IOC Report
https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe

loading gif

Files

File Path
Type
Category
Malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.Data.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.Dialogs.v19.2.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.Images.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.Office.v19.2.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.Pdf.v19.2.Drawing.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.Printing.v19.2.Core.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.Utils.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.XtraBars.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.XtraDialogs.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.XtraEditors.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.XtraGrid.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.XtraLayout.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.XtraPrinting.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\DevExpress.XtraTreeList.v19.2.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\Helpus.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\Helpusx86.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\PDCViewer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\PDCViewer64.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\PDCViewerCompatibleRendererCOMPlus.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\PDCViewerCompatibleRendererInstaller.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\PDCViewerShellExt.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\SharpShell.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\IRZip.lmd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\srm.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\comphelper.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\comphelperx86.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\cs\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\cs\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\cs\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\de\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\de\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\de\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\es\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\es\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\es\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\fpdfview.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\fr\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\fr\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\fr\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\it\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\it\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\it\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\ja\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\ja\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\ja\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\ko\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\ko\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\ko\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\lua5.1.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\nl\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\nl\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\nl\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\pl\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\pl\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\pl\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\pt\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\pt\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\pt\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\ru\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\ru\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\ru\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\tr\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\tr\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\tr\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\uninstall.exe
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\zh-Hans\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\zh-Hans\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\zh-Hans\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\zh-Hant\DevExpress.Pdf.v19.2.Core.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\zh-Hant\DevExpress.XtraPdfViewer.v19.2.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\zh-Hant\PDCViewer.resources.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\srm.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\suf_pendreboot.dll
PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\Desktop\download\SafeguardPDFViewer_v3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\IRIMG1.BMP
PC bitmap, Windows 3.x format, 496 x 444 x 24, image size 660672, resolution 2800 x 2800 px/m, cbSize 660726, bits offset 54
dropped
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\IRIMG1.PNG
PNG image data, 128 x 33, 8-bit/color RGBA, non-interlaced
dropped
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\IRIMG2.BMP
PC bitmap, Windows 3.x format, 496 x 444 x 24, image size 660672, resolution 2800 x 2800 px/m, cbSize 660726, bits offset 54
dropped
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\IRIMG2.PNG
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\IRIMG3.BMP
PC bitmap, Windows 3.x format, 67 x 52 x 24, image size 10608, resolution 2800 x 2800 px/m, cbSize 10662, bits offset 54
dropped
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\IRIMG4.BMP
PC bitmap, Windows 3.x format, 67 x 57 x 24, image size 11628, resolution 2800 x 2800 px/m, cbSize 11682, bits offset 54
dropped
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\IRIMG5.BMP
PC bitmap, Windows 3.x format, 67 x 53 x 24, image size 10812, resolution 2800 x 2800 px/m, cbSize 10866, bits offset 54
dropped
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\uni4C5A.tmp
data
dropped
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\uninstall.dat
data
dropped
C:\Program Files\Locklizard Safeguard PDF Viewer\Uninstall Viewer\uninstall.xml
XML 1.0 document, ISO-8859 text, with CRLF, LF line terminators
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Locklizard\Safeguard\PDF Viewer\About Viewer.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=3, Archive, ctime=Tue Apr 16 07:41:30 2019, mtime=Fri Apr 26 14:05:44 2024, atime=Wed Feb 23 07:40:23 2022, length=14460032, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Locklizard\Safeguard\PDF Viewer\Remove Viewer Keystore.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=7, Archive, ctime=Tue Apr 16 07:41:30 2019, mtime=Fri Apr 26 14:05:44 2024, atime=Wed Feb 23 07:40:23 2022, length=14460032, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Locklizard\Safeguard\PDF Viewer\Safeguard Viewer.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Apr 16 07:41:30 2019, mtime=Wed Feb 23 07:40:23 2022, atime=Wed Feb 23 07:40:23 2022, length=14460032, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Locklizard\Safeguard\PDF Viewer\Uninstall Viewer.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Icon number=4, Archive, ctime=Fri Apr 26 14:05:30 2024, mtime=Fri Apr 26 14:05:53 2024, atime=Fri Apr 26 14:05:30 2024, length=1396032, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Locklizard\Safeguard\PDF Viewer\Viewer Proxy settings.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=2, Archive, ctime=Tue Apr 16 07:41:30 2019, mtime=Fri Apr 26 14:05:44 2024, atime=Wed Feb 23 07:40:23 2022, length=14460032, window=hide
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\PDCViewer64.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\regasm.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\srm.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Temp\Locklizard Safeguard - PDF Viewer Setup Log.txt
ASCII text, with very long lines (531), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Locklizard Safeguard - PDF Viewer-update.inf
Generic INItialization configuration [PDCWriter]
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP
PC bitmap, Windows 3.x format, 496 x 444 x 24, image size 660672, resolution 2800 x 2800 px/m, cbSize 660726, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
PNG image data, 128 x 33, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP
PC bitmap, Windows 3.x format, 496 x 444 x 24, image size 660672, resolution 2800 x 2800 px/m, cbSize 660726, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP
PC bitmap, Windows 3.x format, 67 x 52 x 24, image size 10608, resolution 2800 x 2800 px/m, cbSize 10662, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\IRIMG4.BMP
PC bitmap, Windows 3.x format, 67 x 57 x 24, image size 11628, resolution 2800 x 2800 px/m, cbSize 11682, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\IRIMG5.BMP
PC bitmap, Windows 3.x format, 67 x 53 x 24, image size 10812, resolution 2800 x 2800 px/m, cbSize 10866, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\Microsoft Sans Serif_1.TFT
TrueType Font data, digitally signed, 22 tables, 1st "DSIG", 46 names, Macintosh, \251 2018 Microsoft Corporation. All rights reserved.
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\eula.htm
HTML document, ISO-8859 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat
data
dropped
C:\Users\user\Desktop\cmdline.out
ASCII text, with CRLF line terminators
modified
Chrome Cache Entry: 158
ASCII text, with very long lines (6439)
downloaded
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped
There are 101 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Locklizard Safeguard PDF Viewer\PDCViewer64.exe
"C:\Program Files\Locklizard Safeguard PDF Viewer\PDCViewer64.exe" /setupappinstalled
 malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe" > cmdline.out 2>&1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\wget.exe
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://%3cfnc1%3e(5)%3cfnc1%3e(%02)/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=2004,i,7086555652967495776,12374585124614321851,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1992,i,3070133182868186284,11114087621646047524,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Users\user\Desktop\download\SafeguardPDFViewer_v3.exe
"C:\Users\user\Desktop\download\SafeguardPDFViewer_v3.exe"
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1804130 "__IRAFN:C:\Users\user\Desktop\download\SafeguardPDFViewer_v3.exe" "__IRCT:3" "__IRTSS:52614381" "__IRSID:S-1-5-21-2246122658-3693405117-2476756634-1002"
C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\srm.exe
"C:\Users\user\AppData\Local\Temp\_ir_sf_temp_0\srm.exe" install "C:\Program Files\Locklizard Safeguard PDF Viewer\PDCViewerShellExt.dll" -codebase -os64
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.Net\Framework64\v4.0.30319\regasm.exe" /codebase "C:\Program Files\Locklizard Safeguard PDF Viewer\PDCViewerShellExt.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 4 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe
malicious
http://www.locklizard.com
unknown
https://www.locklizard.com6
unknown
http://tempuri.org/DataSet1.xsd
unknown
http://tempuri.org/
unknown
http://www.fontbureau.com/designers
unknown
http://www.sajatypeworks.com
unknown
http://www.founder.com.cn/cn/cThe
unknown
https://www.locklizard.com/favicon.ico
3.14.62.233
http://crl.godaddy.com/gdig2s5-6.crl0
unknown
https://downloads.locklizard.com/SafeguardPDFWriter_v4.exe
unknown
https://kb.locklizard.com/knowledge-base/error-message-failed-to-check-document-or-product-access-ca
unknown
http://www.galapagosdesign.com/DPlease
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.250.64.196
http://www.urwpp.deDPlease
unknown
http://www.indigorose.com/forums/threads/30478-Can-not-get-the-correct-Folder-path-in-Win7-64bit-OS
unknown
http://www.zhongyicts.com.cn
unknown
https://www.indigorose.com/webhelp/suf9/Program_Reference/Actions/StatusDlg.Show.htm
unknown
https://www.locklizard.comF
unknown
http://certificates.godaddy.com/repository/gdig2.crt0
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGIyFr7EGIjBHAnuCWcXgE4qbZ44XmT26pn0152eekS6qWshR58uLMbOX1SHuE4dokHmlvFieRTsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.64.196
http://crl.godaddy.com/gdig2s5-3.crl0
unknown
https://downloads.locklizard.com/SafeguardPDFWriter_Enterprise_v5.exe
unknown
https://kb.locklizard.com/?s=Can%27t
unknown
https://www.locklizard.co
unknown
http://www.codeproject.com/Tips/713824/Pin-a-shortcut-onto-the-Taskbar-or-Start-Menu
unknown
http://certs.godaddy.com/repository/1301
unknown
http://purl.oclc.org/ooxml/officeDocument/relationships/sharedStrings
unknown
http://updates.locklizard.com
unknown
https://certs.godaddy.com/repository/0
unknown
http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocument
unknown
https://www.indigorose.com/webhelp/suf9/Program_Reference/Actions/SetupData.GetFileList.htm
unknown
https://kb.locklizard.com/knowledge-base/error-message-failed-to-read-license-information-invalid-li
unknown
http://www.carterandcone.coml
unknown
https://kb.locklizard.com/knowledge-base/error-message-locklizard-safeguard-secure-pdf-viewer-is-not
unknown
http://www.indigorose.com
unknown
https://downloads.locklizard.com/SafeguardPDFViewer_v3.exeJONE
unknown
http://crl.godaddy.com/gdroot-g2.crl0F
unknown
https://www.locklizard-evals.com/enterprise5/
unknown
http://www.fontbureau.com/designers/frere-user.html
unknown
https://kb.locklizard.com/?s=License
unknown
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
unknown
https://www.locklizard.com/Downloads/OLD/SafeguardPDFWriter_v26.exe
unknown
http://www.mindquake.com.br/screens/shortcuts
unknown
http://www.inkscape.org/namespaces/inkscape
unknown
https://kb.locklizard.com
unknown
http://www.fontbureau.com/designersG
unknown
http://www.fontbureau.com/designers/?
unknown
http://www.founder.com.cn/cn/bThe
unknown
http://certificates.godaddy.com/repository/0
unknown
http://www.fontbureau.com/designers?
unknown
http://www.tiro.com
unknown
https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe
18.173.166.10
http://www.goodfont.co.kr
unknown
https://downloads.l
unknown
https://downloads.locklizard.com/SafeguardPDFWriter_v3.exe
unknown
http://www.typography.netD
unknown
http://www.galapagosdesign.com/staff/dennis.htm
unknown
https://www.locklizard.com/privacy/
unknown
https://kb.locklizard.com/knowledge-base/error-message-license-check-failed-cant-find-your-account/
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
https://kb.locklizard.com/knowledge-base/error-message-no-more-licenses-are-available-please-contact
unknown
https://www.locklizard.co0%
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://www.sakkal.com
unknown
http://updates.locklizard.com/Update.inf
18.217.61.96
http://www.mindquake.com.br/code/108-centerdialogs
unknown
https://www.locklizard.com/Manuals/LockLizard_Secure_PDF_Viewer_v3.pdf
3.14.62.233
http://www.apache.org/licenses/LICENSE-2.0
unknown
http://www.fontbureau.com
unknown
https://kb.locklizard.com/knowledge-base/error-message-invalid-or-corrupt-keystore/
unknown
http://www.indigorose.com/forums/threads/34511-Register-64-bit-DLL-from-32-bit-installer
unknown
http://www.aiim.org/pdfa/ns/id/
unknown
http://www.locklizard.com/pdf_drm_walkthrough.htm
unknown
http://ocsp.thawte.com0
unknown
https://login.live.c
unknown
https://kb.locklizard.com/knowledge-base/error-message-this-document-is-no-longer-available-or-the-d
unknown
https://www.google.com/async/newtab_promos
142.250.64.196
https://kb.locklizard.com/knowledge-base/error-message-you-must-enable-desktop-composition-to-view-t
unknown
https://kb.locklizard.com/knowledge-base/error-message-invalid-license-file-the-license-you-are-usin
unknown
https://locklizard.com
unknown
https://kb.locklizard.com/knowledge-base/error-message-invalid-document-version-supported-version-by
unknown
https://downloads.locklizard.com/SafeguardPDFWriter_Enterprise_v4.exe
unknown
https://kb.locklizard.com/knowledge-base/error-message-file-is-corrupt-or-incomplete/
unknown
http://creativecommons.org/ns#
unknown
https://www.google.com/async/ddljson?async=ntp:2
142.250.64.196
http://www.fontbureau.com/designers/cabarga.htmlN
unknown
https://kb.locklizard.com/knowledge-base/error-message-error-6794-error-opening-keystore-file/
unknown
http://www.founder.com.cn/cn
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
142.250.64.196
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGIyFr7EGIjB4A9FkmG0nP_1340exxGzPk9RM3r_-uXsGTpCNAhbioD-nBhNotciBT-0cxjjCdioyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.64.196
https://www.indigorose.com/webhelp/suf9/index.htm#Program_Reference/Actions/File.Install_Examples.ht
unknown
http://www.mindquake.com.br/en/articles/deployment?start=1
unknown
http://www.jiyu-kobo.co.jp/
unknown
https://www.locklizard.com/open-pdc-file/
unknown
http://www.mindquake.com.br/en/code/110-cmdline?start=3
unknown
https://www.locklizard.com/Downloads/OLD/SafeguardPDFWriter_Enterprise.exe
unknown
http://www.fontbureau.com/designers8
unknown
https://downloads.locklizard.com/SafeguardPDFViewer_v3.exe=6PR
unknown
https://kb.locklizard.com/knowledge-base/error-message-failed-to-import-form-values-no-form-values-a
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.google.com
142.250.64.196
d2wdijjn7s4yas.cloudfront.net
18.173.166.10
updates.locklizard.com
18.217.61.96
www.locklizard.com
3.14.62.233
downloads.locklizard.com
unknown

IPs

IP
Domain
Country
Malicious
18.173.166.10
d2wdijjn7s4yas.cloudfront.net
United States
142.250.64.196
www.google.com
United States
239.255.255.250
unknown
Reserved
18.217.61.96
updates.locklizard.com
United States
192.168.2.4
unknown
unknown
192.168.2.5
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdc
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDCFile
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDCFile\Shell\open\Command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDCFile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdc
Content
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdc-document
Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.llv
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LockLizardViewerLicense
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LockLizardViewerLicense\Shell\open\Command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LockLizardViewerLicense\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.llv
Content
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/llv-license
Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdan
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDANFile
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDANFile\Shell\open\Command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDANFile\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pdan
Content
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdc-annotations
Extension
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Locklizard Safeguard - PDF Viewer_sf
DisplayIcon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDCViewerShellExt.PDCViewerPropertySheet
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDCViewerShellExt.PDCViewerPropertySheet\CLSID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32
ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32
Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32
Assembly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32
RuntimeVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32
CodeBase
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32\3.0.2.10
Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32\3.0.2.10
Assembly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32\3.0.2.10
RuntimeVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\InprocServer32\3.0.2.10
CodeBase
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C06997A1-E298-36F3-84FA-D3C82B681FA4}\ProgId
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Component Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.llw
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\llw.1
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDCFile\ShellEx\PropertySheetHandlers\PDCViewerPropertySheet
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\llw.1\ShellEx\PropertySheetHandlers\PDCViewerPropertySheet
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\A.
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\A. \CLSID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32
ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32
Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32
Assembly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32
RuntimeVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32
CodeBase
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32\3.0.2.10
Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32\3.0.2.10
Assembly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32\3.0.2.10
RuntimeVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\InprocServer32\3.0.2.10
CodeBase
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64521F1F-73E6-4A58-BBCF-DA43DC9A1E76}\ProgId
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LockLizardViewerLicense\ShellEx\{00021500-0000-0000-C000-000000000046}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\A.
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\A. \CLSID
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32
ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32
Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32
Assembly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32
RuntimeVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32
CodeBase
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32\3.0.2.10
Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32\3.0.2.10
Assembly
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32\3.0.2.10
RuntimeVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\InprocServer32\3.0.2.10
CodeBase
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}\ProgId
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LockLizardViewerLicense\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PDCFile\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PreviewHandlers
{ef32f978-c099-44af-9135-fc7c754dc266}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}
AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{ef32f978-c099-44af-9135-fc7c754dc267}
DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}
Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF32F978-C099-44AF-9135-FC7C754DC266}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC6646CE-083B-4C47-B6F3-088A5D7805A7}\InprocServer32
llisMod
There are 83 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2D86000
heap
page read and write
6F3C000
heap
page read and write
13EE0000
trusted library allocation
page read and write
2DB9000
heap
page read and write
B69B000
heap
page read and write
65A4000
heap
page read and write
85F6000
heap
page read and write
B6A2000
heap
page read and write
909C000
heap
page read and write
B707000
heap
page read and write
20880C50000
trusted library allocation
page read and write
2DB7000
heap
page read and write
65F6000
heap
page read and write
6EED000
heap
page read and write
6FE7000
heap
page read and write
6EE9000
heap
page read and write
7FF4C0970000
trusted library allocation
page execute and read and write
7659000
heap
page read and write
901D000
heap
page read and write
A56000
heap
page read and write
6EE4000
heap
page read and write
2D97000
heap
page read and write
2089B439000
unkown
page readonly
5CC1000
heap
page read and write
6FE7000
heap
page read and write
B711000
heap
page read and write
B3C6000
heap
page read and write
9016000
heap
page read and write
2CF7000
heap
page read and write
B695000
heap
page read and write
65A4000
heap
page read and write
2CCD000
heap
page read and write
1AF70000
trusted library section
page read and write
7459000
heap
page read and write
1C2D0000
unkown
page readonly
65BA000
heap
page read and write
A9EF000
heap
page read and write
1C18D000
heap
page read and write
B3CE000
heap
page read and write
9027000
heap
page read and write
902B000
heap
page read and write
13F3000
heap
page read and write
65A4000
heap
page read and write
2DB4000
heap
page read and write
65A6000
heap
page read and write
13FA000
heap
page read and write
13F49000
trusted library allocation
page read and write
100000
heap
page read and write
1C04D000
heap
page read and write
902D000
heap
page read and write
7453000
heap
page read and write
2D83000
heap
page read and write
2089B5A6000
unkown
page readonly
B691000
heap
page read and write
7143000
heap
page read and write
708D000
heap
page read and write
2D96000
heap
page read and write
73E2000
heap
page read and write
1067000
heap
page read and write
13CF000
heap
page read and write
13563000
trusted library allocation
page read and write
7084000
heap
page read and write
B686000
heap
page read and write
60C6000
heap
page read and write
9026000
heap
page read and write
2D20000
heap
page read and write
2D97000
heap
page read and write
902B000
heap
page read and write
901C000
heap
page read and write
B692000
heap
page read and write
121E000
heap
page read and write
6F09000
heap
page read and write
10DD000
heap
page read and write
B70D000
heap
page read and write
2CCD000
heap
page read and write
6146000
heap
page read and write
7FFD99320000
trusted library allocation
page read and write
1B149000
trusted library section
page read and write
9DD000
stack
page read and write
C2E000
heap
page read and write
65A4000
heap
page read and write
6ED5000
heap
page read and write
1BC6A000
heap
page read and write
7084000
heap
page read and write
8600000
heap
page read and write
3109000
trusted library allocation
page read and write
65F0000
heap
page read and write
2ACF000
trusted library allocation
page read and write
2DB7000
heap
page read and write
6E92000
heap
page read and write
7FFD99328000
trusted library allocation
page execute and read and write
60F6000
heap
page read and write
A80000
trusted library allocation
page read and write
2CF6000
heap
page read and write
2CFE000
heap
page read and write
2DBA000
heap
page read and write
608E000
heap
page read and write
2A2A000
trusted library allocation
page read and write
6100000
heap
page read and write
9094000
heap
page read and write
7660000
heap
page read and write
2DB8000
heap
page read and write
2D83000
heap
page read and write
B706000
heap
page read and write
6ED8000
heap
page read and write
65CD000
heap
page read and write
10FD000
heap
page read and write
7FF7D7F76000
unkown
page execute and write copy
2DAB000
heap
page read and write
29E0000
trusted library allocation
page read and write
2D65000
heap
page read and write
B6A2000
heap
page read and write
7062000
heap
page read and write
F99D5FE000
stack
page read and write
85E9000
heap
page read and write
83C000
stack
page read and write
65D6000
heap
page read and write
7095000
heap
page read and write
B691000
heap
page read and write
1331A000
trusted library allocation
page read and write
2D20000
heap
page read and write
9CC000
stack
page read and write
141C000
heap
page read and write
AEA000
heap
page read and write
6EDD000
heap
page read and write
6E6B000
heap
page read and write
2CD1000
heap
page read and write
B696000
heap
page read and write
B6A1000
heap
page read and write
6680000
trusted library allocation
page read and write
902D000
heap
page read and write
2D41000
heap
page read and write
6E61000
heap
page read and write
6708000
heap
page read and write
B68C000
heap
page read and write
13524000
trusted library allocation
page read and write
1C17E000
heap
page read and write
765B000
heap
page read and write
7FFD99162000
trusted library allocation
page read and write
B706000
heap
page read and write
2CF5000
heap
page read and write
2D95000
heap
page read and write
B686000
heap
page read and write
65CE000
heap
page read and write
8668000
heap
page read and write
85FA000
heap
page read and write
B3C8000
heap
page read and write
B698000
heap
page read and write
2D86000
heap
page read and write
1CF10000
trusted library section
page read and write
1330E000
trusted library allocation
page read and write
2D7F000
heap
page read and write
65D6000
heap
page read and write
10F0000
heap
page read and write
B705000
heap
page read and write
2DA9000
heap
page read and write
B713000
heap
page read and write
208809A8000
heap
page read and write
75EE000
heap
page read and write
65F2000
heap
page read and write
13AB000
heap
page read and write
65CE000
heap
page read and write
141A000
heap
page read and write
65CE000
heap
page read and write
141B000
heap
page read and write
2D6C000
heap
page read and write
902A000
heap
page read and write
6FD7000
heap
page read and write
B708000
heap
page read and write
65C9000
heap
page read and write
7FF7D74DB000
unkown
page readonly
D50000
trusted library allocation
page read and write
73E2000
heap
page read and write
28B0000
heap
page read and write
9026000
heap
page read and write
6FDA000
heap
page read and write
B36000
heap
page read and write
2089B65D000
unkown
page readonly
20880CA5000
heap
page read and write
65D6000
heap
page read and write
B70D000
heap
page read and write
36BF000
stack
page read and write
20880B75000
heap
page read and write
B697000
heap
page read and write
1C06E000
heap
page read and write
282E000
stack
page read and write
7FFD99170000
trusted library allocation
page read and write
9019000
heap
page read and write
1B836000
trusted library section
page read and write
B693000
heap
page read and write
705C000
heap
page read and write
1C1CE000
heap
page read and write
12BD5000
trusted library allocation
page read and write
7088000
heap
page read and write
1EAD2000
unkown
page readonly
2D6A000
heap
page read and write
2D7D000
heap
page read and write
B686000
heap
page read and write
7FF7D7EFE000
unkown
page execute and write copy
F4C000
stack
page read and write
B704000
heap
page read and write
B670000
trusted library allocation
page read and write
9021000
heap
page read and write
7FF7D742F000
unkown
page readonly
B699000
heap
page read and write
1C962000
trusted library allocation
page read and write
7091000
heap
page read and write
134C9000
trusted library allocation
page read and write
2089B47A000
unkown
page readonly
2CD1000
heap
page read and write
6E81000
heap
page read and write
35BE000
stack
page read and write
7092000
heap
page read and write
73DF000
heap
page read and write
14D4D000
trusted library allocation
page read and write
20880967000
heap
page read and write
2DB8000
heap
page read and write
6E97000
heap
page read and write
2DBE000
heap
page read and write
1450E000
trusted library allocation
page read and write
14513000
trusted library allocation
page read and write
7FF7D749D000
unkown
page readonly
7455000
heap
page read and write
65A6000
heap
page read and write
909B000
heap
page read and write
7FF7D7FCE000
unkown
page execute and write copy
65F2000
heap
page read and write
2D20000
heap
page read and write
9021000
heap
page read and write
2D83000
heap
page read and write
7FFD99174000
trusted library allocation
page read and write
6E57000
heap
page read and write
9033000
heap
page read and write
2D74000
heap
page read and write
90A3000
heap
page read and write
6F37000
heap
page read and write
B3BB000
heap
page read and write
2D96000
heap
page read and write
20880B80000
heap
page read and write
2DB4000
heap
page read and write
13F52000
trusted library allocation
page read and write
10EF000
stack
page read and write
13F7000
heap
page read and write
B688000
heap
page read and write
30D0000
heap
page read and write
2D9C000
heap
page read and write
73E2000
heap
page read and write
6EE4000
heap
page read and write
B69D000
heap
page read and write
20880BA0000
heap
page read and write
6E4A000
heap
page read and write
6E3F000
heap
page read and write
2CCD000
heap
page read and write
6083000
heap
page read and write
902C000
heap
page read and write
705A000
heap
page read and write
13EE4000
trusted library allocation
page read and write
7FFD9921C000
trusted library allocation
page execute and read and write
1BD0D000
heap
page read and write
6E4E000
heap
page read and write
B698000
heap
page read and write
5CA4000
heap
page read and write
1BC5F000
stack
page read and write
710000
heap
page read and write
1BC8F000
heap
page read and write
B698000
heap
page read and write
2D70000
heap
page read and write
6E6B000
heap
page read and write
1C24E000
heap
page read and write
B3C1000
heap
page read and write
65D6000
heap
page read and write
E37000
unkown
page readonly
20882630000
heap
page read and write
13E1000
heap
page read and write
B439000
heap
page read and write
1C1A2000
heap
page read and write
65D6000
heap
page read and write
902A000
heap
page read and write
132C1000
trusted library allocation
page read and write
2300000
heap
page read and write
6101000
heap
page read and write
2089AD82000
unkown
page readonly
B699000
heap
page read and write
B483000
heap
page read and write
2DA1000
heap
page read and write
B687000
heap
page read and write
65D0000
heap
page read and write
1BC60000
heap
page read and write
2D7D000
heap
page read and write
2D7F000
heap
page read and write
2D20000
heap
page read and write
5CB1000
heap
page read and write
902B000
heap
page read and write
2D8A000
heap
page read and write
B691000
heap
page read and write
A0E000
stack
page read and write
901B000
heap
page read and write
B68B000
heap
page read and write
902A000
heap
page read and write
720000
heap
page read and write
1BFC5000
heap
page read and write
7091000
heap
page read and write
65CE000
heap
page read and write
2D41000
heap
page read and write
2089AE99000
heap
page read and write
75E3000
heap
page read and write
7061000
heap
page read and write
7FFD99332000
trusted library allocation
page read and write
2495000
heap
page read and write
28B3000
heap
page read and write
6E4F000
heap
page read and write
B68B000
heap
page read and write
2CF5000
heap
page read and write
6FB7000
heap
page read and write
2D17000
heap
page read and write
141C000
heap
page read and write
5CB1000
heap
page read and write
2D96000
heap
page read and write
6E63000
heap
page read and write
B70B000
heap
page read and write
2465000
heap
page read and write
73EE000
heap
page read and write
6090000
heap
page read and write
6F4C000
heap
page read and write
71C3000
heap
page read and write
73D9000
heap
page read and write
20892649000
trusted library allocation
page read and write
65D2000
heap
page read and write
9025000
heap
page read and write
12BCF000
trusted library allocation
page read and write
BF8000
heap
page read and write
B694000
heap
page read and write
6089000
heap
page read and write
13EF1000
trusted library allocation
page read and write
65C1000
heap
page read and write
9028000
heap
page read and write
1C032000
heap
page read and write
B691000
heap
page read and write
2D00000
heap
page read and write
6FE2000
heap
page read and write
B693000
heap
page read and write
B711000
heap
page read and write
142A000
heap
page read and write
909A000
heap
page read and write
7657000
heap
page read and write
2D6A000
heap
page read and write
7453000
heap
page read and write
2D6A000
heap
page read and write
7FFD99220000
trusted library allocation
page execute and read and write
750000
heap
page read and write
AEE000
heap
page read and write
13441000
trusted library allocation
page read and write
2EFF000
stack
page read and write
7FFD99163000
trusted library allocation
page execute and read and write
2D72000
heap
page read and write
B69F000
heap
page read and write
7105000
heap
page read and write
512000
unkown
page readonly
2DBA000
heap
page read and write
AA4000
trusted library allocation
page read and write
B3C9000
heap
page read and write
E3C000
unkown
page readonly
5CA4000
heap
page read and write
6FE1000
heap
page read and write
2D65000
heap
page read and write
7098000
heap
page read and write
1C07C000
heap
page read and write
2DAB000
heap
page read and write
20892658000
trusted library allocation
page read and write
2D95000
heap
page read and write
2DAB000
heap
page read and write
7453000
heap
page read and write
134A4000
trusted library allocation
page read and write
2DA1000
heap
page read and write
6EE1000
heap
page read and write
E8E000
stack
page read and write
8665000
heap
page read and write
801000
heap
page read and write
6081000
heap
page read and write
65D6000
heap
page read and write
2DA8000
heap
page read and write
B441000
heap
page read and write
2DA9000
heap
page read and write
6705000
heap
page read and write
7FF7D759E000
unkown
page readonly
6EDF000
heap
page read and write
2D99000
heap
page read and write
B687000
heap
page read and write
7085000
heap
page read and write
7FF7D7FDC000
unkown
page execute and write copy
20880B50000
heap
page read and write
65F9000
heap
page read and write
9096000
heap
page read and write
B70A000
heap
page read and write
9094000
heap
page read and write
2DA8000
heap
page read and write
1B848000
trusted library section
page read and write
7FF7D7EFD000
unkown
page write copy
6E5C000
heap
page read and write
2D7F000
heap
page read and write
331E000
stack
page read and write
B69A000
heap
page read and write
2D79000
heap
page read and write
B698000
heap
page read and write
F99D1F2000
stack
page read and write
7FF4C0990000
trusted library allocation
page execute and read and write
2DA9000
heap
page read and write
2490000
heap
page read and write
2A11000
trusted library allocation
page read and write
7FF7D7FE1000
unkown
page execute and write copy
13E0000
heap
page read and write
6F09000
heap
page read and write
7FFD9917D000
trusted library allocation
page execute and read and write
65CE000
heap
page read and write
1B15C000
trusted library section
page read and write
6EE9000
heap
page read and write
29E5000
trusted library allocation
page read and write
75D0000
heap
page read and write
85F7000
heap
page read and write
7CD000
heap
page read and write
B69E000
heap
page read and write
2D9F000
heap
page read and write
65CF000
heap
page read and write
6688000
heap
page read and write
6074000
heap
page read and write
1C016000
heap
page read and write
2D9D000
heap
page read and write
B689000
heap
page read and write
6EE4000
heap
page read and write
65C8000
heap
page read and write
6FEF000
heap
page read and write
1412000
heap
page read and write
65A6000
heap
page read and write
2089B6BB000
unkown
page readonly
B711000
heap
page read and write
2089AE70000
heap
page execute and read and write
1C183000
heap
page read and write
13324000
trusted library allocation
page read and write
75EF000
heap
page read and write
770000
direct allocation
page read and write
B693000
heap
page read and write
938000
stack
page read and write
6E61000
heap
page read and write
20880CA0000
heap
page read and write
5CAD000
heap
page read and write
8605000
heap
page read and write
13EE2000
trusted library allocation
page read and write
1C052000
heap
page read and write
20880A20000
heap
page read and write
6EE5000
heap
page read and write
65D0000
heap
page read and write
85EA000
heap
page read and write
9024000
heap
page read and write
B68A000
heap
page read and write
13EEA000
trusted library allocation
page read and write
2D9E000
heap
page read and write
65D6000
heap
page read and write
7FF7D7F64000
unkown
page execute and write copy
1C06A000
heap
page read and write
6E60000
heap
page read and write
2DB7000
heap
page read and write
36AF000
trusted library allocation
page read and write
B441000
heap
page read and write
1132000
heap
page read and write
6EDD000
heap
page read and write
B69E000
heap
page read and write
65CF000
heap
page read and write
2D41000
heap
page read and write
B698000
heap
page read and write
2D83000
heap
page read and write
909E000
heap
page read and write
2089B317000
unkown
page readonly
12ADD000
trusted library allocation
page read and write
F99CB9E000
stack
page read and write
20880BF0000
trusted library allocation
page read and write
1F440000
unkown
page readonly
901F000
heap
page read and write
6083000
heap
page read and write
1C000000
heap
page read and write
B69B000
heap
page read and write
B6A0000
heap
page read and write
65CF000
heap
page read and write
121D000
heap
page read and write
75EE000
heap
page read and write
14707000
trusted library allocation
page read and write
3EA8000
trusted library allocation
page read and write
6E97000
heap
page read and write
13EE8000
trusted library allocation
page read and write
13275000
trusted library allocation
page read and write
1423000
heap
page read and write
65FA000
heap
page read and write
2089B6C9000
unkown
page readonly
9F0000
unkown
page readonly
2D97000
heap
page read and write
866D000
heap
page read and write
B712000
heap
page read and write
60F4000
heap
page read and write
6E57000
heap
page read and write
2D83000
heap
page read and write
6E5E000
heap
page read and write
65C1000
heap
page read and write
B696000
heap
page read and write
6081000
heap
page read and write
2D8B000
heap
page read and write
20882641000
trusted library allocation
page read and write
2D97000
heap
page read and write
1AD6C000
heap
page read and write
2DB9000
heap
page read and write
6FD8000
heap
page read and write
28A0000
trusted library section
page readonly
6E81000
heap
page read and write
902A000
heap
page read and write
902C000
heap
page read and write
7FFD99400000
trusted library allocation
page read and write
132FE000
trusted library allocation
page read and write
2089B419000
unkown
page readonly
6E75000
heap
page read and write
75D8000
heap
page read and write
902D000
heap
page read and write
3140000
trusted library allocation
page read and write
F8F000
stack
page read and write
6E57000
heap
page read and write
13D6000
heap
page read and write
6081000
heap
page read and write
2A40000
trusted library allocation
page read and write
5E5F000
heap
page read and write
85F3000
heap
page read and write
6EFA000
heap
page read and write
1A9E0000
trusted library allocation
page read and write
B697000
heap
page read and write
75DB000
heap
page read and write
2D41000
heap
page read and write
B691000
heap
page read and write
6EE9000
heap
page read and write
3A11000
trusted library allocation
page read and write
2D86000
heap
page read and write
B694000
heap
page read and write
2089B6B8000
unkown
page readonly
909B000
heap
page read and write
B69B000
heap
page read and write
2D86000
heap
page read and write
7081000
heap
page read and write
6685000
heap
page read and write
2D97000
heap
page read and write
2D86000
heap
page read and write
6E5C000
heap
page read and write
F99E5FE000
stack
page read and write
10B3000
heap
page read and write
20880987000
heap
page read and write
7FFD993F0000
trusted library allocation
page execute and read and write
7FF7D75BA000
unkown
page readonly
75E2000
heap
page read and write
121B000
heap
page read and write
902E000
heap
page read and write
901D000
heap
page read and write
1BD01000
heap
page read and write
1410000
heap
page read and write
2D41000
heap
page read and write
B3B9000
heap
page read and write
1B072000
trusted library section
page read and write
7FFD99300000
trusted library allocation
page read and write
B697000
heap
page read and write
1F432000
unkown
page readonly
786000
heap
page read and write
65D6000
heap
page read and write
4F70000
heap
page read and write
902A000
heap
page read and write
B441000
heap
page read and write
ACB000
trusted library allocation
page execute and read and write
6E7C000
heap
page read and write
2DB4000
heap
page read and write
6601000
heap
page read and write
2089B57C000
unkown
page readonly
7FF7D7FD9000
unkown
page execute and write copy
75E3000
heap
page read and write
AA6F000
heap
page read and write
3AA2000
trusted library allocation
page read and write
2D83000
heap
page read and write
608E000
heap
page read and write
6E7C000
heap
page read and write
208809E7000
heap
page read and write
13A7000
heap
page read and write
B711000
heap
page read and write
1429000
heap
page read and write
B3B5000
heap
page read and write
78C000
heap
page read and write
BF0000
heap
page read and write
1B060000
trusted library section
page read and write
B68E000
heap
page read and write
1C1D3000
heap
page read and write
6FE6000
heap
page read and write
75DE000
heap
page read and write
1BFE0000
heap
page read and write
2D7B000
heap
page read and write
B3C6000
heap
page read and write
1C1EA000
heap
page read and write
7FF7D743B000
unkown
page readonly
5D31000
heap
page read and write
B694000
heap
page read and write
9025000
heap
page read and write
60FC000
heap
page read and write
6076000
heap
page read and write
B480000
heap
page read and write
2D7F000
heap
page read and write
73E6000
heap
page read and write
B22000
heap
page read and write
B692000
heap
page read and write
AB6000
trusted library allocation
page execute and read and write
75E6000
heap
page read and write
7FFD9931D000
trusted library allocation
page execute and read and write
B3D3000
heap
page read and write
7453000
heap
page read and write
2D80000
heap
page read and write
1126000
heap
page read and write
6FD6000
heap
page read and write
2D88000
heap
page read and write
2D86000
heap
page read and write
608A000
heap
page read and write
B69B000
heap
page read and write
6EDD000
heap
page read and write
B69F000
heap
page read and write
2D97000
heap
page read and write
9021000
heap
page read and write
20880C10000
trusted library allocation
page read and write
AE0000
heap
page read and write
61A7000
heap
page read and write
B688000
heap
page read and write
909C000
heap
page read and write
9016000
heap
page read and write
13F3A000
trusted library allocation
page read and write
B711000
heap
page read and write
75D0000
heap
page read and write
132B3000
trusted library allocation
page read and write
14702000
trusted library allocation
page read and write
7FFD993CA000
trusted library allocation
page read and write
7084000
heap
page read and write
12A01000
trusted library allocation
page read and write
2D83000
heap
page read and write
2D86000
heap
page read and write
7459000
heap
page read and write
6103000
heap
page read and write
65CC000
heap
page read and write
65F6000
heap
page read and write
13B4000
heap
page read and write
85E8000
heap
page read and write
DD0000
unkown
page write copy
E37000
unkown
page readonly
2325000
heap
page read and write
13FF000
heap
page read and write
6F44000
heap
page read and write
65D6000
heap
page read and write
6F49000
heap
page read and write
1085000
heap
page read and write
73E6000
heap
page read and write
29D0000
heap
page read and write
7091000
heap
page read and write
4EFF000
stack
page read and write
608E000
heap
page read and write
1E0000
heap
page read and write
7FFD993C0000
trusted library allocation
page read and write
7FF7D8022000
unkown
page execute and write copy
75E8000
heap
page read and write
6083000
heap
page read and write
2DAB000
heap
page read and write
902D000
heap
page read and write
8669000
heap
page read and write
902E000
heap
page read and write
7108000
heap
page read and write
13BA000
heap
page read and write
13255000
trusted library allocation
page read and write
6697000
heap
page read and write
1351000
heap
page read and write
C85000
unkown
page execute and write copy
6EFC000
heap
page read and write
13FF000
heap
page read and write
909D000
heap
page read and write
1B024000
trusted library section
page read and write
608A000
heap
page read and write
909D000
heap
page read and write
2088099E000
heap
page read and write
6FE8000
heap
page read and write
901E000
heap
page read and write
2D86000
heap
page read and write
7085000
heap
page read and write
2D96000
heap
page read and write
9096000
heap
page read and write
60FD000
heap
page read and write
1BFD0000
heap
page read and write
B686000
heap
page read and write
B696000
heap
page read and write
2CA0000
heap
page read and write
208809A0000
heap
page read and write
909D000
heap
page read and write
20882500000
heap
page execute and read and write
75DE000
heap
page read and write
2089264F000
trusted library allocation
page read and write
60D3000
heap
page read and write
6E81000
heap
page read and write
9099000
heap
page read and write
65CE000
heap
page read and write
1D6D2000
unkown
page readonly
13F90000
trusted library allocation
page read and write
9018000
heap
page read and write
1215000
heap
page read and write
7FF7D753B000
unkown
page readonly
13216000
trusted library allocation
page read and write
901D000
heap
page read and write
6EED000
heap
page read and write
6EED000
heap
page read and write
B70C000
heap
page read and write
FE0000
heap
page read and write
E3A000
unkown
page read and write
13508000
trusted library allocation
page read and write
7105000
heap
page read and write
1B839000
trusted library section
page read and write
9028000
heap
page read and write
1405000
heap
page read and write
AC7000
trusted library allocation
page execute and read and write
2D92000
heap
page read and write
7058000
heap
page read and write
2D9F000
heap
page read and write
29E1000
trusted library allocation
page read and write
1C043000
heap
page read and write
7FFD99326000
trusted library allocation
page execute and read and write
2D9A000
heap
page read and write
85F8000
heap
page read and write
6101000
heap
page read and write
13B4000
heap
page read and write
B15000
heap
page read and write
2D86000
heap
page read and write
2088097B000
heap
page read and write
7453000
heap
page read and write
2DA2000
heap
page read and write
2D97000
heap
page read and write
5CA3000
heap
page read and write
6EF6000
heap
page read and write
8671000
heap
page read and write
20880960000
heap
page read and write
9094000
heap
page read and write
361E000
trusted library allocation
page read and write
2CD0000
heap
page read and write
B69A000
heap
page read and write
B3C4000
heap
page read and write
5CAC000
heap
page read and write
2D7F000
heap
page read and write
65D6000
heap
page read and write
12ABB000
trusted library allocation
page read and write
1B95D000
stack
page read and write
75D7000
heap
page read and write
6695000
heap
page read and write
2D86000
heap
page read and write
7104000
heap
page read and write
65D6000
heap
page read and write
B687000
heap
page read and write
60F4000
heap
page read and write
2480000
trusted library allocation
page read and write
9024000
heap
page read and write
1C199000
heap
page read and write
A93000
trusted library allocation
page execute and read and write
1C1F7000
heap
page read and write
341E000
stack
page read and write
345D000
stack
page read and write
22FE000
stack
page read and write
9028000
heap
page read and write
2D65000
heap
page read and write
745F000
heap
page read and write
2088098C000
heap
page read and write
B3D1000
heap
page read and write
2D90000
heap
page read and write
5CAA000
heap
page read and write
6EFD000
heap
page read and write
65E8000
heap
page read and write
B3C5000
heap
page read and write
13444000
trusted library allocation
page read and write
7FD60000
trusted library allocation
page execute read
2A00000
heap
page execute and read and write
6E57000
heap
page read and write
E3C000
unkown
page readonly
2CCD000
heap
page read and write
D80000
heap
page read and write
7FC000
heap
page read and write
1BD59000
heap
page read and write
6080000
heap
page read and write
9028000
heap
page read and write
1AF66000
stack
page read and write
2450000
trusted library allocation
page read and write
E30000
unkown
page readonly
5CA5000
heap
page read and write
2DB4000
heap
page read and write
2D97000
heap
page read and write
B434000
heap
page read and write
7656000
heap
page read and write
6134000
heap
page read and write
9026000
heap
page read and write
6E57000
heap
page read and write
65E4000
heap
page read and write
2D9F000
heap
page read and write
7455000
heap
page read and write
1CFE0000
unkown
page readonly
AA0000
trusted library allocation
page read and write
6E86000
heap
page read and write
B69C000
heap
page read and write
75ED000
heap
page read and write
B43B000
heap
page read and write
1BF5D000
stack
page read and write
709A000
heap
page read and write
2D5B000
heap
page read and write
73D5000
heap
page read and write
B6A0000
heap
page read and write
BFC000
stack
page read and write
2D75000
heap
page read and write
9027000
heap
page read and write
2089B61E000
unkown
page readonly
129E1000
trusted library allocation
page read and write
1E0D2000
unkown
page readonly
6081000
heap
page read and write
7FF7D7FCA000
unkown
page execute and write copy
B446000
heap
page read and write
85F0000
heap
page read and write
9095000
heap
page read and write
90A1000
heap
page read and write
B70E000
heap
page read and write
7FF7D7420000
unkown
page readonly
A50000
heap
page read and write
B69A000
heap
page read and write
73EC000
heap
page read and write
65E5000
heap
page read and write
75D7000
heap
page read and write
14AEF000
trusted library allocation
page read and write
1BCE9000
heap
page read and write
7FFD99216000
trusted library allocation
page read and write
9021000
heap
page read and write
B695000
heap
page read and write
7104000
heap
page read and write
1BC80000
heap
page read and write
F99E1FD000
stack
page read and write
1BD03000
heap
page read and write
990000
heap
page read and write
2DA1000
heap
page read and write
2DB7000
heap
page read and write
6101000
heap
page read and write
B68F000
heap
page read and write
65D6000
heap
page read and write
2839000
heap
page execute and read and write
B6A1000
heap
page read and write
7FF7D74FD000
unkown
page readonly
1BA5E000
stack
page read and write
780000
heap
page read and write
9021000
heap
page read and write
1C028000
heap
page read and write
75E4000
heap
page read and write
6EF8000
heap
page read and write
2DAB000
heap
page read and write
85ED000
heap
page read and write
1BD24000
heap
page read and write
E31000
unkown
page execute read
7FFD99330000
trusted library allocation
page read and write
27E0000
trusted library allocation
page read and write
65D6000
heap
page read and write
7FFD99164000
trusted library allocation
page read and write
2CFE000
heap
page read and write
2DB8000
heap
page read and write
7FFD993DA000
trusted library allocation
page read and write
7FFD993D0000
trusted library allocation
page read and write
608D000
heap
page read and write
980000
heap
page read and write
6EFA000
heap
page read and write
7056000
heap
page read and write
B6A1000
heap
page read and write
7FF7D74D8000
unkown
page readonly
9029000
heap
page read and write
6E5E000
heap
page read and write
7FF7D7FD2000
unkown
page execute and write copy
710D000
heap
page read and write
7D0000
heap
page read and write
8668000
heap
page read and write
9023000
heap
page read and write
73D9000
heap
page read and write
B6A3000
heap
page read and write
2D93000
heap
page read and write
27F0000
heap
page read and write
1C2D2000
unkown
page readonly
1BD5D000
heap
page read and write
9018000
heap
page read and write
6E79000
heap
page read and write
901A000
heap
page read and write
1B7DB000
trusted library section
page read and write
2D7B000
heap
page read and write
2D6A000
heap
page read and write
1BDC0000
heap
page read and write
6FF1000
heap
page read and write
13EE6000
trusted library allocation
page read and write
12ADA000
trusted library allocation
page read and write
2830000
heap
page execute and read and write
6E92000
heap
page read and write
2D41000
heap
page read and write
7FFD99210000
trusted library allocation
page read and write
2089ADF0000
unkown
page readonly
6FEC000
heap
page read and write
7453000
heap
page read and write
3420000
trusted library allocation
page read and write
909F000
heap
page read and write
6E6B000
heap
page read and write
6ED9000
heap
page read and write
2D65000
heap
page read and write
7FF7D7421000
unkown
page execute read
B69E000
heap
page read and write
7092000
heap
page read and write
2D5C000
heap
page read and write
B6A3000
heap
page read and write
7453000
heap
page read and write
75E1000
heap
page read and write
6E7C000
heap
page read and write
1AA10000
trusted library allocation
page read and write
65BA000
heap
page read and write
2D86000
heap
page read and write
65E5000
heap
page read and write
208809A4000
heap
page read and write
9025000
heap
page read and write
2D7F000
heap
page read and write
65C1000
heap
page read and write
2DAD000
heap
page read and write
7838000
heap
page read and write
6EDD000
heap
page read and write
65D6000
heap
page read and write
2DA9000
heap
page read and write
2089B429000
unkown
page readonly
A1E000
stack
page read and write
901A000
heap
page read and write
7150000
heap
page read and write
1C1C0000
heap
page read and write
B696000
heap
page read and write
2DBB000
heap
page read and write
65E9000
heap
page read and write
6103000
heap
page read and write
85E8000
heap
page read and write
7FD0000
heap
page read and write
B69E000
heap
page read and write
B3CE000
heap
page read and write
7FFD99322000
trusted library allocation
page read and write
6E98000
heap
page read and write
8332000
heap
page read and write
6E3000
stack
page read and write
6EED000
heap
page read and write
7FF7D7438000
unkown
page write copy
112A000
heap
page read and write
29DE000
stack
page read and write
1210000
heap
page read and write
13A9000
heap
page read and write
A60000
heap
page read and write
ABE000
stack
page read and write
710B000
heap
page read and write
2DBA000
heap
page read and write
75E0000
heap
page read and write
1BD80000
heap
page read and write
1426000
heap
page read and write
9014000
heap
page read and write
1BCD2000
heap
page read and write
8678000
heap
page read and write
6FF2000
heap
page read and write
357E000
stack
page read and write
6680000
trusted library allocation
page read and write
B707000
heap
page read and write
D3E000
stack
page read and write
7057000
heap
page read and write
75D7000
heap
page read and write
73D5000
heap
page read and write
112E000
heap
page read and write
208809BE000
heap
page read and write
B708000
heap
page read and write
6F47000
heap
page read and write
750F000
heap
page read and write
901D000
heap
page read and write
708B000
heap
page read and write
7FFD99324000
trusted library allocation
page execute and read and write
85FE000
heap
page read and write
1BC95000
heap
page read and write
902A000
heap
page read and write
6E6E000
heap
page read and write
2D65000
heap
page read and write
6FBC000
heap
page read and write
2D86000
heap
page read and write
D60000
heap
page read and write
ABA000
trusted library allocation
page execute and read and write
2D41000
heap
page read and write
F80000
heap
page read and write
9098000
heap
page read and write
73E1000
heap
page read and write
75DF000
heap
page read and write
13EEC000
trusted library allocation
page read and write
1BDA0000
heap
page execute and read and write
2D86000
heap
page read and write
F99CB5E000
stack
page read and write
2089B2B0000
unkown
page readonly
13466000
trusted library allocation
page read and write
510000
unkown
page readonly
B695000
heap
page read and write
1BC7C000
heap
page read and write
6E35000
heap
page read and write
2D86000
heap
page read and write
5D24000
heap
page read and write
9022000
heap
page read and write
3470000
heap
page read and write
909E000
heap
page read and write
6F09000
heap
page read and write
B3C2000
heap
page read and write
7104000
heap
page read and write
7FFD99312000
trusted library allocation
page read and write
75E1000
heap
page read and write
13407000
trusted library allocation
page read and write
2D90000
heap
page read and write
2CCD000
heap
page read and write
B3C1000
heap
page read and write
65D0000
heap
page read and write
B30000
heap
page read and write
5CA5000
heap
page read and write
8673000
heap
page read and write
B694000
heap
page read and write
B693000
heap
page read and write
20880A70000
heap
page read and write
6E97000
heap
page read and write
6081000
heap
page read and write
7FFD99340000
trusted library allocation
page execute and read and write
A9D000
trusted library allocation
page execute and read and write
901C000
heap
page read and write
D40000
trusted library allocation
page execute and read and write
6FE5000
heap
page read and write
5CA8000
heap
page read and write
1BCB1000
heap
page read and write
1BB5E000
stack
page read and write
6FE1000
heap
page read and write
1B14F000
trusted library section
page read and write
2D86000
heap
page read and write
9015000
heap
page read and write
9023000
heap
page read and write
13453000
trusted library allocation
page read and write
2CE0000
heap
page read and write
1338C000
trusted library allocation
page read and write
2089B67D000
unkown
page readonly
6FDC000
heap
page read and write
242F000
stack
page read and write
2320000
heap
page read and write
9014000
heap
page read and write
9029000
heap
page read and write
9031000
heap
page read and write
9031000
heap
page read and write
84D000
heap
page read and write
A4E000
stack
page read and write
1060000
heap
page read and write
2DAB000
heap
page read and write
2D7B000
heap
page read and write
1C1D1000
heap
page read and write
7461000
heap
page read and write
9023000
heap
page read and write
EEF000
stack
page read and write
2D65000
heap
page read and write
60FD000
heap
page read and write
B691000
heap
page read and write
1B155000
trusted library section
page read and write
7FFD99280000
trusted library allocation
page execute and read and write
85F5000
heap
page read and write
85F5000
heap
page read and write
668A000
heap
page read and write
6FEE000
heap
page read and write
85F2000
heap
page read and write
20880991000
heap
page read and write
132B0000
trusted library allocation
page read and write
F99D9FE000
stack
page read and write
1C16D000
heap
page read and write
6FE3000
heap
page read and write
B697000
heap
page read and write
65C1000
heap
page read and write
2DA4000
heap
page read and write
2CF7000
heap
page read and write
7663000
heap
page read and write
B3CB000
heap
page read and write
20892641000
trusted library allocation
page read and write
13344000
trusted library allocation
page read and write
20880989000
heap
page read and write
2DA9000
heap
page read and write
6E8D000
heap
page read and write
4DFE000
stack
page read and write
7FFD993DE000
trusted library allocation
page read and write
FD0000
heap
page read and write
6E79000
heap
page read and write
B693000
heap
page read and write
B706000
heap
page read and write
7F9000
heap
page read and write
B69C000
heap
page read and write
2D86000
heap
page read and write
7FF7D75F9000
unkown
page readonly
1BD30000
heap
page read and write
2D90000
heap
page read and write
10FA000
heap
page read and write
2089B31D000
unkown
page readonly
7FFD99310000
trusted library allocation
page read and write
149DB000
trusted library allocation
page read and write
90A1000
heap
page read and write
2D65000
heap
page read and write
14AEA000
trusted library allocation
page read and write
B680000
trusted library allocation
page read and write
5CAD000
heap
page read and write
31D3000
heap
page read and write
13309000
trusted library allocation
page read and write
2D96000
heap
page read and write
5CAB000
heap
page read and write
B07000
heap
page read and write
4F00000
trusted library section
page read and write
6ED5000
heap
page read and write
6127000
heap
page read and write
85FD000
heap
page read and write
B435000
heap
page read and write
1D6D0000
unkown
page readonly
CFE000
stack
page read and write
B693000
heap
page read and write
2DA9000
heap
page read and write
65CE000
heap
page read and write
12BC3000
trusted library allocation
page read and write
2D9A000
heap
page read and write
6E8D000
heap
page read and write
65DB000
heap
page read and write
7661000
heap
page read and write
75D9000
heap
page read and write
65A6000
heap
page read and write
B3D6000
heap
page read and write
1F442000
unkown
page readonly
2D88000
heap
page read and write
6FE4000
heap
page read and write
902E000
heap
page read and write
2DA7000
heap
page read and write
A94000
trusted library allocation
page read and write
2D97000
heap
page read and write
819000
heap
page read and write
8670000
heap
page read and write
902E000
heap
page read and write
B6A1000
heap
page read and write
7FF4C0980000
trusted library allocation
page execute and read and write
7661000
heap
page read and write
2D90000
heap
page read and write
670A000
heap
page read and write
65CF000
heap
page read and write
85E5000
heap
page read and write
B684000
heap
page read and write
7FFD9916D000
trusted library allocation
page execute and read and write
6EF2000
heap
page read and write
85F1000
heap
page read and write
B4F3000
heap
page read and write
7662000
heap
page read and write
B709000
heap
page read and write
B696000
heap
page read and write
901B000
heap
page read and write
607D000
heap
page read and write
B706000
heap
page read and write
11D7000
heap
page read and write
2830000
heap
page read and write
A4F000
stack
page read and write
B713000
heap
page read and write
6E97000
heap
page read and write
F99CBDE000
stack
page read and write
2D6A000
heap
page read and write
65BA000
heap
page read and write
1C1CB000
heap
page read and write
909A000
heap
page read and write
B70B000
heap
page read and write
2460000
heap
page read and write
B712000
heap
page read and write
749C000
heap
page read and write
2089B2D8000
unkown
page readonly
7061000
heap
page read and write
2880000
heap
page execute and read and write
6E81000
heap
page read and write
1C150000
heap
page read and write
1CFE2000
unkown
page readonly
3622000
trusted library allocation
page read and write
208809FF000
heap
page read and write
F99DDFE000
stack
page read and write
902F000
heap
page read and write
2CEB000
heap
page read and write
2089B2B2000
unkown
page readonly
909D000
heap
page read and write
1412000
heap
page read and write
7FFD99246000
trusted library allocation
page execute and read and write
7455000
heap
page read and write
5CBE000
heap
page read and write
A9FC000
heap
page read and write
9029000
heap
page read and write
7FFD993E0000
trusted library allocation
page read and write
6EE4000
heap
page read and write
2D41000
heap
page read and write
B3E000
heap
page read and write
1B7FB000
trusted library section
page read and write
30A0000
heap
page read and write
B68B000
heap
page read and write
6E5C000
heap
page read and write
A9FF000
heap
page read and write
E30000
unkown
page readonly
B3D1000
heap
page read and write
B68D000
heap
page read and write
6E58000
heap
page read and write
1C940000
trusted library allocation
page read and write
B68D000
heap
page read and write
6E8D000
heap
page read and write
6FEE000
heap
page read and write
B3B4000
heap
page read and write
5CAE000
heap
page read and write
866A000
heap
page read and write
2D90000
heap
page read and write
B473000
heap
page read and write
6607000
heap
page read and write
763A000
heap
page read and write
607D000
heap
page read and write
6E63000
heap
page read and write
6692000
heap
page read and write
2DA6000
heap
page read and write
B692000
heap
page read and write
1410000
heap
page read and write
75D6000
heap
page read and write
B685000
heap
page read and write
2D7F000
heap
page read and write
607C000
heap
page read and write
7CCE000
heap
page read and write
E31000
unkown
page execute read
6FEA000
heap
page read and write
C30000
heap
page read and write
902B000
heap
page read and write
75D0000
heap
page read and write
B70B000
heap
page read and write
9B000
stack
page read and write
1BFC0000
heap
page read and write
2DBE000
heap
page read and write
B6A1000
heap
page read and write
65CD000
heap
page read and write
20880B70000
heap
page read and write
29BE000
stack
page read and write
2D6A000
heap
page read and write
75F0000
heap
page read and write
9098000
heap
page read and write
B69E000
heap
page read and write
9030000
heap
page read and write
901E000
heap
page read and write
6E7C000
heap
page read and write
6E63000
heap
page read and write
6090000
heap
page read and write
7FFD99172000
trusted library allocation
page read and write
65D6000
heap
page read and write
1C186000
heap
page read and write
1403000
heap
page read and write
2CCD000
heap
page read and write
B69F000
heap
page read and write
6FF1000
heap
page read and write
121C000
heap
page read and write
7FD62000
trusted library allocation
page execute read
7FF7D74E9000
unkown
page readonly
E3A000
unkown
page write copy
2089AE80000
heap
page read and write
2DAD000
heap
page read and write
1BFED000
heap
page read and write
2D71000
heap
page read and write
12BC8000
trusted library allocation
page read and write
B69D000
heap
page read and write
9024000
heap
page read and write
6E5E000
heap
page read and write
2088099B000
heap
page read and write
13B2000
heap
page read and write
13F3000
heap
page read and write
13302000
trusted library allocation
page read and write
1C04B000
heap
page read and write
748F000
heap
page read and write
5CAB000
heap
page read and write
2D7D000
heap
page read and write
6FE9000
heap
page read and write
2D60000
heap
page read and write
B707000
heap
page read and write
A30000
heap
page read and write
902C000
heap
page read and write
2DA9000
heap
page read and write
1BFF5000
heap
page read and write
7FF7D7F6E000
unkown
page execute and write copy
50B0000
heap
page execute and read and write
7FF7D8029000
unkown
page execute and write copy
65CE000
heap
page read and write
2089AD80000
unkown
page readonly
75D7000
heap
page read and write
B70F000
heap
page read and write
9014000
heap
page read and write
65CE000
heap
page read and write
B3C1000
heap
page read and write
13B2000
heap
page read and write
6074000
heap
page read and write
B69E000
heap
page read and write
A50000
heap
page read and write
6EED000
heap
page read and write
6E79000
heap
page read and write
2CCD000
heap
page read and write
73D5000
heap
page read and write
13316000
trusted library allocation
page read and write
12AEC000
trusted library allocation
page read and write
B670000
trusted library allocation
page read and write
There are 1288 hidden memdumps, click here to show them.