IOC Report

loading gif

Files

File Path
Type
Category
Malicious
Quotation.jar
Zip archive data, at least v2.0 to extract
initial sample
 malicious
C:\cmdlinestart.log
ASCII text, with CRLF, LF line terminators
modified
 malicious
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp
ASCII text, with CRLF line terminators
dropped
 clean
C:\jar\META-INF\MANIFEST.MF
ASCII text, with CRLF line terminators
dropped
 clean
C:\jar\carLambo\AaISogscfReXxeZKUWBlO.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\BvHpAJlEksWthemKshuQp.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\CSvxxbhsMkFgzwSLJPuno.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\DaHdKpqpmbwOJzFdSfJTr.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\FirstRun.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\GDI32.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\HBrowserNativeApis.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\HhGNtKoTftxMhSSBMJnzt.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\IXoamLVdxZHhnOCKEypnx.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\IjxLOzQLUDkaXnjBGOAoG.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\IsPDtEuhSpLxTtNBFQXAi.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\JJNChPaoaJuTageKFIyUf.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\JXeuHETDDBNayfsmagXfz.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\JZxxYGNZPNJezbPxNUZCd.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\KFplBMCKgMdHvcMkaAGZa.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\Kernel32.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\KosQXPANrWiAsLTBDYIav.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\LTsbSrnXqNHTzSCadLztL.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\ONjFQMbZKhXUIvJECkqdG.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\RdldwsORcdxmkhJVwhbLi.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\SLINEyhIcNChZpywErVgS.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\TlNoUrOpQFTDEOhhEkJkV.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\TwJpMYXWnMJHKsRderDDT.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\UWPKqDtrtuRkfgJqVaIfH.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\User32.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\WinGDI.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\XmcgWVirDwLliVZTBfoxa.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\XtGDgqPPFsffwvuGLMVrE.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\YAscrrsjSCEINprDrLpVw.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\ZYEcYXbRzHYFyZblHqtZQ.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\bblLjaykILRsJuIgHpxpV.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\bmfvovJGUyUbPgySKkkcq.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\bzlBSuuREhLCmheoxRLoe.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\cNhfmljIASGhxQnqNJuWx.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\dYjHcUTAJpBUzZmyvwxcg.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\eauxCIrdjXbTstchfeoOk.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\hBkzOcczVKCAHBldijzvK.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\hWdmIbubOgKXDUyGkTEEB.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\hYsqcGfbELOwxudanKXov.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\hccNzYOZzwIxSugKtwNFq.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\iUmCoRfIFAQoefdxTBoVc.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\jsGSSBxDsfgZgmNRCCRge.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\kKDEXLppEHnYcckGnnxxg.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\kqfTtOdPWqoSaOdKfHjPr.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\ktqJfqRpauSAGkfJbNchr.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\lXiQWxbivgQpkaqCCfVKY.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\mdNVabGLtSgHprawsRQOv.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\nYKUJiPDMFquwRpKFElAD.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\oGMqziBzYYxWXtOgENcol.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\qAnFfCeztBRNXnxmfAymy.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\qNjCcZeKvVwoJRxKdiCbn.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\qSvSnaYHzthBBeWOIMBaB.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\qcwPdWnKTLcdPxDSEKqai.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\resources\config.txt
ASCII text, with no line terminators
dropped
 clean
C:\jar\carLambo\sbsQDGLLzqONvAeirLUFR.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\sdQKOtlJzWCBporuolMyN.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\susnFxnUwlidMWpefYbJj.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\tSrrFgcYOfUSarEmZIkay.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\uinODIkCilGXJDaSnyVJx.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\unFpTnLKGCoDhhTwCythd.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\vISXLMxulVKJDJdBSbyBW.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\vPGWlacnCrelHWkRFSJnJ.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\wparXSrkmxMhKOZjMNKKu.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\jar\carLambo\yLBVjlynSgWMgvIJTRRcy.class
compiled Java class data, version 49.0 (Java 1.5)
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\83aa4cc77f591dfc2374580bbd95f6ba_d06ed635-68f6-4e9a-955c-4899f5f57b9a
data
dropped
 clean
There are 59 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun
malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c 7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
 clean
C:\Windows\System32\7za.exe
7za.exe x -y -oC:\jar 'C:\Users\user\Desktop\Quotation.jar'
 clean
C:\Windows\System32\cmd.exe
'C:\Windows\System32\cmd.exe' /c java.exe -jar 'C:\Users\user\Desktop\Quotation.jar' carLambo.FirstRun >> C:\cmdlinestart.log 2>&1
clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 clean
C:\Windows\SysWOW64\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
 clean
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
 clean
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ''C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar'' >> C:\cmdlinestart.log 2>&1
clean
C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -javaagent:'C:\Users\user\AppData\Local\Temp\jartracer.jar' -jar 'C:\Users\user\Desktop\Quotation.jar'
clean

URLs

Name
IP
Malicious
http://crl.xrampsecurity.com/XGCA.crl
unknown
 clean
https://repo1.maven.org/maven2/net/java/dev/jna/jna-platform/5.5.0/jna-platform-5.5.0.jar
unknown
 clean
http://crl.chambersign.org/chambersroot.crl0
unknown
 clean
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
unknown
 clean
http://www.certplus.com/CRL/class2.crl
unknown
 clean
http://bugreport.sun.com/bugreport/
unknown
 clean
http://cps.chambersign.org/cps/chambersroot.html0
unknown
 clean
http://java.oracle.com/
unknown
 clean
http://null.oracle.com/
unknown
 clean
http://www.chambersign.org1
unknown
 clean
http://repository.swisssign.com/0
unknown
 clean
https://repo1.maven.org/maven2/net/java/dev/jna/jna/5.5.0/jna-5.5.0.jar
unknown
 clean
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
unknown
 clean
http://policy.camerfirma.com
unknown
 clean
https://ocsp.quovadisoffshore.com
unknown
 clean
https://repo1.maven.org/maven2/org/xerial/sqlite-jdbc/3.14.2.1/sqlite-jdbc-3.14.2.1.jar
unknown
 clean
http://crl.securetrust.com/STCA.crl0
unknown
 clean
http://www.quovadisglobal.com/cps
unknown
 clean
http://cps.chambersign.org/cps/chambersroot.html
unknown
 clean
http://www.certplus.com/CRL/class3P.crl
unknown
 clean
http://www.certplus.com/CRL/class3P.crl0
unknown
 clean
http://crl.securetrust.com/STCA.crl
unknown
 clean
http://www.certplus.com/CRL/class2.crl0
unknown
 clean
http://www.quovadisglobal.com/cps0
unknown
 clean
http://crl.xrampsecurity.com/XGCA.crl0
unknown
 clean
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
unknown
 clean
http://www.quovadis.bm
unknown
 clean
http://www.quovadis.bm0
unknown
 clean
https://ocsp.quovadisoffshore.com0
unknown
 clean
http://www.allatori.com
unknown
 clean
http://crl.chambersign.org/chambersroot.crl
unknown
 clean
http://repository.swisssign.com/
unknown
 clean
http://www.chambersign.org
unknown
 clean
https://github.com/kristian/system-hook/releases/download/3.5/system-hook-3.5.jar
unknown
 clean
http://policy.camerfirma.com0
unknown
 clean
https://github.com/krist
unknown
 clean
There are 26 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
sonatype.map.fastly.net
199.232.192.209
 clean
github.com
140.82.121.3
 clean
repo1.maven.org
unknown
 clean

IPs

IP
Domain
Country
Malicious
192.168.2.1
unknown
unknown
clean
199.232.192.209
sonatype.map.fastly.net
United States
clean
140.82.121.3
github.com
United States
clean
140.82.121.4
unknown
United States
clean

Memdumps

Base Address
Regiontype
Protect
Malicious
53F0000
unkown
page read and write
 malicious
A7A5000
unkown
page read and write
 malicious
A76A000
unkown
page read and write
 malicious
7FF5D2F97000
unkown image
page readonly
 clean
D2E000
unkown
page read and write
 clean
1FF5BE50000
unkown image
page readonly
 clean
A79C000
unkown
page read and write
 clean
1FF5C0F0000
unkown
page read and write
 clean
AE8000
unkown
page read and write
 clean
7DF5DD040000
unkown image
page readonly
 clean
25B94E2D000
unkown
page read and write
 clean
7FF5D3181000
unkown image
page readonly
 clean
7FF5D3154000
unkown image
page readonly
 clean
7DF5C2B30000
unkown image
page readonly
 clean
25B94E00000
unkown
page read and write
 clean
7FF5B8D5A000
unkown image
page readonly
 clean
A925000
unkown
page read and write
 clean
1FF5C120000
heap private
page read and write
 clean
FF462000
unkown image
page readonly
 clean
7FF5D2C3A000
unkown image
page readonly
 clean
7FF5D323D000
unkown image
page readonly
 clean
7FF5B8D73000
unkown image
page readonly
 clean
7DF4C09F0000
unkown image
page readonly
 clean
25B94EF5000
unkown
page read and write
 clean
15C8B000
unkown
page read and write
 clean
1699E000
unkown
page read and write
 clean
12F0000
unkown
page read and write
 clean
7FF5D2F2D000
unkown image
page readonly
 clean
7FF5D318F000
unkown image
page readonly
 clean
2FFE000
unkown
page read and write
 clean
2710000
unkown
page read and write
 clean
30C2000
unkown
page execute and read and write
 clean
7FFC0000
unkown image
page readonly
 clean
94D000
unkown
page read and write
 clean
7DF5C2B30000
unkown image
page readonly
 clean
7FF5D30F1000
unkown image
page readonly
 clean
25B8FD30000
unkown
page read and write
 clean
7FF5D2DE2000
unkown image
page readonly
 clean
3227000
heap default
page read and write
 clean
7FF5D31AA000
unkown image
page readonly
 clean
25B90501000
unkown
page read and write
 clean
7F5B0000
unkown image
page readonly
 clean
7FF5D302F000
unkown image
page readonly
 clean
7DF5C2B22000
unkown image
page readonly
 clean
25B8F676000
unkown
page read and write
 clean
7FF5D2C3F000
unkown image
page readonly
 clean
1FF5C100000
unkown
page read and write
 clean
7DF5C2B32000
unkown image
page readonly
 clean
57467BB000
unkown
page read and write
 clean
25B8F5E0000
unkown image
page readonly
 clean
7FF5D319D000
unkown image
page readonly
 clean
505E000
unkown
page read and write
 clean
15646000
unkown
page read and write
 clean
7FF5B8D87000
unkown image
page readonly
 clean
2D61000
unkown image
page readonly
 clean
793627F000
unkown
page read and write
 clean
D0C000
unkown
page read and write
 clean
A8C7000
unkown
page read and write
 clean
1FF5C125000
heap private
page read and write
 clean
5746C7E000
unkown
page read and write
 clean
25B8F5D0000
heap default
page read and write
 clean
5746AFE000
unkown
page read and write
 clean
25B94C70000
unkown
page read and write
 clean
7F5C0000
unkown image
page readonly
 clean
1FF5CDE0000
unkown
page read and write
 clean
7F5A0000
unkown image
page readonly
 clean
A770000
unkown
page read and write
 clean
1571D000
unkown
page read and write
 clean
7DF5DD022000
unkown image
page readonly
 clean
7DF5C2B40000
unkown image
page readonly
 clean
15200000
unkown
page read and write
 clean
25B8F702000
unkown
page read and write
 clean
A7A7000
unkown
page read and write
 clean
7FF5D2A50000
unkown image
page readonly
 clean
15B3E000
unkown
page read and write
 clean
651000
unkown
page read and write
 clean
7FF5B8D31000
unkown image
page readonly
 clean
25B94C30000
unkown
page read and write
 clean
7FF5D2F55000
unkown image
page readonly
 clean
990000
unkown image
page readonly
 clean
51D9000
unkown image
page read and write
 clean
25B94B10000
unkown
page read and write
 clean
7FF5B84CB000
unkown image
page readonly
 clean
AE0000
unkown
page read and write
 clean
9A0000
unkown image
page readonly
 clean
1FF5BEF1000
heap default
page read and write
 clean
25B8F613000
unkown
page read and write
 clean
7DF5DD020000
unkown image
page readonly
 clean
520000
unkown image
page read and write
 clean
7DF5C2B20000
unkown image
page readonly
 clean
7FF5D325A000
unkown image
page readonly
 clean
25B8FC50000
unkown image
page readonly
 clean
7FF5D317F000
unkown image
page readonly
 clean
7FF5B8D76000
unkown image
page readonly
 clean
7FF5D302A000
unkown image
page readonly
 clean
2D30000
unkown image
page readonly
 clean
50EE000
unkown
page read and write
 clean
1FF5CD70000
unkown
page readonly
 clean
25B94C54000
unkown
page read and write
 clean
1598E000
unkown
page read and write
 clean
990000
unkown
page read and write
 clean
15BA2000
unkown
page read and write
 clean
15C98000
unkown
page read and write
 clean
A8C0000
unkown
page read and write
 clean
25B90520000
unkown image
page read and write
 clean
25B94C74000
unkown
page read and write
 clean
1FF5C0E0000
unkown
page read and write
 clean
25B94C30000
unkown
page read and write
 clean
FF460000
unkown image
page readonly
 clean
7FF5B8C94000
unkown image
page readonly
 clean
15660000
unkown
page read and write
 clean
1358000
heap default
page read and write
 clean
25B94B30000
unkown
page read and write
 clean
25B94EA4000
unkown
page read and write
 clean
25B94EF9000
unkown
page read and write
 clean
25B8FE15000
unkown
page read and write
 clean
159DF000
unkown
page read and write
 clean
1FF5C130000
unkown
page read and write
 clean
AF0000
heap default
page read and write
 clean
16AD0000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
25B8F8D0000
unkown image
page readonly
 clean
7FF5B8CA6000
unkown image
page readonly
 clean
513F000
unkown
page read and write
 clean
8FC000
unkown
page read and write
 clean
7FF5D2DB2000
unkown image
page readonly
 clean
1FF5BE10000
unkown image
page read and write
 clean
7FF5D31CD000
unkown image
page readonly
 clean
25B8F5A0000
unkown image
page readonly
 clean
FF360000
unkown image
page readonly
 clean
25B8FC60000
unkown image
page readonly
 clean
1FF5BF2D000
unkown
page read and write
 clean
7FF5D2FBE000
unkown image
page readonly
 clean
1FF5BE30000
unkown image
page readonly
 clean
E80000
unkown image
page readonly
 clean
7FF5D3033000
unkown image
page readonly
 clean
7FF5D2F79000
unkown image
page readonly
 clean
2E38000
unkown image
page readonly
 clean
7FF5B8D4B000
unkown image
page readonly
 clean
25B94B20000
unkown
page read and write
 clean
1FF5BE20000
unkown
page read and write
 clean
7935E7F000
unkown
page read and write
 clean
7FF5B8CD7000
unkown image
page readonly
 clean
25B94EEA000
unkown
page read and write
 clean
51CF000
unkown
page read and write
 clean
15C7B000
unkown
page read and write
 clean
793677C000
unkown
page read and write
 clean
7FF5D3164000
unkown image
page readonly
 clean
A7E3000
unkown
page read and write
 clean
7FF5D3105000
unkown image
page readonly
 clean
2D5D000
unkown image
page readonly
 clean
79361FF000
unkown
page read and write
 clean
1FF5CD90000
unkown
page read and write
 clean
25B8F6F9000
unkown
page read and write
 clean
3020000
unkown
page execute and read and write
 clean
25B8F671000
unkown
page read and write
 clean
3210000
heap default
page read and write
 clean
305A000
unkown
page execute and read and write
 clean
25B8FF13000
unkown
page read and write
 clean
1620F000
unkown
page read and write
 clean
25B94F00000
unkown
page read and write
 clean
7F5C0000
unkown image
page readonly
 clean
793667E000
unkown
page read and write
 clean
E6E000
unkown
page read and write
 clean
A841000
unkown
page read and write
 clean
1569C000
unkown
page read and write
 clean
7FF5D31D9000
unkown image
page readonly
 clean
305E000
unkown
page execute and read and write
 clean
5E0000
heap default
page read and write
 clean
1624E000
unkown
page read and write
 clean
2C20000
unkown
page read and write
 clean
A920000
unkown
page read and write
 clean
5431000
unkown
page read and write
 clean
1FF5BF2D000
unkown
page read and write
 clean
7FF5D3231000
unkown image
page readonly
 clean
7DF5C2B40000
unkown image
page readonly
 clean
25B94EF7000
unkown
page read and write
 clean
D80000
heap default
page read and write
 clean
7DF5DD032000
unkown image
page readonly
 clean
25B8FF58000
unkown
page read and write
 clean
3217000
heap default
page read and write
 clean
7FF5B8CD9000
unkown image
page readonly
 clean
16520000
unkown
page read and write
 clean
A7CF000
unkown
page read and write
 clean
A824000
unkown
page read and write
 clean
7FFC0000
unkown image
page readonly
 clean
5746A7E000
unkown
page read and write
 clean
5200000
unkown
page read and write
 clean
7FF5D2F90000
unkown image
page readonly
 clean
7FF5D2DFC000
unkown image
page readonly
 clean
7FF5D304F000
unkown image
page readonly
 clean
8F0000
unkown image
page readonly
 clean
15F90000
unkown
page read and write
 clean
12F0000
unkown image
page readonly
 clean
8E0000
unkown image
page read and write
 clean
1FF5CD80000
unkown
page read and write
 clean
25B8F68A000
unkown
page read and write
 clean
25B90A80000
unkown
page read and write
 clean
7935B7D000
unkown
page read and write
 clean
170D0000
unkown
page read and write
 clean
55A3000
unkown
page read and write
 clean
53DE000
unkown
page read and write
 clean
25B94D80000
unkown
page read and write
 clean
7FF5D2FE4000
unkown image
page readonly
 clean
15C8F000
unkown
page read and write
 clean
D10000
unkown image
page readonly
 clean
8F0000
unkown image
page readonly
 clean
A819000
unkown
page read and write
 clean
7FF5B8CCD000
unkown image
page readonly
 clean
25B94C51000
unkown
page read and write
 clean
C60000
unkown image
page readonly
 clean
7FF5D2A6B000
unkown image
page readonly
 clean
7DF5C2B20000
unkown image
page readonly
 clean
7935C7B000
unkown
page read and write
 clean
25B8F713000
unkown
page read and write
 clean
5B0000
unkown image
page readonly
 clean
7FF5D3148000
unkown image
page readonly
 clean
2D5A000
unkown image
page readonly
 clean
25B8FF59000
unkown
page read and write
 clean
7FF5D3276000
unkown image
page readonly
 clean
25B8F656000
unkown
page read and write
 clean
25B8F600000
unkown
page read and write
 clean
2E10000
heap private
page read and write
 clean
25B8F580000
unkown image
page readonly
 clean
25B8FAD0000
unkown image
page readonly
 clean
1FF5BF2D000
unkown
page read and write
 clean
7FF5D2F86000
unkown image
page readonly
 clean
25B94C3E000
unkown
page read and write
 clean
51E4000
unkown image
page read and write
 clean
7FF5D31C6000
unkown image
page readonly
 clean
7DF5DD030000
unkown image
page readonly
 clean
30BB000
unkown
page execute and read and write
 clean
FF470000
unkown image
page readonly
 clean
E90000
unkown
page read and write
 clean
7FF5D2F48000
unkown image
page readonly
 clean
164BD000
unkown
page read and write
 clean
7FF5B8738000
unkown image
page readonly
 clean
7DF5DD020000
unkown image
page readonly
 clean
1FF5C540000
unkown image
page readonly
 clean
E20000
heap default
page read and write
 clean
DCE000
unkown
page read and write
 clean
7FFA0000
unkown image
page readonly
 clean
2E20000
unkown
page read and write
 clean
15C96000
unkown
page read and write
 clean
7DF5DD040000
unkown image
page readonly
 clean
15C65000
unkown
page read and write
 clean
15B90000
unkown
page read and write
 clean
7FFB2000
unkown image
page readonly
 clean
1FF5BE60000
unkown image
page readonly
 clean
25B906E0000
unkown image
page readonly
 clean
16C1F000
unkown
page read and write
 clean
169D0000
unkown
page read and write
 clean
5746CFB000
unkown
page read and write
 clean
7F5A2000
unkown image
page readonly
 clean
7FF5D3169000
unkown image
page readonly
 clean
25B94D90000
unkown
page read and write
 clean
25B94E3F000
unkown
page read and write
 clean
7DF5DD032000
unkown image
page readonly
 clean
FF480000
unkown image
page readonly
 clean
25B94AA0000
unkown
page read and write
 clean
25B94EFB000
unkown
page read and write
 clean
25B94D90000
unkown
page read and write
 clean
25B94E1F000
unkown
page read and write
 clean
25B90710000
unkown image
page readonly
 clean
C50000
unkown image
page read and write
 clean
7935FFF000
unkown
page read and write
 clean
7F5A0000
unkown image
page readonly
 clean
1610000
unkown image
page readonly
 clean
7FF5D3135000
unkown image
page readonly
 clean
79356AB000
unkown
page read and write
 clean
A8D3000
unkown
page read and write
 clean
25B94C60000
unkown
page read and write
 clean
1170000
unkown image
page readonly
 clean
28A0000
unkown
page read and write
 clean
7F5B2000
unkown image
page readonly
 clean
25B8F570000
heap private
page read and write
 clean
17150000
unkown
page read and write
 clean
51D6000
unkown image
page read and write
 clean
2EA8000
unkown
page read and write
 clean
16330000
unkown image
page readonly
 clean
7FF5D2F72000
unkown image
page readonly
 clean
7FF5B8D34000
unkown image
page readonly
 clean
5F0000
unkown image
page readonly
 clean
7FF5D3193000
unkown image
page readonly
 clean
5A0000
unkown image
page readonly
 clean
25B8FF18000
unkown
page read and write
 clean
2DFE000
unkown image
page readonly
 clean
7FF5B8601000
unkown image
page readonly
 clean
25B94D60000
unkown
page read and write
 clean
56CF000
unkown
page read and write
 clean
25B8F62A000
unkown
page read and write
 clean
2DC5000
unkown image
page readonly
 clean
2E25000
unkown
page read and write
 clean
25B94C60000
unkown
page read and write
 clean
AEC000
unkown
page read and write
 clean
25B94D00000
unkown
page read and write
 clean
1FF5BE80000
unkown
page read and write
 clean
7FF5B8D3D000
unkown image
page readonly
 clean
25B94C38000
unkown
page read and write
 clean
1590000
unkown image
page readonly
 clean
164C4000
heap private
page read and write
 clean
517E000
unkown
page read and write
 clean
7FF5D2F0C000
unkown image
page readonly
 clean
2DE1000
unkown image
page readonly
 clean
1FF5CD60000
unkown
page read and write
 clean
56AB000
unkown
page read and write
 clean
1FF5BEC0000
unkown image
page readonly
 clean
59D000
unkown
page read and write
 clean
25B94EFB000
unkown
page read and write
 clean
25B8FF18000
unkown
page read and write
 clean
7FF5D3160000
unkown image
page readonly
 clean
128C000
unkown
page read and write
 clean
7FF5B8D37000
unkown image
page readonly
 clean
E0F000
unkown
page read and write
 clean
7FF5B84C4000
unkown image
page readonly
 clean
FC0000
unkown
page read and write
 clean
25B94D90000
unkown
page read and write
 clean
25B8F673000
unkown
page read and write
 clean
25B94EE0000
unkown
page read and write
 clean
162D8000
unkown
page read and write
 clean
25B94C50000
unkown
page read and write
 clean
E25000
heap default
page read and write
 clean
7FF5D3282000
unkown image
page readonly
 clean
25B90600000
unkown
page read and write
 clean
1FF5C340000
unkown image
page readonly
 clean
1810000
unkown image
page readonly
 clean
1576E000
unkown
page read and write
 clean
15A1E000
unkown
page read and write
 clean
7F5B2000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
A813000
unkown
page read and write
 clean
25B8FD40000
unkown image
page read and write
 clean
7FF5B8B98000
unkown image
page readonly
 clean
7FF59DC2B000
unkown image
page readonly
 clean
2DDE000
unkown
page read and write
 clean
98E000
unkown
page read and write
 clean
1FF5C6D0000
unkown image
page readonly
 clean
7FF5D31B2000
unkown image
page readonly
 clean
3022000
unkown
page execute and read and write
 clean
15AFE000
unkown
page read and write
 clean
1FF5BF2F000
unkown
page read and write
 clean
3010000
heap private
page read and write
 clean
25B94EAC000
unkown
page read and write
 clean
1FF5C129000
heap private
page read and write
 clean
3000000
unkown
page read and write
 clean
131B000
heap default
page read and write
 clean
2D20000
unkown
page read and write
 clean
FF472000
unkown image
page readonly
 clean
25B90A90000
unkown
page read and write
 clean
25B8F686000
unkown
page read and write
 clean
25B94D70000
unkown
page read and write
 clean
7F5B0000
unkown image
page readonly
 clean
7FF5B8D87000
unkown image
page readonly
 clean
7FF5B8BC8000
unkown image
page readonly
 clean
161BE000
unkown
page read and write
 clean
7935D79000
unkown
page read and write
 clean
7FF5B8CC6000
unkown image
page readonly
 clean
FF460000
unkown image
page readonly
 clean
7FF5B84CF000
unkown image
page readonly
 clean
1347000
heap default
page read and write
 clean
E70000
unkown image
page readonly
 clean
25B94A90000
unkown
page read and write
 clean
25B94D40000
unkown
page read and write
 clean
7FF5D301A000
unkown image
page readonly
 clean
1FF5BE30000
unkown image
page readonly
 clean
7FF5D31DE000
unkown image
page readonly
 clean
7FF5D2F5F000
unkown image
page readonly
 clean
7DF5C2B32000
unkown image
page readonly
 clean
2DEE000
unkown image
page readonly
 clean
2890000
heap private
page read and write
 clean
7FF5D2FCB000
unkown image
page readonly
 clean
15B8E000
unkown
page read and write
 clean
25B8F66C000
unkown
page read and write
 clean
7FF5B8BC1000
unkown image
page readonly
 clean
7FF5D31A6000
unkown image
page readonly
 clean
1568F000
unkown
page read and write
 clean
79360FF000
unkown
page read and write
 clean
25B94F02000
unkown
page read and write
 clean
7FF5D31D7000
unkown image
page readonly
 clean
7FF5B8D47000
unkown image
page readonly
 clean
559A000
unkown
page read and write
 clean
CEF000
unkown
page read and write
 clean
FF470000
unkown image
page readonly
 clean
9F0000
unkown
page read and write
 clean
F70000
unkown image
page readonly
 clean
25B8F6A0000
unkown
page read and write
 clean
50AF000
unkown
page read and write
 clean
7FFA0000
unkown image
page readonly
 clean
7FF5D302D000
unkown image
page readonly
 clean
7FF5D3287000
unkown image
page readonly
 clean
25B90A83000
unkown
page read and write
 clean
54D7000
unkown
page read and write
 clean
FF472000
unkown image
page readonly
 clean
25B94E4C000
unkown
page read and write
 clean
7FFB0000
unkown image
page readonly
 clean
112C000
unkown
page read and write
 clean
7FF5B8B0C000
unkown image
page readonly
 clean
540000
unkown image
page readonly
 clean
2DF3000
unkown image
page readonly
 clean
7FF5B8945000
unkown image
page readonly
 clean
7DF5DD022000
unkown image
page readonly
 clean
25B8FE00000
unkown
page read and write
 clean
1629F000
unkown
page read and write
 clean
AF8000
heap default
page read and write
 clean
793617F000
unkown
page read and write
 clean
2E38000
unkown image
page readonly
 clean
1FF5BEA0000
unkown
page read and write
 clean
D20000
unkown image
page readonly
 clean
7FFA2000
unkown image
page readonly
 clean
164C0000
heap private
page read and write
 clean
1642E000
unkown
page read and write
 clean
30B5000
unkown
page execute and read and write
 clean
25B90730000
unkown image
page readonly
 clean
25B94E62000
unkown
page read and write
 clean
7FF5D3237000
unkown image
page readonly
 clean
16518000
unkown
page read and write
 clean
51EE000
unkown image
page read and write
 clean
1364000
heap default
page read and write
 clean
54D3000
unkown
page read and write
 clean
25B94E55000
unkown
page read and write
 clean
E00000
unkown
page read and write
 clean
7FFA2000
unkown image
page readonly
 clean
D4F000
unkown
page read and write
 clean
2895000
heap private
page read and write
 clean
E10000
unkown image
page readonly
 clean
7FF5D2A61000
unkown image
page readonly
 clean
25B8F63D000
unkown
page read and write
 clean
1647F000
unkown
page read and write
 clean
7FF5B8C7F000
unkown image
page readonly
 clean
5746B79000
unkown
page read and write
 clean
56C9000
unkown
page read and write
 clean
25B90720000
unkown image
page readonly
 clean
FF462000
unkown image
page readonly
 clean
25B8F654000
unkown
page read and write
 clean
7FF5D30C1000
unkown image
page readonly
 clean
1FF5C6C0000
unkown image
page readonly
 clean
793637A000
unkown
page read and write
 clean
7FF5D2F8A000
unkown image
page readonly
 clean
7FF5D3157000
unkown image
page readonly
 clean
5746BF9000
unkown
page read and write
 clean
540000
unkown image
page readonly
 clean
F70000
heap private
page read and write
 clean
25B8FE02000
unkown
page read and write
 clean
1FF5BEE0000
heap default
page read and write
 clean
98C000
unkown
page read and write
 clean
15C9E000
unkown
page read and write
 clean
7FF5D3244000
unkown image
page readonly
 clean
A81E000
unkown
page read and write
 clean
306A000
unkown
page execute and read and write
 clean
25B8F6B7000
unkown
page read and write
 clean
25B94D50000
unkown
page read and write
 clean
25B906F0000
unkown image
page readonly
 clean
25B94E15000
unkown
page read and write
 clean
7FF5D2E09000
unkown image
page readonly
 clean
15C74000
unkown
page read and write
 clean
25B94D90000
unkown
page read and write
 clean
3062000
unkown
page execute and read and write
 clean
15441000
unkown
page read and write
 clean
1FF5BF26000
unkown
page read and write
 clean
793607E000
unkown
page read and write
 clean
7FF5D2FC0000
unkown image
page readonly
 clean
1FF5CB30000
unkown
page read and write
 clean
1310000
heap default
page read and write
 clean
7DF5C2B22000
unkown image
page readonly
 clean
7FF5D30C8000
unkown image
page readonly
 clean
7935F7B000
unkown
page read and write
 clean
7DF4DAEF0000
unkown image
page readonly
 clean
7FF5D3057000
unkown image
page readonly
 clean
56C0000
unkown
page read and write
 clean
25B8F698000
unkown
page read and write
 clean
FF480000
unkown image
page readonly
 clean
3072000
unkown
page execute and read and write
 clean
7FF5D3043000
unkown image
page readonly
 clean
7935AF8000
unkown
page read and write
 clean
F6F000
unkown
page read and write
 clean
15A6E000
unkown
page read and write
 clean
D0E000
unkown
page read and write
 clean
25B94EF1000
unkown
page read and write
 clean
7FF5D3027000
unkown image
page readonly
 clean
2DE0000
unkown image
page readonly
 clean
1410000
unkown image
page readonly
 clean
25B90700000
unkown image
page readonly
 clean
7FF5D2F33000
unkown image
page readonly
 clean
7FF5D3273000
unkown image
page readonly
 clean
1607000
heap private
page read and write
 clean
7FF5B8D44000
unkown image
page readonly
 clean
7FEA0000
unkown image
page readonly
 clean
CBC000
unkown
page read and write
 clean
7FF5D3174000
unkown image
page readonly
 clean
25B8F580000
unkown image
page readonly
 clean
1600000
heap private
page read and write
 clean
A82B000
unkown
page read and write
 clean
3015000
heap private
page read and write
 clean
7F4A0000
unkown image
page readonly
 clean
7FF5D2F44000
unkown image
page readonly
 clean
FF0000
unkown image
page read and write
 clean
2DF0000
unkown
page read and write
 clean
1130000
unkown
page read and write
 clean
C60000
unkown image
page readonly
 clean
E2E000
unkown
page read and write
 clean
25B8F5B0000
unkown image
page readonly
 clean
1FF5BEE9000
heap default
page read and write
 clean
7DF5DD030000
unkown image
page readonly
 clean
7FF5D3247000
unkown image
page readonly
 clean
12D8000
unkown
page read and write
 clean
25B8FF00000
unkown
page read and write
 clean
7FF5D2F84000
unkown image
page readonly
 clean
A750000
unkown
page read and write
 clean
25B8F68D000
unkown
page read and write
 clean
793647D000
unkown
page read and write
 clean
7FF5D3234000
unkown image
page readonly
 clean
7F5A2000
unkown image
page readonly
 clean
15AAE000
unkown
page read and write
 clean
79357AE000
unkown
page read and write
 clean
64D000
unkown
page read and write
 clean
793572E000
unkown
page read and write
 clean
7FF59DC2B000
unkown image
page readonly
 clean
15A0000
unkown
page read and write
 clean
25B8F560000
unkown image
page read and write
 clean
25B8FF02000
unkown
page read and write
 clean
AC0000
unkown
page read and write
 clean
25B94EA1000
unkown
page read and write
 clean
7FF5B8BB1000
unkown image
page readonly
 clean
160B000
heap private
page read and write
 clean
16329000
unkown
page read and write
 clean
There are 515 hidden memdumps, click here to show them.