IOC Report
anuwhqTXGt.dll

loading gif

Files

File Path
Type
Category
Malicious
anuwhqTXGt.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
initial sample
 malicious
C:\Program Files (x86)\Wimsys\msg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Wimsys\msg.inf
data
dropped
C:\Program Files (x86)\Wimsys\uninstall.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Wimsys\uninstall.tar
data
dropped
C:\ProgramData\USOShared\Logs\System\UpdateSessionOrchestration.9089aa03-3593-48cf-80b0-7499dec9f58a.1.etl
data
dropped
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\Public\fbe\fbegbhf.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\Public\fbe\upd.inf
data
dropped
C:\Users\Public\wss_tmp\cr_ws_2.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\Public\wss_tmp\infile_x64.cab
data
dropped
C:\Users\user\AppData\Local\Temp\nskFC4E.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\0.crx
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\1.crx
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\2.crx
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\IpConfig.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\MoreInfo.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\SimpleSC.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\inetc.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\md5dll.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
dropped
C:\Users\user\AppData\Local\Temp\nsqF009.tmp\nsExec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsrF22D.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\0.crx
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\1.crx
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\2.crx
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\IpConfig.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\MoreInfo.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\SimpleSC.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\inetc.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\md5dll.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
dropped
C:\Users\user\AppData\Local\Temp\nssF49D.tmp\nsExec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nsyF72E.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\0.crx
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\1.crx
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\2.crx
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\IpConfig.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\MoreInfo.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\SimpleSC.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\System.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\inetc.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\md5dll.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
dropped
C:\Users\user\AppData\Local\Temp\nszFA3A.tmp\nsExec.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Windows\Installer\{f4b964cf-1b7a-aa88-03cb-3533f33b6987}\2e04d05a72bbb297aebc410e888a6ad5
JSON data
dropped
C:\Windows\Installer\{f4b964cf-1b7a-aa88-03cb-3533f33b6987}\66f120532d0318a6a449e3c438427a15.2
Google Chrome extension, version 3
dropped
C:\Windows\Installer\{f4b964cf-1b7a-aa88-03cb-3533f33b6987}\66f120532d0318a6a449e3c438427a15.2.E
Google Chrome extension, version 3
dropped
C:\Windows\Installer\{f4b964cf-1b7a-aa88-03cb-3533f33b6987}\c23a32abd836342a70b7f6c1aa74947e.2
XML 1.0 document, ASCII text, with very long lines (314), with no line terminators
dropped
C:\Windows\Installer\{f4b964cf-1b7a-aa88-03cb-3533f33b6987}\c23a32abd836342a70b7f6c1aa74947e.2.E
XML 1.0 document, ASCII text, with very long lines (316), with no line terminators
dropped
There are 39 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\anuwhqTXGt.dll",#1
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\anuwhqTXGt.dll,get
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\anuwhqTXGt.dll",get
 malicious
C:\Windows\SysWOW64\reg.exe
reg add HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Edge\ExtensionInstallForcelist /v 1 /t REG_SZ /d liffkepbndfkkknedglekeghaegocokk;file:///C:/Windows/Installer/{f4b964cf-1b7a-aa88-03cb-3533f33b6987}/c23a32abd836342a70b7f6c1aa74947e.2.E /reg:32
malicious
C:\Windows\SysWOW64\reg.exe
reg add HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist /v 1 /t REG_SZ /d liffkepbndfkkknedglekeghaegocokk;file:///C:/Windows/Installer/{f4b964cf-1b7a-aa88-03cb-3533f33b6987}/c23a32abd836342a70b7f6c1aa74947e.2 /reg:32
malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Users\Public\wss_tmp\cr_ws_2.dll" main --install-run
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Users\Public\wss_tmp\cr_ws_2.dll" main --install-run
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Users\Public\fbe\fbegbhf.dll" main -c uninstall
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Users\Public\wss_tmp\cr_ws_2.dll" main --install-run
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Users\Public\fbe\fbegbhf.dll" main -c install-run
 malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32 "C:\Users\Public\fbe\fbegbhf.dll" main -c uninstall
 malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\anuwhqTXGt.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\anuwhqTXGt.dll",#1
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM msedge.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM msedge.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM chrome.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM chrome.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM msedge.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\rundll32.exe
rundll32 "C:\Users\Public\wss_tmp\cr_ws_2.dll" main --install-run
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\Public\wss_tmp\cr_ws_2.dll" main
C:\Windows\SysWOW64\taskkill.exe
TaskKill /IM chrome.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\rundll32.exe
rundll32 "C:\Users\Public\fbe\fbegbhf.dll" main -c uninstall
C:\Windows\System32\rundll32.exe
"rundll32.exe" "C:\Users\Public\wss_tmp\cr_ws_2.dll" main JkoI28tA7 s54VVA9PL
C:\Windows\System32\rundll32.exe
rundll32 "C:\Users\Public\wss_tmp\cr_ws_2.dll" main --install-run
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\Public\wss_tmp\cr_ws_2.dll" main
C:\Windows\System32\rundll32.exe
rundll32 "C:\Users\Public\fbe\fbegbhf.dll" main -c install-run
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\Public\fbe\fbegbhf.dll" main
C:\Windows\System32\rundll32.exe
rundll32 "C:\Users\Public\fbe\fbegbhf.dll" main -c uninstall
C:\Windows\System32\rundll32.exe
"rundll32.exe" "C:\Users\Public\wss_tmp\cr_ws_2.dll" main 5l2dLaWBz 8H16fjAVL
There are 36 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://embro.info/installer.php?pixid=2&campaignId=&firstrun=1&bg=1&cmdline=%22C%3A%5CUsers%5Cuser%5CDesktop%5CanuwhqTXGt%2Edll%22%2C%231&v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C55F7&mid=5a22443ffb9ed87bfffb38c0fd1fd644&aid=VPGCNBK0FG&aid2=none&ts=1713854402&ts2=&brw=chrome&mi=0&ma=10
172.67.207.72
 malicious
http://serragatino.info/preinstaller/index.php?evt=start&v=1.28.763.1&ts=1713854395&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
https://embro.info/installer.php?pixid=2&campaignId=&firstrun=1&bg=1&cmdline=C%3A%5CUsers%5Cuser%5CDesktop%5CanuwhqTXGt%2Edll%2Cget&v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C55F7&mid=5a22443ffb9ed87bfffb38c0fd1fd644&aid=VPGCNBK0FG&aid2=none&ts=1713854403&ts2=&brw=chrome&mi=0&ma=10
172.67.207.72
 malicious
http://serragatino.info/preinstaller/index.php?evt=end_install&v=1.28.763.1&ts=1713854416&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
https://embro.info/installer/finish?v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C55F7&mid=5a22443ffb9ed87bfffb38c0fd1fd644&aid=VPGCNBK0FG&aid2=VPGCNBK0FG&ts=1713854404&ts2=&brw=chrome&mi=0&ma=10
172.67.207.72
 malicious
https://embro.info/updateTask/index.php?v=e1.0.0.28&os_mj=10&os_mn=0&os_bitness=64&unique_id=EA0012FA9C0BA3312209B38DA78C55F7&mid=5a22443ffb9ed87bfffb38c0fd1fd644&aid=VPGCNBK0FG&aid2=VPGCNBK0FG&ts=1713854404&ts2=&brw=chrome&retry_version=1.0.0.28&retry_count=0
172.67.207.72
 malicious
http://serragatino.info/preinstaller/index.php?evt=start_download&v=1.28.763.1&ts=1713854396&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
https://embro.info/installer/start?v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C55F7&mid=5a22443ffb9ed87bfffb38c0fd1fd644&aid=VPGCNBK0FG&aid2=VPGCNBK0FG&ts=1713854404&ts2=&brw=chrome&mi=0&ma=10
172.67.207.72
 malicious
https://embro.info/installer/start?v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C55F7&mid=5a22443ffb9ed87bfffb38c0fd1fd644&aid=VPGCNBK0FG&aid2=none&ts=1713854403&ts2=&brw=chrome&mi=0&ma=10
172.67.207.72
 malicious
http://serragatino.info/preinstaller/index.php?evt=end_download&v=1.28.763.1&ts=1713854399&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
https://embro.info/installer/get_timestamp.php
172.67.207.72
 malicious
http://serragatino.info/preinstaller/index.php?evt=start&v=1.28.763.1&ts=1713854398&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
http://serragatino.info/preinstaller/index.php?evt=start_install&v=1.28.763.1&ts=1713854399&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
http://serragatino.info/preinstaller/index.php?evt=start_install&v=1.28.763.1&ts=1713854400&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
http://serragatino.info/preinstaller/index.php?evt=end_install&v=1.28.763.1&ts=1713854414&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
https://embro.info/installer/finish?v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C55F7&mid=5a22443ffb9ed87bfffb38c0fd1fd644&aid=VPGCNBK0FG&aid2=none&ts=1713854403&ts2=&brw=chrome&mi=0&ma=10
172.67.207.72
 malicious
http://serragatino.info/preinstaller/index.php?evt=start&v=1.28.763.1&ts=1713854396&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
http://serragatino.info/preinstaller/index.php?evt=end_download&v=1.28.763.1&ts=1713854401&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
http://serragatino.info/preinstaller/index.php?evt=end_download&v=1.28.763.1&ts=1713854398&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
http://serragatino.info/preinstaller/index.php?evt=end_install&v=1.28.763.1&ts=1713854417&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
http://serragatino.info/preinstaller/index.php?evt=start_install&v=1.28.763.1&ts=1713854401&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
http://serragatino.info/preinstaller/index.php?evt=start_download&v=1.28.763.1&ts=1713854399&mid=d85294d3634ef96b9b06988fd385c922&payload=
104.21.24.192
 malicious
https://embro.info/installer/finish?v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C55F7&mid=5a22443ffb9ed87bfffb38c0fd1fd644&aid=VPGCNBK0FG&aid2=none&ts=1713854402&ts2=&brw=chrome&mi=0&ma=10
172.67.207.72
 malicious
https://embro.info/installer/start?v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C55F7&mid=5a22443ffb9ed87bfffb38c0fd1fd644&aid=VPGCNBK0FG&aid2=none&ts=1713854402&ts2=&brw=chrome&mi=0&ma=10
172.67.207.72
 malicious
https://embro.info/installer/get_timestamp.php1023
unknown
https://embro.info/U
unknown
http://4o985rhikfsof.b-cdn.net/license_1.28.763.1.dat
138.199.40.58
https://embro.info/S
unknown
https://embro.info/
unknown
https://dev.ditu.live.com/REST/v1/Routes/
unknown
https://dev.virtualearth.net/REST/v1/Routes/Driving
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
unknown
https://embro.info/installer/finish
unknown
https://embro.info/installer/start?v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C55
unknown
https://dev.virtualearth.net/REST/v1/Routes/Walking
unknown
https://embro.info/I
unknown
http://nsis.sf.net/NSIS_Error...
unknown
http://standards.iso.org/iso/19770/-2/2009/schema.xsd
unknown
https://embro.info/installer.php?pixid=2&campaignId=&firstrun=1&bg=1&cmdline=%22C%3A%5CUsers%5Cfront
unknown
https://t0.ssl.ak.dynamic.tiles.virtualea0D#xk
unknown
https://dev.ditu.live.com/mapcontrol/logging.ashx
unknown
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
unknown
https://curl.se/docs/hsts.html
unknown
https://embro.info/installer.php?pixid=2&campaignId=&firstrun=1&bg=1&cmdline=C%3A%5CUsers%5Cuseres
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
unknown
https://curl.se/docs/alt-svc.html#
unknown
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
unknown
https://curl.se/docs/hsts.html#
unknown
https://embro.info/j
unknown
http://www.bingmapsportal.com
unknown
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://embro.info/a
unknown
https://embro.info/_
unknown
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
unknown
https://embro.info/0-3AEA-1069-A2D8-08002B30309D
unknown
https://embro.info/X~
unknown
https://curl.se/docs/http-cookies.html
unknown
https://embro.info/installer/finish?v=e1.0.0.28&tv=1.0-90000&unique_id=EA0012FA9C0BA3312209B38DA78C5
unknown
https://dev.ditu.live.com/REST/v1/Transit/Stops/
unknown
http://www.google.com/update2/response
unknown
https://dev.virtualearth.net/REST/v1/Routes/
unknown
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
unknown
https://embro.info/installer/finishixid=2&campaignId=&firstrun=1&bg=1&cmdline=%22C%3A%5CUsers%5Cfron
unknown
https://t0.ss
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
unknown
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://curl.se/docs/alt-svc.html
unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
unknown
https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
unknown
https://dev.virtualearth.net/REST/v1/Locations
unknown
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
unknown
https://dev.virtualearth.net/mapcontrol/logging.ashx
unknown
https://embro.info/installer.php
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
unknown
https://embro.info/updateTask/index.php
unknown
http://nsis.sf.net/NSIS_Error
unknown
https://dynamic.t
unknown
https://embro.info/installer/start500
unknown
https://embro.info/-
unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit
unknown
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
unknown
https://embro.info/installer/finish?v=e1.0.0.28&tv=1.0-90000&unique_id=ErR
unknown
https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
unknown
https://curl.se/docs/http-cookies.html#
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
unknown
https://dev.ditu.live.com/REST/v1/Locations
unknown
https://t0.ssl.ak.dynamic.tiles.v
unknown
https://embro.info/installer/finishixid=2&campaignId=&firstrun=1&bg=1&cmdline=C%3A%5CUsers%5Cusere
unknown
https://embro.info/installer/get_timestamp.php./
unknown
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
unknown
There are 84 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
serragatino.info
104.21.24.192
 malicious
embro.info
172.67.207.72
 malicious
4o985rhikfsof.b-cdn.net
138.199.40.58
www.google.com
142.250.176.196
guayaco.info
104.21.69.207

IPs

IP
Domain
Country
Malicious
104.21.24.192
serragatino.info
United States
malicious
172.67.207.72
embro.info
United States
malicious
138.199.40.58
4o985rhikfsof.b-cdn.net
European Union
168.61.215.74
unknown
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
STATE
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\google\chrome\ExtensionInstallForcelist
1
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Wimsys
mid
HKEY_LOCAL_MACHINE\SOFTWARE\Wimsys
uid
HKEY_LOCAL_MACHINE\SOFTWARE\Wimsys
aid
HKEY_LOCAL_MACHINE\SOFTWARE\Wimsys
aid2
HKEY_LOCAL_MACHINE\SOFTWARE\Wimsys
ts
HKEY_LOCAL_MACHINE\SOFTWARE\Wimsys
ts2
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
mid
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
uid
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
aid
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
aid2
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
ts
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
ts2
HKEY_LOCAL_MACHINE\SYSTEM\Software\FQ
unique_id
HKEY_LOCAL_MACHINE\SYSTEM\Software\FQ
mid
HKEY_LOCAL_MACHINE\SYSTEM\Software\FQ
aid
HKEY_LOCAL_MACHINE\SYSTEM\Software\FQ
aid2
HKEY_LOCAL_MACHINE\SYSTEM\Software\FQ
ts
HKEY_LOCAL_MACHINE\SYSTEM\Software\FQ
ts2
HKEY_LOCAL_MACHINE\SYSTEM\Software\FQ
brw
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.regreader.nativemessage
NULL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b0ce0805d069128c445841c673b20d15
aid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b0ce0805d069128c445841c673b20d15
aid
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wimsys
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wimsys
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wimsys
DisplayIcon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
a
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
cid
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
u
HKEY_LOCAL_MACHINE\SOFTWARE\Wimsys
ts
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
ts
HKEY_LOCAL_MACHINE\SYSTEM\Software\FQ
ts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config
LastKnownGoodTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator
StartWorkerOnServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
Checking to see if mostack override has changed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
UsoCrmScan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
CleanupUsoLogs
HKEY_LOCAL_MACHINE\SOFTWARE\Wimsys
aid2
HKEY_LOCAL_MACHINE\SOFTWARE\Wimsys
ts
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wimsys
ts
HKEY_LOCAL_MACHINE\SYSTEM\Software\FQ
aid2
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist
1
There are 35 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2477C500000
heap
page read and write
342F000
stack
page read and write
A2D000
heap
page read and write
52A0000
heap
page read and write
2BD0000
heap
page read and write
2A90000
heap
page read and write
FFF6BFE000
stack
page read and write
2E57000
heap
page execute and read and write
19AED07F000
heap
page read and write
1D98912A000
heap
page read and write
6D4D5000
unkown
page read and write
357E000
heap
page read and write
2C3E000
stack
page read and write
45D4000
heap
page read and write
2E53000
heap
page read and write
5099FEF000
stack
page read and write
213BC3D0000
heap
page read and write
1788B980000
heap
page read and write
2D50000
heap
page read and write
498E000
stack
page read and write
5074000
heap
page read and write
344E000
heap
page read and write
4CE0000
heap
page read and write
31BE000
unkown
page read and write
265DB390000
heap
page read and write
E7B000
heap
page read and write
22638C10000
heap
page read and write
2EBB000
heap
page read and write
19AED02B000
heap
page read and write
1C9C6765000
heap
page read and write
541B000
heap
page read and write
2DB0000
heap
page read and write
2A025320000
remote allocation
page read and write
2FFC000
stack
page read and write
2C8E000
stack
page read and write
21BD9483000
heap
page read and write
2E46000
heap
page read and write
6EE0D000
unkown
page read and write
32CC000
heap
page read and write
1D988816000
heap
page read and write
2CA8000
heap
page read and write
4B88000
heap
page read and write
1800DF000
unkown
page write copy
52D6FFD000
stack
page read and write
3070000
heap
page read and write
53FF000
stack
page read and write
1800E1000
unkown
page read and write
257B8600000
heap
page read and write
2DAB000
heap
page read and write
21BD9430000
direct allocation
page execute and read and write
21BD7D25000
heap
page read and write
B273B7E000
stack
page read and write
4B92000
heap
page read and write
4E8A000
heap
page read and write
180001000
unkown
page execute read
1A89316C000
heap
page read and write
880000
heap
page read and write
1DDF0469000
heap
page read and write
E9D7677000
stack
page read and write
294F000
stack
page read and write
27E8000
stack
page read and write
22638B11000
heap
page read and write
265DB445000
heap
page read and write
303307E000
stack
page read and write
560D000
heap
page read and write
265DCDE0000
heap
page read and write
3226000
heap
page read and write
2AD3000
heap
page read and write
24C0000
heap
page read and write
26B78286000
heap
page read and write
26B78281000
heap
page read and write
3032A7E000
stack
page read and write
7D0000
heap
page read and write
5A3E000
stack
page read and write
2E53000
heap
page read and write
3275000
heap
page read and write
4CD000
stack
page read and write
2DCB000
heap
page read and write
4BA2000
heap
page read and write
3588000
heap
page read and write
2477E090000
heap
page read and write
610C000
stack
page read and write
166D8850000
direct allocation
page execute and read and write
1D989100000
heap
page read and write
358B000
heap
page read and write
180001000
unkown
page execute read
6CAD9FE000
stack
page read and write
1C9C8040000
heap
page read and write
482B000
stack
page read and write
6EE06000
unkown
page readonly
AA0000
heap
page read and write
8FE000
unkown
page read and write
4CC1000
heap
page read and write
2D21000
heap
page read and write
166D868E000
heap
page read and write
2D9F000
stack
page read and write
26B78252000
heap
page read and write
2CE8000
heap
page read and write
265DCF59000
heap
page read and write
1A892F61000
heap
page read and write
308E000
heap
page read and write
6EE0F000
unkown
page readonly
2E59000
heap
page read and write
19AED025000
heap
page read and write
26B78302000
heap
page read and write
22637210000
heap
page read and write
257B8602000
heap
page read and write
26B78285000
heap
page read and write
4DB0000
heap
page read and write
5651000
heap
page read and write
3588000
heap
page read and write
35DD000
stack
page read and write
24FC000
stack
page read and write
1BFBB600000
heap
page read and write
4B70000
heap
page read and write
1800DF000
unkown
page write copy
166D86F0000
heap
page read and write
32E4000
heap
page read and write
22636F3E000
heap
page read and write
2C8F000
stack
page read and write
3588000
heap
page read and write
1C74AD3E000
direct allocation
page execute and read and write
2477E42E000
direct allocation
page execute and read and write
324C000
heap
page read and write
58C0000
heap
page read and write
3032F7E000
unkown
page readonly
2DA8000
heap
page read and write
3175000
heap
page read and write
6EDF1000
unkown
page execute read
295D000
stack
page read and write
4D7C000
heap
page read and write
83C000
stack
page read and write
2AB9000
heap
page read and write
52DA000
heap
page read and write
4E84000
heap
page read and write
1BFBB602000
heap
page read and write
3264000
heap
page read and write
2477C4E0000
heap
page read and write
29B0000
heap
page read and write
265DCEEA000
heap
page read and write
26B78266000
heap
page read and write
4CD0000
heap
page read and write
19AED102000
heap
page read and write
26B7825A000
heap
page read and write
52D63FE000
unkown
page readonly
19AED815000
heap
page read and write
1A892D8A000
direct allocation
page execute and read and write
1C9C6760000
heap
page read and write
6D4A1000
unkown
page execute read
34B8000
direct allocation
page execute and read and write
2FB0000
heap
page read and write
2DAF000
heap
page read and write
2DB4000
heap
page read and write
314E000
stack
page read and write
359B000
heap
page read and write
320A000
heap
page read and write
1C9C8110000
heap
page read and write
166D8C21000
heap
page read and write
5BDF000
heap
page read and write
26B78242000
heap
page read and write
4B8C000
heap
page read and write
9FB000
heap
page read and write
21BD97FE000
direct allocation
page execute and read and write
29A0000
heap
page read and write
52D9000
heap
page read and write
E9D777F000
stack
page read and write
4BC2000
heap
page read and write
4E8D000
heap
page read and write
1788D460000
direct allocation
page execute and read and write
298E000
stack
page read and write
21BD78E0000
heap
page read and write
2DFF000
heap
page read and write
4830000
heap
page read and write
30A0000
heap
page read and write
346537F000
stack
page read and write
343B000
heap
page read and write
6EE0D000
unkown
page read and write
1D988868000
heap
page read and write
180000000
unkown
page readonly
52A5000
heap
page read and write
1A892F65000
heap
page read and write
64267AF000
stack
page read and write
5044C7E000
stack
page read and write
4D24000
heap
page read and write
26B78283000
heap
page read and write
32DA000
heap
page read and write
2477E1A0000
heap
page read and write
2960000
heap
page read and write
B2744FE000
stack
page read and write
9FB000
heap
page read and write
6210000
remote allocation
page read and write
6EE0F000
unkown
page readonly
1BFBB810000
heap
page read and write
1A892A70000
heap
page read and write
3550000
heap
page read and write
324B000
heap
page read and write
26B78249000
heap
page read and write
323D000
heap
page read and write
9E8000
heap
page read and write
2D8E000
heap
page read and write
2ECC000
stack
page read and write
A2C000
heap
page read and write
6D4D7000
unkown
page readonly
5FDB000
stack
page read and write
3469000
heap
page read and write
4EED000
stack
page read and write
5480000
direct allocation
page read and write
6EDF0000
unkown
page readonly
2A025320000
remote allocation
page read and write
52D6DFE000
stack
page read and write
5F70000
heap
page read and write
4F84000
heap
page read and write
34CF000
stack
page read and write
55CE000
heap
page read and write
22638C89000
heap
page read and write
5FE000
stack
page read and write
265DB440000
heap
page read and write
4701000
direct allocation
page execute and read and write
325A000
heap
page read and write
333E000
stack
page read and write
2EB3000
heap
page read and write
4F30000
heap
page read and write
2ECF000
heap
page read and write
26B781A0000
heap
page read and write
290F000
stack
page read and write
29EE000
stack
page read and write
265DCEE0000
heap
page read and write
1A892780000
heap
page read and write
344E000
stack
page read and write
2D27000
heap
page execute and read and write
3032DFE000
stack
page read and write
1D988813000
heap
page read and write
26B78268000
heap
page read and write
4A70000
heap
page read and write
B273FFE000
unkown
page readonly
31B0000
heap
page read and write
1788D7A0000
direct allocation
page execute and read and write
468E000
stack
page read and write
356B000
heap
page read and write
52D637D000
stack
page read and write
1BFBBD80000
trusted library allocation
page read and write
4EE2000
heap
page read and write
1DDF0459000
heap
page read and write
1C9C8219000
heap
page read and write
4F51000
heap
page read and write
1C9C6560000
heap
page read and write
1DDF02F0000
heap
page read and write
52D70FE000
unkown
page readonly
22638BAF000
heap
page read and write
325C000
stack
page read and write
2ABF000
heap
page read and write
257B8660000
heap
page read and write
4710000
heap
page read and write
444E000
stack
page read and write
5221000
heap
page read and write
21BD7A52000
heap
page read and write
1C9C8100000
heap
page read and write
4708000
direct allocation
page execute and read and write
3457000
heap
page read and write
26B78267000
heap
page read and write
44CF000
stack
page read and write
BD0000
heap
page read and write
523B000
stack
page read and write
5B6E000
stack
page read and write
2A9A000
heap
page read and write
3279000
heap
page read and write
5D70000
direct allocation
page read and write
350E000
stack
page read and write
6EDF1000
unkown
page execute read
4B9E000
heap
page read and write
2DAC000
stack
page read and write
26B78213000
heap
page read and write
5AF6000
heap
page read and write
55E8000
heap
page read and write
45EF000
stack
page read and write
4CCD000
heap
page read and write
33EE000
stack
page read and write
E87000
heap
page read and write
346A000
heap
page read and write
2EBF000
heap
page read and write
3D0000
heap
page read and write
6EE0F000
unkown
page readonly
5548000
heap
page read and write
2D21000
heap
page read and write
3465000
heap
page read and write
32D1000
heap
page read and write
6D4A1000
unkown
page execute read
3249000
heap
page read and write
265DD1F0000
direct allocation
page execute and read and write
1800E4000
unkown
page readonly
3457000
heap
page read and write
2B5A000
heap
page read and write
6CAD3CB000
stack
page read and write
2C67000
heap
page read and write
5BFC000
heap
page read and write
5420000
heap
page read and write
359B000
heap
page read and write
2AC6000
heap
page read and write
5AEA000
heap
page read and write
3268000
heap
page read and write
448E000
stack
page read and write
24CA000
heap
page read and write
6EE06000
unkown
page readonly
26B78270000
heap
page read and write
19AED802000
heap
page read and write
1C9C81AF000
heap
page read and write
1C74ACB0000
direct allocation
page execute and read and write
470D000
stack
page read and write
2EFE000
stack
page read and write
6EDF1000
unkown
page execute read
55CC000
heap
page read and write
52FA000
heap
page read and write
5339000
heap
page read and write
52D73FE000
unkown
page readonly
257B864C000
heap
page read and write
4950000
heap
page read and write
1800B1000
unkown
page readonly
7E378A7000
stack
page read and write
2C8E000
stack
page read and write
6210000
direct allocation
page read and write
2477C66D000
heap
page read and write
2DFA000
heap
page read and write
257B8E02000
trusted library allocation
page read and write
470000
heap
page read and write
2A023813000
heap
page read and write
52D71FE000
unkown
page readonly
213BC8A0000
heap
page read and write
4B9E000
heap
page read and write
1C9C8289000
heap
page read and write
47CE000
stack
page read and write
6EE06000
unkown
page readonly
4DFF000
stack
page read and write
6EDF0000
unkown
page readonly
1788D4A0000
heap
page read and write
4EB8000
heap
page read and write
26B78255000
heap
page read and write
4F2C000
stack
page read and write
22638C11000
heap
page read and write
226371B0000
heap
page read and write
21BD79B8000
heap
page read and write
2C60000
heap
page read and write
26B7823F000
heap
page read and write
1DDF0402000
heap
page read and write
1788BAC0000
heap
page read and write
357E000
heap
page read and write
2DBB000
heap
page read and write
4E6E000
heap
page read and write
2C4E000
stack
page read and write
344E000
heap
page read and write
5444000
heap
page read and write
6EE0F000
unkown
page readonly
336E000
stack
page read and write
2DB8000
heap
page read and write
2D1D000
heap
page read and write
4D2F000
heap
page read and write
26B7824C000
heap
page read and write
4E20000
heap
page read and write
25F0000
heap
page read and write
166D8C21000
heap
page read and write
1C9C8111000
heap
page read and write
359B000
heap
page read and write
1C74ABCD000
heap
page read and write
A2B000
heap
page read and write
323C000
stack
page read and write
2DBC000
heap
page read and write
180001000
unkown
page execute read
61CF000
stack
page read and write
21BD79CF000
heap
page read and write
166D8880000
heap
page read and write
4D7E000
stack
page read and write
294E000
stack
page read and write
2DA4000
heap
page read and write
2DBB000
heap
page read and write
59FE000
stack
page read and write
2A40000
heap
page read and write
50D000
stack
page read and write
464C000
direct allocation
page execute and read and write
3230000
heap
page read and write
1C74AD50000
heap
page read and write
B0F000
unkown
page read and write
2A02382B000
heap
page read and write
1A89289E000
heap
page read and write
5C2D000
heap
page read and write
6CADBFF000
stack
page read and write
6EDF1000
unkown
page execute read
A28000
heap
page read and write
3F0000
heap
page read and write
257B8702000
heap
page read and write
6EE0F000
unkown
page readonly
6210000
remote allocation
page read and write
52D4000
heap
page read and write
2D8E000
heap
page read and write
1BFBB646000
heap
page read and write
6EDF1000
unkown
page execute read
2D77000
heap
page read and write
5BE5000
heap
page read and write
1A892F60000
heap
page read and write
52A0000
heap
page read and write
780000
heap
page read and write
22637270000
heap
page read and write
356C000
heap
page read and write
2DBF000
heap
page read and write
1A892680000
heap
page read and write
2CC0000
heap
page read and write
22636EE0000
heap
page read and write
52F5000
heap
page read and write
2B50000
heap
page read and write
479000
stack
page read and write
55C9000
heap
page read and write
5330000
heap
page read and write
2A023A10000
heap
page read and write
A30000
heap
page read and write
6CADAFE000
stack
page read and write
8B0000
heap
page read and write
531D000
heap
page read and write
2F0C000
stack
page read and write
B2742FD000
stack
page read and write
265DCDE1000
heap
page read and write
3266000
heap
page read and write
213BC270000
heap
page read and write
2ECF000
heap
page read and write
32C000
stack
page read and write
5346000
heap
page read and write
2AAD000
heap
page read and write
6EE0D000
unkown
page read and write
26B7826C000
heap
page read and write
26B7829F000
heap
page read and write
1D988848000
heap
page read and write
2D70000
heap
page read and write
265DB240000
heap
page read and write
166D8510000
heap
page read and write
359E000
unkown
page read and write
2C4F000
stack
page read and write
1A892E50000
heap
page read and write
31C0000
heap
page read and write
6D4D1000
unkown
page readonly
5F90000
heap
page read and write
5BDC000
heap
page read and write
FBE000
stack
page read and write
2A023902000
heap
page read and write
2E99000
heap
page read and write
2B70000
heap
page read and write
E60000
heap
page read and write
1C74AC10000
heap
page read and write
2477E22E000
heap
page read and write
4DAA000
heap
page read and write
26B78284000
heap
page read and write
22636F30000
heap
page read and write
2E32000
heap
page read and write
2DEC000
stack
page read and write
6EDF0000
unkown
page readonly
3243000
heap
page read and write
1C9C66E0000
direct allocation
page execute and read and write
320E000
stack
page read and write
2A0237F0000
heap
page read and write
3467000
heap
page read and write
213BC3D5000
heap
page read and write
59BC000
stack
page read and write
1DDF0400000
heap
page read and write
26B78930000
trusted library allocation
page read and write
52AC000
heap
page read and write
52EE000
stack
page read and write
1C74C680000
heap
page read and write
26B78235000
heap
page read and write
533E000
stack
page read and write
4DB6000
heap
page read and write
2CA0000
heap
page read and write
1C9C8210000
heap
page read and write
1788B9E0000
heap
page read and write
1D989118000
heap
page read and write
354F000
stack
page read and write
2ABF000
heap
page read and write
4CE0000
heap
page read and write
5AA0000
heap
page read and write
22637275000
heap
page read and write
470C000
direct allocation
page execute and read and write
19AED04B000
heap
page read and write
1A892E61000
heap
page read and write
5AA5000
heap
page read and write
330F000
stack
page read and write
1A892FD9000
heap
page read and write
5910000
heap
page read and write
2D15000
heap
page read and write
3038000
stack
page read and write
2DA8000
heap
page read and write
257B8641000
heap
page read and write
1C9C670A000
direct allocation
page execute and read and write
2D40000
heap
page read and write
3255000
heap
page read and write
1C74AC80000
direct allocation
page execute and read and write
7E379AF000
stack
page read and write
1D988790000
heap
page read and write
2E58000
heap
page execute and read and write
2EBB000
heap
page read and write
2DB3000
heap
page read and write
50FE000
stack
page read and write
3790000
heap
page read and write
343F000
heap
page read and write
2D1D000
heap
page read and write
30D0000
heap
page read and write
4C8C000
heap
page read and write
356B000
heap
page read and write
AFC000
stack
page read and write
2D69000
heap
page read and write
6EE06000
unkown
page readonly
6210000
direct allocation
page read and write
2540000
heap
page read and write
52D69FE000
stack
page read and write
1800DD000
unkown
page read and write
2A3C000
stack
page read and write
3269000
heap
page read and write
3350000
heap
page read and write
5F80000
heap
page read and write
166D8F20000
direct allocation
page execute and read and write
1DDF0437000
heap
page read and write
21BD7A8B000
heap
page read and write
494F000
stack
page read and write
3268000
heap
page read and write
265DB1F0000
heap
page read and write
474E000
stack
page read and write
22639022000
direct allocation
page execute and read and write
166D860B000
heap
page read and write
601C000
stack
page read and write
1A892E60000
heap
page read and write
4CA0000
heap
page read and write
11EF000
stack
page read and write
2A02387A000
heap
page read and write
562D000
heap
page read and write
6EE0F000
unkown
page readonly
2D0A000
heap
page read and write
96F000
unkown
page read and write
B273C7E000
stack
page read and write
19AED03A000
heap
page read and write
2DA8000
heap
page read and write
1DDF0502000
heap
page read and write
21BD9571000
heap
page read and write
9AE000
stack
page read and write
19AED041000
heap
page read and write
26B78288000
heap
page read and write
1D988837000
heap
page read and write
5C4C000
heap
page read and write
19AED002000
heap
page read and write
6EE06000
unkown
page readonly
6EDF0000
unkown
page readonly
4DA4000
heap
page read and write
1D988823000
heap
page read and write
2D95000
heap
page read and write
327F000
heap
page read and write
A1A000
heap
page read and write
2D1D000
heap
page read and write
4D89000
heap
page read and write
A1A000
heap
page read and write
3266000
heap
page read and write
2550000
heap
page read and write
4F50000
heap
page read and write
26B78241000
heap
page read and write
52FF000
stack
page read and write
2DF6000
heap
page read and write
3464000
heap
page read and write
257B864A000
heap
page read and write
213BCC2E000
direct allocation
page execute and read and write
2A023900000
heap
page read and write
3BC000
stack
page read and write
1C9C64A0000
heap
page read and write
36C000
stack
page read and write
257B8613000
heap
page read and write
356F000
heap
page read and write
1D9887A0000
heap
page read and write
303267E000
unkown
page readonly
26B7826E000
heap
page read and write
303257E000
stack
page read and write
2E39000
heap
page read and write
B2743FE000
unkown
page readonly
32F0000
heap
page read and write
3310000
heap
page read and write
166D8877000
direct allocation
page execute and read and write
1BFBBD90000
trusted library allocation
page read and write
79D397E000
stack
page read and write
5305000
heap
page read and write
213BC8A1000
heap
page read and write
3259000
heap
page read and write
213BC9A0000
heap
page read and write
3255000
heap
page read and write
E7F000
heap
page read and write
21BD9457000
direct allocation
page execute and read and write
E70000
heap
page read and write
1C9C6670000
heap
page read and write
19AED000000
heap
page read and write
6EE0F000
unkown
page readonly
E9D76FF000
stack
page read and write
AA5000
heap
page read and write
55D1000
heap
page read and write
3457000
heap
page read and write
4D40000
heap
page read and write
52F4000
heap
page read and write
4D84000
heap
page read and write
5342000
heap
page read and write
33CE000
stack
page read and write
180000000
unkown
page readonly
2AB0000
heap
page read and write
2A90000
heap
page read and write
549D000
heap
page read and write
5BAE000
stack
page read and write
26B7829C000
heap
page read and write
3594000
heap
page read and write
4CD7000
heap
page read and write
32DA000
heap
page read and write
3032E7E000
unkown
page readonly
53A3000
heap
page read and write
2AB9000
heap
page read and write
250E000
heap
page read and write
2D16000
heap
page read and write
265DB3A0000
direct allocation
page execute and read and write
257B8C60000
remote allocation
page read and write
2D5E000
stack
page read and write
2E47000
heap
page read and write
26B7825E000
heap
page read and write
4B0E000
stack
page read and write
4DBF000
stack
page read and write
4CC8000
heap
page read and write
2D1F000
stack
page read and write
2CDE000
stack
page read and write
290E000
stack
page read and write
B2741FE000
unkown
page readonly
87F000
stack
page read and write
537F000
stack
page read and write
2477C598000
heap
page read and write
3078000
stack
page read and write
3242000
heap
page read and write
26B78233000
heap
page read and write
4B91000
heap
page read and write
19AED100000
heap
page read and write
27C7000
heap
page read and write
19AED064000
heap
page read and write
4CDB000
heap
page read and write
925000
heap
page read and write
A27000
heap
page read and write
32A0000
heap
page read and write
19AECF20000
heap
page read and write
2DAE000
heap
page read and write
4B9A000
heap
page read and write
5C40000
heap
page read and write
298E000
stack
page read and write
1A893382000
direct allocation
page execute and read and write
A0F000
heap
page read and write
166D85F8000
heap
page read and write
4D48000
heap
page read and write
53B8000
heap
page read and write
2477C610000
heap
page read and write
4BA2000
heap
page read and write
532B000
heap
page read and write
166D86C7000
heap
page read and write
1A893280000
direct allocation
page execute and read and write
414F000
stack
page read and write
2A025320000
remote allocation
page read and write
46A0000
direct allocation
page execute and read and write
265DB261000
heap
page read and write
166D85F0000
heap
page read and write
1DDF0C02000
trusted library allocation
page read and write
532E000
stack
page read and write
3527000
heap
page read and write
2D3C000
stack
page read and write
257B862B000
heap
page read and write
5854000
heap
page read and write
49CF000
stack
page read and write
4648000
direct allocation
page execute and read and write
538E000
heap
page read and write
3FC000
stack
page read and write
4E8F000
heap
page read and write
45AE000
stack
page read and write
5BB0000
remote allocation
page read and write
A7E000
unkown
page read and write
26B78261000
heap
page read and write
2A023874000
heap
page read and write
553C000
heap
page read and write
46CF000
stack
page read and write
2EA8000
heap
page read and write
2DE7000
heap
page read and write
22638E17000
heap
page read and write
6EE06000
unkown
page readonly
5F2E000
heap
page read and write
5099F67000
stack
page read and write
3520000
heap
page read and write
A0B000
heap
page read and write
32E4000
heap
page read and write
1C74ABF0000
heap
page read and write
1800DD000
unkown
page read and write
29C0000
heap
page read and write
257B84D0000
heap
page read and write
30A5000
heap
page read and write
324B000
heap
page read and write
3267000
heap
page execute and read and write
265DB300000
heap
page read and write
6EE0F000
unkown
page readonly
32CF000
heap
page read and write
6EDF1000
unkown
page execute read
527D000
stack
page read and write
1788D4DA000
heap
page read and write
2477E017000
direct allocation
page execute and read and write
4EEB000
heap
page read and write
58B4000
heap
page read and write
1800E1000
unkown
page read and write
32B0000
heap
page read and write
4D2F000
heap
page read and write
213BC870000
direct allocation
page execute and read and write
54A9000
heap
page read and write
2C7E000
stack
page read and write
3430000
heap
page read and write
2E5E000
stack
page read and write
21BD7A8B000
heap
page read and write
6EE0D000
unkown
page read and write
2477C59F000
heap
page read and write
2EBF000
heap
page read and write
6210000
remote allocation
page read and write
2E47000
heap
page read and write
543C000
stack
page read and write
340E000
stack
page read and write
78C000
stack
page read and write
1D989102000
heap
page read and write
5450000
heap
page read and write
1A892A75000
heap
page read and write
55F1000
heap
page read and write
22638B10000
heap
page read and write
213BC3A0000
heap
page read and write
2CE8000
heap
page read and write
9E0000
heap
page read and write
53BF000
stack
page read and write
2477E1A1000
heap
page read and write
B273F7E000
stack
page read and write
344E000
heap
page read and write
1A892EFF000
heap
page read and write
1BFBB8F0000
heap
page read and write
2DB1000
heap
page read and write
7CE000
unkown
page read and write
1D988848000
heap
page read and write
2CE6000
heap
page read and write
166D8C2F000
heap
page read and write
1C74AB11000
heap
page read and write
1D989132000
heap
page read and write
4CD1000
heap
page read and write
5480000
remote allocation
page read and write
2ADD000
heap
page read and write
21BD9471000
heap
page read and write
4A0E000
stack
page read and write
2A023917000
heap
page read and write
34BC000
direct allocation
page execute and read and write
3050000
heap
page read and write
4B82000
heap
page read and write
3355000
heap
page read and write
5C40000
direct allocation
page read and write
2A44000
heap
page read and write
2DBB000
heap
page read and write
55FA000
heap
page read and write
344E000
heap
page read and write
F70000
heap
page read and write
166D8C20000
heap
page read and write
BEF000
stack
page read and write
1C9C64C1000
heap
page read and write
6D4A0000
unkown
page readonly
3449000
heap
page read and write
A1A000
heap
page read and write
2477C540000
heap
page read and write
1BFBBE02000
trusted library allocation
page read and write
561A000
heap
page read and write
3596000
heap
page read and write
1788D4A1000
heap
page read and write
166D86C7000
heap
page read and write
5BE000
stack
page read and write
534A000
heap
page read and write
1800E1000
unkown
page read and write
6EE06000
unkown
page readonly
307A000
heap
page read and write
79D3A7E000
unkown
page readonly
52D64FE000
unkown
page readonly
2A025402000
trusted library allocation
page read and write
52D68FE000
unkown
page readonly
2F10000
heap
page read and write
1788D4A1000
heap
page read and write
31BE000
stack
page read and write
3470000
heap
page read and write
477E000
stack
page read and write
51F0000
heap
page read and write
2E9C000
heap
page read and write
2CEE000
stack
page read and write
303E000
stack
page read and write
3273000
heap
page read and write
5480000
remote allocation
page read and write
1DDF0416000
heap
page read and write
53FC000
stack
page read and write
2A023AF0000
heap
page read and write
2EBF000
stack
page read and write
478E000
stack
page read and write
2A7C000
stack
page read and write
32D0000
heap
page read and write
605E000
stack
page read and write
26B78282000
heap
page read and write
3F96E7E000
stack
page read and write
3F96EFE000
stack
page read and write
5C57000
heap
page read and write
1280000
heap
page read and write
19AECE40000
heap
page read and write
1C9C6470000
heap
page read and write
4DAE000
heap
page read and write
2AC3000
heap
page read and write
2A023862000
heap
page read and write
4CAC000
heap
page read and write
48EC000
stack
page read and write
55D2000
heap
page read and write
3E0000
heap
page read and write
3599000
heap
page read and write
2D77000
heap
page read and write
1C74ABCD000
heap
page read and write
2477C590000
heap
page read and write
2CAE000
stack
page read and write
2D8C000
heap
page read and write
343A000
heap
page read and write
5044CFE000
stack
page read and write
A777DFD000
stack
page read and write
2DF5000
heap
page read and write
1788D5A0000
heap
page read and write
26B78295000
heap
page read and write
346E000
heap
page read and write
3440000
heap
page read and write
2A023800000
heap
page read and write
2CA8000
heap
page read and write
53AC000
heap
page read and write
4D23000
heap
page read and write
5BE1000
heap
page read and write
257B85E0000
trusted library allocation
page read and write
2FFF000
unkown
page read and write
2DFA000
heap
page read and write
3465000
heap
page read and write
4C80000
heap
page read and write
53AF000
heap
page read and write
2760000
heap
page read and write
4CD0000
heap
page read and write
32DA000
heap
page read and write
2DB1000
heap
page read and write
2770000
heap
page read and write
60E0000
trusted library allocation
page read and write
26B7825C000
heap
page read and write
570000
heap
page read and write
2AD0000
heap
page read and write
6D4A1000
unkown
page execute read
26B7822D000
heap
page read and write
1DDF0310000
heap
page read and write
2DBB000
heap
page read and write
47E0000
heap
page read and write
2A00000
heap
page read and write
265DB0F0000
heap
page read and write
2D21000
heap
page read and write
5128000
heap
page read and write
609F000
stack
page read and write
1C74C791000
heap
page read and write
1A8927FF000
heap
page read and write
166D8C5A000
heap
page read and write
257B8C60000
remote allocation
page read and write
2D8F000
heap
page read and write
BFC000
stack
page read and write
4E6D000
stack
page read and write
5848000
heap
page read and write
89D000
stack
page read and write
3410000
heap
page read and write
6EDF1000
unkown
page execute read
21BD9770000
direct allocation
page execute and read and write
3032B7E000
unkown
page readonly
26B7822B000
heap
page read and write
53AE000
heap
page read and write
509A27F000
stack
page read and write
FFF697F000
unkown
page read and write
3450000
direct allocation
page execute and read and write
19AECF50000
trusted library allocation
page read and write
166D866A000
heap
page read and write
52D717E000
stack
page read and write
1C9C8632000
direct allocation
page execute and read and write
E97000
heap
page read and write
213BC8AA000
heap
page read and write
265DB1D0000
heap
page read and write
265DCDD0000
heap
page read and write
64CD4FE000
stack
page read and write
6D4A0000
unkown
page readonly
4D78000
heap
page read and write
FFF687B000
stack
page read and write
511C000
heap
page read and write
4D84000
heap
page read and write
1C74AAF0000
heap
page read and write
4E8C000
heap
page read and write
166D8FAE000
direct allocation
page execute and read and write
265DB3CA000
direct allocation
page execute and read and write
2AB0000
heap
page read and write
265DD2F2000
direct allocation
page execute and read and write
4F78000
heap
page read and write
257B8C60000
remote allocation
page read and write
1C9C8530000
direct allocation
page execute and read and write
21BD9470000
heap
page read and write
2477C66D000
heap
page read and write
6EE0D000
unkown
page read and write
3428000
heap
page read and write
6EE0D000
unkown
page read and write
2AC0000
heap
page read and write
2CCF000
stack
page read and write
2D78000
heap
page read and write
2D8B000
heap
page read and write
5C20000
heap
page read and write
4ACF000
stack
page read and write
2AB5000
heap
page read and write
4D7C000
heap
page read and write
52E5000
heap
page read and write
52D72FE000
stack
page read and write
24FA000
heap
page read and write
4D9B000
heap
page read and write
A80000
heap
page read and write
343B000
heap
page read and write
1800B1000
unkown
page readonly
4ED8000
heap
page read and write
2AB4000
heap
page read and write
2D8F000
heap
page read and write
537E000
stack
page read and write
324F000
heap
page read and write
1800DD000
unkown
page read and write
1A8927ED000
heap
page read and write
1788B975000
heap
page read and write
6D4D5000
unkown
page read and write
257B865B000
heap
page read and write
21BD9570000
heap
page read and write
340F000
stack
page read and write
2CFC000
stack
page read and write
2AE0000
heap
page read and write
2DF0000
heap
page read and write
4CE7000
heap
page read and write
303317E000
unkown
page readonly
3032D7E000
unkown
page readonly
26B78250000
heap
page read and write
6EDF1000
unkown
page execute read
642672F000
stack
page read and write
30328FE000
stack
page read and write
56B3000
heap
page read and write
329C000
stack
page read and write
51E0000
heap
page read and write
26B8000
stack
page read and write
BEE000
stack
page read and write
1788B940000
heap
page read and write
4641000
direct allocation
page execute and read and write
22636EC0000
heap
page read and write
3248000
heap
page read and write
2DCB000
heap
page read and write
53B9000
heap
page read and write
1D988800000
heap
page read and write
32AC000
heap
page read and write
26B782A8000
heap
page read and write
1DDF0448000
heap
page read and write
348F000
stack
page read and write
6D4D7000
unkown
page readonly
166D8710000
heap
page read and write
1800E4000
unkown
page readonly
2DB9000
heap
page read and write
2D70000
heap
page read and write
2DB6000
heap
page read and write
3465000
heap
page read and write
4ECB000
heap
page read and write
1C74C691000
heap
page read and write
1788B9E8000
heap
page read and write
2E47000
heap
page read and write
4D78000
heap
page read and write
456F000
stack
page read and write
1C9C64A8000
heap
page read and write
19AED022000
heap
page read and write
45D0000
heap
page read and write
166D8DAE000
heap
page read and write
B273CFE000
unkown
page readonly
26B78258000
heap
page read and write
22637130000
direct allocation
page execute and read and write
5BD2000
heap
page read and write
A777CFF000
stack
page read and write
4CB1000
heap
page read and write
5AED000
stack
page read and write
597B000
stack
page read and write
5BB0000
remote allocation
page read and write
2E39000
heap
page read and write
1788B950000
heap
page read and write
33F0000
heap
page read and write
E8D000
heap
page read and write
2477E0A0000
heap
page read and write
4E85000
heap
page read and write
618E000
stack
page read and write
1788D490000
heap
page read and write
52BE000
stack
page read and write
1C74C6CA000
heap
page read and write
1C9C8211000
heap
page read and write
21BD79C6000
heap
page read and write
26B781D0000
heap
page read and write
31AF000
stack
page read and write
355E000
unkown
page read and write
2C4E000
stack
page read and write
265DB248000
heap
page read and write
2BF0000
heap
page read and write
5C40000
direct allocation
page read and write
29CF000
stack
page read and write
3F96BD7000
stack
page read and write
309E000
unkown
page read and write
4E24000
heap
page read and write
1BFBB702000
heap
page read and write
5C0D000
heap
page read and write
6EDF0000
unkown
page readonly
2D21000
heap
page read and write
52D6EFE000
unkown
page readonly
1800DF000
unkown
page write copy
9FF000
heap
page read and write
4CE1000
heap
page read and write
339F000
stack
page read and write
6EDF0000
unkown
page readonly
1D988887000
heap
page read and write
26F8000
stack
page read and write
3469000
heap
page read and write
A1A000
heap
page read and write
180000000
unkown
page readonly
3448000
heap
page read and write
22638C1B000
heap
page read and write
50449B7000
stack
page read and write
290E000
stack
page read and write
2FBE000
unkown
page read and write
B2740FE000
stack
page read and write
2CCA000
heap
page read and write
2477DFF0000
direct allocation
page execute and read and write
4B80000
heap
page read and write
48AE000
stack
page read and write
4D41000
heap
page read and write
A27000
heap
page read and write
4E90000
heap
page read and write
64CD5FE000
stack
page readonly
213BCBA0000
direct allocation
page execute and read and write
A777C77000
stack
page read and write
344E000
stack
page read and write
26B78200000
heap
page read and write
6EE0F000
unkown
page readonly
1C74AAF8000
heap
page read and write
55A0000
direct allocation
page read and write
6CC000
stack
page read and write
B8F000
stack
page read and write
1788D82E000
direct allocation
page execute and read and write
3170000
heap
page read and write
21BD7D20000
heap
page read and write
4EAF000
heap
page read and write
4BA2000
heap
page read and write
1A8927EA000
heap
page read and write
2E70000
heap
page read and write
A2E000
heap
page read and write
21BD79C7000
heap
page read and write
47BF000
stack
page read and write
5F3A000
heap
page read and write
2AF5000
heap
page read and write
3558000
heap
page read and write
19AED08C000
heap
page read and write
5480000
remote allocation
page read and write
21BD7A2E000
heap
page read and write
5624000
heap
page read and write
1800E4000
unkown
page readonly
A0F000
heap
page read and write
4E87000
heap
page read and write
5215000
heap
page read and write
3200000
heap
page read and write
2D8B000
heap
page read and write
358D000
heap
page read and write
2DB3000
heap
page read and write
26B7826B000
heap
page read and write
4CC9000
heap
page read and write
2CA0000
heap
page read and write
26B781C0000
heap
page read and write
6D4D7000
unkown
page readonly
45E0000
direct allocation
page execute and read and write
A0A000
heap
page read and write
7E3792F000
stack
page read and write
1A892D60000
direct allocation
page execute and read and write
26B78257000
heap
page read and write
2BED000
stack
page read and write
1C74AB07000
heap
page read and write
2D95000
heap
page read and write
5B2E000
stack
page read and write
26B7825D000
heap
page read and write
1788B970000
heap
page read and write
26B7822E000
heap
page read and write
1C74C691000
heap
page read and write
26B78254000
heap
page read and write
52D627C000
stack
page read and write
4E62000
heap
page read and write
5BEE000
stack
page read and write
B7BF4FF000
stack
page read and write
64CD0FB000
stack
page read and write
5300000
heap
page read and write
1788D487000
direct allocation
page execute and read and write
19AECE20000
heap
page read and write
340E000
stack
page read and write
6340000
direct allocation
page read and write
26B78260000
heap
page read and write
213BC2AD000
heap
page read and write
5068000
heap
page read and write
2477C4D0000
heap
page read and write
2DE7000
heap
page read and write
B273BFE000
unkown
page readonly
5920000
heap
page read and write
79D35BB000
stack
page read and write
4EA6000
heap
page read and write
21BD95FD000
heap
page read and write
6EE06000
unkown
page readonly
2E30000
heap
page read and write
FFF6A7F000
stack
page read and write
21BD7910000
heap
page read and write
2C3E000
stack
page read and write
1C74AB6F000
heap
page read and write
303219B000
stack
page read and write
2E3B000
heap
page read and write
21BD78F0000
heap
page read and write
32CE000
stack
page read and write
47D0000
heap
page read and write
359F000
heap
page read and write
B4E000
stack
page read and write
29F0000
heap
page read and write
26B78263000
heap
page read and write
29A0000
heap
page read and write
34B1000
direct allocation
page execute and read and write
361E000
stack
page read and write
26B782A4000
heap
page read and write
4F45000
heap
page read and write
303297E000
unkown
page readonly
770000
heap
page read and write
30C0000
heap
page read and write
4D84000
heap
page read and write
3032C7B000
stack
page read and write
25CE000
stack
page read and write
32A9000
heap
page read and write
53BE000
stack
page read and write
2D02000
heap
page read and write
5290000
heap
page read and write
343D000
heap
page read and write
6EE06000
unkown
page readonly
4D47000
heap
page read and write
540F000
heap
page read and write
6EE0D000
unkown
page read and write
1BFBB66F000
heap
page read and write
1C74C790000
heap
page read and write
1D9887D0000
trusted library allocation
page read and write
4B81000
heap
page read and write
52D67FD000
stack
page read and write
348E000
stack
page read and write
2DA0000
heap
page read and write
21BD7A8C000
heap
page read and write
19AED800000
heap
page read and write
56A7000
heap
page read and write
5D95CA8000
stack
page read and write
26B78262000
heap
page read and write
22636EB0000
heap
page read and write
22636F37000
heap
page read and write
1A892760000
heap
page read and write
6EE0D000
unkown
page read and write
1A8927E0000
heap
page read and write
2A023802000
heap
page read and write
513F000
stack
page read and write
2DB6000
heap
page read and write
1D9888B1000
heap
page read and write
83E000
stack
page read and write
4DA3000
heap
page read and write
350E000
stack
page read and write
5337000
heap
page read and write
BBE000
unkown
page read and write
3465277000
stack
page read and write
2D0E000
stack
page read and write
3268000
heap
page read and write
2DA4000
heap
page read and write
26B78A02000
trusted library allocation
page read and write
2D28000
heap
page execute and read and write
2477C545000
heap
page read and write
614C000
stack
page read and write
166D8DAD000
heap
page read and write
B273A7B000
stack
page read and write
52A1000
heap
page read and write
265DCEE1000
heap
page read and write
3490000
heap
page read and write
3597000
heap
page read and write
87C000
stack
page read and write
2DB0000
heap
page read and write
4E81000
heap
page read and write
B7BF197000
stack
page read and write
1C74AA00000
heap
page read and write
2D29000
heap
page read and write
4CB9000
heap
page read and write
5170000
heap
page read and write
5480000
direct allocation
page read and write
3590000
heap
page read and write
2D01000
heap
page read and write
486C000
stack
page read and write
1D988770000
heap
page read and write
213BC8AE000
heap
page read and write
6D4D1000
unkown
page readonly
1BFBB62B000
heap
page read and write
2A0252E0000
trusted library allocation
page read and write
A0F000
heap
page read and write
A0F000
heap
page read and write
1C74AB93000
heap
page read and write
1C74AD55000
heap
page read and write
4D8D000
heap
page read and write
1C9C841A000
heap
page read and write
4CA7000
heap
page read and write
460000
heap
page read and write
1DDF0413000
heap
page read and write
4CA5000
heap
page read and write
356F000
stack
page read and write
1C74ABCD000
heap
page read and write
31E0000
heap
page read and write
47E4000
heap
page read and write
24F0000
heap
page read and write
775000
heap
page read and write
5BB0000
remote allocation
page read and write
2D7A000
heap
page read and write
2AF0000
heap
page read and write
6D4D5000
unkown
page read and write
2A0252C0000
trusted library allocation
page read and write
3469000
heap
page read and write
46E000
stack
page read and write
19AED113000
heap
page read and write
166D8D21000
heap
page read and write
6EDF0000
unkown
page readonly
1C74ACA7000
direct allocation
page execute and read and write
1BFBB5F0000
heap
page read and write
2C50000
heap
page read and write
4B4F000
stack
page read and write
2DAE000
heap
page read and write
3276000
heap
page read and write
257B84B0000
heap
page read and write
26B7825B000
heap
page read and write
55C6000
heap
page read and write
359C000
heap
page read and write
166D8D20000
heap
page read and write
327B000
heap
page read and write
539A000
heap
page read and write
52D6AFE000
unkown
page readonly
257B85B0000
heap
page read and write
1DDF044C000
heap
page read and write
5C2E000
stack
page read and write
6EDF1000
unkown
page execute read
5BDD000
heap
page read and write
5C04000
heap
page read and write
2DBB000
heap
page read and write
64266A9000
stack
page read and write
2263715A000
direct allocation
page execute and read and write
1010000
heap
page read and write
5F95000
heap
page read and write
2D9B000
heap
page read and write
257B865C000
heap
page read and write
2AC0000
heap
page read and write
4CD4000
heap
page read and write
440E000
stack
page read and write
19AED013000
heap
page read and write
1D988902000
heap
page read and write
3457000
heap
page read and write
4CC5000
heap
page read and write
26B78231000
heap
page read and write
B7BF47E000
stack
page read and write
1C74C81D000
heap
page read and write
3420000
heap
page read and write
6EDF0000
unkown
page readonly
34652FF000
stack
page read and write
3238000
heap
page read and write
2E16000
heap
page read and write
B2745FE000
unkown
page readonly
4E91000
heap
page read and write
2DB6000
heap
page read and write
213BC2AA000
heap
page read and write
2DB7000
heap
page read and write
2AD5000
heap
page read and write
534A000
heap
page read and write
3268000
heap
page execute and read and write
2477E0A1000
heap
page read and write
7CC000
stack
page read and write
1DDF03F0000
heap
page read and write
166D8885000
heap
page read and write
4F0F000
heap
page read and write
323D000
heap
page read and write
3032EFE000
stack
page read and write
4D9B000
heap
page read and write
2DAD000
heap
page read and write
265DCE7F000
heap
page read and write
26B7824E000
heap
page read and write
22638F20000
direct allocation
page execute and read and write
52D647E000
stack
page read and write
900000
heap
page read and write
1BFBB613000
heap
page read and write
5C37000
heap
page read and write
2A023913000
heap
page read and write
2F70000
heap
page read and write
4A4F000
stack
page read and write
21BD79B0000
heap
page read and write
21BD9460000
heap
page read and write
6EDF0000
unkown
page readonly
213BC2A0000
heap
page read and write
2D6B000
heap
page read and write
213BC897000
direct allocation
page execute and read and write
1D989002000
heap
page read and write
32B8000
heap
page read and write
6D4A0000
unkown
page readonly
4C81000
heap
page read and write
1BFBB65A000
heap
page read and write
2A023840000
heap
page read and write
213BC190000
heap
page read and write
4EAF000
stack
page read and write
27C0000
heap
page read and write
2D09000
heap
page read and write
6EE0D000
unkown
page read and write
294E000
stack
page read and write
2E54000
heap
page read and write
26B7826D000
heap
page read and write
1800B1000
unkown
page readonly
2477C634000
heap
page read and write
2AF0000
heap
page read and write
32F0000
heap
page read and write
1C74C690000
heap
page read and write
70C000
stack
page read and write
1C9C6460000
heap
page read and write
6D4D1000
unkown
page readonly
2D9A000
heap
page read and write
2E01000
heap
page read and write
32E4000
heap
page read and write
2DB0000
heap
page read and write
21BD9478000
heap
page read and write
1C74AB09000
heap
page read and write
166D86C7000
heap
page read and write
32F5000
heap
page read and write
257B8660000
heap
page read and write
9FD000
heap
page read and write
920000
heap
page read and write
2DA0000
heap
page read and write
1DDF0A80000
trusted library allocation
page read and write
265DD0E0000
heap
page read and write
4CA1000
heap
page read and write
1BFBB640000
heap
page read and write
2477E3A0000
direct allocation
page execute and read and write
2E53000
heap
page read and write
2A38000
stack
page read and write
There are 1327 hidden memdumps, click here to show them.