh
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
GungsuhChe
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Haettenschweiler
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Harlow Solid Italic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Harrington
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
High Tower Text
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Impact
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Imprint MT Shadow
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Informal Roman
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
IrisUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Iskoola Pota
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
JasmineUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Jokerman
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Juice ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
KaiTi
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Kalinga
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Kartika
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Khmer UI
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
KodchiangUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Kokila
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Kristen ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Kunstler Script
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Lao UI
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Latha
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Leelawadee
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Levenim MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
LilyUPC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Lucida Bright
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Lucida Calligraphy
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Lucida Console
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Lucida Fax
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Lucida Handwriting
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Lucida Sans
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Lucida Sans Typewriter
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Lucida Sans Unicode
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Magneto
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Maiandra GD
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Malgun Gothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Mangal
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Marlett
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Matura MT Script Capitals
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Meiryo
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Meiryo UI
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Himalaya
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft JhengHei
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft New Tai Lue
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft PhagsPa
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Sans Serif
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Tai Le
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Uighur
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft YaHei
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Yi Baiti
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MingLiU
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MingLiU_HKSCS
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MingLiU_HKSCS-ExtB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MingLiU-ExtB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Miriam
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Miriam Fixed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Mistral
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Modern No. 20
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Mongolian Baiti
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Monotype Corsiva
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MoolBoran
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MS Gothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MS Mincho
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MS Outlook
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MS PGothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MS PMincho
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MS Reference Sans Serif
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MS Reference Specialty
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MS UI Gothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MT Extra
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MV Boli
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Narkisim
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Niagara Engraved
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Niagara Solid
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
NSimSun
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Nyala
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
OCR A Extended
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Old English Text MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Onyx
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Palace Script MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Palatino Linotype
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Papyrus
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Parchment
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Perpetua
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Perpetua Titling MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Plantagenet Cherokee
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Playbill
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PMingLiU
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PMingLiU-ExtB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Poor Richard
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Pristina
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Raavi
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Rage Italic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Ravie
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Rockwell
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Rockwell Condensed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Rockwell Extra Bold
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Rod
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Sakkal Majalla
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Script MT Bold
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Segoe Print
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Segoe Script
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Segoe UI
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Segoe UI Light
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Segoe UI Semibold
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Segoe UI Symbol
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Shonar Bangla
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Showcard Gothic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Shruti
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SimHei
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Simplified Arabic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Simplified Arabic Fixed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SimSun
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SimSun-ExtB
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Snap ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Stencil
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Sylfaen
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Symbol
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Tahoma
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Tempus Sans ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Times New Roman
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Traditional Arabic
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Trebuchet MS
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Tunga
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Tw Cen MT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Tw Cen MT Condensed
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Tw Cen MT Condensed Extra Bold
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Utsaah
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Vani
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Verdana
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Vijaya
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Viner Hand ITC
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Vivaldi
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Vladimir Script
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Vrinda
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Webdings
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wide Latin
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wingdings
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wingdings 2
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wingdings 3
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
352E1
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
WORDFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
352E1
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Settings
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ZoomApp
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MTTF
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MTTA
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
EquationEditorFilesIntl_1033
 clean
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
SavedLegacySettings
 clean
C:\Users\user\AppData\Roaming\plugmangd5693.exe
FontCachePath
 clean
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
SMTP Service
 clean
C:\Windows\System32\taskeng.exe
data
 clean
There are 316 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
760000
unkown image
page read and write
 malicious
228E000
unkown
page read and write
 malicious
A26C000
unkown
page read and write
 malicious
A161000
unkown
page read and write
 malicious
3826000
unkown
page read and write
 malicious
402000
unkown
page execute and read and write
 malicious
3B0000
unkown
page read and write
 clean
BB0000
heap private
page execute and read and write
 clean
2304000
unkown
page read and write
 clean
6F62000
unkown
page read and write
 clean
6F49000
unkown
page read and write
 clean
286000
heap default
page read and write
 clean
4260000
unkown
page read and write
 clean
51EE000
unkown
page read and write
 clean
868000
heap default
page read and write
 clean
4E0000
unkown
page read and write
 clean
6CCF000
unkown
page read and write
 clean
780000
unkown
page read and write
 clean
73BB000
unkown
page read and write
 clean
450000
unkown
page execute and read and write
 clean
BAE000
unkown
page read and write | page guard
 clean
4E0000
unkown
page read and write
 clean
2B5000
heap default
page read and write
 clean
50000
unkown image
page readonly
 clean
4370000
unkown
page read and write
 clean
6F0000
unkown
page execute and read and write
 clean
70E8000
unkown
page read and write
 clean
38BF000
unkown
page read and write
 clean
496E000
unkown
page read and write
 clean
34C4000
unkown
page read and write
 clean
5140000
unkown
page read and write
 clean
3ABF000
unkown
page read and write
 clean
572000
unkown
page read and write
 clean
86C000
unkown
page read and write
 clean
BCF000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
36A000
unkown
page execute and read and write
 clean
160000
unkown image
page readonly
 clean
362000
unkown
page execute and read and write
 clean
572F000
unkown
page read and write
 clean
77D1000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
2D0000
heap default
page read and write
 clean
1F0000
unkown
page read and write
 clean
3B1F000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
50000
unkown image
page readonly
 clean
39BF000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
3ADF000
unkown
page read and write
 clean
430000
heap default
page read and write
 clean
7328000
unkown
page read and write
 clean
39DF000
unkown
page read and write
 clean
A0000
unkown image
page readonly
 clean
11B0000
unkown image
page readonly
 clean
479000
heap default
page read and write
 clean
10DE000
unkown
page read and write | page guard
 clean
3A9F000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
3AFF000
unkown
page read and write
 clean
54F000
unkown
page read and write
 clean
3F0000
unkown
page read and write
 clean
1F2000
unkown
page execute and read and write
 clean
4E0000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
1FA000
unkown
page execute and read and write
 clean
520000
heap private
page read and write
 clean
3B5F000
unkown
page read and write
 clean
721B000
unkown
page read and write
 clean
4F0000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
783F000
unkown
page read and write
 clean
4DA000
heap default
page read and write
 clean
850000
unkown image
page readonly
 clean
20000
unkown
page read and write
 clean
3A5F000
unkown
page read and write
 clean
149000
unkown
page read and write
 clean
3A7F000
unkown
page read and write
 clean
207000
unkown
page execute and read and write
 clean
7C4000
heap default
page read and write
 clean
5430000
unkown image
page read and write
 clean
70A5000
unkown
page read and write
 clean
1EA000
unkown
page execute and read and write
 clean
7EFE0000
unkown image
page readonly
 clean
4260000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
65C0000
unkown
page read and write
 clean
43CC000
unkown
page read and write
 clean
454000
heap default
page read and write
 clean
555B000
unkown
page read and write
 clean
6629000
unkown
page read and write
 clean
1F4F000
unkown
page read and write
 clean
510000
unkown
page read and write
 clean
2C0000
unkown
page read and write
 clean
69FE000
unkown
page read and write
 clean
3A0000
unkown image
page readonly
 clean
3AFF000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
C48000
unkown
page read and write
 clean
510000
unkown
page execute and read and write
 clean
399F000
unkown
page read and write
 clean
39DF000
unkown
page read and write
 clean
44E2000
heap private
page read and write
 clean
391F000
unkown
page read and write
 clean
20000
unkown image
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
85C000
heap default
page read and write
 clean
73B1000
unkown
page read and write
 clean
56C7000
unkown
page read and write
 clean
4360000
unkown
page read and write
 clean
3A5F000
unkown
page read and write
 clean
67E000
unkown
page read and write
 clean
6F0000
unkown image
page readonly
 clean
3B3F000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
4E6000
unkown
page read and write
 clean
6ED5000
unkown
page read and write
 clean
580000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
F7F000
unkown
page read and write
 clean
39BF000
unkown
page read and write
 clean
6EFC000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
DF4000
heap private
page execute and read and write
 clean
6A6A000
unkown
page read and write
 clean
24D000
heap default
page read and write
 clean
3ABF000
unkown
page read and write
 clean
7744000
unkown
page read and write
 clean
397F000
unkown
page read and write
 clean
16D000
unkown
page read and write
 clean
100000
unkown image
page readonly
 clean
4E6000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
6ED0000
unkown
page read and write
 clean
6EF6000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
550000
unkown image
page readonly
 clean
3A9F000
unkown
page read and write
 clean
1E10000
unkown image
page readonly
 clean
5B5E000
unkown
page read and write
 clean
A30000
unkown image
page read and write
 clean
710000
heap private
page read and write
 clean
210000
heap default
page read and write
 clean
35E1000
unkown
page read and write
 clean
4E6000
unkown
page read and write
 clean
202000
unkown
page read and write
 clean
6ECE000
unkown
page read and write
 clean
6B8B000
unkown
page read and write
 clean
3A9F000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
3ADF000
unkown
page read and write
 clean
4E6000
unkown
page read and write
 clean
280000
heap default
page read and write
 clean
2FA000
unkown
page execute and read and write
 clean
36A000
unkown
page read and write
 clean
C60000
unkown
page read and write
 clean
490000
heap default
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
146000
unkown
page read and write
 clean
389F000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
6E81000
unkown
page read and write
 clean
60AF000
unkown
page read and write
 clean
6F5F000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
391F000
unkown
page read and write
 clean
21BE000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
21BF000
unkown
page read and write
 clean
2A94000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
4EC000
unkown
page read and write
 clean
6E8B000
unkown
page read and write
 clean
25C1000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
630000
unkown
page read and write
 clean
72C2000
unkown
page read and write
 clean
3B1F000
unkown
page read and write
 clean
7E37000
unkown
page read and write
 clean
638000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
4FF000
heap default
page read and write
 clean
4260000
unkown
page read and write
 clean
4ADD000
unkown
page read and write
 clean
3B3F000
unkown
page read and write
 clean
196000
unkown
page read and write
 clean
3A1F000
unkown
page read and write
 clean
680000
unkown
page read and write
 clean
7077000
unkown
page read and write
 clean
399F000
unkown
page read and write
 clean
745C000
unkown
page read and write
 clean
7A7000
heap default
page read and write
 clean
6F01000
unkown
page read and write
 clean
566F000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
565D000
unkown
page read and write
 clean
3ABF000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
160000
unkown
page read and write
 clean
3B2000
unkown
page read and write
 clean
B30E000
unkown
page read and write | page guard
 clean
510000
unkown
page read and write
 clean
7367000
unkown
page read and write
 clean
7375000
unkown
page read and write
 clean
6AD0000
unkown
page read and write
 clean
393F000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
312000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
1EE0000
heap private
page read and write
 clean
11B8000
unkown image
page readonly
 clean
2292000
unkown
page read and write
 clean
6D0000
unkown image
page readonly
 clean
7EFE0000
unkown image
page readonly
 clean
AF20000
unkown
page read and write
 clean
2D7000
heap default
page read and write
 clean
7333000
unkown
page read and write
 clean
3E0000
heap private
page execute and read and write
 clean
DC0000
unkown
page read and write
 clean
3A9F000
unkown
page read and write
 clean
214000
heap default
page read and write
 clean
56C0000
heap private
page read and write
 clean
A40000
unkown
page read and write
 clean
8B0000
unkown image
page readonly
 clean
391F000
unkown
page read and write
 clean
2050000
heap private
page execute and read and write
 clean
6CA0000
unkown
page read and write
 clean
37B000
unkown
page execute and read and write
 clean
6F47000
unkown
page read and write
 clean
29A000
unkown
page read and write
 clean
25E1000
unkown
page read and write
 clean
39FF000
unkown
page read and write
 clean
5D2000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
460D000
unkown
page read and write
 clean
395F000
unkown
page read and write
 clean
20000
unkown image
page read and write
 clean
AF1D000
unkown
page read and write
 clean
38A0000
unkown
page read and write
 clean
5736000
unkown
page read and write
 clean
6F10000
unkown
page read and write
 clean
60AE000
unkown
page read and write | page guard
 clean
5EA0000
heap private
page read and write
 clean
3A1F000
unkown
page read and write
 clean
5722000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
395F000
unkown
page read and write
 clean
636000
unkown
page read and write
 clean
440000
unkown
page read and write
 clean
1D4E000
unkown
page read and write
 clean
6B62000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
440000
unkown
page read and write
 clean
72B5000
unkown
page read and write
 clean
228000
unkown
page read and write
 clean
4228000
unkown
page read and write
 clean
67E000
unkown
page read and write
 clean
4AE000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
733B000
unkown
page read and write
 clean
10DF000
unkown
page read and write
 clean
1130000
unkown image
page readonly
 clean
690000
unkown
page read and write
 clean
22BF000
unkown
page read and write
 clean
440000
unkown
page read and write
 clean
393F000
unkown
page read and write
 clean
3A9F000
unkown
page read and write
 clean
1E20000
unkown image
page read and write
 clean
582000
heap private
page execute and read and write
 clean
5736000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
6B80000
unkown
page read and write
 clean
5BB0000
unkown
page read and write
 clean
6E89000
unkown
page read and write
 clean
2889000
unkown
page read and write
 clean
3ADF000
unkown
page read and write
 clean
600000
heap private
page execute and read and write
 clean
6634000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
4E6000
unkown
page read and write
 clean
38FF000
unkown
page read and write
 clean
3A9F000
unkown
page read and write
 clean
3801000
unkown
page read and write
 clean
5A6D000
unkown
page read and write
 clean
1DC0000
heap private
page read and write
 clean
240000
unkown
page execute and read and write
 clean
4220000
unkown image
page read and write
 clean
DD0000
heap private
page execute and read and write
 clean
4F8000
unkown
page read and write
 clean
260000
heap default
page read and write
 clean
7330000
unkown
page read and write
 clean
990000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
269F000
unkown
page read and write
 clean
7142000
unkown
page read and write
 clean
7A36000
unkown
page read and write
 clean
270000
heap private
page read and write
 clean
393F000
unkown
page read and write
 clean
3ADF000
unkown
page read and write
 clean
72AE000
unkown
page read and write
 clean
3A9F000
unkown
page read and write
 clean
1F1B000
heap private
page read and write
 clean
44C0000
heap private
page read and write
 clean
6FB9000
unkown
page read and write
 clean
391F000
unkown
page read and write
 clean
397F000
unkown
page read and write
 clean
510000
unkown
page read and write
 clean
39C0000
unkown
page read and write
 clean
440000
unkown
page read and write
 clean
192000
unkown
page execute and read and write
 clean
3C7000
unkown
page execute and read and write
 clean
3B4000
unkown image
page readonly
 clean
4E6000
unkown
page read and write
 clean
395F000
unkown
page read and write
 clean
38DF000
unkown
page read and write
 clean
1D00000
unkown
page execute and read and write
 clean
4260000
unkown
page read and write
 clean
3A0000
unkown
page execute and read and write
 clean
4A0C000
unkown
page read and write
 clean
5B0000
heap default
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
6C71000
unkown
page read and write
 clean
3A3F000
unkown
page read and write
 clean
8E9000
heap private
page read and write
 clean
39DF000
unkown
page read and write
 clean
77C0000
unkown
page read and write
 clean
56AD000
unkown
page read and write
 clean
3B3F000
unkown
page read and write
 clean
A90000
unkown
page read and write
 clean
61F000
unkown
page read and write
 clean
4E7000
unkown
page read and write
 clean
3A9F000
unkown
page read and write
 clean
4350000
unkown
page execute and read and write
 clean
7EFC2000
unkown image
page readonly
 clean
4F0000
unkown image
page readonly
 clean
4E5000
unkown
page read and write
 clean
712E000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
172000
unkown
page execute and read and write
 clean
3B4000
unkown image
page readonly
 clean
74E5000
unkown
page read and write
 clean
625F000
unkown
page read and write
 clean
770000
unkown
page read and write
 clean
332000
unkown image
page execute read
 clean
638000
unkown
page read and write
 clean
3A1F000
unkown
page read and write
 clean
39BF000
unkown
page read and write
 clean
56F1000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
2BB000
unkown
page read and write
 clean
1B2000
unkown image
page execute read
 clean
3A1F000
unkown
page read and write
 clean
6DF2000
unkown
page read and write
 clean
3ABF000
unkown
page read and write
 clean
670000
unkown
page read and write
 clean
760000
unkown
page read and write
 clean
694E000
unkown
page read and write
 clean
4F0000
unkown
page read and write
 clean
59EE000
unkown
page read and write
 clean
5D60000
unkown
page read and write
 clean
5A0000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
551E000
unkown
page read and write
 clean
56F1000
unkown
page read and write
 clean
6636000
unkown
page read and write
 clean
B0CE000
unkown
page read and write
 clean
274000
heap default
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
38FF000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
72E2000
unkown
page read and write
 clean
3ABF000
unkown
page read and write
 clean
393F000
unkown
page read and write
 clean
17A000
unkown
page execute and read and write
 clean
3A80000
unkown
page read and write
 clean
6DBF000
unkown
page read and write
 clean
1B2000
unkown image
page execute read
 clean
7E9000
heap default
page read and write
 clean
73A9000
unkown
page read and write
 clean
6B20000
unkown
page read and write
 clean
3B3F000
unkown
page read and write
 clean
3A9F000
unkown
page read and write
 clean
4B6E000
unkown
page read and write
 clean
20000
unkown image
page read and write
 clean
7189000
unkown
page read and write
 clean
3A7F000
unkown
page read and write
 clean
86C000
unkown
page read and write
 clean
1B0000
unkown image
page readonly
 clean
38A0000
unkown
page read and write
 clean
1E0000
unkown
page read and write
 clean
754A000
unkown
page read and write
 clean
6D8F000
unkown
page read and write
 clean
73AB000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
6B1E000
unkown
page read and write
 clean
39DF000
unkown
page read and write
 clean
4A40000
unkown
page execute and read and write
 clean
5736000
unkown
page read and write
 clean
399F000
unkown
page read and write
 clean
70FC000
unkown
page read and write
 clean
395F000
unkown
page read and write
 clean
38DF000
unkown
page read and write
 clean
4280000
unkown
page read and write
 clean
7306000
unkown
page read and write
 clean
6DDC000
unkown
page read and write
 clean
4E2E000
unkown
page read and write
 clean
6D00000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
DC0000
unkown
page read and write
 clean
49C0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
3D0000
unkown image
page readonly
 clean
780000
unkown image
page read and write
 clean
6D96000
unkown
page read and write
 clean
3A1F000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
395F000
unkown
page read and write
 clean
38DF000
unkown
page read and write
 clean
3B3F000
unkown
page read and write
 clean
3ADF000
unkown
page read and write
 clean
74A000
heap default
page read and write
 clean
270000
unkown
page read and write
 clean
3A7F000
unkown
page read and write
 clean
399F000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
71C1000
unkown
page read and write
 clean
38A0000
unkown
page read and write
 clean
37B000
unkown
page execute and read and write
 clean
39DF000
unkown
page read and write
 clean
260000
unkown image
page read and write
 clean
3ABF000
unkown
page read and write
 clean
4D0000
unkown
page execute and read and write
 clean
393F000
unkown
page read and write
 clean
72E8000
unkown
page read and write
 clean
5B2000
unkown
page read and write
 clean
C5F000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
285B000
heap private
page read and write
 clean
5706000
unkown
page read and write
 clean
39BF000
unkown
page read and write
 clean
42E0000
unkown
page read and write
 clean
510000
heap default
page read and write
 clean
3A1F000
unkown
page read and write
 clean
150000
unkown image
page readonly
 clean
6EBC000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
5722000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
396000
unkown
page read and write
 clean
5706000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
397F000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
6D30000
unkown
page read and write
 clean
800000
unkown image
page readonly
 clean
6ACE000
unkown
page read and write
 clean
2285000
unkown
page read and write
 clean
49D000
heap default
page read and write
 clean
560000
unkown
page execute and read and write
 clean
7EFC2000
unkown image
page readonly
 clean
3A5F000
unkown
page read and write
 clean
7C2A000
unkown
page read and write
 clean
5A0000
unkown image
page read and write
 clean
23B000
unkown
page read and write
 clean
1E0000
unkown image
page readonly
 clean
6B9F000
unkown
page read and write
 clean
391F000
unkown
page read and write
 clean
6F80000
unkown
page read and write
 clean
150000
heap private
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
530F000
unkown
page read and write
 clean
3ABF000
unkown
page read and write
 clean
560000
unkown image
page readonly
 clean
6B0000
heap private
page read and write
 clean
864000
heap default
page read and write
 clean
E50000
heap private
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
377000
unkown
page execute and read and write
 clean
4E0000
unkown
page read and write
 clean
3B1F000
unkown
page read and write
 clean
43D0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
1A0000
heap private
page read and write
 clean
38A0000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
635000
unkown
page read and write
 clean
70B8000
unkown
page read and write
 clean
3AFF000
unkown
page read and write
 clean
6632000
unkown
page read and write
 clean
440000
unkown
page read and write
 clean
5640000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
38FF000
unkown
page read and write
 clean
6E8E000
unkown
page read and write
 clean
A20000
unkown image
page readonly
 clean
4B1E000
unkown
page read and write
 clean
160000
unkown image
page read and write
 clean
420000
unkown
page read and write
 clean
66C0000
unkown
page read and write
 clean
6C45000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
39FF000
unkown
page read and write
 clean
6F15000
unkown
page read and write
 clean
7068000
unkown
page read and write
 clean
430000
unkown
page read and write
 clean
170000
unkown
page read and write
 clean
4370000
unkown
page read and write
 clean
7347000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
1F0000
heap default
page read and write
 clean
6FAA000
unkown
page read and write
 clean
6A03000
unkown
page read and write
 clean
1C0000
unkown
page read and write
 clean
290000
unkown
page read and write
 clean
6A3E000
unkown
page read and write
 clean
397F000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
516000
unkown
page read and write
 clean
19A000
unkown
page execute and read and write
 clean
6C4A000
unkown
page read and write
 clean
4C1D000
unkown
page read and write
 clean
6CD5000
unkown
page read and write
 clean
791000
unkown
page read and write
 clean
5AA0000
heap private
page read and write
 clean
86C000
unkown
page read and write
 clean
3ADF000
unkown
page read and write
 clean
48E000
unkown
page read and write
 clean
3ADF000
unkown
page read and write
 clean
290000
unkown image
page readonly
 clean
7E33000
unkown
page read and write
 clean
6F45000
unkown
page read and write
 clean
860000
unkown image
page readonly
 clean
6CCA000
unkown
page read and write
 clean
367000
unkown
page read and write | page guard
 clean
395F000
unkown
page read and write
 clean
497000
heap default
page read and write
 clean
72F8000
unkown
page read and write
 clean
5D0000
unkown
page read and write
 clean
24000
heap private
page read and write
 clean
3A3F000
unkown
page read and write
 clean
399F000
unkown
page read and write
 clean
6F3F000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
355000
heap default
page read and write
 clean
5D5F000
unkown
page read and write
 clean
500000
unkown
page read and write
 clean
7274000
unkown
page read and write
 clean
5722000
unkown
page read and write
 clean
4E4000
unkown
page read and write
 clean
393F000
unkown
page read and write
 clean
5E0000
unkown image
page readonly
 clean
6C75000
unkown
page read and write
 clean
80000
unkown image
page readonly
 clean
38DF000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
83A000
heap default
page read and write
 clean
3920000
unkown
page read and write
 clean
460000
unkown image
page readonly
 clean
16A000
unkown
page execute and read and write
 clean
11B0000
unkown image
page readonly
 clean
6D84000
unkown
page read and write
 clean
56AB000
unkown
page read and write
 clean
510000
unkown
page read and write
 clean
3ADF000
unkown
page read and write
 clean
6DF0000
unkown
page read and write
 clean
6FFE000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
420000
unkown
page read and write
 clean
4260000
unkown image
page readonly
 clean
4E7000
unkown
page read and write
 clean
4D50000
unkown image
page readonly
 clean
630000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
A24C000
unkown
page read and write
 clean
42D0000
unkown
page read and write
 clean
670000
heap private
page read and write
 clean
1E30000
unkown
page read and write
 clean
69D7000
unkown
page read and write
 clean
1F4E000
unkown
page read and write | page guard
 clean
74A9000
unkown
page read and write
 clean
39FF000
unkown
page read and write
 clean
56E3000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
736D000
unkown
page read and write
 clean
B30F000
unkown
page read and write
 clean
3B1F000
unkown
page read and write
 clean
1B2000
unkown
page execute and read and write
 clean
6F55000
unkown
page read and write
 clean
5A5000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
3A3F000
unkown
page read and write
 clean
6981000
unkown
page read and write
 clean
6624000
unkown
page read and write
 clean
393F000
unkown
page read and write
 clean
4ADF000
unkown
page read and write
 clean
330000
unkown image
page readonly
 clean
7EF97000
unkown
page read and write
 clean
34A000
unkown
page execute and read and write
 clean
3A7F000
unkown
page read and write
 clean
11B0000
unkown image
page readonly
 clean
150000
unkown image
page read and write
 clean
C7D000
unkown
page read and write
 clean
707000
heap default
page read and write
 clean
4E0000
unkown
page read and write
 clean
5C0000
unkown
page read and write
 clean
3B2000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
42F0000
unkown
page read and write
 clean
2A45000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
56AB000
unkown
page read and write
 clean
56C7000
unkown
page read and write
 clean
840000
unkown image
page readonly
 clean
3B1F000
unkown
page read and write
 clean
A50000
heap private
page read and write
 clean
6CA7000
unkown
page read and write
 clean
73C6000
unkown
page read and write
 clean
3A9F000
unkown
page read and write
 clean
4B0000
unkown image
page read and write
 clean
3A80000
unkown
page read and write
 clean
3AFF000
unkown
page read and write
 clean
1E30000
unkown
page read and write
 clean
6B32000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
1BA000
unkown
page execute and read and write
 clean
703B000
unkown
page read and write
 clean
3A7F000
unkown
page read and write
 clean
4270000
unkown
page read and write
 clean
440000
unkown image
page readonly
 clean
6D06000
unkown
page read and write
 clean
107E000
unkown
page read and write
 clean
6DDE000
unkown
page read and write
 clean
AF20000
unkown
page read and write
 clean
38FF000
unkown
page read and write
 clean
400000
heap private
page execute and read and write
 clean
1DA000
unkown
page read and write
 clean
C40000
unkown
page read and write
 clean
3AFF000
unkown
page read and write
 clean
56E2000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
2531000
unkown
page read and write
 clean
38FF000
unkown
page read and write
 clean
A60000
unkown image
page readonly
 clean
550000
unkown image
page readonly
 clean
6EB6000
unkown
page read and write
 clean
160000
unkown image
page readonly
 clean
6C6C000
unkown
page read and write
 clean
3A1F000
unkown
page read and write
 clean
256000
heap default
page read and write
 clean
434D000
unkown
page read and write
 clean
73B3000
unkown
page read and write
 clean
437000
heap default
page read and write
 clean
4260000
unkown
page read and write
 clean
2B0000
heap private
page read and write
 clean
6EB1000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
6C29000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
B7E000
unkown
page read and write | page guard
 clean
71F5000
unkown
page read and write
 clean
29C000
heap default
page read and write
 clean
3ABF000
unkown
page read and write
 clean
3A5F000
unkown
page read and write
 clean
6D0D000
unkown
page read and write
 clean
4A3000
heap default
page read and write
 clean
6F0E000
unkown
page read and write
 clean
563E000
unkown
page read and write
 clean
3B0000
unkown
page read and write
 clean
4360000
unkown
page read and write
 clean
3A9F000
unkown
page read and write
 clean
7EF2F000
unkown
page read and write
 clean
4300000
unkown
page read and write
 clean
980000
unkown image
page readonly
 clean
3CB000
unkown
page execute and read and write
 clean
3ABF000
unkown
page read and write
 clean
4BBE000
unkown
page read and write
 clean
3A3F000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
7EF30000
unkown
page execute and read and write
 clean
3FE000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
700000
heap default
page read and write
 clean
440000
unkown
page read and write
 clean
57FC000
unkown
page read and write
 clean
49B0000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
86C000
unkown
page read and write
 clean
3B3F000
unkown
page read and write
 clean
39BF000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
2923000
unkown
page read and write
 clean
6F42000
unkown
page read and write
 clean
565000
heap private
page execute and read and write
 clean
38DF000
unkown
page read and write
 clean
6EC7000
unkown
page read and write
 clean
72E5000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
FBE000
unkown
page read and write
 clean
5684000
unkown
page read and write
 clean
6D0A000
unkown
page read and write
 clean
3B0000
unkown
page read and write
 clean
1A7000
unkown
page execute and read and write
 clean
BAF000
unkown
page read and write
 clean
724000
heap default
page read and write
 clean
5E0000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
6C0000
heap private
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
3ADF000
unkown
page read and write
 clean
3A5F000
unkown
page read and write
 clean
2221000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
39BF000
unkown
page read and write
 clean
38BF000
unkown
page read and write
 clean
86E000
unkown
page read and write
 clean
42C0000
unkown
page read and write
 clean
5800000
unkown image
page readonly
 clean
39FF000
unkown
page read and write
 clean
39FF000
unkown
page read and write
 clean
7B5E000
unkown
page read and write
 clean
20B000
unkown
page execute and read and write
 clean
2F2000
unkown
page execute and read and write
 clean
3A5F000
unkown
page read and write
 clean
9C000
unkown
page read and write
 clean
38BF000
unkown
page read and write
 clean
3A3F000
unkown
page read and write
 clean
2AA000
unkown
page execute and read and write
 clean
60000
unkown image
page readonly
 clean
66DD000
unkown
page read and write
 clean
3ADF000
unkown
page read and write
 clean
4A50000
heap private
page read and write
 clean
C50000
heap private
page read and write
 clean
680000
unkown image
page readonly
 clean
670000
unkown
page read and write
 clean
38DF000
unkown
page read and write
 clean
3B3F000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
460000
unkown
page read and write
 clean
C58000
heap private
page read and write
 clean
202E000
unkown
page read and write
 clean
6A51000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
39DF000
unkown
page read and write
 clean
49DE000
unkown
page read and write
 clean
2720000
unkown image
page readonly
 clean
672000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
6F5B000
unkown
page read and write
 clean
3A3F000
unkown
page read and write
 clean
4900000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
7697000
unkown
page read and write
 clean
3ADF000
unkown
page read and write
 clean
4B70000
unkown
page read and write
 clean
3C6000
unkown
page read and write
 clean
4FFE000
unkown
page read and write
 clean
31A000
unkown
page execute and read and write
 clean
7EFC0000
unkown image
page readonly
 clean
366000
unkown
page read and write
 clean
393F000
unkown
page read and write
 clean
377000
unkown
page execute and read and write
 clean
391F000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
3221000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
8E0000
heap private
page read and write
 clean
4E0000
unkown
page read and write
 clean
258000
heap default
page read and write
 clean
85D000
unkown
page read and write
 clean
391F000
unkown
page read and write
 clean
E56000
heap private
page read and write
 clean
6CA4000
unkown
page read and write
 clean
720000
unkown image
page readonly
 clean
32A000
unkown
page execute and read and write
 clean
3B3F000
unkown
page read and write
 clean
2820000
heap private
page read and write
 clean
40000
unkown image
page readonly
 clean
635000
unkown
page read and write
 clean
6621000
unkown
page read and write
 clean
7525000
unkown
page read and write
 clean
162000
unkown
page execute and read and write
 clean
DD7000
heap private
page execute and read and write
 clean
42D0000
unkown
page read and write
 clean
39FF000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
680000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
6BE000
unkown
page read and write
 clean
680000
unkown image
page read and write
 clean
2A74000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
54D0000
heap private
page read and write
 clean
3A7F000
unkown
page read and write
 clean
6FF0000
unkown
page read and write
 clean
7E15000
unkown
page read and write
 clean
6F17000
unkown
page read and write
 clean
768000
unkown
page read and write
 clean
42C0000
unkown image
page read and write
 clean
4F0000
unkown
page read and write
 clean
393F000
unkown
page read and write
 clean
7780000
unkown
page read and write
 clean
322000
unkown
page execute and read and write
 clean
2C8000
unkown
page read and write
 clean
86C000
unkown
page read and write
 clean
547000
unkown
page read and write
 clean
147000
unkown
page read and write | page guard
 clean
3C0000
heap private
page execute and read and write
 clean
4F1C000
unkown
page read and write
 clean
6C80000
unkown
page read and write
 clean
440000
unkown
page execute and read and write
 clean
1AB000
unkown
page read and write
 clean
330000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
346000
unkown
page read and write
 clean
6AE2000
unkown
page read and write
 clean
1F0000
heap default
page read and write
 clean
42CF000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
54DC000
heap private
page read and write
 clean
30000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
3B1F000
unkown
page read and write
 clean
560000
heap private
page execute and read and write
 clean
1B0000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
6E76000
unkown
page read and write
 clean
524000
heap private
page read and write
 clean
577F000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
509C000
unkown
page read and write
 clean
4E6000
unkown
page read and write
 clean
7304000
unkown
page read and write
 clean
39FF000
unkown
page read and write
 clean
44C4000
heap private
page read and write
 clean
4B6E000
unkown
page read and write
 clean
450000
heap private
page read and write
 clean
C40000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
1CA000
unkown
page execute and read and write
 clean
6F1C000
unkown
page read and write
 clean
494E000
unkown
page read and write
 clean
546000
unkown
page read and write | page guard
 clean
690000
unkown
page read and write
 clean
3A5F000
unkown
page read and write
 clean
663E000
unkown
page read and write
 clean
399000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
38BF000
unkown
page read and write
 clean
1C2000
unkown
page execute and read and write
 clean
737D000
unkown
page read and write
 clean
239000
heap default
page read and write
 clean
3A7F000
unkown
page read and write
 clean
3D0000
unkown image
page readonly
 clean
39FF000
unkown
page read and write
 clean
572F000
unkown
page read and write
 clean
317000
unkown
page execute and read and write
 clean
3AFF000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
3A3F000
unkown
page read and write
 clean
39DF000
unkown
page read and write
 clean
3A1F000
unkown
page read and write
 clean
2000000
unkown
page read and write
 clean
7795000
unkown
page read and write
 clean
330000
unkown image
page readonly
 clean
630000
unkown
page read and write
 clean
38A0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
170000
unkown
page read and write
 clean
192000
unkown
page execute and read and write
 clean
30E000
heap default
page read and write
 clean
6BDA000
unkown
page read and write
 clean
1DD0000
heap private
page execute and read and write
 clean
6EF8000
unkown
page read and write
 clean
39BF000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
6C78000
unkown
page read and write
 clean
3AFF000
unkown
page read and write
 clean
1F7000
heap default
page read and write
 clean
3B5F000
unkown
page read and write
 clean
3B5F000
unkown
page read and write
 clean
7A0000
heap default
page read and write
 clean
7787000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
470000
heap private
page execute and read and write
 clean
6EBA000
unkown
page read and write
 clean
110000
unkown image
page readonly
 clean
4260000
unkown
page read and write
 clean
3B3F000
unkown
page read and write
 clean
7372000
unkown
page read and write
 clean
736A000
unkown
page read and write
 clean
182000
unkown
page execute and read and write
 clean
130000
heap private
page read and write
 clean
4E0000
unkown
page read and write
 clean
48FE000
unkown
page read and write
 clean
6620000
unkown
page read and write
 clean
342000
unkown
page execute and read and write
 clean
1FC000
unkown
page execute and read and write
 clean
3531000
unkown
page read and write
 clean
2854000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
39DF000
unkown
page read and write
 clean
3B1F000
unkown
page read and write
 clean
2A2000
unkown
page execute and read and write
 clean
2B3000
heap default
page read and write
 clean
700000
unkown image
page readonly
 clean
544C000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
4B4000
heap default
page read and write
 clean
2BB000
heap default
page read and write
 clean
4A0000
heap default
page read and write
 clean
6980000
unkown
page read and write
 clean
3F0000
unkown image
page readonly
 clean
3AFF000
unkown
page read and write
 clean
1E2000
unkown
page execute and read and write
 clean
350000
heap default
page read and write
 clean
587E000
unkown
page read and write
 clean
38DF000
unkown
page read and write
 clean
310000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
56A7000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
1E40000
unkown
page read and write
 clean
637000
unkown
page read and write
 clean
3B1F000
unkown
page read and write
 clean
38FF000
unkown
page read and write
 clean
1AF0000
unkown image
page readonly
 clean
6C9A000
unkown
page read and write
 clean
5CE000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
11B2000
unkown image
page execute read
 clean
6D0000
unkown image
page readonly
 clean
3A5F000
unkown
page read and write
 clean
2C0000
heap default
page read and write
 clean
6BEE000
unkown
page read and write
 clean
90000
heap default
page read and write
 clean
776A000
unkown
page read and write
 clean
38A0000
unkown
page read and write
 clean
6E73000
unkown
page read and write
 clean
35C1000
unkown
page read and write
 clean
56A7000
unkown
page read and write
 clean
60B0000
heap private
page read and write
 clean
38BF000
unkown
page read and write
 clean
11B2000
unkown image
page execute read
 clean
7E1A000
unkown
page read and write
 clean
3B1F000
unkown
page read and write
 clean
3B3F000
unkown
page read and write
 clean
5AA4000
heap private
page read and write
 clean
B7F000
unkown
page read and write
 clean
550000
unkown image
page readonly
 clean
56F1000
unkown
page read and write
 clean
395F000
unkown
page read and write
 clean
20000
heap private
page read and write
 clean
1B8000
unkown image
page readonly
 clean
6E6F000
unkown
page read and write
 clean
4D4F000
unkown
page read and write
 clean
1E2000
unkown
page read and write
 clean
AF20000
unkown
page read and write
 clean
190000
unkown
page read and write
 clean
441000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
5AA8000
heap private
page read and write
 clean
AE1E000
unkown
page read and write
 clean
56E2000
unkown
page read and write
 clean
399F000
unkown
page read and write
 clean
250000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
6EFE000
unkown
page read and write
 clean
7D8B000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
230F000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
A30000
unkown
page read and write
 clean
217000
heap default
page read and write
 clean
332000
unkown image
page execute read
 clean
850000
unkown image
page readonly
 clean
39BF000
unkown
page read and write
 clean
397F000
unkown
page read and write
 clean
4360000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
510000
unkown
page read and write
 clean
38FF000
unkown
page read and write
 clean
3C0000
unkown
page execute and read and write
 clean
662F000
unkown
page read and write
 clean
190000
unkown
page read and write
 clean
6CD3000
unkown
page read and write
 clean
530C000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
300000
unkown
page read and write
 clean
391F000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
7EFB2000
unkown image
page readonly
 clean
1E6000
unkown
page execute and read and write
 clean
702C000
unkown
page read and write
 clean
7EF50000
unkown
page execute and read and write
 clean
6DF7000
unkown
page read and write
 clean
515000
unkown
page read and write
 clean
699B000
unkown
page read and write
 clean
572F000
unkown
page read and write
 clean
780000
unkown
page read and write
 clean
542000
heap private
page read and write
 clean
3B1F000
unkown
page read and write
 clean
395F000
unkown
page read and write
 clean
7E20000
unkown
page read and write
 clean
445000
unkown
page read and write
 clean
3A3F000
unkown
page read and write
 clean
3B0000
unkown
page read and write
 clean
69EF000
unkown
page read and write
 clean
1EE4000
heap private
page read and write
 clean
5A7000
unkown
page read and write
 clean
3B5F000
unkown
page read and write
 clean
6E6A000
unkown
page read and write
 clean
39DF000
unkown
page read and write
 clean
5D0000
unkown
page read and write
 clean
3A1F000
unkown
page read and write
 clean
3B5F000
unkown
page read and write
 clean
6D9C000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
38A0000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
3A7F000
unkown
page read and write
 clean
1EA000
unkown
page execute and read and write
 clean
11B8000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7EFE0000
unkown image
page readonly
 clean
38BF000
unkown
page read and write
 clean
6DE9000
unkown
page read and write
 clean
630000
unkown
page read and write
 clean
1B0000
unkown image
page readonly
 clean
50000
unkown image
page readonly
 clean
6C0000
unkown image
page readonly
 clean
3ABF000
unkown
page read and write
 clean
72A3000
unkown
page read and write
 clean
400000
unkown
page read and write
 clean
3A7F000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
395F000
unkown
page read and write
 clean
4270000
unkown
page read and write
 clean
302000
unkown
page execute and read and write
 clean
399F000
unkown
page read and write
 clean
2801000
unkown
page read and write
 clean
397000
unkown
page read and write | page guard
 clean
6CCD000
unkown
page read and write
 clean
542E000
unkown
page read and write
 clean
3C2000
unkown
page read and write
 clean
110000
heap private
page execute and read and write
 clean
3AFF000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
3A5F000
unkown
page read and write
 clean
570000
unkown
page read and write
 clean
3AFF000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
F0E000
unkown
page read and write
 clean
B4EE000
unkown
page read and write
 clean
EC000
unkown
page read and write
 clean
340000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
3E0000
unkown image
page readonly
 clean
4C4000
heap private
page read and write
 clean
10000
unkown image
page read and write
 clean
1AB000
unkown
page execute and read and write
 clean
150000
unkown
page read and write
 clean
6F04000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
1DB000
unkown
page read and write
 clean
3AFF000
unkown
page read and write
 clean
8A0000
unkown image
page readonly
 clean
6A0000
unkown image
page read and write
 clean
3B1F000
unkown
page read and write
 clean
399F000
unkown
page read and write
 clean
2825000
heap private
page read and write
 clean
7388000
unkown
page read and write
 clean
4260000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
56C7000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
500000
unkown
page read and write
 clean
72F0000
unkown
page read and write
 clean
6E87000
unkown
page read and write
 clean
38C0000
unkown
page read and write
 clean
3A0000
unkown image
page readonly
 clean
6D35000
unkown
page read and write
 clean
4C0000
heap private
page read and write
 clean
4E0000
unkown
page read and write
 clean
5A0000
unkown
page read and write
 clean
6E0000
unkown
page read and write
 clean
38BF000
unkown
page read and write
 clean
397F000
unkown
page read and write
 clean
1B8000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
5706000
unkown
page read and write
 clean
72AB000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
230E000
unkown
page read and write | page guard
 clean
7EFC2000
unkown image
page readonly
 clean
39FF000
unkown
page read and write
 clean
109E000
unkown
page read and write
 clean
38FF000
unkown
page read and write
 clean
422000
unkown
page execute and read and write
 clean
56C8000
unkown
page read and write
 clean
524E000
unkown
page read and write
 clean
3ABF000
unkown
page read and write
 clean
18A000
unkown
page execute and read and write
 clean
3B3F000
unkown
page read and write
 clean
There are 1117 hidden memdumps, click here to show them.