IOC Report

loading gif

Files

File Path
Type
Category
Malicious
8aAG42oIjb.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\LocalLow\01asNgqMltC.zip
Zip archive data, at least v2.0 to extract
dropped
 clean
C:\Users\user\AppData\LocalLow\1xVPfvJcrg
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\LocalLow\RYwTiizs2t
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\LocalLow\frAQBc8Wsa
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\LocalLow\rQF69AzBla
SQLite 3.x database, last written using SQLite version 3032001
dropped
 clean
C:\Users\user\AppData\LocalLow\sqlite3.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleHandler.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\AccessibleMarshal.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\IA2Marshal.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\MapiProxy_InUse.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-file-l2-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-handle-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-heap-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-interlocked-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-libraryloader-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-localization-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-memory-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-namedpipe-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processenvironment-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-processthreads-l1-1-1.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-profile-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-rtlsupport-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-string-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-synch-l1-2-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-sysinfo-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-timezone-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-core-util-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-conio-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-convert-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-environment-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-filesystem-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-heap-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-locale-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-math-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-multibyte-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-private-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-process-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-runtime-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-stdio-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-string-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-time-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\api-ms-win-crt-utility-l1-1-0.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\breakpadinjector.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldap60.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ldif60.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\lgpllibs.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\libEGL.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozMapi32_InUse.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssckbi.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\nssdbm3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\pB4pD1lB4sD3.zip
Zip archive data, at least v2.0 to extract
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\prldap60.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\qipcap.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\ucrtbase.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\uS0wV5wY9qH3\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 clean
C:\Users\user\AppData\LocalLow\yH9tY9hO9gL5
ASCII text, with CRLF, CR line terminators
dropped
 clean
\Device\Null
ASCII text, with CRLF line terminators, with overstriking
dropped
 clean
There are 58 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\8aAG42oIjb.exe
'C:\Users\user\Desktop\8aAG42oIjb.exe'
malicious
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C timeout /T 10 /NOBREAK > Nul & Del /f /q 'C:\Users\user\Desktop\8aAG42oIjb.exe'
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 clean
C:\Windows\SysWOW64\timeout.exe
timeout /T 10 /NOBREAK
clean

URLs

Name
IP
Malicious
http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca04822
185.138.164.150
 malicious
http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/0082491d8ce92dde3db733700e3efad352687de3
185.138.164.150
 malicious
http://185.138.164.150/
185.138.164.150
 malicious
https://duckduckgo.com/chrome_newtab
unknown
 clean
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
unknown
 clean
http://fedir.comsign.co.il/crl/ComSignCA.crl0
unknown
 clean
https://duckduckgo.com/ac/?q=
unknown
 clean
http://crl.chambersign.org/chambersroot.crl0
unknown
 clean
http://185.138.164.150//l/f/p5H3KXwB3dP17SpzXqG4/9a5837ddcde370a12fac7d7ad748894e8ca048222nR5E
unknown
 clean
https://repository.luxtrust.lu0
unknown
 clean
https://support.google.com/chrome/answer/6258784
unknown
 clean
http://cps.chambersign.org/cps/chambersroot.html0
unknown
 clean
https://telegram.org/img/t_logo.png
unknown
 clean
http://www.mozilla.com0
unknown
 clean
http://www.chambersign.org1
unknown
 clean
https://support.google.com/chrome/?p=plugin_flash
unknown
 clean
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
unknown
 clean
http://www.firmaprofesional.com/cps0
unknown
 clean
http://www.diginotar.nl/cps/pkioverheid0
unknown
 clean
http://repository.swisssign.com/0
unknown
 clean
http://crl.securetrust.com/SGCA.crl0
unknown
 clean
http://185.138.164.150/)
unknown
 clean
http://crl.securetrust.com/STCA.crl0
unknown
 clean
http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
unknown
 clean
https://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.go
unknown
 clean
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
 clean
http://www.certplus.com/CRL/class2.crl0
unknown
 clean
https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrows
unknown
 clean
http://www.quovadisglobal.com/cps0
unknown
 clean
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
unknown
 clean
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
unknown
 clean
http://185.138.164.150/w;
unknown
 clean
https://ocsp.quovadisoffshore.com0
unknown
 clean
http://cps.chambersign.org/cps/chambersignroot.html0
unknown
 clean
http://www.sqlite.org/copyright.html.
unknown
 clean
http://policy.camerfirma.com0
unknown
 clean
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=4510094
unknown
 clean
http://www.mozilla.com/en-US/blocklist/
unknown
 clean
http://185.138.164.150/L
unknown
 clean
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
 clean
http://www.accv.es/legislacion_c.htm0U
unknown
 clean
http://www.certicamara.com/dpc/0Z
unknown
 clean
https://go.micro
unknown
 clean
https://www.google.com/?gws_rd=ssl
unknown
 clean
http://ocsp.accv.es0
unknown
 clean
http://ocsp.thawte.com0
unknown
 clean
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
 clean
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
unknown
 clean
https://consent.google.com/?hl=en-GB&origin=https://www.google.com&continue=https://www.google.com/?
unknown
 clean
https://contextual.media.net/checksync.php&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C
unknown
 clean
https://www.google.com/favicon.ico
unknown
 clean
https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=8072167097284;g
unknown
 clean
http://www.msn.com/de-ch/?ocid=iehp
unknown
 clean
https://ac.ecosia.org/autocomplete?q=
unknown
 clean
https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1LMEM
unknown
 clean
https://www.catcert.net/verarrel
unknown
 clean
https://t.me/agryb
unknown
 clean
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
unknown
 clean
http://crl.chambersign.org/chambersignroot.crl0
unknown
 clean
http://crl.xrampsecurity.com/XGCA.crl0
unknown
 clean
https://www.catcert.net/verarrel05
unknown
 clean
https://t.me/agrybirdsgamerept
149.154.167.99
 clean
http://www.quovadis.bm0
unknown
 clean
http://www.accv.es00
unknown
 clean
http://www.pkioverheid.nl/policies/root-policy-G20
unknown
 clean
http://www.cert.fnmt.es/dpcs/0
unknown
 clean
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
 clean
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
 clean
There are 58 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
t.me
149.154.167.99
 clean

IPs

IP
Domain
Country
Malicious
185.138.164.150
unknown
Germany
malicious
149.154.167.99
t.me
United Kingdom
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
unkown image
page execute and read and write
 malicious
2150000
unkown
page execute and read and write
 malicious
2220000
unkown
page read and write
 malicious
7FF56A302000
unkown image
page readonly
 clean
2A33000
unkown image
page readonly
 clean
1F0000
unkown
page read and write
 clean
61E00000
unkown image
page readonly
 clean
7FF5369F1000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
252D000
unkown
page read and write
 clean
7FF536A9B000
unkown image
page readonly
 clean
80F817B000
unkown
page read and write
 clean
4BA4F000
unkown
page read and write
 clean
24EF000
unkown
page read and write
 clean
6E512000
unkown image
page readonly
 clean
80F81FB000
unkown
page read and write
 clean
2087C780000
heap private
page read and write
 clean
2087C4E0000
heap default
page read and write
 clean
4B6ED000
unkown
page read and write
 clean
24E629E8000
unkown
page read and write
 clean
2A5D000
unkown image
page readonly
 clean
4B6F8000
unkown
page read and write
 clean
8C194FE000
unkown
page read and write
 clean
2087C3B0000
unkown image
page readonly
 clean
7FF536917000
unkown image
page readonly
 clean
2C94000
unkown
page read and write
 clean
6E509000
unkown image
page readonly
 clean
4BB8F000
unkown
page read and write
 clean
24E62908000
heap default
page read and write
 clean
2C3F000
unkown
page read and write
 clean
24E629E7000
unkown
page read and write
 clean
2C48000
unkown
page read and write
 clean
333E000
unkown
page read and write
 clean
7EED0000
unkown image
page readonly
 clean
2A3B000
unkown image
page readonly
 clean
2AD5000
unkown image
page readonly
 clean
80F827C000
unkown
page read and write
 clean
7FF572CFE000
unkown image
page readonly
 clean
4B6DB000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
239F000
unkown
page read and write
 clean
7FF536AF3000
unkown image
page readonly
 clean
7FF572D23000
unkown image
page readonly
 clean
24E62D80000
unkown image
page readonly
 clean
7FF56A368000
unkown image
page readonly
 clean
2087C3C0000
unkown image
page readonly
 clean
7FF56A354000
unkown image
page readonly
 clean
7FF572A90000
unkown image
page readonly
 clean
7FF56A344000
unkown image
page readonly
 clean
7DF54BD22000
unkown image
page readonly
 clean
261A4580000
unkown image
page readonly
 clean
2D70000
unkown image
page readonly
 clean
4B6F9000
unkown
page read and write
 clean
24E629C7000
unkown
page read and write
 clean
24E628E0000
unkown
page read and write
 clean
7EFF0000
unkown image
page readonly
 clean
30B8000
heap default
page read and write
 clean
2087CB10000
unkown image
page readonly
 clean
24E629E4000
unkown
page read and write
 clean
7FF5727F2000
unkown image
page readonly
 clean
7FF572AC4000
unkown image
page readonly
 clean
7FF572CC7000
unkown image
page readonly
 clean
225E000
unkown
page read and write
 clean
7FF536B8A000
unkown image
page readonly
 clean
261A3E60000
unkown image
page readonly
 clean
7DF54BD20000
unkown image
page readonly
 clean
80F7D8E000
unkown
page read and write
 clean
6E4F0000
unkown image
page readonly
 clean
8C190FB000
unkown
page read and write
 clean
24E62987000
unkown
page read and write
 clean
40000
unkown image
page readonly
 clean
218000
unkown
page read and write
 clean
7FF572CBC000
unkown image
page readonly
 clean
256E000
unkown
page read and write
 clean
261A4113000
unkown
page read and write
 clean
261A4102000
unkown
page read and write
 clean
261A3E90000
unkown image
page readonly
 clean
7FF572CD4000
unkown image
page readonly
 clean
24E62964000
unkown
page read and write
 clean
2CDC000
unkown
page read and write
 clean
24E627A0000
unkown image
page readonly
 clean
4BA8E000
unkown
page read and write
 clean
261A404B000
unkown
page read and write
 clean
7FF572C14000
unkown image
page readonly
 clean
3580000
unkown image
page readonly
 clean
2087C3A0000
unkown image
page read and write
 clean
7FF536B8C000
unkown image
page readonly
 clean
7FF536B0C000
unkown image
page readonly
 clean
7DF54BD12000
unkown image
page readonly
 clean
7FF536BF4000
unkown image
page readonly
 clean
7FF536A61000
unkown image
page readonly
 clean
2A6F000
unkown image
page readonly
 clean
7DF587E20000
unkown image
page readonly
 clean
30AE000
unkown
page read and write
 clean
6E666000
unkown image
page write copy
 clean
7FF5672F6000
unkown image
page readonly
 clean
24E6293F000
unkown
page read and write
 clean
2C51000
unkown
page read and write
 clean
7FF56A3EA000
unkown image
page readonly
 clean
2CE2000
unkown
page read and write
 clean
261A4047000
unkown
page read and write
 clean
225000
unkown
page read and write
 clean
7DF57F482000
unkown image
page readonly
 clean
7DF54BD20000
unkown image
page readonly
 clean
7FF572C64000
unkown image
page readonly
 clean
580000
unkown image
page readonly
 clean
24E629C9000
unkown
page read and write
 clean
2A5F000
unkown image
page readonly
 clean
7FF572CDA000
unkown image
page readonly
 clean
D30000
unkown image
page readonly
 clean
CFC7D5F000
unkown
page read and write
 clean
4BCE0000
unkown
page read and write
 clean
7FF536C0E000
unkown image
page readonly
 clean
7DF57F490000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
2C2F000
unkown
page read and write
 clean
2C47000
unkown
page read and write
 clean
73C000
unkown
page read and write
 clean
231000
unkown
page read and write
 clean
45D000
unkown image
page write copy
 clean
BB0000
unkown image
page readonly
 clean
22E000
unkown
page read and write
 clean
2DD0000
unkown image
page readonly
 clean
6E630000
unkown image
page readonly
 clean
31B0000
unkown
page read and write
 clean
30000
unkown image
page read and write
 clean
7EFE2000
unkown image
page readonly
 clean
261A3FB0000
unkown
page read and write
 clean
401000
unkown image
page execute read
 clean
2087C50B000
heap default
page read and write
 clean
2B03000
unkown image
page readonly
 clean
6E540000
unkown image
page readonly
 clean
7FF572D09000
unkown image
page readonly
 clean
261A4080000
unkown
page read and write
 clean
7FF536AED000
unkown image
page readonly
 clean
24E62B80000
unkown image
page readonly
 clean
8C18FFB000
unkown
page read and write
 clean
7DF587E02000
unkown image
page readonly
 clean
7FF572C6F000
unkown image
page readonly
 clean
2E6D000
unkown
page read and write
 clean
7FEB0000
unkown image
page readonly
 clean
4B6F8000
unkown
page read and write
 clean
30B0000
heap default
page read and write
 clean
2E98000
unkown
page read and write
 clean
5B0000
heap default
page read and write
 clean
7FF536BCF000
unkown image
page readonly
 clean
CFC7CDC000
unkown
page read and write
 clean
57E000
unkown
page read and write
 clean
7FF56A379000
unkown image
page readonly
 clean
7FF572C5B000
unkown image
page readonly
 clean
21C000
unkown
page read and write
 clean
9C000
unkown
page read and write
 clean
7FF536BD7000
unkown image
page readonly
 clean
80F807E000
unkown
page read and write
 clean
2D70000
unkown image
page readonly
 clean
261A406F000
unkown
page read and write
 clean
2CC4000
unkown
page read and write
 clean
690000
unkown
page read and write
 clean
7DF587E20000
unkown image
page readonly
 clean
7DF54BD30000
unkown image
page readonly
 clean
7FF536C92000
unkown image
page readonly
 clean
2C48000
unkown
page read and write
 clean
7FF5725ED000
unkown image
page readonly
 clean
7FF56A300000
unkown image
page readonly
 clean
261A4802000
unkown
page read and write
 clean
7FF57294A000
unkown image
page readonly
 clean
261A403C000
unkown
page read and write
 clean
4B6F5000
unkown
page read and write
 clean
26AD000
unkown
page read and write
 clean
261A404F000
unkown
page read and write
 clean
7FF572C43000
unkown image
page readonly
 clean
4E3000
unkown image
page readonly
 clean
7DF587E00000
unkown image
page readonly
 clean
6E668000
unkown image
page read and write
 clean
3380000
unkown image
page readonly
 clean
7EFE2000
unkown image
page readonly
 clean
2AE4000
unkown image
page readonly
 clean
7FF536B9E000
unkown image
page readonly
 clean
7FF536C19000
unkown image
page readonly
 clean
2CE2000
unkown
page read and write
 clean
7FF5672F6000
unkown image
page readonly
 clean
7FF536C91000
unkown image
page readonly
 clean
2C3B000
unkown
page read and write
 clean
7FF536C1D000
unkown image
page readonly
 clean
303C000
unkown
page read and write
 clean
24E629C7000
unkown
page read and write
 clean
261A4400000
unkown image
page readonly
 clean
228000
unkown
page read and write
 clean
261A4029000
unkown
page read and write
 clean
261A3EB0000
heap default
page read and write
 clean
261A4108000
unkown
page read and write
 clean
7FF5724D6000
unkown image
page readonly
 clean
7FF572C95000
unkown image
page readonly
 clean
7FF536760000
unkown image
page readonly
 clean
7FF536A81000
unkown image
page readonly
 clean
7FF56A30B000
unkown image
page readonly
 clean
2C3F000
unkown
page read and write
 clean
8AF000
unkown
page read and write
 clean
2087C785000
heap private
page read and write
 clean
7DF485CD0000
unkown image
page readonly
 clean
2D6D000
unkown
page read and write
 clean
7FF536C8A000
unkown image
page readonly
 clean
2A25000
unkown image
page readonly
 clean
7FF536BA0000
unkown image
page readonly
 clean
755000
unkown
page read and write
 clean
7FF56A3E4000
unkown image
page readonly
 clean
7DF587E02000
unkown image
page readonly
 clean
7FF536BEA000
unkown image
page readonly
 clean
7FF572CE4000
unkown image
page readonly
 clean
2AF2000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
7DF54BD12000
unkown image
page readonly
 clean
7FF572C90000
unkown image
page readonly
 clean
7FF572CF8000
unkown image
page readonly
 clean
752000
unkown
page read and write
 clean
7EFD2000
unkown image
page readonly
 clean
24E62790000
unkown image
page readonly
 clean
261A4052000
unkown
page read and write
 clean
24E627A0000
unkown image
page readonly
 clean
261A4000000
unkown
page read and write
 clean
2087C790000
unkown image
page readonly
 clean
24E629EC000
unkown
page read and write
 clean
7FF536A43000
unkown image
page readonly
 clean
CFC7DDF000
unkown
page read and write
 clean
24E627C0000
unkown image
page readonly
 clean
2200000
unkown
page read and write
 clean
2E94000
unkown
page read and write
 clean
2087C5E0000
unkown
page read and write
 clean
7FF536BA5000
unkown image
page readonly
 clean
7FF572C53000
unkown image
page readonly
 clean
690000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
7DF54BD22000
unkown image
page readonly
 clean
7EFF0000
unkown image
page readonly
 clean
7FF572CA7000
unkown image
page readonly
 clean
2D60000
unkown image
page read and write
 clean
7FF536C08000
unkown image
page readonly
 clean
24E62964000
unkown
page read and write
 clean
7DF449BE0000
unkown image
page readonly
 clean
24E62780000
unkown image
page read and write
 clean
7FF56A34A000
unkown image
page readonly
 clean
8C192FC000
unkown
page read and write
 clean
7FF572921000
unkown image
page readonly
 clean
23A0000
heap private
page read and write
 clean
7FF572D81000
unkown image
page readonly
 clean
690000
unkown
page read and write
 clean
7FF572C8E000
unkown image
page readonly
 clean
2570000
unkown image
page readonly
 clean
7DF587E00000
unkown image
page readonly
 clean
2CB2000
unkown
page read and write
 clean
7DF47D340000
unkown image
page readonly
 clean
2CB2000
unkown
page read and write
 clean
31E0000
heap default
page read and write
 clean
7FF572D74000
unkown image
page readonly
 clean
24E62B30000
unkown image
page read and write
 clean
7FF56A36E000
unkown image
page readonly
 clean
261A408D000
unkown
page read and write
 clean
2C72000
unkown
page read and write
 clean
7FF572C8A000
unkown image
page readonly
 clean
6E4F0000
unkown image
page readonly
 clean
24E62944000
unkown
page read and write
 clean
7DF57F480000
unkown image
page readonly
 clean
7FF56A37D000
unkown image
page readonly
 clean
2087C600000
unkown
page read and write
 clean
7FF536BE4000
unkown image
page readonly
 clean
7EFE0000
unkown image
page readonly
 clean
24E62964000
unkown
page read and write
 clean
24E629C7000
unkown
page read and write
 clean
7EFD2000
unkown image
page readonly
 clean
22B000
unkown
page read and write
 clean
4B6E4000
unkown
page read and write
 clean
7FF572CEF000
unkown image
page readonly
 clean
24E629C9000
unkown
page read and write
 clean
7FF5362C1000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
261A3E60000
unkown image
page readonly
 clean
8C18BFB000
unkown
page read and write
 clean
7EFD0000
unkown image
page readonly
 clean
2087C4EB000
heap default
page read and write
 clean
CFC81FE000
unkown
page read and write
 clean
7DF57F472000
unkown image
page readonly
 clean
24E62964000
unkown
page read and write
 clean
2B2E000
unkown
page read and write
 clean
261A404C000
unkown
page read and write
 clean
24E62B20000
unkown
page read and write
 clean
7FF572C9B000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
7DF57F480000
unkown image
page readonly
 clean
4BCCF000
unkown
page read and write
 clean
24E62900000
heap default
page read and write
 clean
24E62B20000
unkown
page read and write
 clean
7FF572592000
unkown image
page readonly
 clean
4B70F000
unkown
page read and write
 clean
24E62931000
heap default
page read and write
 clean
2290000
heap private
page read and write
 clean
8C191F7000
unkown
page read and write
 clean
2C30000
unkown
page read and write
 clean
261A4050000
unkown
page read and write
 clean
4B6E9000
unkown
page read and write
 clean
24E62B20000
unkown
page read and write
 clean
23EE000
unkown
page read and write
 clean
1A0000
unkown image
page readonly
 clean
80F7D0A000
unkown
page read and write
 clean
4B6E2000
unkown
page read and write
 clean
2C62000
unkown
page read and write
 clean
8C18EFE000
unkown
page read and write
 clean
7FF536BB7000
unkown image
page readonly
 clean
7FF56A3F1000
unkown image
page readonly
 clean
7FF536A9E000
unkown image
page readonly
 clean
7FF536C84000
unkown image
page readonly
 clean
3700000
unkown image
page readonly
 clean
7DF57F482000
unkown image
page readonly
 clean
7FF536920000
unkown image
page readonly
 clean
261A404D000
unkown
page read and write
 clean
6E541000
unkown image
page execute read
 clean
53E000
unkown
page read and write
 clean
4BBCE000
unkown
page read and write
 clean
7FF536766000
unkown image
page readonly
 clean
7FF572AC6000
unkown image
page readonly
 clean
7FF56A32C000
unkown image
page readonly
 clean
7FF572D82000
unkown image
page readonly
 clean
7FF572596000
unkown image
page readonly
 clean
24E6292D000
unkown
page read and write
 clean
24E62944000
unkown
page read and write
 clean
8C18E7F000
unkown
page read and write
 clean
6C6000
unkown
page execute and read and write
 clean
2087C3C0000
unkown image
page readonly
 clean
7EFD0000
unkown image
page readonly
 clean
4B6DF000
unkown
page read and write
 clean
4B90000
heap private
page read and write
 clean
24E629E7000
unkown
page read and write
 clean
261A4013000
unkown
page read and write
 clean
22A8000
unkown
page read and write
 clean
2A6A000
unkown image
page readonly
 clean
7EFE0000
unkown image
page readonly
 clean
80F82FF000
unkown
page read and write
 clean
6E4F1000
unkown image
page execute read
 clean
7FF572D7A000
unkown image
page readonly
 clean
80F80FE000
unkown
page read and write
 clean
7FF536BFF000
unkown image
page readonly
 clean
4B710000
unkown
page read and write
 clean
2A2D000
unkown image
page readonly
 clean
7FF572C11000
unkown image
page readonly
 clean
7DF57F472000
unkown image
page readonly
 clean
21D9000
unkown
page execute and read and write
 clean
234000
unkown
page read and write
 clean
24E62944000
unkown
page read and write
 clean
80F837E000
unkown
page read and write
 clean
7FF572C7A000
unkown image
page readonly
 clean
261A3E80000
unkown image
page readonly
 clean
2A57000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
24E6296C000
unkown
page read and write
 clean
2A55000
unkown image
page readonly
 clean
2CD9000
unkown
page read and write
 clean
24E628C0000
unkown
page read and write
 clean
2CC4000
unkown
page read and write
 clean
7DF57F470000
unkown image
page readonly
 clean
2CDE000
unkown
page read and write
 clean
7FF56A35E000
unkown image
page readonly
 clean
7FF536C16000
unkown image
page readonly
 clean
31C0000
unkown image
page readonly
 clean
7FF536BCC000
unkown image
page readonly
 clean
2C43000
unkown
page read and write
 clean
7FF572D06000
unkown image
page readonly
 clean
9AF000
unkown
page read and write
 clean
7FF536775000
unkown image
page readonly
 clean
24E62967000
unkown
page read and write
 clean
23A7000
heap private
page read and write
 clean
2087C990000
unkown image
page readonly
 clean
2CA2000
unkown
page read and write
 clean
7FF572AD1000
unkown image
page readonly
 clean
7DF587E12000
unkown image
page readonly
 clean
2DE0000
unkown image
page readonly
 clean
7DF57F470000
unkown image
page readonly
 clean
7FF572B3F000
unkown image
page readonly
 clean
24E62987000
unkown
page read and write
 clean
7DF54BD30000
unkown image
page readonly
 clean
24E62B70000
heap private
page read and write
 clean
7FF572CBF000
unkown image
page readonly
 clean
24E627D0000
unkown image
page readonly
 clean
7FF572AE1000
unkown image
page readonly
 clean
2A63000
unkown image
page readonly
 clean
24E62987000
unkown
page read and write
 clean
2B03000
unkown image
page readonly
 clean
261A4100000
unkown
page read and write
 clean
7DF587E10000
unkown image
page readonly
 clean
7FF572D12000
unkown image
page readonly
 clean
24E629C9000
unkown
page read and write
 clean
459000
unkown image
page readonly
 clean
7DF54BD10000
unkown image
page readonly
 clean
7FF536B04000
unkown image
page readonly
 clean
6B0000
heap default
page read and write
 clean
9B0000
unkown image
page readonly
 clean
32FE000
unkown
page read and write
 clean
8C193FF000
unkown
page read and write
 clean
261A4200000
unkown image
page readonly
 clean
7FF572B20000
unkown image
page readonly
 clean
7FF56A3F2000
unkown image
page readonly
 clean
4B6DF000
unkown
page read and write
 clean
7FF56A305000
unkown image
page readonly
 clean
24E629E9000
unkown
page read and write
 clean
7DF587E12000
unkown image
page readonly
 clean
2A82000
unkown image
page readonly
 clean
7FF5725DE000
unkown image
page readonly
 clean
7FF572C5F000
unkown image
page readonly
 clean
CFC80FF000
unkown
page read and write
 clean
CFC817F000
unkown
page read and write
 clean
7FF536B9A000
unkown image
page readonly
 clean
261A3E50000
heap private
page read and write
 clean
4B94E000
unkown
page read and write
 clean
2DCC000
unkown
page read and write
 clean
24E62B75000
heap private
page read and write
 clean
7FF5724D9000
unkown image
page readonly
 clean
6BA000
heap default
page read and write
 clean
24E62944000
unkown
page read and write
 clean
261A3F90000
unkown image
page readonly
 clean
6E540000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
199000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
27AE000
unkown
page read and write
 clean
6E66B000
unkown image
page readonly
 clean
7DF57F490000
unkown image
page readonly
 clean
2C5D000
unkown
page read and write
 clean
2210000
heap private
page read and write
 clean
7FF56A338000
unkown image
page readonly
 clean
24E62F00000
unkown image
page readonly
 clean
2087C3F0000
unkown image
page readonly
 clean
7FF572C7C000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
6E510000
unkown image
page read and write
 clean
2087C3E0000
unkown image
page readonly
 clean
4B6F6000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
7DF54BD10000
unkown image
page readonly
 clean
25A0000
heap private
page read and write
 clean
4E3000
unkown image
page readonly
 clean
7FF536BAB000
unkown image
page readonly
 clean
337F000
unkown
page read and write
 clean
716000
unkown
page read and write
 clean
261A3E40000
unkown image
page read and write
 clean
7DF587E10000
unkown image
page readonly
 clean
261A4046000
unkown
page read and write
 clean
2CCB000
unkown
page read and write
 clean
There are 436 hidden memdumps, click here to show them.