IOC Report

loading gif

Files

File Path
Type
Category
Malicious
mATFWhYtPk.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.log
MPEG-4 LOAS
dropped
 clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage user DataBase, version 0x620, checksum 0xe2860433, page size 16384, DirtyShutdown, Windows version 10.0
dropped
 clean
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\www.msn[2].xml
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IB42RK38\contextual.media[1].xml
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F0A62C4E-5414-11EC-90E5-ECF4BB2D2496}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0A62C50-5414-11EC-90E5-ECF4BB2D2496}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\2d-0e97d4-185735b[1].css
UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AA5Wkdg[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AANuZgF[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAOdxvW[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAPXV6f[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAQCgDb[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARfw7b[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
modified
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlAkD[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlHk9[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlo9i[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARm3dD[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARm6r5[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARmt9G[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARmvNW[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1cEP3G[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1ftEY0[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1kKVy[1].png
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BBH3Kvo[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\a8a064[2].gif
GIF image data, version 89a, 28 x 28
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\checksync[1].htm
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\de-ch[1].json
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\e151e5[1].gif
GIF image data, version 89a, 1 x 1
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\iab2Data[1].json
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\nrrV52461[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otTCF-ie[1].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAKp8YX[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAPwesU[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQby46[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARjTo7[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARl0hy[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlJ4T[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlMfv[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlt06[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARluon[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARm0KA[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\BB1gyTJJ[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\BB7gRE[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[3].htm
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[4].htm
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[5].htm
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\medianet[1].htm
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\medianet[2].htm
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\nrrV52461[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\otBannerSdk[1].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\otSDKStub[1].js
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\17-361657-68ddb2ab[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\4996b9[1].woff
Web Open Font Format, TrueType, length 45633, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\55a804ab-e5c6-4b97-9319-86263d365d28[2].json
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AA6wTdK[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAMqFmF[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARkL8h[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlNEA[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlOdR[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlY5u[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlk9e[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlmVR[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARm1Gs[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARmagQ[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARmqzU[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAuTnto[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\BB1gyWh5[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\BB6Ma4a[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\a5ea21[1].ico
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\cfdbd9[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\otCommonStyles[1].css
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\otFlat[1].json
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\otPcCenter[1].json
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\52-478955-68ddb2ab[1].js
UTF-8 Unicode text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAPFmi4[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAPwrS4[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlAXA[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlK6L[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlKWc[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlKcO[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlT6t[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlU0z[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlvai[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARm3Az[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARm6Wm[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmbBr[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmdP1[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARme8P[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmger[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmlyN[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmyym[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1aXBV1[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1cG73h[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB7hg4[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BBK9Hzy[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BBPfCZL[1].png
GIF image data, version 89a, 50 x 50
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BBVuddh[2].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BBX2afX[2].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\de-ch[1].htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jquery-2.1.1.min[1].js
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF4AB291A385B95D5D.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFF3249FCAE5CBA117.TMP
data
dropped
 clean
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
ASCII text, with no line terminators
dropped
 clean
There are 105 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,DllRegisterServer
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,asbiqstaeqzsycc
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\mATFWhYtPk.dll,atwuhkycfybkj
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Uexmfpkplvbbrf\jerrpf.tlt",SfMITlqpKAP
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
 malicious
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",DllRegisterServer
 malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll"
 clean
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\mATFWhYtPk.dll",#1
 clean
C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s C:\Users\user\Desktop\mATFWhYtPk.dll
 clean
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5868 CREDAT:17410 /prefetch:2
 clean
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
 clean
There are 6 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://assets.msn.com/staticsb/statics/latest/oneTrust/1.2/consent/55a804ab-e5c6-4b97-9319-86263d36
unknown
 clean
http://searchads.msn.net/.cfm?&&kp=1&
unknown
 clean
https://contextual.media.net/medianet.php?cid=8CU157172
unknown
 clean
https://www.msn.com/de-ch/nachrichten/coronareisen
unknown
 clean
https://www.msn.com/de-ch/news/other/z%c3%bcrich-zahlt-f%c3%bcr-gr%c3%bcne-hausw%c3%a4nde/ar-AARnq3Z
unknown
 clean
https://contextual.media.net/rtbsmpubs.php?&gdpr=0&gdprconsent=1&usp_enf=1&usp_status=0&cid=8HBI57XIG&region=nv&ptrid=8PR68Q253&requestString=670468743*4%7C300x250%7C8CU157172%7C858412214%7C&crid=670468743&sd=1&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&bl=1&rt=5&dn=https://contextual.media.net&https=1&act=headerBid&prvReqId=655139198087331261638520979902&erTr=0&hlt=1&ugd=4&adt=desktop&tr=0.17810036448631755&ndec=1&scrsize=1280x1024&taginfo=%7B%7D&pageinfo=%7B%22vw%22%3A284%2C%22vh%22%3A271%2C%22ph%22%3A271%7D&itype=HB-CM&cc=CH&rc=ZH&ct=ZURICH&bt=1&gcp=1&isRefresh=0&callback=window.hbCMBidxc.rtbsheaderBid3S0
23.211.6.95
 clean
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
unknown
 clean
https://onedrive.live.com;Fotos
unknown
 clean
https://www.msn.com/de-ch/sport?ocid=StripeOCID
unknown
 clean
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&auth=1&wdorigin=msn
unknown
 clean
https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
unknown
 clean
http://ogp.me/ns/fb#
unknown
 clean
https://www.botman.ninja/privacy-policy
unknown
 clean
https://outlook.live.com/mail/deeplink/compose;Kalender
unknown
 clean
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
unknown
 clean
https://www.msn.com/de-ch/news/other/traurig-und-primitiv-rettungswagen-w%c3%a4hrend-einsatz-verspra
unknown
 clean
https://www.queryclick.com/privacy-policy
unknown
 clean
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
unknown
 clean
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
unknown
 clean
https://www.msn.com/de-ch/news/other/wird-etwas-enger-im-bus-werden-die-kapazit%c3%a4t-aber-stemmen-
unknown
 clean
http://www.reddit.com/
unknown
 clean
https://www.skype.com/
unknown
 clean
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
unknown
 clean
https://www.msn.com/de-ch/nachrichten/regional
unknown
 clean
https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic-data/sdi-datenschutz-b2c
unknown
 clean
https://onedrive.live.com/?qt=allmyphotos;Aktuelle
unknown
 clean
https://www.msn.com/de-ch/news/other/die-provisorische-kantonsschule-auf-dem-irchel-kann-2024-starte
unknown
 clean
https://amzn.to/2TTxhNg
unknown
 clean
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
unknown
 clean
https://client-s.gateway.messenger.live.com
unknown
 clean
https://secure.adnxs.com/clktrb?id=764680&t=1
unknown
 clean
https://www.msn.com/de-ch/
unknown
 clean
https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
unknown
 clean
http://crl.ver)
unknown
 clean
https://www.msn.com/de-ch/news/other/lage-dramatisch-zugespitzt-%c3%b6v-in-winterthur-wird-teilweise
unknown
 clean
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
23.211.6.95
 clean
https://contextual.media.net/803288796/fcmain.js?cb=window._mNDetails.initAd&&gdpr=0&cid=8CU157172&cpcd=pC3JHgSCqY8UHihgrvGr0A%3D%3D&crid=722878611&size=306x271&cc=CH&https=1&vif=2&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&nse=5&vi=1638488555296348136&ugd=4&rtbs=1&nb=1
23.211.6.95
 clean
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=5&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp
23.211.6.95
 clean
https://www.msn.com/de-ch
unknown
 clean
https://www.tippsundtricks.co/gesundheit/stueck-seife-bettwasche/?utm_campaign=DECH-bedsoap&utm_
unknown
 clean
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
unknown
 clean
https://twitter.com/i/notifications;Ich
unknown
 clean
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
unknown
 clean
https://contextual.media.net/48/nrrV52461.js
23.211.6.95
 clean
https://nextmillennium.io/privacy-policy/
unknown
 clean
https://silvermob.com/privacy
unknown
 clean
https://browser.events.data.msn.com/OneCollector/1.0/t.js?qsp=true&anoncknm=%22%22&name=%22MS.News.W
unknown
 clean
https://clkde.tradedoubler.com/click?p=273363&a=3064090&g=24940322
unknown
 clean
https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
unknown
 clean
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=6&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp
23.211.6.95
 clean
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
unknown
 clean
http://www.youtube.com/
unknown
 clean
http://ogp.me/ns#
unknown
 clean
https://www.linkedin.com:443/news/story/gibt-es-einen-impfstoffmangel-5630362/?li=BBqfZdV
unknown
 clean
https://lg3.media.net/bping.php?&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=858412214&vi=1638488555656014322&ugd=4&lf=6&cc=CH&sc=ZH&lper=50&wsip=2886781044&r=1638520979551&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vgd_l2type=setting&vgd_sbSup=0&vgd_is_amp=0&vgd_asn=60068&vgd_rakh=1638488555181756319&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fmedianet.php&vgd_pgid=p11306311666t202112030842&vgd_pgids=1&vgd_gdprcs=1&vgd_uspa=0&hvsid=00001638520979548014104136331645&gdpr=0&vgd_end=1
23.211.6.95
 clean
https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&hl=de-ch&refer
unknown
 clean
https://msasg.visualstudio.com/Shared%20Data/_git/1DS.JavaScript?version=GBnubenja%2Fcustom-package
unknown
 clean
https://onedrive.live.com/?qt=mru;OneDrive-App
unknown
 clean
https://www.skype.com/de
unknown
 clean
https://www.tippsundtricks.co/lifehacks/schwamm-kuhlschrank/?utm_campaign=DECH-schwamm&utm_sourc
unknown
 clean
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
unknown
 clean
https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?"
unknown
 clean
https://www.skype.com/de/download-skype
unknown
 clean
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
unknown
 clean
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
unknown
 clean
https://onedrive.live.com;OneDrive-App
unknown
 clean
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_office&
unknown
 clean
https://www.msn.com/de-ch/news/other/erste-best%c3%a4tigte-ansteckung-zwei-weitere-verdachtsf%c3%a4l
unknown
 clean
https://clkde.tradedoubler.com/click?p=295926&a=3064090&g=24886692
unknown
 clean
https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
unknown
 clean
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
unknown
 clean
http://www.amazon.com/
unknown
 clean
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
unknown
 clean
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=7479&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp
23.211.6.95
 clean
http://www.twitter.com/
unknown
 clean
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
unknown
 clean
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C117%2C184%2C188%2C203%2C226%2C246%2C2030%2C2033%2C3018&itype=HB-CM&rtime=1053&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usp
23.211.6.95
 clean
https://cdn.cookielaw.org/vendorlist/googleData.json
unknown
 clean
https://outlook.com/
unknown
 clean
https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png"
unknown
 clean
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
unknown
 clean
https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
unknown
 clean
https://cdn.cookielaw.org/vendorlist/iabData.json
unknown
 clean
https://onedrive.live.com/?qt=mru;Aktuelle
unknown
 clean
https://www.msn.com/de-ch/?ocid=iehp
unknown
 clean
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
unknown
 clean
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
unknown
 clean
https://doceree.com/.well-known/deviceStorage.json
unknown
 clean
http://www.nytimes.com/
unknown
 clean
https://www.bidstack.com/privacy-policy/
unknown
 clean
https://onedrive.live.com/about/en/download/
unknown
 clean
https://www.tippsundtricks.co/lifehacks/kochendes-wasser-auto/?utm_campaign=DECH-cardent&utm_sou
unknown
 clean
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
unknown
 clean
https://www.msn.com/de-ch/news/other/kanton-verteidigt-finanzielle-beteiligung-am-kunstprojekt/ar-AA
unknown
 clean
https://www.msn.com/de-ch/news/other/kanton-best%c3%a4tigt-ersten-omikron-fall-in-z%c3%bcrich/ar-AAR
unknown
 clean
https://twitter.com/
unknown
 clean
https://lg3.media.net/bqi.php?lf=5&&vgd_l2type=setting&pid=8PO8WH2OT&cme=wKMzE5aEf1C7W8c2Zu-wR6W8-LV6OuNn5M8-l7xIv5OFVIrj5gO7h1h0qwkXsk1YkKHiWm6OwnS8YdF7hxOqVy4gI-Di5bXqA_L7Nj1Gg-bLo1QZupPE9_lkGVq8LafeqNrLclh8bDzLkZpLway17PoLJDHoGdSHRiqjLFunN_rSbZHJFAjGFIv7F87z8XmJ-E7BhMXbxjXouwQLvaGa-ShCB3oRwwh8||NDHRnZ9Gz3KXlI-i9OnZqQ==|5gDUJdTGiJzedmq9hanWYg==|sRBSg3CPSiQ=|YdjFvixrVaHKWoanJxQ7pN1u-FbdnHzrNjhpugAcObH3UBK3ulwAWl7Dk2fLSIhhcacW0wejpmUUSEEp7HvKRQ==|N7fu2vKt8_s=|2Vo1csK06ElQVm9wtd7kmyhUd8oCSycUmnOt-CKThRGW5B7OtbhnTLfgAjgMfKS9GxuAl0hmLh7h59eRacx_zlI1mhj_yGBtc0wpPjW7ZYHmZRI-Qs46jvsASGwtenQv5_6kd41JpbzUVoJx6JhY_2c-CqKREqoxgJ7iifrLoawE2O9aRy41se9ZHO7dRZ1TuzVy17bY00rUzIYODMSLh1Pcyr8slxcI|&gdpr=0&prid=8PRVV7640&cid=8CU157172&crid=858412214&requrl=https%3A%2F%2Fwww.msn.com%2Fde-ch%2F%3Focid%3Diehp&vi=1638488555656014322&ugd=4&cc=CH&sc=ZH&bdrid=4&startTime=1638520979055&l2type=setting&vgd_l1rakh=1638488555181756319&l1ch=1&sttm=1638520979548&upk=1638520976.1854&hvsid=00001638520979548014104136331645&verid=9999999&vgd_sc=ZH&infr=1&twna=1&vgd_hbReqId=T1638483495C8S22U926&l1hcsd=l1!N4|8028&vgd_l1rhst=contextual.media.net&vgd_gdprcs=1&vgd_uspa=0&vgd_isiolc=0&clp=%7B%7D&cl=%7B%7D&rtbsd=10&bidData=sd2%3Dnull~bb%3D186~vv%3D0~erpm%3D0.03~ogerpm%3D0.03~MFB%3D2jo~smm_bid%3D0.02~bm%3D1~smm_sd%3D2021120121~sid%3D858412214~sd%3D1~uid%3D2IaaJtXbXqos4SCzmA~dc2%3D1~btd%3D14241703836931763290446355943300556902506328540099388593272215750316032~scd%3Dzh~uim%3D464908~url_tkc%3D0~ss%3D1280x1024~uiw%3D100~ce%3D1~xgb_sd%3D2021101600~last%3D0~CI%3D2624~ip%3D1xrX0Z~fbb%3D0~riipua%3D0%2C0~xgb_nt%3D101~nts%3D1~tb%3D-1~et%3D27~ct%3Dzurich~rc%3D6%2C0~basis2%3D196~url_b%3D0.03~basis1%3D196~isRef%3D0~lc%3D0~url_tvi%3D0~smm_wr%3D2.2127~url_l%3D50~xgboost_b%3D0.92~bid%3D0.02~xgb_b%3D0.92~dc%3D8~gcat%3D500884~ogbid%3D0.02%7C%7Ccbdp%3D0.02%7C%7Cbflag%3D0%7C%7Csobp%3D0%7C%7Cddiv%3D%25%25DFP_DIV%25%25%7C%7Cdmm%3D%25%25DMS_STRATEGY%25%25%7C%7Cdtc%3Dnydc%7C%7Cabte%3DCONTROL%7C%7Chsw%3D%25%25HAS_SECOND_WINNER%25%25~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D300x250~bsb%3D0~bsp%3D0~tmx%3D200&matchString=hr%3D0&l2ch=1&l2wsip=170721631&sethcsd=set!A18%7C8013&vgd_pgid=p11306311666t202112030842&vgd_pgids=1
23.211.6.95
 clean
https://www.stroeer.de/ssp-datenschutz
unknown
 clean
https://optimise-it.de/datenschutz
unknown
 clean
https://smartyads.com/privacy-policy
unknown
 clean
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
contextual.media.net
23.211.6.95
 clean
hblg.media.net
23.211.6.95
 clean
lg3.media.net
23.211.6.95
 clean
assets.msn.com
unknown
 clean
www.msn.com
unknown
 clean
browser.events.data.msn.com
unknown
 clean

IPs

IP
Domain
Country
Malicious
23.211.6.95
contextual.media.net
United States
clean
127.0.0.1
unknown
unknown
clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{F0A62C4E-5414-11EC-90E5-ECF4BB2D2496}
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Blocked
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListPingLastYMD
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListPingBitmap
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListPingRandomizedBitmap
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion
NextUpdateDate
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\msn.com
NumberOfSubdomains
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
 clean
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\ci.dll,-100
 clean
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\ci.dll,-101
 clean
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
 clean
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
 clean
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
 clean
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\System32\wuaueng.dll,-400
 clean
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
 clean
HKEY_USERSS-1-5-19\Software\Classes\Local Settings\MuiCache\f0\52C64B7E
@%SystemRoot%\system32\NgcRecovery.dll,-100
 clean
There are 87 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2CC0000
unkown image
page readonly
 clean
2AC0000
heap default
page read and write
 clean
23AE000
unkown image
page readonly
 clean
24A8000
unkown image
page readonly
 clean
7FE62000
unkown image
page readonly
 clean
A83000
stack
page execute and read and write
 clean
25AA000
heap default
page read and write
 clean
7FAB0000
unkown image
page readonly
 clean
1E75000
unkown image
page readonly
 clean
7FF5555DA000
unkown image
page readonly
 clean
36C0000
unkown image
page readonly
 clean
2E80000
unkown image
page readonly
 clean
21CD000
unkown image
page readonly
 clean
2D20000
unkown image
page readonly
 clean
2A5F000
unkown image
page readonly
 clean
30A0000
heap default
page read and write
 clean
8F4157F000
stack
page read and write
 clean
23DB000
unkown image
page readonly
 clean
2B70000
unkown image
page read and write
 clean
A60000
stack
page execute and read and write
 clean
7F7D2000
unkown image
page readonly
 clean
7FF555798000
unkown image
page readonly
 clean
2D38000
unkown
page read and write
 clean
2392DCD0000
unkown image
page readonly
 clean
25E0000
unkown
page read and write
 clean
1FF80000000
unkown
page read and write
 clean
2AED000
unkown
page read and write
 clean
28EB000
unkown image
page readonly
 clean
7FF550D9B000
unkown image
page readonly
 clean
7FF56BD08000
unkown image
page readonly
 clean
51CC000
stack
page read and write
 clean
2392D4D0000
unkown image
page readonly
 clean
510E000
stack
page read and write
 clean
2392D5F0000
unkown
page read and write
 clean
2CC0000
unkown image
page readonly
 clean
29F3000
unkown image
page readonly
 clean
2B43000
stack
page execute and read and write
 clean
1FFFFAA0000
unkown image
page readonly
 clean
20000260000
unkown
page read and write
 clean
2DE0000
unkown image
page readonly
 clean
7DF575C90000
unkown image
page readonly
 clean
7F1F2000
unkown image
page readonly
 clean
2C90000
unkown image
page readonly
 clean
4FCE000
stack
page read and write
 clean
8F4177C000
stack
page read and write
 clean
120000
unkown
page read and write
 clean
7FE70000
unkown image
page readonly
 clean
7FF5550E7000
unkown image
page readonly
 clean
7F120000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
7F7E2000
unkown image
page readonly
 clean
2CC0000
unkown image
page readonly
 clean
2A60000
unkown image
page readonly
 clean
3340000
unkown image
page readonly
 clean
299F000
stack
page read and write
 clean
20000221000
unkown
page read and write
 clean
1FFFEA29000
unkown
page read and write
 clean
5D0000
unkown image
page readonly
 clean
2C40000
unkown image
page readonly
 clean
21E0000
unkown image
page readonly
 clean
7FF555598000
unkown image
page readonly
 clean
2A30000
unkown image
page readonly
 clean
1D75000
unkown image
page readonly
 clean
21C2000
unkown image
page readonly
 clean
7FF55567D000
unkown image
page readonly
 clean
285E000
unkown
page read and write
 clean
7FA80000
unkown image
page readonly
 clean
7FF56BDEF000
unkown image
page readonly
 clean
2000020E000
unkown
page read and write
 clean
3060000
heap private
page read and write
 clean
7FBC0000
unkown image
page readonly
 clean
1FFFF200000
unkown
page read and write
 clean
7F690000
unkown image
page readonly
 clean
1E47000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
2443000
unkown image
page readonly
 clean
7FA70000
unkown image
page readonly
 clean
2DC0000
unkown image
page readonly
 clean
200002E0000
unkown
page read and write
 clean
2D60000
unkown image
page readonly
 clean
5CC0000
heap private
page read and write
 clean
7FF55567A000
unkown image
page readonly
 clean
35C0000
unkown image
page readonly
 clean
7FF5554A5000
unkown image
page readonly
 clean
2415000
unkown image
page readonly
 clean
2392D4F0000
unkown image
page readonly
 clean
7FAA2000
unkown image
page readonly
 clean
7F250000
unkown image
page readonly
 clean
2B8A000
heap default
page read and write
 clean
7FF56BEF7000
unkown image
page readonly
 clean
21E0000
unkown image
page readonly
 clean
2780000
unkown
page read and write
 clean
7FBE0000
unkown image
page readonly
 clean
6F239000
unkown image
page readonly
 clean
9C000
unkown
page read and write
 clean
7F1F0000
unkown image
page readonly
 clean
335E000
stack
page read and write
 clean
8F41079000
stack
page read and write
 clean
2A00000
unkown image
page readonly
 clean
7DF575CA2000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
2A0B000
unkown image
page readonly
 clean
7F690000
unkown image
page readonly
 clean
2DC0000
unkown
page read and write
 clean
2C04000
unkown
page read and write
 clean
2A20000
heap private
page read and write
 clean
3580000
unkown image
page readonly
 clean
8F4167F000
stack
page read and write
 clean
4CC000
unkown
page read and write
 clean
26C0000
unkown image
page readonly
 clean
21E0000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
7FE50000
unkown image
page readonly
 clean
296E000
unkown image
page readonly
 clean
2D10000
unkown image
page read and write
 clean
7FF56B72C000
unkown image
page readonly
 clean
1F12000
unkown image
page readonly
 clean
2FD3000
stack
page execute and read and write
 clean
7FE60000
unkown image
page readonly
 clean
2C1F000
unkown image
page readonly
 clean
1FFFE8C0000
unkown image
page readonly
 clean
7FA90000
unkown image
page readonly
 clean
2284000
unkown image
page readonly
 clean
2CA0000
unkown image
page readonly
 clean
7FB70000
unkown image
page readonly
 clean
2A68000
unkown image
page readonly
 clean
7FF555432000
unkown image
page readonly
 clean
2948000
unkown image
page readonly
 clean
518E000
stack
page read and write
 clean
7FAD0000
unkown image
page readonly
 clean
3780000
unkown image
page readonly
 clean
7FE70000
unkown image
page readonly
 clean
6F24B000
unkown image
page read and write
 clean
840000
unkown image
page readonly
 clean
7FB52000
unkown image
page readonly
 clean
32C0000
heap default
page read and write
 clean
26C0000
unkown image
page readonly
 clean
2DF0000
unkown image
page readonly
 clean
2912000
unkown image
page readonly
 clean
200000F7000
unkown
page read and write
 clean
2A15000
unkown image
page readonly
 clean
7FBE0000
unkown image
page readonly
 clean
9B1000
heap default
page read and write
 clean
DB000
unkown
page read and write
 clean
2084000
unkown image
page readonly
 clean
1F0E000
unkown image
page readonly
 clean
7FAA0000
unkown image
page readonly
 clean
7F7D2000
unkown image
page readonly
 clean
7FF56BEBB000
unkown image
page readonly
 clean
21A0000
unkown image
page readonly
 clean
2580000
unkown image
page readonly
 clean
7F922000
unkown image
page readonly
 clean
2392D630000
heap default
page read and write
 clean
100000
unkown
page read and write
 clean
2910000
heap default
page read and write
 clean
2392D860000
unkown
page read and write
 clean
7F7F0000
unkown image
page readonly
 clean
6F24E000
unkown image
page readonly
 clean
2392E430000
unkown
page read and write
 clean
3190000
unkown image
page readonly
 clean
2392D4C0000
unkown
page read and write
 clean
7FB70000
unkown image
page readonly
 clean
33C0000
unkown image
page readonly
 clean
2BE0000
unkown image
page readonly
 clean
283E000
unkown image
page readonly
 clean
2A0D000
unkown image
page readonly
 clean
7FF555693000
unkown image
page readonly
 clean
7FB60000
unkown image
page readonly
 clean
7FF55574E000
unkown image
page readonly
 clean
1ED5000
unkown image
page readonly
 clean
1EF6000
unkown image
page readonly
 clean
2435000
unkown image
page readonly
 clean
1D1A000
unkown image
page readonly
 clean
7FB70000
unkown image
page readonly
 clean
2760000
unkown image
page readonly
 clean
23AD000
unkown image
page readonly
 clean
7FBD0000
unkown image
page readonly
 clean
290E000
unkown image
page readonly
 clean
2392D67E000
unkown
page read and write
 clean
2392D697000
heap default
page read and write
 clean
243B000
unkown
page read and write
 clean
7FF5557E3000
unkown image
page readonly
 clean
2488000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
7FB60000
unkown image
page readonly
 clean
7FF5557D1000
unkown image
page readonly
 clean
7F202000
unkown image
page readonly
 clean
2F1B000
unkown
page read and write
 clean
3000000
stack
page execute and read and write
 clean
2A36000
unkown image
page readonly
 clean
2CA0000
unkown image
page readonly
 clean
2DE0000
unkown image
page readonly
 clean
228D000
unkown image
page readonly
 clean
2BF0000
unkown image
page readonly
 clean
1F48000
unkown image
page readonly
 clean
1FFFF890000
unkown image
page read and write
 clean
7F692000
unkown image
page readonly
 clean
7F6A0000
unkown image
page readonly
 clean
348A000
heap default
page read and write
 clean
7FF56BEA1000
unkown image
page readonly
 clean
7F240000
unkown image
page readonly
 clean
1FFFF300000
unkown
page read and write
 clean
2AB2000
unkown image
page readonly
 clean
2E02000
unkown
page read and write
 clean
23B1000
unkown image
page readonly
 clean
7FB50000
unkown image
page readonly
 clean
7FAC0000
unkown image
page readonly
 clean
7FAD0000
unkown image
page readonly
 clean
2637000
unkown
page read and write
 clean
3080000
unkown
page read and write
 clean
2AC4000
unkown image
page readonly
 clean
7F7F0000
unkown image
page readonly
 clean
2B80000
unkown image
page readonly
 clean
1E6A000
unkown image
page readonly
 clean
7F6A0000
unkown image
page readonly
 clean
2590000
unkown image
page readonly
 clean
3E7F000
stack
page read and write
 clean
2590000
unkown image
page readonly
 clean
7FF55510E000
unkown image
page readonly
 clean
2924000
unkown image
page readonly
 clean
3180000
heap private
page read and write
 clean
1F48000
unkown image
page readonly
 clean
2B38000
unkown image
page readonly
 clean
1FFFEA8C000
unkown
page read and write
 clean
7FF55588D000
unkown image
page readonly
 clean
2392E410000
unkown
page readonly
 clean
7FF56B640000
unkown image
page readonly
 clean
327B000
unkown
page read and write
 clean
7F130000
unkown image
page readonly
 clean
2CC0000
unkown image
page readonly
 clean
2A28000
unkown image
page readonly
 clean
3510000
unkown image
page readonly
 clean
2A52000
unkown image
page readonly
 clean
7F7F0000
unkown image
page readonly
 clean
2484000
unkown image
page readonly
 clean
2B20000
stack
page execute and read and write
 clean
200000A3000
unkown
page read and write
 clean
2D70000
unkown image
page readonly
 clean
E0000
unkown image
page readonly
 clean
1FFFFA70000
unkown image
page readonly
 clean
7F7D0000
unkown image
page readonly
 clean
7F940000
unkown image
page readonly
 clean
7FAC2000
unkown image
page readonly
 clean
7FE50000
unkown image
page readonly
 clean
1F1F000
unkown image
page readonly
 clean
940000
unkown image
page readonly
 clean
2660000
unkown image
page readonly
 clean
22D5000
unkown image
page readonly
 clean
2421000
unkown image
page readonly
 clean
7F6A2000
unkown image
page readonly
 clean
2760000
unkown image
page readonly
 clean
7F6A0000
unkown image
page readonly
 clean
3130000
heap default
page read and write
 clean
21A7000
unkown image
page readonly
 clean
1FFFF481000
unkown
page read and write
 clean
7F7D0000
unkown image
page readonly
 clean
2EB2000
unkown
page read and write
 clean
7FB50000
unkown image
page readonly
 clean
2F40000
unkown image
page readonly
 clean
328B000
unkown
page read and write
 clean
2AF5000
unkown
page read and write
 clean
50CD000
stack
page read and write
 clean
2FA0000
unkown image
page readonly
 clean
7F922000
unkown image
page readonly
 clean
299B000
unkown image
page readonly
 clean
28C4000
unkown image
page readonly
 clean
28C1000
unkown image
page readonly
 clean
2A44000
unkown image
page readonly
 clean
7FE60000
unkown image
page readonly
 clean
2E3A000
unkown
page read and write
 clean
2BF6000
unkown image
page readonly
 clean
7F202000
unkown image
page readonly
 clean
7FF555785000
unkown image
page readonly
 clean
2B80000
unkown image
page readonly
 clean
7F110000
unkown image
page readonly
 clean
2BC1000
unkown image
page readonly
 clean
2170000
unkown image
page readonly
 clean
2AED000
unkown
page read and write
 clean
7F7E0000
unkown image
page readonly
 clean
2463000
unkown image
page readonly
 clean
7FF56BC7C000
unkown image
page readonly
 clean
1EFE000
unkown image
page readonly
 clean
21B1000
unkown image
page readonly
 clean
2392D8B0000
heap private
page read and write
 clean
3230000
heap private
page read and write
 clean
292D000
unkown image
page readonly
 clean
2392D740000
unkown image
page readonly
 clean
2D70000
unkown image
page readonly
 clean
2D80000
unkown
page read and write
 clean
2AEA000
unkown
page read and write
 clean
6F239000
unkown image
page readonly
 clean
1FFFFF60000
unkown
page read and write
 clean
7F6B0000
unkown image
page readonly
 clean
1FFFE9F0000
unkown
page read and write
 clean
7FAC2000
unkown image
page readonly
 clean
7FF555683000
unkown image
page readonly
 clean
1ED5000
unkown image
page readonly
 clean
7FA90000
unkown image
page readonly
 clean
2E90000
unkown image
page readonly
 clean
20000100000
unkown
page read and write
 clean
7FF555802000
unkown image
page readonly
 clean
2DC0000
unkown image
page readonly
 clean
200000FB000
unkown
page read and write
 clean
2991000
unkown image
page readonly
 clean
7FF555402000
unkown image
page readonly
 clean
227F000
unkown image
page readonly
 clean
24E0000
unkown image
page readonly
 clean
7F7E2000
unkown image
page readonly
 clean
2A40000
heap private
page read and write
 clean
1FFFEB13000
unkown
page read and write
 clean
7FF5555D6000
unkown image
page readonly
 clean
7F920000
unkown image
page readonly
 clean
7F690000
unkown image
page readonly
 clean
286A000
unkown image
page readonly
 clean
1FFFF1E3000
unkown
page read and write
 clean
285A000
unkown
page read and write
 clean
2D60000
unkown image
page readonly
 clean
7FF5555AF000
unkown image
page readonly
 clean
225E000
unkown image
page readonly
 clean
2F80000
unkown
page read and write
 clean
2488000
unkown image
page readonly
 clean
200002E0000
unkown
page read and write
 clean
7FAD0000
unkown image
page readonly
 clean
21E0000
unkown image
page readonly
 clean
7FB60000
unkown image
page readonly
 clean
7FB70000
unkown image
page readonly
 clean
2392D8B9000
heap private
page read and write
 clean
7FBC0000
unkown image
page readonly
 clean
31C0000
unkown image
page readonly
 clean
1F48000
unkown image
page readonly
 clean
25A0000
heap default
page read and write
 clean
20AD000
unkown image
page readonly
 clean
7FE52000
unkown image
page readonly
 clean
7FF5555C2000
unkown image
page readonly
 clean
7FAC0000
unkown image
page readonly
 clean
7F7D0000
unkown image
page readonly
 clean
29F5000
unkown image
page readonly
 clean
313E000
stack
page read and write
 clean
7FF555887000
unkown image
page readonly
 clean
258E000
stack
page read and write
 clean
2BD5000
unkown image
page readonly
 clean
FB0000
unkown image
page readonly
 clean
6F201000
unkown image
page execute read
 clean
1FFFE880000
unkown image
page read and write
 clean
6F239000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
291F000
unkown image
page readonly
 clean
2F06000
unkown
page read and write
 clean
7FA72000
unkown image
page readonly
 clean
7DF575CA0000
unkown image
page readonly
 clean
29B0000
unkown image
page readonly
 clean
30F0000
unkown
page read and write
 clean
20000220000
unkown
page read and write
 clean
3350000
heap default
page read and write
 clean
277B000
unkown
page read and write
 clean
322A000
heap default
page read and write
 clean
2452000
unkown image
page readonly
 clean
7F112000
unkown image
page readonly
 clean
2456000
unkown image
page readonly
 clean
2864000
unkown image
page readonly
 clean
2D5B000
unkown
page read and write
 clean
2D60000
unkown image
page readonly
 clean
2A0A000
unkown image
page readonly
 clean
7F110000
unkown image
page readonly
 clean
1F48000
unkown image
page readonly
 clean
7FF5557B0000
unkown image
page readonly
 clean
1FFFEE00000
unkown image
page readonly
 clean
2392D4B0000
unkown image
page read and write
 clean
7FE60000
unkown image
page readonly
 clean
29BB000
unkown image
page readonly
 clean
2CB0000
unkown image
page read and write
 clean
7FE60000
unkown image
page readonly
 clean
29E1000
unkown image
page readonly
 clean
7FF5557DF000
unkown image
page readonly
 clean
2770000
unkown image
page readonly
 clean
283A000
heap default
page read and write
 clean
2B38000
unkown image
page readonly
 clean
2392D610000
unkown
page read and write
 clean
1EC1000
unkown image
page readonly
 clean
7F210000
unkown image
page readonly
 clean
2438000
unkown image
page readonly
 clean
23D1000
unkown image
page readonly
 clean
33A0000
unkown image
page readonly
 clean
7FB50000
unkown image
page readonly
 clean
29B5000
unkown image
page readonly
 clean
7F6A0000
unkown image
page readonly
 clean
7F7F0000
unkown image
page readonly
 clean
2E70000
unkown image
page read and write
 clean
271A000
unkown image
page readonly
 clean
8F4117E000
stack
page read and write
 clean
1F12000
unkown image
page readonly
 clean
2488000
unkown image
page readonly
 clean
29EE000
unkown image
page readonly
 clean
21D0000
heap default
page read and write
 clean
246E000
unkown image
page readonly
 clean
7FB52000
unkown image
page readonly
 clean
7FF5556A7000
unkown image
page readonly
 clean
2770000
unkown image
page readonly
 clean
1FFFEABD000
unkown
page read and write
 clean
7F010000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
295E000
unkown image
page readonly
 clean
2272000
unkown image
page readonly
 clean
22B5000
unkown image
page readonly
 clean
20000200000
unkown
page read and write
 clean
24E0000
unkown image
page readonly
 clean
7FB62000
unkown image
page readonly
 clean
7F260000
unkown image
page readonly
 clean
7F690000
unkown image
page readonly
 clean
3540000
unkown image
page readonly
 clean
7FE52000
unkown image
page readonly
 clean
283A000
unkown image
page readonly
 clean
6F24E000
unkown image
page readonly
 clean
2392D500000
unkown image
page readonly
 clean
5BA0000
unkown image
page readonly
 clean
23BB000
unkown image
page readonly
 clean
2439000
unkown image
page readonly
 clean
7F1F0000
unkown image
page readonly
 clean
7FF56BE36000
unkown image
page readonly
 clean
6F239000
unkown image
page readonly
 clean
7F210000
unkown image
page readonly
 clean
7FF555677000
unkown image
page readonly
 clean
7FF5558D7000
unkown image
page readonly
 clean
E0000
unkown image
page readonly
 clean
6F24B000
unkown image
page read and write
 clean
2464000
unkown image
page readonly
 clean
2A16000
unkown image
page readonly
 clean
295E000
stack
page read and write
 clean
7FB62000
unkown image
page readonly
 clean
23A7000
unkown image
page readonly
 clean
1D24000
unkown image
page readonly
 clean
7FA80000
unkown image
page readonly
 clean
7FF555718000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
3310000
unkown image
page readonly
 clean
349E000
stack
page read and write
 clean
2392D730000
unkown image
page readonly
 clean
2DC0000
unkown image
page readonly
 clean
7FF5558AA000
unkown image
page readonly
 clean
7F692000
unkown image
page readonly
 clean
7FAC2000
unkown image
page readonly
 clean
24A0000
unkown image
page readonly
 clean
2A24000
unkown image
page readonly
 clean
2B71000
unkown image
page readonly
 clean
1EFE000
unkown image
page readonly
 clean
2F02000
unkown
page read and write
 clean
7FF5557C4000
unkown image
page readonly
 clean
21D5000
unkown image
page readonly
 clean
1FFFEAA3000
unkown
page read and write
 clean
1FFFEA77000
unkown
page read and write
 clean
2830000
heap default
page read and write
 clean
7FAB2000
unkown image
page readonly
 clean
7F9A0000
unkown image
page readonly
 clean
6F239000
unkown image
page readonly
 clean
1F24000
unkown image
page readonly
 clean
2847000
unkown image
page readonly
 clean
1FFFF970000
unkown
page read and write
 clean
1ED8000
unkown image
page readonly
 clean
1E75000
unkown image
page readonly
 clean
2BDC000
unkown
page read and write
 clean
960000
heap default
page read and write
 clean
6F200000
unkown image
page readonly
 clean
22A8000
unkown image
page readonly
 clean
1F40000
unkown image
page readonly
 clean
2A61000
unkown image
page readonly
 clean
1F48000
unkown image
page readonly
 clean
227A000
unkown image
page readonly
 clean
2E06000
unkown
page read and write
 clean
2170000
unkown image
page readonly
 clean
7F6B0000
unkown image
page readonly
 clean
514F000
stack
page read and write
 clean
20000062000
unkown
page read and write
 clean
7DF575CB0000
unkown image
page readonly
 clean
90B047E000
stack
page read and write
 clean
6F200000
unkown image
page readonly
 clean
2A2D000
unkown image
page readonly
 clean
1E4E000
unkown image
page readonly
 clean
5CB000
unkown
page read and write
 clean
2DD0000
unkown image
page readonly
 clean
2580000
unkown image
page readonly
 clean
7FF555816000
unkown image
page readonly
 clean
22A0000
unkown image
page readonly
 clean
2235000
unkown image
page readonly
 clean
25A0000
unkown
page read and write
 clean
6F24B000
unkown image
page read and write
 clean
7F692000
unkown image
page readonly
 clean
2C2D000
unkown image
page readonly
 clean
246D000
unkown image
page readonly
 clean
2A4E000
unkown image
page readonly
 clean
7F1F2000
unkown image
page readonly
 clean
238E000
unkown image
page readonly
 clean
29E7000
unkown image
page readonly
 clean
2A2B000
unkown image
page readonly
 clean
7FAA0000
unkown image
page readonly
 clean
2B75000
unkown image
page readonly
 clean
1EED000
unkown image
page readonly
 clean
2DD0000
unkown image
page readonly
 clean
21CA000
unkown image
page readonly
 clean
7FF555592000
unkown image
page readonly
 clean
90B04F9000
stack
page read and write
 clean
20D5000
unkown image
page readonly
 clean
28BA000
unkown image
page readonly
 clean
1FFFFA80000
unkown image
page readonly
 clean
2C48000
unkown image
page readonly
 clean
1FFFEA00000
unkown
page read and write
 clean
2D40000
unkown image
page readonly
 clean
830000
unkown
page read and write
 clean
2000002C000
unkown
page read and write
 clean
2392D8B5000
heap private
page read and write
 clean
200000FD000
unkown
page read and write
 clean
7FAB2000
unkown image
page readonly
 clean
2760000
unkown image
page readonly
 clean
6F24E000
unkown image
page readonly
 clean
7FAB0000
unkown image
page readonly
 clean
7FAB2000
unkown image
page readonly
 clean
6F239000
unkown image
page readonly
 clean
28D5000
unkown image
page readonly
 clean
1EEB000
unkown image
page readonly
 clean
7FAC0000
unkown image
page readonly
 clean
22A8000
unkown image
page readonly
 clean
7F242000
unkown image
page readonly
 clean
2170000
unkown image
page readonly
 clean
2392E1F0000
unkown
page read and write
 clean
2A70000
heap default
page read and write
 clean
1F03000
unkown image
page readonly
 clean
2560000
unkown image
page readonly
 clean
1FFFFF80000
unkown
page read and write
 clean
1ED8000
unkown image
page readonly
 clean
7FAC2000
unkown image
page readonly
 clean
7FAD0000
unkown image
page readonly
 clean
22B3000
unkown
page read and write
 clean
2F20000
unkown image
page readonly
 clean
90AFF4C000
unkown
page read and write
 clean
2BD8000
unkown image
page readonly
 clean
2D1C000
unkown
page read and write
 clean
24D0000
unkown image
page read and write
 clean
2A88000
unkown image
page readonly
 clean
7FAB0000
unkown image
page readonly
 clean
29DE000
unkown image
page readonly
 clean
7FF56BEB7000
unkown image
page readonly
 clean
6F24E000
unkown image
page readonly
 clean
7FA72000
unkown image
page readonly
 clean
294B000
unkown image
page readonly
 clean
8F415FF000
stack
page read and write
 clean
7F692000
unkown image
page readonly
 clean
226E000
unkown image
page readonly
 clean
273C000
unkown
page read and write
 clean
2D70000
unkown image
page readonly
 clean
275B000
unkown
page read and write
 clean
32C3000
unkown
page read and write
 clean
7FAD0000
unkown image
page readonly
 clean
7FAB2000
unkown image
page readonly
 clean
2AA3000
unkown image
page readonly
 clean
242B000
unkown image
page readonly
 clean
2D70000
unkown image
page readonly
 clean
2780000
unkown image
page readonly
 clean
7F200000
unkown image
page readonly
 clean
96B000
heap default
page read and write
 clean
7F122000
unkown image
page readonly
 clean
7F1F2000
unkown image
page readonly
 clean
1FFFEA13000
unkown
page read and write
 clean
6F200000
unkown image
page readonly
 clean
24A8000
unkown image
page readonly
 clean
7F200000
unkown image
page readonly
 clean
1D16000
unkown image
page readonly
 clean
470000
unkown image
page readonly
 clean
200000C8000
unkown
page read and write
 clean
6F201000
unkown image
page execute read
 clean
1E53000
unkown image
page readonly
 clean
298D000
unkown image
page readonly
 clean
2590000
unkown image
page readonly
 clean
2F30000
unkown image
page readonly
 clean
2401000
unkown image
page readonly
 clean
22A8000
unkown image
page readonly
 clean
245E000
unkown image
page readonly
 clean
1FFFEA8F000
unkown
page read and write
 clean
2D60000
unkown image
page readonly
 clean
30F0000
heap default
page read and write
 clean
7FB50000
unkown image
page readonly
 clean
7FBC2000
unkown image
page readonly
 clean
3296000
heap default
page read and write
 clean
1F48000
unkown image
page readonly
 clean
2A11000
unkown image
page readonly
 clean
31D0000
unkown image
page readonly
 clean
282E000
unkown image
page readonly
 clean
30000
unkown image
page read and write
 clean
1FFFFE40000
unkown
page read and write
 clean
6F201000
unkown image
page execute read
 clean
7FAA2000
unkown image
page readonly
 clean
7F932000
unkown image
page readonly
 clean
7FB60000
unkown image
page readonly
 clean
6F24B000
unkown image
page read and write
 clean
2875000
unkown image
page readonly
 clean
29D0000
unkown
page read and write
 clean
317F000
stack
page read and write
 clean
1D1A000
unkown image
page readonly
 clean
21D1000
unkown image
page readonly
 clean
29F1000
unkown image
page read and write
 clean
8F40E77000
stack
page read and write
 clean
2A1A000
unkown image
page readonly
 clean
2392E420000
unkown
page read and write
 clean
21F0000
unkown
page read and write
 clean
6F200000
unkown image
page readonly
 clean
3010000
unkown image
page readonly
 clean
7F7D0000
unkown image
page readonly
 clean
7FF555829000
unkown image
page readonly
 clean
2253000
unkown
page read and write
 clean
7DF55F690000
unkown image
page readonly
 clean
7FF555755000
unkown image
page readonly
 clean
6F24B000
unkown image
page read and write
 clean
297E000
unkown image
page readonly
 clean
7FF5558C6000
unkown image
page readonly
 clean
2A3E000
unkown image
page readonly
 clean
2B47000
unkown image
page readonly
 clean
7F7E0000
unkown image
page readonly
 clean
7DF575C92000
unkown image
page readonly
 clean
2AC0000
heap default
page read and write
 clean
7F6D0000
unkown image
page readonly
 clean
3140000
stack
page execute and read and write
 clean
200000D9000
unkown
page read and write
 clean
2B38000
unkown image
page readonly
 clean
7F1F0000
unkown image
page readonly
 clean
7F250000
unkown image
page readonly
 clean
31BD000
unkown
page read and write
 clean
7F202000
unkown image
page readonly
 clean
7F930000
unkown image
page readonly
 clean
2540000
unkown
page read and write
 clean
324A000
heap default
page read and write
 clean
1E4E000
unkown image
page readonly
 clean
2A6D000
unkown image
page readonly
 clean
7FAB2000
unkown image
page readonly
 clean
3390000
unkown image
page readonly
 clean
7F932000
unkown image
page readonly
 clean
28D0000
unkown image
page readonly
 clean
2DE0000
unkown image
page readonly
 clean
28B6000
unkown image
page readonly
 clean
1F0E000
unkown image
page readonly
 clean
2770000
unkown image
page readonly
 clean
27E0000
unkown image
page readonly
 clean
7FAC0000
unkown image
page readonly
 clean
7FF56BE49000
unkown image
page readonly
 clean
7FE52000
unkown image
page readonly
 clean
7F6A0000
unkown image
page readonly
 clean
29F8000
unkown image
page readonly
 clean
7DF55F672000
unkown image
page readonly
 clean
298E000
unkown image
page readonly
 clean
27C0000
unkown
page read and write
 clean
2392D850000
unkown
page read and write
 clean
2716000
unkown image
page readonly
 clean
1F48000
unkown image
page readonly
 clean
283B000
unkown
page read and write
 clean
1FFFEF90000
unkown image
page readonly
 clean
3340000
heap private
page read and write
 clean
7F1F2000
unkown image
page readonly
 clean
22A8000
unkown image
page readonly
 clean
2AE9000
unkown
page read and write
 clean
7FBC2000
unkown image
page readonly
 clean
1FFFF160000
unkown image
page read and write
 clean
7FF555118000
unkown image
page readonly
 clean
1FFFF202000
unkown
page read and write
 clean
2268000
unkown image
page readonly
 clean
7FF56BD21000
unkown image
page readonly
 clean
6F24E000
unkown image
page readonly
 clean
7FE70000
unkown image
page readonly
 clean
25A0000
heap private
page read and write
 clean
5E0000
unkown image
page readonly
 clean
6F201000
unkown image
page execute read
 clean
1FFFE8D0000
unkown image
page readonly
 clean
27E0000
unkown
page read and write
 clean
7FF56B8A8000
unkown image
page readonly
 clean
2C08000
unkown
page read and write
 clean
1EC1000
unkown image
page readonly
 clean
F0000
unkown image
page readonly
 clean
1FFFE8A0000
unkown image
page readonly
 clean
7FF56BEE3000
unkown image
page readonly
 clean
3320000
unkown image
page readonly
 clean
7FF5557A7000
unkown image
page readonly
 clean
7FF555634000
unkown image
page readonly
 clean
7F692000
unkown image
page readonly
 clean
2B80000
heap default
page read and write
 clean
2C24000
unkown image
page readonly
 clean
2770000
unkown image
page readonly
 clean
7FF56BE04000
unkown image
page readonly
 clean
7F6B0000
unkown image
page readonly
 clean
2A8B000
unkown image
page readonly
 clean
2A0D000
unkown image
page readonly
 clean
3060000
unkown image
page readonly
 clean
2A15000
unkown image
page readonly
 clean
7DF55F670000
unkown image
page readonly
 clean
6F24B000
unkown image
page read and write
 clean
7FF56BE47000
unkown image
page readonly
 clean
20000290000
unkown
page read and write
 clean
3220000
heap default
page read and write
 clean
2392D676000
unkown
page read and write
 clean
7F6A2000
unkown image
page readonly
 clean
7DF55F690000
unkown image
page readonly
 clean
3830000
unkown image
page readonly
 clean
7F120000
unkown image
page readonly
 clean
24E0000
unkown image
page readonly
 clean
7DF55F672000
unkown image
page readonly
 clean
2A88000
unkown image
page readonly
 clean
1FFFF215000
unkown
page read and write
 clean
248D000
unkown image
page readonly
 clean
7FE70000
unkown image
page readonly
 clean
309A000
heap default
page read and write
 clean
7FF555583000
unkown image
page readonly
 clean
2A4D000
unkown image
page readonly
 clean
30BA000
heap default
page read and write
 clean
257B000
unkown
page read and write
 clean
20A2000
unkown image
page readonly
 clean
1FFFEA74000
unkown
page read and write
 clean
3110000
unkown image
page readonly
 clean
8F4137B000
stack
page read and write
 clean
1FFFF318000
unkown
page read and write
 clean
7FF555827000
unkown image
page readonly
 clean
7FAC0000
unkown image
page readonly
 clean
2A88000
unkown image
page readonly
 clean
7F242000
unkown image
page readonly
 clean
7FF56B638000
unkown image
page readonly
 clean
28D8000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
7FE62000
unkown image
page readonly
 clean
7F202000
unkown image
page readonly
 clean
7DF575C92000
unkown image
page readonly
 clean
7F690000
unkown image
page readonly
 clean
2F60000
unkown
page read and write
 clean
1FFFF1F0000
unkown
page read and write
 clean
7DF575C90000
unkown image
page readonly
 clean
250E000
stack
page read and write
 clean
7F7E0000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
1FFFEA96000
unkown
page read and write
 clean
7F6A2000
unkown image
page readonly
 clean
3000000
unkown image
page readonly
 clean
1F1F000
unkown image
page readonly
 clean
7DF55F670000
unkown image
page readonly
 clean
3240000
heap default
page read and write
 clean
244B000
unkown image
page readonly
 clean
120000
unkown image
page read and write
 clean
8F414FF000
stack
page read and write
 clean
7FE60000
unkown image
page readonly
 clean
2C12000
unkown image
page readonly
 clean
2D20000
unkown image
page readonly
 clean
21AE000
unkown image
page readonly
 clean
3090000
heap default
page read and write
 clean
2A01000
unkown image
page readonly
 clean
2AF7000
unkown
page read and write
 clean
2392E400000
unkown
page read and write
 clean
7FB62000
unkown image
page readonly
 clean
7FF555894000
unkown image
page readonly
 clean
2D70000
unkown image
page readonly
 clean
2775000
unkown image
page readonly
 clean
7F260000
unkown image
page readonly
 clean
285A000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
2871000
unkown image
page readonly
 clean
7FE52000
unkown image
page readonly
 clean
7FBD2000
unkown image
page readonly
 clean
2180000
unkown image
page readonly
 clean
2AE8000
unkown image
page readonly
 clean
7FF5558C3000
unkown image
page readonly
 clean
7FF55544C000
unkown image
page readonly
 clean
23AA000
unkown image
page readonly
 clean
2392D67E000
unkown
page read and write
 clean
1F40000
unkown image
page readonly
 clean
21D0000
unkown image
page readonly
 clean
7FBD2000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
2221000
unkown image
page readonly
 clean
7FF5557F6000
unkown image
page readonly
 clean
320F000
stack
page read and write
 clean
2A88000
unkown image
page readonly
 clean
7FF56BE16000
unkown image
page readonly
 clean
7FF5555E0000
unkown image
page readonly
 clean
2170000
unkown image
page readonly
 clean
28F6000
unkown image
page readonly
 clean
2987000
unkown image
page readonly
 clean
7F7D0000
unkown image
page readonly
 clean
2885000
unkown image
page readonly
 clean
2A4A000
heap private
page read and write
 clean
7F7E0000
unkown image
page readonly
 clean
21B0000
unkown image
page readonly
 clean
2BEB000
unkown image
page readonly
 clean
2724000
unkown image
page readonly
 clean
1FFFEA6E000
unkown
page read and write
 clean
2BC8000
heap default
page read and write
 clean
1FFFFE50000
unkown
page read and write
 clean
244E000
unkown image
page readonly
 clean
283F000
unkown
page read and write
 clean
2A8E000
stack
page read and write
 clean
22A8000
unkown image
page readonly
 clean
2993000
unkown image
page readonly
 clean
5CC4000
heap private
page read and write
 clean
3050000
stack
page read and write
 clean
2F50000
heap default
page read and write
 clean
7F240000
unkown image
page readonly
 clean
2B7B000
unkown image
page readonly
 clean
7F590000
unkown image
page readonly
 clean
2A75000
unkown image
page readonly
 clean
2392D870000
unkown
page read and write
 clean
254E000
stack
page read and write
 clean
7FE50000
unkown image
page readonly
 clean
2D70000
unkown image
page readonly
 clean
2915000
unkown image
page readonly
 clean
1F03000
unkown image
page readonly
 clean
253B000
unkown
page read and write
 clean
7FF56B8AF000
unkown image
page readonly
 clean
2392D8C0000
unkown
page read and write
 clean
3030000
stack
page read and write
 clean
7F200000
unkown image
page readonly
 clean
26D0000
unkown image
page read and write
 clean
40000
unkown image
page readonly
 clean
2284000
unkown image
page readonly
 clean
7FF55566A000
unkown image
page readonly
 clean
1D24000
unkown image
page readonly
 clean
7FAB0000
unkown image
page readonly
 clean
7FD50000
unkown image
page readonly
 clean
2AE0000
unkown image
page readonly
 clean
31BA000
unkown
page read and write
 clean
20000224000
unkown
page read and write
 clean
8F4147F000
stack
page read and write
 clean
3480000
heap default
page read and write
 clean
2B09000
unkown
page read and write
 clean
F0000
unkown image
page readonly
 clean
7FF55582E000
unkown image
page readonly
 clean
8F413FF000
stack
page read and write
 clean
2257000
unkown
page read and write
 clean
7FE52000
unkown image
page readonly
 clean
2A96000
unkown image
page readonly
 clean
90B0379000
stack
page read and write
 clean
2A16000
unkown image
page readonly
 clean
7FAC0000
unkown image
page readonly
 clean
2392D638000
heap default
page read and write
 clean
2590000
unkown image
page readonly
 clean
1FFFFA90000
unkown image
page readonly
 clean
6F201000
unkown image
page execute read
 clean
2C48000
unkown image
page readonly
 clean
29AD000
unkown image
page readonly
 clean
2ACA000
heap default
page read and write
 clean
7DF55F680000
unkown image
page readonly
 clean
7FAB0000
unkown image
page readonly
 clean
26E0000
unkown image
page readonly
 clean
7FF56BEA7000
unkown image
page readonly
 clean
20000010000
unkown
page read and write
 clean
224D000
unkown image
page readonly
 clean
2851000
unkown image
page readonly
 clean
1FFFEB02000
unkown
page read and write
 clean
7F252000
unkown image
page readonly
 clean
2A88000
unkown image
page readonly
 clean
1FFFEA57000
unkown
page read and write
 clean
1E71000
unkown image
page readonly
 clean
7FE62000
unkown image
page readonly
 clean
1E3E000
unkown image
page readonly
 clean
1FFFFA50000
unkown image
page readonly
 clean
2DF0000
unkown
page read and write
 clean
28F0000
unkown image
page readonly
 clean
7FF5555A5000
unkown image
page readonly
 clean
2000009F000
unkown
page read and write
 clean
7FAC0000
unkown image
page readonly
 clean
31BA000
unkown
page read and write
 clean
20000102000
unkown
page read and write
 clean
E0000
unkown image
page readonly
 clean
21D0000
unkown image
page readonly
 clean
7FAC2000
unkown image
page readonly
 clean
24E0000
unkown image
page readonly
 clean
2856000
unkown image
page readonly
 clean
2276000
unkown image
page readonly
 clean
2AE8000
unkown image
page readonly
 clean
2FA0000
unkown image
page readonly
 clean
1F2D000
unkown image
page readonly
 clean
2488000
unkown image
page readonly
 clean
7FF56BE3D000
unkown image
page readonly
 clean
23B5000
unkown image
page readonly
 clean
1FFFE8A0000
unkown image
page readonly
 clean
31CE000
stack
page read and write
 clean
7FF55555B000
unkown image
page readonly
 clean
2D70000
unkown image
page readonly
 clean
7FAB2000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
7F7D2000
unkown image
page readonly
 clean
1E7B000
unkown image
page readonly
 clean
1E47000
unkown image
page readonly
 clean
3163000
stack
page execute and read and write
 clean
200000F1000
unkown
page read and write
 clean
1F48000
unkown image
page readonly
 clean
2FE3000
stack
page execute and read and write
 clean
6F201000
unkown image
page execute read
 clean
2A64000
unkown image
page readonly
 clean
1FFFFF50000
unkown
page read and write
 clean
1FFFEAA1000
unkown
page read and write
 clean
7FA50000
unkown image
page readonly
 clean
6F24E000
unkown image
page readonly
 clean
7FF555897000
unkown image
page readonly
 clean
7FF56B778000
unkown image
page readonly
 clean
21DB000
unkown image
page readonly
 clean
200000E0000
unkown
page read and write
 clean
2A20000
unkown image
page readonly
 clean
504F000
stack
page read and write
 clean
27E0000
unkown image
page readonly
 clean
1F48000
unkown image
page readonly
 clean
7FF5555D4000
unkown image
page readonly
 clean
1FFFEAA9000
unkown
page read and write
 clean
7F130000
unkown image
page readonly
 clean
237E000
unkown image
page readonly
 clean
1E71000
unkown image
page readonly
 clean
2A78000
unkown image
page readonly
 clean
2B38000
unkown image
page readonly
 clean
7FF5557FA000
unkown image
page readonly
 clean
2B6D000
unkown image
page readonly
 clean
2A23000
unkown image
page readonly
 clean
7DF55F682000
unkown image
page readonly
 clean
23CA000
unkown image
page readonly
 clean
7FE70000
unkown image
page readonly
 clean
2A40000
heap default
page read and write
 clean
1FFFFF94000
unkown
page read and write
 clean
30E0000
unkown image
page readonly
 clean
2580000
unkown image
page readonly
 clean
2BFE000
unkown image
page readonly
 clean
2948000
unkown image
page readonly
 clean
7FB50000
unkown image
page readonly
 clean
7F7F0000
unkown image
page readonly
 clean
2C0E000
unkown image
page readonly
 clean
30D0000
unkown image
page readonly
 clean
7FE62000
unkown image
page readonly
 clean
21D0000
unkown image
page readonly
 clean
2387000
unkown image
page readonly
 clean
7F210000
unkown image
page readonly
 clean
2A2E000
unkown image
page readonly
 clean
7FF56BEA4000
unkown image
page readonly
 clean
2AAE000
unkown image
page readonly
 clean
2B6A000
unkown image
page readonly
 clean
20BB000
unkown image
page readonly
 clean
7FF555741000
unkown image
page readonly
 clean
930000
heap private
page read and write
 clean
7FF56BD31000
unkown image
page readonly
 clean
2844000
unkown image
page readonly
 clean
1FFFFA60000
unkown image
page readonly
 clean
4A40000
heap private
page read and write
 clean
20000020000
unkown
page read and write
 clean
7FBD0000
unkown image
page readonly
 clean
7F7D2000
unkown image
page readonly
 clean
225A000
unkown image
page readonly
 clean
2C03000
unkown image
page readonly
 clean
7FB70000
unkown image
page readonly
 clean
1FFFF860000
unkown
page read and write
 clean
7FAB0000
unkown image
page readonly
 clean
243E000
unkown image
page readonly
 clean
2238000
unkown image
page readonly
 clean
7F140000
unkown image
page readonly
 clean
1FFFF1E0000
unkown
page read and write
 clean
500E000
stack
page read and write
 clean
7F6A2000
unkown image
page readonly
 clean
7DF575CB0000
unkown image
page readonly
 clean
242D000
unkown image
page readonly
 clean
2000004A000
unkown
page read and write
 clean
286D000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
2A80000
unkown image
page readonly
 clean
7FF555459000
unkown image
page readonly
 clean
6F201000
unkown image
page execute read
 clean
2000005A000
unkown
page read and write
 clean
1EEB000
unkown image
page readonly
 clean
31C4000
unkown
page read and write
 clean
7F210000
unkown image
page readonly
 clean
5CD0000
unkown
page read and write
 clean
6A6000
unkown
page read and write
 clean
2FB0000
stack
page execute and read and write
 clean
7FF5557CF000
unkown image
page readonly
 clean
2A75000
unkown image
page readonly
 clean
1FFFFF80000
unkown
page read and write
 clean
2C90000
unkown image
page read and write
 clean
7FB62000
unkown image
page readonly
 clean
7F252000
unkown image
page readonly
 clean
7FB62000
unkown image
page readonly
 clean
2967000
unkown image
page readonly
 clean
7F200000
unkown image
page readonly
 clean
2B4E000
unkown image
page readonly
 clean
2A9E000
unkown image
page readonly
 clean
2A8D000
unkown image
page readonly
 clean
2633000
unkown
page read and write
 clean
2895000
unkown image
page readonly
 clean
6F239000
unkown image
page readonly
 clean
2982000
unkown image
page readonly
 clean
23CD000
unkown image
page readonly
 clean
6F201000
unkown image
page execute read
 clean
1FFFEAB3000
unkown
page read and write
 clean
7F6A2000
unkown image
page readonly
 clean
2650000
heap default
page read and write
 clean
7FB52000
unkown image
page readonly
 clean
2940000
unkown image
page readonly
 clean
24E0000
unkown image
page readonly
 clean
7FF5557A4000
unkown image
page readonly
 clean
224B000
unkown image
page readonly
 clean
7F7D2000
unkown image
page readonly
 clean
2DE0000
unkown image
page readonly
 clean
484E000
stack
page read and write
 clean
2ACD000
unkown image
page readonly
 clean
8F4197E000
stack
page read and write
 clean
2D50000
unkown image
page readonly
 clean
26B0000
unkown image
page read and write
 clean
1FFFF359000
unkown
page read and write
 clean
2E80000
unkown image
page readonly
 clean
7FF56BEE6000
unkown image
page readonly
 clean
7F940000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
7F122000
unkown image
page readonly
 clean
1FFFFF90000
unkown
page read and write
 clean
2B53000
unkown image
page readonly
 clean
7DF45D540000
unkown image
page readonly
 clean
508C000
stack
page read and write
 clean
2263000
unkown image
page readonly
 clean
1E7B000
unkown image
page readonly
 clean
7FF555881000
unkown image
page readonly
 clean
2ABF000
unkown image
page readonly
 clean
2E80000
unkown image
page readonly
 clean
90B03F9000
stack
page read and write
 clean
7FE50000
unkown image
page readonly
 clean
7F7E2000
unkown image
page readonly
 clean
2ACA000
heap default
page read and write
 clean
1F48000
unkown image
page readonly
 clean
7FF555519000
unkown image
page readonly
 clean
3023000
stack
page execute and read and write
 clean
3750000
unkown image
page readonly
 clean
271D000
unkown
page read and write
 clean
2392E480000
unkown
page read and write
 clean
2790000
unkown image
page readonly
 clean
1FFFFF60000
unkown
page read and write
 clean
7DF55F680000
unkown image
page readonly
 clean
2A68000
unkown image
page readonly
 clean
7FAC0000
unkown image
page readonly
 clean
207A000
unkown image
page readonly
 clean
8F40C7C000
unkown
page read and write
 clean
7FF5550A4000
unkown image
page readonly
 clean
244D000
unkown image
page readonly
 clean
2CC0000
unkown image
page readonly
 clean
1E53000
unkown image
page readonly
 clean
239E000
unkown image
page readonly
 clean
2264000
unkown image
page readonly
 clean
2760000
unkown image
page readonly
 clean
7FF55557D000
unkown image
page readonly
 clean
1EF9000
unkown image
page readonly
 clean
2BC0000
unkown image
page readonly
 clean
2930000
unkown image
page readonly
 clean
2903000
unkown image
page readonly
 clean
6F239000
unkown image
page readonly
 clean
2B3E000
unkown image
page readonly
 clean
2995000
unkown image
page readonly
 clean
6F24E000
unkown image
page readonly
 clean
21D0000
unkown image
page readonly
 clean
1F24000
unkown image
page readonly
 clean
1FFFE8F0000
heap default
page read and write
 clean
26C0000
unkown image
page readonly
 clean
2A20000
unkown
page read and write
 clean
1E6A000
unkown image
page readonly
 clean
7FF56BECA000
unkown image
page readonly
 clean
2392D4D0000
unkown image
page readonly
 clean
2DE0000
unkown image
page readonly
 clean
1FFFE9D0000
unkown image
page readonly
 clean
F0000
unkown image
page readonly
 clean
7FAB2000
unkown image
page readonly
 clean
2A32000
unkown image
page readonly
 clean
6F24B000
unkown image
page read and write
 clean
7F7E2000
unkown image
page readonly
 clean
298A000
unkown image
page readonly
 clean
2A18000
unkown image
page readonly
 clean
2A30000
unkown image
page readonly
 clean
2DA0000
unkown
page read and write
 clean
23B3000
unkown image
page readonly
 clean
2580000
unkown image
page readonly
 clean
1FFFEF80000
unkown image
page readonly
 clean
7FF56B771000
unkown image
page readonly
 clean
2A47000
heap private
page read and write
 clean
2BED000
unkown image
page readonly
 clean
2A3C000
unkown image
page readonly
 clean
1FFFF318000
unkown
page read and write
 clean
287B000
unkown image
page readonly
 clean
29AA000
unkown image
page readonly
 clean
2D7D000
unkown
page read and write
 clean
275D000
unkown image
page readonly
 clean
1E6D000
unkown image
page readonly
 clean
2835000
unkown image
page readonly
 clean
8F40F7B000
stack
page read and write
 clean
1FFFEA3E000
unkown
page read and write
 clean
34A0000
heap private
page read and write
 clean
7F930000
unkown image
page readonly
 clean
26C0000
unkown image
page readonly
 clean
3740000
unkown image
page readonly
 clean
7DF473B60000
unkown image
page readonly
 clean
339F000
stack
page read and write
 clean
7FE50000
unkown image
page readonly
 clean
7F9B0000
unkown image
page readonly
 clean
2EAE000
unkown
page read and write
 clean
31C1000
unkown
page read and write
 clean
7FF55558A000
unkown image
page readonly
 clean
2DD0000
unkown image
page readonly
 clean
20000000000
unkown
page read and write
 clean
7FF56BEF7000
unkown image
page readonly
 clean
7FF555610000
unkown image
page readonly
 clean
21C0000
heap private
page read and write
 clean
7FF5557B4000
unkown image
page readonly
 clean
E0000
unkown image
page readonly
 clean
7FF55581D000
unkown image
page readonly
 clean
20000280000
unkown
page read and write
 clean
7FB60000
unkown image
page readonly
 clean
7FF5557ED000
unkown image
page readonly
 clean
20000270000
unkown
page read and write
 clean
7FF56BEB4000
unkown image
page readonly
 clean
2AEE000
unkown
page read and write
 clean
6AA000
unkown
page read and write
 clean
1130000
unkown image
page readonly
 clean
26E0000
unkown image
page readonly
 clean
2900000
unkown
page read and write
 clean
31B6000
unkown
page read and write
 clean
2392E1F6000
unkown
page read and write
 clean
7F7E2000
unkown image
page readonly
 clean
7F970000
unkown image
page readonly
 clean
7FA70000
unkown image
page readonly
 clean
2F80000
unkown image
page readonly
 clean
7FAB0000
unkown image
page readonly
 clean
4450000
unkown
page read and write
 clean
7FF555711000
unkown image
page readonly
 clean
2170000
unkown image
page readonly
 clean
2A1B000
unkown image
page readonly
 clean
26C0000
unkown image
page readonly
 clean
7FF56BD38000
unkown image
page readonly
 clean
26A0000
unkown image
page readonly
 clean
7FF56B8AA000
unkown image
page readonly
 clean
28ED000
unkown image
page readonly
 clean
2CFC000
unkown
page read and write
 clean
F0000
unkown image
page readonly
 clean
6F24B000
unkown image
page read and write
 clean
2472000
unkown image
page readonly
 clean
200002E0000
unkown
page read and write
 clean
7DF575CA0000
unkown image
page readonly
 clean
1FFFF302000
unkown
page read and write
 clean
2971000
unkown image
page readonly
 clean
6F200000
unkown image
page readonly
 clean
460000
unkown image
page read and write
 clean
7FF5557B9000
unkown image
page readonly
 clean
1E3E000
unkown image
page readonly
 clean
7FF56BEAD000
unkown image
page readonly
 clean
1E6D000
unkown image
page readonly
 clean
2A1E000
unkown image
page readonly
 clean
2DD0000
unkown image
page readonly
 clean
7F112000
unkown image
page readonly
 clean
2DBB000
unkown
page read and write
 clean
2B60000
heap private
page read and write
 clean
7F920000
unkown image
page readonly
 clean
7DF55F682000
unkown image
page readonly
 clean
7FF55534A000
unkown image
page readonly
 clean
7FF555884000
unkown image
page readonly
 clean
2FC0000
stack
page execute and read and write
 clean
7F7E0000
unkown image
page readonly
 clean
32A9000
unkown
page read and write
 clean
36B0000
unkown image
page readonly
 clean
28A0000
unkown image
page readonly
 clean
31BE000
unkown
page read and write
 clean
2A43000
unkown image
page readonly
 clean
20000208000
unkown
page read and write
 clean
2393000
unkown image
page readonly
 clean
1FFFFE30000
unkown
page read and write
 clean
7FB52000
unkown image
page readonly
 clean
1FFFEAFF000
unkown
page read and write
 clean
32CA000
heap default
page read and write
 clean
28B5000
unkown image
page readonly
 clean
7F1F0000
unkown image
page readonly
 clean
7F6B0000
unkown image
page readonly
 clean
2392DE50000
unkown image
page readonly
 clean
3900000
unkown image
page readonly
 clean
6F24E000
unkown image
page readonly
 clean
7FF5558D2000
unkown image
page readonly
 clean
1FFFF313000
unkown
page read and write
 clean
2D70000
unkown image
page readonly
 clean
1FFFF1C1000
unkown
page read and write
 clean
7FF55560E000
unkown image
page readonly
 clean
1FFFEC00000
unkown image
page readonly
 clean
7FF56B77A000
unkown image
page readonly
 clean
245F000
unkown image
page readonly
 clean
247F000
unkown image
page readonly
 clean
30A5000
heap default
page read and write
 clean
2C80000
unkown image
page readonly
 clean
2488000
unkown image
page readonly
 clean
22AF000
unkown
page read and write
 clean
2EDC000
unkown
page read and write
 clean
21CD000
unkown
page read and write
 clean
7FA82000
unkown image
page readonly
 clean
7FE62000
unkown image
page readonly
 clean
2418000
unkown image
page readonly
 clean
2000003D000
unkown
page read and write
 clean
1FFFFF50000
unkown
page read and write
 clean
28FE000
unkown image
page readonly
 clean
1EED000
unkown image
page readonly
 clean
2A20000
unkown image
page readonly
 clean
1FFFE890000
heap private
page read and write
 clean
7DF575CA2000
unkown image
page readonly
 clean
2392DAD0000
unkown image
page readonly
 clean
1FFFF359000
unkown
page read and write
 clean
7FF550D9B000
unkown image
page readonly
 clean
7F6B0000
unkown image
page readonly
 clean
7FF55567F000
unkown image
page readonly
 clean
2259000
unkown image
page readonly
 clean
7F820000
unkown image
page readonly
 clean
2392D67E000
unkown
page read and write
 clean
284E000
unkown image
page readonly
 clean
7FA82000
unkown image
page readonly
 clean
2480000
unkown image
page readonly
 clean
DB0000
unkown image
page readonly
 clean
23D5000
unkown image
page readonly
 clean
29B1000
unkown image
page readonly
 clean
470000
unkown image
page readonly
 clean
850000
heap default
page read and write
 clean
219E000
unkown image
page readonly
 clean
7FF55561B000
unkown image
page readonly
 clean
7FF5555C9000
unkown image
page readonly
 clean
7FB52000
unkown image
page readonly
 clean
1D75000
unkown image
page readonly
 clean
1F2D000
unkown image
page readonly
 clean
8F4127A000
stack
page read and write
 clean
34B0000
unkown image
page readonly
 clean
There are 1209 hidden memdumps, click here to show them.