IOCReport

loading gif

Files

File Path
Type
Category
Malicious
CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\LocalLow\1xVPfvJcrg
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\LocalLow\RYwTiizs2t
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\LocalLow\frAQBc8Wsa
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleHandler.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\AccessibleMarshal.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\IA2Marshal.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\MapiProxy_InUse.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-file-l2-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-handle-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-heap-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-interlocked-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-libraryloader-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-localization-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-memory-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-namedpipe-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processenvironment-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-processthreads-l1-1-1.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-profile-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-rtlsupport-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-string-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-synch-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-sysinfo-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-timezone-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-core-util-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-conio-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-convert-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-environment-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-filesystem-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-heap-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-locale-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-math-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-multibyte-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-private-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-process-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-runtime-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-stdio-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-string-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-time-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\api-ms-win-crt-utility-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\breakpadinjector.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldap60.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ldif60.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\lgpllibs.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\libEGL.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozMapi32_InUse.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssckbi.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\nssdbm3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\pY4zE3fX7h.zip
Zip archive data, at least v2.0 to extract
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\prldap60.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\qipcap.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\ucrtbase.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\gC9tT2iQ3s\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\machineinfo.txt
ASCII text, with CRLF, CR line terminators
dropped
 clean
C:\Users\user\AppData\LocalLow\rQF69AzBla
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\LocalLow\rZCi5EILFcp.zip
Zip archive data, at least v2.0 to extract
dropped
 clean
C:\Users\user\AppData\LocalLow\sqlite3.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
\Device\Null
ASCII text, with CRLF line terminators, with overstriking
dropped
 clean
There are 58 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'
malicious
C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe
'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'
malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\CopyDocs-BUSINESS-CONFIRMATION_NO-MGFT560_0w9wMGT500383RRTF.exe'
 clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 clean
C:\Windows\SysWOW64\timeout.exe
timeout /T 10 /NOBREAK
clean

URLs

Name
IP
Malicious
https://telete.in/org/img/t_logo.png
unknown
 malicious
https://telete.in/yoyodcabane
unknown
 malicious
https://duckduckgo.com/chrome_newtab
unknown
 clean
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
unknown
 clean
http://fedir.comsign.co.il/crl/ComSignCA.crl0
unknown
 clean
https://duckduckgo.com/ac/?q=
unknown
 clean
http://crl.chambersign.org/chambersroot.crl0
unknown
 clean
http://r3.i.lencr.org/0Y
unknown
 clean
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1xdLMEM
unknown
 clean
https://repository.luxtrust.lu0
unknown
 clean
http://cps.chambersign.org/cps/chambersroot.html0
unknown
 clean
http://www.mozilla.com0
unknown
 clean
http://www.chambersign.org1
unknown
 clean
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
 clean
http://www.firmaprofesional.com/cps0
unknown
 clean
http://www.diginotar.nl/cps/pkioverheid0
unknown
 clean
http://repository.swisssign.com/0
unknown
 clean
http://45.139.236.6/q_
unknown
 clean
http://crl.securetrust.com/SGCA.crl0
unknown
 clean
http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921er
unknown
 clean
http://crl.securetrust.com/STCA.crl0
unknown
 clean
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
unknown
 clean
http://r3.i.lencr.org/0-
unknown
 clean
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
 clean
http://www.certplus.com/CRL/class2.crl0
unknown
 clean
http://www.quovadisglobal.com/cps0
unknown
 clean
http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/0a3546e5040ab5a4b3cac44b064a321d51adba4a
45.139.236.6
 clean
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
unknown
 clean
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
unknown
 clean
https://ekocafebali.com/wp-content/plugins/vmaxyvefms/back/78893c675eddafbfbda146801a998645182ce2c3_
unknown
 clean
http://45.139.236.6/E
unknown
 clean
http://r3.o.lencr.org0
unknown
 clean
http://45.139.236.6/
45.139.236.6
 clean
https://ocsp.quovadisoffshore.com0
unknown
 clean
http://cps.chambersign.org/cps/chambersignroot.html0
unknown
 clean
http://www.sqlite.org/copyright.html.
unknown
 clean
http://cps.root-x1.letsencrypt.org0
unknown
 clean
http://policy.camerfirma.com0
unknown
 clean
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1e-LMEM
unknown
 clean
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094
unknown
 clean
http://www.mozilla.com/en-US/blocklist/
unknown
 clean
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
unknown
 clean
http://cps.letsencrypt.org0
unknown
 clean
http://www.accv.es/legislacion_c.htm0U
unknown
 clean
https://support.google.c
unknown
 clean
http://www.certicamara.com/dpc/0Z
unknown
 clean
http://ocsp.accv.es0
unknown
 clean
http://ocsp.thawte.com0
unknown
 clean
https://ekocafebali.com/wp-content/plugins/vmaxyvefms/main/78893c675eddafbfbda146801a998645182ce2c3_
unknown
 clean
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
 clean
https://helpx.a
unknown
 clean
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
unknown
 clean
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
unknown
 clean
http://45.139.236.6//l/f/7y4Wg3gBuI_ccNKoGwkK/7a6d75ef6f646f4419fc28f58e62a7952e597921
45.139.236.6
 clean
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;g
unknown
 clean
https://ac.ecosia.org/autocomplete?q=
unknown
 clean
http://45.139.236.6
unknown
 clean
https://www.catcert.net/verarrel
unknown
 clean
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
unknown
 clean
http://45.139.236.6/OINT
unknown
 clean
http://crl.chambersign.org/chambersignroot.crl0
unknown
 clean
http://crl.xrampsecurity.com/XGCA.crl0
unknown
 clean
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
unknown
 clean
http://45.139.236.6ne
unknown
 clean
https://www.catcert.net/verarrel05
unknown
 clean
http://www.quovadis.bm0
unknown
 clean
http://cps.letseh
unknown
 clean
http://www.accv.es00
unknown
 clean
http://www.pkioverheid.nl/policies/root-policy-G20
unknown
 clean
http://www.cert.fnmt.es/dpcs/0
unknown
 clean
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
 clean
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
 clean
There are 62 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
telete.in
195.201.225.248
 malicious
ekocafebali.com
111.67.28.15
 clean

IPs

IP
Domain
Country
Malicious
195.201.225.248
telete.in
Germany
malicious
45.139.236.6
unknown
Russian Federation
clean
111.67.28.15
ekocafebali.com
Australia
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
28D0000
heap default
page read and write
 clean
1E00F000
stack
page read and write
 clean
7FF554A32000
unkown
page readonly
 clean
1FCC0E70000
unkown
page read and write
 clean
1FCC1402000
unkown
page read and write
 clean
7FF578C26000
unkown
page readonly
 clean
400000
unkown image
page readonly
 clean
7FF55485B000
unkown
page readonly
 clean
401000
unkown image
page execute read
 clean
6D2BB000
unkown image
page readonly
 clean
1FCC2210000
unkown
page read and write
 clean
7FF578CA1000
unkown
page readonly
 clean
AAD1A7A000
unkown
page read and write
 clean
A12000
unkown
page read and write
 clean
1FCBF0B0000
unkown
page read and write
 clean
AAD217B000
unkown
page read and write
 clean
28D8000
heap default
page read and write
 clean
7FF578BFA000
unkown
page readonly
 clean
A20000
unkown
page read and write
 clean
270F000
stack
page read and write
 clean
67800000
unkown
page read and write
 clean
1FCC0B20000
unkown
page readonly
 clean
6D190000
unkown image
page readonly
 clean
AAD18FB000
unkown
page read and write
 clean
9EC000
unkown
page read and write
 clean
2AC0000
heap private
page read and write
 clean
AAD1DFB000
unkown
page read and write
 clean
1FCBF088000
unkown
page read and write
 clean
7FF55475C000
unkown
page readonly
 clean
1DED0000
unkown
page read and write
 clean
1FCC0EE0000
unkown
page read and write
 clean
9E6000
unkown
page read and write
 clean
7FF554981000
unkown
page readonly
 clean
9FA000
unkown
page read and write
 clean
1FCBF0BC000
unkown
page read and write
 clean
A1E000
unkown
page read and write
 clean
1FCC2010000
unkown
page read and write
 clean
2280000
unkown
page read and write
 clean
A1E000
unkown
page read and write
 clean
A0E000
unkown
page read and write
 clean
76A000
heap default
page read and write
 clean
7FF57840D000
unkown
page readonly
 clean
7FF578BF4000
unkown
page readonly
 clean
1FCC2110000
unkown
page read and write
 clean
70F000
stack
page read and write
 clean
7FF5789D1000
unkown
page readonly
 clean
1FCC12CD000
unkown
page read and write
 clean
1E15B000
stack
page read and write
 clean
66D90000
unkown
page read and write
 clean
1FCBEF20000
unkown
page readonly
 clean
25DF0950000
unkown
page write copy
 clean
2C10000
heap private
page read and write
 clean
730000
unkown
page readonly
 clean
1FCC12CC000
unkown
page read and write
 clean
A42000
unkown
page read and write
 clean
1FCC1400000
unkown
page read and write
 clean
AAD25FC000
unkown
page read and write
 clean
6D2B6000
unkown image
page write copy
 clean
D9047F9000
unkown
page read and write
 clean
76E000
unkown
page read and write
 clean
9E8000
unkown
page read and write
 clean
1FCC1171000
unkown
page read and write
 clean
AAD267B000
unkown
page read and write
 clean
1F93000
unkown
page readonly
 clean
1FCC0F20000
unkown
page read and write
 clean
24BE000
unkown
page read and write
 clean
1FCBF086000
unkown
page read and write
 clean
1FCC1343000
unkown
page read and write
 clean
1DED0000
unkown
page read and write
 clean
1FCC1502000
unkown
page read and write
 clean
1DD5E000
stack
page read and write
 clean
A60000
unkown
page readonly
 clean
A0E000
unkown
page read and write
 clean
AAD1BFB000
unkown
page read and write
 clean
D904879000
unkown
page read and write
 clean
7FF578BAE000
unkown
page readonly
 clean
23F0000
unkown
page readonly
 clean
AAD237C000
unkown
page read and write
 clean
7FF554602000
unkown
page readonly
 clean
7FF578BDF000
unkown
page readonly
 clean
9F7000
unkown
page read and write
 clean
243D000
unkown
page read and write
 clean
1FCC1542000
unkown
page read and write
 clean
1FCC1222000
unkown
page read and write
 clean
25DF09E0000
unkown
page read and write
 clean
1DE9F000
stack
page read and write
 clean
9F9000
unkown
page read and write
 clean
7FF57886C000
unkown
page readonly
 clean
5D0000
unkown
page execute read
 clean
2C14000
heap private
page read and write
 clean
95F000
stack
page read and write
 clean
25DF0A00000
unkown
page read and write
 clean
750000
unkown
page readonly
 clean
66B41000
unkown
page read and write
 clean
66D70000
unkown
page readonly
 clean
A15000
unkown
page read and write
 clean
2475000
unkown
page read and write
 clean
7FF554A42000
unkown
page readonly
 clean
362000
unkown
page read and write
 clean
A3F000
unkown
page read and write
 clean
247E000
unkown
page read and write
 clean
1FCC2410000
unkown
page read and write
 clean
6D141000
unkown image
page execute read
 clean
740000
unkown
page readonly
 clean
25DF24A0000
unkown
page readonly
 clean
6693E000
unkown
page read and write
 clean
1FCC2013000
unkown
page read and write
 clean
2EA000
unkown
page read and write
 clean
A22000
unkown
page read and write
 clean
9EC000
unkown
page read and write
 clean
1FCBF0F9000
unkown
page read and write
 clean
1FCBF040000
unkown
page read and write
 clean
6D162000
unkown image
page readonly
 clean
1FCBF0C0000
unkown
page read and write
 clean
A12000
heap default
page read and write
 clean
A35000
unkown
page read and write
 clean
26E0000
unkown
page readonly
 clean
1FCC1343000
unkown
page read and write
 clean
1FCC12C9000
unkown
page read and write
 clean
7FF578976000
unkown
page readonly
 clean
1FCC0EF0000
unkown
page read and write
 clean
7FF554B19000
unkown
page readonly
 clean
1FCBF1B9000
unkown
page read and write
 clean
1F6B000
unkown
page readonly
 clean
233C000
stack
page read and write
 clean
1FCC12A4000
unkown
page read and write
 clean
1FCBF0CA000
unkown
page read and write
 clean
1FCC11CE000
unkown
page read and write
 clean
A22000
unkown
page read and write
 clean
1FCBF1CA000
unkown
page read and write
 clean
6D2B8000
unkown image
page read and write
 clean
9A8000
heap default
page read and write
 clean
6D140000
unkown image
page readonly
 clean
1DA5A000
stack
page read and write
 clean
A34000
unkown
page read and write
 clean
A34000
unkown
page read and write
 clean
7FF578A91000
unkown
page readonly
 clean
22A0000
heap private
page read and write
 clean
7FF5548F1000
unkown
page readonly
 clean
7FF5548C5000
unkown
page readonly
 clean
7FF578C04000
unkown
page readonly
 clean
7FF554301000
unkown
page readonly
 clean
A18000
unkown
page read and write
 clean
7FF554AA0000
unkown
page readonly
 clean
7FF554878000
unkown
page readonly
 clean
1DD9E000
unkown
page read and write
 clean
1E180000
unkown
page readonly
 clean
1FCC1442000
unkown
page read and write
 clean
1FB2000
unkown
page readonly
 clean
A1E000
unkown
page read and write
 clean
A15000
unkown
page read and write
 clean
7FF578C2D000
unkown
page readonly
 clean
AAD1D7C000
unkown
page read and write
 clean
1FCBF133000
unkown
page read and write
 clean
A34000
unkown
page read and write
 clean
D90467B000
unkown
page read and write
 clean
7FF5548F9000
unkown
page readonly
 clean
66A3F000
stack
page read and write
 clean
1FCC0F10000
unkown
page read and write
 clean
366000
unkown
page read and write
 clean
7FF554A6B000
unkown
page readonly
 clean
1FCC1383000
unkown
page read and write
 clean
D9048FF000
unkown
page read and write
 clean
AAD26FD000
unkown
page read and write
 clean
2AD0000
unkown
page read and write
 clean
7FF554AF4000
unkown
page readonly
 clean
1FCC12C7000
unkown
page read and write
 clean
66A4B000
unkown
page read and write
 clean
29D0000
unkown
page readonly
 clean
A18000
unkown
page read and write
 clean
60000
unkown image
page readonly
 clean
1FCC12CB000
unkown
page read and write
 clean
D90477E000
unkown
page read and write
 clean
1FCC11BB000
unkown
page read and write
 clean
7FF57887A000
unkown
page readonly
 clean
A22000
unkown
page read and write
 clean
25DF0A02000
unkown
page read and write
 clean
7FF554679000
unkown
page readonly
 clean
7FF554ACC000
unkown
page readonly
 clean
7FF578B73000
unkown
page readonly
 clean
25DF0880000
unkown
page readonly
 clean
1FCC1383000
unkown
page read and write
 clean
A22000
unkown
page read and write
 clean
1FCBF000000
unkown
page read and write
 clean
1FCC12CA000
unkown
page read and write
 clean
1FCC1162000
unkown
page read and write
 clean
1FCC0EE0000
unkown
page readonly
 clean
1FCC12CA000
unkown
page read and write
 clean
AAD277E000
unkown
page read and write
 clean
7FF5548C1000
unkown
page readonly
 clean
66B8D000
unkown
page read and write
 clean
66B40000
unkown
page read and write
 clean
1FCC1236000
unkown
page read and write
 clean
1FCC1300000
unkown
page read and write
 clean
1FCBF250000
unkown
page readonly
 clean
A18000
unkown
page read and write
 clean
A22000
unkown
page read and write
 clean
66B97000
unkown
page read and write
 clean
2014000
unkown
page readonly
 clean
25DF0810000
heap private
page read and write
 clean
1FCBF0A6000
unkown
page read and write
 clean
7FF578BE8000
unkown
page readonly
 clean
1FCC12CB000
unkown
page read and write
 clean
1FCC2010000
unkown
page read and write
 clean
1FCC12C5000
unkown
page read and write
 clean
1FCC0F30000
unkown
page readonly
 clean
7FF554AB7000
unkown
page readonly
 clean
A34000
unkown
page read and write
 clean
7FF578B50000
unkown
page readonly
 clean
1DED0000
unkown
page read and write
 clean
7FF5548E1000
unkown
page readonly
 clean
7FF578C21000
unkown
page readonly
 clean
AAD1EFB000
unkown
page read and write
 clean
7FF554A6F000
unkown
page readonly
 clean
2022000
unkown
page readonly
 clean
98000
unkown
page read and write
 clean
1DF0E000
unkown
page read and write
 clean
6D140000
unkown image
page readonly
 clean
AAD187F000
unkown
page read and write
 clean
1FCC0ED0000
unkown
page readonly
 clean
A10000
unkown
page read and write
 clean
1FCC1343000
unkown
page read and write
 clean
9F9000
unkown
page read and write
 clean
7FF554B8A000
unkown
page readonly
 clean
7FF554866000
unkown
page readonly
 clean
1FCBF144000
unkown
page read and write
 clean
7E0000
heap default
page read and write
 clean
A18000
unkown
page read and write
 clean
7FF554B11000
unkown
page readonly
 clean
1F0000
unkown
page read and write
 clean
A22000
unkown
page read and write
 clean
1E05C000
unkown
page read and write
 clean
1FCC118D000
unkown
page read and write
 clean
A18000
unkown
page read and write
 clean
41C000
unkown image
page readonly
 clean
2033000
unkown
page readonly
 clean
1FCC1600000
unkown
page readonly
 clean
7FF55476F000
unkown
page readonly
 clean
500000
unkown
page readonly
 clean
54E000
unkown
page read and write
 clean
1FCC0EE0000
unkown
page read and write
 clean
AAD14DB000
unkown
page read and write
 clean
1FCC2010000
unkown
page read and write
 clean
1DC5F000
stack
page read and write
 clean
5C0000
unkown
page read and write
 clean
66B5A000
unkown
page read and write
 clean
1FCBF060000
unkown
page read and write
 clean
1FCC2000000
unkown
page read and write
 clean
A34000
unkown
page read and write
 clean
2500000
heap private
page read and write
 clean
AAD1C7C000
unkown
page read and write
 clean
1FCC2310000
unkown
page read and write
 clean
1FCC2110000
unkown
page read and write
 clean
7FF554AEA000
unkown
page readonly
 clean
1FCC1482000
unkown
page read and write
 clean
AAD1F7B000
unkown
page read and write
 clean
7FF578C0E000
unkown
page readonly
 clean
1FCC114C000
unkown
page read and write
 clean
66A83000
unkown
page read and write
 clean
A34000
unkown
page read and write
 clean
1FCC0F00000
unkown
page read and write
 clean
9F7000
unkown
page read and write
 clean
A15000
unkown
page read and write
 clean
5B0000
unkown
page readonly
 clean
1FCC12CA000
unkown
page read and write
 clean
1FCC11D4000
unkown
page read and write
 clean
25DF0A29000
unkown
page read and write
 clean
A22000
heap default
page read and write
 clean
1FCBF137000
unkown
page read and write
 clean
A20000
unkown
page read and write
 clean
1FCC1118000
unkown
page read and write
 clean
7FF554A63000
unkown
page readonly
 clean
1FCBF0A4000
unkown
page read and write
 clean
7FF554B91000
unkown
page readonly
 clean
1F55000
unkown
page readonly
 clean
AAD23FB000
unkown
page read and write
 clean
C5F000
stack
page read and write
 clean
1FCC0E80000
heap private
page read and write
 clean
41B000
unkown image
page read and write
 clean
1FCC2110000
unkown
page read and write
 clean
1FCC1232000
unkown
page read and write
 clean
1FCBF059000
unkown
page read and write
 clean
A12000
unkown
page read and write
 clean
A1E000
unkown
page read and write
 clean
7FF5548D4000
unkown
page readonly
 clean
7FF578411000
unkown
page readonly
 clean
1FCC1213000
unkown
page read and write
 clean
2033000
unkown
page readonly
 clean
7FF578CA2000
unkown
page readonly
 clean
7FF554AD7000
unkown
page readonly
 clean
1FCC12C9000
unkown
page read and write
 clean
1F9F000
unkown
page readonly
 clean
1FCC1154000
unkown
page read and write
 clean
9F7000
unkown
page read and write
 clean
401000
unkown image
page execute read
 clean
9EC000
unkown
page read and write
 clean
1FCC114D000
unkown
page read and write
 clean
1FCBF086000
unkown
page read and write
 clean
1FCC114D000
unkown
page read and write
 clean
AAD2479000
unkown
page read and write
 clean
1FCC12CB000
unkown
page read and write
 clean
1FCC12CB000
unkown
page read and write
 clean
1FCBF05C000
unkown
page read and write
 clean
66C40000
unkown
page readonly
 clean
25DF0C00000
unkown
page readonly
 clean
1FCBF013000
unkown
page read and write
 clean
1FCBF087000
unkown
page read and write
 clean
9E6000
unkown
page read and write
 clean
AAD1FFB000
unkown
page read and write
 clean
A15000
unkown
page read and write
 clean
7C0000
unkown
page readonly
 clean
4F0000
unkown
page execute and read and write
 clean
9E7000
unkown
page read and write
 clean
1FCBF154000
unkown
page read and write
 clean
1FCBEEB0000
heap private
page read and write
 clean
3020000
unkown
page readonly
 clean
7FF554AFE000
unkown
page readonly
 clean
6D190000
unkown image
page readonly
 clean
23E0000
unkown
page read and write
 clean
A15000
unkown
page read and write
 clean
7FF5548D6000
unkown
page readonly
 clean
1FCC1002000
unkown
page read and write
 clean
AAD24FC000
unkown
page read and write
 clean
A42000
unkown
page read and write
 clean
420000
unkown
page readonly
 clean
1FCC1284000
unkown
page read and write
 clean
1FCBF144000
unkown
page read and write
 clean
1FCC11C7000
unkown
page read and write
 clean
AAD1E7B000
unkown
page read and write
 clean
A34000
heap default
page read and write
 clean
A12000
unkown
page read and write
 clean
1FCBF0CA000
unkown
page read and write
 clean
1FCBF068000
unkown
page read and write
 clean
1F8D000
unkown
page readonly
 clean
1FCBF1FA000
unkown
page read and write
 clean
2A20000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
5F9000
heap private
page read and write
 clean
AAD22FB000
unkown
page read and write
 clean
720000
unkown
page read and write
 clean
2710000
heap default
page read and write
 clean
7FF578C29000
unkown
page readonly
 clean
A12000
unkown
page read and write
 clean
1FCBF113000
unkown
page read and write
 clean
AAD1CFB000
unkown
page read and write
 clean
25DF0A6B000
unkown
page read and write
 clean
7FF5549A8000
unkown
page readonly
 clean
7FF57887F000
unkown
page readonly
 clean
7FF554A9A000
unkown
page readonly
 clean
1FCC1160000
unkown
page read and write
 clean
A20000
unkown
page read and write
 clean
7FF5542FD000
unkown
page readonly
 clean
66A4F000
unkown
page read and write
 clean
AAD21FA000
unkown
page read and write
 clean
1FCC0EE0000
unkown
page read and write
 clean
6D160000
unkown image
page read and write
 clean
1E010000
unkown
page readonly
 clean
1FCBF085000
unkown
page read and write
 clean
66B41000
unkown
page read and write
 clean
7FF554A8C000
unkown
page readonly
 clean
25DF0A13000
unkown
page read and write
 clean
9EC000
unkown
page read and write
 clean
58E000
unkown
page read and write
 clean
7FF554AAB000
unkown
page readonly
 clean
7FF578887000
unkown
page readonly
 clean
7FF578AAB000
unkown
page readonly
 clean
7FF55487F000
unkown
page readonly
 clean
1FCC1200000
unkown
page read and write
 clean
1F63000
unkown
page readonly
 clean
400000
unkown image
page readonly
 clean
1FCBF0A3000
unkown
page read and write
 clean
1FCC1253000
unkown
page read and write
 clean
1FCC2210000
unkown
page read and write
 clean
AAD207B000
unkown
page read and write
 clean
275E000
unkown
page read and write
 clean
66B6B000
unkown
page read and write
 clean
A1E000
unkown
page read and write
 clean
92E000
unkown
page read and write
 clean
7FF578A09000
unkown
page readonly
 clean
6D191000
unkown image
page execute read
 clean
1FCBF1B7000
unkown
page read and write
 clean
1FCC12C9000
unkown
page read and write
 clean
7FF554A9E000
unkown
page readonly
 clean
A1E000
unkown
page read and write
 clean
1FCC11A2000
unkown
page read and write
 clean
7FF578AB8000
unkown
page readonly
 clean
660000
unkown
page readonly
 clean
1FCBF0AE000
unkown
page read and write
 clean
1FCBF088000
unkown
page read and write
 clean
7FF578B52000
unkown
page readonly
 clean
AAD197F000
unkown
page read and write
 clean
1FCC12C9000
unkown
page read and write
 clean
9EC000
unkown
page read and write
 clean
1DEC0000
unkown
page readonly
 clean
66B41000
unkown
page read and write
 clean
24FD000
unkown
page read and write
 clean
AAD27FE000
unkown
page read and write
 clean
8EF000
stack
page read and write
 clean
1FCBF200000
unkown
page write copy
 clean
1FCC1500000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
2C20000
unkown
page read and write
 clean
1FCC12C9000
unkown
page read and write
 clean
7FF554ACF000
unkown
page readonly
 clean
2290000
unkown
page readonly
 clean
7FF554A74000
unkown
page readonly
 clean
7FF554A3C000
unkown
page readonly
 clean
9E8000
unkown
page read and write
 clean
A34000
unkown
page read and write
 clean
A20000
heap default
page read and write
 clean
7FF554AE4000
unkown
page readonly
 clean
D9046FE000
unkown
page read and write
 clean
A35000
unkown
page read and write
 clean
25DF0A57000
unkown
page read and write
 clean
A18000
unkown
page read and write
 clean
1F85000
unkown
page readonly
 clean
1FCC2110000
unkown
page read and write
 clean
7FF55499B000
unkown
page readonly
 clean
7FF554A7F000
unkown
page readonly
 clean
1FCC2010000
unkown
page read and write
 clean
781000
heap default
page read and write
 clean
7FF578BC7000
unkown
page readonly
 clean
19B000
stack
page read and write
 clean
A1B000
unkown
page read and write
 clean
25DF09A0000
unkown
page readonly
 clean
A15000
unkown
page read and write
 clean
1FCBF175000
unkown
page read and write
 clean
1FCC0A20000
unkown
page read and write
 clean
968000
heap default
page read and write
 clean
1FCC114E000
unkown
page read and write
 clean
7FF5549E6000
unkown
page readonly
 clean
41C000
unkown image
page readonly
 clean
960000
heap default
page read and write
 clean
C60000
unkown
page readonly
 clean
9EC000
heap default
page read and write
 clean
1FCBF086000
unkown
page read and write
 clean
9F7000
unkown
page read and write
 clean
2510000
unkown
page read and write
 clean
7FF578C94000
unkown
page readonly
 clean
25DF0A40000
unkown
page read and write
 clean
A15000
heap default
page read and write
 clean
1FCBF085000
unkown
page read and write
 clean
7FF554A8A000
unkown
page readonly
 clean
1E170000
heap private
page read and write
 clean
4170000
unkown
page readonly
 clean
7FF578C18000
unkown
page readonly
 clean
2005000
unkown
page readonly
 clean
1FCBF12D000
unkown
page read and write
 clean
66A65000
unkown
page read and write
 clean
41C000
unkown image
page readonly
 clean
7FF57896B000
unkown
page readonly
 clean
401000
unkown image
page execute read
 clean
22FC000
unkown
page read and write
 clean
2200000
unkown
page read and write
 clean
27A0000
unkown
page readonly
 clean
7FF554AA5000
unkown
page readonly
 clean
7FF554B92000
unkown
page readonly
 clean
1FCC1402000
unkown
page read and write
 clean
1FCBEF10000
heap default
page read and write
 clean
6D280000
unkown image
page readonly
 clean
799000
unkown
page read and write
 clean
1FCBEFF0000
unkown
page readonly
 clean
1FCC1131000
unkown
page read and write
 clean
1FCBF131000
unkown
page read and write
 clean
1FCC0E60000
unkown
page readonly
 clean
7FF578AB3000
unkown
page readonly
 clean
6D159000
unkown image
page readonly
 clean
7FF55476A000
unkown
page readonly
 clean
1FCBF029000
unkown
page read and write
 clean
1FCC1100000
unkown
page read and write
 clean
1FCC1236000
unkown
page read and write
 clean
7FF554A40000
unkown
page readonly
 clean
2508000
heap private
page read and write
 clean
1E160000
unkown
page readonly
 clean
7FF578BDC000
unkown
page readonly
 clean
25DF0B02000
unkown
page read and write
 clean
1FCC11CE000
unkown
page read and write
 clean
66B9B000
unkown
page read and write
 clean
66B49000
unkown
page read and write
 clean
7FF5789D5000
unkown
page readonly
 clean
25DF0870000
heap default
page read and write
 clean
23DE000
unkown
page read and write
 clean
7FF578C9A000
unkown
page readonly
 clean
1FCC12CF000
unkown
page read and write
 clean
1FCC1177000
unkown
page read and write
 clean
7FF578C1E000
unkown
page readonly
 clean
1FCC11F0000
unkown
page read and write
 clean
9F7000
heap default
page read and write
 clean
1FCBF067000
unkown
page read and write
 clean
AAD227D000
unkown
page read and write
 clean
1FCC1442000
unkown
page read and write
 clean
1FCBF0D5000
unkown
page read and write
 clean
7FF554B84000
unkown
page readonly
 clean
A18000
unkown
page read and write
 clean
1FCC2310000
unkown
page read and write
 clean
7FF5543A1000
unkown
page readonly
 clean
9E7000
unkown
page read and write
 clean
1FCC1343000
unkown
page read and write
 clean
1D620000
unkown
page readonly
 clean
A1E000
heap default
page read and write
 clean
561000
unkown
page execute and read and write
 clean
2479000
unkown
page read and write
 clean
1FCBF186000
unkown
page read and write
 clean
1FCC1212000
unkown
page read and write
 clean
28A0000
heap private
page read and write
 clean
A3C000
unkown
page read and write
 clean
AAD257C000
unkown
page read and write
 clean
AAD155F000
unkown
page read and write
 clean
A18000
heap default
page read and write
 clean
60000
unkown image
page readonly
 clean
5F0000
heap private
page read and write
 clean
25DF23A0000
unkown
page read and write
 clean
A12000
unkown
page read and write
 clean
1F5D000
unkown
page readonly
 clean
1FCC12CB000
unkown
page read and write
 clean
7AE000
unkown
page read and write
 clean
1FCC113A000
unkown
page read and write
 clean
1FCC2110000
unkown
page read and write
 clean
1FCC12CB000
unkown
page read and write
 clean
7FF554B16000
unkown
page readonly
 clean
1FCC12CA000
unkown
page read and write
 clean
1FCC11C9000
unkown
page read and write
 clean
1FCBF087000
unkown
page read and write
 clean
AAD15DB000
unkown
page read and write
 clean
7FF578BAA000
unkown
page readonly
 clean
A12000
unkown
page read and write
 clean
7B0000
unkown
page readonly
 clean
9F7000
unkown
page read and write
 clean
7FF554B08000
unkown
page readonly
 clean
66D60000
unkown
page readonly
 clean
7FF578BB5000
unkown
page readonly
 clean
7FF554B0E000
unkown
page readonly
 clean
7FF578BBB000
unkown
page readonly
 clean
7FF554777000
unkown
page readonly
 clean
400000
unkown image
page readonly
 clean
AAD1B7B000
unkown
page read and write
 clean
279F000
stack
page read and write
 clean
1FCBF1B6000
unkown
page read and write
 clean
1FCC2110000
unkown
page read and write
 clean
1FCC2110000
unkown
page read and write
 clean
A22000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
1F9A000
unkown
page readonly
 clean
7FF578BB0000
unkown
page readonly
 clean
B5F000
stack
page read and write
 clean
AAD20FB000
unkown
page read and write
 clean
1FCC12CA000
unkown
page read and write
 clean
1FCC118D000
unkown
page read and write
 clean
7FF5549ED000
unkown
page readonly
 clean
22E0000
unkown
page read and write
 clean
1F87000
unkown
page readonly
 clean
1FCC11FF000
unkown
page read and write
 clean
600000
heap default
page read and write
 clean
1F8F000
unkown
page readonly
 clean
7FF5549A3000
unkown
page readonly
 clean
760000
heap default
page read and write
 clean
1DB5F000
stack
page read and write
 clean
22D0000
heap private
page read and write
 clean
2600000
unkown
page readonly
 clean
AAD1AFA000
unkown
page read and write
 clean
A1E000
unkown
page read and write
 clean
D90497F000
unkown
page read and write
 clean
1FCC114D000
unkown
page read and write
 clean
AAD19FA000
unkown
page read and write
 clean
1FCC11C3000
unkown
page read and write
 clean
There are 555 hidden memdumps, click here to show them.