IOC Report

loading gif

Files

File Path
Type
Category
Malicious
Import order764536.xlsx
CDFV2 Encrypted
initial sample
malicious
C:\Users\user\33920049\mmuiqlcvwo.pif
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\asdERTYgh56F[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
downloaded
malicious
C:\Users\user\AppData\Local\Temp\tmp7677.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
data
dropped
malicious
C:\Users\Public\vbc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Users\user\33920049\aauo.exe
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\abjtjj.gcm
ASCII text, with very long lines, with no line terminators
dropped
clean
C:\Users\user\33920049\aricevnrq.msc
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\bbofcjswrb.bmp
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\dngb.txt
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\dopnobhqej.xml
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\dwipjhaqq.jpg
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\eeppjmhbj.icm
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\egwevtj.xl
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\ewkvwqles.xl
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\fmkkelc.omp
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\ggaoddlfq.pdf
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\hmjc.jpg
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\ipltm.pdf
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\kwhibpnou.exe
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\lueww.jpg
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\lxvjfmbxgn.icm
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\meuuljggm.jpg
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\mmbdcs.xl
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\qhqulleu.mp3
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\sdstvfk.ico
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\srslmbkgam.xml
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\suktleoxtu.msc
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\ujhg.cpl
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\vusklntwi.docx
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\weqn.txt
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\wsxedltsm.cpl
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\33920049\xtax.log
ASCII text, with CRLF line terminators
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\asdERTYgh56F[1].htm
HTML document, ASCII text
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\26B84B08.png
PNG image data, 737 x 456, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B0CBBE5F.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B908FF69.png
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BDBC2463.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BF7984D4.jpeg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C009AF6A.png
PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C5A013CD.png
PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D57D5BFC.png
PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E6B61027.png
PNG image data, 737 x 456, 8-bit/color RGB, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EC79CE56.png
PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
dropped
clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F4E77D3E.emf
Windows Enhanced Metafile (EMF) image data version 0x10000
dropped
clean
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
clean
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\task.dat
ASCII text, with no line terminators
dropped
clean
C:\Users\user\Desktop\~$Import order764536.xlsx
data
dropped
clean
C:\Users\user\temp\qhqulleu.mp3
ASCII text, with CRLF line terminators
dropped
clean
There are 40 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
malicious
C:\Users\Public\vbc.exe
'C:\Users\Public\vbc.exe'
malicious
C:\Users\user\33920049\mmuiqlcvwo.pif
'C:\Users\user\33920049\mmuiqlcvwo.pif' fmkkelc.omp
malicious
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
malicious
C:\Windows\SysWOW64\schtasks.exe
'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp7677.tmp'
malicious
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
C:\Users\user\AppData\Local\Temp\RegSvcs.exe 0
malicious
C:\Users\user\33920049\mmuiqlcvwo.pif
'C:\Users\user\33920049\MMUIQL~1.PIF' C:\Users\user\33920049\fmkkelc.omp
malicious
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
C:\Users\user\AppData\Local\Temp\RegSvcs.exe
malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
clean
C:\Windows\System32\taskeng.exe
taskeng.exe {65A54373-42CF-48A1-B53D-BB3CC40C1C58} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
clean

URLs

Name
IP
Malicious
http://demopicking.renova-sa.net/asdERTYgh56F.exe
97.107.138.110
malicious
ezeani.duckdns.org
malicious
194.5.98.48
malicious
https://demopicking.renova-sa.net/asdERTYgh56F.exe
97.107.138.110
malicious
http://secure.globalsign.net/cacert/PrimObject.crt0
unknown
clean
http://secure.globalsign.net/cacert/ObjectSign.crt09
unknown
clean
http://www.%s.comPA
unknown
clean
http://www.globalsign.net/repository09
unknown
clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
clean
http://www.autoitscript.com/autoit3/0
unknown
clean
http://www.globalsign.net/repository/0
unknown
clean
http://www.globalsign.net/repository/03
unknown
clean
There are 2 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ezeani.duckdns.org
194.5.98.48
malicious
demopicking.renova-sa.net
97.107.138.110
malicious

IPs

IP
Domain
Country
Malicious
194.5.98.48
ezeani.duckdns.org
Netherlands
malicious
97.107.138.110
demopicking.renova-sa.net
United States
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
}`'
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2D826
2D826
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
2g'
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\31F24
31F24
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\32DF3
32DF3
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Item 1
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 21
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\31F24
31F24
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
EquationEditorFilesIntl_1033
clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Windows element
clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{65A54373-42CF-48A1-B53D-BB3CC40C1C58}
data
clean
There are 40 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3699000
unkown
page read and write
malicious
39F7000
unkown
page read and write
malicious
3B82000
unkown
page read and write
malicious
342000
unkown
page execute and read and write
malicious
4162000
unkown
page read and write
malicious
3901000
unkown
page read and write
malicious
3C31000
unkown
page read and write
malicious
3A6B000
unkown
page read and write
malicious
3A2B000
unkown
page read and write
malicious
3BB5000
unkown
page read and write
malicious
39C5000
unkown
page read and write
malicious
3C5B000
unkown
page read and write
malicious
3BB5000
unkown
page read and write
malicious
3900000
unkown
page read and write
malicious
3AF0000
unkown
page read and write
malicious
34A9000
unkown
page read and write
malicious
3BE7000
unkown
page read and write
malicious
3AF1000
unkown
page read and write
malicious
4232000
unkown
page read and write
malicious
2D2000
unkown
page execute and read and write
malicious
3C1B000
unkown
page read and write
malicious
3992000
unkown
page read and write
malicious
AE0000
unkown image
page read and write
malicious
39C5000
unkown
page read and write
malicious
2691000
unkown
page read and write
malicious
3A2B000
unkown
page read and write
malicious
489E000
unkown
page read and write
clean
AE8000
unkown
page read and write
clean
AD0000
heap private
page execute and read and write
clean
7EFE0000
unkown image
page readonly
clean
3B7000
heap default
page read and write
clean
457F000
unkown
page read and write
clean
3A4E000
unkown
page read and write
clean
A00000
unkown image
page read and write
clean
930000
unkown
page read and write
clean
AD0000
unkown
page read and write
clean
997000
heap private
page read and write
clean
3220000
unkown
page read and write
clean
379000
heap default
page read and write
clean
21B1000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
A30000
unkown image
page read and write
clean
1B0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
7EFE0000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
2340000
unkown
page read and write
clean
4E6F000
unkown
page read and write
clean
CA7000
heap default
page read and write
clean
680000
unkown image
page readonly
clean
2510000
unkown
page read and write
clean
3900000
unkown
page read and write
clean
A50000
heap private
page execute and read and write
clean
347000
unkown
page execute and read and write
clean
1B0000
unkown
page read and write
clean
D3C000
heap default
page read and write
clean
2C0000
heap default
page read and write
clean
3F0000
unkown
page read and write
clean
50000
unkown image
page readonly
clean
7EFD0000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
200000
unkown
page read and write
clean
A90000
unkown
page read and write
clean
B58000
unkown
page read and write
clean
7FFFFFC2000
unkown image
page readonly
clean
1B0000
unkown
page read and write
clean
5741000
unkown
page read and write
clean
7EFB2000
unkown image
page readonly
clean
FFFD0000
unkown image
page readonly
clean
E9D000
unkown
page read and write
clean
6320000
unkown
page read and write
clean
FFFC0000
unkown image
page readonly
clean
BDE000
unkown
page read and write
clean
D5D000
unkown
page read and write
clean
FFFB0000
unkown image
page readonly
clean
DA2000
unkown image
page execute read
clean
226000
unkown
page execute and read and write
clean
F53000
unkown
page read and write
clean
A60000
heap private
page execute and read and write
clean
BF8000
heap private
page read and write
clean
A80000
unkown
page read and write
clean
291F000
unkown
page read and write
clean
5370000
heap private
page execute and read and write
clean
1090000
unkown image
page readonly
clean
7EFD0000
unkown image
page readonly
clean
2933000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
18D000
unkown
page execute and read and write
clean
100000
unkown image
page readonly
clean
3461000
unkown
page read and write
clean
20000
unkown
page read and write
clean
FFFB0000
unkown image
page readonly
clean
D14000
heap default
page read and write
clean
200000
unkown
page read and write
clean
200000
unkown
page read and write
clean
200000
unkown
page read and write
clean
3489000
unkown
page read and write
clean
37E000
unkown
page read and write
clean
A20000
unkown
page read and write
clean
6430000
heap private
page read and write
clean
DA2000
unkown image
page execute read
clean
7EFC0000
unkown image
page readonly
clean
339E000
unkown
page read and write
clean
492F000
unkown
page read and write
clean
E80000
unkown
page read and write
clean
D90000
unkown
page read and write
clean
7EFC0000
unkown image
page readonly
clean
AD0000
unkown
page read and write
clean
3FD000
heap default
page read and write
clean
20B0000
unkown image
page readonly
clean
3993000
unkown
page read and write
clean
200000
unkown
page read and write
clean
DA0000
unkown image
page readonly
clean
1B0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
3AF1000
unkown
page read and write
clean
3900000
unkown
page read and write
clean
200000
unkown
page read and write
clean
A40000
unkown
page read and write
clean
200000
unkown
page read and write
clean
23B000
unkown
page execute and read and write
clean
1B0000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
20000
unkown
page read and write
clean
9A0000
unkown image
page readonly
clean
7EFB2000
unkown image
page readonly
clean
880000
heap private
page read and write
clean
A80000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
330000
heap default
page read and write
clean
1B0000
unkown
page read and write
clean
DA2000
unkown image
page execute read
clean
1B0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
7EFB0000
unkown image
page readonly
clean
39E000
unkown
page read and write
clean
7EFB0000
unkown image
page readonly
clean
FFFC0000
unkown image
page readonly
clean
DAA000
unkown image
page readonly
clean
7EFE0000
unkown image
page readonly
clean
274E000
unkown
page read and write
clean
F00000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
A20000
unkown
page read and write
clean
7EFD0000
unkown image
page readonly
clean
995000
unkown
page read and write
clean
56D2000
unkown
page read and write
clean
5703000
unkown
page read and write
clean
31B1000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
DA0000
unkown image
page readonly
clean
2629000
unkown
page read and write
clean
3D1000
heap default
page read and write
clean
4CDE000
unkown
page read and write
clean
260000
unkown image
page readonly
clean
9B0000
heap private
page execute and read and write
clean
200000
unkown
page read and write
clean
3FC0000
unkown
page read and write
clean
2C50000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
1032000
unkown image
page readonly
clean
FFFC2000
unkown image
page readonly
clean
A20000
unkown
page read and write
clean
44FD000
unkown
page read and write
clean
7EFC0000
unkown image
page readonly
clean
7EFDF000
unkown
page read and write
clean
2461000
unkown
page read and write
clean
200000
unkown
page read and write
clean
AD0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
AD0000
unkown image
page read and write
clean
DAA000
unkown image
page readonly
clean
3C1B000
unkown
page read and write
clean
C30000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
21D0000
unkown
page read and write
clean
546000
unkown
page read and write
clean
7FFFFFB2000
unkown image
page readonly
clean
F5A000
unkown
page read and write
clean
AD0000
unkown
page read and write
clean
29D000
unkown image
page read and write
clean
200000
unkown
page read and write
clean
A80000
unkown
page read and write
clean
424000
heap default
page read and write
clean
4AE0000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
A60000
unkown image
page read and write
clean
7EFD0000
unkown image
page readonly
clean
136000
heap private
page read and write
clean
3CE1000
unkown
page read and write
clean
7EFB0000
unkown image
page readonly
clean
4AFF000
unkown
page read and write
clean
200000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
50000
unkown image
page readonly
clean
247000
heap default
page read and write
clean
200000
unkown
page read and write
clean
957000
heap private
page read and write
clean
60000
unkown image
page readonly
clean
DA0000
unkown image
page readonly
clean
B00000
unkown
page read and write
clean
FFFC0000
unkown image
page readonly
clean
358E000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
640000
unkown image
page read and write
clean
3CF0000
unkown
page read and write
clean
A20000
unkown
page read and write
clean
1032000
unkown image
page readonly
clean
3220000
unkown
page read and write
clean
3640000
heap private
page read and write
clean
3900000
unkown
page read and write
clean
5641000
unkown
page read and write
clean
3FC0000
unkown
page read and write
clean
940000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
A20000
unkown
page read and write
clean
630000
unkown
page read and write
clean
200000
unkown
page read and write
clean
130000
heap private
page read and write
clean
A20000
unkown
page read and write
clean
3C3A000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
7EFD0000
unkown image
page readonly
clean
CEF000
unkown
page read and write
clean
FFFB0000
unkown image
page readonly
clean
E80000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
2290000
heap private
page read and write
clean
7EFC2000
unkown image
page readonly
clean
3B00000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
1B0000
unkown
page read and write
clean
FB0000
unkown image
page readonly
clean
720000
heap default
page read and write
clean
4160000
unkown
page read and write
clean
105B000
unkown image
page readonly
clean
AD0000
unkown
page read and write
clean
A86000
unkown
page read and write
clean
550000
unkown
page read and write
clean
21CF000
unkown
page read and write
clean
7EFC2000
unkown image
page readonly
clean
A30000
unkown
page read and write
clean
2A10000
heap private
page read and write
clean
3F0000
heap default
page read and write
clean
550000
heap private
page read and write
clean
572000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
200000
unkown
page read and write
clean
FB1000
unkown image
page execute read
clean
7F0000
heap default
page read and write
clean
A80000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
3FC0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
3540000
unkown
page read and write
clean
7EFDF000
unkown
page read and write
clean
56A1000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
A80000
unkown
page read and write
clean
200000
unkown
page read and write
clean
A40000
unkown
page read and write
clean
2C6000
unkown
page read and write
clean
5BFC000
unkown
page read and write
clean
A35000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
4F0000
unkown image
page readonly
clean
1BB000
unkown
page execute and read and write
clean
269C000
unkown
page read and write
clean
830000
heap default
page read and write
clean
88E000
unkown
page read and write
clean
3027000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
990000
unkown
page read and write
clean
16D000
unkown
page execute and read and write
clean
1AA000
unkown
page execute and read and write
clean
3CF000
unkown
page read and write
clean
7EFB2000
unkown image
page readonly
clean
2A15000
heap private
page read and write
clean
40000
unkown image
page readonly
clean
A20000
unkown
page read and write
clean
DAA000
unkown image
page readonly
clean
F80000
unkown image
page readonly
clean
1CC000
unkown
page read and write
clean
7EFC2000
unkown image
page readonly
clean
A26000
unkown
page read and write
clean
1C4000
heap private
page read and write
clean
59EC000
unkown
page read and write
clean
A40000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
A30000
unkown
page read and write
clean
283000
unkown
page execute and read and write
clean
AD0000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
290000
unkown
page read and write
clean
8F7000
heap default
page read and write
clean
2340000
unkown
page read and write
clean
CF0000
unkown image
page readonly
clean
426000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
A80000
unkown
page read and write
clean
7EFDF000
unkown
page read and write
clean
5704000
unkown
page read and write
clean
2C0000
unkown image
page read and write
clean
200000
unkown
page read and write
clean
4252000
unkown
page read and write
clean
7EFB2000
unkown image
page readonly
clean
180000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
DA0000
unkown image
page readonly
clean
3B00000
unkown
page read and write
clean
200000
unkown
page read and write
clean
1260000
unkown image
page readonly
clean
BF0000
heap private
page read and write
clean
1B0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
1A7000
unkown
page execute and read and write
clean
60000
unkown image
page readonly
clean
105B000
unkown image
page readonly
clean
A20000
unkown
page read and write
clean
3FC0000
unkown
page read and write
clean
3CF000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
2A0000
heap private
page read and write
clean
200000
unkown
page read and write
clean
FFFB2000
unkown image
page readonly
clean
2C50000
unkown
page read and write
clean
200000
unkown
page read and write
clean
200000
unkown
page read and write
clean
840000
unkown image
page readonly
clean
35F0000
unkown image
page readonly
clean
1B0000
unkown
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
3CF0000
unkown
page read and write
clean
343E000
unkown
page read and write
clean
6C0000
heap private
page read and write
clean
640000
unkown
page read and write
clean
AD0000
unkown
page read and write
clean
C00000
unkown image
page readonly
clean
A28000
unkown
page read and write
clean
50000
unkown image
page readonly
clean
FB0000
unkown image
page readonly
clean
234F000
unkown
page read and write
clean
6B8000
heap private
page read and write
clean
990000
unkown
page read and write
clean
4D1D000
unkown
page read and write
clean
1040000
unkown image
page write copy
clean
580000
unkown
page read and write
clean
35EE000
unkown
page read and write
clean
AA0000
heap default
page read and write
clean
3220000
unkown
page read and write
clean
206B000
heap private
page read and write
clean
B4E000
unkown
page read and write
clean
1041000
unkown image
page write copy
clean
6EB000
unkown
page read and write
clean
A40000
unkown
page read and write
clean
610000
unkown
page read and write
clean
FFFB0000
unkown image
page readonly
clean
56B000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
200000
unkown
page read and write
clean
F70000
heap private
page read and write
clean
950000
heap private
page read and write
clean
3B83000
unkown
page read and write
clean
200000
unkown
page read and write
clean
2962000
heap private
page read and write
clean
200000
unkown
page read and write
clean
D90000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
24B3000
unkown
page read and write
clean
5230000
unkown
page read and write
clean
4160000
unkown
page read and write
clean
DA2000
unkown image
page execute read
clean
20000
unkown
page read and write
clean
3B0000
heap default
page read and write
clean
1B0000
unkown
page read and write
clean
AE0000
unkown
page read and write
clean
DA2000
unkown image
page execute read
clean
1B0000
unkown
page read and write
clean
A40000
unkown
page read and write
clean
920000
unkown
page execute and read and write
clean
160000
unkown image
page readonly
clean
10000
unkown image
page read and write
clean
153000
unkown
page execute and read and write
clean
D80000
unkown image
page readonly
clean
AD6000
unkown
page read and write
clean
CEE000
unkown
page read and write | page guard
clean
2620000
unkown
page read and write
clean
347E000
unkown
page read and write
clean
A00000
heap private
page execute and read and write
clean
200000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
DB0000
unkown image
page readonly
clean
3220000
unkown
page read and write
clean
1B0000
unkown image
page readonly
clean
7EFB0000
unkown image
page readonly
clean
FFFC0000
unkown image
page readonly
clean
6B0D000
unkown
page read and write
clean
990000
heap private
page read and write
clean
1B7000
unkown
page execute and read and write
clean
200000
unkown
page read and write
clean
6E5000
unkown
page read and write
clean
630000
unkown
page read and write
clean
1090000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
380000
unkown
page read and write
clean
1042000
unkown image
page read and write
clean
990000
unkown
page read and write
clean
9F0000
unkown
page read and write
clean
A20000
unkown
page read and write
clean
FFFD0000
unkown image
page readonly
clean
2E40000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
A3E000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
4780000
unkown image
page readonly
clean
A45000
unkown
page read and write
clean
1041000
unkown image
page write copy
clean
60000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
293E000
unkown
page read and write
clean
9F0000
unkown image
page readonly
clean
A80000
unkown
page read and write
clean
54C000
unkown
page read and write
clean
A30000
unkown
page read and write
clean
49CF000
unkown
page read and write
clean
6B0000
heap private
page read and write
clean
60000
unkown image
page readonly
clean
AD0000
unkown
page read and write
clean
3FC0000
unkown
page read and write
clean
3B1000
unkown
page read and write
clean
7EFC0000
unkown image
page readonly
clean
7EFB2000
unkown image
page readonly
clean
3440000
heap private
page read and write
clean
AD5000
unkown
page read and write
clean
610000
unkown
page read and write
clean
AD8000
unkown
page read and write
clean
2340000
unkown
page read and write
clean
383000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
A90000
unkown
page read and write
clean
CED000
heap default
page read and write
clean
58EE000
unkown
page read and write
clean
2298000
heap private
page read and write
clean
56A2000
unkown
page read and write
clean
3A2B000
unkown
page read and write
clean
3CB5000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
A3000
heap default
page read and write
clean
1B0000
unkown
page read and write
clean
4D30000
heap private
page read and write
clean
D90000
unkown
page read and write
clean
AD6000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
370000
unkown
page execute and read and write
clean
E70000
unkown image
page readonly
clean
B00000
unkown
page read and write
clean
6A0000
unkown image
page readonly
clean
3901000
unkown
page read and write
clean
6EB000
unkown
page read and write
clean
29D000
unkown
page execute and read and write
clean
3220000
unkown
page read and write
clean
200000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
3691000
unkown
page read and write
clean
DA0000
unkown image
page readonly
clean
3150000
unkown image
page readonly
clean
D40000
unkown
page read and write
clean
7EFB0000
unkown image
page readonly
clean
7EFC0000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
3993000
unkown
page read and write
clean
13F0000
unkown image
page readonly
clean
1B0000
unkown
page read and write
clean
3A0000
unkown
page execute and read and write
clean
56EC000
unkown
page read and write
clean
7C0000
unkown image
page readonly
clean
261000
unkown image
page execute read
clean
9F5000
unkown
page read and write
clean
200000
unkown
page read and write
clean
C50000
heap private
page execute and read and write
clean
200000
unkown
page read and write
clean
200000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
439E000
unkown
page read and write
clean
582D000
unkown
page read and write
clean
FFFC2000
unkown image
page readonly
clean
7EFE0000
unkown image
page readonly
clean
AD0000
unkown
page read and write
clean
2D0000
unkown
page read and write
clean
E0000
unkown
page read and write
clean
555E000
unkown
page read and write
clean
200000
unkown
page read and write
clean
2940000
heap private
page read and write
clean
3E0000
heap private
page read and write
clean
6C0000
unkown image
page readonly
clean
26ED000
unkown
page read and write
clean
200000
unkown
page read and write
clean
7EFC2000
unkown image
page readonly
clean
3220000
unkown
page read and write
clean
200000
unkown
page read and write
clean
5290000
heap private
page execute and read and write
clean
B02000
unkown
page read and write
clean
3D1000
unkown
page read and write
clean
DA0000
unkown image
page readonly
clean
1042000
unkown image
page read and write
clean
26A0000
unkown image
page readonly
clean
3900000
unkown
page read and write
clean
7EFD0000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
83D000
heap default
page read and write
clean
150000
unkown image
page readonly
clean
27C6000
heap private
page read and write
clean
7EFE0000
unkown image
page readonly
clean
237000
unkown
page execute and read and write
clean
A30000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
1E2000
heap private
page read and write
clean
F40000
unkown image
page readonly
clean
7EFC2000
unkown image
page readonly
clean
5640000
unkown
page read and write
clean
50000
unkown image
page readonly
clean
7FFFFFB2000
unkown image
page readonly
clean
7EFB0000
unkown image
page readonly
clean
22A000
unkown
page execute and read and write
clean
3900000
unkown
page read and write
clean
460E000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
54AE000
unkown
page read and write
clean
3FC0000
unkown
page read and write
clean
A80000
unkown
page read and write
clean
34B000
unkown
page execute and read and write
clean
65C0000
heap private
page read and write
clean
1B0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
362000
unkown
page execute and read and write
clean
3CF0000
unkown
page read and write
clean
565E000
unkown
page read and write | page guard
clean
170000
unkown image
page read and write
clean
314E000
unkown
page read and write
clean
914000
heap default
page read and write
clean
1210000
unkown image
page readonly
clean
9F0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
292000
unkown image
page readonly
clean
935000
heap default
page read and write
clean
200000
unkown
page read and write
clean
3D1000
unkown
page read and write
clean
ACE000
unkown
page read and write
clean
413000
unkown
page read and write
clean
DA2000
unkown image
page execute read
clean
7FFFFFC2000
unkown image
page readonly
clean
2BC000
heap default
page read and write
clean
20000
unkown
page read and write
clean
AD0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
268E000
unkown
page read and write | page guard
clean
1C0000
heap private
page read and write
clean
242D000
unkown
page read and write
clean
7EFB0000
unkown image
page readonly
clean
50000
unkown image
page readonly
clean
354000
heap default
page read and write
clean
590000
heap private
page execute and read and write
clean
248000
unkown
page read and write
clean
3FC0000
unkown
page read and write
clean
DA0000
unkown image
page readonly
clean
1B0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
380000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
FFFB2000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
2300000
heap private
page read and write
clean
15D000
unkown
page execute and read and write
clean
27C0000
heap private
page read and write
clean
644000
heap private
page read and write
clean
2A4000
unkown image
page read and write
clean
7EFB2000
unkown image
page readonly
clean
27ED000
unkown
page read and write
clean
E70000
heap private
page read and write
clean
90000
heap default
page read and write
clean
B00000
unkown
page read and write
clean
62DE000
unkown
page read and write
clean
3B7000
unkown
page read and write
clean
340000
unkown
page execute and read and write
clean
4E1E000
unkown
page read and write
clean
57A000
unkown
page read and write
clean
2F6E000
unkown
page read and write
clean
D0C000
heap default
page read and write
clean
27D0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
7FFFFFB0000
unkown image
page readonly
clean
A80000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
FFFD0000
unkown image
page readonly
clean
800000
unkown
page read and write
clean
240000
heap default
page read and write
clean
200000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
814000
heap default
page read and write
clean
292000
unkown image
page readonly
clean
1040000
unkown image
page write copy
clean
27E000
heap default
page read and write
clean
20000
unkown image
page read and write
clean
140000
unkown image
page readonly
clean
3D3000
unkown
page read and write
clean
518C000
unkown
page read and write
clean
422F000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
990000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
9D0000
unkown
page read and write
clean
4BC4000
heap private
page read and write
clean
4182000
unkown
page read and write
clean
17D000
unkown
page execute and read and write
clean
A30000
unkown
page read and write
clean
140000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
50000
unkown image
page readonly
clean
DAA000
unkown image
page readonly
clean
7EFC0000
unkown image
page readonly
clean
AD5000
unkown
page read and write
clean
3A50000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
D3D000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
AD0000
unkown
page read and write
clean
A30000
unkown
page read and write
clean
DA0000
unkown image
page readonly
clean
4DAE000
unkown
page read and write
clean
2340000
unkown
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
3220000
unkown
page read and write
clean
A30000
unkown
page read and write
clean
4230000
unkown
page read and write
clean
477E000
unkown
page read and write
clean
2F2000
unkown
page execute and read and write
clean
1B0000
unkown
page read and write
clean
110000
unkown image
page readonly
clean
1B0000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
CC4000
heap default
page read and write
clean
599E000
unkown
page read and write | page guard
clean
5D0000
unkown image
page readonly
clean
7EFB2000
unkown image
page readonly
clean
464C000
unkown
page read and write
clean
7EFE0000
unkown image
page readonly
clean
6790000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
46B5000
unkown
page read and write
clean
9F0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
46FC000
unkown
page read and write
clean
8F0000
heap default
page read and write
clean
449E000
unkown
page read and write
clean
2034000
heap private
page read and write
clean
1040000
unkown image
page read and write
clean
3220000
unkown
page read and write
clean
120000
unkown image
page readonly
clean
7EF40000
unkown
page execute and read and write
clean
174000
unkown
page read and write
clean
200000
unkown
page read and write
clean
245F000
unkown
page read and write
clean
A80000
unkown
page read and write
clean
335D000
unkown
page read and write
clean
7FFFFFC0000
unkown image
page readonly
clean
3220000
unkown
page read and write
clean
AD0000
unkown
page read and write
clean
2C50000
unkown
page read and write
clean
9B5000
heap private
page read and write
clean
46E2000
heap private
page read and write
clean
A20000
unkown
page read and write
clean
8F0000
heap default
page read and write
clean
4160000
unkown
page read and write
clean
FB0000
unkown image
page readonly
clean
940000
unkown
page read and write
clean
6DDD000
unkown
page read and write
clean
FFFB2000
unkown image
page readonly
clean
480E000
unkown
page read and write
clean
7EFD0000
unkown image
page readonly
clean
3AF0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
7EFC0000
unkown image
page readonly
clean
A20000
unkown
page read and write
clean
477F000
unkown
page read and write
clean
A40000
unkown image
page readonly
clean
1E0000
heap default
page read and write
clean
260000
unkown image
page readonly
clean
7EFC0000
unkown image
page readonly
clean
820000
unkown image
page readonly
clean
A88000
unkown
page read and write
clean
E76000
heap private
page read and write
clean
B7D000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
1B0000
unkown
page read and write
clean
62D000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
2294000
heap private
page read and write
clean
FB0000
unkown image
page readonly
clean
1B0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
810000
unkown image
page readonly
clean
A30000
unkown
page read and write
clean
284000
unkown
page read and write
clean
FB1000
unkown image
page execute read
clean
9D0000
unkown
page read and write
clean
4090000
unkown
page read and write
clean
7EFB0000
unkown image
page readonly
clean
3CF0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
DB0000
unkown image
page readonly
clean
1057000
unkown image
page read and write
clean
1C10000
unkown image
page readonly
clean
1057000
unkown image
page read and write
clean
200000
unkown
page read and write
clean
200000
unkown
page read and write
clean
2510000
unkown
page read and write
clean
336000
unkown
page read and write
clean
98E000
unkown
page read and write
clean
7FFFFFD0000
unkown image
page readonly
clean
FFFC2000
unkown image
page readonly
clean
A35000
unkown
page read and write
clean
212F000
unkown
page read and write
clean
9C0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
AD7000
unkown
page read and write
clean
DA0000
unkown image
page readonly
clean
2A4B000
heap private
page read and write
clean
A20000
unkown
page read and write
clean
200000
unkown
page read and write
clean
AD0000
unkown
page read and write
clean
2C1000
unkown image
page readonly
clean
3FBF000
unkown
page read and write
clean
AD0000
unkown
page read and write
clean
A40000
unkown
page read and write
clean
930000
unkown
page execute and read and write
clean
9C0000
unkown
page read and write
clean
7EFC2000
unkown image
page readonly
clean
39E000
unkown
page read and write
clean
28D000
unkown
page execute and read and write
clean
662000
heap private
page read and write
clean
FB0000
unkown image
page readonly
clean
2944000
heap private
page read and write
clean
154000
unkown
page read and write
clean
D90000
unkown
page execute and read and write
clean
30000
unkown image
page readonly
clean
2340000
unkown
page read and write
clean
7EFC2000
unkown image
page readonly
clean
3CF0000
unkown
page read and write
clean
557000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
850000
unkown image
page readonly
clean
32B5000
unkown
page read and write
clean
261000
unkown image
page execute read
clean
3CF0000
unkown
page read and write
clean
DAA000
unkown image
page readonly
clean
FFFD0000
unkown image
page readonly
clean
4BC0000
heap private
page read and write
clean
563000
unkown
page read and write
clean
8F7000
heap default
page read and write
clean
1B0000
unkown
page read and write
clean
AD0000
unkown
page read and write
clean
270000
unkown
page read and write
clean
7EFB2000
unkown image
page readonly
clean
1B0000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
130000
unkown image
page readonly
clean
5FE000
unkown
page read and write
clean
5740000
unkown
page read and write
clean
3CF0000
unkown
page read and write
clean
8DF000
heap default
page read and write
clean
3220000
unkown
page read and write
clean
990000
unkown
page read and write
clean
7F7000
heap default
page read and write
clean
20000
unkown image
page readonly
clean
449E000
unkown
page read and write
clean
2030000
heap private
page read and write
clean
529E000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
5BF000
unkown
page read and write
clean
A26000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
3E4000
heap private
page read and write
clean
6C6000
heap private
page read and write
clean
534E000
unkown
page read and write
clean
200000
unkown
page read and write
clean
914000
heap default
page read and write
clean
46C0000
heap private
page read and write
clean
FFFDF000
unkown
page read and write
clean
2E40000
unkown
page read and write
clean
53ED000
unkown
page read and write
clean
120000
unkown image
page read and write
clean
383000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
3AF1000
unkown
page read and write
clean
6050000
unkown
page read and write
clean
268F000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
379000
unkown
page read and write
clean
9F0000
unkown image
page readonly
clean
FB1000
unkown image
page execute read
clean
200000
unkown
page read and write
clean
50B5000
unkown
page read and write
clean
3B00000
unkown
page read and write
clean
3D1000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
160000
unkown
page read and write
clean
2C1000
unkown image
page readonly
clean
7EFD0000
unkown image
page readonly
clean
395000
heap default
page read and write
clean
3C6F000
unkown
page read and write
clean
F30000
unkown image
page readonly
clean
AC000
unkown
page read and write
clean
3B2000
heap default
page read and write
clean
830000
unkown image
page readonly
clean
A30000
unkown
page read and write
clean
2340000
unkown
page read and write
clean
740000
heap default
page read and write
clean
173000
unkown
page execute and read and write
clean
4F4F000
unkown
page read and write
clean
CA0000
heap default
page read and write
clean
140000
unkown image
page read and write
clean
37E000
unkown
page read and write
clean
468E000
unkown
page read and write
clean
229B000
heap private
page read and write
clean
2E40000
unkown
page read and write
clean
105B000
unkown image
page readonly
clean
177000
unkown
page read and write
clean
200000
unkown
page read and write
clean
160000
unkown
page read and write
clean
1220000
unkown image
page readonly
clean
1032000
unkown image
page readonly
clean
4CDE000
unkown
page read and write
clean
200000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
640000
heap private
page read and write
clean
3A4A000
unkown
page read and write
clean
A45000
unkown
page read and write
clean
FFFDF000
unkown
page read and write
clean
37B000
unkown
page read and write
clean
7EF40000
unkown
page execute and read and write
clean
CE0000
heap default
page read and write
clean
200000
unkown
page read and write
clean
200000
unkown
page read and write
clean
568000
unkown
page read and write
clean
1AB000
unkown
page read and write
clean
180000
unkown image
page read and write
clean
1040000
unkown image
page read and write
clean
670000
unkown image
page readonly
clean
329E000
unkown
page read and write
clean
46C4000
heap private
page read and write
clean
38F000
heap default
page read and write
clean
130000
unkown image
page read and write
clean
4BDF000
unkown
page read and write
clean
589C000
unkown
page read and write
clean
599F000
unkown
page read and write
clean
4BE2000
heap private
page read and write
clean
60000
unkown image
page readonly
clean
13A000
unkown
page read and write
clean
200000
unkown
page read and write
clean
4D40000
heap private
page read and write
clean
55DE000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
A80000
unkown
page read and write
clean
200000
unkown
page read and write
clean
337000
heap default
page read and write
clean
7EFC2000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
565F000
unkown
page read and write
clean
29D000
unkown image
page write copy
clean
975000
heap private
page read and write
clean
260000
unkown image
page readonly
clean
AD0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
37B000
unkown
page read and write
clean
10000
unkown image
page read and write
clean
3BC000
heap default
page read and write
clean
620000
unkown
page read and write
clean
60000
unkown image
page readonly
clean
3220000
unkown
page read and write
clean
3D4000
heap default
page read and write
clean
7EFE0000
unkown image
page readonly
clean
222000
unkown
page read and write
clean
1220000
heap private
page read and write
clean
5C00000
unkown image
page readonly
clean
200000
unkown
page read and write
clean
105B000
unkown image
page readonly
clean
232000
unkown
page read and write
clean
55E000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
690000
heap private
page read and write
clean
FB0000
unkown image
page readonly
clean
5AEC000
unkown
page read and write
clean
A36000
unkown
page read and write
clean
3FC0000
unkown
page read and write
clean
180000
unkown
page read and write
clean
FFFB2000
unkown image
page readonly
clean
AD6000
unkown
page read and write
clean
BA000
unkown
page read and write
clean
A86000
unkown
page read and write
clean
A30000
unkown
page read and write
clean
200000
unkown
page read and write
clean
3B7000
heap default
page read and write
clean
3220000
unkown
page read and write
clean
200000
unkown
page read and write
clean
68E000
unkown
page read and write
clean
630000
unkown image
page readonly
clean
33FE000
unkown
page read and write
clean
3900000
unkown
page read and write
clean
200000
unkown
page read and write
clean
53B000
unkown
page read and write
clean
3901000
unkown
page read and write
clean
2D0000
unkown
page execute and read and write
clean
F59000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
200000
unkown
page read and write
clean
200000
unkown
page read and write
clean
9F0000
unkown
page read and write
clean
6150000
heap private
page read and write
clean
1032000
unkown image
page readonly
clean
DAA000
unkown image
page readonly
clean
1B0000
unkown
page read and write
clean
D0000
unkown image
page read and write
clean
20000
unkown
page read and write
clean
1AA000
unkown
page read and write
clean
3B83000
unkown
page read and write
clean
FB1000
unkown image
page execute read
clean
7EFDF000
unkown
page read and write
clean
413000
unkown
page read and write
clean
190000
heap private
page read and write
clean
AD0000
unkown
page read and write
clean
2410000
unkown
page read and write
clean
5B2F000
unkown
page read and write
clean
2F70000
unkown image
page readonly
clean
FFFC2000
unkown image
page readonly
clean
3900000
unkown
page read and write
clean
3220000
unkown
page read and write
clean
AE0000
unkown
page read and write
clean
1B0000
unkown
page read and write
clean
58FE000
unkown
page read and write
clean
There are 950 hidden memdumps, click here to show them.