IOC Report

loading gif

Files

File Path
Type
Category
Malicious
doc-379851424.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Tue Oct 12 08:22:59 2021, Security: 0
initial sample
malicious
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F1C50F4E-1059-4074-A602-9B892B4EAC58
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
clean

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
malicious
C:\Windows\SysWOW64\regsvr32.exe
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
malicious
C:\Windows\SysWOW64\regsvr32.exe
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
malicious
C:\Windows\SysWOW64\regsvr32.exe
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
malicious
C:\Windows\System32\regsvr32.exe
'C:\Windows\System32\regsvr32.exe' C:\Datop\test.test
malicious
C:\Windows\System32\regsvr32.exe
'C:\Windows\System32\regsvr32.exe' C:\Datop\test1.test
malicious
C:\Windows\System32\regsvr32.exe
'C:\Windows\System32\regsvr32.exe' C:\Datop\test2.test
malicious

URLs

Name
IP
Malicious
https://api.diagnosticssdf.office.com
unknown
clean
https://login.microsoftonline.com/
unknown
clean
https://shell.suite.office.com:1443
unknown
clean
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
clean
https://autodiscover-s.outlook.com/
unknown
clean
https://roaming.edog.
unknown
clean
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
clean
https://cdn.entity.
unknown
clean
https://api.addins.omex.office.net/appinfo/query
unknown
clean
https://clients.config.office.net/user/v1.0/tenantassociationkey
unknown
clean
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
clean
https://powerlift.acompli.net
unknown
clean
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
clean
https://lookup.onenote.com/lookup/geolocation/v1
unknown
clean
https://cortana.ai
unknown
clean
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
clean
https://cloudfiles.onenote.com/upload.aspx
unknown
clean
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
clean
https://entitlement.diagnosticssdf.office.com
unknown
clean
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
unknown
clean
https://api.aadrm.com/
unknown
clean
https://ofcrecsvcapi-int.azurewebsites.net/
unknown
clean
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
clean
https://api.microsoftstream.com/api/
unknown
clean
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
clean
https://cr.office.com
unknown
clean
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
unknown
clean
https://portal.office.com/account/?ref=ClientMeControl
unknown
clean
https://graph.ppe.windows.net
unknown
clean
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
clean
https://powerlift-frontdesk.acompli.net
unknown
clean
https://tasks.office.com
unknown
clean
https://officeci.azurewebsites.net/api/
unknown
clean
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
unknown
clean
https://madieandme.com.au/xnkpOLnvlN6T/ocrafh.html
101.0.112.4
clean
https://store.office.cn/addinstemplate
unknown
clean
https://api.aadrm.com
unknown
clean
https://outlook.office.com/autosuggest/api/v1/init?cvid=
unknown
clean
https://globaldisco.crm.dynamics.com
unknown
clean
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
clean
https://store.officeppe.com/addinstemplate
unknown
clean
https://dev0-api.acompli.net/autodetect
unknown
clean
https://www.odwebp.svc.ms
unknown
clean
https://api.powerbi.com/v1.0/myorg/groups
unknown
clean
https://web.microsoftstream.com/video/
unknown
clean
https://graph.windows.net
unknown
clean
https://dataservice.o365filtering.com/
unknown
clean
https://officesetup.getmicrosoftkey.com
unknown
clean
https://analysis.windows.net/powerbi/api
unknown
clean
https://prod-global-autodetect.acompli.net/autodetect
unknown
clean
https://outlook.office365.com/autodiscover/autodiscover.json
unknown
clean
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
unknown
clean
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
clean
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
clean
https://ncus.contentsync.
unknown
clean
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
unknown
clean
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
clean
http://weather.service.msn.com/data.aspx
unknown
clean
https://apis.live.net/v5.0/
unknown
clean
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
unknown
clean
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
clean
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
clean
https://management.azure.com
unknown
clean
https://outlook.office365.com
unknown
clean
https://wus2.contentsync.
unknown
clean
https://incidents.diagnostics.office.com
unknown
clean
https://clients.config.office.net/user/v1.0/ios
unknown
clean
https://insertmedia.bing.office.net/odc/insertmedia
unknown
clean
https://o365auditrealtimeingestion.manage.office.com
unknown
clean
https://outlook.office365.com/api/v1.0/me/Activities
unknown
clean
https://api.office.net
unknown
clean
https://incidents.diagnosticssdf.office.com
unknown
clean
https://asgsmsproxyapi.azurewebsites.net/
unknown
clean
https://clients.config.office.net/user/v1.0/android/policies
unknown
clean
https://entitlement.diagnostics.office.com
unknown
clean
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
clean
https://substrate.office.com/search/api/v2/init
unknown
clean
https://outlook.office.com/
unknown
clean
https://storage.live.com/clientlogs/uploadlocation
unknown
clean
https://amerident.com.do/xdOMlaB0XJ7/ocraf.html
108.179.242.179
clean
https://outlook.office365.com/
unknown
clean
https://webshell.suite.office.com
unknown
clean
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
unknown
clean
https://substrate.office.com/search/api/v1/SearchHistory
unknown
clean
https://management.azure.com/
unknown
clean
https://login.windows.net/common/oauth2/authorize
unknown
clean
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
unknown
clean
https://graph.windows.net/
unknown
clean
https://api.powerbi.com/beta/myorg/imports
unknown
clean
https://devnull.onenote.com
unknown
clean
https://ncus.pagecontentsync.
unknown
clean
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
unknown
clean
https://messaging.office.com/
unknown
clean
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
clean
https://augloop.office.com/v2
unknown
clean
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
clean
https://skyapi.live.net/Activity/
unknown
clean
https://clients.config.office.net/user/v1.0/mac
unknown
clean
https://dataservice.o365filtering.com
unknown
clean
https://ohemaa.org/HUVm9mDKLW9C/ocrafhh.html
172.93.99.178
clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
clean
http://www.windows.com/pctv.
unknown
clean
http://investor.msn.com
unknown
clean
http://www.msnbc.com/news/ticker.txt
unknown
clean
http://www.icra.org/vocabulary/.
unknown
clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
clean
http://investor.msn.com/
unknown
clean
http://www.%s.comPA
unknown
clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
clean
http://www.hotmail.com/oe
unknown
clean
http://servername/isapibackend.dll
unknown
clean
There are 101 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ohemaa.org
172.93.99.178
clean
amerident.com.do
108.179.242.179
clean
madieandme.com.au
101.0.112.4
clean

IPs

IP
Domain
Country
Malicious
101.0.112.4
madieandme.com.au
Australia
clean
108.179.242.179
amerident.com.do
United States
clean
172.93.99.178
ohemaa.org
United States
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
.43
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
/43
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
RemoteClearDate
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
Last
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
FilePath
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
StartDate
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
EndDate
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Properties
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Url
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
LastClean
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableWinHttpCertAuth
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableSessionAwareHttpClose
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALForExtendedApps
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALSetSilentAuth
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableGuestCredProvider
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableOstringReplace
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
ReviewToken
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\220BE
220BE
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
VBAFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
MSForms
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
MSComctlLib
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
=?3
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\31455
31455
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\316E5
316E5
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
EXCELFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
LastPurgeTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
v:*
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\30973
30973
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
i>*
clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\wuaueng.dll,-400
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39C4F
39C4F
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39E42
39E42
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
clean
There are 94 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF5BEE60000
unkown image
page readonly
clean
1FB47D72000
unkown
page read and write
clean
2A05000
unkown image
page readonly
clean
7FF55CA53000
unkown image
page readonly
clean
1ECCF050000
unkown image
page readonly
clean
1FB47629000
unkown
page read and write
clean
7FF5C203A000
unkown image
page readonly
clean
7FF507F87000
unkown image
page readonly
clean
7FF5C1CD5000
unkown image
page readonly
clean
24B98681000
unkown
page read and write
clean
F570BFF000
unkown
page read and write
clean
7FF5C1FA3000
unkown image
page readonly
clean
185C6DA0000
unkown image
page readonly
clean
1FB47DE7000
unkown
page read and write
clean
F570E7D000
unkown
page read and write
clean
731F000
unkown
page read and write
clean
7FF536EB1000
unkown image
page readonly
clean
7FF5C1B37000
unkown image
page readonly
clean
F57067B000
unkown
page read and write
clean
1FB47D82000
unkown
page read and write
clean
3830000
unkown
page read and write
clean
C7F000
unkown
page read and write
clean
7FF508321000
unkown image
page readonly
clean
1ECCF010000
unkown
page read and write
clean
359C000
unkown
page read and write
clean
13C99980000
unkown image
page readonly
clean
185C72E0000
unkown image
page readonly
clean
7FA10000
unkown image
page readonly
clean
770000
unkown image
page read and write
clean
1FB47D68000
unkown
page read and write
clean
233C8049000
unkown
page read and write
clean
7FA22000
unkown image
page readonly
clean
7FF5C204A000
unkown image
page readonly
clean
7FF5BED1D000
unkown image
page readonly
clean
1ECCF020000
unkown image
page readonly
clean
7FF50848A000
unkown image
page readonly
clean
47AF000
unkown
page read and write
clean
2C66000
unkown image
page readonly
clean
3210000
unkown image
page readonly
clean
2ABC000
unkown image
page readonly
clean
725E000
unkown
page read and write
clean
7FF5BEFBE000
unkown image
page readonly
clean
1FB47D8C000
unkown
page read and write
clean
13C99500000
unkown
page read and write
clean
2F10000
unkown image
page readonly
clean
7FF50026F000
unkown image
page readonly
clean
CCE000
unkown
page read and write
clean
7DF544B30000
unkown image
page readonly
clean
7DF5CFCC0000
unkown image
page readonly
clean
7DF50DFC2000
unkown image
page readonly
clean
7FF507E07000
unkown image
page readonly
clean
1FB476FA000
unkown
page read and write
clean
7FF536E94000
unkown image
page readonly
clean
29CF000
unkown image
page readonly
clean
7FED0000
unkown image
page readonly
clean
7DF544B22000
unkown image
page readonly
clean
233C804E000
unkown
page read and write
clean
185C6D90000
heap private
page read and write
clean
7FF508009000
unkown image
page readonly
clean
1FB47D86000
unkown
page read and write
clean
C4BF7F000
unkown
page read and write
clean
D72C97E000
unkown
page read and write
clean
2A0B000
unkown image
page readonly
clean
7DF50DFD2000
unkown image
page readonly
clean
7DF56A7A0000
unkown image
page readonly
clean
2C5D000
unkown image
page readonly
clean
7FF500339000
unkown image
page readonly
clean
1FB47D7B000
unkown
page read and write
clean
7FF5083F3000
unkown image
page readonly
clean
7FF5C1DD6000
unkown image
page readonly
clean
24B98940000
unkown image
page readonly
clean
28F5000
unkown image
page readonly
clean
7DF516120000
unkown image
page readonly
clean
7FF508259000
unkown image
page readonly
clean
7FF55C7CD000
unkown image
page readonly
clean
7FF5C18A2000
unkown image
page readonly
clean
2AC8000
unkown image
page readonly
clean
7DF4CABC0000
unkown image
page readonly
clean
7FF5BF081000
unkown image
page readonly
clean
7FF5082B2000
unkown image
page readonly
clean
7FF536AAC000
unkown image
page readonly
clean
7FA12000
unkown image
page readonly
clean
2BFE000
unkown image
page readonly
clean
780000
unkown image
page readonly
clean
3595000
unkown
page read and write
clean
7FED2000
unkown image
page readonly
clean
7FF5083D7000
unkown image
page readonly
clean
1FB476AC000
unkown
page read and write
clean
1FB47654000
unkown
page read and write
clean
1FB48202000
unkown
page read and write
clean
7FF5C1F9B000
unkown image
page readonly
clean
1FB47D97000
unkown
page read and write
clean
2C6B000
unkown image
page readonly
clean
7FF5001BB000
unkown image
page readonly
clean
24B98605000
heap private
page read and write
clean
1ECCF26C000
unkown
page read and write
clean
7FF5C1EBC000
unkown image
page readonly
clean
C4BA7D000
unkown
page read and write
clean
1FB47D19000
unkown
page read and write
clean
2AB6000
unkown image
page readonly
clean
13C99230000
unkown image
page readonly
clean
1FB47D9D000
unkown
page read and write
clean
7DF56A7B0000
unkown image
page readonly
clean
A80000
unkown image
page readonly
clean
7FF536EA1000
unkown image
page readonly
clean
24B98600000
heap private
page read and write
clean
7FF55CB41000
unkown image
page readonly
clean
1FB47D83000
unkown
page read and write
clean
2E1A000
heap default
page read and write
clean
7DF50DFC2000
unkown image
page readonly
clean
1FB47681000
unkown
page read and write
clean
233C8580000
unkown image
page readonly
clean
1ECCF4D5000
heap private
page read and write
clean
7DF56A7B0000
unkown image
page readonly
clean
7FF5C1E20000
unkown image
page readonly
clean
7FA22000
unkown image
page readonly
clean
185C7460000
unkown image
page readonly
clean
1FB48302000
unkown
page read and write
clean
1ECCF140000
unkown
page read and write
clean
1FB47DA4000
unkown
page read and write
clean
7FF55CB35000
unkown image
page readonly
clean
1FB47D72000
unkown
page read and write
clean
7DF56A7B2000
unkown image
page readonly
clean
7FF55CB31000
unkown image
page readonly
clean
1FB48219000
unkown
page read and write
clean
1FB47DD7000
unkown
page read and write
clean
185C6E4B000
unkown
page read and write
clean
1FB476A4000
unkown
page read and write
clean
1FB47BE0000
unkown
page read and write
clean
13C99250000
unkown image
page readonly
clean
185C6E49000
unkown
page read and write
clean
7FF508077000
unkown image
page readonly
clean
1FB47D7A000
unkown
page read and write
clean
7FF5BEEEB000
unkown image
page readonly
clean
1FB47C02000
unkown
page read and write
clean
2C26000
unkown image
page readonly
clean
1ECCF320000
unkown image
page readonly
clean
F570879000
unkown
page read and write
clean
1FB47D71000
unkown
page read and write
clean
1FB47D83000
unkown
page read and write
clean
2AE7000
unkown image
page readonly
clean
7FF5C18A8000
unkown image
page readonly
clean
7DF5CFCD0000
unkown image
page readonly
clean
C4BD77000
unkown
page read and write
clean
185C70D0000
unkown image
page readonly
clean
1FB48302000
unkown
page read and write
clean
1FB48202000
unkown
page read and write
clean
7DF56A7A2000
unkown image
page readonly
clean
1FB47D56000
unkown
page read and write
clean
D72C9F9000
unkown
page read and write
clean
2B35000
unkown image
page readonly
clean
7FC50000
unkown image
page readonly
clean
D72C8F9000
unkown
page read and write
clean
185C6E00000
unkown
page read and write
clean
1FB47DA2000
unkown
page read and write
clean
6DE000
unkown
page read and write
clean
7FF500361000
unkown image
page readonly
clean
33A0000
unkown image
page readonly
clean
2AAB000
unkown image
page readonly
clean
1FB47688000
unkown
page read and write
clean
7FF4FFBB8000
unkown image
page readonly
clean
7DF50DFD0000
unkown image
page readonly
clean
AD0000
heap private
page read and write
clean
7DF5CFCC0000
unkown image
page readonly
clean
7FC60000
unkown image
page readonly
clean
7FF55C375000
unkown image
page readonly
clean
13C9945D000
unkown
page read and write
clean
7FA10000
unkown image
page readonly
clean
7FF5002B3000
unkown image
page readonly
clean
1FB47D7A000
unkown
page read and write
clean
7FF5BEE41000
unkown image
page readonly
clean
3AA000
unkown
page read and write
clean
1FB47D71000
unkown
page read and write
clean
7FF5083B3000
unkown image
page readonly
clean
139DDFC000
unkown
page read and write
clean
7FF5083C7000
unkown image
page readonly
clean
1FB473F0000
unkown image
page readonly
clean
7FF536A5A000
unkown image
page readonly
clean
13C99481000
unkown
page read and write
clean
233C7FE0000
unkown
page read and write
clean
7DF56A7A0000
unkown image
page readonly
clean
13C99600000
unkown image
page readonly
clean
7DF516100000
unkown image
page readonly
clean
7FF5BF069000
unkown image
page readonly
clean
7FF536739000
unkown image
page readonly
clean
7FF5081FF000
unkown image
page readonly
clean
1FB476E2000
unkown
page read and write
clean
2E35000
unkown
page read and write
clean
7FF55CA4F000
unkown image
page readonly
clean
A3B000
unkown
page read and write
clean
7FF5BEFB7000
unkown image
page readonly
clean
13C99230000
unkown image
page readonly
clean
7FB40000
unkown image
page readonly
clean
7FF50841A000
unkown image
page readonly
clean
1FB47B80000
unkown image
page readonly
clean
7FF500283000
unkown image
page readonly
clean
7FF55CA67000
unkown image
page readonly
clean
7DF516110000
unkown image
page readonly
clean
410000
unkown image
page readonly
clean
1FB47D83000
unkown
page read and write
clean
7DF50DFD0000
unkown image
page readonly
clean
7DF5CFCD0000
unkown image
page readonly
clean
7FF55CB12000
unkown image
page readonly
clean
7FF5BEE16000
unkown image
page readonly
clean
1FB473C0000
unkown image
page readonly
clean
C081BFC000
unkown
page read and write
clean
7FF50834F000
unkown image
page readonly
clean
B7FCCFA000
unkown
page read and write
clean
7E0000
unkown image
page readonly
clean
29E6000
unkown image
page readonly
clean
7DF56A7C0000
unkown image
page readonly
clean
593000
heap default
page read and write
clean
7FF50830C000
unkown image
page readonly
clean
F57047C000
unkown
page read and write
clean
7FF5C1F5F000
unkown image
page readonly
clean
1FB47D83000
unkown
page read and write
clean
7FF55CB2A000
unkown image
page readonly
clean
7FF5BEEFC000
unkown image
page readonly
clean
1FB47D96000
unkown
page read and write
clean
7FF5082B7000
unkown image
page readonly
clean
BC0000
unkown
page read and write
clean
ED7000
unkown image
page readonly
clean
570000
heap default
page read and write
clean
7FF5BEF99000
unkown image
page readonly
clean
7FF5C1F63000
unkown image
page readonly
clean
7FF55CB19000
unkown image
page readonly
clean
7DF5CCD00000
unkown image
page readonly
clean
7FF536DC3000
unkown image
page readonly
clean
7FF4FFE41000
unkown image
page readonly
clean
36C0000
unkown
page read and write
clean
2CCB000
unkown image
page readonly
clean
29E6000
unkown image
page readonly
clean
233C8070000
unkown
page read and write
clean
C081CFB000
unkown
page read and write
clean
7FF5084A0000
unkown image
page readonly
clean
7FF5BEFC7000
unkown image
page readonly
clean
1FB4821E000
unkown
page read and write
clean
35B5000
unkown
page read and write
clean
382E000
unkown
page read and write
clean
700000
unkown image
page readonly
clean
1ECCF26C000
unkown
page read and write
clean
13C9945F000
unkown
page read and write
clean
7DF516110000
unkown image
page readonly
clean
1FB47BA0000
unkown image
page readonly
clean
7FF5BEFB3000
unkown image
page readonly
clean
1FB47D84000
unkown
page read and write
clean
2E41000
unkown
page read and write
clean
7FA20000
unkown image
page readonly
clean
2E52000
unkown
page read and write
clean
7F0000
unkown image
page readonly
clean
7FF508362000
unkown image
page readonly
clean
29CF000
unkown image
page readonly
clean
1FB47DED000
unkown
page read and write
clean
1FB48202000
unkown
page read and write
clean
7FF5081E6000
unkown image
page readonly
clean
7DF544B30000
unkown image
page readonly
clean
1FB4763C000
unkown
page read and write
clean
1FB4821E000
unkown
page read and write
clean
7FF5002BE000
unkown image
page readonly
clean
2A1D000
unkown image
page readonly
clean
7FED2000
unkown image
page readonly
clean
1FB47D9B000
unkown
page read and write
clean
185C7602000
unkown
page read and write
clean
2CE1000
unkown image
page readonly
clean
3330000
unkown
page read and write
clean
7FF500280000
unkown image
page readonly
clean
C4B70B000
unkown
page read and write
clean
1FB47647000
unkown
page read and write
clean
1ECCF6F0000
unkown image
page readonly
clean
1FB47DA4000
unkown
page read and write
clean
1ECCF040000
unkown image
page readonly
clean
1FB47D97000
unkown
page read and write
clean
2AF3000
unkown image
page readonly
clean
1ECCF265000
unkown
page read and write
clean
2A9B000
unkown image
page readonly
clean
C4BC7B000
unkown
page read and write
clean
AA0000
unkown image
page readonly
clean
7FF5084A1000
unkown image
page readonly
clean
1FB48202000
unkown
page read and write
clean
1FB47DA3000
unkown
page read and write
clean
13C99280000
heap default
page read and write
clean
1FB47D8A000
unkown
page read and write
clean
7FF507E1C000
unkown image
page readonly
clean
7DF50DFD2000
unkown image
page readonly
clean
24B985A0000
unkown
page read and write
clean
1FB48202000
unkown
page read and write
clean
13C99465000
unkown
page read and write
clean
7FF500130000
unkown image
page readonly
clean
7FF508007000
unkown image
page readonly
clean
7FF50849A000
unkown image
page readonly
clean
6F0000
heap private
page read and write
clean
1FB47D7B000
unkown
page read and write
clean
1FB47D7A000
unkown
page read and write
clean
1FB47D79000
unkown
page read and write
clean
13C99220000
heap private
page read and write
clean
2C80000
unkown image
page readonly
clean
1FB47D7F000
unkown
page read and write
clean
1FB47656000
unkown
page read and write
clean
29F9000
unkown image
page readonly
clean
7FF536DFB000
unkown image
page readonly
clean
D72C87B000
unkown
page read and write
clean
7FF55CA56000
unkown image
page readonly
clean
1FB48221000
unkown
page read and write
clean
1ECCF1F0000
unkown
page read and write
clean
7FF536DD0000
unkown image
page readonly
clean
1FB47613000
unkown
page read and write
clean
7FF5C2051000
unkown image
page readonly
clean
2C4B000
unkown image
page readonly
clean
2A8B000
unkown image
page readonly
clean
7FF5C1E5F000
unkown image
page readonly
clean
2E30000
unkown
page read and write
clean
1FB47DAC000
unkown
page read and write
clean
1FB47800000
unkown image
page readonly
clean
F570779000
unkown
page read and write
clean
A80000
unkown
page read and write
clean
7FF5BF00A000
unkown image
page readonly
clean
7FF536A55000
unkown image
page readonly
clean
3598000
unkown
page read and write
clean
7FF5BEF9D000
unkown image
page readonly
clean
1FB47DA2000
unkown
page read and write
clean
13C99458000
unkown
page read and write
clean
C081D7E000
unkown
page read and write
clean
AF0000
unkown image
page readonly
clean
ADA000
heap private
page read and write
clean
C4C07A000
unkown
page read and write
clean
185C6E55000
unkown
page read and write
clean
400000
unkown image
page readonly
clean
1FB48140000
unkown image
page write copy
clean
185C72D0000
unkown image
page readonly
clean
BBE000
unkown
page read and write
clean
7FF50838E000
unkown image
page readonly
clean
1FB47D83000
unkown
page read and write
clean
3A6000
unkown
page read and write
clean
1FB476EC000
unkown
page read and write
clean
7FF508383000
unkown image
page readonly
clean
2AA1000
unkown image
page readonly
clean
1FB47D80000
unkown
page read and write
clean
7FF5BEF87000
unkown image
page readonly
clean
7FF5001B5000
unkown image
page readonly
clean
7FF536AA7000
unkown image
page readonly
clean
7DF50DFE0000
unkown image
page readonly
clean
1FB476B1000
unkown
page read and write
clean
BD4000
heap private
page read and write
clean
233C7FC0000
unkown image
page readonly
clean
2FFB000
unkown
page read and write
clean
7A00000
unkown
page read and write
clean
1FB47702000
unkown
page read and write
clean
D72C7FE000
unkown
page read and write
clean
24B98668000
unkown
page read and write
clean
7DF5CFCC2000
unkown image
page readonly
clean
24B98490000
unkown image
page readonly
clean
7FF55CA93000
unkown image
page readonly
clean
1ECCF160000
unkown
page read and write
clean
7FF50014B000
unkown image
page readonly
clean
28FE000
unkown image
page readonly
clean
7FF500269000
unkown image
page readonly
clean
7FF5081AB000
unkown image
page readonly
clean
B7FD0F9000
unkown
page read and write
clean
233C7E70000
unkown image
page read and write
clean
7FF5C1CDD000
unkown image
page readonly
clean
7FF5C1EAB000
unkown image
page readonly
clean
13C9946A000
unkown
page read and write
clean
1FB47651000
unkown
page read and write
clean
7FEE0000
unkown image
page readonly
clean
24B985F0000
unkown image
page readonly
clean
1FB47D94000
unkown
page read and write
clean
1FB47D8C000
unkown
page read and write
clean
24B98670000
unkown
page read and write
clean
7FF5000E6000
unkown image
page readonly
clean
7FF5001E1000
unkown image
page readonly
clean
7FF50837E000
unkown image
page readonly
clean
233C7E90000
unkown image
page readonly
clean
7FC40000
unkown image
page readonly
clean
357A000
heap default
page read and write
clean
7FF4FFFEE000
unkown image
page readonly
clean
6E0000
unkown image
page readonly
clean
7DF5CCD10000
unkown image
page readonly
clean
7DF4429E0000
unkown image
page readonly
clean
29EA000
unkown image
page readonly
clean
6F7000
heap private
page read and write
clean
28CB000
unkown image
page readonly
clean
233C7EB0000
unkown image
page readonly
clean
2A2B000
unkown image
page readonly
clean
2E52000
unkown
page read and write
clean
1FB47D80000
unkown
page read and write
clean
C08207E000
unkown
page read and write
clean
7FF5083CE000
unkown image
page readonly
clean
2F50000
unkown image
page read and write
clean
7FC40000
unkown image
page readonly
clean
1FB47DA4000
unkown
page read and write
clean
1FB47D72000
unkown
page read and write
clean
80FE000
unkown
page read and write
clean
1FB48300000
unkown
page read and write
clean
1ECCF4D9000
heap private
page read and write
clean
1FB47D4E000
unkown
page read and write
clean
4874000
heap private
page read and write
clean
7DF50DFE0000
unkown image
page readonly
clean
139E077000
unkown
page read and write
clean
29EA000
unkown image
page readonly
clean
1FB47DC3000
unkown
page read and write
clean
1FB47D64000
unkown
page read and write
clean
7FF536CC2000
unkown image
page readonly
clean
1FB47D7A000
unkown
page read and write
clean
7FF536E89000
unkown image
page readonly
clean
7FF508172000
unkown image
page readonly
clean
7FF5082FB000
unkown image
page readonly
clean
13C99800000
unkown image
page readonly
clean
1FB47D77000
unkown
page read and write
clean
7FF55CB3A000
unkown image
page readonly
clean
7FEE2000
unkown image
page readonly
clean
1FB47600000
unkown
page read and write
clean
2AAB000
unkown image
page readonly
clean
1ECCF4D0000
heap private
page read and write
clean
C3D000
unkown
page read and write
clean
7DF544B10000
unkown image
page readonly
clean
24B98670000
unkown
page read and write
clean
7FF5BEFE3000
unkown image
page readonly
clean
2AC3000
unkown image
page readonly
clean
185C6DD0000
unkown image
page readonly
clean
1FB47648000
unkown
page read and write
clean
3850000
unkown image
page readonly
clean
1FB47D77000
unkown
page read and write
clean
7FF536E2D000
unkown image
page readonly
clean
1ECCFF70000
unkown
page read and write
clean
2AC3000
unkown image
page readonly
clean
1FB4764B000
unkown
page read and write
clean
7FF5BF091000
unkown image
page readonly
clean
1FB48363000
unkown
page read and write
clean
7FF5C1F59000
unkown image
page readonly
clean
185C6E13000
unkown
page read and write
clean
C081AFE000
unkown
page read and write
clean
1FB476D5000
unkown
page read and write
clean
7FF500361000
unkown image
page readonly
clean
7FF55CB24000
unkown image
page readonly
clean
1FB47D72000
unkown
page read and write
clean
233C7EC0000
unkown image
page readonly
clean
7FF536DD3000
unkown image
page readonly
clean
1FB47653000
unkown
page read and write
clean
7FF4FFFE5000
unkown image
page readonly
clean
1ECCF4E0000
unkown
page read and write
clean
1FB48200000
unkown
page read and write
clean
139E27D000
unkown
page read and write
clean
7FF5002DD000
unkown image
page readonly
clean
185C6E4D000
unkown
page read and write
clean
7FF5BF08A000
unkown image
page readonly
clean
7FF5083C3000
unkown image
page readonly
clean
900000
unkown image
page readonly
clean
7FF5C1E1D000
unkown image
page readonly
clean
1FB47670000
unkown
page read and write
clean
7FF500332000
unkown image
page readonly
clean
7FF53670C000
unkown image
page readonly
clean
2A8B000
unkown image
page readonly
clean
1FB47D7B000
unkown
page read and write
clean
7FF5BF062000
unkown image
page readonly
clean
233C8100000
unkown
page read and write
clean
C0817BB000
unkown
page read and write
clean
2A0F000
unkown image
page readonly
clean
1FB47D8F000
unkown
page read and write
clean
7FF508167000
unkown image
page readonly
clean
1FB47D79000
unkown
page read and write
clean
65B0000
unkown image
page readonly
clean
1FB47D8C000
unkown
page read and write
clean
3350000
unkown image
page readonly
clean
13C99513000
unkown
page read and write
clean
29F9000
unkown image
page readonly
clean
7FC52000
unkown image
page readonly
clean
7DF50DFC0000
unkown image
page readonly
clean
1FB47D56000
unkown
page read and write
clean
2731000
unkown image
page readonly
clean
28B3000
unkown image
page readonly
clean
150000
unkown image
page read and write
clean
B7FD07E000
unkown
page read and write
clean
2D08000
unkown image
page readonly
clean
7FF5C1E3B000
unkown image
page readonly
clean
26BE000
unkown image
page readonly
clean
7FF5BEE9F000
unkown image
page readonly
clean
B7FCD7F000
unkown
page read and write
clean
3370000
unkown
page read and write
clean
7FF55CB41000
unkown image
page readonly
clean
7FF55CABA000
unkown image
page readonly
clean
1FB473E0000
unkown image
page readonly
clean
1FB47DFA000
unkown
page read and write
clean
595000
unkown
page read and write
clean
B20000
heap default
page read and write
clean
26BE000
unkown image
page readonly
clean
780000
unkown image
page readonly
clean
1ECCFF60000
unkown
page readonly
clean
7DF544B10000
unkown image
page readonly
clean
7FF5081F1000
unkown image
page readonly
clean
29E1000
unkown image
page readonly
clean
2AC8000
unkown image
page readonly
clean
13C99429000
unkown
page read and write
clean
7FF55CA60000
unkown image
page readonly
clean
B7FCDFF000
unkown
page read and write
clean
4870000
heap private
page read and write
clean
1FB47D73000
unkown
page read and write
clean
7FF536C4A000
unkown image
page readonly
clean
1FB473A0000
unkown image
page read and write
clean
1FB47D71000
unkown
page read and write
clean
7FF5BEFA3000
unkown image
page readonly
clean
233C8000000
unkown
page read and write
clean
7FF536EB1000
unkown image
page readonly
clean
7FF4FFE47000
unkown image
page readonly
clean
7FF536DB6000
unkown image
page readonly
clean
1FB47D86000
unkown
page read and write
clean
59C000
unkown
page read and write
clean
7FA12000
unkown image
page readonly
clean
2A40000
unkown image
page readonly
clean
3200000
unkown image
page readonly
clean
1FB473B0000
heap private
page read and write
clean
1ECCF220000
heap default
page read and write
clean
2E33000
heap default
page read and write
clean
7FF536E2A000
unkown image
page readonly
clean
2C4F000
unkown image
page readonly
clean
1FB47D78000
unkown
page read and write
clean
7FF500273000
unkown image
page readonly
clean
7FF5C1ED5000
unkown image
page readonly
clean
139DC7E000
unkown
page read and write
clean
24B98656000
heap default
page read and write
clean
28A7000
unkown image
page readonly
clean
2CDB000
unkown image
page readonly
clean
185C6F13000
unkown
page read and write
clean
35A1000
unkown
page read and write
clean
1FB47D7A000
unkown
page read and write
clean
7DF5CFCB2000
unkown image
page readonly
clean
1FB47BE0000
unkown
page read and write
clean
29BE000
unkown image
page readonly
clean
36AE000
unkown
page read and write
clean
1FB47DB7000
unkown
page read and write
clean
1FB47D03000
unkown
page read and write
clean
2A2B000
unkown image
page readonly
clean
7FF5C1F5D000
unkown image
page readonly
clean
7DF56A7C0000
unkown image
page readonly
clean
24B985C0000
unkown
page read and write
clean
139D99B000
unkown
page read and write
clean
7DF544B22000
unkown image
page readonly
clean
7FF50826D000
unkown image
page readonly
clean
13C9945B000
unkown
page read and write
clean
2A94000
unkown image
page readonly
clean
7FF5081E4000
unkown image
page readonly
clean
680000
unkown
page read and write
clean
29F6000
unkown image
page readonly
clean
57A000
heap default
page read and write
clean
1FB47D6D000
unkown
page read and write
clean
7FF522DC1000
unkown image
page readonly
clean
1FB47D8C000
unkown
page read and write
clean
233C8002000
unkown
page read and write
clean
2A26000
unkown image
page readonly
clean
7FF5C1F70000
unkown image
page readonly
clean
46B0000
unkown image
page readonly
clean
7FF5BF007000
unkown image
page readonly
clean
2A9B000
unkown image
page readonly
clean
29E1000
unkown image
page readonly
clean
24B98740000
unkown image
page readonly
clean
CD0000
unkown
page read and write
clean
1FB47D7E000
unkown
page read and write
clean
13C99460000
unkown
page read and write
clean
1FB47D8A000
unkown
page read and write
clean
7FEE0000
unkown image
page readonly
clean
1FB47D7A000
unkown
page read and write
clean
7DF5CFCB0000
unkown image
page readonly
clean
29F6000
unkown image
page readonly
clean
13C99469000
unkown
page read and write
clean
7FA30000
unkown image
page readonly
clean
7FF500344000
unkown image
page readonly
clean
1FB47DB7000
unkown
page read and write
clean
2D03000
unkown image
page readonly
clean
7FF508417000
unkown image
page readonly
clean
7320000
unkown
page read and write
clean
7FF508125000
unkown image
page readonly
clean
1FB47D7A000
unkown
page read and write
clean
28F5000
unkown image
page readonly
clean
1FB4826A000
unkown
page read and write
clean
1FB47D88000
unkown
page read and write
clean
1FB476C0000
unkown
page read and write
clean
1FB47D7E000
unkown
page read and write
clean
7F910000
unkown image
page readonly
clean
185C6DC0000
unkown image
page readonly
clean
1FB4764D000
unkown
page read and write
clean
2C0F000
unkown image
page readonly
clean
1ECCF210000
unkown
page read and write
clean
1FB47DB7000
unkown
page read and write
clean
233C8108000
unkown
page read and write
clean
7FF5BE8E2000
unkown image
page readonly
clean
7FF5001E5000
unkown image
page readonly
clean
7FF5C1F73000
unkown image
page readonly
clean
185C6F08000
unkown
page read and write
clean
233C804C000
unkown
page read and write
clean
2C21000
unkown image
page readonly
clean
7FF5C1F77000
unkown image
page readonly
clean
1FB473C0000
unkown image
page readonly
clean
185C6E76000
unkown
page read and write
clean
590000
unkown
page read and write
clean
7FF53673E000
unkown image
page readonly
clean
7FF5002D7000
unkown image
page readonly
clean
3570000
heap default
page read and write
clean
1FB47D00000
unkown
page read and write
clean
7DF516112000
unkown image
page readonly
clean
7FF5C1FCD000
unkown image
page readonly
clean
3593000
heap default
page read and write
clean
7FF500297000
unkown image
page readonly
clean
B7FD1FD000
unkown
page read and write
clean
1FB47D77000
unkown
page read and write
clean
1ECCF1D0000
unkown
page read and write
clean
2A8F000
unkown image
page readonly
clean
3598000
unkown
page read and write
clean
185C6F02000
unkown
page read and write
clean
7DF5CCD02000
unkown image
page readonly
clean
7FF5C1B31000
unkown image
page readonly
clean
2ABC000
unkown image
page readonly
clean
460000
heap default
page read and write
clean
7FF5BED15000
unkown image
page readonly
clean
729F000
unkown
page read and write
clean
7400000
unkown
page read and write
clean
185C6E50000
unkown
page read and write
clean
7FF500287000
unkown image
page readonly
clean
2A05000
unkown image
page readonly
clean
1FB47D73000
unkown
page read and write
clean
7FF5C1FC7000
unkown image
page readonly
clean
C4BE7D000
unkown
page read and write
clean
7FF5BEFEE000
unkown image
page readonly
clean
3847000
heap private
page read and write
clean
1FB47D7A000
unkown
page read and write
clean
EBD000
unkown image
page readonly
clean
1FB48221000
unkown
page read and write
clean
1ECCF8F0000
unkown image
page readonly
clean
1FB47D79000
unkown
page read and write
clean
1FB47D80000
unkown
page read and write
clean
1FB47D82000
unkown
page read and write
clean
7FF5083AD000
unkown image
page readonly
clean
2C45000
unkown image
page readonly
clean
72DE000
unkown
page read and write
clean
7FF5C1F87000
unkown image
page readonly
clean
C081E77000
unkown
page read and write
clean
807F000
unkown
page read and write
clean
7FF508351000
unkown image
page readonly
clean
1FB47D7B000
unkown
page read and write
clean
1FB47D8A000
unkown
page read and write
clean
233C8802000
unkown
page read and write
clean
1FB47D19000
unkown
page read and write
clean
6FA000
heap private
page read and write
clean
7FF50828B000
unkown image
page readonly
clean
1FB48202000
unkown
page read and write
clean
7FF500257000
unkown image
page readonly
clean
2A0B000
unkown image
page readonly
clean
7FF508472000
unkown image
page readonly
clean
2F60000
unkown image
page readonly
clean
7FF5C2029000
unkown image
page readonly
clean
185C6E29000
unkown
page read and write
clean
7FF536E9A000
unkown image
page readonly
clean
7FF508479000
unkown image
page readonly
clean
7FF5001CC000
unkown image
page readonly
clean
2E54000
unkown
page read and write
clean
7DF413FD0000
unkown image
page readonly
clean
7FF55CABD000
unkown image
page readonly
clean
7FF5082F5000
unkown image
page readonly
clean
7DF544B20000
unkown image
page readonly
clean
2C36000
unkown image
page readonly
clean
F570B77000
unkown
page read and write
clean
1FB47D23000
unkown
page read and write
clean
7FEF0000
unkown image
page readonly
clean
1FB47DA2000
unkown
page read and write
clean
2AB6000
unkown image
page readonly
clean
1ECCF26C000
unkown
page read and write
clean
1FB47A00000
unkown image
page readonly
clean
7FF536DC6000
unkown image
page readonly
clean
13C99260000
unkown image
page readonly
clean
7FF5C2051000
unkown image
page readonly
clean
7DF544B20000
unkown image
page readonly
clean
7DF5CCD00000
unkown image
page readonly
clean
BE0000
unkown image
page readonly
clean
1FB47D23000
unkown
page read and write
clean
1FB47D7D000
unkown
page read and write
clean
3390000
heap default
page read and write
clean
540000
unkown
page read and write
clean
1BA000
unkown
page read and write
clean
29BE000
unkown image
page readonly
clean
2A94000
unkown image
page readonly
clean
7FF5C1EA5000
unkown image
page readonly
clean
2AC8000
unkown image
page readonly
clean
7FF508491000
unkown image
page readonly
clean
7FF5083A9000
unkown image
page readonly
clean
7FF536A53000
unkown image
page readonly
clean
233C8013000
unkown
page read and write
clean
7FA20000
unkown image
page readonly
clean
24B98669000
unkown
page read and write
clean
1FB48219000
unkown
page read and write
clean
307E000
unkown
page read and write
clean
233C8051000
unkown
page read and write
clean
47B0000
unkown
page read and write
clean
5B5000
unkown
page read and write
clean
1ECCF292000
heap default
page read and write
clean
1FB47DA2000
unkown
page read and write
clean
7FF5BF074000
unkown image
page readonly
clean
13C99467000
unkown
page read and write
clean
7FF5C2041000
unkown image
page readonly
clean
7FF536E82000
unkown image
page readonly
clean
5A1000
unkown
page read and write
clean
C081F7F000
unkown
page read and write
clean
1FB48363000
unkown
page read and write
clean
7FF5C1F7E000
unkown image
page readonly
clean
7FF55CA63000
unkown image
page readonly
clean
13C99380000
unkown
page read and write
clean
7FF5002AB000
unkown image
page readonly
clean
7FF55CA4D000
unkown image
page readonly
clean
1FB47708000
unkown
page read and write
clean
13C99508000
unkown
page read and write
clean
7DF544B12000
unkown image
page readonly
clean
7FF50016F000
unkown image
page readonly
clean
C4BB7B000
unkown
page read and write
clean
7FF50012D000
unkown image
page readonly
clean
13C99C02000
unkown
page read and write
clean
24B98651000
unkown
page read and write
clean
7FF5083C0000
unkown image
page readonly
clean
24B98640000
heap default
page read and write
clean
C081A7E000
unkown
page read and write
clean
1FB47D7E000
unkown
page read and write
clean
3840000
heap private
page read and write
clean
1FB47DA5000
unkown
page read and write
clean
1FB476C7000
unkown
page read and write
clean
13C99413000
unkown
page read and write
clean
2E38000
unkown
page read and write
clean
7FF522DC1000
unkown image
page readonly
clean
1ECCF227000
heap default
page read and write
clean
1FB47DAD000
unkown
page read and write
clean
233C7E80000
heap private
page read and write
clean
7FF536DBF000
unkown image
page readonly
clean
7FF5BEFDB000
unkown image
page readonly
clean
7FF507CF8000
unkown image
page readonly
clean
7FF5BF00D000
unkown image
page readonly
clean
160000
unkown image
page readonly
clean
7FF508270000
unkown image
page readonly
clean
1FB47D6D000
unkown
page read and write
clean
7DF5CCD10000
unkown image
page readonly
clean
983000
unkown
page read and write
clean
2C39000
unkown image
page readonly
clean
1FB47DC2000
unkown
page read and write
clean
CC0000
unkown
page read and write
clean
2CFC000
unkown image
page readonly
clean
7FF5C2022000
unkown image
page readonly
clean
7DF5CFCB2000
unkown image
page readonly
clean
7DF5CCCF0000
unkown image
page readonly
clean
7FF5002DA000
unkown image
page readonly
clean
3520000
unkown image
page readonly
clean
3290000
unkown image
page readonly
clean
7FF5BEEE5000
unkown image
page readonly
clean
2731000
unkown image
page readonly
clean
7DF4CDB80000
unkown image
page readonly
clean
560000
unkown image
page readonly
clean
BD0000
heap private
page read and write
clean
1FB47D6D000
unkown
page read and write
clean
24B98AC0000
unkown image
page readonly
clean
36E0000
heap private
page read and write
clean
F57057E000
unkown
page read and write
clean
24B98470000
unkown image
page read and write
clean
7FF5BEF11000
unkown image
page readonly
clean
233C808A000
unkown
page read and write
clean
1ECCF000000
unkown image
page read and write
clean
1FB476B5000
unkown
page read and write
clean
C4B78E000
unkown
page read and write
clean
2A40000
unkown image
page readonly
clean
7DF544B12000
unkown image
page readonly
clean
7FED0000
unkown image
page readonly
clean
2A8F000
unkown image
page readonly
clean
28CB000
unkown image
page readonly
clean
7DF516120000
unkown image
page readonly
clean
185C6E6C000
unkown
page read and write
clean
7FF508205000
unkown image
page readonly
clean
7FF5082AF000
unkown image
page readonly
clean
1ECCFD50000
unkown
page read and write
clean
7FF5BEB71000
unkown image
page readonly
clean
13C99360000
unkown image
page readonly
clean
233C8102000
unkown
page read and write
clean
1FB47DB3000
unkown
page read and write
clean
185C6F00000
unkown
page read and write
clean
13C99210000
unkown image
page read and write
clean
7DF56A7A2000
unkown image
page readonly
clean
7FF536DBD000
unkown image
page readonly
clean
D72C77D000
unkown
page read and write
clean
7DF5CCCF2000
unkown image
page readonly
clean
185C6E81000
unkown
page read and write
clean
1ECCFFD0000
unkown
page read and write
clean
2E52000
unkown
page read and write
clean
F570977000
unkown
page read and write
clean
7FF507CD5000
unkown image
page readonly
clean
AD7000
heap private
page read and write
clean
1FB47D7E000
unkown
page read and write
clean
7FF50812D000
unkown image
page readonly
clean
8100000
unkown
page read and write
clean
13C99462000
unkown
page read and write
clean
F570A7F000
unkown
page read and write
clean
1FB47D8A000
unkown
page read and write
clean
7FF50026D000
unkown image
page readonly
clean
7FC52000
unkown image
page readonly
clean
1FB47DA9000
unkown
page read and write
clean
1FB474F0000
unkown image
page readonly
clean
F570D7A000
unkown
page read and write
clean
7FF500111000
unkown image
page readonly
clean
384A000
heap private
page read and write
clean
7FF508397000
unkown image
page readonly
clean
7DF50DFC0000
unkown image
page readonly
clean
3110000
unkown image
page readonly
clean
2D08000
unkown image
page readonly
clean
2CEB000
unkown image
page readonly
clean
80BE000
unkown
page read and write
clean
7DF516112000
unkown image
page readonly
clean
1FB4764A000
unkown
page read and write
clean
7FA30000
unkown image
page readonly
clean
7FF50034A000
unkown image
page readonly
clean
7FF536EAA000
unkown image
page readonly
clean
7FF508255000
unkown image
page readonly
clean
7FF5BF091000
unkown image
page readonly
clean
7FF5C1E01000
unkown image
page readonly
clean
28A7000
unkown image
page readonly
clean
7FF5BEE7B000
unkown image
page readonly
clean
1FB47BE0000
unkown
page read and write
clean
36B0000
unkown image
page readonly
clean
2E10000
heap default
page read and write
clean
7DF5CFCC2000
unkown image
page readonly
clean
1FB47D8E000
unkown
page read and write
clean
233C8400000
unkown image
page readonly
clean
2C2A000
unkown image
page readonly
clean
13C99400000
unkown
page read and write
clean
1FB47D96000
unkown
page read and write
clean
1ECCF1E0000
unkown
page read and write
clean
1FB47410000
heap default
page read and write
clean
2971000
unkown image
page readonly
clean
7DF516102000
unkown image
page readonly
clean
7FC50000
unkown image
page readonly
clean
1FB47713000
unkown
page read and write
clean
7FF536E0E000
unkown image
page readonly
clean
2F60000
unkown image
page readonly
clean
1FB47D99000
unkown
page read and write
clean
7FF5BEF9F000
unkown image
page readonly
clean
1ECCF180000
unkown image
page readonly
clean
2FBA000
unkown
page read and write
clean
7FF5083AF000
unkown image
page readonly
clean
7FF5BEF15000
unkown image
page readonly
clean
1FB47D8C000
unkown
page read and write
clean
24B98490000
unkown image
page readonly
clean
7DF5CFCB0000
unkown image
page readonly
clean
7FF55CA9E000
unkown image
page readonly
clean
7FF508484000
unkown image
page readonly
clean
7FF50837A000
unkown image
page readonly
clean
3590000
unkown
page read and write
clean
185C7550000
unkown
page read and write
clean
1FB47D96000
unkown
page read and write
clean
7FF55CA8B000
unkown image
page readonly
clean
7DF5CCD02000
unkown image
page readonly
clean
2A1D000
unkown image
page readonly
clean
1FB47D83000
unkown
page read and write
clean
2A0F000
unkown image
page readonly
clean
7FF5BEFB0000
unkown image
page readonly
clean
1FB47DC2000
unkown
page read and write
clean
7FF500351000
unkown image
page readonly
clean
1FB48202000
unkown
page read and write
clean
1FB47DE9000
unkown
page read and write
clean
7FDD0000
unkown image
page readonly
clean
233C8113000
unkown
page read and write
clean
2B0B000
unkown image
page readonly
clean
36E4000
heap private
page read and write
clean
2CD4000
unkown image
page readonly
clean
7FF536E02000
unkown image
page readonly
clean
7FF507CD9000
unkown image
page readonly
clean
2A26000
unkown image
page readonly
clean
1ECCF4A0000
unkown image
page readonly
clean
185C6D80000
unkown image
page read and write
clean
1ECCF020000
unkown image
page readonly
clean
7FF5C1ED1000
unkown image
page readonly
clean
1FB47D7A000
unkown
page read and write
clean
1FB47D97000
unkown
page read and write
clean
7FF508226000
unkown image
page readonly
clean
1FB48302000
unkown
page read and write
clean
7FF5C2034000
unkown image
page readonly
clean
7FF55CA6E000
unkown image
page readonly
clean
1FB47D8A000
unkown
page read and write
clean
7FF5BEB77000
unkown image
page readonly
clean
7FF5BF07A000
unkown image
page readonly
clean
1FB47D7A000
unkown
page read and write
clean
B00000
unkown
page read and write
clean
139DEFB000
unkown
page read and write
clean
1FB47D78000
unkown
page read and write
clean
13C99454000
unkown
page read and write
clean
356E000
unkown
page read and write
clean
7FF507E0B000
unkown image
page readonly
clean
7FF50035A000
unkown image
page readonly
clean
1FB47716000
unkown
page read and write
clean
24B98670000
unkown
page read and write
clean
7FF507CF2000
unkown image
page readonly
clean
185C6DF0000
heap default
page read and write
clean
AC0000
unkown
page read and write
clean
13C99502000
unkown
page read and write
clean
7DF468670000
unkown image
page readonly
clean
1FB47650000
unkown
page read and write
clean
7FF508251000
unkown image
page readonly
clean
1FB47649000
unkown
page read and write
clean
233C804A000
unkown
page read and write
clean
233C803C000
unkown
page read and write
clean
2AA1000
unkown image
page readonly
clean
7DF40BE90000
unkown image
page readonly
clean
28B3000
unkown image
page readonly
clean
7FF55C379000
unkown image
page readonly
clean
233C7EE0000
heap default
page read and write
clean
233C807C000
unkown
page read and write
clean
185C6DA0000
unkown image
page readonly
clean
7FF5083FE000
unkown image
page readonly
clean
1FB476AB000
unkown
page read and write
clean
2AC8000
unkown image
page readonly
clean
7FEF0000
unkown image
page readonly
clean
598000
unkown
page read and write
clean
1FB47DB3000
unkown
page read and write
clean
598000
unkown
page read and write
clean
2E38000
unkown
page read and write
clean
7FF508325000
unkown image
page readonly
clean
B7FD17F000
unkown
page read and write
clean
7DF5CCCF0000
unkown image
page readonly
clean
233C8200000
unkown image
page readonly
clean
1FB47D8F000
unkown
page read and write
clean
1ECCF26E000
unkown
page read and write
clean
185C6E3C000
unkown
page read and write
clean
7FF536713000
unkown image
page readonly
clean
1FB47D79000
unkown
page read and write
clean
7FF5C1FAE000
unkown image
page readonly
clean
7FC42000
unkown image
page readonly
clean
24B98610000
unkown image
page readonly
clean
2CF6000
unkown image
page readonly
clean
233C7E90000
unkown image
page readonly
clean
81F0000
unkown
page read and write
clean
7FF507F81000
unkown image
page readonly
clean
7FF5BE8E8000
unkown image
page readonly
clean
7FF536EA5000
unkown image
page readonly
clean
233C802A000
unkown
page read and write
clean
7FC60000
unkown image
page readonly
clean
D72C67B000
unkown
page read and write
clean
7FF50028E000
unkown image
page readonly
clean
233C808D000
unkown
page read and write
clean
1FB47D80000
unkown
page read and write
clean
7DA000
unkown
page read and write
clean
7FF508074000
unkown image
page readonly
clean
7FC42000
unkown image
page readonly
clean
24B98680000
unkown
page read and write
clean
139DF7E000
unkown
page read and write
clean
7DF5CCCF2000
unkown image
page readonly
clean
7FEE2000
unkown image
page readonly
clean
7DF516100000
unkown image
page readonly
clean
1FB47DE5000
unkown
page read and write
clean
160000
unkown image
page readonly
clean
7FF5C1FCA000
unkown image
page readonly
clean
1FB47D72000
unkown
page read and write
clean
139DCFE000
unkown
page read and write
clean
1FB4826A000
unkown
page read and write
clean
1FB47D7A000
unkown
page read and write
clean
1ECCFF80000
unkown
page read and write
clean
13C9943C000
unkown
page read and write
clean
7DF56A7B2000
unkown image
page readonly
clean
13C9945A000
unkown
page read and write
clean
2E3C000
unkown
page read and write
clean
D72C6FE000
unkown
page read and write
clean
F5704FF000
unkown
page read and write
clean
1FB47BF0000
unkown image
page read and write
clean
233C8056000
unkown
page read and write
clean
1FB47D83000
unkown
page read and write
clean
1FB47D77000
unkown
page read and write
clean
7FF536CC7000
unkown image
page readonly
clean
1FB476D2000
unkown
page read and write
clean
7FF50841D000
unkown image
page readonly
clean
F570C7F000
unkown
page read and write
clean
7FF536D1C000
unkown image
page readonly
clean
1FB4764E000
unkown
page read and write
clean
1FB48202000
unkown
page read and write
clean
7FF5C1F47000
unkown image
page readonly
clean
1FB47DAE000
unkown
page read and write
clean
139E17F000
unkown
page read and write
clean
97F000
unkown
page read and write
clean
7DF516102000
unkown image
page readonly
clean
7FF5BEE5D000
unkown image
page readonly
clean
307A000
unkown
page read and write
clean
1FB475E0000
unkown
page read and write
clean
7FF5083EB000
unkown image
page readonly
clean
1FB47DA8000
unkown
page read and write
clean
2CCF000
unkown image
page readonly
clean
24B984B0000
unkown image
page readonly
clean
1FB000
unkown
page read and write
clean
There are 973 hidden memdumps, click here to show them.