IOC Report

loading gif

Files

File Path
Type
Category
Malicious
br4Cu3BycW.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-7MTO8.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-627NM.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Temp\is-D30UI.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Docs\Quick Start.pdf (copy)
PDF document, version 1.4
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Docs\is-PSH61.tmp
PDF document, version 1.4
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\FileHelpers.DLL (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\LC.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\License.rtf (copy)
Rich Text Format data, version 1, ANSI
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-BME18.tmp
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-D43R5.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-NST0V.tmp
Rich Text Format data, version 1, ANSI
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\is-UREBA.tmp
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\register.cmd (copy)
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Filters\unregister.cmd (copy)
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\License.txt (copy)
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\Microsoft.ReportViewer.ProcessingObjectModel.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\PDF_32x32.ico (copy)
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\enc.ico (copy)
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\ico48.ico (copy)
MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\is-5TG90.tmp
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\is-60EIS.tmp
MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\dat\is-NE78S.tmp
MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\ABOUT-NLS (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\AUTHORS (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\COPYING (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\ChangeLog (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\INSTALL (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\OFL (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\README (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\TODO (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\TuxType_port_Mac.txt (copy)
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\howtotheme.html (copy)
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-098P2.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-6O94V.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-71NV9.tmp
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-GB5QC.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-I8QQE.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-KDGPL.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-LH7R9.tmp
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-MKJK3.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-NGKMM.tmp
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-Q5V6P.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\is-RUFVL.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\doc\lesson_scripting_reference.html (copy)
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\Kedage-n.ttf (copy)
TrueType Font data, 16 tables, 1st "GDEF", 26 names, Unicode
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\is-878RF.tmp
TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2003, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\is-DJ1Q7.tmp
TrueType Font data, 16 tables, 1st "GDEF", 26 names, Unicode
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\is-K1NF7.tmp
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Macintosh
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\is-K99HI.tmp
TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2001, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\lohit_hi.ttf (copy)
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Macintosh
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\lohit_pa.ttf (copy)
TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2001, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\fonts\lohit_ta.ttf (copy)
TrueType Font data, 20 tables, 1st "GDEF", 16 names, Macintosh, Copyright (c) 2003, Automatic Control Equipments, Pune, INDIA. - under General Public LicenseLo
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\history.txt (copy)
data
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\is-0V44S.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\is-GS64B.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\qgif4.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\imageformats\qjpeg4.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-1UL10.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-33ENG.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-5F8P5.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-5P6B9.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-AFSCM.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-B5IQO.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-FCT1V.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-HRO44.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-JEA3R.tmp
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-KTI9L.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-L6ITB.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-MMNOC.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-N95UU.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-OSEV1.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-Q7NRR.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-RSFVI.tmp
data
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-TECE4.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\is-VO510.tmp
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libbson-1.0.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libffi-6.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgmodule-2.0-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgpg-error6-0.dll (copy)
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libgthread-2.0-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libintl-8.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libmongoc-1.0.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libnettle-4-6.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libogg-0.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libssl-40.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\libtasn1-6.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\mingwm10.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\pthreadGC2.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\is-DDSCO.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\is-J58EF.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\keyboard.lst (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\settings.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\abeceda.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-60AQ9.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-6IOGQ.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-6M9NV.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-C75PA.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-GHT5L.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-R0110.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\is-TL1FL.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\prsty.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\rostliny.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\slova2.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\slova3.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\slova4.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\czech\words\slova5.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\is-BVDPO.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\is-V6CGM.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\keyboard.lst (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\settings.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-13KCB.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-4U8BK.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-CF6RI.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-D8OE3.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-GVUMK.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\is-OL7PH.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\kurz2-3-mit.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\kurz2-3.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\lang7-8-mit.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\lang7-8.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\mittel4-6-mit.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\deutsch\words\mittel4-6.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\images\is-VKSF5.tmp
PNG image data, 300 x 200, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\images\map.png (copy)
PNG image data, 300 x 200, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\is-KTB13.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\is-TT7JD.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\keyboard.lst (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\settings.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\is-LGOU5.tmp
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\is-P16BO.tmp
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\is-QCAR9.tmp
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\words1.txt (copy)
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\words2.txt (copy)
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\espanol\words\words3.txt (copy)
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\is-83OPV.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\is-FTKBT.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\keyboard.lst (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\scripts\is-SL6OD.tmp
HTML document, UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\scripts\is-TFF2G.tmp
HTML document, ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\scripts\les_jours_de_la_semaine.xml (copy)
HTML document, ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\scripts\les_mois_de_l_annee.xml (copy)
HTML document, UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\settings.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\fingers.txt (copy)
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-2KL3R.tmp
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-50OKR.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-5TEU9.tmp
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-ACULO.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-FF765.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-NNIAL.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-OSARV.tmp
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\is-Q6S61.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\months.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\names.txt (copy)
UTF-8 Unicode text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\weekdays.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\words1.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\words2.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\words3.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\themes\french\words\words4.txt (copy)
UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\tsharkdecode.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\alphabet.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\animals.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\astronomy.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\colors.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\fingers.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\fruit.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\geography.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-2152V.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-2TJIF.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-6MUN6.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-D6LE6.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-D776U.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-D7K8O.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-ECN20.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-F9M8J.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-G40DB.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-IJOAD.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-IUHBG.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-J7E1D.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-KRF65.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\is-OK2RT.tmp
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\numbers.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\plants.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\shapes.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\trees.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\words1.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\words2.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Crystal Reports Extra\words\words3.txt (copy)
ASCII text
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crystal Reports Extra\Crystal Reports Extra.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Sep 28 15:31:55 2021, mtime=Tue Sep 28 15:31:56 2021, atime=Tue Sep 28 04:12:46 2021, length=4910592, window=hide
dropped
 clean
There are 182 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\br4Cu3BycW.exe
'C:\Users\user\Desktop\br4Cu3BycW.exe'
malicious
C:\Users\user\Desktop\br4Cu3BycW.exe
'C:\Users\user\Desktop\br4Cu3BycW.exe' /VERYSILENT
 malicious
C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe
'C:\Users\user\AppData\Roaming\Crystal Reports Extra\CrystalReports.exe'
malicious
C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp
'C:\Users\user\AppData\Local\Temp\is-I744N.tmp\br4Cu3BycW.tmp' /SL5='$302CC,4283547,831488,C:\Users\user\Desktop\br4Cu3BycW.exe'
clean
C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp
'C:\Users\user\AppData\Local\Temp\is-JN0LE.tmp\br4Cu3BycW.tmp' /SL5='$120262,4283547,831488,C:\Users\user\Desktop\br4Cu3BycW.exe' /VERYSILENT
clean

URLs

Name
IP
Malicious
http://www.elecard.com
unknown
 clean
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
unknown
 clean
http://www.filehelpers.com0
unknown
 clean
http://tux4kids.alioth.debian.org
unknown
 clean
HTTP://WWW.MPEGLA.COM.
unknown
 clean
http://www.libsdl.org
unknown
 clean
http://www.gnu.org/philosophy/why-not-lgpl.html
unknown
 clean
http://sources.redhat.com/pthreads-win32/d&
unknown
 clean
http://www.filehelpers.comg
unknown
 clean
http://www.libsdl.org/projects/SDL_mixer/
unknown
 clean
http://147.135.170.166/
unknown
 clean
http://sourceforge.net/tracker/index.php?func=detail&aid=421508&group_id=12715&atid=112715)
unknown
 clean
http://www.iisc.ernet.in
unknown
 clean
http://147.135.170.166/public/sqlite3.dll
unknown
 clean
http://www.tux4kids.com.
unknown
 clean
http://www.filehelpers.com
unknown
 clean
http://www.libsdl.org/projects/SDL_image
unknown
 clean
http://www.libsdl.org/projects/SDL_image/
unknown
 clean
https://jrsoftware.org/ishelp/index.php?topic=setupcmdline
unknown
 clean
http://bura-bura.com/blog/archives/2005/08/02/how-to-compile-an-application-for-102-or-103-using-xco
unknown
 clean
http://translationproject.org/extra/matrix.html
unknown
 clean
http://translationproject.org/
unknown
 clean
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=104456&repeatmerged=yes
unknown
 clean
http://www.libsdl.org/projects/SDL_ttf
unknown
 clean
http://www.libsdl.org/projects/SDL_ttf/
unknown
 clean
http://sourceforge.net/bugs/?func=detailbug&bug_id=131474&group_id=12715)
unknown
 clean
https://www.remobjects.com/ps
unknown
 clean
http://www.galuzzi.it.
unknown
 clean
https://www.innosetup.com/
unknown
 clean
http://sourceforge.net/tracker/index.php?func=detail&aid=414339&group_id=12715&atid=112715)
unknown
 clean
http://tux4kids.net/~jdandr2)
unknown
 clean
http://fsf.org/
unknown
 clean
http://scripts.sil.org/OFL
unknown
 clean
http://www.libsdl.org/projects/SDL_mixer
unknown
 clean
http://alioth.debian.org/forum/?group_id=31080
unknown
 clean
http://www.libsdl.org/download-1.2.php
unknown
 clean
http://sdlpango.sourceforge.net
unknown
 clean
HTTP://WWW.MPEGLA.COM
unknown
 clean
http://www.filehelpers.com4
unknown
 clean
http://www.gnu.org/licenses/
unknown
 clean
There are 30 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
147.135.170.166
unknown
France
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
 clean
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
 clean
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
 clean
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
 clean
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
 clean
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
 clean
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
 clean
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
 clean

Memdumps

Base Address
Regiontype
Protect
Malicious
2558000
unkown
page read and write
 clean
1874B981000
unkown
page read and write
 clean
2B60000
unkown
page read and write
 clean
7FF559367000
unkown image
page readonly
 clean
7FF5B4837000
unkown image
page readonly
 clean
1B0000
unkown image
page readonly
 clean
7FF5111C1000
unkown image
page readonly
 clean
7FF5115E9000
unkown image
page readonly
 clean
29B5000
unkown
page read and write
 clean
7FF558FA9000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
3424000
unkown
page read and write
 clean
7FF5114B0000
unkown image
page readonly
 clean
254F000
unkown
page read and write
 clean
EABBE7D000
unkown
page read and write
 clean
1BD415E0000
unkown
page read and write
 clean
B6E000
unkown
page read and write
 clean
7FEB0000
unkown image
page readonly
 clean
B2C000
unkown
page read and write
 clean
22D8000
unkown
page read and write
 clean
8D0000
unkown
page read and write
 clean
27F0000
unkown
page read and write
 clean
252DFF00000
unkown
page read and write
 clean
AD0000
unkown image
page readonly
 clean
1AC71413000
unkown
page read and write
 clean
371E000
unkown
page read and write
 clean
7DF5B5940000
unkown image
page readonly
 clean
44636FE000
unkown
page read and write
 clean
7FF516A26000
unkown image
page readonly
 clean
24D7000
unkown
page read and write
 clean
6E4F3000
unkown image
page read and write
 clean
30000
unkown image
page read and write
 clean
D862FE000
unkown
page read and write
 clean
1BD41F89000
unkown
page read and write
 clean
7FF51697C000
unkown image
page readonly
 clean
6A0000
heap default
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
33F0000
unkown
page read and write
 clean
7FF5116E1000
unkown image
page readonly
 clean
252DFDE0000
unkown
page read and write
 clean
9CF000
unkown
page read and write
 clean
44633DA000
unkown
page read and write
 clean
7FF5B4421000
unkown image
page readonly
 clean
FE7D0F7000
unkown
page read and write
 clean
1BD41FB2000
unkown
page read and write
 clean
1BD41F93000
unkown
page read and write
 clean
1BD416F1000
unkown
page read and write
 clean
285B000
unkown
page read and write
 clean
BBB000
unkown
page read and write
 clean
1BD41F6F000
unkown
page read and write
 clean
33F0000
unkown
page read and write
 clean
33E0000
unkown
page read and write
 clean
4F92000
unkown
page read and write
 clean
9F3000
unkown
page read and write
 clean
33E0000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
401000
unkown image
page execute read
 clean
252D000
unkown
page read and write
 clean
7DF574D02000
unkown image
page readonly
 clean
1BD41F83000
unkown
page read and write
 clean
BBB000
unkown
page read and write
 clean
1BD416A8000
unkown
page read and write
 clean
7FF511657000
unkown image
page readonly
 clean
1BD41FBD000
unkown
page read and write
 clean
4F91000
unkown
page read and write
 clean
7DF51F360000
unkown image
page readonly
 clean
7FF5A7C2E000
unkown image
page readonly
 clean
1BD4164C000
unkown
page read and write
 clean
7DF524780000
unkown image
page readonly
 clean
24DE000
unkown
page read and write
 clean
B8F000
unkown
page read and write
 clean
2396000
unkown
page read and write
 clean
4F97000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
2840000
heap private
page read and write
 clean
7FF5A7BDD000
unkown image
page readonly
 clean
B62000
unkown
page read and write
 clean
1BD41F86000
unkown
page read and write
 clean
7FF5A7B51000
unkown image
page readonly
 clean
252DFE21000
unkown
page read and write
 clean
36E5000
unkown
page read and write
 clean
240000
unkown
page read and write
 clean
767000
unkown image
page readonly
 clean
7FF559424000
unkown image
page readonly
 clean
4C4000
unkown image
page readonly
 clean
B0A000
unkown
page read and write
 clean
5DFD000
unkown
page read and write
 clean
6C6000
unkown image
page write copy
 clean
7FF559184000
unkown image
page readonly
 clean
7DF472BC0000
unkown image
page readonly
 clean
7FF558DA7000
unkown image
page readonly
 clean
7DF51F350000
unkown image
page readonly
 clean
A6E000
unkown
page read and write
 clean
6D9000
unkown image
page write copy
 clean
224FD002000
unkown
page read and write
 clean
2EE000
unkown
page read and write
 clean
3408000
unkown
page read and write
 clean
7FEB0000
unkown image
page readonly
 clean
2362000
unkown
page read and write
 clean
7FF55922B000
unkown image
page readonly
 clean
A09000
unkown
page read and write
 clean
3EA0000
unkown
page read and write
 clean
2428000
unkown
page read and write
 clean
196000
unkown
page read and write
 clean
B3B000
unkown
page read and write
 clean
6C5000
unkown image
page write copy
 clean
4C6000
unkown image
page readonly
 clean
7FF56700A000
unkown image
page readonly
 clean
A10000
unkown
page read and write
 clean
233E000
unkown
page read and write
 clean
8AC000
unkown image
page readonly
 clean
7DF5B5930000
unkown image
page readonly
 clean
BA8000
unkown
page read and write
 clean
1BD41FA6000
unkown
page read and write
 clean
10D0000
unkown image
page readonly
 clean
7FF5A7BC7000
unkown image
page readonly
 clean
7FF5B4710000
unkown image
page readonly
 clean
1AC71C02000
unkown
page read and write
 clean
252E0000000
unkown image
page readonly
 clean
1BD42402000
unkown
page read and write
 clean
7FF5A7C4A000
unkown image
page readonly
 clean
2E7F7AC0000
unkown
page read and write
 clean
7FF51165D000
unkown image
page readonly
 clean
1874B950000
unkown
page read and write
 clean
E6FA57C000
unkown
page read and write
 clean
7FF566FBE000
unkown image
page readonly
 clean
401000
unkown image
page execute and write copy
 clean
25D3000
unkown
page read and write
 clean
1AC7144D000
unkown
page read and write
 clean
818000
unkown image
page readonly
 clean
77306FB000
unkown
page read and write
 clean
2981000
unkown
page read and write
 clean
7FF5A7BF3000
unkown image
page readonly
 clean
1BD41600000
unkown
page read and write
 clean
27AE000
unkown
page read and write
 clean
7FF559257000
unkown image
page readonly
 clean
B64000
unkown
page read and write
 clean
2740000
unkown image
page readonly
 clean
7FF559360000
unkown image
page readonly
 clean
7DF5C25A2000
unkown image
page readonly
 clean
9E5000
unkown
page read and write
 clean
6D9000
unkown image
page write copy
 clean
BCE000
unkown
page read and write
 clean
9A4F000
unkown
page read and write
 clean
4F3E000
unkown
page read and write
 clean
3A0000
unkown
page read and write
 clean
A61000
unkown
page read and write
 clean
1BD41F9D000
unkown
page read and write
 clean
1BD41F82000
unkown
page read and write
 clean
3550000
unkown
page read and write
 clean
7FF55929B000
unkown image
page readonly
 clean
B50000
unkown
page read and write
 clean
2DF1000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
7FF55938B000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
1BD41613000
unkown
page read and write
 clean
1BD41E02000
unkown
page read and write
 clean
7FF5B470D000
unkown image
page readonly
 clean
7FF56708A000
unkown image
page readonly
 clean
22FC000
unkown
page read and write
 clean
5020000
unkown
page read and write
 clean
915000
heap default
page read and write
 clean
7FF5592C5000
unkown image
page readonly
 clean
7FF5166B3000
unkown image
page readonly
 clean
252DFE29000
unkown
page read and write
 clean
1BD41F8E000
unkown
page read and write
 clean
7FF5B488B000
unkown image
page readonly
 clean
24BF000
unkown
page read and write
 clean
2E7F7AB9000
heap private
page read and write
 clean
2671000
unkown
page read and write
 clean
2E7F7B45000
unkown
page read and write
 clean
7FF5B4853000
unkown image
page readonly
 clean
5414000
unkown
page read and write
 clean
1BD41F9A000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
7FF5114AD000
unkown image
page readonly
 clean
7FF516AF4000
unkown image
page readonly
 clean
2E7F8960000
unkown
page read and write
 clean
ED0000
unkown image
page readonly
 clean
1874BB70000
unkown image
page readonly
 clean
1BD41F8E000
unkown
page read and write
 clean
7FBA0000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
24BC000
unkown
page read and write
 clean
879000
unkown image
page write copy
 clean
1BD41400000
unkown image
page read and write
 clean
7DF51F340000
unkown image
page readonly
 clean
401000
unkown image
page execute read
 clean
1AC71270000
heap default
page read and write
 clean
1BD41F82000
unkown
page read and write
 clean
4C0000
unkown image
page read and write
 clean
778000
heap default
page read and write
 clean
BBB000
unkown
page read and write
 clean
7FF5A7955000
unkown image
page readonly
 clean
1BD42402000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
CE0000
unkown
page read and write
 clean
2B50000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
96F000
unkown
page read and write
 clean
401000
unkown image
page execute read
 clean
7FF5A7B25000
unkown image
page readonly
 clean
7FF558BAB000
unkown image
page readonly
 clean
7FF566FA3000
unkown image
page readonly
 clean
25F0000
unkown
page read and write
 clean
252DFBC0000
unkown image
page readonly
 clean
1BD416E6000
unkown
page read and write
 clean
7FF5B46C6000
unkown image
page readonly
 clean
7F6000
unkown image
page readonly
 clean
A4A000
unkown
page read and write
 clean
7FF558F21000
unkown image
page readonly
 clean
239D000
unkown
page read and write
 clean
7DF51F342000
unkown image
page readonly
 clean
7FF5B484F000
unkown image
page readonly
 clean
2E7F7A60000
unkown image
page readonly
 clean
7FF5591A5000
unkown image
page readonly
 clean
7FF559349000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
1874B9A1000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
6CA000
unkown image
page write copy
 clean
B0A000
unkown
page read and write
 clean
252DFE00000
unkown
page read and write
 clean
1BD41800000
unkown image
page readonly
 clean
9BA000
unkown
page read and write
 clean
E6FA47E000
unkown
page read and write
 clean
401000
unkown image
page execute read
 clean
7FFC0000
unkown image
page readonly
 clean
252DFCF0000
unkown image
page readonly
 clean
7FF516708000
unkown image
page readonly
 clean
BBB000
unkown
page read and write
 clean
24E4000
unkown
page read and write
 clean
1BD41FB9000
unkown
page read and write
 clean
4F91000
unkown
page read and write
 clean
224FD07F000
unkown
page read and write
 clean
7DF5B5942000
unkown image
page readonly
 clean
30000
unkown image
page read and write
 clean
1BD41F65000
unkown
page read and write
 clean
BBB000
unkown
page read and write
 clean
230A000
unkown
page read and write
 clean
7FF516B05000
unkown image
page readonly
 clean
9B2000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
3C8F000
unkown
page read and write
 clean
386C000
unkown
page read and write
 clean
8C0000
unkown image
page readonly
 clean
7FF559112000
unkown image
page readonly
 clean
7FF5B48BD000
unkown image
page readonly
 clean
77301DE000
unkown
page read and write
 clean
EABBFFE000
unkown
page read and write
 clean
7FF559186000
unkown image
page readonly
 clean
7DF574CF0000
unkown image
page readonly
 clean
251F000
unkown
page read and write
 clean
1BD4163C000
unkown
page read and write
 clean
7DF5670B0000
unkown image
page readonly
 clean
7FF516A1F000
unkown image
page readonly
 clean
7FF55934D000
unkown image
page readonly
 clean
7FF5A7CCA000
unkown image
page readonly
 clean
36F3000
unkown
page read and write
 clean
1BD41F93000
unkown
page read and write
 clean
4F61000
unkown
page read and write
 clean
2539000
unkown
page read and write
 clean
2733000
heap private
page read and write
 clean
1BD41F94000
unkown
page read and write
 clean
1AC7143C000
unkown
page read and write
 clean
1BD41F9F000
unkown
page read and write
 clean
1BD41FB3000
unkown
page read and write
 clean
6DB000
unkown image
page read and write
 clean
770000
heap default
page read and write
 clean
40000
unkown image
page readonly
 clean
1BD42400000
unkown
page read and write
 clean
224FD400000
unkown image
page readonly
 clean
7FF559295000
unkown image
page readonly
 clean
1BD41B80000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
A8A000
unkown
page read and write
 clean
A20000
unkown
page read and write
 clean
4C6000
unkown image
page readonly
 clean
7FF567062000
unkown image
page readonly
 clean
24FA000
unkown
page read and write
 clean
7DF51F340000
unkown image
page readonly
 clean
7DF5B5942000
unkown image
page readonly
 clean
2D8000
unkown
page read and write
 clean
CF6000
heap private
page read and write
 clean
BA8000
unkown
page read and write
 clean
1BD416E5000
unkown
page read and write
 clean
29F0000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
1874B9AD000
unkown
page read and write
 clean
2D2000
unkown
page read and write
 clean
E6FA777000
unkown
page read and write
 clean
3520000
unkown
page read and write
 clean
35DE000
unkown
page read and write
 clean
23A4000
unkown
page read and write
 clean
7FF5A7A81000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
7DF4C0470000
unkown image
page readonly
 clean
1BD415E0000
unkown
page read and write
 clean
7FF511603000
unkown image
page readonly
 clean
D8627B000
unkown
page read and write
 clean
7DF5670C0000
unkown image
page readonly
 clean
B39000
unkown
page read and write
 clean
6DE000
unkown image
page readonly
 clean
1BD41FA4000
unkown
page read and write
 clean
7FF5A7BF0000
unkown image
page readonly
 clean
7FF559252000
unkown image
page readonly
 clean
1BD41420000
unkown image
page readonly
 clean
252DFE49000
unkown
page read and write
 clean
B7D000
unkown
page read and write
 clean
6D4000
unkown image
page read and write
 clean
2713000
heap private
page read and write
 clean
7FF559377000
unkown image
page readonly
 clean
401000
unkown image
page execute and read and write
 clean
7FF559412000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
980E000
unkown
page read and write
 clean
1BD41F67000
unkown
page read and write
 clean
6D7000
unkown image
page write copy
 clean
7DF5670C0000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
BA3000
unkown
page read and write
 clean
9C000
unkown
page read and write
 clean
B4A000
unkown
page read and write
 clean
252DFF02000
unkown
page read and write
 clean
2319000
unkown
page read and write
 clean
36E3000
unkown
page read and write
 clean
6DE000
unkown image
page readonly
 clean
2532000
unkown
page read and write
 clean
36FE000
unkown
page read and write
 clean
4F61000
unkown
page read and write
 clean
7DF524782000
unkown image
page readonly
 clean
7FF5B4860000
unkown image
page readonly
 clean
A86000
unkown
page read and write
 clean
7DF51F360000
unkown image
page readonly
 clean
7FF5116CA000
unkown image
page readonly
 clean
1BD41450000
unkown image
page readonly
 clean
7FF5592EF000
unkown image
page readonly
 clean
FE7D1FE000
unkown
page read and write
 clean
1BD41F82000
unkown
page read and write
 clean
7FF516AE2000
unkown image
page readonly
 clean
7FF5A7CBA000
unkown image
page readonly
 clean
2574000
unkown
page read and write
 clean
1BD41F8C000
unkown
page read and write
 clean
B58000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
7FF516927000
unkown image
page readonly
 clean
4C0000
unkown image
page read and write
 clean
2556000
unkown
page read and write
 clean
29C2000
unkown
page read and write
 clean
2312000
unkown
page read and write
 clean
1BD41708000
unkown
page read and write
 clean
806000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
22DF000
unkown
page read and write
 clean
7DF524770000
unkown image
page readonly
 clean
7FF516A1D000
unkown image
page readonly
 clean
2730000
heap private
page read and write
 clean
7DF574D10000
unkown image
page readonly
 clean
401000
unkown image
page execute read
 clean
3450000
unkown
page read and write
 clean
9A5000
heap default
page read and write
 clean
2320000
unkown
page read and write
 clean
9B8F000
unkown
page read and write
 clean
6E500000
unkown image
page readonly
 clean
B8B000
unkown
page read and write
 clean
1BD41FA4000
unkown
page read and write
 clean
9C000
unkown
page read and write
 clean
BA3000
unkown
page read and write
 clean
B45000
unkown
page read and write
 clean
1874B997000
unkown
page read and write
 clean
3A0F000
unkown
page read and write
 clean
2E7F7A30000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
1BD416AA000
unkown
page read and write
 clean
7FF559353000
unkown image
page readonly
 clean
2E7F86A0000
unkown
page read and write
 clean
2551000
unkown
page read and write
 clean
1BD41F82000
unkown
page read and write
 clean
23AC000
unkown
page read and write
 clean
9D0E000
unkown
page read and write
 clean
1874BBB0000
unkown image
page readonly
 clean
7FF566FE3000
unkown image
page readonly
 clean
446387F000
unkown
page read and write
 clean
773047E000
unkown
page read and write
 clean
252E0380000
unkown image
page readonly
 clean
236A000
unkown
page read and write
 clean
7DF5670A0000
unkown image
page readonly
 clean
A7E000
unkown
page read and write
 clean
24B8000
unkown
page read and write
 clean
7FF5593BD000
unkown image
page readonly
 clean
26EC000
unkown
page read and write
 clean
9D000
unkown
page read and write
 clean
D86177000
unkown
page read and write
 clean
7FF5A7CA9000
unkown image
page readonly
 clean
2447000
unkown
page read and write
 clean
41E000
unkown image
page execute and write copy
 clean
79E000
unkown
page read and write
 clean
1874BBA0000
heap private
page read and write
 clean
533D000
unkown
page read and write
 clean
1BD41FAF000
unkown
page read and write
 clean
7FF5B493A000
unkown image
page readonly
 clean
6CC000
unkown image
page read and write
 clean
252DFBE0000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
5BBE000
unkown
page read and write
 clean
1AC71450000
unkown
page read and write
 clean
AB1000
unkown
page read and write
 clean
7FF55943A000
unkown image
page readonly
 clean
224FCEF0000
unkown image
page readonly
 clean
A1F000
unkown
page read and write
 clean
7FF558DBC000
unkown image
page readonly
 clean
AAF000
unkown
page read and write
 clean
1A0000
unkown image
page readonly
 clean
1874B9BB000
unkown
page read and write
 clean
1BD4168B000
unkown
page read and write
 clean
1BD41F5E000
unkown
page read and write
 clean
1874B9AD000
unkown
page read and write
 clean
7FF5B47AC000
unkown image
page readonly
 clean
7DF5C25A0000
unkown image
page readonly
 clean
1BD41671000
unkown
page read and write
 clean
7FF5592F1000
unkown image
page readonly
 clean
1BD41F89000
unkown
page read and write
 clean
7FF5A7C1B000
unkown image
page readonly
 clean
AA3000
unkown
page read and write
 clean
30000
unkown image
page read and write
 clean
7DF5C25B2000
unkown image
page readonly
 clean
1BD41410000
heap private
page read and write
 clean
7FF516AFA000
unkown image
page readonly
 clean
CD0000
unkown image
page readonly
 clean
1BD41F6D000
unkown
page read and write
 clean
884000
unkown image
page read and write
 clean
1AC7144A000
unkown
page read and write
 clean
7FF51162B000
unkown image
page readonly
 clean
B7C000
unkown
page read and write
 clean
7FF5A7BD9000
unkown image
page readonly
 clean
7FF5592C1000
unkown image
page readonly
 clean
B4B000
unkown
page read and write
 clean
224FD04A000
unkown
page read and write
 clean
806000
unkown image
page readonly
 clean
4C6000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
7FF5B4941000
unkown image
page readonly
 clean
2671000
unkown
page read and write
 clean
F00000
unkown image
page readonly
 clean
7FF511365000
unkown image
page readonly
 clean
1BD42402000
unkown
page read and write
 clean
BA8000
unkown
page read and write
 clean
A5A000
unkown
page read and write
 clean
7FF5A7ABB000
unkown image
page readonly
 clean
224FD200000
unkown image
page readonly
 clean
1BD41FA6000
unkown
page read and write
 clean
7FF51154C000
unkown image
page readonly
 clean
2E7F80E0000
unkown image
page readonly
 clean
25DA000
unkown
page read and write
 clean
224FD013000
unkown
page read and write
 clean
7FF516B0A000
unkown image
page readonly
 clean
7FF559441000
unkown image
page readonly
 clean
1BD41F93000
unkown
page read and write
 clean
880000
unkown
page read and write
 clean
4C2000
unkown image
page write copy
 clean
7FFC2000
unkown image
page readonly
 clean
224FD100000
unkown
page read and write
 clean
B46000
unkown
page read and write
 clean
7DF5C25C0000
unkown image
page readonly
 clean
2671000
unkown
page read and write
 clean
353F000
unkown
page read and write
 clean
CCF000
unkown
page read and write
 clean
1BD41702000
unkown
page read and write
 clean
1BD41F84000
unkown
page read and write
 clean
7FF55919F000
unkown image
page readonly
 clean
2388000
unkown
page read and write
 clean
2700000
unkown
page read and write
 clean
FE7C9AE000
unkown
page read and write
 clean
1874B9A1000
unkown
page read and write
 clean
7FF55934F000
unkown image
page readonly
 clean
4C2000
unkown image
page write copy
 clean
2598000
unkown
page read and write
 clean
B39000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
7DF5B5930000
unkown image
page readonly
 clean
2694000
unkown
page read and write
 clean
BBB000
unkown
page read and write
 clean
290A000
unkown
page read and write
 clean
2509000
unkown
page read and write
 clean
1BD41F93000
unkown
page read and write
 clean
1250000
unkown image
page readonly
 clean
1BD41F8C000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
224FD680000
unkown
page read and write
 clean
DB0000
unkown image
page readonly
 clean
1AC71370000
unkown
page read and write
 clean
7FF55931E000
unkown image
page readonly
 clean
7FF5A7BF7000
unkown image
page readonly
 clean
7FF5591F1000
unkown image
page readonly
 clean
1BD41F6D000
unkown
page read and write
 clean
7FF51160E000
unkown image
page readonly
 clean
26B7000
unkown
page read and write
 clean
2502000
unkown
page read and write
 clean
1BD41F5A000
unkown
page read and write
 clean
77308FF000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
7FF559337000
unkown image
page readonly
 clean
1BD41F95000
unkown
page read and write
 clean
25F0000
unkown
page read and write
 clean
1BD41FBD000
unkown
page read and write
 clean
1AC71220000
unkown image
page readonly
 clean
7FF511565000
unkown image
page readonly
 clean
290A000
unkown
page read and write
 clean
7FF55931A000
unkown image
page readonly
 clean
7FF5A7A9D000
unkown image
page readonly
 clean
1B0000
unkown image
page readonly
 clean
1874B9BA000
unkown
page read and write
 clean
1BD41FAE000
unkown
page read and write
 clean
7FF5A7C47000
unkown image
page readonly
 clean
7DF41D210000
unkown image
page readonly
 clean
224FCEC0000
heap private
page read and write
 clean
5EE000
unkown
page read and write
 clean
B46000
unkown
page read and write
 clean
EABBEF9000
unkown
page read and write
 clean
29A5000
unkown
page read and write
 clean
7FF566F9F000
unkown image
page readonly
 clean
9A000
unkown
page read and write
 clean
2A68000
unkown
page read and write
 clean
1AC71429000
unkown
page read and write
 clean
22E6000
unkown
page read and write
 clean
1BD41F12000
unkown
page read and write
 clean
52B7000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
7FF5B4795000
unkown image
page readonly
 clean
1AC71400000
unkown
page read and write
 clean
B35000
unkown
page read and write
 clean
B23000
heap default
page read and write
 clean
E50000
unkown image
page readonly
 clean
254C000
unkown
page read and write
 clean
2327000
unkown
page read and write
 clean
7FF55932E000
unkown image
page readonly
 clean
1BD41716000
unkown
page read and write
 clean
4F59000
unkown
page read and write
 clean
7FF5593BA000
unkown image
page readonly
 clean
7FF5114CB000
unkown image
page readonly
 clean
4F61000
unkown
page read and write
 clean
7FF5592AC000
unkown image
page readonly
 clean
3737000
unkown
page read and write
 clean
4B7000
unkown image
page read and write
 clean
4C4000
unkown image
page readonly
 clean
7A0000
heap default
page read and write
 clean
24B0000
unkown
page read and write
 clean
1874B996000
unkown
page read and write
 clean
29E4000
unkown
page read and write
 clean
B50000
unkown
page read and write
 clean
1BD41F6F000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
7DF5670A2000
unkown image
page readonly
 clean
7FF511491000
unkown image
page readonly
 clean
24E6000
unkown
page read and write
 clean
7FEB0000
unkown image
page readonly
 clean
B47000
unkown
page read and write
 clean
A2E000
unkown
page read and write
 clean
1BD4241E000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
1A0000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
298E000
unkown
page read and write
 clean
7FF5B4919000
unkown image
page readonly
 clean
B78000
unkown
page read and write
 clean
B49000
unkown
page read and write
 clean
7FF5116E1000
unkown image
page readonly
 clean
1BD41F6D000
unkown
page read and write
 clean
7FF511607000
unkown image
page readonly
 clean
BBB000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
D8607F000
unkown
page read and write
 clean
2E7F7B00000
heap default
page read and write
 clean
1BD41F9D000
unkown
page read and write
 clean
1BD42402000
unkown
page read and write
 clean
917000
unkown
page read and write
 clean
1BD41FA4000
unkown
page read and write
 clean
24ED000
unkown
page read and write
 clean
CD0000
unkown image
page readonly
 clean
9E4E000
unkown
page read and write
 clean
1BD41F82000
unkown
page read and write
 clean
2E7F7A80000
unkown
page read and write
 clean
1BD41629000
unkown
page read and write
 clean
252DFBF0000
unkown image
page readonly
 clean
9C8000
unkown
page read and write
 clean
257B000
unkown
page read and write
 clean
1BD42419000
unkown
page read and write
 clean
7DF5B5940000
unkown image
page readonly
 clean
3411000
unkown
page read and write
 clean
252DFE7E000
unkown
page read and write
 clean
1BD41F82000
unkown
page read and write
 clean
B65000
unkown
page read and write
 clean
1AC71481000
unkown
page read and write
 clean
7FF566D1D000
unkown image
page readonly
 clean
4F55000
unkown
page read and write
 clean
A78000
unkown
page read and write
 clean
24A9000
unkown
page read and write
 clean
9E0F000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
765000
unkown image
page execute and read and write
 clean
1260000
unkown image
page readonly
 clean
7FF5111C7000
unkown image
page readonly
 clean
7DF5670A2000
unkown image
page readonly
 clean
520000
unkown
page read and write
 clean
2A69000
unkown
page read and write
 clean
51E000
unkown
page read and write
 clean
223000
unkown
page read and write
 clean
7FF559210000
unkown image
page readonly
 clean
4B7000
unkown image
page write copy
 clean
36D3000
unkown
page read and write
 clean
298A000
unkown
page read and write
 clean
1BD42402000
unkown
page read and write
 clean
1BD41F9A000
unkown
page read and write
 clean
7FF51670E000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
4B7000
unkown image
page read and write
 clean
1BD4246A000
unkown
page read and write
 clean
19C000
unkown
page read and write
 clean
1BD416F1000
unkown
page read and write
 clean
1BD41F82000
unkown
page read and write
 clean
1BD41570000
unkown
page read and write
 clean
4F57000
unkown
page read and write
 clean
5A1F000
unkown
page read and write
 clean
1AC71210000
heap private
page read and write
 clean
24F4000
unkown
page read and write
 clean
1BD41682000
unkown
page read and write
 clean
7FF5A7CA2000
unkown image
page readonly
 clean
7FF559440000
unkown image
page readonly
 clean
630000
unkown
page read and write
 clean
1B0000
unkown image
page readonly
 clean
77307F7000
unkown
page read and write
 clean
6E0F1000
unkown image
page execute read
 clean
B8C000
unkown
page read and write
 clean
7FF516A62000
unkown image
page readonly
 clean
7FF5A7B3C000
unkown image
page readonly
 clean
7FF558C91000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
7FF51636E000
unkown image
page readonly
 clean
EABBBBD000
unkown
page read and write
 clean
3862000
unkown
page read and write
 clean
7FF559393000
unkown image
page readonly
 clean
9F4C000
unkown
page read and write
 clean
830000
unkown
page read and write
 clean
1BD41F5E000
unkown
page read and write
 clean
7FF5A7AA0000
unkown image
page readonly
 clean
2E7F8970000
unkown
page readonly
 clean
252DFF13000
unkown
page read and write
 clean
B46000
unkown
page read and write
 clean
44637F9000
unkown
page read and write
 clean
7DF5C25B0000
unkown image
page readonly
 clean
2892000
unkown
page read and write
 clean
1874B930000
unkown image
page readonly
 clean
7FF5B4877000
unkown image
page readonly
 clean
640000
unkown image
page readonly
 clean
B53000
unkown
page read and write
 clean
7FF5A7BFE000
unkown image
page readonly
 clean
1BD41F94000
unkown
page read and write
 clean
7FF5166BA000
unkown image
page readonly
 clean
1AC71200000
unkown image
page read and write
 clean
2E7F7B4C000
unkown
page read and write
 clean
7FF5A7C4D000
unkown image
page readonly
 clean
7FF5B4191000
unkown image
page readonly
 clean
7FF55920D000
unkown image
page readonly
 clean
7FF5B48B7000
unkown image
page readonly
 clean
66E000
unkown
page read and write
 clean
7FEB0000
unkown image
page readonly
 clean
6DC000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
383E000
unkown
page read and write
 clean
1874B986000
heap default
page read and write
 clean
224FD055000
unkown
page read and write
 clean
256D000
unkown
page read and write
 clean
2E5000
unkown
page read and write
 clean
2518000
unkown
page read and write
 clean
3B4F000
unkown
page read and write
 clean
7FF559323000
unkown image
page readonly
 clean
2564000
unkown
page read and write
 clean
1BD41F9A000
unkown
page read and write
 clean
2543000
unkown
page read and write
 clean
1874B970000
heap default
page read and write
 clean
1874B9B8000
unkown
page read and write
 clean
2982000
unkown
page read and write
 clean
2E7F7B4E000
unkown
page read and write
 clean
A83000
unkown
page read and write
 clean
7DF5B5932000
unkown image
page readonly
 clean
C30000
unkown image
page readonly
 clean
1BD42403000
unkown
page read and write
 clean
252DFE13000
unkown
page read and write
 clean
4F91000
unkown
page read and write
 clean
2479000
unkown
page read and write
 clean
B46000
unkown
page read and write
 clean
23C000
unkown
page read and write
 clean
1BD41FAB000
unkown
page read and write
 clean
1874B8F0000
unkown image
page read and write
 clean
A7F000
unkown
page read and write
 clean
4F56000
unkown
page read and write
 clean
B64000
heap default
page read and write
 clean
910000
heap default
page read and write
 clean
887000
unkown image
page readonly
 clean
7FF5591F5000
unkown image
page readonly
 clean
27F1000
unkown
page read and write
 clean
1874BBA5000
heap private
page read and write
 clean
6DC000
unkown image
page readonly
 clean
6DB000
unkown image
page read and write
 clean
24C6000
unkown
page read and write
 clean
7DF422640000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
1874BDB0000
unkown image
page readonly
 clean
6C7000
unkown image
page read and write
 clean
2E7F7B4C000
unkown
page read and write
 clean
7DF5B5932000
unkown image
page readonly
 clean
7FF5A7B2B000
unkown image
page readonly
 clean
22AA000
unkown
page read and write
 clean
1AC71502000
unkown
page read and write
 clean
9D6000
unkown
page read and write
 clean
4F93000
unkown
page read and write
 clean
7FF5B4941000
unkown image
page readonly
 clean
7FF51136E000
unkown image
page readonly
 clean
BBB000
unkown
page read and write
 clean
7FF5B46F1000
unkown image
page readonly
 clean
1BD41FB2000
unkown
page read and write
 clean
890000
unkown
page read and write
 clean
2E7F7EE0000
unkown image
page readonly
 clean
7FF5B4924000
unkown image
page readonly
 clean
3451000
unkown
page read and write
 clean
1874B9B8000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
99A000
unkown
page read and write
 clean
7DF51F350000
unkown image
page readonly
 clean
7FF5A7C23000
unkown image
page readonly
 clean
670000
unkown image
page readonly
 clean
242B000
unkown
page read and write
 clean
4F96000
unkown
page read and write
 clean
7FF5A7ADF000
unkown image
page readonly
 clean
7FF5A77B1000
unkown image
page readonly
 clean
A61000
unkown
page read and write
 clean
7DF51F352000
unkown image
page readonly
 clean
252DFBA0000
unkown image
page read and write
 clean
2CE000
unkown
page read and write
 clean
246B000
unkown
page read and write
 clean
E10000
unkown image
page readonly
 clean
7FF5116B9000
unkown image
page readonly
 clean
1874B910000
unkown image
page readonly
 clean
24CD000
unkown
page read and write
 clean
25E1000
unkown
page read and write
 clean
767000
unkown image
page readonly
 clean
C2F000
unkown
page read and write
 clean
4F61000
unkown
page read and write
 clean
1BD41FBD000
unkown
page read and write
 clean
7FF5B45C5000
unkown image
page readonly
 clean
BBB000
unkown
page read and write
 clean
7DF574D02000
unkown image
page readonly
 clean
232000
unkown
page read and write
 clean
EABBF79000
unkown
page read and write
 clean
2E7F7AB5000
heap private
page read and write
 clean
40000
unkown image
page readonly
 clean
1874BB80000
unkown image
page readonly
 clean
24A2000
unkown
page read and write
 clean
2501000
unkown
page read and write
 clean
1BD41F8B000
unkown
page read and write
 clean
875000
unkown image
page write copy
 clean
1AC71513000
unkown
page read and write
 clean
6E4F0000
unkown image
page write copy
 clean
7FF5166B5000
unkown image
page readonly
 clean
1BD4241A000
unkown
page read and write
 clean
E6FA17B000
unkown
page read and write
 clean
FE7C92B000
unkown
page read and write
 clean
2E7F8710000
unkown
page read and write
 clean
18D000
unkown
page read and write
 clean
1BD4164E000
unkown
page read and write
 clean
A27000
unkown
page read and write
 clean
7FF5B4863000
unkown image
page readonly
 clean
FE7CC7E000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
C70000
heap private
page read and write
 clean
B42000
unkown
page read and write
 clean
7DF574D10000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
1BD416F1000
unkown
page read and write
 clean
5CFE000
unkown
page read and write
 clean
B3E000
unkown
page read and write
 clean
7FF558FA7000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
1BD41F84000
unkown
page read and write
 clean
1BD41A00000
unkown image
page readonly
 clean
2D20000
unkown
page read and write
 clean
1BD41FCA000
unkown
page read and write
 clean
4F91000
unkown
page read and write
 clean
2420000
unkown
page read and write
 clean
A8F000
unkown
page read and write
 clean
25E8000
unkown
page read and write
 clean
7FF567091000
unkown image
page readonly
 clean
B0A000
unkown
page read and write
 clean
7FF566FB0000
unkown image
page readonly
 clean
990F000
unkown
page read and write
 clean
1BD41F00000
unkown
page read and write
 clean
1BD41FD6000
unkown
page read and write
 clean
B8A000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
2E7F89E0000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
1BD41F93000
unkown
page read and write
 clean
B8D000
unkown
page read and write
 clean
1AC71500000
unkown
page read and write
 clean
24EB000
unkown
page read and write
 clean
7FF502A21000
unkown image
page readonly
 clean
3722000
unkown
page read and write
 clean
1A0000
unkown image
page readonly
 clean
1BD42402000
unkown
page read and write
 clean
1BD41F8E000
unkown
page read and write
 clean
7DF574D00000
unkown image
page readonly
 clean
255D000
unkown
page read and write
 clean
9BCE000
unkown
page read and write
 clean
2E7F7A30000
unkown image
page readonly
 clean
24BB000
unkown
page read and write
 clean
22C2000
unkown
page read and write
 clean
7FF558F27000
unkown image
page readonly
 clean
252E0402000
unkown
page read and write
 clean
2909000
unkown
page read and write
 clean
1B0000
unkown image
page readonly
 clean
2E59000
unkown
page read and write
 clean
33F0000
unkown
page read and write
 clean
3530000
unkown
page read and write
 clean
A52000
unkown
page read and write
 clean
54C8000
unkown
page read and write
 clean
26EC000
unkown
page read and write
 clean
990000
unkown
page read and write
 clean
1BD41F8C000
unkown
page read and write
 clean
4C4000
unkown image
page readonly
 clean
82E000
unkown
page read and write
 clean
6E0F0000
unkown image
page readonly
 clean
1BD41F82000
unkown
page read and write
 clean
7DF5C25A0000
unkown image
page readonly
 clean
7FF516A16000
unkown image
page readonly
 clean
7FF5B45CE000
unkown image
page readonly
 clean
7FF511561000
unkown image
page readonly
 clean
D85C7E000
unkown
page read and write
 clean
7FF567074000
unkown image
page readonly
 clean
873000
unkown image
page read and write
 clean
4C4000
unkown image
page readonly
 clean
EABC07F000
unkown
page read and write
 clean
1BD41470000
heap default
page read and write
 clean
252E0200000
unkown image
page readonly
 clean
6D4000
unkown image
page read and write
 clean
7FF516AE9000
unkown image
page readonly
 clean
2693000
unkown
page read and write
 clean
19A000
unkown
page read and write
 clean
B49000
unkown
page read and write
 clean
A6A000
unkown
page read and write
 clean
BAE000
unkown
page read and write
 clean
2526000
unkown
page read and write
 clean
A30000
heap default
page read and write
 clean
7FF567081000
unkown image
page readonly
 clean
AB8000
unkown
page read and write
 clean
7FF511535000
unkown image
page readonly
 clean
1BD41F69000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
7DF524782000
unkown image
page readonly
 clean
A70000
unkown image
page readonly
 clean
252DFBC0000
unkown image
page readonly
 clean
A9C000
unkown
page read and write
 clean
BA4000
unkown
page read and write
 clean
1AC71220000
unkown image
page readonly
 clean
2534000
unkown
page read and write
 clean
7DF51F342000
unkown image
page readonly
 clean
7FF5B4849000
unkown image
page readonly
 clean
2EB000
unkown
page read and write
 clean
6DC000
unkown image
page readonly
 clean
7FF5591C6000
unkown image
page readonly
 clean
1BD41590000
unkown image
page readonly
 clean
2371000
unkown
page read and write
 clean
2994000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
2E7F7B4C000
unkown
page read and write
 clean
7FF5115F3000
unkown image
page readonly
 clean
7FF51163E000
unkown image
page readonly
 clean
238F000
unkown
page read and write
 clean
7DF524772000
unkown image
page readonly
 clean
1BD41713000
unkown
page read and write
 clean
E09000
heap private
page read and write
 clean
1BD41F8C000
unkown
page read and write
 clean
1BD42402000
unkown
page read and write
 clean
224FCED0000
unkown image
page readonly
 clean
773057B000
unkown
page read and write
 clean
2985000
unkown
page read and write
 clean
1874B9AD000
unkown
page read and write
 clean
252DFE55000
unkown
page read and write
 clean
7FF5114EF000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
1BD4165A000
unkown
page read and write
 clean
7FF510F31000
unkown image
page readonly
 clean
4C6000
unkown image
page readonly
 clean
7FF55924F000
unkown image
page readonly
 clean
A38000
heap default
page read and write
 clean
252B000
unkown
page read and write
 clean
B46000
unkown
page read and write
 clean
401000
unkown image
page execute read
 clean
1BD41550000
unkown image
page readonly
 clean
7FF558DAB000
unkown image
page readonly
 clean
3B8E000
unkown
page read and write
 clean
23C1000
unkown
page read and write
 clean
3DCD000
unkown
page read and write
 clean
2E7F8990000
unkown
page read and write
 clean
7FF566F9D000
unkown image
page readonly
 clean
7FF5667FB000
unkown image
page readonly
 clean
2E7F7B68000
heap default
page read and write
 clean
224FD802000
unkown
page read and write
 clean
7FF5B489E000
unkown image
page readonly
 clean
6DE000
unkown image
page readonly
 clean
446367F000
unkown
page read and write
 clean
2E7F8270000
unkown image
page readonly
 clean
7DF524780000
unkown image
page readonly
 clean
7FF516A33000
unkown image
page readonly
 clean
E6FA97E000
unkown
page read and write
 clean
B6F000
unkown
page read and write
 clean
7DF4B3800000
unkown image
page readonly
 clean
24B0000
unkown
page read and write
 clean
97F000
unkown
page read and write
 clean
7DF5C25B2000
unkown image
page readonly
 clean
1BD4164D000
unkown
page read and write
 clean
7FF516922000
unkown image
page readonly
 clean
77305FD000
unkown
page read and write
 clean
1BD41F93000
unkown
page read and write
 clean
A94000
unkown
page read and write
 clean
7DF574D00000
unkown image
page readonly
 clean
359E000
unkown
page read and write
 clean
39C000
unkown
page read and write
 clean
7FF567069000
unkown image
page readonly
 clean
1BD416CA000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
7A7000
unkown image
page readonly
 clean
224FD03C000
unkown
page read and write
 clean
6CA000
unkown image
page write copy
 clean
1BD415F0000
unkown image
page read and write
 clean
7FF516B11000
unkown image
page readonly
 clean
26EC000
unkown
page read and write
 clean
7FF516A23000
unkown image
page readonly
 clean
CF0000
heap private
page read and write
 clean
1BD41FB3000
unkown
page read and write
 clean
244E000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
224FCEB0000
unkown image
page read and write
 clean
2472000
unkown
page read and write
 clean
7FF516A6E000
unkown image
page readonly
 clean
7FF511633000
unkown image
page readonly
 clean
2892000
unkown
page read and write
 clean
591F000
unkown
page read and write
 clean
6C5000
unkown image
page read and write
 clean
9A0000
heap default
page read and write
 clean
2378000
unkown
page read and write
 clean
1AC71250000
unkown image
page readonly
 clean
1BD41F82000
unkown
page read and write
 clean
7DF5C25B0000
unkown image
page readonly
 clean
25BD000
unkown
page read and write
 clean
7FF5B4427000
unkown image
page readonly
 clean
25AF000
unkown
page read and write
 clean
3848000
unkown
page read and write
 clean
7FF566FA6000
unkown image
page readonly
 clean
BBB000
unkown
page read and write
 clean
A17000
unkown
page read and write
 clean
1BD41FC7000
unkown
page read and write
 clean
23C8000
unkown
page read and write
 clean
A61000
unkown
page read and write
 clean
B4B000
unkown
page read and write
 clean
B63000
unkown
page read and write
 clean
7FF516A30000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
1BD41F19000
unkown
page read and write
 clean
1BD41F5B000
unkown
page read and write
 clean
9A8E000
unkown
page read and write
 clean
AC0000
heap private
page read and write
 clean
E6FA1FF000
unkown
page read and write
 clean
2E7F7A50000
unkown image
page readonly
 clean
B62000
unkown
page read and write
 clean
9C1000
unkown
page read and write
 clean
2345000
unkown
page read and write
 clean
2E7F8260000
unkown image
page readonly
 clean
D00000
unkown image
page readonly
 clean
1BD42403000
unkown
page read and write
 clean
235A000
unkown
page read and write
 clean
AAA000
unkown
page read and write
 clean
2981000
unkown
page read and write
 clean
BBB000
unkown
page read and write
 clean
7FF5B472B000
unkown image
page readonly
 clean
29C9000
unkown
page read and write
 clean
224FCED0000
unkown image
page readonly
 clean
25C4000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
E00000
heap private
page read and write
 clean
7FF5B47C1000
unkown image
page readonly
 clean
1874BB40000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
7DF5C25A2000
unkown image
page readonly
 clean
7FF5116C4000
unkown image
page readonly
 clean
1BD41F93000
unkown
page read and write
 clean
7DF524770000
unkown image
page readonly
 clean
372C000
unkown
page read and write
 clean
7FF5B4931000
unkown image
page readonly
 clean
A8D000
unkown
page read and write
 clean
7FF566FDB000
unkown image
page readonly
 clean
1BD41FC1000
unkown
page read and write
 clean
1BD41F9A000
unkown
page read and write
 clean
1BD41F71000
unkown
page read and write
 clean
1BD41FA1000
unkown
page read and write
 clean
B29000
heap default
page read and write
 clean
7FF559363000
unkown image
page readonly
 clean
6CE000
unkown image
page write copy
 clean
252DFF08000
unkown
page read and write
 clean
1BD41FA5000
unkown
page read and write
 clean
9DE000
unkown
page read and write
 clean
254A000
unkown
page read and write
 clean
2491000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
8AC000
unkown image
page readonly
 clean
4F61000
unkown
page read and write
 clean
7FF516A8A000
unkown image
page readonly
 clean
1B0000
unkown image
page readonly
 clean
2993000
unkown
page read and write
 clean
7FF5116B2000
unkown image
page readonly
 clean
285C000
unkown
page read and write
 clean
B3F000
unkown
page read and write
 clean
1A0000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
7FF5115EF000
unkown image
page readonly
 clean
A83000
unkown
page read and write
 clean
252DFE3C000
unkown
page read and write
 clean
23BA000
unkown
page read and write
 clean
2C90000
unkown
page read and write
 clean
7FF5B474F000
unkown image
page readonly
 clean
887000
unkown image
page readonly
 clean
7FF559302000
unkown image
page readonly
 clean
7FF511600000
unkown image
page readonly
 clean
224FD029000
unkown
page read and write
 clean
D8592B000
unkown
page read and write
 clean
23B3000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
6CE000
unkown image
page write copy
 clean
36EA000
unkown
page read and write
 clean
4F61000
unkown
page read and write
 clean
AD0000
heap default
page read and write
 clean
B78000
unkown
page read and write
 clean
2481000
unkown
page read and write
 clean
62E000
unkown
page read and write
 clean
E06000
heap private
page read and write
 clean
2E7F8980000
unkown
page read and write
 clean
3530000
unkown
page read and write
 clean
4F62000
unkown
page read and write
 clean
2890000
unkown
page read and write
 clean
818000
unkown image
page readonly
 clean
2E7F7A20000
unkown
page read and write
 clean
1BD41F82000
unkown
page read and write
 clean
1BD41F14000
unkown
page read and write
 clean
224FD590000
unkown image
page readonly
 clean
1BD41F82000
unkown
page read and write
 clean
224FCF20000
heap default
page read and write
 clean
1BD41FB6000
unkown
page read and write
 clean
7FF5A7BDF000
unkown image
page readonly
 clean
4F94000
unkown
page read and write
 clean
7FF55936E000
unkown image
page readonly
 clean
22D1000
unkown
page read and write
 clean
1BD41FBC000
unkown
page read and write
 clean
1BD416FC000
unkown
page read and write
 clean
B0A000
unkown
page read and write
 clean
2E7F7A10000
unkown image
page read and write
 clean
1BD41F8E000
unkown
page read and write
 clean
2490000
unkown
page read and write
 clean
A02000
unkown
page read and write
 clean
1BD41F9A000
unkown
page read and write
 clean
8E0000
unkown
page execute and read and write
 clean
6C5000
unkown image
page read and write
 clean
3548000
unkown
page read and write
 clean
7A5000
heap default
page read and write
 clean
1BD416A1000
unkown
page read and write
 clean
7FF5B492A000
unkown image
page readonly
 clean
7FF5A7CD1000
unkown image
page readonly
 clean
7DF5670B0000
unkown image
page readonly
 clean
1A0000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
B8B000
unkown
page read and write
 clean
1BD42402000
unkown
page read and write
 clean
224FD050000
unkown
page read and write
 clean
19C000
unkown
page read and write
 clean
446377E000
unkown
page read and write
 clean
7FF5590C5000
unkown image
page readonly
 clean
A85000
unkown
page read and write
 clean
7FF566FB3000
unkown image
page readonly
 clean
1BD416C1000
unkown
page read and write
 clean
1AC71470000
unkown
page read and write
 clean
7FF5A77B7000
unkown image
page readonly
 clean
7FF559419000
unkown image
page readonly
 clean
1BD41F86000
unkown
page read and write
 clean
75C000
unkown
page read and write
 clean
224FD108000
unkown
page read and write
 clean
224FD000000
unkown
page read and write
 clean
7A7000
unkown image
page readonly
 clean
87E000
unkown
page read and write
 clean
7DF524772000
unkown image
page readonly
 clean
7FF559431000
unkown image
page readonly
 clean
6CC000
unkown image
page read and write
 clean
2DC000
unkown
page read and write
 clean
7FF567085000
unkown image
page readonly
 clean
7DF5670B2000
unkown image
page readonly
 clean
1BD42414000
unkown
page read and write
 clean
1BD42402000
unkown
page read and write
 clean
FE7CEFE000
unkown
page read and write
 clean
3530000
unkown
page read and write
 clean
8C9000
heap default
page read and write
 clean
B17000
heap default
page read and write
 clean
25B6000
unkown
page read and write
 clean
4F55000
unkown
page read and write
 clean
7DF5C25C0000
unkown image
page readonly
 clean
537000
heap default
page read and write
 clean
7FF5A7BE3000
unkown image
page readonly
 clean
2591000
unkown
page read and write
 clean
7FF51165A000
unkown image
page readonly
 clean
224FD113000
unkown
page read and write
 clean
7FF559017000
unkown image
page readonly
 clean
7FF56700D000
unkown image
page readonly
 clean
234C000
unkown
page read and write
 clean
1BD41656000
unkown
page read and write
 clean
6CF000
unkown image
page read and write
 clean
1BD41F8C000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
1BD41F82000
unkown
page read and write
 clean
24FB000
unkown
page read and write
 clean
252DFE4B000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
D85E7B000
unkown
page read and write
 clean
B09000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
5437000
unkown
page read and write
 clean
4F91000
unkown
page read and write
 clean
7FF55939E000
unkown image
page readonly
 clean
BBB000
unkown
page read and write
 clean
7FF511617000
unkown image
page readonly
 clean
7FF5B4867000
unkown image
page readonly
 clean
1BD41F62000
unkown
page read and write
 clean
2E7F7B08000
heap default
page read and write
 clean
7DF5B5950000
unkown image
page readonly
 clean
7FF502A21000
unkown image
page readonly
 clean
33FF000
unkown
page read and write
 clean
27F1000
unkown
page read and write
 clean
6E4FB000
unkown image
page read and write
 clean
7FF516399000
unkown image
page readonly
 clean
7FF5B4893000
unkown image
page readonly
 clean
6DC000
unkown image
page readonly
 clean
7DF5670B2000
unkown image
page readonly
 clean
7FF5168AA000
unkown image
page readonly
 clean
3551000
unkown
page read and write
 clean
7FF5B479B000
unkown image
page readonly
 clean
7FF51153B000
unkown image
page readonly
 clean
22F5000
unkown
page read and write
 clean
252DFBB0000
heap private
page read and write
 clean
1BD416D9000
unkown
page read and write
 clean
6E4F7000
unkown image
page write copy
 clean
B34000
unkown
page read and write
 clean
4F61000
unkown
page read and write
 clean
1BD41F67000
unkown
page read and write
 clean
252DFE54000
unkown
page read and write
 clean
1080000
unkown image
page readonly
 clean
1BD416B4000
unkown
page read and write
 clean
B0A000
unkown
page read and write
 clean
7FF5A7B55000
unkown image
page readonly
 clean
1AC71800000
unkown image
page readonly
 clean
1BD41C60000
unkown image
page write copy
 clean
7FF5B486E000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
21F000
unkown
page read and write
 clean
7FF5B4912000
unkown image
page readonly
 clean
75E000
unkown
page read and write
 clean
4F61000
unkown
page read and write
 clean
1AC71350000
unkown image
page readonly
 clean
9EC000
unkown
page read and write
 clean
1BD42402000
unkown
page read and write
 clean
1AC71240000
unkown image
page readonly
 clean
7FF51639E000
unkown image
page readonly
 clean
36B3000
unkown
page read and write
 clean
EABBB3B000
unkown
page read and write
 clean
1BD41F8C000
unkown
page read and write
 clean
9FA000
unkown
page read and write
 clean
C30000
unkown image
page readonly
 clean
7DF5B5950000
unkown image
page readonly
 clean
224FCF00000
unkown image
page readonly
 clean
1BD415E0000
unkown
page read and write
 clean
253C000
unkown
page read and write
 clean
3708000
unkown
page read and write
 clean
2330000
unkown
page read and write
 clean
7DF464F70000
unkown image
page readonly
 clean
87E000
unkown
page read and write
 clean
6CF000
unkown image
page read and write
 clean
1AC71455000
unkown
page read and write
 clean
1BD42463000
unkown
page read and write
 clean
1BD41F85000
unkown
page read and write
 clean
FE7CE7B000
unkown
page read and write
 clean
2710000
heap private
page read and write
 clean
1BD41F63000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
77309FF000
unkown
page read and write
 clean
1AC71465000
unkown
page read and write
 clean
1BD41F82000
unkown
page read and write
 clean
7FF511466000
unkown image
page readonly
 clean
1BD41FA4000
unkown
page read and write
 clean
2B10000
heap private
page read and write
 clean
1874BF30000
unkown image
page readonly
 clean
D85F77000
unkown
page read and write
 clean
25A8000
unkown
page read and write
 clean
2650000
unkown image
page readonly
 clean
29D6000
unkown
page read and write
 clean
B78000
unkown
page read and write
 clean
7FF559191000
unkown image
page readonly
 clean
B9E000
unkown
page read and write
 clean
7FF559014000
unkown image
page readonly
 clean
7FF5590CE000
unkown image
page readonly
 clean
7FF5116D1000
unkown image
page readonly
 clean
1BD41420000
unkown image
page readonly
 clean
2E7F86B0000
unkown
page read and write
 clean
22EE000
unkown
page read and write
 clean
2540000
unkown
page read and write
 clean
1BD41FB2000
unkown
page read and write
 clean
97CF000
unkown
page read and write
 clean
873000
unkown image
page write copy
 clean
FE7CD7B000
unkown
page read and write
 clean
A6A000
unkown
page read and write
 clean
7FF566FB7000
unkown image
page readonly
 clean
401000
unkown image
page execute read
 clean
B8A000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
27E0000
heap private
page read and write
 clean
1BD41F90000
unkown
page read and write
 clean
4F20000
unkown
page read and write
 clean
7DF524790000
unkown image
page readonly
 clean
2490000
unkown
page read and write
 clean
5424000
unkown
page read and write
 clean
1BD42419000
unkown
page read and write
 clean
1BD41440000
unkown image
page readonly
 clean
7DF524790000
unkown image
page readonly
 clean
2E7F8720000
unkown
page read and write
 clean
A3C000
unkown
page read and write
 clean
252DFE51000
unkown
page read and write
 clean
1AC71508000
unkown
page read and write
 clean
1BD41F67000
unkown
page read and write
 clean
2582000
unkown
page read and write
 clean
4F61000
unkown
page read and write
 clean
5454000
unkown
page read and write
 clean
7FF516B01000
unkown image
page readonly
 clean
1874B910000
unkown image
page readonly
 clean
29F1000
unkown
page read and write
 clean
7FF5115D7000
unkown image
page readonly
 clean
7FBA0000
unkown
page read and write
 clean
3A4E000
unkown
page read and write
 clean
1BD41F86000
unkown
page read and write
 clean
7F6000
unkown image
page readonly
 clean
26F0000
unkown image
page readonly
 clean
252DFE89000
unkown
page read and write
 clean
7FF56707A000
unkown image
page readonly
 clean
7FF55942A000
unkown image
page readonly
 clean
252DFC10000
heap default
page read and write
 clean
6DE000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
7FF5A7CD1000
unkown image
page readonly
 clean
C80000
unkown image
page readonly
 clean
2E7F7B11000
heap default
page read and write
 clean
7DF5670A0000
unkown image
page readonly
 clean
E6FA67B000
unkown
page read and write
 clean
25CC000
unkown
page read and write
 clean
9AE000
unkown
page read and write
 clean
7FF516A5B000
unkown image
page readonly
 clean
1BD416E4000
unkown
page read and write
 clean
224FD08D000
unkown
page read and write
 clean
530000
heap default
page read and write
 clean
245D000
unkown
page read and write
 clean
773015B000
unkown
page read and write
 clean
1874B9B8000
unkown
page read and write
 clean
4F61000
unkown
page read and write
 clean
2E7F7AB0000
heap private
page read and write
 clean
1BD42402000
unkown
page read and write
 clean
6D7000
unkown image
page write copy
 clean
2990000
unkown
page read and write
 clean
ADA000
heap default
page read and write
 clean
27C0000
unkown
page read and write
 clean
3520000
unkown
page read and write
 clean
238000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
7DF574CF0000
unkown image
page readonly
 clean
3564000
unkown
page read and write
 clean
4F91000
unkown
page read and write
 clean
5CBF000
unkown
page read and write
 clean
7FFD0000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
7DF51F352000
unkown image
page readonly
 clean
224FD06F000
unkown
page read and write
 clean
B9C000
unkown
page read and write
 clean
24F2000
unkown
page read and write
 clean
2710000
unkown
page execute and read and write
 clean
224FD04D000
unkown
page read and write
 clean
B38000
unkown
page read and write
 clean
7FF5B48BA000
unkown image
page readonly
 clean
2303000
unkown
page read and write
 clean
401000
unkown image
page execute read
 clean
1BD41650000
unkown
page read and write
 clean
B7C000
unkown
page read and write
 clean
A35000
unkown
page read and write
 clean
7FF566FEE000
unkown image
page readonly
 clean
2BE0000
unkown
page read and write
 clean
371E000
unkown
page read and write
 clean
224FD102000
unkown
page read and write
 clean
D859AE000
unkown
page read and write
 clean
1BD41F8C000
unkown
page read and write
 clean
30000
unkown image
page read and write
 clean
224FD410000
unkown image
page readonly
 clean
7FF5A7CC1000
unkown image
page readonly
 clean
A78000
unkown
page read and write
 clean
7FF5A7CB4000
unkown image
page readonly
 clean
880000
unkown image
page readonly
 clean
1AC71980000
unkown image
page readonly
 clean
2337000
unkown
page read and write
 clean
24D4000
unkown
page read and write
 clean
650000
heap default
page read and write
 clean
2456000
unkown
page read and write
 clean
A80000
unkown image
page readonly
 clean
54B9000
unkown
page read and write
 clean
7FF5591F9000
unkown image
page readonly
 clean
1BD41F5A000
unkown
page read and write
 clean
AB0000
unkown image
page readonly
 clean
1BD41F90000
unkown
page read and write
 clean
3CCE000
unkown
page read and write
 clean
1BD41F90000
unkown
page read and write
 clean
1AC71600000
unkown image
page readonly
 clean
B5B000
unkown
page read and write
 clean
7FF5A7A56000
unkown image
page readonly
 clean
B61000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
1BD42402000
unkown
page read and write
 clean
251A000
unkown
page read and write
 clean
7FF5593B7000
unkown image
page readonly
 clean
7FF5A7C07000
unkown image
page readonly
 clean
876000
unkown image
page read and write
 clean
7FF516B11000
unkown image
page readonly
 clean
252DFE56000
unkown
page read and write
 clean
2E7F7CD0000
unkown
page read and write
 clean
1BD41F4F000
unkown
page read and write
 clean
A68000
unkown
page read and write
 clean
7FF55914B000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
6E0F0000
unkown image
page readonly
 clean
9CCE000
unkown
page read and write
 clean
252DFE4E000
unkown
page read and write
 clean
EABC0FC000
unkown
page read and write
 clean
1BD416E5000
unkown
page read and write
 clean
2670000
unkown
page read and write
 clean
7DF574CF2000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
6C5000
unkown image
page write copy
 clean
7FF567091000
unkown image
page readonly
 clean
30000
unkown image
page read and write
 clean
252DFE70000
unkown
page read and write
 clean
2909000
unkown
page read and write
 clean
7FF559107000
unkown image
page readonly
 clean
994E000
unkown
page read and write
 clean
29A7000
unkown
page read and write
 clean
3712000
unkown
page read and write
 clean
898000
heap default
page read and write
 clean
7FF5B47C5000
unkown image
page readonly
 clean
FE7CFFE000
unkown
page read and write
 clean
890000
heap default
page read and write
 clean
2A68000
unkown
page read and write
 clean
7FF5116DA000
unkown image
page readonly
 clean
29BC000
unkown
page read and write
 clean
CF9000
heap private
page read and write
 clean
7DF574CF2000
unkown image
page readonly
 clean
2E7F7AA0000
unkown image
page readonly
 clean
7FF5B484D000
unkown image
page readonly
 clean
2681000
unkown
page read and write
 clean
1874B9A1000
unkown
page read and write
 clean
22CA000
unkown
page read and write
 clean
1BD4241E000
unkown
page read and write
 clean
E6FA87F000
unkown
page read and write
 clean
2464000
unkown
page read and write
 clean
AE7000
heap default
page read and write
 clean
7FEB0000
unkown image
page readonly
 clean
4B7000
unkown image
page write copy
 clean
D863F8000
unkown
page read and write
 clean
2CA0000
unkown
page read and write
 clean
B63000
unkown
page read and write
 clean
97000
unkown
page read and write
 clean
1BD41F93000
unkown
page read and write
 clean
2E8000
unkown
page read and write
 clean
6E418000
unkown image
page readonly
 clean
258A000
unkown
page read and write
 clean
7FF516A8D000
unkown image
page readonly
 clean
1BD41FB0000
unkown
page read and write
 clean
B8C000
unkown
page read and write
 clean
7FF5115ED000
unkown image
page readonly
 clean
There are 1388 hidden memdumps, click here to show them.