IOC Report
NewOrder - P2D041197.jar

loading gif

Files

File Path
Type
Category
Malicious
NewOrder - P2D041197.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Windows6471774156078736222.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\API-MS-Win-core-xstate-l2-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\JAWTAccessBridge-32.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\JavaAccessBridge-32.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\WindowsAccessBridge-32.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-console-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-datetime-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-debug-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-errorhandling-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-file-l2-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-handle-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-heap-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-interlocked-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-libraryloader-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-localization-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-memory-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-namedpipe-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processenvironment-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-processthreads-l1-1-1.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-profile-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-rtlsupport-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-string-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-synch-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-sysinfo-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-timezone-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-core-util-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-conio-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-convert-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-environment-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-filesystem-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-heap-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-locale-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-math-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-multibyte-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-private-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-process-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-runtime-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-stdio-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-string-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-time-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\api-ms-win-crt-utility-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\awt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\bci.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\client\jvm.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\dcpr.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\decora_sse.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\deploy.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\dt_shmem.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\dt_socket.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\deployJava1.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\dtplugin\npdeployJava1.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\eula.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\fontmanager.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\fxplugins.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\glass.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\glib-lite.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\gstreamer-lite.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\hprof.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\instrument.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\j2gss.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\j2pcsc.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\j2pkcs11.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jaas_nt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jabswitch.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\java-rmi.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\java.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\java.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\java_crw_demo.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.cpl
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\javacpl.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\javafx_font.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\javafx_iio.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\javaw.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\javaws.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jawt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jdwp.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jfr.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jfxmedia.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jfxwebkit.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jjs.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jli.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jp2iexp.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jp2launcher.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jp2native.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jp2ssv.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jpeg.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jsdt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jsound.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\jsoundds.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\keytool.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\kinit.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\klist.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\ktab.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\lcms.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\management.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\mlib_image.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140_1.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\msvcp140_2.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\net.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\nio.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\npt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\orbd.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\pack200.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\npjp2.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\plugin2\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\policytool.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\prism_common.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\prism_d3d.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\prism_sw.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\resource.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\rmid.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\rmiregistry.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\servertool.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\splashscreen.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\sspi_bridge.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\ssv.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\ssvagent.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\sunec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\sunmscapi.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\t2k.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\tnameserv.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\ucrtbase.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\unpack.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\unpack200.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\verify.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\w2k_lsa_auth.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\wsdetect.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Oracle\bin\zip.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\zbrspjjraf.js
ASCII text, with very long lines (64499), with CRLF line terminators
dropped
 malicious
C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class
Java archive data (JAR)
dropped
C:\Users\user\AppData\Local\Temp\hsperfdata_user\7388
data
dropped
C:\Users\user\AppData\Local\Temp\hsperfdata_user\7564
data
dropped
C:\Users\user\AppData\Local\Temp\hsperfdata_user\7620
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Users\user\AppData\Roaming\Oracle\COPYRIGHT
ISO-8859 text
dropped
C:\Users\user\AppData\Roaming\Oracle\LICENSE
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\README.txt
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME-JAVAFX.txt
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\THIRDPARTYLICENSEREADME.txt
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\Welcome.html
HTML document, ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\bin\client\Xusage.txt
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\bin\client\classes.jsa
data
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\directshow.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\glib.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\gstreamer.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\icu_web.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\jpeg_fx.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\libffi.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\libxml2.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\libxslt.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\mesa3d.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\public_suffix.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\javafx\webkit.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\asm.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\bcel.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\cldr.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\colorimaging.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\cryptix.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\dom.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\dynalink.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\ecc.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\freebxml.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\giflib.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\icu.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\jcup.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\joni.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\jopt-simple.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\jpeg.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\lcms.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\libpng.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\mesa3d.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\pkcs11cryptotoken.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\pkcs11wrapper.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\relaxngcc.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\relaxngdatatype.md
Algol 68 source, ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\relaxngom.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\santuario.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\thaidict.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\unicode.md
Unicode text, UTF-8 text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\xalan.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\xerces.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\xmlresolver.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\legal\jdk\zlib.md
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\accessibility.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\calendars.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\charsets.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\classlist
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\cmm\CIEXYZ.pf
Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\cmm\GRAY.pf
Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\cmm\LINEAR_RGB.pf
color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\cmm\PYCC.pf
Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\cmm\sRGB.pf
Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\content-types.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\currency.data
data
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\ffjcext.zip
Zip archive data, at least v1.0 to extract, compression method=store
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_de.properties
ASCII text, with very long lines (1345)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_es.properties
ASCII text, with very long lines (1475)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_fr.properties
ASCII text, with very long lines (1575)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_it.properties
ASCII text, with very long lines (1392)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_ja.properties
ASCII text, with very long lines (2924)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_ko.properties
ASCII text, with very long lines (2601)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_pt_BR.properties
ASCII text, with very long lines (1319)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_sv.properties
ASCII text, with very long lines (1379)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_zh_CN.properties
ASCII text, with very long lines (1857)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_zh_HK.properties
ASCII text, with very long lines (1729)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\messages_zh_TW.properties
ASCII text, with very long lines (1729)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash.gif
GIF image data, version 89a, 320 x 139
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash@2x.gif
GIF image data, version 89a, 640 x 278
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash_11-lic.gif
GIF image data, version 89a, 320 x 139
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\deploy\splash_11@2x-lic.gif
GIF image data, version 89a, 640 x 278
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\access-bridge-32.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\cldrdata.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\dnsns.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\jaccess.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\jfxrt.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\localedata.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\meta-index
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\nashorn.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunec.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunjce_provider.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunmscapi.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\sunpkcs11.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\ext\zipfs.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\flavormap.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fontconfig.bfc
raw G3 (Group 3) FAX
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fontconfig.properties.src
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiBold.ttf
TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright Dem
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightDemiItalic.ttf
TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Itali
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightItalic.ttf
TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Itali
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaBrightRegular.ttf
TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Regu
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaSansDemiBold.ttf
TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida Sa
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaSansRegular.ttf
TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterBold.ttf
TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrite
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\fonts\LucidaTypewriterRegular.ttf
TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter R
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\hijrah-config-umalqura.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\i386\jvm.cfg
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\cursors.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\invalid32x32.gif
GIF image data, version 89a, 32 x 32
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyDrop32x32.gif
GIF image data, version 89a, 31 x 32
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyNoDrop32x32.gif
GIF image data, version 89a, 32 x 32
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkDrop32x32.gif
GIF image data, version 89a, 31 x 32
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_LinkNoDrop32x32.gif
GIF image data, version 89a, 32 x 32
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveDrop32x32.gif
GIF image data, version 89a, 31 x 32
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\images\cursors\win32_MoveNoDrop32x32.gif
GIF image data, version 89a, 32 x 32
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\javafx.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\javaws.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\jce.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\jfr.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\jfr\default.jfc
XML 1.0 document, ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\jfr\profile.jfc
XML 1.0 document, ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\jfxswt.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\jsse.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\jvm.hprof.txt
Algol 68 source, ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\logging.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\management-agent.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\management\jmxremote.access
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\management\jmxremote.password.template
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\management\management.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\management\snmp.acl.template
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\meta-index
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\net.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\plugin.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\psfont.properties.ja
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\psfontj2d.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\resources.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\rt.jar
Java archive data (JAR)
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\blacklist
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\blacklisted.certs
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\cacerts
Java KeyStore
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\java.policy
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\java.security
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\javaws.policy
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\policy\limited\US_export_policy.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\policy\limited\local_policy.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\policy\unlimited\US_export_policy.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\policy\unlimited\local_policy.jar
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\security\public_suffix_list.dat
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\sound.properties
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\tzdb.dat
data
dropped
C:\Users\user\AppData\Roaming\Oracle\lib\tzmappings
ASCII text
dropped
C:\Users\user\AppData\Roaming\Oracle\release
ASCII text
dropped
C:\Users\user\AppData\Roaming\krmyqqmohp.txt
Java archive data (JAR)
dropped
C:\Users\user\GMyJTnezbTa\ID.txt
JSON data
dropped
C:\Windows\SysWOW64\test.txt
ASCII text, with very long lines (969), with no line terminators
dropped
There are 291 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar"" >> C:\cmdlinestart.log 2>&1
malicious
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
"C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\NewOrder - P2D041197.jar"
malicious
C:\Windows\SysWOW64\wscript.exe
wscript C:\Users\user\zbrspjjraf.js
 malicious
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\krmyqqmohp.txt"
 malicious
C:\Program Files (x86)\Java\jre-1.8\bin\java.exe
"C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -jar C:\Users\user\AppData\Local\Temp\_0.337891030941391956323023258775833856.class
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs
 malicious
C:\Windows\SysWOW64\cscript.exe
cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4614601071766058238.vbs
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs
 malicious
C:\Windows\SysWOW64\cscript.exe
cscript.exe C:\Users\user\AppData\Local\Temp\Retrive508991219844214216.vbs
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs
 malicious
C:\Windows\SysWOW64\cscript.exe
cscript.exe C:\Users\user\AppData\Local\Temp\Retrive4410908985771939559.vbs
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs
 malicious
C:\Windows\SysWOW64\cscript.exe
cscript.exe C:\Users\user\AppData\Local\Temp\Retrive6937263458449411198.vbs
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM UserAccountControlSettings.exe /T /F
 malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
 malicious
C:\Windows\SysWOW64\regedit.exe
regedit.exe /s C:\Users\user\AppData\Local\Temp\mNuEFMHNfs1412424943545557855.reg
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM ProcessHacker.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM procexp.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM MSASCui.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM MsMpEng.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM MpUXSrv.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM MpCmdRun.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM NisSrv.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM ConfigSecurityPolicy.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM procexp.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM wireshark.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM tshark.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM text2pcap.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM rawshark.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM mergecap.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM editcap.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM dumpcap.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM capinfos.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM mbam.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM mbamscheduler.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM mbamservice.exe /T /F
 malicious
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM AdAwareService.exe /T /F
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /e
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\Program Files (x86)\Java\jre-1.8" "C:\Users\user\AppData\Roaming\Oracle\" /e
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\cimv2 Path Win32_PnpSignedDriver Get /Format:List
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 66 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://java.sun.com/xml/dom/properties/(
unknown
http://apache.org/xml/features/validation/schema/augment-psvi
unknown
http://apache.org/xml/properties/internal/document-scannerP
unknown
https://jrat.ios
unknown
http://apache.org/xml/properties/input-buffer-size
unknown
http://apache.org/xml/features/g3
unknown
http://apache.org/xml/properties/internal/validator/dtde:
unknown
http://apache.org/xml/properties/internal/entity-manager
unknown
http://apache.org/xml/properties/internal/symbol-tableQ
unknown
http://apache.org/xml/features/internal/parser-settings
unknown
http://apache.org/xml/features/dom/include-ignorable-whitespace
unknown
http://java.sun.com/xml/dom/properties/
unknown
http://apache.org/xml/properties/internal/stax-entity-resolver
unknown
http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlye/
unknown
http://apache.org/xml/features/3
unknown
http://apache.org/xml/features/xinclude/fixup-base-uris
unknown
http://apache.org/xml/properties/ion
unknown
http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
unknown
http://apache.org/xml/properties/internal/error-reporter
unknown
http://apache.org/xml/features/validation/balance-syntax-treesre1
unknown
http://apache.org/xml/properties/schema/external-schemaLocationK
unknown
http://xml.org/sax/properties/(
unknown
http://apache.org/xml/features/include-comments
unknown
http://apache.org/xml/features/scanner/notify-char-refs
unknown
http://apache.org/xml/features/validation/schema/normalized-valuenternalB
unknown
http://apache.org/xml/properties/dom/current-element-node9
unknown
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0
unknown
http://apache.org/xml/features/validation/schema/normalized-valueB
unknown
http://java.sun.com/xml/stream/properties/ignore-external-dtd
unknown
http://creativecommons.org/licenses/WOAFID3PrivateFramehttp://musicbrainz.org%d/%d%drxRemixcr
unknown
http://apache.org/xml/features/continue-after-fatal-error
unknown
http://apache.org/xml/features/standard-uri-conformant
unknown
http://apache.org/xml/properties/internal/document-scanner
unknown
http://apache.org/xml/features/validation/balance-syntax-treesl
unknown
http://apache.org/xml/features/validation/id-idref-checkingl
unknown
http://xml.org/sax/features/eam;
unknown
http://xml.org/sax/properties/nt(
unknown
http://apache.org/xml/features/honour-all-schemaLocationsmpl
unknown
http://bugreport.sun.com/bugreport/
unknown
http://java.oracle.com/
unknown
http://apache.org/xml/properties/internal/validation/schema/dv-factorynt7
unknown
http://apache.org/xml/features/
unknown
http://apache.org/xml/features/generate-synthetic-annotations
unknown
http://xml.org/sax/features/allow-dtd-events-after-endDTD
unknown
http://apache.org/xml/features/validation/id-idref-checking/sun/F
unknown
https://github.com/rober42539/lao-dictionary
unknown
http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
unknown
http://www.lotus.com.
unknown
http://apache.org/xml/properties/validation/schema/root-type-definitiont(
unknown
http://apache.org/xml/properties/internal/namespace-binder
unknown
http://xml.org/sax/features/external-general-entitiesex
unknown
http://javax.xml.XMLConstants/property/accessExternalDTD;
unknown
http://apache.org/xml/properties/internal/stax-entity-resolverti=
unknown
http://apache.org/xml/properties/security-manager
unknown
http://java.sun.com/xml/dom/properties/ancestor-check
unknown
http://www.torchmobile.com/)
unknown
http://xml.org/sax/features/namespace-prefixesna(
unknown
http://apache.org/xml/features/xinclude
unknown
http://creativecommons.org/licenses/
unknown
http://www.unicode.org/copyright.html
unknown
https://mozilla.org/MPL/2.0/.
unknown
http://apache.org/xml/properties/internal/xinclude-handler9
unknown
http://apache.org/xml/features/validation/schema-full-checking
unknown
http://javax.xml.XMLConstants/property/
unknown
http://musicbrainz.org
unknown
http://apache.org/xml/features/validation/warn-on-duplicate-attdef/xni/XD
unknown
https://jrat.io
unknown
http://apache.org/xml/properties/internal/grammar-pool
unknown
http://apache.org/xml/properties/locale
unknown
http://javax.xml.XMLConstants/property/accessExternalSchemaD
unknown
http://java.sun.com/xml/stream/properties/reader-in-defined-state
unknown
http://apache.org/xml/properties/internal/validator/dtd:
unknown
http://apache.org/xml/features/allow-java-encodings
unknown
http://apache.org/xml/properties/validation/schema/root-element-declaration
unknown
http://apache.org/xml/features/dom/include-ignorable-whitespace/
unknown
http://apache.org/xml/features/validation/schema-full-checkingin=
unknown
http://java.sun.com/xml/stream/properties/ignore-external-dtd/No
unknown
http://apache.org/xml/properties/internal/datatype-validator-factory:
unknown
http://apache.org/xml/features/scanner/notify-builtin-refsnterna7
unknown
http://www.oracle.com/feature/use-service-mechanism
unknown
http://apache.org/xml/features/scanner/notify-builtin-refss
unknown
http://apache.org/xml/properties/schema/external-schemaLocationaK
unknown
http://javax.xml.XMLConstants/property/accessExternalDTD
unknown
http://apache.org/xml/xmlschema/1.0/anonymousTypes
unknown
http://apache.org/xml/features/validation/identity-constraint-checkinges
unknown
http://apache.org/xml/features/validation/schema/normalized-value
unknown
http://apache.org/xml/features/xinclude/fixup-language
unknown
http://www.torchmobile.com/
unknown
http://apache.org/xml/properties/internal/dtd-processort5
unknown
http://apache.org/xml/features/validation/warn-on-undeclared-elemdefm/su:
unknown
http://chasen.aist-nara.ac.jp/chasen/distribution.html
unknown
http://apache.org/xml/features/xinclude1
unknown
http://apache.org/xml/features/nonvalidating/load-external-dtdch:
unknown
http://apache.org/xml/properties/dom/document-class-name
unknown
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
unknown
http://apache.org/xml/features/validation/schema/ignore-xsi-type-until-elemdeclA
unknown
http://apache.org/xml/properties/internal/symbol-table
unknown
https://github.com/rober42539/lao-dictionary/LICENSE.txt
unknown
http://apache.org/xml/properties/internal/error-handler6
unknown
http://apache.org/xml/properties/D
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
pnauco5.ddns.net
103.151.123.225
 malicious

IPs

IP
Domain
Country
Malicious
103.151.123.225
pnauco5.ddns.net
unknown
malicious
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations
LowRiskFileTypes
 malicious
HKEY_CURRENT_USER\Environment
SEE_MASK_NOZONECHECKS
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
DisableConfig
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
DisableSR
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessHacker.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NisSrv.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConfigSecurityPolicy.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wireshark.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\text2pcap.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rawshark.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mergecap.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\capinfos.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3Up.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V3Medic.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuarScanner.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BullGuardUpdate.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamscan.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cis.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVK.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GdBgInx64.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GDScan.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKWCtlx64.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKTray.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxkickoff_x64.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7CrvSvc.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7TSMain.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\K7TSMngr.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nnf.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nbrowser.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nfservice.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NS.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\acs.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSSVC.EXE
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCANNER.EXE
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScSecSvc.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PtSvcHost.exe
debugger
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
ConsentPromptBehaviorUser
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
PromptOnSecureDesktop
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments
SaveZoneInformation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment
SEE_MASK_NOZONECHECKS
There are 38 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1575A000
heap
page read and write
157CD000
heap
page read and write
5361000
heap
page read and write
A398000
trusted library allocation
page read and write
290D000
heap
page read and write
5852000
heap
page read and write
5574000
heap
page read and write
3197000
heap
page read and write
15D1C000
heap
page read and write
31A1000
heap
page read and write
4DE000
heap
page read and write
4E0000
heap
page read and write
994000
heap
page read and write
E14000
heap
page read and write
4BF0000
trusted library allocation
page read and write
155BD000
stack
page read and write
381D000
heap
page read and write
E14000
heap
page read and write
5261000
heap
page read and write
3001000
heap
page read and write
31B7000
heap
page read and write
516E000
trusted library allocation
page read and write
6F7000
heap
page read and write
320B000
heap
page read and write
3867000
heap
page read and write
3001000
heap
page read and write
A2FA000
trusted library allocation
page read and write
DFE000
stack
page read and write
950000
heap
page read and write
31B9000
heap
page read and write
320C000
heap
page read and write
5863000
heap
page read and write
9F72000
trusted library allocation
page read and write
388A000
heap
page read and write
6DEA000
heap
page read and write
4C02000
trusted library allocation
page read and write
3234000
heap
page read and write
386F000
heap
page read and write
15B6E000
unkown
page read and write
4E0000
heap
page read and write
5AD6000
heap
page read and write
A01F000
trusted library allocation
page read and write
66CA000
heap
page read and write
320C000
heap
page read and write
320C000
heap
page read and write
1200000
heap
page read and write
6AF6000
heap
page read and write
708000
heap
page read and write
15734000
heap
page read and write
59C0000
heap
page read and write
6D31000
heap
page read and write
58A8000
heap
page read and write
382E000
heap
page read and write
3001000
heap
page read and write
15C21000
heap
page read and write
380B000
heap
page read and write
717000
heap
page read and write
4AD6000
trusted library allocation
page read and write
541E000
stack
page read and write
6F0000
heap
page read and write
15C41000
heap
page read and write
320C000
heap
page read and write
15C41000
heap
page read and write
320B000
heap
page read and write
A29E000
trusted library allocation
page read and write
168AE000
unkown
page read and write
4E0000
heap
page read and write
16B4F000
stack
page read and write
E14000
heap
page read and write
3460000
heap
page read and write
516A000
trusted library allocation
page read and write
3227000
heap
page read and write
156A4000
heap
page read and write
710000
heap
page read and write
15109000
heap
page read and write
4A90000
trusted library allocation
page read and write
717000
heap
page read and write
4B5C000
trusted library allocation
page read and write
4AB0000
heap
page read and write
3300000
heap
page read and write
982000
heap
page read and write
3001000
heap
page read and write
E00000
heap
page read and write
A294000
trusted library allocation
page read and write
125C000
stack
page read and write
5151000
trusted library allocation
page read and write
5347000
trusted library allocation
page read and write
5381000
trusted library allocation
page read and write
4B0E000
stack
page read and write
5FA000
stack
page read and write
3816000
heap
page read and write
6DEC000
heap
page read and write
37D6000
heap
page read and write
982000
heap
page read and write
125E000
stack
page read and write
A194000
trusted library allocation
page read and write
2DFB000
stack
page read and write
4DE000
heap
page read and write
F00000
heap
page read and write
A3BD000
trusted library allocation
page read and write
91C000
heap
page read and write
195000
heap
page read and write
16B40000
trusted library allocation
page read and write
3844000
heap
page read and write
4AAD000
trusted library allocation
page read and write
6E0E000
heap
page read and write
6D3E000
heap
page read and write
A707000
trusted library allocation
page read and write
A6FF000
trusted library allocation
page read and write
1519A000
heap
page read and write
E14000
heap
page read and write
335C000
heap
page read and write
A60000
heap
page read and write
386D000
heap
page read and write
164E0000
heap
page read and write
1684C000
stack
page read and write
31DD000
heap
page read and write
321D000
heap
page read and write
3853000
heap
page read and write
4DE000
heap
page read and write
9C1000
heap
page read and write
6D38000
heap
page read and write
190000
heap
page read and write
6D31000
heap
page read and write
A186000
trusted library allocation
page read and write
5175000
heap
page read and write
4B4F000
trusted library allocation
page read and write
3001000
heap
page read and write
E14000
heap
page read and write
4E0000
heap
page read and write
162E0000
heap
page read and write
6DE7000
heap
page read and write
9A1000
heap
page read and write
6F07000
heap
page read and write
6D3C000
heap
page read and write
870000
heap
page read and write
4DE000
heap
page read and write
6D39000
heap
page read and write
7490000
heap
page read and write
156C6000
heap
page read and write
99C000
heap
page read and write
557B000
heap
page read and write
916000
heap
page read and write
2966000
trusted library allocation
page execute and read and write
320C000
heap
page read and write
4C0F000
stack
page read and write
15B1D000
stack
page read and write
6D38000
heap
page read and write
A6F3000
trusted library allocation
page read and write
37D9000
heap
page read and write
31E4000
heap
page read and write
5AD7000
heap
page read and write
4DE000
heap
page read and write
98C000
heap
page read and write
31E6000
heap
page read and write
4E0000
heap
page read and write
750000
heap
page read and write
C70000
heap
page read and write
31E6000
heap
page read and write
5667000
heap
page read and write
3243000
heap
page read and write
6C61000
heap
page read and write
5158000
trusted library allocation
page read and write
974000
heap
page read and write
910000
heap
page read and write
5C0000
heap
page read and write
2881000
heap
page read and write
4DE000
heap
page read and write
6E1A000
heap
page read and write
2FCB000
stack
page read and write
11B000
stack
page read and write
E14000
heap
page read and write
6C61000
heap
page read and write
5178000
heap
page read and write
653000
heap
page read and write
37D8000
heap
page read and write
31E2000
heap
page read and write
2774000
heap
page read and write
2FD0000
heap
page read and write
5AD8000
heap
page read and write
4FB000
stack
page read and write
5339000
trusted library allocation
page read and write
4DE000
heap
page read and write
3327000
heap
page read and write
52D7000
heap
page read and write
A296000
trusted library allocation
page read and write
6D30000
heap
page read and write
27D8000
heap
page read and write
4DE000
heap
page read and write
3813000
heap
page read and write
6D31000
heap
page read and write
1627E000
unkown
page read and write
5AD1000
heap
page read and write
865000
heap
page read and write
38B9000
heap
page read and write
4A62000
trusted library allocation
page read and write
6D3D000
heap
page read and write
A29B000
trusted library allocation
page read and write
514000
heap
page read and write
6A30000
heap
page read and write
4BAE000
stack
page read and write
58A5000
heap
page read and write
2E3B000
trusted library allocation
page execute and read and write
15E15000
heap
page read and write
6A72000
heap
page read and write
3001000
heap
page read and write
A1AE000
trusted library allocation
page read and write
4AEA000
trusted library allocation
page read and write
73A98000
unkown
page readonly
900000
heap
page read and write
15CB0000
heap
page read and write
3001000
heap
page read and write
3001000
heap
page read and write
32DE000
stack
page read and write
4B73000
trusted library allocation
page read and write
4DD000
heap
page read and write
383A000
heap
page read and write
4DE000
heap
page read and write
6980000
heap
page read and write
31E6000
heap
page read and write
E14000
heap
page read and write
37DE000
heap
page read and write
31C6000
heap
page read and write
5352000
trusted library allocation
page read and write
5B6B000
trusted library allocation
page read and write
15C9E000
heap
page read and write
A0A5000
trusted library allocation
page read and write
518B000
trusted library allocation
page read and write
277F000
heap
page read and write
4B61000
trusted library allocation
page read and write
4B6E000
trusted library allocation
page read and write
2E32000
trusted library allocation
page execute and read and write
3001000
heap
page read and write
A0F6000
trusted library allocation
page read and write
3195000
heap
page read and write
162DE000
trusted library allocation
page read and write
4BFF000
trusted library allocation
page read and write
488F000
stack
page read and write
3001000
heap
page read and write
3001000
heap
page read and write
2870000
heap
page read and write
5250000
heap
page read and write
52AB000
heap
page read and write
1567F000
heap
page read and write
974000
heap
page read and write
28A6000
unkown
page read and write
159AA000
heap
page read and write
3227000
heap
page read and write
37DA000
heap
page read and write
E14000
heap
page read and write
320C000
heap
page read and write
291B000
trusted library allocation
page execute and read and write
3327000
heap
page read and write
15090000
heap
page read and write
CD5000
heap
page read and write
5425000
trusted library allocation
page read and write
51A000
heap
page read and write
6D39000
heap
page read and write
4AD9000
trusted library allocation
page read and write
155D5000
heap
page read and write
5ACF000
stack
page read and write
745000
heap
page read and write
6AFF000
heap
page read and write
64F4000
heap
page read and write
4A00000
trusted library allocation
page read and write
97A000
heap
page read and write
4ECD000
heap
page read and write
470000
heap
page read and write
2CFB000
stack
page read and write
6E2B000
heap
page read and write
3001000
heap
page read and write
37F5000
heap
page read and write
169F0000
trusted library allocation
page read and write
15AB0000
trusted library allocation
page read and write
15C0000
heap
page read and write
64D000
heap
page read and write
3001000
heap
page read and write
3001000
heap
page read and write
4D20000
heap
page read and write
4A27000
trusted library allocation
page read and write
3001000
heap
page read and write
E14000
heap
page read and write
3170000
heap
page read and write
3001000
heap
page read and write
3001000
heap
page read and write
704000
heap
page read and write
581D000
trusted library allocation
page read and write
163AE000
heap
page read and write
15B4D000
stack
page read and write
15ADD000
unkown
page read and write
5365000
trusted library allocation
page read and write
2FD2000
trusted library allocation
page execute and read and write
15BA0000
heap
page read and write
5ADC000
heap
page read and write
4B87000
trusted library allocation
page read and write
627000
heap
page read and write
6895000
heap
page read and write
14D000
stack
page read and write
5C0F000
stack
page read and write
35B2000
heap
page read and write
15B9E000
stack
page read and write
6DF0000
heap
page read and write
5361000
heap
page read and write
4EBF000
stack
page read and write
5565000
heap
page read and write
15C0D000
heap
page read and write
329E000
stack
page read and write
918000
heap
page read and write
52B9000
heap
page read and write
52A9000
heap
page read and write
608000
heap
page read and write
5574000
heap
page read and write
E14000
heap
page read and write
1696000
heap
page read and write
556F000
heap
page read and write
E14000
heap
page read and write
480000
heap
page read and write
4DF000
heap
page read and write
7149000
heap
page read and write
4B8A000
trusted library allocation
page read and write
3829000
heap
page read and write
5AD2000
heap
page read and write
3023000
trusted library allocation
page execute and read and write
6D31000
heap
page read and write
A3DE000
trusted library allocation
page read and write
4B78000
trusted library allocation
page read and write
993000
heap
page read and write
50B6000
heap
page read and write
4A6D000
trusted library allocation
page read and write
A0DB000
trusted library allocation
page read and write
6D37000
heap
page read and write
E14000
heap
page read and write
374E000
stack
page read and write
4BA5000
trusted library allocation
page read and write
621000
heap
page read and write
13FB000
heap
page read and write
64FB000
heap
page read and write
6DE8000
heap
page read and write
4AD1000
trusted library allocation
page read and write
37D5000
heap
page read and write
1726000
unkown
page read and write
E14000
heap
page read and write
31FF000
heap
page read and write
15D7B000
heap
page read and write
6D38000
heap
page read and write
97F000
heap
page read and write
4E0000
heap
page read and write
34DE000
stack
page read and write
2974000
trusted library allocation
page execute and read and write
E14000
heap
page read and write
3230000
heap
page read and write
747000
heap
page read and write
708000
heap
page read and write
4DE000
heap
page read and write
4FA0000
heap
page read and write
E14000
heap
page read and write
302A000
trusted library allocation
page execute and read and write
1672E000
stack
page read and write
E14000
heap
page read and write
540F000
trusted library allocation
page read and write
6E2F000
heap
page read and write
37EB000
heap
page read and write
6D3A000
heap
page read and write
3001000
heap
page read and write
31A1000
heap
page read and write
4DE000
heap
page read and write
E14000
heap
page read and write
4E0000
heap
page read and write
4D8F000
stack
page read and write
A5B6000
trusted library allocation
page read and write
1730000
unkown
page read and write
3340000
heap
page read and write
3001000
heap
page read and write
4E0000
heap
page read and write
3839000
heap
page read and write
6D3A000
heap
page read and write
4DF000
heap
page read and write
3490000
heap
page read and write
15677000
heap
page read and write
A7BB000
trusted library allocation
page read and write
2EBD000
stack
page read and write
4DE000
heap
page read and write
578F000
stack
page read and write
37F5000
heap
page read and write
711000
heap
page read and write
1595E000
unkown
page read and write
6DF0000
heap
page read and write
4E0000
heap
page read and write
15352000
heap
page read and write
5AD9000
heap
page read and write
533D000
trusted library allocation
page read and write
15DE7000
heap
page read and write
E14000
heap
page read and write
575F000
stack
page read and write
1506E000
unkown
page read and write
35BF000
heap
page read and write
164D0000
heap
page read and write
38C4000
heap
page read and write
4AC2000
trusted library allocation
page read and write
A2A0000
trusted library allocation
page read and write
6E15000
heap
page read and write
333E000
heap
page read and write
35E0000
heap
page read and write
71C5000
heap
page read and write
6CE000
stack
page read and write
600000
heap
page read and write
6D3B000
heap
page read and write
6DF6000
heap
page read and write
990000
heap
page read and write
6D3A000
heap
page read and write
4B47000
trusted library allocation
page read and write
514E000
trusted library allocation
page read and write
15121000
heap
page read and write
1639A000
unkown
page read and write
A12000
heap
page read and write
320C000
heap
page read and write
4E0000
heap
page read and write
50A1000
trusted library allocation
page read and write
4A30000
trusted library allocation
page read and write
6B31000
heap
page read and write
28D0000
trusted library allocation
page execute and read and write
556C000
heap
page read and write
48D0000
trusted library allocation
page read and write
30BE000
stack
page read and write
5253000
trusted library allocation
page read and write
4E0000
heap
page read and write
3842000
heap
page read and write
6D3F000
heap
page read and write
5841000
heap
page read and write
3001000
heap
page read and write
A6EA000
trusted library allocation
page read and write
5172000
heap
page read and write
1590000
trusted library allocation
page read and write
C78000
stack
page read and write
4AA4000
trusted library allocation
page read and write
3001000
heap
page read and write
15C39000
heap
page read and write
621000
heap
page read and write
A7E6000
trusted library allocation
page read and write
3001000
heap
page read and write
6DF7000
heap
page read and write
4E0000
heap
page read and write
315E000
stack
page read and write
5560000
heap
page read and write
4C4E000
stack
page read and write
156CA000
heap
page read and write
6D3D000
heap
page read and write
748C000
stack
page read and write
EB000
stack
page read and write
A5AB000
trusted library allocation
page read and write
4B75000
trusted library allocation
page read and write
3354000
heap
page read and write
4980000
heap
page read and write
5343000
trusted library allocation
page read and write
9B1000
heap
page read and write
4DE000
heap
page read and write
157CD000
heap
page read and write
37D6000
heap
page read and write
A5E9000
trusted library allocation
page read and write
4B45000
trusted library allocation
page read and write
27DD000
heap
page read and write
3001000
heap
page read and write
5887000
heap
page read and write
A7D5000
trusted library allocation
page read and write
3001000
heap
page read and write
4BBA000
trusted library allocation
page read and write
320B000
heap
page read and write
5561000
heap
page read and write
A7DD000
trusted library allocation
page read and write
382A000
heap
page read and write
16312000
heap
page read and write
4DF000
heap
page read and write
618000
heap
page read and write
6E09000
heap
page read and write
980000
heap
page read and write
6D35000
heap
page read and write
4E0A000
trusted library allocation
page read and write
3001000
heap
page read and write
1541D000
stack
page read and write
999000
heap
page read and write
5566000
heap
page read and write
163BA000
heap
page read and write
31E4000
heap
page read and write
A0F1000
trusted library allocation
page read and write
58A5000
heap
page read and write
31E7000
heap
page read and write
4AAB000
trusted library allocation
page read and write
3867000
heap
page read and write
14F4E000
stack
page read and write
159C000
stack
page read and write
157CD000
heap
page read and write
E14000
heap
page read and write
579F000
stack
page read and write
4B8C000
trusted library allocation
page read and write
320C000
heap
page read and write
37CA000
heap
page read and write
389C000
heap
page read and write
99E000
heap
page read and write
6D35000
heap
page read and write
651000
heap
page read and write
163CB000
heap
page read and write
2E43000
trusted library allocation
page execute and read and write
3190000
heap
page read and write
62B000
heap
page read and write
5572000
heap
page read and write
5261000
heap
page read and write
6D37000
heap
page read and write
4DD000
heap
page read and write
320B000
heap
page read and write
3835000
heap
page read and write
5AC0000
heap
page read and write
7146000
heap
page read and write
E14000
heap
page read and write
4BBD000
trusted library allocation
page read and write
1669D000
stack
page read and write
52AC000
heap
page read and write
38C7000
heap
page read and write
31C5000
heap
page read and write
5361000
heap
page read and write
4DF000
heap
page read and write
5394000
trusted library allocation
page read and write
717000
heap
page read and write
743000
heap
page read and write
3001000
heap
page read and write
6D32000
heap
page read and write
52A6000
heap
page read and write
4BFD000
trusted library allocation
page read and write
4DE000
heap
page read and write
1562C000
heap
page read and write
54F2000
trusted library allocation
page read and write
6D3D000
heap
page read and write
320C000
heap
page read and write
4BB7000
trusted library allocation
page read and write
37C0000
heap
page read and write
15EB000
heap
page read and write
4DF000
heap
page read and write
15665000
heap
page read and write
4F50000
heap
page read and write
5AB0000
heap
page read and write
333E000
heap
page read and write
E9D000
stack
page read and write
1567F000
heap
page read and write
6B31000
heap
page read and write
1563D000
heap
page read and write
5261000
heap
page read and write
570F000
heap
page read and write
157FD000
stack
page read and write
E14000
heap
page read and write
14EC6000
heap
page read and write
4ACC000
trusted library allocation
page read and write
4DF000
heap
page read and write
4A7C000
trusted library allocation
page read and write
3853000
heap
page read and write
15BBC000
heap
page read and write
4DC000
heap
page read and write
A1E000
stack
page read and write
551F000
stack
page read and write
515C000
trusted library allocation
page read and write
16319000
heap
page read and write
31FB000
heap
page read and write
A7BF000
trusted library allocation
page read and write
1589F000
heap
page read and write
6E0000
heap
page read and write
2E80000
heap
page read and write
4A8E000
trusted library allocation
page read and write
58A8000
heap
page read and write
4DE000
heap
page read and write
4A34000
trusted library allocation
page read and write
9C2000
heap
page read and write
15C1A000
heap
page read and write
15D87000
heap
page read and write
4A9D000
trusted library allocation
page read and write
3001000
heap
page read and write
9C1000
heap
page read and write
731000
heap
page read and write
4A46000
trusted library allocation
page read and write
35BF000
heap
page read and write
717000
heap
page read and write
15E0000
heap
page read and write
1697C000
stack
page read and write
538F000
trusted library allocation
page read and write
509F000
trusted library allocation
page read and write
31E0000
heap
page read and write
35C2000
heap
page read and write
E14000
heap
page read and write
3001000
heap
page read and write
689A000
heap
page read and write
524C000
trusted library allocation
page read and write
3001000
heap
page read and write
705000
heap
page read and write
3315000
heap
page read and write
1552D000
stack
page read and write
4B0E000
stack
page read and write
31E7000
heap
page read and write
598F000
stack
page read and write
5B6D000
trusted library allocation
page read and write
1557E000
stack
page read and write
554C000
trusted library allocation
page read and write
15BB0000
trusted library allocation
page read and write
530E000
trusted library allocation
page read and write
35BF000
heap
page read and write
3001000
heap
page read and write
15C39000
heap
page read and write
1567F000
heap
page read and write
E14000
heap
page read and write
4C8E000
stack
page read and write
15530000
heap
page read and write
296D000
trusted library allocation
page execute and read and write
3001000
heap
page read and write
15619000
heap
page read and write
E14000
heap
page read and write
6E1B000
heap
page read and write
A6E4000
trusted library allocation
page read and write
4DE000
heap
page read and write
1599D000
stack
page read and write
565F000
stack
page read and write
4DE000
heap
page read and write
4B1E000
stack
page read and write
743000
heap
page read and write
E14000
heap
page read and write
E14000
heap
page read and write
627000
heap
page read and write
320C000
heap
page read and write
4B4A000
trusted library allocation
page read and write
382C000
heap
page read and write
6D3D000
heap
page read and write
159D6000
heap
page read and write
4DE000
heap
page read and write
37F8000
heap
page read and write
F30000
heap
page read and write
277B000
heap
page read and write
37D0000
heap
page read and write
3001000
heap
page read and write
15A8D000
stack
page read and write
4DD000
heap
page read and write
6C64000
heap
page read and write
6D34000
heap
page read and write
3001000
heap
page read and write
E14000
heap
page read and write
4A4C000
trusted library allocation
page read and write
3327000
heap
page read and write
B188000
trusted library allocation
page read and write
E14000
heap
page read and write
32FB000
stack
page read and write
58A5000
heap
page read and write
5418000
trusted library allocation
page read and write
557F000
heap
page read and write
1200000
heap
page read and write
4CFF000
stack
page read and write
82E000
stack
page read and write
9A3000
heap
page read and write
306A000
trusted library allocation
page execute and read and write
31E4000
heap
page read and write
556A000
heap
page read and write
4B02000
trusted library allocation
page read and write
E14000
heap
page read and write
4B70000
trusted library allocation
page read and write
F20000
heap
page read and write
35E9000
heap
page read and write
E14000
heap
page read and write
5397000
trusted library allocation
page read and write
50FE000
stack
page read and write
3590000
heap
page read and write
1546E000
unkown
page read and write
31D1000
heap
page read and write
1536D000
stack
page read and write
5368000
trusted library allocation
page read and write
1415000
heap
page read and write
983000
heap
page read and write
15D8C000
heap
page read and write
E10000
heap
page read and write
15677000
heap
page read and write
152DD000
stack
page read and write
CD0000
heap
page read and write
5429000
trusted library allocation
page read and write
15CE1000
heap
page read and write
73A91000
unkown
page execute read
4EFD000
stack
page read and write
1562C000
heap
page read and write
52C6000
heap
page read and write
6EFE000
heap
page read and write
544E000
trusted library allocation
page read and write
2E8E000
trusted library allocation
page execute and read and write
1685D000
stack
page read and write
4DE000
heap
page read and write
3327000
heap
page read and write
9C1000
heap
page read and write
9FE2000
trusted library allocation
page read and write
E14000
heap
page read and write
60F0000
trusted library allocation
page read and write
63E000
heap
page read and write
4E0000
heap
page read and write
5DE000
stack
page read and write
4A3F000
trusted library allocation
page read and write
513E000
stack
page read and write
386E000
stack
page read and write
9B1000
heap
page read and write
16B70000
trusted library allocation
page read and write
2E3E000
stack
page read and write
320B000
heap
page read and write
569E000
stack
page read and write
4E0000
heap
page read and write
621000
heap
page read and write
537A000
trusted library allocation
page read and write
320B000
heap
page read and write
12EE000
stack
page read and write
6D3F000
heap
page read and write
6DF2000
heap
page read and write
566C000
heap
page read and write
300A000
trusted library allocation
page execute and read and write
31DA000
heap
page read and write
14FDE000
unkown
page read and write
739000
heap
page read and write
320C000
heap
page read and write
E14000
heap
page read and write
50BE000
stack
page read and write
930000
heap
page read and write
5359000
trusted library allocation
page read and write
3354000
heap
page read and write
31E6000
heap
page read and write
320C000
heap
page read and write
5888000
heap
page read and write
6DF7000
heap
page read and write
3354000
heap
page read and write
37FB000
heap
page read and write
6E25000
heap
page read and write
E14000
heap
page read and write
37F2000
heap
page read and write
E14000
heap
page read and write
7266000
heap
page read and write
E14000
heap
page read and write
4E04000
trusted library allocation
page read and write
6D3A000
heap
page read and write
4AFF000
trusted library allocation
page read and write
58EF000
stack
page read and write
320C000
heap
page read and write
2DF2000
trusted library allocation
page execute and read and write
58A5000
heap
page read and write
3001000
heap
page read and write
1551D000
stack
page read and write
6EFB000
heap
page read and write
320C000
heap
page read and write
5F8000
stack
page read and write
3835000
heap
page read and write
37F5000
heap
page read and write
6E9A000
heap
page read and write
4A8B000
trusted library allocation
page read and write
38B8000
heap
page read and write
320C000
heap
page read and write
4BB5000
trusted library allocation
page read and write
5B70000
trusted library allocation
page read and write
154F2000
heap
page read and write
14E92000
trusted library allocation
page read and write
9B3000
heap
page read and write
1568A000
heap
page read and write
8BD000
stack
page read and write
9B1000
heap
page read and write
384E000
heap
page read and write
5153000
trusted library allocation
page read and write
5570000
heap
page read and write
17148000
unkown
page read and write
3202000
heap
page read and write
3001000
heap
page read and write
5452000
heap
page read and write
5261000
heap
page read and write
5165000
trusted library allocation
page read and write
A7CF000
trusted library allocation
page read and write
285B000
stack
page read and write
31FB000
heap
page read and write
6D3C000
heap
page read and write
4D8000
heap
page read and write
4A60000
trusted library allocation
page read and write
3001000
heap
page read and write
2DCE000
stack
page read and write
37ED000
heap
page read and write
5350000
trusted library allocation
page read and write
2971000
heap
page read and write
3001000
heap
page read and write
6AB5000
heap
page read and write
5261000
heap
page read and write
615000
heap
page read and write
4A6F000
trusted library allocation
page read and write
18B000
stack
page read and write
627000
heap
page read and write
35BC000
heap
page read and write
990000
heap
page read and write
E14000
heap
page read and write
15C48000
heap
page read and write
3001000
heap
page read and write
989000
heap
page read and write
979000
heap
page read and write
5AD0000
heap
page read and write
1310000
heap
page read and write
6DEC000
heap
page read and write
919000
heap
page read and write
627000
heap
page read and write
15ABD000
stack
page read and write
4BD3000
trusted library allocation
page read and write
3A69000
heap
page read and write
58A8000
heap
page read and write
5566000
heap
page read and write
99C000
heap
page read and write
4BD7000
heap
page read and write
3001000
heap
page read and write
5371000
trusted library allocation
page read and write
4BEB000
trusted library allocation
page read and write
4AED000
trusted library allocation
page read and write
6D3E000
heap
page read and write
6D3C000
heap
page read and write
14E97000
trusted library allocation
page read and write
9FB2000
trusted library allocation
page read and write
4DC000
heap
page read and write
301B000
trusted library allocation
page execute and read and write
739000
heap
page read and write
73A9E000
unkown
page readonly
4DE000
heap
page read and write
4A9B000
trusted library allocation
page read and write
4A5B000
trusted library allocation
page read and write
3585000
heap
page read and write
15CAE000
trusted library allocation
page read and write
1A0000
heap
page read and write
3835000
heap
page read and write
986000
heap
page read and write
3801000
heap
page read and write
1689B000
unkown
page read and write
5B70000
heap
page read and write
488F000
stack
page read and write
6E96000
heap
page read and write
37CA000
heap
page read and write
3804000
heap
page read and write
4E0000
heap
page read and write
5840000
heap
page read and write
28B0000
heap
page read and write
320C000
heap
page read and write
4DD000
heap
page read and write
A2EF000
trusted library allocation
page read and write
103C000
stack
page read and write
E14000
heap
page read and write
6A31000
heap
page read and write
A6D1000
trusted library allocation
page read and write
333E000
heap
page read and write
3828000
heap
page read and write
4AFA000
trusted library allocation
page read and write
15090000
trusted library allocation
page read and write
5361000
heap
page read and write
4BD6000
trusted library allocation
page read and write
5293000
heap
page read and write
3886000
heap
page read and write
E14000
heap
page read and write
162BD000
stack
page read and write
5168000
trusted library allocation
page read and write
4DE000
heap
page read and write
460000
heap
page read and write
163B9000
heap
page read and write
654000
heap
page read and write
919000
heap
page read and write
6E08000
heap
page read and write
4E2000
heap
page read and write
4B28000
trusted library allocation
page read and write
3495000
heap
page read and write
3001000
heap
page read and write
4B5E000
stack
page read and write
6DEC000
heap
page read and write
5AD0000
heap
page read and write
5445000
trusted library allocation
page read and write
37C3000
heap
page read and write
155FB000
heap
page read and write
555E000
stack
page read and write
4DF000
heap
page read and write
539E000
trusted library allocation
page read and write
6DDC000
heap
page read and write
91C000
heap
page read and write
2900000
heap
page read and write
15A7D000
unkown
page read and write
4B32000
trusted library allocation
page read and write
717000
heap
page read and write
4B2D000
trusted library allocation
page read and write
1692F000
stack
page read and write
4DF000
heap
page read and write
58A8000
heap
page read and write
9F78000
trusted library allocation
page read and write
53D8000
heap
page read and write
E14000
heap
page read and write
50AE000
stack
page read and write
9F1000
heap
page read and write
F28000
heap
page read and write
53A1000
trusted library allocation
page read and write
4C4F000
stack
page read and write
4E0000
heap
page read and write
31E7000
heap
page read and write
9C7000
heap
page read and write
14A00000
trusted library allocation
page read and write
4AE6000
trusted library allocation
page read and write
E14000
heap
page read and write
1566A000
heap
page read and write
6D33000
heap
page read and write
585E000
stack
page read and write
15765000
heap
page read and write
320C000
heap
page read and write
6E9F000
heap
page read and write
6894000
heap
page read and write
4DE000
heap
page read and write
6D3F000
heap
page read and write
5899000
heap
page read and write
6A73000
heap
page read and write
30E0000
heap
page read and write
1580000
unkown
page read and write
A7C9000
trusted library allocation
page read and write
5160000
trusted library allocation
page read and write
4B5A000
trusted library allocation
page read and write
156A0000
heap
page read and write
2E95000
trusted library allocation
page execute and read and write
3597000
heap
page read and write
5163000
trusted library allocation
page read and write
989000
heap
page read and write
37C7000
heap
page read and write
15850000
heap
page read and write
376E000
stack
page read and write
3816000
heap
page read and write
5150000
heap
page read and write
2FD0000
trusted library allocation
page execute and read and write
154FE000
unkown
page read and write
A0CB000
trusted library allocation
page read and write
2BD0000
heap
page read and write
320B000
heap
page read and write
150A0000
heap
page read and write
6790000
heap
page read and write
71B000
heap
page read and write
5360000
heap
page read and write
320C000
heap
page read and write
10D0000
heap
page read and write
6E0B000
heap
page read and write
15D2C000
heap
page read and write
51D000
heap
page read and write
5052000
trusted library allocation
page read and write
E14000
heap
page read and write
5565000
heap
page read and write
153BE000
unkown
page read and write
5177000
heap
page read and write
A290000
trusted library allocation
page read and write
5B68000
trusted library allocation
page read and write
3321000
heap
page read and write
8FD000
stack
page read and write
320C000
heap
page read and write
2901000
heap
page read and write
4B16000
trusted library allocation
page read and write
711000
heap
page read and write
31E0000
heap
page read and write
2FA0000
heap
page read and write
2912000
trusted library allocation
page execute and read and write
288D000
heap
page read and write
4DE000
heap
page read and write
37DB000
heap
page read and write
620000
heap
page read and write
A3E000
stack
page read and write
535F000
trusted library allocation
page read and write
5356000
trusted library allocation
page read and write
161E0000
trusted library allocation
page read and write
5000000
trusted library allocation
page read and write
38B8000
heap
page read and write
5261000
heap
page read and write
3160000
heap
page read and write
6EED000
heap
page read and write
3342000
heap
page read and write
3001000
heap
page read and write
37C6000
heap
page read and write
3001000
heap
page read and write
A50000
heap
page read and write
324D000
heap
page read and write
E14000
heap
page read and write
320C000
heap
page read and write
5895000
heap
page read and write
D00000
heap
page read and write
2FB0000
heap
page read and write
737000
heap
page read and write
57A0000
heap
page read and write
4B63000
trusted library allocation
page read and write
37F9000
heap
page read and write
5416000
trusted library allocation
page read and write
31E7000
heap
page read and write
1544D000
unkown
page read and write
5885000
heap
page read and write
4BE9000
trusted library allocation
page read and write
714A000
heap
page read and write
1622D000
stack
page read and write
13F0000
heap
page read and write
163AE000
heap
page read and write
5189000
trusted library allocation
page read and write
6D38000
heap
page read and write
15570000
heap
page read and write
4BBF000
trusted library allocation
page read and write
5422000
trusted library allocation
page read and write
31F5000
heap
page read and write
655000
heap
page read and write
14A60000
trusted library allocation
page read and write
50D3000
trusted library allocation
page read and write
4BAA000
trusted library allocation
page read and write
92F000
stack
page read and write
4CD000
heap
page read and write
6DE7000
heap
page read and write
6D3E000
heap
page read and write
737000
heap
page read and write
4E0000
heap
page read and write
320C000
heap
page read and write
4DE000
heap
page read and write
E5E000
stack
page read and write
14EFD000
stack
page read and write
51A000
heap
page read and write
5566000
heap
page read and write
4B4E000
stack
page read and write
15E18000
heap
page read and write
A1E9000
trusted library allocation
page read and write
50AF000
stack
page read and write
4A86000
trusted library allocation
page read and write
9D0000
heap
page read and write
54C6000
trusted library allocation
page read and write
6EBD000
heap
page read and write
159C4000
heap
page read and write
5570000
heap
page read and write
98A000
heap
page read and write
E14000
heap
page read and write
389A000
heap
page read and write
6DE000
stack
page read and write
5261000
heap
page read and write
3001000
heap
page read and write
1EB000
stack
page read and write
F30000
trusted library allocation
page read and write
627000
heap
page read and write
156CA000
heap
page read and write
A1E7000
trusted library allocation
page read and write
68CB000
stack
page read and write
16538000
unkown
page read and write
4B18000
trusted library allocation
page read and write
E14000
heap
page read and write
4FB000
stack
page read and write
14E9E000
trusted library allocation
page read and write
129E000
stack
page read and write
1693F000
stack
page read and write
31E6000
heap
page read and write
4DD000
heap
page read and write
38A9000
heap
page read and write
951000
heap
page read and write
4DE000
heap
page read and write
31B9000
heap
page read and write
A69000
heap
page read and write
536E000
trusted library allocation
page read and write
2840000
heap
page read and write
4DE000
heap
page read and write
4B11000
trusted library allocation
page read and write
4DE000
heap
page read and write
73A9B000
unkown
page read and write
156C6000
heap
page read and write
6AA7000
heap
page read and write
746000
heap
page read and write
43E000
stack
page read and write
4FA000
heap
page read and write
320C000
heap
page read and write
6E8D000
heap
page read and write
6E18000
heap
page read and write
A573000
trusted library allocation
page read and write
37F5000
heap
page read and write
4A72000
trusted library allocation
page read and write
2F20000
heap
page read and write
E14000
heap
page read and write
978000
heap
page read and write
E14000
heap
page read and write
31EA000
heap
page read and write
50A4000
trusted library allocation
page read and write
31B9000
heap
page read and write
3001000
heap
page read and write
3001000
heap
page read and write
37DC000
heap
page read and write
614000
heap
page read and write
9FA7000
trusted library allocation
page read and write
A6F9000
trusted library allocation
page read and write
31B9000
heap
page read and write
73A90000
unkown
page readonly
140A000
heap
page read and write
3001000
heap
page read and write
3A40000
heap
page read and write
157AC000
heap
page read and write
3001000
heap
page read and write
35B2000
heap
page read and write
31E6000
heap
page read and write
319F000
heap
page read and write
914000
heap
page read and write
D48000
heap
page read and write
542F000
trusted library allocation
page read and write
320C000
heap
page read and write
A555000
trusted library allocation
page read and write
1640000
heap
page read and write
1630E000
unkown
page read and write
4B9C000
trusted library allocation
page read and write
65DA000
heap
page read and write
3001000
heap
page read and write
5172000
trusted library allocation
page read and write
4ADB000
trusted library allocation
page read and write
5176000
heap
page read and write
938000
heap
page read and write
14E9C000
trusted library allocation
page read and write
15FA000
heap
page read and write
6D3C000
heap
page read and write
54EF000
trusted library allocation
page read and write
5175000
trusted library allocation
page read and write
3001000
heap
page read and write
3001000
heap
page read and write
5413000
trusted library allocation
page read and write
4CD000
heap
page read and write
3343000
heap
page read and write
B2DB000
trusted library allocation
page read and write
15D25000
heap
page read and write
570A000
heap
page read and write
15DA0000
trusted library allocation
page read and write
4A5D000
trusted library allocation
page read and write
163C4000
heap
page read and write
15736000
heap
page read and write
537C000
trusted library allocation
page read and write
748000
heap
page read and write
6D35000
heap
page read and write
16AFE000
stack
page read and write
15769000
heap
page read and write
4B7D000
trusted library allocation
page read and write
3317000
heap
page read and write
A70000
heap
page read and write
997000
heap
page read and write
E14000
heap
page read and write
31FF000
heap
page read and write
5155000
trusted library allocation
page read and write
5560000
heap
page read and write
4DF000
heap
page read and write
320B000
heap
page read and write
91C000
heap
page read and write
15D8C000
heap
page read and write
4F14000
trusted library allocation
page read and write
4B91000
trusted library allocation
page read and write
517E000
trusted library allocation
page read and write
E14000
heap
page read and write
E14000
heap
page read and write
59E000
stack
page read and write
A3E5000
trusted library allocation
page read and write
52BF000
heap
page read and write
4ACF000
stack
page read and write
2E88000
heap
page read and write
737000
heap
page read and write
8FF000
stack
page read and write
3001000
heap
page read and write
5B0E000
stack
page read and write
E14000
heap
page read and write
535D000
trusted library allocation
page read and write
153FD000
stack
page read and write
3570000
heap
page read and write
5600000
heap
page read and write
E14000
heap
page read and write
538D000
trusted library allocation
page read and write
157B3000
heap
page read and write
3190000
heap
page read and write
918000
heap
page read and write
4B0F000
trusted library allocation
page read and write
1501D000
stack
page read and write
4DE000
heap
page read and write
1639D000
unkown
page read and write
4BCE000
trusted library allocation
page read and write
5F3000
stack
page read and write
4AEF000
trusted library allocation
page read and write
3864000
heap
page read and write
1532E000
unkown
page read and write
4A29000
trusted library allocation
page read and write
5ADD000
heap
page read and write
11EE000
stack
page read and write
5172000
heap
page read and write
3001000
heap
page read and write
170FD000
stack
page read and write
3001000
heap
page read and write
31EC000
heap
page read and write
860000
heap
page read and write
15160000
heap
page read and write
5179000
trusted library allocation
page read and write
58A8000
heap
page read and write
3001000
heap
page read and write
108C000
stack
page read and write
2FE8000
heap
page read and write
1519A000
heap
page read and write
C8C000
stack
page read and write
A17E000
trusted library allocation
page read and write
E14000
heap
page read and write
2E2A000
trusted library allocation
page execute and read and write
2DF0000
trusted library allocation
page execute and read and write
15CDA000
heap
page read and write
163CB000
heap
page read and write
31E6000
heap
page read and write
37DD000
heap
page read and write
4E0000
heap
page read and write
4D8E000
stack
page read and write
156D0000
heap
page read and write
37F5000
heap
page read and write
1614000
heap
page read and write
A5E000
stack
page read and write
3354000
heap
page read and write
D10000
heap
page read and write
4DE000
heap
page read and write
15B0E000
unkown
page read and write
3001000
heap
page read and write
38A7000
heap
page read and write
917000
heap
page read and write
6E1F000
heap
page read and write
4BA8000
trusted library allocation
page read and write
E14000
heap
page read and write
979000
heap
page read and write
5362000
trusted library allocation
page read and write
1410000
heap
page read and write
4B36000
trusted library allocation
page read and write
31F0000
heap
page read and write
31BA000
heap
page read and write
5574000
heap
page read and write
73F000
heap
page read and write
15BAC000
trusted library allocation
page read and write
4A77000
trusted library allocation
page read and write
15D8C000
heap
page read and write
3001000
heap
page read and write
4AFC000
trusted library allocation
page read and write
732000
heap
page read and write
6E18000
heap
page read and write
3837000
heap
page read and write
156C6000
heap
page read and write
E14000
heap
page read and write
35C3000
heap
page read and write
14AA000
heap
page read and write
3001000
heap
page read and write
737000
heap
page read and write
4E0000
heap
page read and write
15CE1000
heap
page read and write
63F000
heap
page read and write
1F0000
heap
page read and write
3001000
heap
page read and write
3354000
heap
page read and write
5177000
trusted library allocation
page read and write
6E2C000
heap
page read and write
31E4000
heap
page read and write
999000
heap
page read and write
6AFF000
heap
page read and write
320B000
heap
page read and write
320B000
heap
page read and write
3597000
heap
page read and write
A292000
trusted library allocation
page read and write
D55000
heap
page read and write
4E0000
heap
page read and write
A822000
trusted library allocation
page read and write
4DE000
heap
page read and write
54C1000
trusted library allocation
page read and write
4B1B000
trusted library allocation
page read and write
16AED000
trusted library allocation
page read and write
4B2A000
trusted library allocation
page read and write
159EE000
unkown
page read and write
5852000
heap
page read and write
6BA7000
heap
page read and write
E14000
heap
page read and write
E14000
heap
page read and write
4DF000
heap
page read and write
E14000
heap
page read and write
3001000
heap
page read and write
11F0000
heap
page read and write
E14000
heap
page read and write
4BD8000
trusted library allocation
page read and write
37F0000
heap
page read and write
4A4E000
trusted library allocation
page read and write
14E90000
trusted library allocation
page read and write
739000
heap
page read and write
14EF0000
trusted library allocation
page read and write
3001000
heap
page read and write
4DD000
heap
page read and write
37EE000
heap
page read and write
5261000
heap
page read and write
536B000
trusted library allocation
page read and write
3001000
heap
page read and write
1634B000
stack
page read and write
3357000
heap
page read and write
1740000
trusted library allocation
page read and write
3588000
heap
page read and write
4ACF000
trusted library allocation
page read and write
15E9C000
trusted library allocation
page read and write
15A2D000
stack
page read and write
4E0000
heap
page read and write
A3F1000
trusted library allocation
page read and write
17160000
trusted library allocation
page read and write
4DE000
heap
page read and write
6D32000
heap
page read and write
3001000
heap
page read and write
586C000
heap
page read and write
3884000
heap
page read and write
14F8D000
stack
page read and write
6C64000
heap
page read and write
2B5D000
stack
page read and write
4E0000
heap
page read and write
37D4000
heap
page read and write
588F000
stack
page read and write
1569E000
unkown
page read and write
4DE000
heap
page read and write
E14000
heap
page read and write
3001000
heap
page read and write
4E02000
trusted library allocation
page read and write
4AA0000
trusted library allocation
page read and write
15DB7000
heap
page read and write
35C4000
heap
page read and write
57EE000
stack
page read and write
3001000
heap
page read and write
5775000
heap
page read and write
3001000
heap
page read and write
A69000
heap
page read and write
3828000
heap
page read and write
167BB000
stack
page read and write
3350000
heap
page read and write
47D000
stack
page read and write
1556E000
stack
page read and write
3845000
heap
page read and write
320C000
heap
page read and write
D40000
heap
page read and write
9D0000
heap
page read and write
3001000
heap
page read and write
1548D000
stack
page read and write
711000
heap
page read and write
52A2000
heap
page read and write
4E06000
trusted library allocation
page read and write
1206000
heap
page read and write
15C69000
heap
page read and write
3001000
heap
page read and write
320C000
heap
page read and write
154DE000
unkown
page read and write
97D000
heap
page read and write
534D000
trusted library allocation
page read and write
6D37000
heap
page read and write
A0E1000
trusted library allocation
page read and write
E14000
heap
page read and write
3071000
trusted library allocation
page execute and read and write
3001000
heap
page read and write
37C7000
heap
page read and write
999000
heap
page read and write
320C000
heap
page read and write
3A00000
heap
page read and write
35BF000
heap
page read and write
4DE000
heap
page read and write
4AB8000
trusted library allocation
page read and write
1677E000
stack
page read and write
542B000
trusted library allocation
page read and write
9F52000
trusted library allocation
page read and write
598B000
heap
page read and write
31B9000
heap
page read and write
2774000
heap
page read and write
13F0000
heap
page read and write
165E0000
trusted library allocation
page read and write
4C8000
heap
page read and write
1575A000
heap
page read and write
4BA1000
trusted library allocation
page read and write
320B000
heap
page read and write
1680D000
unkown
page read and write
35B2000
heap
page read and write
6D3C000
heap
page read and write
6AB4000
heap
page read and write
6BD8000
heap
page read and write
4F3E000
stack
page read and write
386C000
heap
page read and write
4DE000
heap
page read and write
323A000
heap
page read and write
6D32000
heap
page read and write
4B9E000
trusted library allocation
page read and write
E14000
heap
page read and write
4BF2000
trusted library allocation
page read and write
37CA000
heap
page read and write
4DE000
heap
page read and write
14A6000
heap
page read and write
4F2D000
trusted library allocation
page read and write
5565000
heap
page read and write
91C000
heap
page read and write
97C000
heap
page read and write
3001000
heap
page read and write
57A7000
heap
page read and write
9B3000
heap
page read and write
48CE000
stack
page read and write
A299000
trusted library allocation
page read and write
4B8F000
trusted library allocation
page read and write
CE0000
heap
page read and write
5175000
heap
page read and write
1560000
heap
page read and write
169CA000
unkown
page read and write
12AC000
stack
page read and write
4BB0000
heap
page read and write
E14000
heap
page read and write
4BED000
trusted library allocation
page read and write
2F6E000
stack
page read and write
5260000
heap
page read and write
378F000
stack
page read and write
3001000
heap
page read and write
DF3000
heap
page read and write
4E0000
heap
page read and write
4A79000
trusted library allocation
page read and write
320C000
heap
page read and write
1568A000
heap
page read and write
4A0E000
stack
page read and write
7FF000
stack
page read and write
A0C4000
trusted library allocation
page read and write
4AE8000
trusted library allocation
page read and write
5854000
heap
page read and write
13AF000
stack
page read and write
618000
heap
page read and write
4DE000
heap
page read and write
97E000
heap
page read and write
4B5E000
trusted library allocation
page read and write
6C20000
heap
page read and write
4AA2000
trusted library allocation
page read and write
4C0000
heap
page read and write
15677000
heap
page read and write
9D0000
heap
page read and write
515E000
trusted library allocation
page read and write
15C43000
heap
page read and write
5261000
heap
page read and write
4BE000
stack
page read and write
2923000
trusted library allocation
page execute and read and write
A18E000
trusted library allocation
page read and write
3001000
heap
page read and write
71A000
heap
page read and write
541C000
trusted library allocation
page read and write
3001000
heap
page read and write
5573000
heap
page read and write
4DE000
heap
page read and write
5346000
heap
page read and write
4DE000
heap
page read and write
3307000
heap
page read and write
65D000
stack
page read and write
31FE000
stack
page read and write
290A000
trusted library allocation
page execute and read and write
514B000
trusted library allocation
page read and write
320B000
heap
page read and write
1519A000
heap
page read and write
3883000
heap
page read and write
4B04000
trusted library allocation
page read and write
6AB4000
heap
page read and write
389F000
heap
page read and write
3577000
heap
page read and write
E14000
heap
page read and write
C3B000
stack
page read and write
290E000
trusted library allocation
page execute and read and write
1560E000
unkown
page read and write
1568A000
heap
page read and write
164CD000
stack
page read and write
700000
heap
page read and write
2908000
heap
page read and write
6DF4000
heap
page read and write
2882000
heap
page read and write
999000
heap
page read and write
31D1000
heap
page read and write
3001000
heap
page read and write
3001000
heap
page read and write
9B3000
heap
page read and write
4D4F000
stack
page read and write
4DE000
heap
page read and write
4DF000
heap
page read and write
1564D000
stack
page read and write
4ABA000
trusted library allocation
page read and write
1584E000
unkown
page read and write
1F0000
heap
page read and write
5ADE000
heap
page read and write
E14000
heap
page read and write
E14000
heap
page read and write
6C59000
heap
page read and write
E14000
heap
page read and write
5887000
heap
page read and write
595E000
stack
page read and write
6E15000
heap
page read and write
E14000
heap
page read and write
6D3C000
heap
page read and write
3001000
heap
page read and write
168DE000
stack
page read and write
6AF6000
heap
page read and write
A40A000
trusted library allocation
page read and write
17C0000
trusted library allocation
page read and write
5389000
trusted library allocation
page read and write
6D3D000
heap
page read and write
31E6000
heap
page read and write
981000
heap
page read and write
317F000
stack
page read and write
37D8000
heap
page read and write
748000
heap
page read and write
320B000
heap
page read and write
4E00000
trusted library allocation
page read and write
58AA000
heap
page read and write
388B000
heap
page read and write
5ADB000
heap
page read and write
A608000
trusted library allocation
page read and write
135E000
stack
page read and write
3001000
heap
page read and write
4B7A000
trusted library allocation
page read and write
31D1000
heap
page read and write
320B000
heap
page read and write
154AD000
stack
page read and write
15C0D000
heap
page read and write
54B7000
trusted library allocation
page read and write
3591000
heap
page read and write
2E7E000
stack
page read and write
E14000
heap
page read and write
165F8000
trusted library allocation
page read and write
320C000
heap
page read and write
4B13000
trusted library allocation
page read and write
4A44000
trusted library allocation
page read and write
50EF000
stack
page read and write
539B000
trusted library allocation
page read and write
62A000
heap
page read and write
3A60000
heap
page read and write
E14000
heap
page read and write
4A32000
trusted library allocation
page read and write
3001000
heap
page read and write
5261000
heap
page read and write
739000
heap
page read and write
166ED000
unkown
page read and write
6D32000
heap
page read and write
4DA0000
heap
page read and write
6DF4000
heap
page read and write
345E000
stack
page read and write
A0D4000
trusted library allocation
page read and write
156CA000
heap
page read and write
15D15000
heap
page read and write
6FAF000
heap
page read and write
16DB0000
heap
page read and write
166EA000
unkown
page read and write
4DF000
heap
page read and write
3359000
heap
page read and write
4ABD000
trusted library allocation
page read and write
5D10000
trusted library allocation
page read and write
49CF000
stack
page read and write
6D3D000
heap
page read and write
3202000
heap
page read and write
30FE000
stack
page read and write
E14000
heap
page read and write
9A1000
heap
page read and write
4BA3000
trusted library allocation
page read and write
4AD4000
trusted library allocation
page read and write
156F9000
heap
page read and write
1575A000
heap
page read and write
5899000
heap
page read and write
3356000
heap
page read and write
387E000
heap
page read and write
E14000
heap
page read and write
6B31000
heap
page read and write
4DE000
heap
page read and write
15C4A000
heap
page read and write
69B000
stack
page read and write
35B2000
heap
page read and write
49CE000
stack
page read and write
4DF000
heap
page read and write
994000
heap
page read and write
31FB000
heap
page read and write
15C9E000
heap
page read and write
512000
heap
page read and write
6BA8000
heap
page read and write
A17A000
trusted library allocation
page read and write
37E4000
heap
page read and write
66CE000
heap
page read and write
333E000
heap
page read and write
E14000
heap
page read and write
1EE000
stack
page read and write
C3C000
stack
page read and write
6E91000
heap
page read and write
1680A000
unkown
page read and write
4F55000
trusted library allocation
page read and write
38C7000
heap
page read and write
A579000
trusted library allocation
page read and write
168EE000
stack
page read and write
4A89000
trusted library allocation
page read and write
380A000
heap
page read and write
3270000
heap
page read and write
3001000
heap
page read and write
4DE000
heap
page read and write
31BB000
heap
page read and write
3803000
heap
page read and write
169CD000
unkown
page read and write
155DD000
heap
page read and write
4A74000
trusted library allocation
page read and write
651000
heap
page read and write
2BC0000
heap
page read and write
156C0000
heap
page read and write
4A49000
trusted library allocation
page read and write
2775000
heap
page read and write
4A59000
trusted library allocation
page read and write
E14000
heap
page read and write
554E000
trusted library allocation
page read and write
E14000
heap
page read and write
382B000
heap
page read and write
6DF3000
heap
page read and write
28D2000
trusted library allocation
page execute and read and write
389D000
heap
page read and write
164E4000
heap
page read and write
60E0000
heap
page read and write
5899000
heap
page read and write
3001000
heap
page read and write
2FAF000
stack
page read and write
2830000
heap
page read and write
11F0000
unkown
page read and write
52AF000
heap
page read and write
17150000
trusted library allocation
page read and write
151C2000
trusted library allocation
page read and write
F30000
trusted library allocation
page read and write
320C000
heap
page read and write
1820000
heap
page read and write
3001000
heap
page read and write
6E03000
heap
page read and write
4B34000
trusted library allocation
page read and write
58A5000
heap
page read and write
A2EC000
trusted library allocation
page read and write
4D8000
heap
page read and write
BB88000
trusted library allocation
page read and write
31DE000
heap
page read and write
950000
heap
page read and write
5181000
trusted library allocation
page read and write
53DF000
stack
page read and write
4E0000
heap
page read and write
498F000
stack
page read and write
A6C5000
trusted library allocation
page read and write
A350000
trusted library allocation
page read and write
58AA000
heap
page read and write
59CE000
stack
page read and write
16540000
trusted library allocation
page read and write
4EC0000
heap
page read and write
3001000
heap
page read and write
E14000
heap
page read and write
1566A000
heap
page read and write
159A6000
heap
page read and write
5374000
trusted library allocation
page read and write
A2EA000
trusted library allocation
page read and write
2CCE000
stack
page read and write
4E2000
heap
page read and write
5899000
heap
page read and write
31E7000
heap
page read and write
2B1C000
stack
page read and write
3001000
heap
page read and write
6E09000
heap
page read and write
517C000
trusted library allocation
page read and write
3591000
heap
page read and write
15C69000
heap
page read and write
5566000
heap
page read and write
E14000
heap
page read and write
3818000
heap
page read and write
155E5000
heap
page read and write
4B2F000
trusted library allocation
page read and write
6B30000
heap
page read and write
320C000
heap
page read and write
6C61000
heap
page read and write
991000
heap
page read and write
2885000
heap
page read and write
485000
heap
page read and write
1590D000
stack
page read and write
31E3000
heap
page read and write
5AD2000
heap
page read and write
2FD8000
heap
page read and write
170B0000
trusted library allocation
page read and write
5170000
trusted library allocation
page read and write
3001000
heap
page read and write
3040000
heap
page read and write
A550000
trusted library allocation
page read and write
4ABF000
trusted library allocation
page read and write
4D7000
heap
page read and write
6E0D000
heap
page read and write
320B000
heap
page read and write
EDE000
stack
page read and write
4B3D000
trusted library allocation
page read and write
5A40000
heap
page read and write
37C3000
heap
page read and write
3000000
heap
page read and write
502A000
trusted library allocation
page read and write
6C64000
heap
page read and write
E14000
heap
page read and write
2E7D000
stack
page read and write
5863000
heap
page read and write
3597000
heap
page read and write
38A3000
heap
page read and write
3597000
heap
page read and write
A3CC000
trusted library allocation
page read and write
31E6000
heap
page read and write
6C70000
heap
page read and write
335C000
heap
page read and write
38BC000
heap
page read and write
A104000
trusted library allocation
page read and write
323F000
stack
page read and write
4A41000
trusted library allocation
page read and write
16FC0000
trusted library allocation
page read and write
2EA1000
heap
page read and write
A60000
heap
page read and write
2E87000
trusted library allocation
page execute and read and write
3012000
trusted library allocation
page execute and read and write
4E0000
heap
page read and write
319E000
heap
page read and write
6D32000
heap
page read and write
4B1D000
trusted library allocation
page read and write
1207000
heap
page read and write
2778000
heap
page read and write
4DE000
heap
page read and write
E15000
heap
page read and write
313E000
stack
page read and write
4BD1000
trusted library allocation
page read and write
978000
heap
page read and write
6E14000
heap
page read and write
31E6000
heap
page read and write
6AB4000
heap
page read and write
4BCA000
trusted library allocation
page read and write
37C9000
heap
page read and write
15BC3000
heap
page read and write
37D8000
heap
page read and write
50B6000
heap
page read and write
380E000
heap
page read and write
37C2000
heap
page read and write
37F7000
heap
page read and write
4BCC000
trusted library allocation
page read and write
1689D000
unkown
page read and write
F60000
heap
page read and write
300E000
trusted library allocation
page execute and read and write
E14000
heap
page read and write
E14000
heap
page read and write
4B4D000
trusted library allocation
page read and write
There are 1705 hidden memdumps, click here to show them.