IOC Report

loading gif

Files

File Path
Type
Category
Malicious
uNVvJ2g3XW.dll
PE32+ executable (DLL) (native) x86-64, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\www.msn[2].xml
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IB42RK38\contextual.media[1].xml
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C09368A5-5415-11EC-90E5-ECF4BB2D2496}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C09368A7-5415-11EC-90E5-ECF4BB2D2496}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\17-361657-68ddb2ab[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\4996b9[2].woff
Web Open Font Format, TrueType, length 45633, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAMqFmF[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAPwesU[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAQby46[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARjTo7[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlJ4T[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlMfv[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlNEA[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlOdR[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARlU0z[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AARluon[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1ftEY0[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1gyTJJ[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1gyWh5[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\a5ea21[1].ico
PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\cfdbd9[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\medianet[3].htm
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\medianet[4].htm
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otCommonStyles[1].css
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otFlat[2].json
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otPcCenter[2].json
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otSDKStub[1].js
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAKp8YX[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQCgDb[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARfw7b[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
modified
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARkL8h[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARl0hy[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlY5u[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlk9e[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlo9i[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARlt06[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARm2qY[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARm6r5[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AARmL62[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAuTnto[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\BB6Ma4a[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\BB7gRE[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\BBH3Kvo[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[3].htm
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[4].htm
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[5].htm
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[6].htm
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\nrrV52461[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\nrrV52461[2].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\264bf325-c7e4-4939-8912-2424a7abe532[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\46a64e19-d1cf-494e-8a93-1a179ccdaae9[1].jpg
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AA5Wkdg[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AA6wTdK[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AANuZgF[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAPFmi4[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAPXV6f[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAPwrS4[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlAXA[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlAkD[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlKWc[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARlmVR[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARm0KA[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARm2bN[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARm3Az[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARm3dD[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARmagQ[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARmdP1[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AARmqzU[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\BBK9Hzy[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\BBVuddh[1].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\de-ch[2].json
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\iab2Data[1].json
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\otBannerSdk[2].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\otTCF-ie[1].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\2d-0e97d4-185735b[1].css
UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\52-478955-68ddb2ab[1].js
UTF-8 Unicode text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAOdxvW[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlHk9[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlK6L[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlKcO[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARlT6t[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARm1Gs[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmbBr[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmger[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmlyN[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmvNW[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AARmyym[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1aXBV1[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1cEP3G[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1cG73h[1].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1kKVy[1].png
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB7hjL[2].png
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BBPfCZL[1].png
GIF image data, version 89a, 50 x 50
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BBX2afX[2].png
PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\a8a064[1].gif
GIF image data, version 89a, 28 x 28
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\de-ch[1].htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\e151e5[1].gif
GIF image data, version 89a, 1 x 1
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jquery-2.1.1.min[1].js
ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF8FD9E59158A57651.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFB46CC2C567068B9E.TMP
data
dropped
 clean
There are 102 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\uNVvJ2g3XW.dll",#1
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\uNVvJ2g3XW.dll,DllGetClassObject
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\uNVvJ2g3XW.dll,DllRegisterServer
 malicious
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\uNVvJ2g3XW.dll,PluginInit
 malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\uNVvJ2g3XW.dll"
 clean
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\uNVvJ2g3XW.dll",#1
 clean
C:\Windows\System32\regsvr32.exe
regsvr32.exe /s C:\Users\user\Desktop\uNVvJ2g3XW.dll
 clean
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4588 CREDAT:17410 /prefetch:2
 clean

URLs

Name
IP
Malicious
http://normyils.com/
unknown
 malicious
normyils.com
malicious
https://console.aws.amazon.com/billing/home#/account?nc2=h_m_ma
unknown
 clean
http://searchads.msn.net/.cfm?&&kp=1&
unknown
 clean
https://dc.ads.linkedin.com/collect/?pid=3038&fmt=gif
unknown
 clean
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_promotionalstripe_na
unknown
 clean
https://onedrive.live.com;Fotos
unknown
 clean
https://reinvent.awsevents.com/learn/training-and-certification/?nc2=hp_tc
unknown
 clean
https://aws.amazon.com/ar/
unknown
 clean
https://www.botman.ninja/privacy-policy
unknown
 clean
https://a0.awsstatic.com/libra/1.0.410/libra-cardsui
unknown
 clean
https://aws.amazon.com/cn/?nc1=h_ls
unknown
 clean
https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&src=default
unknown
 clean
https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
unknown
 clean
https://www.queryclick.com/privacy-policy
unknown
 clean
https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
unknown
 clean
https://aws.amazon.com/ru/
unknown
 clean
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
unknown
 clean
https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowser
unknown
 clean
https://i18n-string.us-west-2.prod.pricing.aws.a2z.com
unknown
 clean
https://a0.awsstatic.com/eb-csr/1.0.8/orchestrate.js
unknown
 clean
https://aws.amazon.com/ru/?nc1=h_ls
unknown
 clean
https://a0.awsstatic.com/libra/1.0.410/directories
unknown
 clean
https://docs.aws.amazon.com/index.html?nc2=h_ql_doc
unknown
 clean
https://aws.amazon.com/ar/?nc1=h_ls
unknown
 clean
http://www.reddit.com/
unknown
 clean
https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&src=header_signu
unknown
 clean
https://aws.amazon.com/th/
unknown
 clean
https://sp.booking.com/index.html?aid=1589774&label=travelnavlink
unknown
 clean
https://aws.amazon.com/marketplace/?nc2=h_mo
unknown
 clean
https://console.aws.amazon.com/support/home/?nc2=h_ql_cu
unknown
 clean
https://reinvent.awsevents.com/?sc_icampaign=Event_event_reInvent_DG2&sc_ichannel=ha&sc_icon
unknown
 clean
https://www.msn.com/de-ch/news/other/die-provisorische-kantonsschule-auf-dem-irchel-kann-2024-starte
unknown
 clean
https://amzn.to/2TTxhNg
unknown
 clean
https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
unknown
 clean
https://aws.amazon.com/search/
unknown
 clean
https://aws.amazon.com/?nc2=h_lg
unknown
 clean
https://console.aws.amazon.com/support/home/?nc1=f_dr
unknown
 clean
https://www.msn.com/de-ch
unknown
 clean
https://aws.amazon.com/vi/
unknown
 clean
https://www.tippsundtricks.co/gesundheit/stueck-seife-bettwasche/?utm_campaign=DECH-bedsoap&utm_
unknown
 clean
https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&mid=46130&u1=dech_mestripe_store&m
unknown
 clean
https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&http
unknown
 clean
https://nextmillennium.io/privacy-policy/
unknown
 clean
https://silvermob.com/privacy
unknown
 clean
https://browser.events.data.msn.com/OneCollector/1.0/t.js?qsp=true&anoncknm=%22%22&name=%22MS.News.W
unknown
 clean
https://a0.awsstatic.com/libra/1.0.410/libra-head.js
unknown
 clean
https://a0.awsstatic.com/eb-csr/1.0.8/orchestrate.css
unknown
 clean
https://aws.amazon.com/tw/
unknown
 clean
https://aws.amazon.com/tr/?nc1=h_ls
unknown
 clean
https://aws.amazon.com/fr/?nc1=h_ls
unknown
 clean
https://www.msn.com/de-ch/?ocid=iehp&item=deferred_page%3a1&ignorejs=webcore%2fmodules%2fjsb
unknown
 clean
https://a0.awsstatic.com/libra-search/1.0.13/js
unknown
 clean
https://a0.awsstatic.com/libra/1.0.410/librastandardlib
unknown
 clean
https://onedrive.live.com/?qt=mru;OneDrive-App
unknown
 clean
https://www.skype.com/de
unknown
 clean
https://aws.amazon.com/
unknown
 clean
https://repost.aws/?nc2=h_rp
unknown
 clean
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-me
unknown
 clean
https://aws.amazon.com/dC3
unknown
 clean
https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.png
unknown
 clean
https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
unknown
 clean
http://www.hotmail.msn.com/pii/ReadOutlookEmail/
unknown
 clean
https://a0.awsstatic.com/g11n-lib/2.0.94
unknown
 clean
https://aws.amazon.com/jp/
unknown
 clean
https://onedrive.live.com;OneDrive-App
unknown
 clean
https://reinvent.awsevents.com/?nc2=h_mo
unknown
 clean
https://www.msn.com/de-ch/news/other/erste-best%c3%a4tigte-ansteckung-zwei-weitere-verdachtsf%c3%a4l
unknown
 clean
http://www.amazon.com/
unknown
 clean
https://reinvent.awsevents.com/register/?nc2=hp_kn
unknown
 clean
https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
unknown
 clean
http://www.twitter.com/
unknown
 clean
https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
unknown
 clean
https://cdn.cookielaw.org/vendorlist/googleData.json
unknown
 clean
https://reinvent.awsevents.com/leadership-sessions/?nc2=hp_ls
unknown
 clean
https://outlook.com/
unknown
 clean
https://reinvent.awsevents.com/register/?nc2=hp_ls
unknown
 clean
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
unknown
 clean
https://aws.amazon.com/de/
unknown
 clean
https://phd.aws.amazon.com/?nc2=h_m_sc
unknown
 clean
https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png
unknown
 clean
https://a0.awsstatic.com/libra-css/css/1.0.399
unknown
 clean
https://www.msn.com/de-ch/?ocid=iehp
unknown
 clean
https://sp.booking.com/index.html?aid=1589774&label=dech-prime-hp-shoppingstripe-nav
unknown
 clean
https://a0.awsstatic.com
unknown
 clean
https://www.ebay.ch/?mkcid=1&mkrid=5222-53480-19255-0&siteid=193&campid=5338626668&t
unknown
 clean
https://doceree.com/.well-known/deviceStorage.json
unknown
 clean
https://aws.amazon.com/th/?nc1=f_ls
unknown
 clean
https://a0.awsstatic.com/da/js/1.0.48/aws-da.js
unknown
 clean
http://www.nytimes.com/
unknown
 clean
https://aws.amazon.com/tr/
unknown
 clean
https://s0.awsstatic.com
unknown
 clean
https://onedrive.live.com/about/en/download/
unknown
 clean
https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6
unknown
 clean
https://www.tippsundtricks.co/lifehacks/kochendes-wasser-auto/?utm_campaign=DECH-cardent&utm_sou
unknown
 clean
https://www.amazon.jobs/aws
unknown
 clean
https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.png
unknown
 clean
https://www.ricardo.ch/?utm_source=msn&utm_medium=affiliate&utm_campaign=msn_mestripe_logo_d
unknown
 clean
https://twitter.com/
unknown
 clean
https://optimise-it.de/datenschutz
unknown
 clean
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
normyils.com
87.120.254.190
 malicious
contextual.media.net
23.211.6.95
 clean
dr49lng3n1n2s.cloudfront.net
13.225.75.74
 clean
lg3.media.net
23.211.6.95
 clean
assets.msn.com
unknown
 clean
www.msn.com
unknown
 clean
srtb.msn.com
unknown
 clean
cvision.media.net
unknown
 clean
browser.events.data.msn.com
unknown
 clean
aws.amazon.com
unknown
 clean

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{C09368A5-5415-11EC-90E5-ECF4BB2D2496}
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Blocked
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListPingLastYMD
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListPingBitmap
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListPingRandomizedBitmap
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion
NextUpdateDate
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\msn.com
NumberOfSubdomains
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\contextual.media.net
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\media.net
Total
 clean
There are 78 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
135A0590000
unkown
page read and write
 malicious
135A065A000
heap default
page read and write
 malicious
7DF5DBF72000
unkown image
page readonly
 clean
7FF5D8562000
unkown image
page readonly
 clean
1170000
unkown image
page readonly
 clean
7FF5D218B000
unkown image
page readonly
 clean
7FF502D17000
unkown image
page readonly
 clean
7FF4FF577000
unkown image
page readonly
 clean
7DF5E2302000
unkown image
page readonly
 clean
960000
unkown image
page readonly
 clean
7FFD778BB000
unkown image
page read and write
 clean
7FF5D8323000
unkown image
page readonly
 clean
2B07E887000
unkown
page read and write
 clean
7DF5E2300000
unkown image
page readonly
 clean
7DF5DBF60000
unkown image
page readonly
 clean
7FF5D8415000
unkown image
page readonly
 clean
2B07E410000
unkown
page read and write
 clean
7FF5DA582000
unkown image
page readonly
 clean
7FFD778BD000
unkown image
page write copy
 clean
1F4BD590000
unkown image
page readonly
 clean
1F1AFD3D000
unkown
page read and write
 clean
7FFD778BC000
unkown image
page readonly
 clean
7DF5E2310000
unkown image
page readonly
 clean
2B07E849000
unkown
page read and write
 clean
7DF5F6DB0000
unkown image
page readonly
 clean
7DF5E2312000
unkown image
page readonly
 clean
7DF50CAC0000
unkown image
page readonly
 clean
135A04F0000
unkown image
page readonly
 clean
7FF5D8270000
unkown image
page readonly
 clean
7FF557425000
unkown image
page readonly
 clean
7DF5612D0000
unkown image
page readonly
 clean
2B07D08F000
unkown
page read and write
 clean
7FF556D51000
unkown image
page readonly
 clean
F47BE7D000
unkown
page read and write
 clean
7DF572BD0000
unkown image
page readonly
 clean
2DE33A60000
unkown image
page readonly
 clean
7FF5D830F000
unkown image
page readonly
 clean
7FF568D6D000
unkown image
page readonly
 clean
70ED979000
stack
page read and write
 clean
7DF572BD0000
unkown image
page readonly
 clean
1F1AFCB5000
heap private
page read and write
 clean
7FFD778BB000
unkown image
page read and write
 clean
2B07CE50000
heap private
page read and write
 clean
95B000
unkown
page read and write
 clean
1F1AFB60000
unkown image
page readonly
 clean
7FF5574C4000
unkown image
page readonly
 clean
7DF509352000
unkown image
page readonly
 clean
7FF502A50000
unkown image
page readonly
 clean
7FF502CD7000
unkown image
page readonly
 clean
2B07D013000
unkown
page read and write
 clean
7FFD778BB000
unkown image
page read and write
 clean
259287D000
unkown
page read and write
 clean
7FF5D84B7000
unkown image
page readonly
 clean
7FF4FF574000
unkown image
page readonly
 clean
7FFD778BC000
unkown image
page readonly
 clean
70ED8FE000
stack
page read and write
 clean
7FF5D8307000
unkown image
page readonly
 clean
F3F867F000
stack
page read and write
 clean
7FF502CC4000
unkown image
page readonly
 clean
1F4BD580000
unkown image
page readonly
 clean
1F1B0AA0000
unkown
page read and write
 clean
7FF4FF567000
unkown image
page readonly
 clean
7FFD778BA000
unkown image
page readonly
 clean
7FF5D8235000
unkown image
page readonly
 clean
2B07E518000
unkown
page read and write
 clean
7FF5D80C2000
unkown image
page readonly
 clean
7DF5DBF60000
unkown image
page readonly
 clean
7DF5F6DC0000
unkown image
page readonly
 clean
2B07E8F9000
unkown
page read and write
 clean
2B07E81D000
unkown
page read and write
 clean
7FFD77881000
unkown image
page execute read
 clean
7FFD77880000
unkown image
page readonly
 clean
7FF5D2177000
unkown image
page readonly
 clean
135A0820000
unkown image
page readonly
 clean
7FF5D80DC000
unkown image
page readonly
 clean
2B07E8E6000
unkown
page read and write
 clean
9F0000
heap private
page read and write
 clean
F3F887F000
stack
page read and write
 clean
7FF5D84BE000
unkown image
page readonly
 clean
1F1AFD00000
heap default
page read and write
 clean
2B07E400000
unkown
page read and write
 clean
135A0629000
heap default
page read and write
 clean
7FF5D8222000
unkown image
page readonly
 clean
7FF5D1B78000
unkown image
page readonly
 clean
7DF5612C0000
unkown image
page readonly
 clean
F3F83FA000
stack
page read and write
 clean
1F1AFB20000
unkown image
page read and write
 clean
7FF5574CD000
unkown image
page readonly
 clean
7DF509360000
unkown image
page readonly
 clean
1F1AFCB9000
heap private
page read and write
 clean
7DF572BE0000
unkown image
page readonly
 clean
2B07E8DA000
unkown
page read and write
 clean
7FF568DE4000
unkown image
page readonly
 clean
2DE33BF4000
heap default
page read and write
 clean
1F1B07C0000
unkown
page read and write
 clean
7FFD778BC000
unkown image
page readonly
 clean
283693F0000
heap private
page read and write
 clean
7FF502C0F000
unkown image
page readonly
 clean
7FF502D12000
unkown image
page readonly
 clean
1F1AFD3D000
unkown
page read and write
 clean
7FF5D8437000
unkown image
page readonly
 clean
7DF5DBF62000
unkown image
page readonly
 clean
2B07D000000
unkown
page read and write
 clean
7FF557358000
unkown image
page readonly
 clean
135A0500000
unkown image
page readonly
 clean
7FF5D2174000
unkown image
page readonly
 clean
14CA5EE0000
unkown image
page readonly
 clean
2B07D802000
unkown
page read and write
 clean
2B07E660000
unkown
page read and write
 clean
3B254FD000
unkown
page read and write
 clean
135A0500000
unkown image
page readonly
 clean
1595DDD000
unkown
page read and write
 clean
7FF502BF9000
unkown image
page readonly
 clean
7FF502D06000
unkown image
page readonly
 clean
2B07D959000
unkown
page read and write
 clean
135A05B0000
heap default
page read and write
 clean
7FF5D82FA000
unkown image
page readonly
 clean
7FF4FF5B2000
unkown image
page readonly
 clean
2B07E903000
unkown
page read and write
 clean
7FF4FF5B7000
unkown image
page readonly
 clean
F3F85FB000
stack
page read and write
 clean
7DF5E2302000
unkown image
page readonly
 clean
7FF5D8556000
unkown image
page readonly
 clean
7FFD77881000
unkown image
page execute read
 clean
7FF5D8213000
unkown image
page readonly
 clean
7FF502C6E000
unkown image
page readonly
 clean
1F1AFC60000
unkown
page read and write
 clean
7DF4F4C70000
unkown image
page readonly
 clean
7FF5D2171000
unkown image
page readonly
 clean
7FF502D0B000
unkown image
page readonly
 clean
7DF5612B2000
unkown image
page readonly
 clean
7FF5D82AB000
unkown image
page readonly
 clean
2B07E82B000
unkown
page read and write
 clean
2B000000000
unkown
page read and write
 clean
7FF5574EA000
unkown image
page readonly
 clean
7FF502C74000
unkown image
page readonly
 clean
7FF5ECFF6000
unkown image
page readonly
 clean
F3F877F000
stack
page read and write
 clean
70ED67C000
unkown
page read and write
 clean
135A0786000
unkown
page execute and read and write
 clean
7FF4FF5A3000
unkown image
page readonly
 clean
1F1B0A80000
unkown
page readonly
 clean
135A0810000
heap private
page read and write
 clean
F3F84FE000
stack
page read and write
 clean
14CA5EF0000
unkown image
page readonly
 clean
7FF5DA590000
unkown image
page readonly
 clean
7DF572BC0000
unkown image
page readonly
 clean
7FF5ECFF3000
unkown image
page readonly
 clean
7FF502C2E000
unkown image
page readonly
 clean
7FFD778BA000
unkown image
page readonly
 clean
7FF5D8511000
unkown image
page readonly
 clean
F3F8AF9000
stack
page read and write
 clean
7FF502C3A000
unkown image
page readonly
 clean
7FF557506000
unkown image
page readonly
 clean
DE0000
unkown image
page readonly
 clean
135A05A0000
unkown image
page readonly
 clean
7FF5574C7000
unkown image
page readonly
 clean
14CA5FF0000
heap default
page read and write
 clean
7FF502BB7000
unkown image
page readonly
 clean
7FF5573B4000
unkown image
page readonly
 clean
7FF502BC1000
unkown image
page readonly
 clean
7FF502D03000
unkown image
page readonly
 clean
2B07D08D000
unkown
page read and write
 clean
7FF568DF3000
unkown image
page readonly
 clean
1F4BDA45000
heap private
page read and write
 clean
7FF5570C3000
unkown image
page readonly
 clean
7FF5ED007000
unkown image
page readonly
 clean
1F1AFCA0000
unkown image
page readonly
 clean
1F1B0830000
unkown
page read and write
 clean
7FFD778BB000
unkown image
page read and write
 clean
7FF5D1925000
unkown image
page readonly
 clean
7FF568DD7000
unkown image
page readonly
 clean
2B07D071000
unkown
page read and write
 clean
F3F7DAB000
unkown
page read and write
 clean
2B07E670000
unkown
page read and write
 clean
7FF5D2187000
unkown image
page readonly
 clean
2B07D918000
unkown
page read and write
 clean
7DF509350000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
2B07E6A0000
unkown
page read and write
 clean
28369070000
unkown image
page readonly
 clean
7FF5D8444000
unkown image
page readonly
 clean
7FF502BF0000
unkown image
page readonly
 clean
7FF568D77000
unkown image
page readonly
 clean
1F1AFCF8000
heap default
page read and write
 clean
7FF5D21B3000
unkown image
page readonly
 clean
14CA5EC0000
unkown image
page readonly
 clean
7FFD77D40000
unkown image
page readonly
 clean
7FF502C56000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
7FF5DA580000
unkown image
page readonly
 clean
7FFD778BD000
unkown image
page write copy
 clean
14CA6175000
heap private
page read and write
 clean
2B07D029000
unkown
page read and write
 clean
2B07E360000
unkown
page read and write
 clean
7DF5F6DB2000
unkown image
page readonly
 clean
7FF5573B7000
unkown image
page readonly
 clean
7FF5D20BF000
unkown image
page readonly
 clean
7FF5D2119000
unkown image
page readonly
 clean
135A06A7000
unkown
page read and write
 clean
2B07CE60000
unkown image
page readonly
 clean
2B07E6A0000
unkown
page read and write
 clean
7FFD77880000
unkown image
page readonly
 clean
F3F81F7000
stack
page read and write
 clean
135A05DA000
heap default
page read and write
 clean
1F1AFCB0000
heap private
page read and write
 clean
1F4BD570000
unkown image
page read and write
 clean
7DF50CAC2000
unkown image
page readonly
 clean
7FF55745D000
unkown image
page readonly
 clean
7FF5D1D94000
unkown image
page readonly
 clean
7FF568E27000
unkown image
page readonly
 clean
2B07DEE0000
unkown
page read and write
 clean
7DF5612C0000
unkown image
page readonly
 clean
28369080000
unkown image
page readonly
 clean
2B07D07A000
unkown
page read and write
 clean
7FF5D829E000
unkown image
page readonly
 clean
2B07D959000
unkown
page read and write
 clean
7FF5D8473000
unkown image
page readonly
 clean
7DF5612C2000
unkown image
page readonly
 clean
7FF5ECFB7000
unkown image
page readonly
 clean
2B07CE40000
unkown image
page read and write
 clean
7DF5612B0000
unkown image
page readonly
 clean
2B07E510000
unkown
page read and write
 clean
7FF5D823F000
unkown image
page readonly
 clean
1F1B0820000
unkown
page read and write
 clean
2B07DFC0000
unkown image
page readonly
 clean
7FF5D848A000
unkown image
page readonly
 clean
2B07E531000
unkown
page read and write
 clean
1F1B0380000
unkown image
page readonly
 clean
7FF5D8266000
unkown image
page readonly
 clean
135A0A20000
unkown image
page readonly
 clean
2B07D400000
unkown image
page readonly
 clean
7FF5D83E5000
unkown image
page readonly
 clean
CE8000
heap default
page read and write
 clean
7FF568DDD000
unkown image
page readonly
 clean
14CA60F0000
unkown
page read and write
 clean
7FF5D1A41000
unkown image
page readonly
 clean
7FF502A20000
unkown image
page readonly
 clean
135A0550000
unkown
page read and write
 clean
2B07E8EE000
unkown
page read and write
 clean
2B07E8E0000
unkown
page read and write
 clean
7FF5ECFC4000
unkown image
page readonly
 clean
7FF5D8440000
unkown image
page readonly
 clean
7DF5612C2000
unkown image
page readonly
 clean
7FF5D8454000
unkown image
page readonly
 clean
7FF5D7DCE000
unkown image
page readonly
 clean
1F1AFB40000
unkown image
page readonly
 clean
1F1AFB40000
unkown image
page readonly
 clean
7FFD778BB000
unkown image
page read and write
 clean
7FF557351000
unkown image
page readonly
 clean
7FF502BD8000
unkown image
page readonly
 clean
1F4BD5B0000
unkown image
page readonly
 clean
7FFD778BC000
unkown image
page readonly
 clean
7FFD778BA000
unkown image
page readonly
 clean
7FF5689D3000
unkown image
page readonly
 clean
2B07D900000
unkown
page read and write
 clean
2B07CE60000
unkown image
page readonly
 clean
7FFD77881000
unkown image
page execute read
 clean
F3F88FF000
stack
page read and write
 clean
7FF4FF583000
unkown image
page readonly
 clean
7FF5D8567000
unkown image
page readonly
 clean
7FF5D847D000
unkown image
page readonly
 clean
7FF5D83A8000
unkown image
page readonly
 clean
1F1AFD3D000
unkown
page read and write
 clean
9B0000
unkown
page read and write
 clean
FE0000
unkown image
page readonly
 clean
7FF502C69000
unkown image
page readonly
 clean
2B07E630000
unkown
page read and write
 clean
283691C0000
unkown
page read and write
 clean
7FF5ED007000
unkown image
page readonly
 clean
7FF5D210D000
unkown image
page readonly
 clean
7FF5D8524000
unkown image
page readonly
 clean
2B07D094000
unkown
page read and write
 clean
7FF4FF4F6000
unkown image
page readonly
 clean
2B07DFE0000
unkown image
page readonly
 clean
7FF5D8313000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
7FF5D1B7A000
unkown image
page readonly
 clean
2B07CE90000
unkown image
page readonly
 clean
7FFD778BD000
unkown image
page write copy
 clean
7FF5D820D000
unkown image
page readonly
 clean
135A0784000
unkown
page execute and read and write
 clean
7FF5D2184000
unkown image
page readonly
 clean
2B07D08A000
unkown
page read and write
 clean
7FF502CD4000
unkown image
page readonly
 clean
7FF5DA5A0000
unkown image
page readonly
 clean
7FF5D826A000
unkown image
page readonly
 clean
2B07E8B5000
unkown
page read and write
 clean
7FF5D1FF1000
unkown image
page readonly
 clean
7FF5D830D000
unkown image
page readonly
 clean
7FFD778BD000
unkown image
page write copy
 clean
7FF5D82A0000
unkown image
page readonly
 clean
7FF5D1FD8000
unkown image
page readonly
 clean
7FF5D8228000
unkown image
page readonly
 clean
7FF5D84B9000
unkown image
page readonly
 clean
7FF5D851D000
unkown image
page readonly
 clean
70ED87A000
stack
page read and write
 clean
7DF572BC2000
unkown image
page readonly
 clean
2B07DA01000
unkown
page read and write
 clean
970000
unkown image
page readonly
 clean
7FFD778BA000
unkown image
page readonly
 clean
7FF502CC7000
unkown image
page readonly
 clean
2B07CFC0000
unkown image
page read and write
 clean
2B07CE80000
unkown image
page readonly
 clean
2B07D102000
unkown
page read and write
 clean
7FF5D845F000
unkown image
page readonly
 clean
14CA5EB0000
unkown image
page readonly
 clean
7DF5E2320000
unkown image
page readonly
 clean
2B07E010000
unkown image
page readonly
 clean
7FF568D46000
unkown image
page readonly
 clean
7DF50CAB2000
unkown image
page readonly
 clean
7FF557517000
unkown image
page readonly
 clean
7FF5D84A6000
unkown image
page readonly
 clean
135A0530000
unkown image
page readonly
 clean
7DF4D9E30000
unkown image
page readonly
 clean
7FF502A4E000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
7FFD778BD000
unkown image
page write copy
 clean
7FF4FF56D000
unkown image
page readonly
 clean
7FF557048000
unkown image
page readonly
 clean
7FF557469000
unkown image
page readonly
 clean
7FF5ECBB3000
unkown image
page readonly
 clean
14CA5EA0000
unkown image
page read and write
 clean
135A0601000
heap default
page read and write
 clean
7FF502A5B000
unkown image
page readonly
 clean
7FF5D21C7000
unkown image
page readonly
 clean
7FF4FF4FD000
unkown image
page readonly
 clean
7FF5D217D000
unkown image
page readonly
 clean
7FF5D8264000
unkown image
page readonly
 clean
14CA6110000
unkown
page read and write
 clean
2DE33A10000
unkown image
page read and write
 clean
CE0000
heap default
page read and write
 clean
7FF502CEA000
unkown image
page readonly
 clean
7FF5D1E0A000
unkown image
page readonly
 clean
283690B0000
unkown image
page readonly
 clean
7FF5DA5A0000
unkown image
page readonly
 clean
1F1B0836000
unkown
page read and write
 clean
7FF5D21B6000
unkown image
page readonly
 clean
7DF572BC0000
unkown image
page readonly
 clean
7FF5D82C4000
unkown image
page readonly
 clean
7FF5573F9000
unkown image
page readonly
 clean
7FF4FF163000
unkown image
page readonly
 clean
7FFD778BA000
unkown image
page readonly
 clean
7FF568DE7000
unkown image
page readonly
 clean
14CA6170000
heap private
page read and write
 clean
2B07D913000
unkown
page read and write
 clean
7FF568D66000
unkown image
page readonly
 clean
7FF5D8092000
unkown image
page readonly
 clean
7FF5D81EA000
unkown image
page readonly
 clean
7DF5E2300000
unkown image
page readonly
 clean
7DF509362000
unkown image
page readonly
 clean
7FF4FF4D6000
unkown image
page readonly
 clean
2B07D918000
unkown
page read and write
 clean
2B07E550000
unkown
page read and write
 clean
7DF470A90000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
7FF5ECF26000
unkown image
page readonly
 clean
F3F86FF000
stack
page read and write
 clean
2B07E510000
unkown
page read and write
 clean
7DF50CAC0000
unkown image
page readonly
 clean
7DF5F6DA0000
unkown image
page readonly
 clean
7FFD778BC000
unkown image
page readonly
 clean
135A0BA0000
unkown image
page readonly
 clean
2B07E8DA000
unkown
page read and write
 clean
7DF5E2320000
unkown image
page readonly
 clean
7DF50CAD0000
unkown image
page readonly
 clean
7DF5612B0000
unkown image
page readonly
 clean
2B07E8B6000
unkown
page read and write
 clean
2B07E8AF000
unkown
page read and write
 clean
7FF5ECF46000
unkown image
page readonly
 clean
7FF557467000
unkown image
page readonly
 clean
1F4BD788000
heap default
page read and write
 clean
25F0000
heap private
page read and write
 clean
7DF5DBF72000
unkown image
page readonly
 clean
2B07D800000
unkown
page read and write
 clean
7DF509352000
unkown image
page readonly
 clean
7FF5D853A000
unkown image
page readonly
 clean
7FF502D17000
unkown image
page readonly
 clean
7FF5D84AD000
unkown image
page readonly
 clean
7DF407220000
unkown image
page readonly
 clean
7FF502C23000
unkown image
page readonly
 clean
7FF557517000
unkown image
page readonly
 clean
1F4BD590000
unkown image
page readonly
 clean
7FF5574DB000
unkown image
page readonly
 clean
2B07E83C000
unkown
page read and write
 clean
2B07E540000
unkown
page read and write
 clean
F3F89FB000
stack
page read and write
 clean
7FF5D219A000
unkown image
page readonly
 clean
7FF5B706B000
unkown image
page readonly
 clean
1F1B07B0000
unkown
page read and write
 clean
283693F5000
heap private
page read and write
 clean
7FFD778BC000
unkown image
page readonly
 clean
7FF5D8553000
unkown image
page readonly
 clean
7FF5DA590000
unkown image
page readonly
 clean
2B07E380000
unkown
page read and write
 clean
2B07D077000
unkown
page read and write
 clean
2B07CEB0000
heap default
page read and write
 clean
7FF5D8434000
unkown image
page readonly
 clean
7FF502A74000
unkown image
page readonly
 clean
F3F8CFE000
stack
page read and write
 clean
7FF568E13000
unkown image
page readonly
 clean
2B07E530000
unkown
page read and write
 clean
2B07D590000
unkown image
page readonly
 clean
7FF502C5D000
unkown image
page readonly
 clean
1F4BD780000
heap default
page read and write
 clean
7FF5D8486000
unkown image
page readonly
 clean
7FFD77881000
unkown image
page execute read
 clean
7FF4FF5AB000
unkown image
page readonly
 clean
7FF5DA580000
unkown image
page readonly
 clean
7FFD77881000
unkown image
page execute read
 clean
135A1FD0000
unkown image
page readonly
 clean
9D0000
unkown image
page readonly
 clean
7DF50CAD0000
unkown image
page readonly
 clean
2B07E640000
unkown
page read and write
 clean
1F1AFD55000
heap default
page read and write
 clean
7DF509360000
unkown image
page readonly
 clean
1F4BD6D0000
unkown
page read and write
 clean
2B07E800000
unkown
page read and write
 clean
135A068A000
heap default
page read and write
 clean
28369240000
heap default
page read and write
 clean
7FF502C11000
unkown image
page readonly
 clean
7FF5D1F4C000
unkown image
page readonly
 clean
2B07D815000
unkown
page read and write
 clean
7FF5574D4000
unkown image
page readonly
 clean
7FF5D83DE000
unkown image
page readonly
 clean
7FF5DA592000
unkown image
page readonly
 clean
8C0000
unkown image
page readonly
 clean
1160000
unkown image
page readonly
 clean
2B07E620000
unkown
page read and write
 clean
7FF5D2008000
unkown image
page readonly
 clean
7DF509350000
unkown image
page readonly
 clean
1F4BD6B0000
unkown
page read and write
 clean
7FF50278A000
unkown image
page readonly
 clean
7DF4E01D0000
unkown image
page readonly
 clean
2B07E51E000
unkown
page read and write
 clean
7FF5ECFD3000
unkown image
page readonly
 clean
7FF5D83D1000
unkown image
page readonly
 clean
135A0616000
heap default
page read and write
 clean
7FF5574D7000
unkown image
page readonly
 clean
7FFD778BD000
unkown image
page write copy
 clean
135A05B8000
heap default
page read and write
 clean
7FF5ECF4D000
unkown image
page readonly
 clean
7FF5B706B000
unkown image
page readonly
 clean
7FF5ECFBD000
unkown image
page readonly
 clean
135A05E1000
heap default
page read and write
 clean
8C0000
unkown image
page readonly
 clean
135A068D000
unkown
page read and write
 clean
7FF502C20000
unkown image
page readonly
 clean
7DF5612B2000
unkown image
page readonly
 clean
9F5000
heap private
page read and write
 clean
7DF509362000
unkown image
page readonly
 clean
7FF5D846F000
unkown image
page readonly
 clean
990000
unkown
page read and write
 clean
7DF5DBF80000
unkown image
page readonly
 clean
7DF50CAB0000
unkown image
page readonly
 clean
7FF557512000
unkown image
page readonly
 clean
1F1AFDF0000
unkown
page read and write
 clean
7FF5028C3000
unkown image
page readonly
 clean
135A0815000
heap private
page read and write
 clean
2B07DFD0000
unkown image
page readonly
 clean
7DF5DBF70000
unkown image
page readonly
 clean
7FF5D8428000
unkown image
page readonly
 clean
7FF5D8514000
unkown image
page readonly
 clean
2B07E900000
unkown
page read and write
 clean
1F1AFC80000
unkown
page read and write
 clean
283691A0000
unkown
page read and write
 clean
F3F87FF000
stack
page read and write
 clean
7FF5D81EC000
unkown image
page readonly
 clean
7FF557411000
unkown image
page readonly
 clean
7FF4FF507000
unkown image
page readonly
 clean
7FF5D20D4000
unkown image
page readonly
 clean
1F1B0000000
unkown image
page readonly
 clean
7DF572BC2000
unkown image
page readonly
 clean
2B07E6A0000
unkown
page read and write
 clean
2B07CF90000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
7FF5D21C7000
unkown image
page readonly
 clean
7FF5D8527000
unkown image
page readonly
 clean
2B07D03E000
unkown
page read and write
 clean
7DF572BD2000
unkown image
page readonly
 clean
7FF502C67000
unkown image
page readonly
 clean
7DF5DBF62000
unkown image
page readonly
 clean
7FF557503000
unkown image
page readonly
 clean
2DE33BE0000
heap default
page read and write
 clean
2B07E554000
unkown
page read and write
 clean
7DF5E2310000
unkown image
page readonly
 clean
7FF55746E000
unkown image
page readonly
 clean
8A0000
unkown image
page read and write
 clean
2DE33A30000
unkown image
page readonly
 clean
2B07E80C000
unkown
page read and write
 clean
2B07D058000
unkown
page read and write
 clean
7FF5D8449000
unkown image
page readonly
 clean
7FF55703C000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
7FF5D7FDA000
unkown image
page readonly
 clean
7FF4FF5A6000
unkown image
page readonly
 clean
1F1B0200000
unkown image
page readonly
 clean
2DE33BE8000
heap default
page read and write
 clean
135A04E0000
unkown image
page read and write
 clean
7FF557456000
unkown image
page readonly
 clean
2DE33B50000
unkown
page read and write
 clean
14CA5EC0000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
2B07E370000
unkown
page read and write
 clean
7FF557436000
unkown image
page readonly
 clean
7FF5D8517000
unkown image
page readonly
 clean
1F1B0390000
unkown image
page readonly
 clean
2DE33A50000
unkown image
page readonly
 clean
2B07E3F0000
unkown
page read and write
 clean
2B07D580000
unkown image
page readonly
 clean
7DF5612D0000
unkown image
page readonly
 clean
7FFD778BB000
unkown image
page read and write
 clean
7FF5D191E000
unkown image
page readonly
 clean
7FFD77881000
unkown image
page execute read
 clean
28369248000
heap default
page read and write
 clean
2B07E650000
unkown
page read and write
 clean
7FF5ECFC7000
unkown image
page readonly
 clean
7FF5DA582000
unkown image
page readonly
 clean
7DF5DBF80000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
7FF502C42000
unkown image
page readonly
 clean
7FF502CE3000
unkown image
page readonly
 clean
1F1B0A70000
unkown
page read and write
 clean
7FF568E27000
unkown image
page readonly
 clean
7DF5F6DB2000
unkown image
page readonly
 clean
1F1AFCF0000
heap default
page read and write
 clean
7FF502AAA000
unkown image
page readonly
 clean
7FF5DA592000
unkown image
page readonly
 clean
2B07DE00000
unkown image
page read and write
 clean
2B07E540000
unkown
page read and write
 clean
2B07E5E0000
unkown
page read and write
 clean
F3F82FB000
stack
page read and write
 clean
7FF5D8277000
unkown image
page readonly
 clean
1F1AFB30000
unkown
page read and write
 clean
135A2090000
unkown image
page readonly
 clean
2B07D113000
unkown
page read and write
 clean
E69591D000
unkown
page read and write
 clean
2B07D09F000
unkown
page read and write
 clean
7DF50CAB0000
unkown image
page readonly
 clean
7FF5D20E6000
unkown image
page readonly
 clean
135A0800000
unkown
page read and write
 clean
2B07E000000
unkown image
page readonly
 clean
7FF5D83A1000
unkown image
page readonly
 clean
2B07E89B000
unkown
page read and write
 clean
2B07E8A7000
unkown
page read and write
 clean
2B07D0FC000
unkown
page read and write
 clean
7FF4D8450000
unkown image
page readonly
 clean
2B07E8B5000
unkown
page read and write
 clean
7FF5D8337000
unkown image
page readonly
 clean
2B07D7E1000
unkown
page read and write
 clean
7DF45F180000
unkown image
page readonly
 clean
7FF502CCD000
unkown image
page readonly
 clean
2DE33A30000
unkown image
page readonly
 clean
1F1B0A90000
unkown
page read and write
 clean
7DF5E2312000
unkown image
page readonly
 clean
1F4BD5C0000
unkown image
page readonly
 clean
7FF5D1B7F000
unkown image
page readonly
 clean
7FF5D80E9000
unkown image
page readonly
 clean
7DF509370000
unkown image
page readonly
 clean
7DF572BE0000
unkown image
page readonly
 clean
7FF5ECF57000
unkown image
page readonly
 clean
7FF5D8492000
unkown image
page readonly
 clean
135A2140000
unkown
page read and write
 clean
7DF5F6DB0000
unkown image
page readonly
 clean
135A0780000
unkown
page execute and read and write
 clean
7DF5F6DA2000
unkown image
page readonly
 clean
135A0570000
unkown
page read and write
 clean
7DF50CAC2000
unkown image
page readonly
 clean
7FF502C36000
unkown image
page readonly
 clean
2B07E534000
unkown
page read and write
 clean
2B07E860000
unkown
page read and write
 clean
70ED7FA000
stack
page read and write
 clean
2B07DFF0000
unkown image
page readonly
 clean
135A2490000
unkown
page read and write
 clean
7FF5D8252000
unkown image
page readonly
 clean
1F4BDA40000
heap private
page read and write
 clean
1F1AFB70000
unkown image
page readonly
 clean
7FF502BF4000
unkown image
page readonly
 clean
1F1B0AF0000
unkown
page read and write
 clean
7FFD778BA000
unkown image
page readonly
 clean
7DF5F6DA0000
unkown image
page readonly
 clean
7FF5D8461000
unkown image
page readonly
 clean
2B07E8DA000
unkown
page read and write
 clean
7DF5F6DA2000
unkown image
page readonly
 clean
7FF568E16000
unkown image
page readonly
 clean
2B07CFB0000
unkown
page read and write
 clean
7FF4FF5B7000
unkown image
page readonly
 clean
7DF509370000
unkown image
page readonly
 clean
2B07D200000
unkown image
page readonly
 clean
28369060000
unkown image
page read and write
 clean
7FF502C04000
unkown image
page readonly
 clean
28369080000
unkown image
page readonly
 clean
2B07D902000
unkown
page read and write
 clean
7FF5D2001000
unkown image
page readonly
 clean
7FF5D2106000
unkown image
page readonly
 clean
135A0520000
unkown image
page readonly
 clean
7FF5D7D34000
unkown image
page readonly
 clean
7DF40A980000
unkown image
page readonly
 clean
7FFD77880000
unkown image
page readonly
 clean
7FF5D2117000
unkown image
page readonly
 clean
7DF5DBF70000
unkown image
page readonly
 clean
2B07E363000
unkown
page read and write
 clean
7FF5D8259000
unkown image
page readonly
 clean
7DF50CAB2000
unkown image
page readonly
 clean
7DF572BD2000
unkown image
page readonly
 clean
7DF5F6DC0000
unkown image
page readonly
 clean
283690A0000
unkown image
page readonly
 clean
14CA5FF7000
heap default
page read and write
 clean
There are 598 hidden memdumps, click here to show them.