IOC Report

loading gif

Files

File Path
Type
Category
Malicious
survey-1384723731.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Thu Nov 25 10:07:14 2021, Security: 0
initial sample
 malicious
C:\Users\user\Desktop\survey-1384723731.xls
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Thu Nov 25 10:07:14 2021, Security: 0
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\CBFF3701-7631-452C-BE3A-4FA719E7E49C
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DB32F834.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF914C0A2C8AFAF4B5.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFD6AFEF8B4ED1CD1D.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\91C4.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF22AC4F44EF579D15.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF8E36D078DBA15E72.TMP
data
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" C:\Datop\besta.ocx
 malicious
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestb.ocx
 malicious
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestc.ocx
 malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
 malicious
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" C:\Datop\besta.ocx
 malicious
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestb.ocx
 malicious
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" C:\Datop\bestc.ocx
 malicious

URLs

Name
IP
Malicious
https://api.diagnosticssdf.office.com
unknown
 clean
https://login.microsoftonline.com/
unknown
 clean
https://shell.suite.office.com:1443
unknown
 clean
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
unknown
 clean
https://autodiscover-s.outlook.com/
unknown
 clean
https://roaming.edog.
unknown
 clean
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
unknown
 clean
https://cdn.entity.
unknown
 clean
https://api.addins.omex.office.net/appinfo/query
unknown
 clean
https://clients.config.office.net/user/v1.0/tenantassociationkey
unknown
 clean
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
unknown
 clean
https://powerlift.acompli.net
unknown
 clean
https://rpsticket.partnerservices.getmicrosoftkey.com
unknown
 clean
https://lookup.onenote.com/lookup/geolocation/v1
unknown
 clean
https://cortana.ai
unknown
 clean
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
 clean
https://cloudfiles.onenote.com/upload.aspx
unknown
 clean
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
 clean
https://entitlement.diagnosticssdf.office.com
unknown
 clean
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
unknown
 clean
https://api.aadrm.com/
unknown
 clean
https://ofcrecsvcapi-int.azurewebsites.net/
unknown
 clean
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
unknown
 clean
https://api.microsoftstream.com/api/
unknown
 clean
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
unknown
 clean
https://cr.office.com
unknown
 clean
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
unknown
 clean
https://portal.office.com/account/?ref=ClientMeControl
unknown
 clean
https://graph.ppe.windows.net
unknown
 clean
https://res.getmicrosoftkey.com/api/redemptionevents
unknown
 clean
https://powerlift-frontdesk.acompli.net
unknown
 clean
https://tasks.office.com
unknown
 clean
https://officeci.azurewebsites.net/api/
unknown
 clean
https://sr.outlook.office.net/ws/speech/recognize/assistant/work
unknown
 clean
https://store.office.cn/addinstemplate
unknown
 clean
https://api.aadrm.com
unknown
 clean
https://outlook.office.com/autosuggest/api/v1/init?cvid=
unknown
 clean
https://globaldisco.crm.dynamics.com
unknown
 clean
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
 clean
https://dev0-api.acompli.net/autodetect
unknown
 clean
https://www.odwebp.svc.ms
unknown
 clean
https://api.powerbi.com/v1.0/myorg/groups
unknown
 clean
https://web.microsoftstream.com/video/
unknown
 clean
https://api.addins.store.officeppe.com/addinstemplate
unknown
 clean
https://graph.windows.net
unknown
 clean
https://dataservice.o365filtering.com/
unknown
 clean
https://officesetup.getmicrosoftkey.com
unknown
 clean
https://analysis.windows.net/powerbi/api
unknown
 clean
https://prod-global-autodetect.acompli.net/autodetect
unknown
 clean
https://outlook.office365.com/autodiscover/autodiscover.json
unknown
 clean
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
unknown
 clean
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
unknown
 clean
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
unknown
 clean
https://ncus.contentsync.
unknown
 clean
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
unknown
 clean
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
unknown
 clean
https://srkcampus.org/OYcMRJbL/ji.html
192.185.129.7
 clean
http://weather.service.msn.com/data.aspx
unknown
 clean
https://apis.live.net/v5.0/
unknown
 clean
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
unknown
 clean
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
unknown
 clean
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
unknown
 clean
https://management.azure.com
unknown
 clean
https://outlook.office365.com
unknown
 clean
https://wus2.contentsync.
unknown
 clean
https://incidents.diagnostics.office.com
unknown
 clean
https://clients.config.office.net/user/v1.0/ios
unknown
 clean
https://insertmedia.bing.office.net/odc/insertmedia
unknown
 clean
https://o365auditrealtimeingestion.manage.office.com
unknown
 clean
https://outlook.office365.com/api/v1.0/me/Activities
unknown
 clean
https://api.office.net
unknown
 clean
https://incidents.diagnosticssdf.office.com
unknown
 clean
https://asgsmsproxyapi.azurewebsites.net/
unknown
 clean
https://clients.config.office.net/user/v1.0/android/policies
unknown
 clean
https://entitlement.diagnostics.office.com
unknown
 clean
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
unknown
 clean
https://substrate.office.com/search/api/v2/init
unknown
 clean
https://outlook.office.com/
unknown
 clean
https://storage.live.com/clientlogs/uploadlocation
unknown
 clean
https://outlook.office365.com/
unknown
 clean
https://webshell.suite.office.com
unknown
 clean
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
unknown
 clean
https://substrate.office.com/search/api/v1/SearchHistory
unknown
 clean
https://management.azure.com/
unknown
 clean
https://login.windows.net/common/oauth2/authorize
unknown
 clean
https://klevvrtech.com/zxywJAC24KJ/ji.html
192.185.79.2
 clean
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
unknown
 clean
https://graph.windows.net/
unknown
 clean
https://api.powerbi.com/beta/myorg/imports
unknown
 clean
https://devnull.onenote.com
unknown
 clean
https://ncus.pagecontentsync.
unknown
 clean
https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
unknown
 clean
https://messaging.office.com/
unknown
 clean
https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
unknown
 clean
https://augloop.office.com/v2
unknown
 clean
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
unknown
 clean
https://skyapi.live.net/Activity/
unknown
 clean
https://clients.config.office.net/user/v1.0/mac
unknown
 clean
https://dataservice.o365filtering.com
unknown
 clean
https://api.cortana.ai
unknown
 clean
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
unknown
 clean
http://www.windows.com/pctv.
unknown
 clean
http://investor.msn.com
unknown
 clean
http://www.msnbc.com/news/ticker.txt
unknown
 clean
http://www.icra.org/vocabulary/.
unknown
 clean
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://investor.msn.com/
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
unknown
 clean
http://www.hotmail.com/oe
unknown
 clean
http://servername/isapibackend.dll
unknown
 clean
https://rstebet.co.id/fbmKk6n48G/ji.html
103.247.11.218
 clean
There are 102 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
klevvrtech.com
192.185.79.2
 clean
rstebet.co.id
103.247.11.218
 clean
srkcampus.org
192.185.129.7
 clean

IPs

IP
Domain
Country
Malicious
192.185.129.7
srkcampus.org
United States
clean
192.185.79.2
klevvrtech.com
United States
clean
103.247.11.218
rstebet.co.id
Indonesia
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
}p3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
~p3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
RemoteClearDate
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3
Last
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
FilePath
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
StartDate
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
EndDate
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Properties
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache\AllUsers\officeclient.microsoft.com\config16--lcid=1033&syslcid=1033&uilcid=1033&build=16.0.4954&crev=3\0
Url
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\internet\WebServiceCache
LastClean
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableWinHttpCertAuth
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableIsOwnerRegex
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableSessionAwareHttpClose
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALForExtendedApps
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALSetSilentAuth
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableGuestCredProvider
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
msoridDisableOstringReplace
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\1C986
1C986
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
MSForms
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\ExdCache\Excel8.0
MSComctlLib
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\StartupItems
}j3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\2FB3F
2FB3F
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Resiliency\DocumentRecovery\30765
30765
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\General
FileFormatBallotBoxTelemetrySent
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
ProductFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
en-US
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109110000000000000000F01FEC\Usage
EXCELFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingConfigurableSettings
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastSyncTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Roaming
RoamingLastWriteTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\IOAV
LastBootTime
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00006109E60090400000000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
-x*
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\2EB58
2EB58
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
6*+
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\System32\wuaueng.dll,-400
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\39B55
39B55
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Place MRU
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Max Display
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 1
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 3
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 6
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 8
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 9
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 10
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 11
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 12
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 13
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 14
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 15
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 16
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 17
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 18
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 19
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\file mru
Item 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\DocumentRecovery\3A2C4
3A2C4
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
EXCELFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
Blob
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
ProductNonBootFilesIntl_1033
 clean
There are 99 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
19CF479000
stack
page read and write
 clean
7FF5E1270000
unkown image
page readonly
 clean
7FF5E14DF000
unkown image
page readonly
 clean
7FF5E109A000
unkown image
page readonly
 clean
208E3200000
unkown image
page readonly
 clean
7FF4F1B78000
unkown image
page readonly
 clean
2885000
unkown image
page readonly
 clean
7FF4F208D000
unkown image
page readonly
 clean
7FF5E1402000
unkown image
page readonly
 clean
282D000
unkown image
page readonly
 clean
208BB7F0000
unkown
page read and write
 clean
2921000
unkown image
page readonly
 clean
995000
unkown
page read and write
 clean
291B000
unkown image
page readonly
 clean
208BB88A000
unkown
page read and write
 clean
136E1E20000
unkown
page read and write
 clean
190F6370000
heap default
page read and write
 clean
B1A000
heap private
page read and write
 clean
291B000
unkown image
page readonly
 clean
7DF5D35B2000
unkown image
page readonly
 clean
2937000
unkown image
page readonly
 clean
272EE22A000
unkown
page read and write
 clean
7FF5BDA81000
unkown image
page readonly
 clean
2165127E000
unkown
page read and write
 clean
136E1C91000
unkown
page read and write
 clean
ADE000
stack
page read and write
 clean
2891000
unkown image
page readonly
 clean
28A5000
unkown image
page readonly
 clean
7FF4F2003000
unkown image
page readonly
 clean
D1BC0FE000
stack
page read and write
 clean
259A46C5000
unkown
page read and write
 clean
7FF59B5FB000
unkown image
page readonly
 clean
7FF59B5C8000
unkown image
page readonly
 clean
7FF50B9FC000
unkown image
page readonly
 clean
223746C0000
unkown image
page readonly
 clean
7FF58DF38000
unkown image
page readonly
 clean
259A466F000
unkown
page read and write
 clean
28A5000
unkown image
page readonly
 clean
259A4688000
unkown
page read and write
 clean
208E3102000
unkown
page read and write
 clean
136E1E49000
unkown
page read and write
 clean
971000
unkown
page read and write
 clean
208E3064000
unkown
page read and write
 clean
AB7807F000
stack
page read and write
 clean
932000
unkown
page read and write
 clean
7FF59B553000
unkown image
page readonly
 clean
7FF5E120C000
unkown image
page readonly
 clean
2885000
unkown image
page readonly
 clean
775E000
stack
page read and write
 clean
259A4702000
unkown
page read and write
 clean
7FF4F2208000
unkown image
page readonly
 clean
7FF50BAAF000
unkown image
page readonly
 clean
190F6350000
unkown
page read and write
 clean
2937000
unkown image
page readonly
 clean
7FF5BD998000
unkown image
page readonly
 clean
226812C4000
unkown
page read and write
 clean
8E0000
unkown image
page readonly
 clean
21651313000
unkown
page read and write
 clean
136E1E3C000
unkown
page read and write
 clean
259A4B90000
unkown image
page readonly
 clean
979000
unkown
page read and write
 clean
7FF4F1B7F000
unkown image
page readonly
 clean
21651010000
heap default
page read and write
 clean
2899000
unkown image
page readonly
 clean
9ADE7F000
stack
page read and write
 clean
7FF58E00D000
unkown image
page readonly
 clean
2717000
unkown image
page readonly
 clean
283E000
unkown image
page readonly
 clean
136E1D80000
unkown
page read and write
 clean
272EE26A000
unkown
page read and write
 clean
7FF5E151F000
unkown image
page readonly
 clean
272EE25F000
unkown
page read and write
 clean
136DD760000
unkown image
page readonly
 clean
7FF4F2225000
unkown image
page readonly
 clean
7FF5E13CD000
unkown image
page readonly
 clean
7FF50BADB000
unkown image
page readonly
 clean
44AE000
stack
page read and write
 clean
7FF4F20B3000
unkown image
page readonly
 clean
223740E0000
unkown
page read and write
 clean
EF511FF000
stack
page read and write
 clean
7600000
unkown
page read and write
 clean
20DD94D0000
unkown image
page readonly
 clean
208BB900000
unkown
page read and write
 clean
208E3000000
unkown
page read and write
 clean
7DF5B0F00000
unkown image
page readonly
 clean
97C000
unkown
page read and write
 clean
7FF4F2040000
unkown image
page readonly
 clean
7FF50B919000
unkown image
page readonly
 clean
D1BC4F7000
stack
page read and write
 clean
7DF5F6E10000
unkown image
page readonly
 clean
208BB902000
unkown
page read and write
 clean
7FF5BDA5D000
unkown image
page readonly
 clean
259A46BE000
unkown
page read and write
 clean
190F6378000
heap default
page read and write
 clean
7FF4F1BBF000
unkown image
page readonly
 clean
7FF4F21FC000
unkown image
page readonly
 clean
C51897F000
stack
page read and write
 clean
2851000
unkown image
page readonly
 clean
70F000
unkown
page read and write
 clean
7FF54FC5A000
unkown image
page readonly
 clean
259A44B0000
unkown image
page readonly
 clean
160DE3E0000
heap private
page read and write
 clean
208BB5D0000
unkown image
page readonly
 clean
22374080000
unkown image
page read and write
 clean
7FF5D2876000
unkown image
page readonly
 clean
22681200000
unkown
page read and write
 clean
D1BC27B000
stack
page read and write
 clean
7FAE0000
unkown image
page readonly
 clean
7FF50BAD4000
unkown image
page readonly
 clean
7FF59B575000
unkown image
page readonly
 clean
223740A0000
unkown image
page readonly
 clean
208E3602000
unkown
page read and write
 clean
7880000
unkown
page read and write
 clean
932000
unkown
page read and write
 clean
136E1AE0000
unkown
page read and write
 clean
7DF5213F0000
unkown image
page readonly
 clean
7FF4F2229000
unkown image
page readonly
 clean
136E1D90000
unkown
page read and write
 clean
919000
unkown
page read and write
 clean
7FF59B573000
unkown image
page readonly
 clean
7DF5D35B0000
unkown image
page readonly
 clean
7FF5D287B000
unkown image
page readonly
 clean
AB7837B000
stack
page read and write
 clean
7DF5B0F02000
unkown image
page readonly
 clean
7DF527E72000
unkown image
page readonly
 clean
272EDFE0000
unkown image
page readonly
 clean
226812BC000
unkown
page read and write
 clean
7FF5D264D000
unkown image
page readonly
 clean
7FF5D2705000
unkown image
page readonly
 clean
7FF59C459000
unkown image
page readonly
 clean
D1BC37B000
stack
page read and write
 clean
7DF5213E2000
unkown image
page readonly
 clean
136DD101000
unkown
page read and write
 clean
272EE277000
unkown
page read and write
 clean
7FF5D27B7000
unkown image
page readonly
 clean
7FF54FC1D000
unkown image
page readonly
 clean
7FAD2000
unkown image
page readonly
 clean
7FF4F19AE000
unkown image
page readonly
 clean
136DCF59000
unkown
page read and write
 clean
136E1C7E000
unkown
page read and write
 clean
223746B0000
unkown image
page readonly
 clean
19CF67F000
stack
page read and write
 clean
7FF4F22DE000
unkown image
page readonly
 clean
20DD9276000
unkown
page read and write
 clean
136E1ED7000
unkown
page read and write
 clean
2870000
unkown image
page readonly
 clean
2895000
unkown image
page readonly
 clean
272EE241000
unkown
page read and write
 clean
2D41000
unkown
page read and write
 clean
160DEE00000
unkown
page read and write
 clean
7FF5D289E000
unkown image
page readonly
 clean
21650FE0000
unkown image
page readonly
 clean
58B000
unkown
page read and write
 clean
7DF5B2290000
unkown image
page readonly
 clean
7FF511DB6000
unkown image
page readonly
 clean
2764000
unkown image
page readonly
 clean
7DF5B0F12000
unkown image
page readonly
 clean
7FF5D27A7000
unkown image
page readonly
 clean
2856000
unkown image
page readonly
 clean
190F62C0000
unkown image
page read and write
 clean
7FF512467000
unkown image
page readonly
 clean
259A5400000
unkown
page read and write
 clean
7FF4F21A7000
unkown image
page readonly
 clean
7FF5D269E000
unkown image
page readonly
 clean
7FF59C7DF000
unkown image
page readonly
 clean
21651600000
unkown image
page readonly
 clean
7FF5BDBF5000
unkown image
page readonly
 clean
7FF4F219D000
unkown image
page readonly
 clean
4BA000
unkown
page read and write
 clean
160DE3F0000
unkown image
page readonly
 clean
D1BC5FE000
stack
page read and write
 clean
208BB852000
unkown
page read and write
 clean
7FF59ADAC000
unkown image
page readonly
 clean
7FF5E1094000
unkown image
page readonly
 clean
7FF5E11D9000
unkown image
page readonly
 clean
7FF5E10D6000
unkown image
page readonly
 clean
7FF59C956000
unkown image
page readonly
 clean
22374167000
heap default
page read and write
 clean
136E1DD0000
unkown
page read and write
 clean
7FF50BAB6000
unkown image
page readonly
 clean
7FF5BDCBF000
unkown image
page readonly
 clean
21650FC0000
unkown image
page readonly
 clean
7FF4F20A3000
unkown image
page readonly
 clean
EF50E7C000
stack
page read and write
 clean
2937000
unkown image
page readonly
 clean
7DF507BF2000
unkown image
page readonly
 clean
7DF521400000
unkown image
page readonly
 clean
22681010000
unkown image
page readonly
 clean
9AD87A000
stack
page read and write
 clean
7DF5E81A0000
unkown image
page readonly
 clean
7FF32000
unkown image
page readonly
 clean
21651255000
unkown
page read and write
 clean
2B50000
unkown image
page readonly
 clean
28A9000
unkown image
page readonly
 clean
7FF4F22B6000
unkown image
page readonly
 clean
7DF5E81A0000
unkown image
page readonly
 clean
7DF5A3940000
unkown image
page readonly
 clean
292C000
unkown image
page readonly
 clean
7FF4F19D3000
unkown image
page readonly
 clean
2722000
unkown image
page readonly
 clean
7FF58DF3C000
unkown image
page readonly
 clean
921000
unkown
page read and write
 clean
7FF59C8F5000
unkown image
page readonly
 clean
7FF5124A9000
unkown image
page readonly
 clean
7FF4F1B16000
unkown image
page readonly
 clean
20DD9160000
unkown image
page readonly
 clean
208BB620000
heap default
page read and write
 clean
7FF59C89C000
unkown image
page readonly
 clean
7DF425D30000
unkown image
page readonly
 clean
190F63B6000
unkown
page read and write
 clean
7FF4F22AF000
unkown image
page readonly
 clean
2899000
unkown image
page readonly
 clean
C51887E000
stack
page read and write
 clean
2CD0000
unkown image
page readonly
 clean
EF50CFF000
stack
page read and write
 clean
7FF5D26FF000
unkown image
page readonly
 clean
7FF51255E000
unkown image
page readonly
 clean
7FF5BDBF9000
unkown image
page readonly
 clean
7FF58DFFB000
unkown image
page readonly
 clean
190F63DD000
heap default
page read and write
 clean
2864000
unkown image
page readonly
 clean
208E3064000
unkown
page read and write
 clean
7FF512488000
unkown image
page readonly
 clean
136E1EA1000
unkown
page read and write
 clean
160DE800000
unkown image
page readonly
 clean
2D48000
unkown
page read and write
 clean
259A4D30000
unkown image
page read and write
 clean
7FF5D27E9000
unkown image
page readonly
 clean
B4EDB7E000
stack
page read and write
 clean
2D58000
unkown
page read and write
 clean
7DF5074D0000
unkown image
page readonly
 clean
91C000
unkown
page read and write
 clean
5E0000
unkown image
page readonly
 clean
E92D27A000
unkown
page read and write
 clean
7FF54FCF4000
unkown image
page readonly
 clean
7FF5E1413000
unkown image
page readonly
 clean
7DF5D35D0000
unkown image
page readonly
 clean
AB78478000
stack
page read and write
 clean
20DD9213000
unkown
page read and write
 clean
272EE267000
unkown
page read and write
 clean
91AF6FF000
stack
page read and write
 clean
7FF5E1241000
unkown image
page readonly
 clean
7DF5F6E12000
unkown image
page readonly
 clean
7FF50BAA8000
unkown image
page readonly
 clean
160DE420000
unkown image
page readonly
 clean
AB78577000
stack
page read and write
 clean
7FF4F1AD8000
unkown image
page readonly
 clean
136DC5A0000
unkown image
page read and write
 clean
7FF59C98F000
unkown image
page readonly
 clean
2851000
unkown image
page readonly
 clean
7FF5BDC9D000
unkown image
page readonly
 clean
22681B00000
unkown
page read and write
 clean
7DF565612000
unkown image
page readonly
 clean
7FF5BDC0A000
unkown image
page readonly
 clean
136DC700000
unkown image
page readonly
 clean
7FF5124D5000
unkown image
page readonly
 clean
19CF2FE000
stack
page read and write
 clean
7FF50B355000
unkown image
page readonly
 clean
160DE602000
unkown
page read and write
 clean
7FF59B5FE000
unkown image
page readonly
 clean
9D0000
heap default
page read and write
 clean
E92D4FF000
stack
page read and write
 clean
22374160000
heap default
page read and write
 clean
2165129B000
unkown
page read and write
 clean
289C000
unkown image
page readonly
 clean
7FF5E10A0000
unkown image
page readonly
 clean
7FF59B55A000
unkown image
page readonly
 clean
9ADBFE000
stack
page read and write
 clean
190F6300000
unkown image
page readonly
 clean
7FF5E146A000
unkown image
page readonly
 clean
22681400000
unkown image
page readonly
 clean
2859000
unkown image
page readonly
 clean
190F6AB0000
unkown image
page readonly
 clean
4F0000
unkown image
page readonly
 clean
136E1EDD000
unkown
page read and write
 clean
7FF58DDEC000
unkown image
page readonly
 clean
7FF59C8DA000
unkown image
page readonly
 clean
2937000
unkown image
page readonly
 clean
190F6540000
unkown image
page readonly
 clean
7FF5E0FCF000
unkown image
page readonly
 clean
259A46A5000
unkown
page read and write
 clean
7FF59B60F000
unkown image
page readonly
 clean
7DF5E81B0000
unkown image
page readonly
 clean
7F340000
unkown image
page readonly
 clean
7FF4F1793000
unkown image
page readonly
 clean
7FF58E02B000
unkown image
page readonly
 clean
7FF4F21D2000
unkown image
page readonly
 clean
560000
unkown
page read and write
 clean
136DCF02000
unkown
page read and write
 clean
7FF5BDCBD000
unkown image
page readonly
 clean
7FF50B927000
unkown image
page readonly
 clean
7DF507BE0000
unkown image
page readonly
 clean
7FF5BDC86000
unkown image
page readonly
 clean
7DF565602000
unkown image
page readonly
 clean
7FF5E140C000
unkown image
page readonly
 clean
7DF5A3922000
unkown image
page readonly
 clean
7DF5E81B2000
unkown image
page readonly
 clean
7FF59B5ED000
unkown image
page readonly
 clean
2B0847E000
stack
page read and write
 clean
7FF58DEAE000
unkown image
page readonly
 clean
288B000
unkown image
page readonly
 clean
2841000
unkown image
page readonly
 clean
7FF59C753000
unkown image
page readonly
 clean
136DCD80000
unkown image
page readonly
 clean
7FF50B653000
unkown image
page readonly
 clean
90038FA000
stack
page read and write
 clean
20DD925A000
unkown
page read and write
 clean
7FF51252F000
unkown image
page readonly
 clean
28BD000
unkown image
page readonly
 clean
20DD9237000
unkown
page read and write
 clean
7FF5E0CB8000
unkown image
page readonly
 clean
7FF5E142C000
unkown image
page readonly
 clean
208BBD80000
unkown image
page readonly
 clean
9AD677000
stack
page read and write
 clean
7FF4F21E7000
unkown image
page readonly
 clean
22681288000
unkown
page read and write
 clean
208E3113000
unkown
page read and write
 clean
7DF527E80000
unkown image
page readonly
 clean
7FF59C8BD000
unkown image
page readonly
 clean
7FF50BAEF000
unkown image
page readonly
 clean
7FF4F20FD000
unkown image
page readonly
 clean
272EE231000
unkown
page read and write
 clean
7FF59C97E000
unkown image
page readonly
 clean
7FF51256F000
unkown image
page readonly
 clean
7FF50BACD000
unkown image
page readonly
 clean
7DF5F6E30000
unkown image
page readonly
 clean
7FF5E10ED000
unkown image
page readonly
 clean
2859000
unkown image
page readonly
 clean
7FF5D2868000
unkown image
page readonly
 clean
7FF58E02F000
unkown image
page readonly
 clean
7FF4F22EF000
unkown image
page readonly
 clean
160DE530000
unkown image
page readonly
 clean
C5180EB000
unkown
page read and write
 clean
7FF4F1983000
unkown image
page readonly
 clean
190F63BE000
unkown
page read and write
 clean
7DF5B0F20000
unkown image
page readonly
 clean
190F6C30000
unkown image
page readonly
 clean
7FF40000
unkown image
page readonly
 clean
7FF5E10DB000
unkown image
page readonly
 clean
7FF4F2000000
unkown image
page readonly
 clean
7FF58DDC2000
unkown image
page readonly
 clean
2860000
unkown image
page readonly
 clean
272EE27B000
unkown
page read and write
 clean
22374183000
heap default
page read and write
 clean
292C000
unkown image
page readonly
 clean
432E000
stack
page read and write
 clean
90041FE000
stack
page read and write
 clean
7FF59C72D000
unkown image
page readonly
 clean
160DEBD0000
unkown
page read and write
 clean
7FF59C94F000
unkown image
page readonly
 clean
AB787FE000
unkown
page read and write
 clean
95A000
heap default
page read and write
 clean
7FF59B5CF000
unkown image
page readonly
 clean
44D0000
heap private
page read and write
 clean
2D2A000
heap default
page read and write
 clean
136E1AD0000
unkown
page read and write
 clean
7FF5BDA52000
unkown image
page readonly
 clean
77B000
unkown
page read and write
 clean
7FF4F1BA4000
unkown image
page readonly
 clean
7FF51256B000
unkown image
page readonly
 clean
190F62E0000
unkown image
page readonly
 clean
7DF565620000
unkown image
page readonly
 clean
2C17000
heap private
page read and write
 clean
7DF507BF2000
unkown image
page readonly
 clean
7FF5D27C8000
unkown image
page readonly
 clean
160DEBD0000
unkown
page read and write
 clean
7FF5D2373000
unkown image
page readonly
 clean
136DC8FD000
unkown
page read and write
 clean
7FF50BA55000
unkown image
page readonly
 clean
216510F0000
unkown image
page readonly
 clean
7FF5BDCA4000
unkown image
page readonly
 clean
8DF000
stack
page read and write
 clean
7FF4FF79E000
unkown image
page readonly
 clean
136E1C70000
unkown
page read and write
 clean
272EE302000
unkown
page read and write
 clean
2722000
unkown image
page readonly
 clean
259A4F13000
unkown
page read and write
 clean
7FF54FA08000
unkown image
page readonly
 clean
B2E000
stack
page read and write
 clean
136DC610000
heap default
page read and write
 clean
7FF5BDC25000
unkown image
page readonly
 clean
259A4682000
unkown
page read and write
 clean
988000
unkown
page read and write
 clean
7FF5E12B4000
unkown image
page readonly
 clean
7FF5BD504000
unkown image
page readonly
 clean
21651200000
unkown
page read and write
 clean
22681313000
unkown
page read and write
 clean
20DD9860000
unkown image
page readonly
 clean
7FF4F2011000
unkown image
page readonly
 clean
7FF5BDBD8000
unkown image
page readonly
 clean
7FF59C453000
unkown image
page readonly
 clean
83B000
unkown
page read and write
 clean
590000
unkown image
page readonly
 clean
272EE252000
unkown
page read and write
 clean
7FF58DF04000
unkown image
page readonly
 clean
7DF5213E0000
unkown image
page readonly
 clean
7FF5E12BD000
unkown image
page readonly
 clean
21651802000
unkown
page read and write
 clean
7FF4F2255000
unkown image
page readonly
 clean
91AF3FB000
unkown
page read and write
 clean
7FF58DD2D000
unkown image
page readonly
 clean
7FF4F1BAB000
unkown image
page readonly
 clean
25A8000
unkown image
page readonly
 clean
76E0000
unkown
page read and write
 clean
9ADA7A000
stack
page read and write
 clean
7FE20000
unkown image
page readonly
 clean
AE0000
unkown
page read and write
 clean
7F340000
unkown image
page readonly
 clean
291B000
unkown image
page readonly
 clean
2B0817D000
stack
page read and write
 clean
7FF54FCFB000
unkown image
page readonly
 clean
7DF5B0F00000
unkown image
page readonly
 clean
7FF4F1FA9000
unkown image
page readonly
 clean
C5184FB000
stack
page read and write
 clean
7FF4F22A8000
unkown image
page readonly
 clean
7FF59C974000
unkown image
page readonly
 clean
7FF4F1AB3000
unkown image
page readonly
 clean
28CD000
unkown image
page readonly
 clean
20DD90E0000
unkown image
page read and write
 clean
7FF5D2388000
unkown image
page readonly
 clean
91AFAFF000
stack
page read and write
 clean
7FF59C643000
unkown image
page readonly
 clean
7FF58DCBA000
unkown image
page readonly
 clean
7FF4F1FF7000
unkown image
page readonly
 clean
2841000
unkown image
page readonly
 clean
7FF4F1689000
unkown image
page readonly
 clean
7FF54FC53000
unkown image
page readonly
 clean
208BB802000
unkown
page read and write
 clean
7F9C0000
unkown image
page readonly
 clean
7DF5B22A0000
unkown image
page readonly
 clean
7FF5E14EB000
unkown image
page readonly
 clean
7DF5213F2000
unkown image
page readonly
 clean
7FF51255B000
unkown image
page readonly
 clean
7FF4F1DC8000
unkown image
page readonly
 clean
7FF59C948000
unkown image
page readonly
 clean
7DF5B2280000
unkown image
page readonly
 clean
160DEA00000
unkown image
page readonly
 clean
22681140000
unkown image
page readonly
 clean
2165123C000
unkown
page read and write
 clean
208E3013000
unkown
page read and write
 clean
288B000
unkown image
page readonly
 clean
7FF5D27FA000
unkown image
page readonly
 clean
2538000
unkown image
page readonly
 clean
913000
heap default
page read and write
 clean
2717000
unkown image
page readonly
 clean
7DF5074D0000
unkown image
page readonly
 clean
7FF58DF27000
unkown image
page readonly
 clean
7F350000
unkown image
page readonly
 clean
2925000
unkown image
page readonly
 clean
7FF4F1683000
unkown image
page readonly
 clean
7DF507BF0000
unkown image
page readonly
 clean
7DF5B0F20000
unkown image
page readonly
 clean
259A4F8D000
unkown
page read and write
 clean
136DC5F0000
unkown image
page readonly
 clean
208E2DA0000
unkown image
page read and write
 clean
7FF5124B3000
unkown image
page readonly
 clean
7DF527E62000
unkown image
page readonly
 clean
452F000
stack
page read and write
 clean
7FF59B549000
unkown image
page readonly
 clean
160DE658000
unkown
page read and write
 clean
7FAD0000
unkown image
page readonly
 clean
7FF4F1BBB000
unkown image
page readonly
 clean
259A4490000
unkown image
page read and write
 clean
208BB84B000
unkown
page read and write
 clean
7FF5E13F8000
unkown image
page readonly
 clean
272EE248000
unkown
page read and write
 clean
208BB84F000
unkown
page read and write
 clean
7FF4F1AC7000
unkown image
page readonly
 clean
7FF4F1FED000
unkown image
page readonly
 clean
D1BC07C000
unkown
page read and write
 clean
9AD97E000
stack
page read and write
 clean
136E1B60000
unkown
page read and write
 clean
20DD9202000
unkown
page read and write
 clean
259A4F4B000
unkown
page read and write
 clean
25A8000
unkown image
page readonly
 clean
259A4500000
heap default
page read and write
 clean
A9A000
heap private
page read and write
 clean
2859000
unkown image
page readonly
 clean
136DC89F000
unkown
page read and write
 clean
7FF5BD81A000
unkown image
page readonly
 clean
880000
unkown image
page readonly
 clean
136DC871000
unkown
page read and write
 clean
22374120000
heap private
page read and write
 clean
2856000
unkown image
page readonly
 clean
2864000
unkown image
page readonly
 clean
7FF5E136F000
unkown image
page readonly
 clean
7FF54FC45000
unkown image
page readonly
 clean
7FF5BDACD000
unkown image
page readonly
 clean
160DE3F0000
unkown image
page readonly
 clean
22681160000
unkown
page read and write
 clean
272EE245000
unkown
page read and write
 clean
590000
unkown image
page readonly
 clean
2722000
unkown image
page readonly
 clean
932000
unkown
page read and write
 clean
7FF5E120A000
unkown image
page readonly
 clean
7FAC2000
unkown image
page readonly
 clean
7FF59B51D000
unkown image
page readonly
 clean
20DD9150000
heap default
page read and write
 clean
7FF5E1227000
unkown image
page readonly
 clean
671000
unkown
page read and write
 clean
136E1B70000
unkown
page read and write
 clean
5E0000
unkown image
page readonly
 clean
28BD000
unkown image
page readonly
 clean
7FF58E01B000
unkown image
page readonly
 clean
208BB87C000
unkown
page read and write
 clean
136DC800000
unkown
page read and write
 clean
7FF54FD0F000
unkown image
page readonly
 clean
22681030000
unkown image
page readonly
 clean
7FF58DF7A000
unkown image
page readonly
 clean
272EE200000
unkown
page read and write
 clean
7F332000
unkown image
page readonly
 clean
A00000
unkown
page read and write
 clean
208E304F000
unkown
page read and write
 clean
7DF5B2282000
unkown image
page readonly
 clean
2C1A000
heap private
page read and write
 clean
4E0000
unkown image
page read and write
 clean
7FF4F1873000
unkown image
page readonly
 clean
7FF50B696000
unkown image
page readonly
 clean
208E2DF0000
unkown image
page readonly
 clean
E92D47F000
stack
page read and write
 clean
7FF50B32D000
unkown image
page readonly
 clean
208BB82A000
unkown
page read and write
 clean
7FF59C804000
unkown image
page readonly
 clean
208BB5D0000
unkown image
page readonly
 clean
136E1EF7000
unkown
page read and write
 clean
9AD47B000
unkown
page read and write
 clean
136DCF18000
unkown
page read and write
 clean
D2F000
unkown image
page readonly
 clean
190F63BE000
unkown
page read and write
 clean
7FF5E12D3000
unkown image
page readonly
 clean
7FF5BDC8E000
unkown image
page readonly
 clean
935000
unkown
page read and write
 clean
19CF27B000
unkown
page read and write
 clean
2891000
unkown image
page readonly
 clean
7FF54FD0F000
unkown image
page readonly
 clean
21651302000
unkown
page read and write
 clean
7FF58D887000
unkown image
page readonly
 clean
2B50000
unkown image
page readonly
 clean
28BD000
unkown image
page readonly
 clean
7FF54FAAD000
unkown image
page readonly
 clean
7FF59B1E4000
unkown image
page readonly
 clean
7FF5E10AF000
unkown image
page readonly
 clean
7DF527E60000
unkown image
page readonly
 clean
283E000
unkown image
page readonly
 clean
7FF5E1203000
unkown image
page readonly
 clean
2165127D000
unkown
page read and write
 clean
2870000
unkown image
page readonly
 clean
EF513FE000
stack
page read and write
 clean
436E000
stack
page read and write
 clean
136E1DC0000
unkown
page read and write
 clean
2E20000
unkown image
page readonly
 clean
B4ED7FE000
stack
page read and write
 clean
7DF507BF0000
unkown image
page readonly
 clean
7FF54FCDB000
unkown image
page readonly
 clean
259A4600000
unkown
page read and write
 clean
208E2EF0000
unkown image
page readonly
 clean
7DF5A3940000
unkown image
page readonly
 clean
7FF50B334000
unkown image
page readonly
 clean
7FF59C960000
unkown image
page readonly
 clean
2D20000
heap default
page read and write
 clean
7FF5BDB3E000
unkown image
page readonly
 clean
7FF58DF69000
unkown image
page readonly
 clean
259A45E0000
unkown image
page readonly
 clean
272EE249000
unkown
page read and write
 clean
2B50000
unkown image
page readonly
 clean
E92D2FE000
stack
page read and write
 clean
22681600000
unkown image
page readonly
 clean
28C4000
unkown image
page readonly
 clean
7DF4634D0000
unkown image
page readonly
 clean
7FF5E151B000
unkown image
page readonly
 clean
7DF5B0F12000
unkown image
page readonly
 clean
22681780000
unkown image
page readonly
 clean
7FF5D267E000
unkown image
page readonly
 clean
7FF5D2563000
unkown image
page readonly
 clean
2538000
unkown image
page readonly
 clean
208E306C000
unkown
page read and write
 clean
2D43000
heap default
page read and write
 clean
208E2DC0000
unkown image
page readonly
 clean
272EE780000
unkown image
page readonly
 clean
190F7240000
unkown
page read and write
 clean
AB77DAB000
unkown
page read and write
 clean
136DC5B0000
heap private
page read and write
 clean
C5181EE000
stack
page read and write
 clean
9AE1FE000
stack
page read and write
 clean
272EE244000
unkown
page read and write
 clean
7FF5BDB34000
unkown image
page readonly
 clean
7FF5D27DD000
unkown image
page readonly
 clean
777000
unkown
page read and write
 clean
7FF51230D000
unkown image
page readonly
 clean
7FF4F1A0F000
unkown image
page readonly
 clean
7FF58DDFF000
unkown image
page readonly
 clean
2D45000
unkown
page read and write
 clean
7FF59C7A3000
unkown image
page readonly
 clean
7FF5D2724000
unkown image
page readonly
 clean
190F6310000
unkown image
page readonly
 clean
272EE213000
unkown
page read and write
 clean
7DF5A3932000
unkown image
page readonly
 clean
2851000
unkown image
page readonly
 clean
91AF7FB000
stack
page read and write
 clean
7FF4F1B03000
unkown image
page readonly
 clean
7FF59C96D000
unkown image
page readonly
 clean
7DF5F6E12000
unkown image
page readonly
 clean
7FF51247C000
unkown image
page readonly
 clean
21650FC0000
unkown image
page readonly
 clean
830000
unkown
page read and write
 clean
7FF59C8D3000
unkown image
page readonly
 clean
2165124A000
unkown
page read and write
 clean
282D000
unkown image
page readonly
 clean
7FF54FC49000
unkown image
page readonly
 clean
7DF5074B2000
unkown image
page readonly
 clean
77A0000
unkown
page read and write
 clean
7DF41F2B0000
unkown image
page readonly
 clean
7FF4F1EC4000
unkown image
page readonly
 clean
259A4713000
unkown
page read and write
 clean
7FF50BAC0000
unkown image
page readonly
 clean
136E1EFB000
unkown
page read and write
 clean
7DF5B0F10000
unkown image
page readonly
 clean
136DCF18000
unkown
page read and write
 clean
7FF59B5DB000
unkown image
page readonly
 clean
7FF59C897000
unkown image
page readonly
 clean
190F62E0000
unkown image
page readonly
 clean
136DC876000
unkown
page read and write
 clean
136DD770000
unkown image
page readonly
 clean
22681040000
unkown image
page readonly
 clean
272EE246000
unkown
page read and write
 clean
7DF5A3920000
unkown image
page readonly
 clean
7FF4F2164000
unkown image
page readonly
 clean
A90000
heap private
page read and write
 clean
810000
unkown image
page readonly
 clean
7FF59C883000
unkown image
page readonly
 clean
136DC813000
unkown
page read and write
 clean
7FF5E13D7000
unkown image
page readonly
 clean
7FF50B8FD000
unkown image
page readonly
 clean
B4EDE7E000
stack
page read and write
 clean
190F6660000
unkown
page read and write
 clean
AB780FE000
stack
page read and write
 clean
7DF565620000
unkown image
page readonly
 clean
160DE625000
unkown
page read and write
 clean
7DF5A3920000
unkown image
page readonly
 clean
7DF5F6E10000
unkown image
page readonly
 clean
2165124D000
unkown
page read and write
 clean
979000
unkown
page read and write
 clean
9ADB7B000
stack
page read and write
 clean
22681270000
unkown
page read and write
 clean
259A46AF000
unkown
page read and write
 clean
7FF59C95B000
unkown image
page readonly
 clean
7DF4F4CE0000
unkown image
page readonly
 clean
275B000
unkown image
page readonly
 clean
259A44A0000
heap private
page read and write
 clean
7FF50BADE000
unkown image
page readonly
 clean
7FF54FCED000
unkown image
page readonly
 clean
275B000
unkown image
page readonly
 clean
259A4629000
unkown
page read and write
 clean
7FF5E121D000
unkown image
page readonly
 clean
7FAE0000
unkown image
page readonly
 clean
223740A0000
unkown image
page readonly
 clean
90040FE000
stack
page read and write
 clean
7FF58D88D000
unkown image
page readonly
 clean
136DD640000
unkown
page read and write
 clean
AB7867E000
stack
page read and write
 clean
779F000
stack
page read and write
 clean
22681213000
unkown
page read and write
 clean
7FF5D2880000
unkown image
page readonly
 clean
136E1E2E000
unkown
page read and write
 clean
136DC5E0000
unkown image
page readonly
 clean
208BB800000
unkown
page read and write
 clean
136DCF00000
unkown
page read and write
 clean
2D50000
unkown image
page readonly
 clean
7FF59B60F000
unkown image
page readonly
 clean
7FF58DF23000
unkown image
page readonly
 clean
7FF5E13E0000
unkown image
page readonly
 clean
7FF51253B000
unkown image
page readonly
 clean
7FF4F1E21000
unkown image
page readonly
 clean
7FF54FC07000
unkown image
page readonly
 clean
7FF50B389000
unkown image
page readonly
 clean
7DF5B2290000
unkown image
page readonly
 clean
7FF59B5F4000
unkown image
page readonly
 clean
7F342000
unkown image
page readonly
 clean
7DF5B0F02000
unkown image
page readonly
 clean
20DD9A02000
unkown
page read and write
 clean
7FF59C8A8000
unkown image
page readonly
 clean
22681B32000
unkown
page read and write
 clean
208E2DC0000
unkown image
page readonly
 clean
282D000
unkown image
page readonly
 clean
B10000
heap private
page read and write
 clean
272EE26B000
unkown
page read and write
 clean
7FF5BDB94000
unkown image
page readonly
 clean
7DF565612000
unkown image
page readonly
 clean
136DD560000
unkown image
page read and write
 clean
7FF5E1459000
unkown image
page readonly
 clean
136E1D40000
unkown
page read and write
 clean
915000
unkown
page read and write
 clean
C5185FB000
stack
page read and write
 clean
7FF58DDCD000
unkown image
page readonly
 clean
272EE600000
unkown image
page readonly
 clean
252F000
unkown image
page readonly
 clean
259A4C60000
unkown
page read and write
 clean
7FF58DD37000
unkown image
page readonly
 clean
7FF5E10A7000
unkown image
page readonly
 clean
7FF5BDC8B000
unkown image
page readonly
 clean
7DF527E80000
unkown image
page readonly
 clean
136DD750000
unkown image
page readonly
 clean
259A46EC000
unkown
page read and write
 clean
7FF5E1504000
unkown image
page readonly
 clean
7FF4F1AF5000
unkown image
page readonly
 clean
7FF4F22EF000
unkown image
page readonly
 clean
20DD9180000
unkown
page read and write
 clean
7FF58DF1C000
unkown image
page readonly
 clean
136E1CB4000
unkown
page read and write
 clean
7FF54FCE0000
unkown image
page readonly
 clean
136DD720000
unkown image
page readonly
 clean
2B07C7C000
unkown
page read and write
 clean
289C000
unkown image
page readonly
 clean
C51867E000
stack
page read and write
 clean
9E0000
unkown image
page readonly
 clean
7FF59C8C9000
unkown image
page readonly
 clean
7FF4F1698000
unkown image
page readonly
 clean
259A4CB0000
unkown image
page write copy
 clean
7FF5BDCAB000
unkown image
page readonly
 clean
2764000
unkown image
page readonly
 clean
7FF58DF5D000
unkown image
page readonly
 clean
4430000
unkown image
page readonly
 clean
2864000
unkown image
page readonly
 clean
7FF4F21B0000
unkown image
page readonly
 clean
2E20000
unkown image
page readonly
 clean
EF50DFE000
stack
page read and write
 clean
7FF30000
unkown image
page readonly
 clean
7FF4F1AF9000
unkown image
page readonly
 clean
19CF57E000
stack
page read and write
 clean
7FF4F2145000
unkown image
page readonly
 clean
AB781FC000
stack
page read and write
 clean
7FF58DDF6000
unkown image
page readonly
 clean
7FF5E151F000
unkown image
page readonly
 clean
7DF507BE2000
unkown image
page readonly
 clean
252F000
unkown image
page readonly
 clean
160DE3D0000
unkown image
page read and write
 clean
7FF4F22C0000
unkown image
page readonly
 clean
7FF50BA25000
unkown image
page readonly
 clean
22374100000
unkown
page read and write
 clean
7FF59B5E0000
unkown image
page readonly
 clean
2856000
unkown image
page readonly
 clean
7DF5F6E22000
unkown image
page readonly
 clean
7FF54FCC8000
unkown image
page readonly
 clean
208BB908000
unkown
page read and write
 clean
7FF4FF79E000
unkown image
page readonly
 clean
21650FA0000
unkown image
page read and write
 clean
136DCF13000
unkown
page read and write
 clean
920000
unkown
page read and write
 clean
21651250000
unkown
page read and write
 clean
AB78777000
stack
page read and write
 clean
7FF5BD81E000
unkown image
page readonly
 clean
EF50FFB000
stack
page read and write
 clean
7FF54FBE0000
unkown image
page readonly
 clean
B4EDC7E000
stack
page read and write
 clean
2937000
unkown image
page readonly
 clean
22681302000
unkown
page read and write
 clean
73A0000
unkown
page read and write
 clean
259A46A9000
unkown
page read and write
 clean
272EDFE0000
unkown image
page readonly
 clean
259A4F6A000
unkown
page read and write
 clean
7FF58DFE8000
unkown image
page readonly
 clean
7FF50B35C000
unkown image
page readonly
 clean
259A4F6E000
unkown
page read and write
 clean
22681A02000
unkown
page read and write
 clean
136DC5C0000
unkown image
page readonly
 clean
136E1E00000
unkown
page read and write
 clean
7FF5D2894000
unkown image
page readonly
 clean
7FF4F1B86000
unkown image
page readonly
 clean
136E1DD0000
unkown
page read and write
 clean
190F6695000
heap private
page read and write
 clean
7FF5E1243000
unkown image
page readonly
 clean
2D1F000
stack
page read and write
 clean
20DD90F0000
heap private
page read and write
 clean
9ADFFD000
stack
page read and write
 clean
4F0000
unkown image
page readonly
 clean
7FF5D26C3000
unkown image
page readonly
 clean
2885000
unkown image
page readonly
 clean
7DF5D35B2000
unkown image
page readonly
 clean
45B0000
heap private
page read and write
 clean
7DF5213F0000
unkown image
page readonly
 clean
272EE24C000
unkown
page read and write
 clean
B4EDD7F000
stack
page read and write
 clean
7FF5BDBAC000
unkown image
page readonly
 clean
7FF59C75E000
unkown image
page readonly
 clean
7FF5E1463000
unkown image
page readonly
 clean
7FF54FC75000
unkown image
page readonly
 clean
5D0000
unkown image
page read and write
 clean
160DE410000
unkown image
page readonly
 clean
22681790000
unkown image
page readonly
 clean
208BB83C000
unkown
page read and write
 clean
190F7220000
unkown
page readonly
 clean
446E000
stack
page read and write
 clean
9AD77A000
stack
page read and write
 clean
20DD96D0000
unkown image
page readonly
 clean
2D51000
unkown
page read and write
 clean
208E2DE0000
unkown image
page readonly
 clean
22374530000
unkown image
page readonly
 clean
7DF5B22A0000
unkown image
page readonly
 clean
5D0000
unkown image
page readonly
 clean
7FF59C468000
unkown image
page readonly
 clean
7FF5BD986000
unkown image
page readonly
 clean
7FF5E1026000
unkown image
page readonly
 clean
21651213000
unkown
page read and write
 clean
7DF527E70000
unkown image
page readonly
 clean
7FF5D286F000
unkown image
page readonly
 clean
7DF5B2280000
unkown image
page readonly
 clean
7FF5E1438000
unkown image
page readonly
 clean
20DD9241000
unkown
page read and write
 clean
136E1E14000
unkown
page read and write
 clean
7FF5D2483000
unkown image
page readonly
 clean
90034CB000
unkown
page read and write
 clean
7FF58E02F000
unkown image
page readonly
 clean
7FF5BDAD6000
unkown image
page readonly
 clean
190F6690000
heap private
page read and write
 clean
2860000
unkown image
page readonly
 clean
2165122A000
unkown
page read and write
 clean
7FF59C98B000
unkown image
page readonly
 clean
510000
unkown image
page readonly
 clean
7FF5E1051000
unkown image
page readonly
 clean
7FF5E1485000
unkown image
page readonly
 clean
7FF5E1357000
unkown image
page readonly
 clean
8FA000
heap default
page read and write
 clean
272EE24B000
unkown
page read and write
 clean
7FF50BAEF000
unkown image
page readonly
 clean
2921000
unkown image
page readonly
 clean
7FF50BA1D000
unkown image
page readonly
 clean
20DD926E000
unkown
page read and write
 clean
2ED0000
unkown image
page readonly
 clean
7FF5BDAE2000
unkown image
page readonly
 clean
160DE600000
unkown
page read and write
 clean
28AD000
unkown image
page readonly
 clean
7FF4F1A8C000
unkown image
page readonly
 clean
25A8000
unkown image
page readonly
 clean
272EE261000
unkown
page read and write
 clean
7FF54F9C6000
unkown image
page readonly
 clean
7F350000
unkown image
page readonly
 clean
259A4C90000
unkown image
page readonly
 clean
19CF3FE000
stack
page read and write
 clean
208BB700000
unkown image
page readonly
 clean
20DD9120000
unkown image
page readonly
 clean
136E1E61000
unkown
page read and write
 clean
7FF59C8C5000
unkown image
page readonly
 clean
7FF5BDBA2000
unkown image
page readonly
 clean
7FF59C1A0000
unkown image
page readonly
 clean
9ADDFF000
stack
page read and write
 clean
7FF54FBF3000
unkown image
page readonly
 clean
272EE802000
unkown
page read and write
 clean
7FF5E13F4000
unkown image
page readonly
 clean
7FF5E14D8000
unkown image
page readonly
 clean
28AD000
unkown image
page readonly
 clean
7DF5A3930000
unkown image
page readonly
 clean
259A4F18000
unkown
page read and write
 clean
7FF4F22CD000
unkown image
page readonly
 clean
7FF54F555000
unkown image
page readonly
 clean
22681243000
unkown
page read and write
 clean
7FF4F1B90000
unkown image
page readonly
 clean
7DF4E6070000
unkown image
page readonly
 clean
259A44B0000
unkown image
page readonly
 clean
136DCA00000
unkown image
page readonly
 clean
208E3055000
unkown
page read and write
 clean
7FF59B545000
unkown image
page readonly
 clean
272EDFC0000
unkown image
page read and write
 clean
28A5000
unkown image
page readonly
 clean
7DF527E70000
unkown image
page readonly
 clean
136E1C94000
unkown
page read and write
 clean
208E3400000
unkown image
page readonly
 clean
7FF54FD0D000
unkown image
page readonly
 clean
7FF5D27BC000
unkown image
page readonly
 clean
7FF5D28AF000
unkown image
page readonly
 clean
7FF4F22ED000
unkown image
page readonly
 clean
21650FF0000
unkown image
page readonly
 clean
208E309B000
unkown
page read and write
 clean
160DEC02000
unkown
page read and write
 clean
460000
unkown image
page readonly
 clean
7FF40000
unkown image
page readonly
 clean
7FF5D28AF000
unkown image
page readonly
 clean
7DF5E81C0000
unkown image
page readonly
 clean
7FF4F2233000
unkown image
page readonly
 clean
136DC878000
unkown
page read and write
 clean
160DE65C000
unkown
page read and write
 clean
259A469E000
unkown
page read and write
 clean
7FF4F1BAE000
unkown image
page readonly
 clean
259A44D0000
unkown image
page readonly
 clean
7FF4F21C8000
unkown image
page readonly
 clean
7FF50BA33000
unkown image
page readonly
 clean
28CD000
unkown image
page readonly
 clean
7FF5E11DF000
unkown image
page readonly
 clean
54A000
unkown
page read and write
 clean
7DF5F6E20000
unkown image
page readonly
 clean
136DC5C0000
unkown image
page readonly
 clean
B17000
heap private
page read and write
 clean
21651400000
unkown image
page readonly
 clean
136E1CA0000
unkown
page read and write
 clean
7DF4D1480000
unkown image
page readonly
 clean
2B081FF000
stack
page read and write
 clean
7FF4F22D4000
unkown image
page readonly
 clean
7FF5BDBB3000
unkown image
page readonly
 clean
7DF5B0F10000
unkown image
page readonly
 clean
5F0000
unkown
page read and write
 clean
500000
unkown image
page readonly
 clean
7FF4F1DB9000
unkown image
page readonly
 clean
259A4A00000
unkown image
page readonly
 clean
136E1EE6000
unkown
page read and write
 clean
223740C0000
unkown image
page readonly
 clean
7FF5BDC78000
unkown image
page readonly
 clean
7FF51249D000
unkown image
page readonly
 clean
190F66A0000
unkown
page read and write
 clean
28AD000
unkown image
page readonly
 clean
7FF50B87A000
unkown image
page readonly
 clean
136E1E9D000
unkown
page read and write
 clean
7DF5074C0000
unkown image
page readonly
 clean
7FF5E14EE000
unkown image
page readonly
 clean
9ADEFE000
stack
page read and write
 clean
259A4F88000
unkown
page read and write
 clean
208BB913000
unkown
page read and write
 clean
9003DFF000
stack
page read and write
 clean
136DC83F000
unkown
page read and write
 clean
21650FB0000
heap private
page read and write
 clean
136DDAC0000
unkown
page read and write
 clean
2921000
unkown image
page readonly
 clean
EF50B7B000
stack
page read and write
 clean
9003AFE000
stack
page read and write
 clean
A5E000
stack
page read and write
 clean
208BB600000
unkown image
page readonly
 clean
713000
unkown
page read and write
 clean
2925000
unkown image
page readonly
 clean
7FF4F21F7000
unkown image
page readonly
 clean
7FF5BDBED000
unkown image
page readonly
 clean
7FF4F2013000
unkown image
page readonly
 clean
136E1DD0000
unkown
page read and write
 clean
460000
unkown image
page readonly
 clean
7FF4F22EB000
unkown image
page readonly
 clean
7DF527E72000
unkown image
page readonly
 clean
7FF5BDBB7000
unkown image
page readonly
 clean
7DF405AB0000
unkown image
page readonly
 clean
7FF30000
unkown image
page readonly
 clean
7F332000
unkown image
page readonly
 clean
B4ED6FB000
unkown
page read and write
 clean
21651308000
unkown
page read and write
 clean
208BB5C0000
heap private
page read and write
 clean
7FF5BDCBF000
unkown image
page readonly
 clean
190F68B0000
unkown image
page readonly
 clean
136DCE02000
unkown
page read and write
 clean
226812E1000
unkown
page read and write
 clean
2D48000
unkown
page read and write
 clean
7FF4F1AED000
unkown image
page readonly
 clean
7FF5E13D0000
unkown image
page readonly
 clean
7FF59C7E5000
unkown image
page readonly
 clean
7FF4F20A8000
unkown image
page readonly
 clean
7FF54FCCF000
unkown image
page readonly
 clean
136DD730000
unkown image
page readonly
 clean
136E1EF2000
unkown
page read and write
 clean
2B07F7E000
stack
page read and write
 clean
7FF511DB9000
unkown image
page readonly
 clean
28C4000
unkown image
page readonly
 clean
7DF5D35D0000
unkown image
page readonly
 clean
7DF5D35C0000
unkown image
page readonly
 clean
D1BC3FE000
stack
page read and write
 clean
259A4613000
unkown
page read and write
 clean
7FF5BDBB5000
unkown image
page readonly
 clean
28CD000
unkown image
page readonly
 clean
21651300000
unkown
page read and write
 clean
7DF507BE2000
unkown image
page readonly
 clean
190F6699000
heap private
page read and write
 clean
7FF4F221D000
unkown image
page readonly
 clean
7FF4F1B25000
unkown image
page readonly
 clean
EF5074B000
unkown
page read and write
 clean
208BBA00000
unkown image
page readonly
 clean
7DF5074B2000
unkown image
page readonly
 clean
190F7210000
unkown
page read and write
 clean
272EDFD0000
heap private
page read and write
 clean
7F330000
unkown image
page readonly
 clean
E92D37E000
stack
page read and write
 clean
2FA0000
unkown image
page readonly
 clean
7FF32000
unkown image
page readonly
 clean
20DD9130000
unkown image
page readonly
 clean
7FF4F195D000
unkown image
page readonly
 clean
675000
unkown
page read and write
 clean
7DF5B2282000
unkown image
page readonly
 clean
7DF5074C2000
unkown image
page readonly
 clean
4500000
heap private
page read and write
 clean
7DF4B0150000
unkown image
page readonly
 clean
7DF5E81B0000
unkown image
page readonly
 clean
252F000
unkown image
page readonly
 clean
7DF5074B0000
unkown image
page readonly
 clean
7FF4F1FE3000
unkown image
page readonly
 clean
19CF37F000
stack
page read and write
 clean
7FF5E14E6000
unkown image
page readonly
 clean
7DF5F6E22000
unkown image
page readonly
 clean
136E1CB0000
unkown
page read and write
 clean
7FF5E151D000
unkown image
page readonly
 clean
288B000
unkown image
page readonly
 clean
890000
unkown image
page readonly
 clean
4370000
unkown image
page readonly
 clean
136DD740000
unkown image
page readonly
 clean
208BB871000
unkown
page read and write
 clean
2895000
unkown image
page readonly
 clean
7FF50BABB000
unkown image
page readonly
 clean
190F63D4000
heap default
page read and write
 clean
7FF5BDCBB000
unkown image
page readonly
 clean
22374150000
unkown image
page readonly
 clean
136DC88C000
unkown
page read and write
 clean
259A4D20000
unkown
page read and write
 clean
136DC902000
unkown
page read and write
 clean
28A9000
unkown image
page readonly
 clean
87B000
unkown
page read and write
 clean
259A46F5000
unkown
page read and write
 clean
88E000
stack
page read and write
 clean
272EE26D000
unkown
page read and write
 clean
7FF512528000
unkown image
page readonly
 clean
259A4800000
unkown image
page readonly
 clean
7FF5E12D8000
unkown image
page readonly
 clean
EF512FD000
stack
page read and write
 clean
44D4000
heap private
page read and write
 clean
7FF4F1A34000
unkown image
page readonly
 clean
160DE629000
unkown
page read and write
 clean
292C000
unkown image
page readonly
 clean
7DF565610000
unkown image
page readonly
 clean
272EE27E000
unkown
page read and write
 clean
7FF5BDA0A000
unkown image
page readonly
 clean
EF50F7E000
stack
page read and write
 clean
45B4000
heap private
page read and write
 clean
208E302A000
unkown
page read and write
 clean
22680FF0000
unkown image
page read and write
 clean
7FF4F1B8B000
unkown image
page readonly
 clean
272EE030000
heap default
page read and write
 clean
259A46E1000
unkown
page read and write
 clean
208E303C000
unkown
page read and write
 clean
992000
unkown
page read and write
 clean
208BBC00000
unkown image
page readonly
 clean
160DE440000
heap default
page read and write
 clean
7FF5E0D9A000
unkown image
page readonly
 clean
20DD9265000
unkown
page read and write
 clean
20DD9100000
unkown image
page readonly
 clean
2870000
unkown image
page readonly
 clean
7DF527E60000
unkown image
page readonly
 clean
208BB850000
unkown
page read and write
 clean
5A0000
unkown image
page readonly
 clean
19CF5F9000
stack
page read and write
 clean
136DC87B000
unkown
page read and write
 clean
9003EFF000
stack
page read and write
 clean
7F330000
unkown image
page readonly
 clean
7FF4F1A15000
unkown image
page readonly
 clean
190F6550000
unkown image
page readonly
 clean
7DF5E81C0000
unkown image
page readonly
 clean
7FF5E1213000
unkown image
page readonly
 clean
259A463C000
unkown
page read and write
 clean
259A4E02000
unkown
page read and write
 clean
919000
unkown
page read and write
 clean
2B0807E000
stack
page read and write
 clean
2B07EFC000
stack
page read and write
 clean
7FF5124A5000
unkown image
page readonly
 clean
7FF59C98F000
unkown image
page readonly
 clean
272EE27A000
unkown
page read and write
 clean
7FF5E11AA000
unkown image
page readonly
 clean
2764000
unkown image
page readonly
 clean
7FF22000
unkown image
page readonly
 clean
A70000
unkown
page read and write
 clean
7FF4F21DC000
unkown image
page readonly
 clean
450000
unkown image
page read and write
 clean
7FF4F213F000
unkown image
page readonly
 clean
7FF54F9B8000
unkown image
page readonly
 clean
7FF5E144D000
unkown image
page readonly
 clean
7FF4F21E3000
unkown image
page readonly
 clean
272EE262000
unkown
page read and write
 clean
7FF5E1394000
unkown image
page readonly
 clean
7FF54FBD0000
unkown image
page readonly
 clean
22681010000
unkown image
page readonly
 clean
136E1EF4000
unkown
page read and write
 clean
28C4000
unkown image
page readonly
 clean
B30000
unkown
page read and write
 clean
7DF5D35C0000
unkown image
page readonly
 clean
7FF5E150E000
unkown image
page readonly
 clean
136DCE15000
unkown
page read and write
 clean
7FF5BDBCC000
unkown image
page readonly
 clean
160DEBA0000
unkown
page read and write
 clean
7FF50B9F4000
unkown image
page readonly
 clean
136DC913000
unkown
page read and write
 clean
2895000
unkown image
page readonly
 clean
136E1EEE000
unkown
page read and write
 clean
7FF54FCFE000
unkown image
page readonly
 clean
7DF5F6E20000
unkown image
page readonly
 clean
20DD9200000
unkown
page read and write
 clean
9003CFD000
stack
page read and write
 clean
7FF58E01E000
unkown image
page readonly
 clean
160DE613000
unkown
page read and write
 clean
20DD9100000
unkown image
page readonly
 clean
272EE260000
unkown
page read and write
 clean
136E1C90000
unkown
page read and write
 clean
2717000
unkown image
page readonly
 clean
890000
heap default
page read and write
 clean
272EE010000
unkown image
page readonly
 clean
580000
heap default
page read and write
 clean
7DF521400000
unkown image
page readonly
 clean
C518777000
stack
page read and write
 clean
208E3100000
unkown
page read and write
 clean
7FF4F1AB7000
unkown image
page readonly
 clean
981000
unkown
page read and write
 clean
9ADC7E000
stack
page read and write
 clean
D1BC17E000
stack
page read and write
 clean
7FF5BDC03000
unkown image
page readonly
 clean
7FF5D27E5000
unkown image
page readonly
 clean
7DF5213F2000
unkown image
page readonly
 clean
950000
heap default
page read and write
 clean
272EE000000
unkown image
page readonly
 clean
190F63BE000
unkown
page read and write
 clean
7FF59C77E000
unkown image
page readonly
 clean
287A000
unkown image
page readonly
 clean
7FF54FC3D000
unkown image
page readonly
 clean
7FF512554000
unkown image
page readonly
 clean
136E1C70000
unkown
page read and write
 clean
7FF5BDBC7000
unkown image
page readonly
 clean
7FF5E10C4000
unkown image
page readonly
 clean
2891000
unkown image
page readonly
 clean
22681060000
heap default
page read and write
 clean
975000
unkown
page read and write
 clean
992000
unkown
page read and write
 clean
7FF59B5D6000
unkown image
page readonly
 clean
7F230000
unkown image
page readonly
 clean
7DF5E81B2000
unkown image
page readonly
 clean
7FF512540000
unkown image
page readonly
 clean
2B082FD000
stack
page read and write
 clean
7DF5A3922000
unkown image
page readonly
 clean
7DF4A17F0000
unkown image
page readonly
 clean
2C10000
heap private
page read and write
 clean
7DF5213E0000
unkown image
page readonly
 clean
7FF59C97B000
unkown image
page readonly
 clean
7DF4AEDD0000
unkown image
page readonly
 clean
7DF507C00000
unkown image
page readonly
 clean
7DF5F6E30000
unkown image
page readonly
 clean
7FF58DF48000
unkown image
page readonly
 clean
7FF58DF12000
unkown image
page readonly
 clean
160DE520000
unkown image
page readonly
 clean
4530000
unkown
page read and write
 clean
287A000
unkown image
page readonly
 clean
2841000
unkown image
page readonly
 clean
7FF50B357000
unkown image
page readonly
 clean
208BB5B0000
unkown image
page read and write
 clean
7DF5D35C2000
unkown image
page readonly
 clean
7FF58E014000
unkown image
page readonly
 clean
7FF4F223A000
unkown image
page readonly
 clean
190F62D0000
unkown
page read and write
 clean
7DF507C00000
unkown image
page readonly
 clean
272EE23D000
unkown
page read and write
 clean
7FF5D27F3000
unkown image
page readonly
 clean
7DF5B2292000
unkown image
page readonly
 clean
272EE110000
unkown image
page readonly
 clean
7FF54FCD6000
unkown image
page readonly
 clean
7DF565610000
unkown image
page readonly
 clean
7FF4F1B9D000
unkown image
page readonly
 clean
7FF5D288D000
unkown image
page readonly
 clean
2165126E000
unkown
page read and write
 clean
7FAC0000
unkown image
page readonly
 clean
7FF5BDC7F000
unkown image
page readonly
 clean
7DF5E81A2000
unkown image
page readonly
 clean
136DC6F0000
unkown image
page readonly
 clean
21651780000
unkown image
page readonly
 clean
7FF5E1211000
unkown image
page readonly
 clean
7FF4F13E6000
unkown image
page readonly
 clean
136E1EFF000
unkown
page read and write
 clean
272EE790000
unkown
page read and write
 clean
136E1EA9000
unkown
page read and write
 clean
259A44E0000
unkown image
page readonly
 clean
136DCE00000
unkown
page read and write
 clean
7FF20000
unkown image
page readonly
 clean
7FF5D2673000
unkown image
page readonly
 clean
2937000
unkown image
page readonly
 clean
287A000
unkown image
page readonly
 clean
7FF54FC17000
unkown image
page readonly
 clean
7FAC0000
unkown image
page readonly
 clean
7FF5D289B000
unkown image
page readonly
 clean
7FF5BDCAE000
unkown image
page readonly
 clean
136DCDE1000
unkown
page read and write
 clean
2925000
unkown image
page readonly
 clean
160DE63D000
unkown
page read and write
 clean
7DF507BE0000
unkown image
page readonly
 clean
136DCF59000
unkown
page read and write
 clean
22374140000
unkown image
page readonly
 clean
208E2DB0000
heap private
page read and write
 clean
208BB84D000
unkown
page read and write
 clean
7FF5124BA000
unkown image
page readonly
 clean
7FF5BD76F000
unkown image
page readonly
 clean
9ADCFF000
stack
page read and write
 clean
7DF565600000
unkown image
page readonly
 clean
7FF51256F000
unkown image
page readonly
 clean
C51816E000
stack
page read and write
 clean
5B0000
unkown
page read and write
 clean
160DEBD0000
unkown
page read and write
 clean
7DF5E81A2000
unkown image
page readonly
 clean
7DF5A3932000
unkown image
page readonly
 clean
7FF58DF65000
unkown image
page readonly
 clean
7DF5213E2000
unkown image
page readonly
 clean
7FF4F1FA3000
unkown image
page readonly
 clean
208BB5F0000
unkown image
page readonly
 clean
2D65000
unkown
page read and write
 clean
216511E0000
unkown
page read and write
 clean
190F6680000
unkown
page read and write
 clean
8F0000
heap default
page read and write
 clean
289C000
unkown image
page readonly
 clean
136DC7E0000
unkown
page read and write
 clean
19CF4F9000
stack
page read and write
 clean
136DDAC3000
unkown
page read and write
 clean
911000
unkown
page read and write
 clean
136DCC00000
unkown image
page readonly
 clean
259A4D20000
unkown
page read and write
 clean
44EE000
stack
page read and write
 clean
7FF5E12EC000
unkown image
page readonly
 clean
136DC857000
unkown
page read and write
 clean
208E2FE0000
unkown
page read and write
 clean
259A4F7F000
unkown
page read and write
 clean
7FAD2000
unkown image
page readonly
 clean
136E1DB0000
unkown
page read and write
 clean
7FF5D20D6000
unkown image
page readonly
 clean
7FAC2000
unkown image
page readonly
 clean
208BB84C000
unkown
page read and write
 clean
7DF527E62000
unkown image
page readonly
 clean
E92D3F9000
stack
page read and write
 clean
7DF5074B0000
unkown image
page readonly
 clean
928000
unkown
page read and write
 clean
136DC8B2000
unkown
page read and write
 clean
2538000
unkown image
page readonly
 clean
7FF58DCE9000
unkown image
page readonly
 clean
7FF5D28AB000
unkown image
page readonly
 clean
7FF20000
unkown image
page readonly
 clean
272EE25C000
unkown
page read and write
 clean
5F0000
unkown
page read and write
 clean
136DC7F0000
unkown image
page read and write
 clean
259A4F00000
unkown
page read and write
 clean
7FF512536000
unkown image
page readonly
 clean
208E3081000
unkown
page read and write
 clean
7FF5E13F0000
unkown image
page readonly
 clean
259A4D20000
unkown
page read and write
 clean
7FF50BA29000
unkown image
page readonly
 clean
91AF8FB000
stack
page read and write
 clean
208BBE02000
unkown
page read and write
 clean
A97000
heap private
page read and write
 clean
7DF5A3930000
unkown image
page readonly
 clean
190F7230000
unkown
page read and write
 clean
992000
unkown
page read and write
 clean
7FF5E1218000
unkown image
page readonly
 clean
272EE400000
unkown image
page readonly
 clean
22374125000
heap private
page read and write
 clean
20DD9313000
unkown
page read and write
 clean
7F342000
unkown image
page readonly
 clean
7FF4F1F74000
unkown image
page readonly
 clean
208E3108000
unkown
page read and write
 clean
8F0000
unkown
page read and write
 clean
275B000
unkown image
page readonly
 clean
7FF5D27A3000
unkown image
page readonly
 clean
7DF405380000
unkown image
page readonly
 clean
272EE23A000
unkown
page read and write
 clean
208E3580000
unkown image
page readonly
 clean
20DD9229000
unkown
page read and write
 clean
4504000
heap private
page read and write
 clean
7FF58DF95000
unkown image
page readonly
 clean
7FF4F22DB000
unkown image
page readonly
 clean
259A46D9000
unkown
page read and write
 clean
7DF5B2292000
unkown image
page readonly
 clean
7FF4F1F78000
unkown image
page readonly
 clean
7FF4F20BE000
unkown image
page readonly
 clean
7FF4F20DE000
unkown image
page readonly
 clean
973000
heap default
page read and write
 clean
272EE247000
unkown
page read and write
 clean
136E1B50000
unkown
page read and write
 clean
7FF58E000000
unkown image
page readonly
 clean
7FF5E10F1000
unkown image
page readonly
 clean
91AFBFE000
stack
page read and write
 clean
2C20000
unkown image
page readonly
 clean
7FF512223000
unkown image
page readonly
 clean
136E1CA0000
unkown
page read and write
 clean
7FF4F1FE1000
unkown image
page readonly
 clean
7FF5D2815000
unkown image
page readonly
 clean
7FF4F1BBF000
unkown image
page readonly
 clean
7FF22000
unkown image
page readonly
 clean
28A9000
unkown image
page readonly
 clean
208E2E10000
heap default
page read and write
 clean
7DF5074C0000
unkown image
page readonly
 clean
160DE702000
unkown
page read and write
 clean
7FF58E02D000
unkown image
page readonly
 clean
7FF5D2379000
unkown image
page readonly
 clean
136DC88E000
unkown
page read and write
 clean
7FF58DFF6000
unkown image
page readonly
 clean
22681229000
unkown
page read and write
 clean
90039FC000
stack
page read and write
 clean
7FF4F1B0A000
unkown image
page readonly
 clean
272EE240000
unkown
page read and write
 clean
22681000000
heap private
page read and write
 clean
7FAD0000
unkown image
page readonly
 clean
226811A0000
unkown image
page write copy
 clean
4FB000
unkown
page read and write
 clean
7FF5E1455000
unkown image
page readonly
 clean
136E1C78000
unkown
page read and write
 clean
136E1DA0000
unkown
page read and write
 clean
7FF5E1417000
unkown image
page readonly
 clean
7FF58DFEF000
unkown image
page readonly
 clean
EF510FD000
stack
page read and write
 clean
7FF4F1DB3000
unkown image
page readonly
 clean
190F6FD0000
unkown
page read and write
 clean
91AF67E000
stack
page read and write
 clean
7FF4F198E000
unkown image
page readonly
 clean
7DF5074C2000
unkown image
page readonly
 clean
91AF9F7000
stack
page read and write
 clean
136DDAD0000
unkown
page read and write
 clean
A60000
unkown image
page readonly
 clean
2860000
unkown image
page readonly
 clean
136E1DD0000
unkown
page read and write
 clean
7DF5D35B0000
unkown image
page readonly
 clean
7FF4F1ACC000
unkown image
page readonly
 clean
AB7827E000
stack
page read and write
 clean
D1BC6FF000
stack
page read and write
 clean
22374330000
unkown image
page readonly
 clean
7FF4F1D9F000
unkown image
page readonly
 clean
272EE284000
unkown
page read and write
 clean
7FF5E14FD000
unkown image
page readonly
 clean
9B0000
unkown
page read and write
 clean
259A46A5000
unkown
page read and write
 clean
7FF59B53D000
unkown image
page readonly
 clean
136DC892000
unkown
page read and write
 clean
20DD9850000
unkown image
page readonly
 clean
208BB813000
unkown
page read and write
 clean
283E000
unkown image
page readonly
 clean
190F6330000
unkown
page read and write
 clean
2D4C000
unkown
page read and write
 clean
160DEB80000
unkown image
page readonly
 clean
7DF565600000
unkown image
page readonly
 clean
226812CD000
unkown
page read and write
 clean
2899000
unkown image
page readonly
 clean
7FF59C887000
unkown image
page readonly
 clean
B4ED77E000
stack
page read and write
 clean
272EE242000
unkown
page read and write
 clean
7DF565602000
unkown image
page readonly
 clean
7FF4F21A0000
unkown image
page readonly
 clean
7FF4F22BB000
unkown image
page readonly
 clean
9003FFF000
stack
page read and write
 clean
7FF4F1E94000
unkown image
page readonly
 clean
7FF5E150B000
unkown image
page readonly
 clean
7FF58DF73000
unkown image
page readonly
 clean
136DC829000
unkown
page read and write
 clean
259A4B80000
unkown image
page readonly
 clean
7DF5D35C2000
unkown image
page readonly
 clean
20DD9302000
unkown
page read and write
 clean
7FF5E1427000
unkown image
page readonly
 clean
There are 1332 hidden memdumps, click here to show them.