IOC Report
EzvizStudioSetups.exe

loading gif

Files

File Path
Type
Category
Malicious
EzvizStudioSetups.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
C:\Program Files (x86)\Ezviz Studio\is-22416.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files (x86)\Ezviz Studio\AlarmSounds\alarm.wav (copy)
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
dropped
C:\Program Files (x86)\Ezviz Studio\AlarmSounds\is-EA4KH.tmp
RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
dropped
C:\Program Files (x86)\Ezviz Studio\AnalyzeData.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\AudioIntercom.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\AudioRender.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\CrashAPI.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\CrashReportConfig.ini (copy)
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\CrashReporter.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\D3DCompiler_43.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\D3DX9_43.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\DeleteSADPNpf.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\EagleEyeRender.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\EzvizCfgManager.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\EzvizDeviceDiscover.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCCore.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDK.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AnalyzeData.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AudioIntercom.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\AudioRender.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\DsSdk.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCAlarm.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCCoreDevCfg.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCDisplay.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCGeneralCfgMgr.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCIndustry.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPlayBack.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCPreview.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\HCVoiceTalk.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\OpenAL32.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\StreamTransClient.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\SystemTransform.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0AS8F.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-0O0CK.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-1LITI.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3HBPA.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-3V2DB.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-5ONIC.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-6999P.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-92IS9.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AN0JV.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-AO5VR.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-DE2KP.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-EM24B.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-JD9GS.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-NFHD7.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-PNOA2.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RM1K1.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\is-RUF54.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\libiconv2.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HCNetSDKCom\msvcr90.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HWDecode.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HXVA.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\HmMerge.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\ISTask.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\IssProc.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\LibDataAccess.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\LocalDB.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\MP_Render.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\MP_VIE.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\MapNetHDD.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\MsgCenterQt.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\NPQos.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\NetworkApi.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\NpfDetect.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\NpfOccupy.xml
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\OpenAL32.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\PlayCtrl.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\QtCore4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\QtGui4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\QtNetwork4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\QtOpenGL4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\QtPlugInManager.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\QtSvg4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\QtWebKit4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\QtXml4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\AMRemConfig.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\DemoTreeView.xml (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\LocalXml.zip (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\ScheduleTemplate.xml (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\SerialSDK.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\ShowRemConfig.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\TreeView.XML (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\is-1P4BG.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\is-5G1G7.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\is-9MGNB.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\is-BUDS6.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\is-J8HI4.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\is-JU1I7.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\is-LHUUG.tmp
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\is-VF347.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\is-VKSQL.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\qss\ABRemConfig.qss (copy)
ISO-8859 text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\qss\is-222KN.tmp
ISO-8859 text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\qwt.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-0H0FE.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-22BBP.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-2O0SV.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-2VQII.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-3TDU3.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-452BR.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-4UA4S.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-571RL.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-6KPC0.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-75L1S.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-75O3K.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-7DNLJ.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-7O95O.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-807T3.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-80U87.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-95136.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-9C767.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-9GSMN.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-9IHSP.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-9P312.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-A1R4J.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-A2SA8.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-AEFDI.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-BF320.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-BQ4UV.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-CF844.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-DGQNG.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-DJS6U.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-DMKH6.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-FGH5B.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-FM5NA.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-FUVH4.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-H1VK5.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-H6S5B.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-ID65J.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-IJ9CM.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-JO8M6.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-LJE9V.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-LLG8J.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-M7P7E.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-MGK4P.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-NB9JK.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-OBUUV.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-PDBUG.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-Q19TN.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-QP4OO.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-RFHBA.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-RSB7O.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-SG47E.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-TT5E5.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-UN1R5.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-USII4.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-UV0VL.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-V7M5O.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\is-VK7NB.tmp
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_cs.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_cz.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_da.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_de.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_es.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_fr.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_gm.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_hb.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_he.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_hg.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_hu.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_ja.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_ko.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_pl.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_po.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_pt.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_ru.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_sk.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_sl.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_sp.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_sv.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_zh_CN.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\qt_zh_TW.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_bg.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_cs.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_da.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_de.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_el.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_en.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_es.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_et.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_fi.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_fr.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_he.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_hr.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_hu.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_it.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_ja.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_ko.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_ms.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_nb.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_nl.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_pl.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_pt.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_ro.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_ru.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_sk.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_sl.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_sr.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_sv.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_th.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_tr.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_vi.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_zh.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\translations\showremconfig_zh_TW.qm (copy)
Qt Translation file
dropped
C:\Program Files (x86)\Ezviz Studio\RemConfig\zlib1.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\SPUpDateClientLib.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\SuperRender.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\SystemTransform.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\VShowToolKit.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\YUVProcess.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\area.xml (copy)
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\cacert.pem (copy)
ASCII text
dropped
C:\Program Files (x86)\Ezviz Studio\dbghelp.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\gdiplus.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hlog.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hlog2.intlog
ASCII text, with CRLF line terminators
modified
C:\Program Files (x86)\Ezviz Studio\hplug.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\Client_DataCenter.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\LibDataAccess.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\QtCore4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\hplugin.xml (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-3N6JU.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-F3UAA.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-F9P72.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-NKU9P.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-OO7KH.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-SN6FQ.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\is-TJCPJ.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\libeay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\libsasl.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\Client_DataCenter\ssleay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\PLUGIN_INFO.xml (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\is-55CEI.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\AnalyzeData.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\NetStream.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\PushClient.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTPRTCP.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\RTSPClient.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamClient_V30.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StreamTransClient.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\StunClientLib.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\SystemTransform.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\TTSClient.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\hplugin.xml (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-244RQ.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-2UBBQ.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-7TQ67.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-A1HFI.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-A2HSD.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-AM4D0.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-BS81F.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-C6R41.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FBVS3.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-FK4IR.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HAJ0H.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HI3IC.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-HLPPD.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-NN73K.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-O00C7.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-QEANV.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VOK38.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\is-VROPE.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libCASClient.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libGetHDSign.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\libPPVClient2.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\paho-mqtt3c.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\pthreadVC2.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\streamclient_lib.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hplugin\netstream\udt.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\hpr.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-0DP5N.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-0R3RH.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-1PVTV.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-288KO.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-2ACRI.tmp
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\is-2G5F5.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-2H5PH.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-2SHJB.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-41TD8.tmp
PE32 executable (native) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-42497.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-59MEK.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-5JFPD.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-602QN.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-6E68T.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-6NO15.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-7FLPA.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-7VSP1.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-8CTED.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-905AF.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-9GRVS.tmp
PE32+ executable (native) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-A8VS5.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-AJQ1H.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-B06VR.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-B6PJK.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-C56CN.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-CD1R1.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-CPBPM.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-DP620.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-E83DF.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-ED0L2.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-EIJEC.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-FD4R7.tmp
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\is-FIAFN.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-FM8S1.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-GJ4VR.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-H6BF4.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-H7EA0.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-HTMT8.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-I91V5.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-IDLFR.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-IO7BE.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-JB66K.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-JRCF8.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-K3809.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-LBT3O.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-LD25M.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-LF1B9.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-M11TJ.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-M6FVE.tmp
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-M9R81.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-NGVJB.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-NLQUS.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-OKI5B.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-PCNT3.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-PO33G.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-PU62R.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-RAF6L.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-S0N29.tmp
ISO-8859 text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\is-SSUFV.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-ST8MO.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-SVNSK.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-T09PE.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-TDFSL.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-TVHVS.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-URJG1.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\is-VR9CN.tmp
ASCII text
dropped
C:\Program Files (x86)\Ezviz Studio\is-VUI8I.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\libGetHDSign.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\libcrypto-1_1.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\libcurl.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\libeay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\libgcc_s_dw2-1.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\libssl-1_1.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\log4cxx.properties (copy)
ISO-8859 text, with CRLF line terminators
dropped
C:\Program Files (x86)\Ezviz Studio\log\PLUG.log
Unicode text, UTF-8 text
dropped
C:\Program Files (x86)\Ezviz Studio\log\default.log
data
dropped
C:\Program Files (x86)\Ezviz Studio\mingwm10.dll (copy)
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\npf.sys (copy)
PE32 executable (native) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\npf64.sys (copy)
PE32+ executable (native) x86-64, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\opensslwrap.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\pem\ca_cert.pem (copy)
PEM certificate
dropped
C:\Program Files (x86)\Ezviz Studio\pem\is-6T36M.tmp
PEM certificate
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-8T0ER.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-EPFIS.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-G4ERQ.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\codecs\is-P08M4.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qcncodecs4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qjpcodecs4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qkrcodecs4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\codecs\qtwcodecs4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-GDFO4.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-JNSH8.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-KHS6O.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-MPN8E.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-PJMGV.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RFGC0.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\is-RMC60.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qgif4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qico4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qjpeg4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qmng4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qsvg4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtga4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\imageformats\qtiff4.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\skins\DefaultSkin.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\plugins\skins\is-MCISE.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\sadp\Sadp.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\sadp\is-TEKSC.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\sqlite3.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\ssleay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\unins000.dat
InnoSetup Log Ezviz Studio {49DF99D3-BC81-439A-8F40-A0529159024C}, version 0x30, 20898 bytes, 061544\user, "C:\Program Files (x86)\Ezviz Studio"
dropped
C:\Program Files (x86)\Ezviz Studio\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\update_server.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Ezviz Studio\zlib1.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\CrashReporter.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\ExceptionHandler.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\ISTask.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\LocalConfig.xml (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-2CHDE.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-59L42.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-DKCBU.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\is-F48ST.tmp
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcm90.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcp90.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.CRT\msvcr90.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-1SI6K.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-9841E.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-B2SL2.tmp
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-KL4HM.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\is-Q1919.tmp
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfc90u.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\Microsoft.VC90.MFC\mfcm90u.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\ModProperties.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\SPUpDate.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe.hservice (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\hlog.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\hpr.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-109A2.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-2Q8UL.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-6LTAQ.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-CTPA5.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-G3PO0.tmp
ISO-8859 text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\is-HAH6F.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\is-HQ624.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-I4HHJ.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-J9FD8.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-LSKSS.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-N0DHA.tmp
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\is-NAN0P.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-NITAN.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-OM9H2.tmp
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\is-R6CG1.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-VEV33.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\is-VQDR6.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\kill_process.bat (copy)
ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\libcurl.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\libeay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\log4cxx.properties
ISO-8859 text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\ssleay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\startUp.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\hicloud\update_server\tmp.tmp
ISO-8859 text, with CRLF line terminators
dropped
C:\Program Files (x86)\hicloud\update_server\unins000.dat
InnoSetup Log update_server {1D08522D-308D-4615-AEA9-44021FD7445A}, version 0x30, 5748 bytes, 061544\user, "C:\Program Files (x86)\hicloud\update_server"
dropped
C:\Program Files (x86)\hicloud\update_server\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\Ezviz Studio\Ezviz Studio.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Apr 19 07:15:51 2024, mtime=Fri Apr 19 07:15:51 2024, atime=Thu Dec 21 11:24:22 2023, length=4524608, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\Ezviz Studio\Uninstall Uninstall Ezviz Studio.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Apr 19 07:15:51 2024, mtime=Fri Apr 19 07:15:51 2024, atime=Fri Apr 19 07:15:34 2024, length=716570, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hicloud\update_server\Uninstall update_server.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Apr 19 07:16:07 2024, mtime=Fri Apr 19 07:16:07 2024, atime=Fri Apr 19 07:16:05 2024, length=706559, window=hide
dropped
C:\ProgramData\hik\log\update_server\SPUPDATE.log
ISO-8859 text, with CRLF, LF line terminators
dropped
C:\ProgramData\hik\log\update_server\default.log
ISO-8859 text, with CRLF, LF line terminators
dropped
C:\Users\Public\Desktop\Ezviz Studio.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Apr 19 07:15:51 2024, mtime=Fri Apr 19 07:16:03 2024, atime=Thu Dec 21 11:24:22 2023, length=4524608, window=hide
dropped
C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\ISTask.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_RegDLL.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-2VGCC.tmp\_isetup\_shfoldr.dll
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\ISTask.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_RegDLL.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-3IGQ5.tmp\_isetup\_shfoldr.dll
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
There are 448 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\hicloud\update_server\startUp.exe
"C:\Program Files (x86)\hicloud\update_server\startUp.exe"
 malicious
C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe
"C:\Program Files (x86)\hicloud\update_server\SPUpDateServer.exe"
malicious
C:\Program Files (x86)\hicloud\update_server\startUp.exe
"C:\Program Files (x86)\hicloud\update_server\startUp.exe"
malicious
C:\Users\user\Desktop\EzvizStudioSetups.exe
"C:\Users\user\Desktop\EzvizStudioSetups.exe"
C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp
"C:\Users\user\AppData\Local\Temp\is-8UC5Q.tmp\EzvizStudioSetups.tmp" /SL5="$2047E,46096349,63488,C:\Users\user\Desktop\EzvizStudioSetups.exe"
C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe
"C:\Program Files (x86)\Ezviz Studio\NpfDetectApp.exe" /q
C:\Program Files (x86)\Ezviz Studio\update_server.exe
"C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT
C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp
"C:\Users\user\AppData\Local\Temp\is-LVOEO.tmp\update_server.tmp" /SL5="$104C2,2352971,53760,C:\Program Files (x86)\Ezviz Studio\update_server.exe" /VERYSILENT
C:\Program Files (x86)\hicloud\update_server\ModProperties.exe
"C:\Program Files (x86)\hicloud\update_server\ModProperties.exe" update_server
C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe
"C:\Program Files (x86)\Ezviz Studio\EzvizStudio.exe"

URLs

Name
IP
Malicious
http://www.openssl.org/support/faq.html....................rbwb.rndC:HOMERANDFILEPRNG
unknown
https://api.ezvizlife.com/api/other/version/checksessionId=&clientType=9sessionId=&clientType=9https
unknown
http://trolltech.com/xml/features/report-whitespace-only-CharDataw
unknown
https://%1/friend/list.htmEv_MainFrameWidget::appOpenFriendList
unknown
http://www.openssl.org/V
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown
http://%s/statistics.do
unknown
https://api.ezvizlife.com/api/other/version/checkeAppender
unknown
http://Dump.ys7.com:10086/uploadDumpoleSy
unknown
https://api.ezvizlife.com/api/other/version/check)
unknown
https://%1%2_mobile.jpeg/image/DVR/1/image/IPC/11slotAddSearchDevice(const
unknown
https://api.ezvizlife.com/api/other/version/checkenderd
unknown
https://%1%2_mobile.jpeg
unknown
http://Dump.ys7.com:10086/uploadDump
unknown
http://%1/image/%2/1_mobile.jpeg_/image/DVR/1/image/IPC/1http://%1%2_0_1d
unknown
https://api.ezviz7.comet
unknown
http://www.openssl.org/support/faq.html
unknown
https://api.ezviz7.com
unknown
https://bpush.ys7.comhttps://push.ys7.comPushClient_register
unknown
https://mfs.ezvizlife.com/EzvizStudio_Small.exe
unknown
https://bpush.ys7.com
unknown
http://%s/statistics.doOperatorTaskThread::run
unknown
http://www.isapi.org/ver20/XMLSchema
unknown
https://api.ezvizlife.com/api/other/version/checknder
unknown
https://api.ezvizlife.com/api/other/version/checkppend.F
unknown
https://%1%2_mobile.jpeg/image/DVR/1/image/IPC/1
unknown
https://api.ezvizlife.com/api/other/version/checky
unknown
http://www.ezvizlife.com/
unknown
http://www.phreedom.org/md5)41UTN-USERFirst-Hardware72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0D
unknown
https://api.ezvizlife.com/api/other/version/checkq
unknown
http://%s/statistics.doDataUploadTaskThread::run
unknown
http://curl.haxx.se/V
unknown
https://%2_mobile.jpeghttps://http://:/ToolKit/image/default/Failed.png:/ToolKit/image/default/Faile
unknown
https://api.ezvizlife.com/api/other/version/checkle
unknown
http://curl.haxx.se/docs/copyright.htmlD
unknown
https://api.ezvizlife.com/api/other/version/checkpend
unknown
http:///assets/imgs/public/companyDevice_web.jpegx
unknown
http://bugreports.qt-project.org/
unknown
http://https://.jpg4
unknown
http://www.innosetup.com/
unknown
http://www.phreedom.org/md5)
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://ns.adobe.c
unknown
http://trolltech.com/xml/features/report-whitespace-only-CharDataC
unknown
http://www.ezviz7.com/help/device/connect.htmlNo
unknown
http://www.winimage.com/zLibDll1.2.6-rbfile
unknown
https://%1%2_mobile.jpeg/image/DVR/1/image/IPC/1Please
unknown
https://%1/friend/list.htm
unknown
http://www.symauth.com/cps0(
unknown
https://api.ezvizlife.com/api/other/version/checktternLayoutp
unknown
http://Dump.ys7.com:10086/uploadDumpSPUpDateServer_%sSetUnhandledExceptionFilter
unknown
https://api.ezvizlife.com/api/other/version/checka
unknown
http://curl.haxx.se/docs/http-cookies.html
unknown
https://%1%2_mobile.jpeg1slotDeviceAdd(const
unknown
http://www.winimage.com/zLibDllr
unknown
http://www.ezvizlife.com
unknown
http://logging.apache.org/log4j/codes.html#tbr_fnp_not_setThe
unknown
http://www.remobjects.com/psU
unknown
https://api.ezvizlife.com/api/other/version/check9
unknown
https://push.ys7.com
unknown
ftp://http://HTTP/1.0
unknown
http://www.symauth.com/rpa00
unknown
http://www.ezviz7.com/help/device/connect.html
unknown
https://api.ezvizlife.com/api/other/version/check
54.158.49.118
https://api.ezvizlife.com/api/other/version/check.Et.
unknown
http://%1/image/%2/1_mobile.jpeg
unknown
https://api.ezvizlife.comtrue
unknown
http://www.winimage.com/zLibDll
unknown
http://www.remobjects.com/ps
unknown
https://api.ezvizlife.com/api/other/version/checkI
unknown
http://bugreports.qt-project.org/QHttpNetworkConnectionChannel::_q_receiveReply()
unknown
https://api.ezvizlife.com
unknown
http://trolltech.com/xml/features/report-whitespace-only-CharData
unknown
https://api.ezvizlife.com/api/other/version/checkegion=J
unknown
https://api.ezvizlife.com/api/other/version/checkoutMcz
unknown
https://api.ezvizlife.com/api/other/version/checkegion=
unknown
https://api.ezviz7.comversionRespnewestVersionoption2updateUrloption1limitVersionsUpdateUrlsMd5inter
unknown
There are 67 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ezvizlife-portal-1078988341.us-east-1.elb.amazonaws.com
54.158.49.118
api.ezvizlife.com
unknown

IPs

IP
Domain
Country
Malicious
54.158.49.118
ezvizlife-portal-1078988341.us-east-1.elb.amazonaws.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\shipin7\Ezviz_client
InstallPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\shipin7\Ezviz_client
ClientType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\shipin7\Ezviz_client
ClientKey
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\shipin7\Ezviz_client
ClientVision
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
Inno Setup: Setup Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
Inno Setup: App Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
Inno Setup: Icon Group
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
Inno Setup: User
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
Inno Setup: Selected Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
Inno Setup: Deselected Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
QuietUninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{49DF99D3-BC81-439A-8F40-A0529159024C}_is1
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\sadp
NpfInstallResult
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\sadp
NpfInstallResult
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
SPUpDateServerrun
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\shipin7\shipin7_update_server
InstallPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\shipin7\shipin7_update_server
ClientType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\shipin7\shipin7_update_server
ClientVision
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\shipin7\shipin7_update_server
ClientKey
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
Inno Setup: Setup Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
Inno Setup: App Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
Inno Setup: Icon Group
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
Inno Setup: User
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
QuietUninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1
InstallDate
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Ezviz Studio\plugins\skins
DefaultSkin.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qgif4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qgif4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qico4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qico4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qjpeg4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qjpeg4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qmng4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qmng4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qsvg4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qsvg4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qtga4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qtga4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qtiff4.dll
HKEY_CURRENT_USER\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Ezviz Studio\plugins\imageformats
qtiff4.dll
There are 44 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
6EB0000
heap
page read and write
6AAAA000
unkown
page read and write
6A11000
heap
page read and write
C54000
heap
page read and write
6C260000
unkown
page readonly
13B0000
heap
page read and write
2E76000
heap
page read and write
1A9B000
heap
page read and write
464E000
stack
page read and write
2880000
heap
page read and write
2360000
direct allocation
page read and write
813E000
stack
page read and write
69EC8000
unkown
page readonly
69BAD000
unkown
page readonly
3AEE000
stack
page read and write
DB0000
trusted library allocation
page read and write
149E000
stack
page read and write
2E76000
heap
page read and write
6CE80000
unkown
page readonly
6F7C1000
unkown
page execute read
2861000
heap
page read and write
12C7000
unkown
page read and write
2E76000
heap
page read and write
79FE000
stack
page read and write
6EA7000
heap
page read and write
6999D000
unkown
page readonly
6C2D2000
unkown
page read and write
3B40000
trusted library allocation
page read and write
6BA60000
unkown
page readonly
4DB0000
unkown
page read and write
2E76000
heap
page read and write
6B61C000
unkown
page read and write
3E2E000
stack
page read and write
214000
unkown
page readonly
8BF1000
heap
page read and write
8CA9000
heap
page read and write
67E86000
unkown
page readonly
8ECB000
heap
page read and write
6C3E2000
unkown
page write copy
696D4000
unkown
page readonly
11AE000
stack
page read and write
660000
heap
page read and write
2861000
heap
page read and write
EBE000
heap
page read and write
6C721000
unkown
page execute read
2861000
heap
page read and write
1F4000
heap
page read and write
401000
unkown
page execute read
2E38000
heap
page read and write
C54000
heap
page read and write
8CEA000
heap
page read and write
2E69000
heap
page read and write
9B0000
heap
page read and write
9B0000
unkown
page readonly
680000
heap
page read and write
55E000
stack
page read and write
7C3F000
stack
page read and write
964F000
trusted library allocation
page read and write
66ED000
stack
page read and write
6C440000
unkown
page readonly
F31000
unkown
page execute read
135F000
stack
page read and write
3412000
direct allocation
page read and write
2770000
heap
page read and write
F6A000
heap
page read and write
2E6F000
heap
page read and write
6CA000
heap
page read and write
69FF000
heap
page read and write
A4D7000
heap
page read and write
9210000
direct allocation
page read and write
8C37000
heap
page read and write
C54000
heap
page read and write
4A9E000
unkown
page readonly
2E76000
heap
page read and write
697FA000
unkown
page readonly
682B000
unkown
page readonly
2E76000
heap
page read and write
6D29000
unkown
page read and write
695A0000
unkown
page readonly
83E0000
heap
page read and write
34EE000
heap
page read and write
C54000
heap
page read and write
229C000
direct allocation
page read and write
67DEF000
unkown
page write copy
2861000
heap
page read and write
3A9E000
stack
page read and write
6964A000
unkown
page read and write
8E3000
heap
page read and write
2E76000
heap
page read and write
40B000
unkown
page read and write
67B0F000
unkown
page read and write
696D1000
unkown
page execute read
6F7C8000
unkown
page readonly
2DC0000
heap
page read and write
2861000
heap
page read and write
17E1000
unkown
page execute read
AFD000
stack
page read and write
6AA60000
unkown
page readonly
69064000
unkown
page readonly
6B960000
unkown
page readonly
79BE000
stack
page read and write
4B59000
unkown
page read and write
6EA0000
heap
page read and write
99EE000
stack
page read and write
695A1000
unkown
page execute read
494000
unkown
page write copy
24E0000
direct allocation
page read and write
4DA3000
unkown
page readonly
1170000
heap
page read and write
1338000
unkown
page write copy
6896000
heap
page read and write
2E76000
heap
page read and write
2861000
heap
page read and write
6BA48000
unkown
page read and write
902F000
stack
page read and write
210000
unkown
page readonly
6C2AF000
unkown
page read and write
4E40000
heap
page read and write
7EBF000
stack
page read and write
6F86A000
unkown
page readonly
34D8000
heap
page read and write
4711000
unkown
page execute read
67D41000
unkown
page execute read
6BA05000
unkown
page readonly
2861000
heap
page read and write
2861000
heap
page read and write
6B50B000
unkown
page readonly
9AEF000
stack
page read and write
3B9F000
stack
page read and write
8B66000
heap
page read and write
372F000
stack
page read and write
8CB8000
heap
page read and write
224C000
direct allocation
page read and write
6AA34000
unkown
page readonly
2248000
direct allocation
page read and write
6A0C000
heap
page read and write
8316000
heap
page read and write
3C2E000
stack
page read and write
52B5000
heap
page read and write
3CDC000
stack
page read and write
3526000
direct allocation
page read and write
E8E000
stack
page read and write
697AC000
unkown
page readonly
600000
heap
page read and write
212000
unkown
page readonly
2E76000
heap
page read and write
2274000
direct allocation
page read and write
3A58000
heap
page read and write
91AE000
unkown
page readonly
69D67000
unkown
page readonly
4AEC000
unkown
page readonly
2E20000
heap
page read and write
4C66000
unkown
page read and write
6CF80000
unkown
page readonly
9051000
unkown
page execute read
3A41000
heap
page read and write
68FEE000
unkown
page readonly
3B9E000
stack
page read and write
696C2000
unkown
page read and write
2E76000
heap
page read and write
19F0000
heap
page read and write
2E84000
heap
page read and write
EFC000
stack
page read and write
2861000
heap
page read and write
2E89000
heap
page read and write
2290000
direct allocation
page read and write
400000
unkown
page readonly
2258000
direct allocation
page read and write
E4E000
stack
page read and write
601B000
unkown
page read and write
6AA41000
unkown
page execute read
51DF000
heap
page read and write
2E76000
heap
page read and write
5281000
heap
page read and write
85B7000
heap
page read and write
2861000
heap
page read and write
3C9E000
stack
page read and write
4FEB000
heap
page read and write
40B000
unkown
page read and write
2130000
direct allocation
page read and write
20B8000
direct allocation
page read and write
5EE000
heap
page read and write
6CE6B000
unkown
page readonly
3A41000
heap
page read and write
64E0000
heap
page read and write
2E89000
heap
page read and write
327E000
stack
page read and write
2E89000
heap
page read and write
DA0000
heap
page read and write
676000
heap
page read and write
2861000
heap
page read and write
2E76000
heap
page read and write
9092000
unkown
page read and write
69FD9000
unkown
page read and write
69FFA000
unkown
page readonly
2E89000
heap
page read and write
2E20000
heap
page read and write
2E89000
heap
page read and write
2E76000
heap
page read and write
6C63B000
unkown
page write copy
D98000
unkown
page readonly
2E89000
heap
page read and write
D51000
unkown
page execute read
4C0000
heap
page read and write
6A6E9000
unkown
page read and write
2861000
heap
page read and write
4B54000
unkown
page read and write
6CE07000
unkown
page readonly
8E8C000
heap
page read and write
2861000
heap
page read and write
6CF81000
unkown
page execute read
214000
unkown
page readonly
6F7C0000
unkown
page readonly
9D6E000
stack
page read and write
17C8000
unkown
page readonly
6905F000
unkown
page readonly
694AD000
unkown
page readonly
2E76000
heap
page read and write
401000
unkown
page execute read
22A4000
direct allocation
page read and write
113E000
stack
page read and write
6C8B1000
unkown
page execute read
C54000
heap
page read and write
61C0000
heap
page read and write
6060000
heap
page read and write
FF0000
heap
page read and write
2861000
heap
page read and write
34DA000
heap
page read and write
2861000
heap
page read and write
2E4C000
heap
page read and write
3110000
direct allocation
page read and write
1F4000
heap
page read and write
2E76000
heap
page read and write
521E000
stack
page read and write
2E89000
heap
page read and write
176F000
unkown
page readonly
69671000
unkown
page execute read
22A0000
direct allocation
page read and write
2E76000
heap
page read and write
9E0000
heap
page read and write
1360000
heap
page read and write
645000
heap
page read and write
69046000
unkown
page readonly
6C8CD000
unkown
page readonly
9B8000
unkown
page readonly
34EF000
direct allocation
page read and write
8FF000
stack
page read and write
2E76000
heap
page read and write
69670000
unkown
page readonly
69675000
unkown
page readonly
6A31A000
unkown
page read and write
69068000
unkown
page readonly
4C00000
unkown
page readonly
2E76000
heap
page read and write
2D80000
heap
page read and write
67C1D000
unkown
page read and write
2E76000
heap
page read and write
6CE7B000
unkown
page readonly
2110000
direct allocation
page read and write
2861000
heap
page read and write
67ED0000
unkown
page read and write
2861000
heap
page read and write
6AAB0000
unkown
page readonly
934E000
stack
page read and write
61C000
heap
page read and write
8A1B000
heap
page read and write
4ED0000
heap
page read and write
3BEE000
stack
page read and write
8BC6000
heap
page read and write
401000
unkown
page execute read
6AAA7000
unkown
page readonly
68B6000
heap
page read and write
3A41000
heap
page read and write
3A41000
heap
page read and write
2861000
heap
page read and write
121E000
heap
page read and write
C50000
heap
page read and write
1220000
heap
page read and write
7EFE000
stack
page read and write
2E76000
heap
page read and write
2861000
heap
page read and write
4E10000
heap
page read and write
697B2000
unkown
page readonly
2861000
heap
page read and write
2E88000
heap
page read and write
69CE6000
unkown
page readonly
61D000
heap
page read and write
5280000
heap
page read and write
2E89000
heap
page read and write
81F000
stack
page read and write
345D000
heap
page read and write
2E76000
heap
page read and write
C54000
heap
page read and write
8C4B000
heap
page read and write
8290000
heap
page read and write
3A41000
heap
page read and write
6A108000
unkown
page read and write
9450000
heap
page read and write
2E89000
heap
page read and write
6C413000
unkown
page readonly
1253000
heap
page read and write
2E76000
heap
page read and write
EE5000
heap
page read and write
6C261000
unkown
page execute read
C54000
heap
page read and write
227C000
direct allocation
page read and write
2861000
heap
page read and write
6F873000
unkown
page read and write
2E76000
heap
page read and write
4B49000
unkown
page write copy
2B9CF000
heap
page read and write
6830000
heap
page read and write
D96000
stack
page read and write
22B1000
direct allocation
page read and write
8C64000
heap
page read and write
11AA000
heap
page read and write
39AE000
stack
page read and write
6041000
unkown
page execute read
181E000
unkown
page read and write
6CE40000
unkown
page readonly
6970D000
unkown
page readonly
5EE000
stack
page read and write
6CF20000
unkown
page readonly
880B000
heap
page read and write
69731000
unkown
page execute read
2128000
direct allocation
page read and write
C54000
heap
page read and write
69F81000
unkown
page execute read
3A41000
heap
page read and write
6B60F000
unkown
page read and write
2250000
heap
page read and write
73BE000
stack
page read and write
400000
unkown
page readonly
10045000
unkown
page read and write
2E84000
heap
page read and write
2C30000
heap
page read and write
4BD2000
unkown
page read and write
A4EF000
heap
page read and write
6F7CB000
unkown
page readonly
6C45C000
unkown
page read and write
52DF000
heap
page read and write
496000
unkown
page read and write
34E6000
heap
page read and write
2E1E000
heap
page read and write
11B1000
unkown
page execute read
2E89000
heap
page read and write
20B1000
direct allocation
page read and write
8CE5000
heap
page read and write
68FC8000
unkown
page readonly
2E76000
heap
page read and write
2B9E7000
heap
page read and write
697D7000
unkown
page read and write
3D2F000
stack
page read and write
6AA59000
unkown
page read and write
34CC000
heap
page read and write
6B607000
unkown
page read and write
AE1000
unkown
page execute read
2E76000
heap
page read and write
133B000
unkown
page read and write
6902F000
unkown
page readonly
2140000
direct allocation
page read and write
2E89000
heap
page read and write
2E76000
heap
page read and write
2E15000
heap
page read and write
2264000
direct allocation
page read and write
2E8A000
heap
page read and write
22B0000
heap
page read and write
6B60D000
unkown
page write copy
1003A000
unkown
page readonly
510000
heap
page read and write
4CF7000
heap
page read and write
2E89000
heap
page read and write
120C000
heap
page read and write
2861000
heap
page read and write
6901B000
unkown
page readonly
322C000
stack
page read and write
C54000
heap
page read and write
680000
direct allocation
page execute and read and write
4E20000
heap
page read and write
EBA000
heap
page read and write
6C3E3000
unkown
page read and write
6260000
unkown
page readonly
2B9C3000
heap
page read and write
226C000
direct allocation
page read and write
2861000
heap
page read and write
2E76000
heap
page read and write
11F2000
unkown
page readonly
4ED7000
heap
page read and write
91AC000
unkown
page read and write
69666000
unkown
page readonly
6AA61000
unkown
page execute read
142A000
unkown
page readonly
697E1000
unkown
page execute read
6F851000
unkown
page execute read
92D000
heap
page read and write
67910000
unkown
page readonly
85F3000
heap
page read and write
8758000
heap
page read and write
DE0000
heap
page read and write
1822000
unkown
page readonly
2E88000
heap
page read and write
16B0000
unkown
page readonly
2861000
heap
page read and write
6CF98000
unkown
page readonly
5EFE000
stack
page read and write
A9E000
stack
page read and write
9C2F000
stack
page read and write
68FF4000
unkown
page readonly
C54000
heap
page read and write
625A000
stack
page read and write
6AA67000
unkown
page readonly
834000
heap
page read and write
2861000
heap
page read and write
69741000
unkown
page execute read
2E89000
heap
page read and write
6CE000
heap
page read and write
6A0E1000
unkown
page execute read
C53000
unkown
page readonly
2E76000
heap
page read and write
543F000
stack
page read and write
6C441000
unkown
page execute read
679C9000
unkown
page readonly
14F5000
heap
page read and write
6CF30000
unkown
page readonly
341D000
direct allocation
page read and write
9B1000
unkown
page execute read
2861000
heap
page read and write
6C421000
unkown
page execute read
22B8000
direct allocation
page read and write
2861000
heap
page read and write
4FDF000
stack
page read and write
6051000
unkown
page read and write
3A41000
heap
page read and write
6A6EB000
unkown
page read and write
133E000
unkown
page readonly
4D0000
heap
page read and write
C50000
unkown
page readonly
6AA98000
unkown
page readonly
4AD9000
unkown
page readonly
2861000
heap
page read and write
3A41000
heap
page read and write
6C84D000
unkown
page read and write
B33000
stack
page read and write
6B616000
unkown
page read and write
C54000
heap
page read and write
4BDE000
unkown
page readonly
6DCB000
unkown
page readonly
6A102000
unkown
page read and write
4C67000
unkown
page write copy
68FD2000
unkown
page readonly
2E89000
heap
page read and write
C54000
heap
page read and write
1296000
heap
page read and write
3A41000
heap
page read and write
59E000
stack
page read and write
688E1000
unkown
page execute read
6C643000
unkown
page readonly
4FE7000
heap
page read and write
4BC9000
unkown
page read and write
3670000
heap
page read and write
69FB8000
unkown
page readonly
6E7E000
stack
page read and write
20A0000
direct allocation
page read and write
697B1000
unkown
page read and write
2861000
heap
page read and write
3DDF000
stack
page read and write
40AE000
stack
page read and write
103D000
stack
page read and write
1A7E000
stack
page read and write
69660000
unkown
page readonly
211000
unkown
page execute read
2861000
heap
page read and write
2E76000
heap
page read and write
817E000
stack
page read and write
2E76000
heap
page read and write
69DFA000
unkown
page readonly
3A41000
heap
page read and write
56C0000
trusted library allocation
page read and write
2C31000
heap
page read and write
F31000
unkown
page execute read
8CBB000
heap
page read and write
8CA7000
heap
page read and write
401000
unkown
page execute read
3A41000
heap
page read and write
2354000
heap
page read and write
6C454000
unkown
page readonly
696E0000
unkown
page readonly
2861000
heap
page read and write
9BC000
unkown
page readonly
8AA000
heap
page read and write
6C2D5000
unkown
page readonly
C54000
heap
page read and write
3B40000
heap
page read and write
6B840000
unkown
page readonly
4C68000
unkown
page read and write
6B30B000
unkown
page readonly
3A41000
heap
page read and write
9B000
stack
page read and write
1F4000
heap
page read and write
69055000
unkown
page readonly
3026000
stack
page read and write
8AC5000
heap
page read and write
6CF91000
unkown
page readonly
34F6000
heap
page read and write
2E76000
heap
page read and write
2E89000
heap
page read and write
2E76000
heap
page read and write
40D000
unkown
page write copy
69F76000
unkown
page read and write
69680000
unkown
page readonly
8C23000
heap
page read and write
A3C000
stack
page read and write
6BA4C000
unkown
page readonly
2861000
heap
page read and write
2E89000
heap
page read and write
1338000
unkown
page write copy
313F000
stack
page read and write
1540000
unkown
page readonly
777E000
stack
page read and write
2E76000
heap
page read and write
2148000
direct allocation
page read and write
18C000
stack
page read and write
82A0000
heap
page read and write
3030000
heap
page read and write
6D51000
unkown
page execute read
340D000
direct allocation
page read and write
8A18000
heap
page read and write
60964000
unkown
page read and write
2E76000
heap
page read and write
682A000
unkown
page read and write
8CA000
heap
page read and write
33EE000
stack
page read and write
6CC1000
unkown
page execute read
9BC000
unkown
page readonly
420000
heap
page read and write
332E000
stack
page read and write
71E000
stack
page read and write
E0E000
heap
page read and write
9BA000
unkown
page write copy
302E000
stack
page read and write
396F000
stack
page read and write
4A6000
unkown
page readonly
AE6000
unkown
page readonly
C54000
heap
page read and write
2F20000
heap
page read and write
8EB6000
heap
page read and write
67EE0000
unkown
page readonly
3424000
heap
page read and write
773E000
stack
page read and write
1990000
heap
page read and write
6A8D5000
unkown
page read and write
D70000
heap
page read and write
2861000
heap
page read and write
8F5000
heap
page read and write
8F2C000
stack
page read and write
C54000
heap
page read and write
2260000
heap
page read and write
1190000
heap
page read and write
142F000
unkown
page read and write
2E77000
heap
page read and write
6D1E000
unkown
page write copy
9B1000
unkown
page execute read
10AF000
stack
page read and write
6823000
unkown
page readonly
2850000
heap
page read and write
2E76000
heap
page read and write
8B29000
heap
page read and write
2861000
heap
page read and write
6A0000
heap
page read and write
400000
unkown
page readonly
6901F000
unkown
page readonly
10000000
unkown
page readonly
69001000
unkown
page readonly
6B619000
unkown
page read and write
2861000
heap
page read and write
827F000
stack
page read and write
400000
unkown
page readonly
601C000
unkown
page readonly
6A30C000
unkown
page write copy
8919000
heap
page read and write
8702000
heap
page read and write
67ECF000
unkown
page write copy
C54000
heap
page read and write
88A3000
heap
page read and write
63A8000
unkown
page read and write
52EA000
heap
page read and write
6BAE000
stack
page read and write
494000
unkown
page read and write
695E000
heap
page read and write
67F1000
unkown
page execute read
214000
unkown
page readonly
6C569000
unkown
page read and write
64E6000
heap
page read and write
135E000
stack
page read and write
6A0FD000
unkown
page readonly
2E89000
heap
page read and write
C54000
heap
page read and write
66E8000
stack
page read and write
8CB1000
heap
page read and write
6C60C000
unkown
page readonly
2E00000
heap
page read and write
694A5000
unkown
page read and write
6BA61000
unkown
page execute read
3739000
direct allocation
page read and write
4CDE000
stack
page read and write
69730000
unkown
page readonly
62E000
stack
page read and write
604F000
unkown
page readonly
74FE000
stack
page read and write
50DE000
stack
page read and write
4AD2000
unkown
page readonly
3A41000
heap
page read and write
2861000
heap
page read and write
B8C000
stack
page read and write
2E24000
heap
page read and write
11AE000
heap
page read and write
2861000
heap
page read and write
78BD000
stack
page read and write
1D0000
heap
page read and write
6C814000
unkown
page readonly
411000
unkown
page readonly
91E0000
heap
page read and write
4D51000
unkown
page execute read
3A41000
heap
page read and write
3A41000
heap
page read and write
DD0000
heap
page read and write
8C1F000
heap
page read and write
2B981000
heap
page read and write
2EDE000
stack
page read and write
C9C000
stack
page read and write
2E89000
heap
page read and write
6904B000
unkown
page readonly
69777000
unkown
page readonly
644D000
stack
page read and write
411000
unkown
page readonly
7FFF000
stack
page read and write
DE7000
heap
page read and write
1A97000
heap
page read and write
7C0000
heap
page read and write
2861000
heap
page read and write
9B8000
unkown
page readonly
2E69000
heap
page read and write
34C1000
heap
page read and write
69C7E000
unkown
page readonly
696D7000
unkown
page readonly
2280000
direct allocation
page read and write
2E89000
heap
page read and write
2861000
heap
page read and write
6C2B0000
unkown
page readonly
2861000
heap
page read and write
4CFD000
heap
page read and write
22A0000
direct allocation
page read and write
8C7F000
heap
page read and write
69023000
unkown
page readonly
6DDB000
unkown
page read and write
2E76000
heap
page read and write
401000
unkown
page execute read
8F4000
heap
page read and write
6D13000
unkown
page readonly
2150000
direct allocation
page read and write
1204000
heap
page read and write
4B50000
unkown
page write copy
2E89000
heap
page read and write
EF3000
heap
page read and write
6C3E5000
unkown
page write copy
400000
unkown
page readonly
40D000
unkown
page write copy
21D0000
heap
page read and write
3A41000
heap
page read and write
6CD90000
unkown
page readonly
1F4000
heap
page read and write
68FD8000
unkown
page readonly
386E000
unkown
page read and write
6C3FE000
unkown
page readonly
2861000
heap
page read and write
215C000
direct allocation
page read and write
AE3000
unkown
page readonly
2E76000
heap
page read and write
4DB9000
unkown
page read and write
82F0000
heap
page read and write
6CE92000
unkown
page read and write
67ED1000
unkown
page readonly
4A6000
unkown
page readonly
69681000
unkown
page execute read
3A60000
heap
page read and write
2E76000
heap
page read and write
6AA29000
unkown
page readonly
6F96B000
unkown
page readonly
A4F5000
heap
page read and write
6A311000
unkown
page write copy
2E76000
heap
page read and write
1F4000
heap
page read and write
6A2A4000
unkown
page readonly
FF4000
heap
page read and write
3130000
direct allocation
page read and write
4B4A000
unkown
page read and write
696E1000
unkown
page execute read
6053000
unkown
page readonly
2E89000
heap
page read and write
2E89000
heap
page read and write
6C848000
unkown
page write copy
6903A000
unkown
page readonly
69012000
unkown
page readonly
9E5000
heap
page read and write
2E89000
heap
page read and write
3A41000
heap
page read and write
C54000
heap
page read and write
6A811000
unkown
page execute read
7C7E000
stack
page read and write
D20000
heap
page read and write
5E0000
heap
page read and write
2260000
direct allocation
page read and write
2861000
heap
page read and write
1411000
unkown
page execute read
697C0000
unkown
page readonly
902C000
stack
page read and write
8EAE000
heap
page read and write
4DC1000
unkown
page readonly
C54000
heap
page read and write
6C432000
unkown
page readonly
7DBE000
stack
page read and write
317E000
stack
page read and write
526E000
heap
page read and write
BA0000
heap
page read and write
70FE000
stack
page read and write
BF0000
heap
page read and write
2861000
heap
page read and write
2E76000
heap
page read and write
430000
heap
page read and write
2E76000
heap
page read and write
400000
unkown
page readonly
C54000
heap
page read and write
8C55000
heap
page read and write
2870000
heap
page read and write
5EA000
heap
page read and write
69006000
unkown
page readonly
67D40000
unkown
page readonly
8CA3000
heap
page read and write
2154000
direct allocation
page read and write
3A41000
heap
page read and write
2861000
heap
page read and write
51C8000
heap
page read and write
34FE000
stack
page read and write
B10000
heap
page read and write
2861000
heap
page read and write
6C8A1000
unkown
page readonly
2E76000
heap
page read and write
27F0000
trusted library allocation
page read and write
2E88000
heap
page read and write
5138000
heap
page read and write
4DAE000
unkown
page write copy
C54000
heap
page read and write
6C3E7000
unkown
page read and write
68EB6000
unkown
page readonly
211000
unkown
page execute read
4C78000
unkown
page readonly
8B07000
heap
page read and write
2861000
heap
page read and write
2E89000
heap
page read and write
697C1000
unkown
page execute read
4BDD000
unkown
page write copy
2E76000
heap
page read and write
6261000
unkown
page execute read
3F6E000
stack
page read and write
11B0000
unkown
page readonly
4710000
unkown
page readonly
8FA000
heap
page read and write
2E89000
heap
page read and write
2350000
heap
page read and write
6C871000
unkown
page execute read
2240000
direct allocation
page read and write
2E76000
heap
page read and write
52A3000
heap
page read and write
3885000
direct allocation
page read and write
F30000
unkown
page readonly
6A810000
unkown
page readonly
697E0000
unkown
page readonly
6E20000
heap
page read and write
19D000
stack
page read and write
EFD000
stack
page read and write
67911000
unkown
page execute read
527F000
stack
page read and write
345D000
heap
page read and write
C54000
heap
page read and write
E4F000
heap
page read and write
C54000
heap
page read and write
2E76000
heap
page read and write
13AF000
stack
page read and write
2E76000
heap
page read and write
2861000
heap
page read and write
2E36000
heap
page read and write
4EDD000
heap
page read and write
A4F9000
heap
page read and write
3D2E000
stack
page read and write
69D0000
heap
page read and write
669000
heap
page read and write
3466000
heap
page read and write
8280000
heap
page read and write
AF6000
stack
page read and write
51DE000
stack
page read and write
8BBC000
heap
page read and write
3A41000
heap
page read and write
3426000
direct allocation
page read and write
6C2C0000
unkown
page readonly
67EF000
stack
page read and write
6905A000
unkown
page readonly
8CA5000
heap
page read and write
2E84000
heap
page read and write
2248000
direct allocation
page read and write
4AE1000
unkown
page readonly
6377000
unkown
page readonly
F40000
heap
page read and write
4DB4000
unkown
page read and write
2E89000
heap
page read and write
327B000
direct allocation
page read and write
AE0000
unkown
page readonly
2861000
heap
page read and write
13B0000
heap
page read and write
210000
unkown
page readonly
C54000
heap
page read and write
6C1ED000
unkown
page readonly
2861000
heap
page read and write
6C2CF000
unkown
page readonly
2E76000
heap
page read and write
6C8B0000
unkown
page readonly
212000
unkown
page readonly
2C20000
heap
page read and write
787E000
stack
page read and write
8AFF000
heap
page read and write
4B47000
unkown
page read and write
6CF36000
unkown
page readonly
3A6F000
stack
page read and write
14F0000
heap
page read and write
2E22000
heap
page read and write
6AA8F000
unkown
page readonly
301D000
stack
page read and write
3A41000
heap
page read and write
960000
heap
page read and write
11A0000
heap
page read and write
A4EC000
heap
page read and write
3A41000
heap
page read and write
6C2C1000
unkown
page execute read
4C45000
unkown
page readonly
69776000
unkown
page read and write
2861000
heap
page read and write
2164000
direct allocation
page read and write
69F78000
unkown
page readonly
3A40000
heap
page read and write
6B5EA000
unkown
page write copy
8EB000
heap
page read and write
52D8000
heap
page read and write
498000
unkown
page write copy
4D40000
heap
page read and write
69F80000
unkown
page readonly
60901000
unkown
page execute read
C54000
heap
page read and write
3A41000
heap
page read and write
4A6000
unkown
page readonly
6AAA0000
unkown
page readonly
2E69000
heap
page read and write
69BA1000
unkown
page readonly
2E76000
heap
page read and write
411000
unkown
page readonly
63B6000
unkown
page readonly
6B609000
unkown
page write copy
2E28000
heap
page read and write
2E89000
heap
page read and write
2C25000
heap
page read and write
6C38F000
unkown
page readonly
2861000
heap
page read and write
6AA70000
unkown
page readonly
1F4000
heap
page read and write
679FC000
unkown
page write copy
6A111000
unkown
page execute read
6C38B000
unkown
page execute read
20A4000
direct allocation
page read and write
8E4000
heap
page read and write
3A41000
heap
page read and write
6CE81000
unkown
page execute read
19D0000
heap
page read and write
2875000
heap
page read and write
2861000
heap
page read and write
3769000
direct allocation
page read and write
8BD3000
heap
page read and write
3A41000
heap
page read and write
2861000
heap
page read and write
401000
unkown
page execute read
4AF3000
unkown
page readonly
2294000
direct allocation
page read and write
944E000
stack
page read and write
6AA01000
unkown
page execute read
C54000
heap
page read and write
895D000
heap
page read and write
2E3C000
heap
page read and write
BF0000
heap
page read and write
4A6000
unkown
page readonly
695D0000
unkown
page readonly
8CB3000
heap
page read and write
C54000
heap
page read and write
F2E000
stack
page read and write
2E77000
heap
page read and write
C54000
heap
page read and write
6903F000
unkown
page readonly
60E000
heap
page read and write
E32000
heap
page read and write
C54000
heap
page read and write
6FFE000
stack
page read and write
C54000
heap
page read and write
2E76000
heap
page read and write
6C1E0000
unkown
page read and write
2E70000
heap
page read and write
68FCC000
unkown
page readonly
10001000
unkown
page execute read
3FAE000
stack
page read and write
7FF000
stack
page read and write
94A000
stack
page read and write
1410000
unkown
page readonly
8DC000
heap
page read and write
EF6000
stack
page read and write
6D50000
unkown
page readonly
3BDC000
stack
page read and write
676000
heap
page read and write
3110000
direct allocation
page read and write
2E76000
heap
page read and write
2270000
direct allocation
page read and write
3BAE000
stack
page read and write
8953000
heap
page read and write
2861000
heap
page read and write
6B6E000
stack
page read and write
6A0E0000
unkown
page readonly
396E000
stack
page read and write
2E76000
heap
page read and write
74BF000
stack
page read and write
4B57000
unkown
page write copy
494000
unkown
page read and write
69665000
unkown
page read and write
65EF000
stack
page read and write
10045000
unkown
page readonly
60962000
unkown
page write copy
22B4000
direct allocation
page read and write
3A41000
heap
page read and write
622000
heap
page read and write
1F4000
heap
page read and write
7AC000
stack
page read and write
5B0000
heap
page read and write
1F4000
heap
page read and write
85EF000
heap
page read and write
6C8C4000
unkown
page readonly
1812000
unkown
page readonly
2E76000
heap
page read and write
6994000
heap
page read and write
3B40000
trusted library allocation
page read and write
468E000
stack
page read and write
67F0000
unkown
page readonly
F50000
heap
page read and write
69678000
unkown
page readonly
2E76000
heap
page read and write
2E76000
heap
page read and write
3415000
direct allocation
page read and write
2E76000
heap
page read and write
2B940000
heap
page read and write
696D6000
unkown
page read and write
69664000
unkown
page readonly
1F4000
heap
page read and write
4C6C000
unkown
page write copy
8AF7000
heap
page read and write
2E89000
heap
page read and write
4D50000
unkown
page readonly
8EC6000
heap
page read and write
227A000
direct allocation
page read and write
2861000
heap
page read and write
7AFE000
stack
page read and write
2861000
heap
page read and write
C54000
heap
page read and write
3940000
direct allocation
page read and write
6B888000
unkown
page readonly
6CF11000
unkown
page readonly
6AA71000
unkown
page execute read
68AEA000
unkown
page readonly
2861000
heap
page read and write
139E000
stack
page read and write
37E5000
direct allocation
page read and write
34F2000
heap
page read and write
6B31A000
unkown
page readonly
3CEE000
stack
page read and write
4B65000
unkown
page read and write
2CF0000
direct allocation
page read and write
6CE79000
unkown
page read and write
2E6D000
heap
page read and write
3D4E000
stack
page read and write
214000
unkown
page readonly
6C2E1000
unkown
page execute read
EFB000
stack
page read and write
9204000
heap
page read and write
6CF35000
unkown
page read and write
34E4000
heap
page read and write
2144000
direct allocation
page read and write
34F0000
heap
page read and write
697C8000
unkown
page read and write
6AA45000
unkown
page read and write
8BE4000
heap
page read and write
2861000
heap
page read and write
6C897000
unkown
page readonly
8D5C000
heap
page read and write
F30000
unkown
page readonly
E00000
heap
page read and write
AE0000
unkown
page readonly
2861000
heap
page read and write
2E76000
heap
page read and write
35D8000
direct allocation
page read and write
8DF8000
heap
page read and write
6F7CA000
unkown
page read and write
17E0000
unkown
page readonly
8CAC000
heap
page read and write
2E76000
heap
page read and write
69677000
unkown
page read and write
C54000
heap
page read and write
139F000
stack
page read and write
75FE000
stack
page read and write
C54000
heap
page read and write
697D5000
unkown
page readonly
2861000
heap
page read and write
8C0E000
heap
page read and write
2E3E000
heap
page read and write
2E76000
heap
page read and write
2861000
heap
page read and write
6C411000
unkown
page execute read
8EB000
heap
page read and write
C51000
unkown
page execute read
69F74000
unkown
page readonly
6A7FC000
unkown
page readonly
517C000
stack
page read and write
697D1000
unkown
page execute read
6A416000
unkown
page read and write
A4B0000
heap
page read and write
6B961000
unkown
page execute read
8EBC000
heap
page read and write
69781000
unkown
page execute read
2861000
heap
page read and write
713E000
stack
page read and write
2E76000
heap
page read and write
2E76000
heap
page read and write
6C2D4000
unkown
page write copy
2861000
heap
page read and write
2E76000
heap
page read and write
2861000
heap
page read and write
D2A000
heap
page read and write
2861000
heap
page read and write
AE3000
unkown
page readonly
2861000
heap
page read and write
61F000
heap
page read and write
6C296000
unkown
page readonly
6256000
stack
page read and write
695BA000
unkown
page read and write
2E89000
heap
page read and write
644000
heap
page read and write
9312000
heap
page read and write
362E000
stack
page read and write
763E000
stack
page read and write
695BE000
unkown
page readonly
2861000
heap
page read and write
6C415000
unkown
page readonly
67E01000
unkown
page execute read
9B0000
unkown
page readonly
10001000
unkown
page execute read
4B4C000
unkown
page read and write
8B8F000
heap
page read and write
401000
unkown
page execute read
1F0000
heap
page read and write
82FD000
heap
page read and write
D9B000
stack
page read and write
7D7E000
stack
page read and write
40B000
unkown
page write copy
6AA57000
unkown
page readonly
2861000
heap
page read and write
392F000
stack
page read and write
6902A000
unkown
page readonly
6AA5A000
unkown
page readonly
674000
heap
page read and write
2FDE000
stack
page read and write
470F000
stack
page read and write
A4F7000
heap
page read and write
FF4000
heap
page read and write
3A41000
heap
page read and write
67DF4000
unkown
page readonly
401000
unkown
page execute read
6BFD3000
unkown
page readonly
2E76000
heap
page read and write
18F000
stack
page read and write
6CF95000
unkown
page read and write
2170000
direct allocation
page read and write
696D0000
unkown
page readonly
153D000
unkown
page read and write
55E000
stack
page read and write
2E6D000
heap
page read and write
697E4000
unkown
page execute read
8C12000
heap
page read and write
4B4D000
unkown
page write copy
2E89000
heap
page read and write
6C640000
unkown
page read and write
3A41000
heap
page read and write
3130000
direct allocation
page read and write
1008000
heap
page read and write
D72000
heap
page read and write
2861000
heap
page read and write
FF4000
heap
page read and write
6CF97000
unkown
page write copy
C54000
heap
page read and write
68FDB000
unkown
page readonly
8CAF000
heap
page read and write
8A0000
heap
page read and write
6C852000
unkown
page readonly
3AAE000
stack
page read and write
6A6E000
stack
page read and write
6AAB1000
unkown
page execute read
2E76000
heap
page read and write
17BF000
unkown
page read and write
C54000
heap
page read and write
6A9E5000
unkown
page read and write
FD0000
heap
page read and write
2360000
direct allocation
page read and write
498000
unkown
page write copy
2117000
direct allocation
page read and write
22B0000
direct allocation
page read and write
60960000
unkown
page read and write
4CF0000
heap
page read and write
2E76000
heap
page read and write
A4E9000
heap
page read and write
FF4000
heap
page read and write
C54000
heap
page read and write
6C0000
heap
page read and write
2268000
direct allocation
page read and write
2861000
heap
page read and write
B90000
heap
page read and write
6490000
heap
page read and write
CF2000
stack
page read and write
6D24000
unkown
page read and write
69721000
unkown
page readonly
52D5000
heap
page read and write
4FE0000
heap
page read and write
F6E000
heap
page read and write
6AA97000
unkown
page read and write
68FC4000
unkown
page readonly
5F9D000
stack
page read and write
723E000
stack
page read and write
6C42D000
unkown
page readonly
216C000
direct allocation
page read and write
302A000
stack
page read and write
2861000
heap
page read and write
3E6E000
stack
page read and write
9050000
unkown
page readonly
60965000
unkown
page write copy
1A90000
heap
page read and write
52C0000
heap
page read and write
696C3000
unkown
page readonly
E0A000
heap
page read and write
69736000
unkown
page read and write
C54000
heap
page read and write
46CE000
stack
page read and write
68FE4000
unkown
page readonly
4B44000
unkown
page read and write
83D8000
heap
page read and write
2141000
direct allocation
page read and write
212000
unkown
page readonly
82D0000
heap
page read and write
6C720000
unkown
page readonly
68AE000
heap
page read and write
139E000
stack
page read and write
3256000
direct allocation
page read and write
2790000
trusted library allocation
page read and write
6C420000
unkown
page readonly
13FE000
stack
page read and write
210000
unkown
page readonly
126F000
unkown
page readonly
67C1F000
unkown
page readonly
91000
stack
page read and write
116E000
stack
page read and write
2E76000
heap
page read and write
C54000
heap
page read and write
69771000
unkown
page readonly
695B5000
unkown
page readonly
2E88000
heap
page read and write
6AAAB000
unkown
page readonly
606000
heap
page read and write
6A110000
unkown
page readonly
4B6C000
unkown
page read and write
2E8F000
heap
page read and write
2861000
heap
page read and write
10000000
unkown
page readonly
A4F2000
heap
page read and write
6A10A000
unkown
page readonly
974E000
trusted library allocation
page read and write
674000
heap
page read and write
C53000
unkown
page readonly
211000
unkown
page execute read
2E89000
heap
page read and write
3A41000
heap
page read and write
2861000
heap
page read and write
2861000
heap
page read and write
D50000
unkown
page readonly
2861000
heap
page read and write
1F4000
heap
page read and write
5FC0000
unkown
page readonly
2E76000
heap
page read and write
8B92000
heap
page read and write
2E76000
heap
page read and write
6D31000
unkown
page readonly
4C01000
unkown
page execute read
9C6E000
stack
page read and write
1A00000
heap
page read and write
EB0000
heap
page read and write
96000
stack
page read and write
2861000
heap
page read and write
6CC0000
unkown
page readonly
3A41000
heap
page read and write
8BE8000
heap
page read and write
6C8C9000
unkown
page read and write
212C000
direct allocation
page read and write
411000
unkown
page readonly
8BAB000
heap
page read and write
C50000
unkown
page readonly
6CE28000
unkown
page read and write
2E76000
heap
page read and write
2220000
heap
page read and write
9B000
stack
page read and write
2861000
heap
page read and write
F60000
heap
page read and write
6B93D000
unkown
page read and write
3420000
heap
page read and write
9550000
trusted library allocation
page read and write
2861000
heap
page read and write
2B9C6000
heap
page read and write
6B617000
unkown
page write copy
85F5000
heap
page read and write
6B941000
unkown
page readonly
648E000
stack
page read and write
24E0000
direct allocation
page read and write
600F000
unkown
page readonly
4B4F000
unkown
page read and write
34D5000
heap
page read and write
211C000
direct allocation
page read and write
2E76000
heap
page read and write
2E76000
heap
page read and write
8E09000
heap
page read and write
697C5000
unkown
page readonly
4B45000
unkown
page write copy
88C5000
heap
page read and write
6C56A000
unkown
page readonly
8C51000
heap
page read and write
6CF21000
unkown
page execute read
3110000
direct allocation
page read and write
60900000
unkown
page readonly
2861000
heap
page read and write
2E89000
heap
page read and write
3A41000
heap
page read and write
679FD000
unkown
page read and write
2E89000
heap
page read and write
2861000
heap
page read and write
12D0000
unkown
page readonly
2DC5000
heap
page read and write
3A41000
heap
page read and write
510000
heap
page read and write
6C571000
unkown
page execute read
5A0000
heap
page read and write
8A8C000
heap
page read and write
211000
unkown
page execute read
131C000
stack
page read and write
3A41000
heap
page read and write
2E76000
heap
page read and write
11F2000
unkown
page readonly
2861000
heap
page read and write
D2E000
heap
page read and write
69F3000
heap
page read and write
2E76000
heap
page read and write
33AE000
stack
page read and write
2E76000
heap
page read and write
85E000
stack
page read and write
2861000
heap
page read and write
85DD000
heap
page read and write
6D1D000
unkown
page read and write
8D6E000
heap
page read and write
2E76000
heap
page read and write
2E76000
heap
page read and write
2E76000
heap
page read and write
7B3E000
stack
page read and write
2278000
direct allocation
page read and write
2861000
heap
page read and write
34E2000
heap
page read and write
63B1000
unkown
page read and write
BCD000
stack
page read and write
697D8000
unkown
page readonly
6AA33000
unkown
page read and write
625D000
stack
page read and write
2E04000
heap
page read and write
69734000
unkown
page readonly
2E30000
heap
page read and write
6B60C000
unkown
page read and write
6AA51000
unkown
page execute read
4DAD000
unkown
page read and write
67DF2000
unkown
page read and write
6CE41000
unkown
page execute read
6DFC000
unkown
page readonly
148E000
stack
page read and write
2860000
heap
page read and write
727E000
stack
page read and write
2E76000
heap
page read and write
6AA6A000
unkown
page read and write
91AA000
unkown
page read and write
3557000
direct allocation
page read and write
63AD000
unkown
page read and write
95F000
stack
page read and write
22B9000
heap
page read and write
210000
unkown
page readonly
6B621000
unkown
page readonly
82B0000
heap
page read and write
2220000
direct allocation
page execute and read and write
2E76000
heap
page read and write
3A41000
heap
page read and write
400000
unkown
page readonly
2E76000
heap
page read and write
60A000
heap
page read and write
133E000
unkown
page readonly
2E89000
heap
page read and write
1F4000
heap
page read and write
2E76000
heap
page read and write
2861000
heap
page read and write
69636000
unkown
page readonly
BEE000
stack
page read and write
69BB5000
unkown
page readonly
2861000
heap
page read and write
3130000
direct allocation
page read and write
908C000
unkown
page execute read
6C570000
unkown
page readonly
2861000
heap
page read and write
20B1000
direct allocation
page read and write
9451000
heap
page read and write
C54000
heap
page read and write
3BEF000
stack
page read and write
2E76000
heap
page read and write
52BD000
heap
page read and write
67DA4000
unkown
page readonly
2E76000
heap
page read and write
6C89D000
unkown
page read and write
960000
heap
page read and write
697C9000
unkown
page readonly
531F000
stack
page read and write
2250000
direct allocation
page read and write
67EE1000
unkown
page execute read
2E76000
heap
page read and write
6A0E000
heap
page read and write
68FFA000
unkown
page readonly
665000
heap
page read and write
2E76000
heap
page read and write
2E76000
heap
page read and write
6A7FA000
unkown
page read and write
4DB2000
unkown
page write copy
6948F000
unkown
page write copy
6C2E8000
unkown
page execute read
3A50000
heap
page read and write
C54000
heap
page read and write
2861000
heap
page read and write
2E76000
heap
page read and write
2E89000
heap
page read and write
636000
heap
page read and write
2861000
heap
page read and write
2861000
heap
page read and write
10039000
unkown
page readonly
60968000
unkown
page readonly
8E01000
heap
page read and write
1100000
heap
page read and write
9C0000
heap
page read and write
C55000
unkown
page readonly
8E3000
heap
page read and write
27A0000
heap
page read and write
12AE000
stack
page read and write
1F4000
heap
page read and write
803E000
stack
page read and write
6F850000
unkown
page readonly
6964D000
unkown
page readonly
3CDE000
stack
page read and write
6E27000
heap
page read and write
6F96A000
unkown
page read and write
6C410000
unkown
page readonly
2254000
direct allocation
page read and write
6A8AA000
unkown
page readonly
9B2E000
stack
page read and write
382E000
stack
page read and write
C54000
heap
page read and write
9200000
heap
page read and write
AE6000
unkown
page readonly
2E76000
heap
page read and write
40B000
unkown
page write copy
2E89000
heap
page read and write
930000
heap
page read and write
2E89000
heap
page read and write
2861000
heap
page read and write
494000
unkown
page write copy
33FE000
stack
page read and write
3A41000
heap
page read and write
2861000
heap
page read and write
69B9C000
unkown
page readonly
2E26000
heap
page read and write
6040000
unkown
page readonly
2861000
heap
page read and write
688D000
heap
page read and write
C54000
heap
page read and write
AE1000
unkown
page execute read
6A30E000
unkown
page read and write
2E76000
heap
page read and write
19D000
stack
page read and write
2855000
heap
page read and write
52CD000
heap
page read and write
3263000
direct allocation
page read and write
22B5000
heap
page read and write
10046000
unkown
page readonly
312F000
stack
page read and write
D94000
unkown
page read and write
6A9E8000
unkown
page readonly
2E77000
heap
page read and write
2861000
heap
page read and write
D9D000
stack
page read and write
67E00000
unkown
page readonly
5F3E000
stack
page read and write
86F0000
heap
page read and write
2E89000
heap
page read and write
91AD000
unkown
page write copy
6C870000
unkown
page readonly
6CAF000
stack
page read and write
C54000
heap
page read and write
4E47000
heap
page read and write
6AA50000
unkown
page readonly
10044000
unkown
page read and write
3A41000
heap
page read and write
8DF000
heap
page read and write
69016000
unkown
page readonly
366B000
direct allocation
page read and write
DE5000
heap
page read and write
2E6D000
heap
page read and write
6B6E1000
unkown
page execute read
1216000
heap
page read and write
2861000
heap
page read and write
6C302000
unkown
page execute read
1F4000
heap
page read and write
DF0000
heap
page read and write
1000000
heap
page read and write
69740000
unkown
page readonly
8CEC000
heap
page read and write
2E76000
heap
page read and write
6EB7000
heap
page read and write
2E89000
heap
page read and write
2128000
direct allocation
page read and write
34E8000
heap
page read and write
2E76000
heap
page read and write
6CE2D000
unkown
page readonly
6B61B000
unkown
page write copy
69780000
unkown
page readonly
2E76000
heap
page read and write
2368000
direct allocation
page read and write
8997000
heap
page read and write
6D22000
unkown
page write copy
6A2E000
heap
page read and write
212000
unkown
page readonly
2E76000
heap
page read and write
C54000
heap
page read and write
8B27000
heap
page read and write
2861000
heap
page read and write
3430000
heap
page read and write
68FE9000
unkown
page readonly
5FC1000
unkown
page execute read
2861000
heap
page read and write
6860000
heap
page read and write
226C000
direct allocation
page read and write
6CD91000
unkown
page execute read
7AF000
stack
page read and write
640E000
stack
page read and write
1180000
heap
page read and write
4B5C000
unkown
page write copy
2861000
heap
page read and write
8D75000
heap
page read and write
2E76000
heap
page read and write
2861000
heap
page read and write
7D0000
heap
page read and write
961000
heap
page read and write
6B6E0000
unkown
page readonly
19D5000
heap
page read and write
9E7000
heap
page read and write
2E89000
heap
page read and write
C2E000
stack
page read and write
3A41000
heap
page read and write
697E7000
unkown
page readonly
214C000
direct allocation
page read and write
695D1000
unkown
page execute read
69BA5000
unkown
page readonly
6FBE000
stack
page read and write
89AF000
heap
page read and write
6AA40000
unkown
page readonly
320D000
direct allocation
page read and write
2E76000
heap
page read and write
8C3F000
heap
page read and write
8F4000
heap
page read and write
2861000
heap
page read and write
3A41000
heap
page read and write
C54000
heap
page read and write
324C000
heap
page read and write
4C70000
unkown
page read and write
2861000
heap
page read and write
908E000
unkown
page readonly
6AAA1000
unkown
page execute read
496000
unkown
page read and write
6AA00000
unkown
page readonly
69009000
unkown
page readonly
6C3EA000
unkown
page write copy
1150000
heap
page read and write
8AE000
heap
page read and write
2290000
heap
page read and write
16B1000
unkown
page execute read
609000
heap
page read and write
609000
heap
page read and write
F30000
heap
page read and write
AFB000
stack
page read and write
C55000
unkown
page readonly
6B611000
unkown
page write copy
D87000
unkown
page readonly
336E000
stack
page read and write
6D20000
unkown
page read and write
126E000
stack
page read and write
1F4000
heap
page read and write
8F8000
heap
page read and write
117E000
stack
page read and write
830000
heap
page read and write
2E76000
heap
page read and write
2E89000
heap
page read and write
2861000
heap
page read and write
6AA44000
unkown
page readonly
2E32000
heap
page read and write
697D0000
unkown
page readonly
69661000
unkown
page execute read
400000
unkown
page readonly
737F000
stack
page read and write
696A2000
unkown
page readonly
9BA000
unkown
page read and write
2247000
direct allocation
page read and write
699F3000
unkown
page readonly
8D49000
heap
page read and write
1F4000
heap
page read and write
C51000
unkown
page execute read
2861000
heap
page read and write
3A41000
heap
page read and write
3AAE000
stack
page read and write
8BF8000
heap
page read and write
6CE8F000
unkown
page readonly
3479000
heap
page read and write
500000
heap
page read and write
6AA46000
unkown
page readonly
65F000
stack
page read and write
4B4B000
unkown
page write copy
CF0000
stack
page read and write
68AA000
heap
page read and write
6C430000
unkown
page read and write
3671000
heap
page read and write
114E000
stack
page read and write
69737000
unkown
page readonly
69720000
unkown
page read and write
6AA6B000
unkown
page readonly
364A000
direct allocation
page read and write
2118000
direct allocation
page read and write
69051000
unkown
page readonly
6C2E0000
unkown
page readonly
82E0000
heap
page read and write
2E10000
heap
page read and write
69035000
unkown
page readonly
88FF000
heap
page read and write
2E76000
heap
page read and write
2861000
heap
page read and write
There are 1564 hidden memdumps, click here to show them.