IOC Report

loading gif

Files

File Path
Type
Category
Malicious
eLVzfyydCC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\DURNCK2N\www.kaspersky[1].xml
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{293D228A-73D1-11EC-90E5-ECF4BB570DC9}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{39E1AB78-73D1-11EC-90E5-ECF4BB570DC9}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBB47D07-73D0-11EC-90E5-ECF4BB570DC9}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{293D228C-73D1-11EC-90E5-ECF4BB570DC9}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39E1AB7A-73D1-11EC-90E5-ECF4BB570DC9}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBB47D09-73D0-11EC-90E5-ECF4BB570DC9}.dat
Composite Document File V2 Document, Cannot read section info
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\107.adad7052b448169ab6ff[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\109.3cf8601568ee32d2037f[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\112.72680c3d02b12dbcfc70[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\137.b867e461b87783f36945[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\161.7bb93c182f3aee250b4e[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\316695c6.209da53eb2f66e625fe4[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\322.f151cd6a7db61edfbb02[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\470.11485af6ac94049be322[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\61.bc1dd900b92bc9d80767[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\74.aff6e43f31266e4ba1e4[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\80.2da60d8f88d5016b2bb7[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\MRG_Effitas[1].png
PNG image data, 38 x 63, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\_app[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\_buildManifest[1].js
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\_ssgManifest[1].js
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\av-2020[1].png
PNG image data, 124 x 64, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\business-award-1[1].png
PNG image data, 100 x 80, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\business-award-2[1].png
PNG image data, 100 x 80, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\business-award-3[1].png
PNG image data, 100 x 80, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\c5412e1b22c148871c80[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\c78d26b1.ce9e1553326496a1c9e2[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\commons.e62962d42a6055f15f9a[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\dc64fc9dfc4c6e33bad5[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\fe5b2601695152ff1fad[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\framework.09fd0d83a8f910ba0251[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\home-award-3[1].png
PNG image data, 54 x 60, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\home-award-4[1].png
PNG image data, 109 x 54, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\home-award-5[1].png
PNG image data, 137 x 52, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\home-mobile[1].png
PNG image data, 360 x 152, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\home[1].png
PNG image data, 804 x 560, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\index[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\kaspersky-ransomware-test-dark[1].jpg
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2021:11:15 16:32:12], baseline, precision 8, 1200x628, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\kis-card[1].png
PNG image data, 225 x 322, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\ksos-card[1].png
PNG image data, 225 x 409, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\main-52c9dd25e850a6bbe3d1[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\map[1].png
PNG image data, 1080 x 531, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\optimum-security-card[1].png
PNG image data, 225 x 322, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\polyfills-4cd59183e7ac72a5e1c7[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\s_code_single_suite[1].js
UTF-8 Unicode text, with very long lines, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\webpack-9d64c724fee92863bf94[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\122870.ct[1].js
C source, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\2c47087421d0b[1].js
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\6i[1].htm
HTML document, ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\A2336411-46c8-4f83-96b6-294966496d651[1].js
C source, ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\NewErrorPageTemplate[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\analytics[2].js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\bat[1].js
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\favicon[1].ico
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\fbevents[1].js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\httpErrorPagesScripts[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\insight.min[1].js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\js[2].js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\js[3].js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ktag[1].js
C source, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\layout[1].css
assembler source, ASCII text
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\vt-132[1].js
ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\web-vitals@2.1[1].3
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\web-vitals[1].txt
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\KasperskySans-Bold[1].woff
Web Open Font Format, TrueType, length 40676, version 0.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\KasperskySans-Light[1].woff
Web Open Font Format, TrueType, length 41376, version 0.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\KasperskySans-Regular[1].woff
Web Open Font Format, TrueType, length 41148, version 0.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\daily-dark[1].png
PNG image data, 348 x 196, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\dest5[1].htm
HTML document, ASCII text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ent-1[1].jpg
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 348x196, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ent-2[1].jpg
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 348x196, frames 3
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\eugene_bg[1].png
PNG image data, 526 x 460, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\gtm[1].js
UTF-8 Unicode text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\kaspersky-logo.e79ac6c57fcaf0a58fbb62a8a5d56786[1].svg
SVG Scalable Vector Graphics image
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\museosans-100-webfont[1].woff
Web Open Font Format, TrueType, length 15648, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\museosans-100italic-webfont[1].woff
Web Open Font Format, TrueType, length 16112, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\museosans-300-webfont[1].woff
Web Open Font Format, TrueType, length 15876, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\museosans-300italic-webfont[1].woff
Web Open Font Format, TrueType, length 16556, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\museosans-500-webfont[1].woff
Web Open Font Format, TrueType, length 15736, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\museosans-500italic-webfont[1].woff
Web Open Font Format, TrueType, length 16460, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\museosans-700-webfont[1].woff
Web Open Font Format, TrueType, length 15908, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\museosans-900-webfont[1].woff
Web Open Font Format, TrueType, length 15464, version 1.0
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\quote-bottom.e2312833966dba730cd5a06f774284f2[1].svg
SVG Scalable Vector Graphics image
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\quote-top.3c6c597940fefe5371e9522767e0ebae[1].svg
SVG Scalable Vector Graphics image
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\white.e75902539fce0c72d67a5f0cc24440dc[1].svg
SVG Scalable Vector Graphics image
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\2b763e44c355fc014556[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\2de41e69d7c1a5e11097[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\730c637540e857733f76[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\8HUE4E45.htm
HTML document, ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\9b428f5ec98113084430[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\HET0OTHY.htm
HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\a9ed3a1594363c6938f8[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\bfdf68743177ecbb5a22[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\business-award-4[1].png
PNG image data, 100 x 80, 8-bit gray+alpha, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\c5c20187bc88132abb4a[1].css
ASCII text, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\d065abc22e2b68eda666[1].css
UTF-8 Unicode text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\d4badb8db511cd24e95e[1].css
ASCII text, with very long lines, with no line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\dnserror[1]
HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\down[1]
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\errorPageStrings[1]
UTF-8 Unicode (with BOM) text, with CRLF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\gtm[1].js
UTF-8 Unicode text, with very long lines
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\kts-card[1].png
PNG image data, 226 x 322, 8-bit/color RGBA, non-interlaced
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\mmapi[1].js
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\wc_landing[1].htm
HTML document, UTF-8 Unicode text
dropped
 clean
C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
ASCII text, with CRLF line terminators
modified
 clean
C:\Users\user\AppData\Local\Temp\~DF18CD11B8A0C5DC0C.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF2B88529D39626A07.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF5E3B0D56D1249FD2.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF5FB64BEAADE76AFF.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DF8645F9AFEFCE1AF6.TMP
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\~DFAB0213832CB6A042.TMP
data
dropped
 clean
There are 113 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\eLVzfyydCC.exe
"C:\Users\user\Desktop\eLVzfyydCC.exe"
malicious
C:\Program Files\internet explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6240 CREDAT:17410 /prefetch:2
 clean
C:\Program Files\internet explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3456 CREDAT:17410 /prefetch:2
 clean
C:\Program Files\internet explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
 clean
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4988 CREDAT:17410 /prefetch:2
 clean

URLs

Name
IP
Malicious
https://www.kaspersky.com/siterenderer/_next/static/chunks/61.bc1dd900b92bc9d80767.js
77.74.178.40
 clean
https://tag.rmp.rakuten.com/122870.ct.js
34.102.147.248
 clean
https://stats.g.doubleclick.net/g/collect
unknown
 clean
https://www.website.ws/js/jquery-3.5.0.min.js
64.70.19.170
 clean
https://www.website.ws/idn-orderflow/css/jquery.emojipicker.css
64.70.19.170
 clean
https://me-en.kaspersky.com/?ignoreredirects=true
unknown
 clean
https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/business-award-1.png
77.74.178.40
 clean
https://app.appsflyer.com/com.kms.free?pid=klsite
unknown
 clean
https://unpkg.com/web-vitals@2.1.3
104.16.126.175
 clean
https://www.kaspersky.com/siterenderer/_next/static/media/quote-bottom.e2312833966dba730cd5a06f774284f2.svg
77.74.178.40
 clean
https://www.website.ws/wc_landing.dhtml?domain=blancs.ws
64.70.19.170
 clean
https://www.kaspersky.pt/?ignoreredirects=true
unknown
 clean
https://ampcid.google.com/v1/publisher:getClientId
unknown
 clean
https://www.kaspersky.be/?ignoreredirects=true
unknown
 clean
https://www.website.ws/newnav/images/main-logo.png
64.70.19.170
 clean
https://content.kaspersky-labs.com/se/com/content/en-global/images/baseline/masthead-home/business-a
unknown
 clean
https://www.kaspersky.dk/?ignoreredirects=true
unknown
 clean
https://www.kaspersky.pl/
unknown
 clean
https://www.website.ws/newdesign/newnav/images/h-motto.png
64.70.19.170
 clean
https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home.png
77.74.178.40
 clean
https://www.kaspersky.com/siterenderer/_next/static/fonts/museo-sans/museosans-100italic-webfont.woff
77.74.178.40
 clean
https://www.website.ws/newdesign/newnav/images/form-q-bg.png
64.70.19.170
 clean
https://px.ads.linkedin.com/collect?
unknown
 clean
https://www.kaspersky.com/siterenderer/_next/static/css/bfdf68743177ecbb5a22.css
77.74.178.40
 clean
https://www.kaspersky.com/siterenderer/_next/static/chunks/109.3cf8601568ee32d2037f.js
77.74.178.40
 clean
https://www.kaspersky.com/siterenderer/_next/static/fonts/museo-sans/museosans-100-webfont.woff
77.74.178.40
 clean
https://store.kaspersky.com/store/kasperuk/en_GB/DisplayCustomerServiceOrderSearchPage
unknown
 clean
https://www.kaspersky.com/siterenderer/_next/static/chunks/470.11485af6ac94049be322.js
77.74.178.40
 clean
https://www.kaspersky.com/favicon.ico
77.74.178.40
 clean
https://www.website.ws/newdesign/newnav/images/h-bg.png
64.70.19.170
 clean
https://www.website.ws/newnav/css/layout.css
64.70.19.170
 clean
https://www.website.ws/newdesign/newnav/images/content-b-emp.png
64.70.19.170
 clean
https://www.kaspersky.com/siterenderer/_next/static/images/assets/map.png
77.74.178.40
 clean
https://www.website.ws/newdesign/newnav/images/h-register-own.png
64.70.19.170
 clean
https://stats.g.doubleclick.net/j/collect
unknown
 clean
https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=983502BE532960BE0A490D4C%40AdobeOrg&d_nsid=0&ts=1642010216469
52.211.244.253
 clean
https://www.website.ws/js/cookie-alert.js
64.70.19.170
 clean
http://www.reddit.com/
unknown
 clean
https://www.kaspersky.co.in/?ignoreredirects=true
unknown
 clean
https://www.kaspersky.it/?ignoreredirects=true
unknown
 clean
http://www.kaspersky.com/?domain=update.kaspersky.com
77.74.178.40
 clean
https://www.kaspersky.ro/
unknown
 clean
https://www.kaspersky.com.hk/
unknown
 clean
https://www.kaspersky.nl/?ignoreredirects=true
unknown
 clean
http://blancs.ws/drew/SVohbxNR_2FyCYmenSW7CXy/mnUNl0_2BA/r7aNUwhQrLgjTBURN/to2yS6Hh74Jd/I8HRX9nlHVK/
unknown
 clean
https://www.kaspersky.de/?ignoreredirects=true
unknown
 clean
https://www.kaspersky.com
unknown
 clean
https://s.tribalfusion.com/i.cid?c=705083&ev=0&page=Global
104.18.12.5
 clean
https://www.website.ws/newdesign/newnav/images/body-bg.jpg
64.70.19.170
 clean
https://africa.kaspersky.com/?ignoreredirects=true
unknown
 clean
https://www.kaspersky.co.kr/
unknown
 clean
https://www.kaspersky.com/siterenderer/_next/static/css/a9ed3a1594363c6938f8.css
77.74.178.40
 clean
https://www.awin1.com/sread.img?tt=ns&tv=2&
unknown
 clean
https://www.kaspersky.co.jp/
unknown
 clean
https://stats.g.doubleclick.net/g/collect?v=2&
unknown
 clean
https://www.website.ws/js/emoji.js
64.70.19.170
 clean
https://www.website.ws/newdesign/newnav/images/btn-create-acc-sm.png
64.70.19.170
 clean
https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home-award-5.png
77.74.178.40
 clean
https://www.kaspersky.com/siterenderer/_next/static/runtime/main-52c9dd25e850a6bbe3d1.js
77.74.178.40
 clean
https://www.website.ws/newdesign/newnav/images/nav-login.png
64.70.19.170
 clean
https://www.website.ws/newdesign/newnav/images/header-bg.jpg
64.70.19.170
 clean
https://me.kaspersky.com/?ignoreredirects=true
unknown
 clean
https://www.kaspersky.com/siterenderer/_next/static/chunks/137.b867e461b87783f36945.js
77.74.178.40
 clean
https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/home-award-4.png
77.74.178.40
 clean
https://www.kaspersky.com/content/en-global/images/baseline/media-cards/ent-1.jpg
77.74.178.40
 clean
https://www.kaspersky.com/about/press-releases/2021_kaspersky-recognized-as-a-2021-gartner-peer-insi
unknown
 clean
https://t.myvisualiq.net/ul_cb/activity_pixel?pt=i&et=a&ago=212&ao=537&px=235&ord=1032722821&u1=Global|ALL|Traffic&r=2090721056
18.192.164.101
 clean
https://www.kaspersky.com/siterenderer/_next/static/css/d4badb8db511cd24e95e.css
77.74.178.40
 clean
https://www.website.ws/newdesign/newnav/images/btn-q-search.png
64.70.19.170
 clean
https://www.kaspersky.com/siterenderer/_next/static/chunks/322.f151cd6a7db61edfbb02.js
77.74.178.40
 clean
https://www.website.ws/newnav/js/roboto.cufonfonts.js
64.70.19.170
 clean
https://www.kaspersky.com/siterenderer/_next/static/runtime/polyfills-4cd59183e7ac72a5e1c7.js
77.74.178.40
 clean
https://kaspersky.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&mid=19200230165318792082030216481562829755&ts=1642010216707
13.36.218.177
 clean
http://www.amazon.com/
unknown
 clean
https://unpkg.com/web-vitals
104.16.126.175
 clean
https://www.website.ws/js/js-loader.js
64.70.19.170
 clean
http://www.twitter.com/
unknown
 clean
https://www.website.ws/newdesign/newnav/images/bottom-logo.png
64.70.19.170
 clean
https://s.kk-resources.com/kst.js
unknown
 clean
https://www.kaspersky.com/siterenderer/_next/static/fonts/museo-sans/museosans-500italic-webfont.woff
77.74.178.40
 clean
https://kaspersky-mkt-prod1-m.adobe-campaign.com
unknown
 clean
https://www.kaspersky.com.tr/?ignoreredirects=true
unknown
 clean
https://www.kaspersky.com/siterenderer/_next/static/chunks/107.adad7052b448169ab6ff.js
77.74.178.40
 clean
https://www.kaspersky.com/siterenderer/_next/static/css/c5c20187bc88132abb4a.css
77.74.178.40
 clean
https://www.kaspersky.com/siterenderer/_next/static/chunks/framework.09fd0d83a8f910ba0251.js
77.74.178.40
 clean
https://vt.myvisualiq.net/2/7hrBnrmZAM5n6cl1WjyOsg%3D%3D/vt-132.js
13.226.159.34
 clean
https://t.contentsquare.net/uxa/2c47087421d0b.js
13.226.159.97
 clean
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-63997723-2&cid=388491555.1642010231&jid=27385254&uid=19200230165318792082030216481562829755&gjid=1869784295&_gid=1932271643.1642010231&_u=YEBAAEAAAAAAAC~&z=1109340552
108.177.15.157
 clean
https://www.kaspersky.com/siterenderer/_next/static/fonts/museo-sans/museosans-300-webfont.woff
77.74.178.40
 clean
https://www.website.ws/newdesign/newnav/images/btn-sec-bg.png
64.70.19.170
 clean
https://www.kaspersky.com/content/en-global/images/baseline/masthead-home/business-award-2.png
77.74.178.40
 clean
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-63997723-28&cid=388491555.1642010231&jid=1545619336&_u=aEDAAEQAAAAAAC~&z=1372287311
142.250.186.36
 clean
https://www.kaspersky.com/siterenderer/_next/static/eI2qEMPWp5Vb-YNsYp7i9/pages/index.js
77.74.178.40
 clean
https://www.kaspersky.com/siterenderer/_next/static/media/kaspersky-logo.e79ac6c57fcaf0a58fbb62a8a5d56786.svg
77.74.178.40
 clean
http://www.nytimes.com/
unknown
 clean
https://www.kaspersky.com/siterenderer/_next/static/fonts/KasperskySans/KasperskySans-Bold.woff
77.74.178.40
 clean
https://www.website.ws/newdesign/newnav/images/content-t.png
64.70.19.170
 clean
https://www.website.ws/newdesign/newnav/images/form-field-l.png
64.70.19.170
 clean
https://www.kaspersky.rs/
unknown
 clean
https://www.website.ws/newnav/js/iepngfix_tilebg.js
64.70.19.170
 clean
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
blancs.ws
64.70.19.203
 malicious
gstaticadssl.l.google.com
172.217.18.99
 clean
kaspersky.d3.sc.omtrdc.net
13.36.218.177
 clean
s.tribalfusion.com
104.18.12.5
 clean
www-google-analytics.l.google.com
142.250.186.142
 clean
stats.l.doubleclick.net
108.177.15.157
 clean
www-googletagmanager.l.google.com
216.58.212.136
 clean
multisite-support.geo.kaspersky.com
93.159.228.11
 clean
tag.rmp.rakuten.com
34.102.147.248
 clean
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
52.211.244.253
 clean
awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com
54.228.170.24
 clean
elb-aws-fr-visualiq-1583280815.eu-central-1.elb.amazonaws.com
18.192.164.101
 clean
w.usabilla.com
54.195.126.67
 clean
website.ws
64.70.19.170
 clean
d360616xvwhw9g.cloudfront.net
13.226.159.34
 clean
scontent.xx.fbcdn.net
157.240.17.15
 clean
update.kaspersky.com
185.85.15.26
 clean
d.impactradius-event.com
35.186.249.72
 clean
www.google.com
142.250.186.36
 clean
webcn2.geo.kaspersky.com
77.74.178.40
 clean
t.contentsquare.net
13.226.159.97
 clean
unpkg.com
104.16.126.175
 clean
www.google.ch
142.250.185.195
 clean
multisite2.geo.kaspersky.com
185.85.15.47
 clean
kaspersky.demdex.net
unknown
 clean
cm.everesttech.net
unknown
 clean
stats.g.doubleclick.net
unknown
 clean
service.maxymiser.net
unknown
 clean
dpm.demdex.net
unknown
 clean
vt.myvisualiq.net
unknown
 clean
api-router.kaspersky-labs.com
unknown
 clean
www.website.ws
unknown
 clean
resources.xg4ken.com
unknown
 clean
www.kaspersky.com
unknown
 clean
connect.facebook.net
unknown
 clean
content.kaspersky-labs.com
unknown
 clean
media.kaspersky.com
unknown
 clean
snap.licdn.com
unknown
 clean
t.myvisualiq.net
unknown
 clean
update.fortinet.com
unknown
 clean
There are 30 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
64.70.19.203
blancs.ws
United States
malicious
108.177.15.157
stats.l.doubleclick.net
United States
clean
54.195.126.67
w.usabilla.com
United States
clean
64.70.19.170
website.ws
United States
clean
157.240.17.15
scontent.xx.fbcdn.net
United States
clean
52.16.52.14
unknown
United States
clean
54.228.170.24
awseb-e-g-awsebloa-nt5wfb9wmmft-1397624435.eu-west-1.elb.amazonaws.com
United States
clean
13.226.159.34
d360616xvwhw9g.cloudfront.net
United States
clean
13.226.159.97
t.contentsquare.net
United States
clean
216.58.212.136
www-googletagmanager.l.google.com
United States
clean
185.85.15.47
multisite2.geo.kaspersky.com
Russian Federation
clean
185.85.15.26
update.kaspersky.com
Russian Federation
clean
142.250.186.36
www.google.com
United States
clean
185.85.15.46
unknown
Russian Federation
clean
13.36.218.177
kaspersky.d3.sc.omtrdc.net
United States
clean
18.192.164.101
elb-aws-fr-visualiq-1583280815.eu-central-1.elb.amazonaws.com
United States
clean
93.159.228.11
multisite-support.geo.kaspersky.com
Russian Federation
clean
34.102.147.248
tag.rmp.rakuten.com
United States
clean
35.186.249.72
d.impactradius-event.com
United States
clean
77.74.178.40
webcn2.geo.kaspersky.com
Russian Federation
clean
142.250.185.195
www.google.ch
United States
clean
142.250.186.142
www-google-analytics.l.google.com
United States
clean
52.211.244.253
dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com
United States
clean
104.16.126.175
unpkg.com
United States
clean
104.18.12.5
s.tribalfusion.com
United States
clean
There are 15 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{FBB47D07-73D0-11EC-90E5-ECF4BB570DC9}
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Blocked
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListPingLastYMD
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListPingBitmap
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
CVListPingRandomizedBitmap
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion
NextUpdateDate
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\kaspersky.com
NumberOfSubdomains
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.kaspersky.com
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\kaspersky.com
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.kaspersky.com
NULL
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\kaspersky.com
Total
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{293D228A-73D1-11EC-90E5-ECF4BB570DC9}
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Blocked
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
 clean
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{39E1AB78-73D1-11EC-90E5-ECF4BB570DC9}
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore
Blocked
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTimeArray
 clean
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTimeArray
 clean
There are 37 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
14C8000
heap private
page read and write
 malicious
14C8000
heap private
page read and write
 malicious
14C8000
heap private
page read and write
 malicious
14C8000
heap private
page read and write
 malicious
14C8000
heap private
page read and write
 malicious
14C8000
heap private
page read and write
 malicious
14C8000
heap private
page read and write
 malicious
14C8000
heap private
page read and write
 malicious
14C8000
heap private
page read and write
 malicious
7FF52FB6D000
unkown image
page readonly
 clean
14CB000
heap private
page read and write
 clean
7FF59E020000
unkown image
page readonly
 clean
560000
unkown
page read and write
 clean
7DF5F1302000
unkown image
page readonly
 clean
1382CDF0000
unkown image
page readonly
 clean
7FF582BA3000
unkown image
page readonly
 clean
1AE0025F000
unkown
page read and write
 clean
7FF5DB5B4000
unkown image
page readonly
 clean
3C05F4C000
unkown
page read and write
 clean
7FF5DBA0B000
unkown image
page readonly
 clean
7FF582DDF000
unkown image
page readonly
 clean
1A4758E0000
heap default
page read and write
 clean
560000
unkown
page read and write
 clean
3C067FD000
stack
page read and write
 clean
1AE00860000
unkown
page read and write
 clean
1382CF00000
unkown image
page readonly
 clean
702447F000
stack
page read and write
 clean
2C758040000
heap default
page read and write
 clean
2CFF9B13000
unkown
page read and write
 clean
570000
unkown image
page read and write
 clean
77E000
unkown
page read and write
 clean
7DF443400000
unkown image
page readonly
 clean
401000
unkown image
page execute read
 clean
7FF52FC06000
unkown image
page readonly
 clean
7DF559CA2000
unkown image
page readonly
 clean
7DF58D400000
unkown image
page readonly
 clean
560000
unkown
page read and write
 clean
7FF59DF89000
unkown image
page readonly
 clean
15FAEF80000
unkown image
page readonly
 clean
7FF5441EF000
unkown image
page readonly
 clean
7FF577798000
unkown image
page readonly
 clean
7DF545532000
unkown image
page readonly
 clean
5D6E3FE000
stack
page read and write
 clean
22D2227F000
unkown
page read and write
 clean
2C7587A0000
unkown
page read and write
 clean
7FF5442B8000
unkown image
page readonly
 clean
1A475A5A000
unkown
page read and write
 clean
7FF59DD4D000
unkown image
page readonly
 clean
22D22100000
unkown image
page readonly
 clean
7FF582D15000
unkown image
page readonly
 clean
1AE00256000
unkown
page read and write
 clean
7FF59E02D000
unkown image
page readonly
 clean
2CFF9ABB000
unkown
page read and write
 clean
7FF5DB263000
unkown image
page readonly
 clean
7DF5986E2000
unkown image
page readonly
 clean
1A476202000
unkown
page read and write
 clean
2C758802000
unkown
page read and write
 clean
DFF647E000
stack
page read and write
 clean
5D6E0FE000
stack
page read and write
 clean
7DF545542000
unkown image
page readonly
 clean
7FF59DF58000
unkown image
page readonly
 clean
560000
unkown
page read and write
 clean
7FF52FC3F000
unkown image
page readonly
 clean
7DF545550000
unkown image
page readonly
 clean
1A475890000
unkown image
page readonly
 clean
15FAEA3A000
unkown
page read and write
 clean
22D21FB0000
unkown image
page read and write
 clean
7DF58D3F2000
unkown image
page readonly
 clean
7FF5442E3000
unkown image
page readonly
 clean
7FF59DE0C000
unkown image
page readonly
 clean
7FF5DB597000
unkown image
page readonly
 clean
7FF59E03B000
unkown image
page readonly
 clean
400000
unkown image
page readonly
 clean
151FD44C000
unkown
page read and write
 clean
7FF5DB540000
unkown image
page readonly
 clean
7FF54438B000
unkown image
page readonly
 clean
7FF5DBA0D000
unkown image
page readonly
 clean
7FF59A04E000
unkown image
page readonly
 clean
7FF599ED4000
unkown image
page readonly
 clean
7FF582DB0000
unkown image
page readonly
 clean
1AE00060000
unkown image
page read and write
 clean
DE32FC000
stack
page read and write
 clean
14CB000
heap private
page read and write
 clean
7FF599DFD000
unkown image
page readonly
 clean
151FC330000
unkown
page read and write
 clean
7FF59DECE000
unkown image
page readonly
 clean
585000
heap default
page read and write
 clean
DFF667E000
stack
page read and write
 clean
7FF5998A6000
unkown image
page readonly
 clean
22D22300000
unkown
page read and write
 clean
7FF52F58F000
unkown image
page readonly
 clean
104F000
stack
page read and write
 clean
EA62DFC000
stack
page read and write
 clean
7FF5DBA0F000
unkown image
page readonly
 clean
EB9000
heap private
page read and write
 clean
F38000
heap private
page read and write
 clean
151FC400000
unkown
page read and write
 clean
77E000
unkown
page read and write
 clean
7FF577357000
unkown image
page readonly
 clean
1AE00070000
heap private
page read and write
 clean
151FD300000
unkown
page read and write
 clean
7FF52F484000
unkown image
page readonly
 clean
7FF577AB6000
unkown image
page readonly
 clean
1382D04B000
unkown
page read and write
 clean
22D22288000
unkown
page read and write
 clean
2CFF9A00000
unkown
page read and write
 clean
7DF5986D2000
unkown image
page readonly
 clean
151FBC8D000
unkown
page read and write
 clean
1AE001D0000
unkown
page read and write
 clean
15FAEA63000
unkown
page read and write
 clean
2CFF9ACA000
unkown
page read and write
 clean
7FEB0000
unkown image
page readonly
 clean
151FBC8B000
unkown
page read and write
 clean
7FF52FC3D000
unkown image
page readonly
 clean
1382CDB0000
unkown image
page read and write
 clean
7DF5F1302000
unkown image
page readonly
 clean
7FF5DB8E0000
unkown image
page readonly
 clean
2C75823C000
unkown
page read and write
 clean
15FAEA5C000
unkown
page read and write
 clean
3C0657E000
stack
page read and write
 clean
151FBB60000
unkown image
page read and write
 clean
7FF5DB917000
unkown image
page readonly
 clean
7FF599FC5000
unkown image
page readonly
 clean
7DF5B3950000
unkown image
page readonly
 clean
7FF5DB6FC000
unkown image
page readonly
 clean
7FF599B23000
unkown image
page readonly
 clean
15FAEE00000
unkown image
page readonly
 clean
151FD254000
unkown
page read and write
 clean
7FF5DB9FB000
unkown image
page readonly
 clean
7FF577ABB000
unkown image
page readonly
 clean
7FF599F6C000
unkown image
page readonly
 clean
7DF559C90000
unkown image
page readonly
 clean
3A22D7C000
stack
page read and write
 clean
7FF5DB703000
unkown image
page readonly
 clean
2C75827D000
unkown
page read and write
 clean
7DF5986D0000
unkown image
page readonly
 clean
57C000
unkown image
page readonly
 clean
7FF52F560000
unkown image
page readonly
 clean
6E0B93B000
unkown
page read and write
 clean
78D000
unkown
page read and write
 clean
22D22000000
unkown image
page readonly
 clean
1382CDC0000
heap private
page read and write
 clean
7FF54437D000
unkown image
page readonly
 clean
7FF59DF9A000
unkown image
page readonly
 clean
1A475A76000
unkown
page read and write
 clean
7FF59A04B000
unkown image
page readonly
 clean
710000
heap default
page read and write
 clean
7FF52FB4C000
unkown image
page readonly
 clean
1AE00202000
unkown
page read and write
 clean
9D000
unkown
page read and write
 clean
7FF5DB69A000
unkown image
page readonly
 clean
7FF52F548000
unkown image
page readonly
 clean
7FF5DB760000
unkown image
page readonly
 clean
7FF5DB26D000
unkown image
page readonly
 clean
EA62D7D000
stack
page read and write
 clean
151FD251000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
151FCB30000
unkown image
page read and write
 clean
7FF577A55000
unkown image
page readonly
 clean
1382CE20000
heap default
page read and write
 clean
15FAE840000
heap default
page read and write
 clean
7DF5B3942000
unkown image
page readonly
 clean
1382D03C000
unkown
page read and write
 clean
7DF5B3960000
unkown image
page readonly
 clean
15FAE7D0000
unkown image
page read and write
 clean
7FF5DB9FE000
unkown image
page readonly
 clean
7FF582CD7000
unkown image
page readonly
 clean
DFF677E000
stack
page read and write
 clean
7FF543BEC000
unkown image
page readonly
 clean
DFF5ECB000
unkown
page read and write
 clean
151FC500000
unkown
page read and write
 clean
DE2FBE000
stack
page read and write
 clean
7FF52F4F5000
unkown image
page readonly
 clean
151FD270000
unkown
page read and write
 clean
22D2227C000
unkown
page read and write
 clean
2CFF9E00000
unkown image
page readonly
 clean
15FAEA31000
unkown
page read and write
 clean
7FF5DB4BF000
unkown image
page readonly
 clean
7FF52FA56000
unkown image
page readonly
 clean
3A22C7E000
stack
page read and write
 clean
DE367E000
stack
page read and write
 clean
7FF5442D5000
unkown image
page readonly
 clean
7FF59A026000
unkown image
page readonly
 clean
7FF582DDF000
unkown image
page readonly
 clean
1AE000B0000
unkown image
page readonly
 clean
3C0647E000
stack
page read and write
 clean
7DF559CA0000
unkown image
page readonly
 clean
22D22302000
unkown
page read and write
 clean
7DF4B1810000
unkown image
page readonly
 clean
15FAEA75000
unkown
page read and write
 clean
7FF544305000
unkown image
page readonly
 clean
3A2307E000
stack
page read and write
 clean
2CFF9ACC000
unkown
page read and write
 clean
7FF582D19000
unkown image
page readonly
 clean
7DF442D50000
unkown image
page readonly
 clean
151FBED0000
unkown image
page readonly
 clean
7FF5DB847000
unkown image
page readonly
 clean
6D0000
unkown image
page readonly
 clean
3A2347F000
stack
page read and write
 clean
7FF52F4DA000
unkown image
page readonly
 clean
7DF58D400000
unkown image
page readonly
 clean
151FD260000
unkown
page read and write
 clean
7DF544E82000
unkown image
page readonly
 clean
7FF5DB5E1000
unkown image
page readonly
 clean
3A2256B000
unkown
page read and write
 clean
EA628FB000
stack
page read and write
 clean
7FF5DB95A000
unkown image
page readonly
 clean
3A22B7A000
stack
page read and write
 clean
1A475A56000
unkown
page read and write
 clean
7FF59DDE2000
unkown image
page readonly
 clean
7DF559CA0000
unkown image
page readonly
 clean
1A475A78000
unkown
page read and write
 clean
7FF544384000
unkown image
page readonly
 clean
1382D013000
unkown
page read and write
 clean
7DF5B3940000
unkown image
page readonly
 clean
7FF5828A9000
unkown image
page readonly
 clean
406000
unkown image
page readonly
 clean
1382D07D000
unkown
page read and write
 clean
7FF582BAE000
unkown image
page readonly
 clean
7DF5B3952000
unkown image
page readonly
 clean
7FF5DB928000
unkown image
page readonly
 clean
7FF52FB2C000
unkown image
page readonly
 clean
57A000
unkown image
page read and write
 clean
7DF58D3F0000
unkown image
page readonly
 clean
77E000
unkown
page read and write
 clean
151FD40C000
unkown
page read and write
 clean
7FF5DB91C000
unkown image
page readonly
 clean
7FF52F243000
unkown image
page readonly
 clean
7FF52FB8A000
unkown image
page readonly
 clean
7FF5DB733000
unkown image
page readonly
 clean
7FF582A93000
unkown image
page readonly
 clean
15FAE920000
unkown image
page readonly
 clean
1AE00302000
unkown
page read and write
 clean
7FF577AD4000
unkown image
page readonly
 clean
DE2EBB000
unkown
page read and write
 clean
15FAEB02000
unkown
page read and write
 clean
151FD390000
unkown
page read and write
 clean
7FF577ADB000
unkown image
page readonly
 clean
7FF5442AC000
unkown image
page readonly
 clean
151FD350000
unkown
page read and write
 clean
7FF599F99000
unkown image
page readonly
 clean
7FF59D8CB000
unkown image
page readonly
 clean
7FF52FABE000
unkown image
page readonly
 clean
3A22A79000
stack
page read and write
 clean
7DF559CB0000
unkown image
page readonly
 clean
759000
unkown
page read and write
 clean
7FF544163000
unkown image
page readonly
 clean
15FAE7F0000
unkown image
page readonly
 clean
7FF5DB9C8000
unkown image
page readonly
 clean
7FF582B7D000
unkown image
page readonly
 clean
7FF5828B8000
unkown image
page readonly
 clean
1382D070000
unkown
page read and write
 clean
151FD130000
unkown
page read and write
 clean
7DF5986D2000
unkown image
page readonly
 clean
7FF52F79A000
unkown image
page readonly
 clean
151FC415000
unkown
page read and write
 clean
1A475A02000
unkown
page read and write
 clean
1AE00860000
unkown
page read and write
 clean
3A2317F000
stack
page read and write
 clean
7FF5DB7AD000
unkown image
page readonly
 clean
15180000000
unkown
page read and write
 clean
7FF5DB7C3000
unkown image
page readonly
 clean
7DF5B3940000
unkown image
page readonly
 clean
6CC000
stack
page read and write
 clean
7FF59E01B000
unkown image
page readonly
 clean
15FAE7F0000
unkown image
page readonly
 clean
15FAEA13000
unkown
page read and write
 clean
7DF5AF952000
unkown image
page readonly
 clean
7FF543E69000
unkown image
page readonly
 clean
7FF52FB47000
unkown image
page readonly
 clean
15FAEA59000
unkown
page read and write
 clean
7FF599E4E000
unkown image
page readonly
 clean
1382D08A000
unkown
page read and write
 clean
7FF59DF68000
unkown image
page readonly
 clean
70244FF000
stack
page read and write
 clean
7FF5779D3000
unkown image
page readonly
 clean
1AE00860000
unkown
page read and write
 clean
1F0000
unkown
page read and write
 clean
7FFC2000
unkown image
page readonly
 clean
15FAEA85000
unkown
page read and write
 clean
7FF582CF8000
unkown image
page readonly
 clean
7FF5442EA000
unkown image
page readonly
 clean
402000
unkown image
page readonly
 clean
7FF59E04F000
unkown image
page readonly
 clean
2CFFA540000
unkown image
page write copy
 clean
7FF5DB945000
unkown image
page readonly
 clean
7DF5986F0000
unkown image
page readonly
 clean
15FAEA42000
unkown
page read and write
 clean
7FF5DB59F000
unkown image
page readonly
 clean
151FBC70000
unkown
page read and write
 clean
2C75822A000
unkown
page read and write
 clean
10D0000
heap private
page read and write
 clean
151FBC3D000
unkown
page read and write
 clean
15FAEA78000
unkown
page read and write
 clean
AFE000
stack
page read and write
 clean
7FF5DB584000
unkown image
page readonly
 clean
7FF582DCE000
unkown image
page readonly
 clean
1382D108000
unkown
page read and write
 clean
2C758302000
unkown
page read and write
 clean
7FF582D98000
unkown image
page readonly
 clean
DFF5F4E000
stack
page read and write
 clean
15FAEA7B000
unkown
page read and write
 clean
7FF582C2F000
unkown image
page readonly
 clean
151FCC10000
unkown
page read and write
 clean
7DF58D3E2000
unkown image
page readonly
 clean
2CFF9800000
unkown image
page readonly
 clean
1382CDD0000
unkown image
page readonly
 clean
7FF5DBA0F000
unkown image
page readonly
 clean
15FAE7E0000
heap private
page read and write
 clean
7DF545530000
unkown image
page readonly
 clean
2CFF9900000
unkown image
page readonly
 clean
78D000
heap default
page read and write
 clean
151FBC89000
unkown
page read and write
 clean
22D21FD0000
unkown image
page readonly
 clean
15FAEA76000
unkown
page read and write
 clean
22D22229000
unkown
page read and write
 clean
7FF5779B0000
unkown image
page readonly
 clean
1A4758B0000
unkown image
page readonly
 clean
7FF52F4A8000
unkown image
page readonly
 clean
7FF54439F000
unkown image
page readonly
 clean
DE377F000
stack
page read and write
 clean
7FF54438E000
unkown image
page readonly
 clean
2CFF9A88000
unkown
page read and write
 clean
98E000
stack
page read and write
 clean
7FF59DD57000
unkown image
page readonly
 clean
7FF577AC0000
unkown image
page readonly
 clean
7FF5DB8C7000
unkown image
page readonly
 clean
151FD260000
unkown
page read and write
 clean
7DF5AF950000
unkown image
page readonly
 clean
22D22600000
unkown image
page readonly
 clean
22D2228E000
unkown
page read and write
 clean
151FC502000
unkown
page read and write
 clean
15FAEA49000
unkown
page read and write
 clean
1382D113000
unkown
page read and write
 clean
7FF582CEC000
unkown image
page readonly
 clean
560000
unkown
page read and write
 clean
7FF5442A7000
unkown image
page readonly
 clean
1860000
unkown image
page readonly
 clean
7DF5AF970000
unkown image
page readonly
 clean
7FF5779FD000
unkown image
page readonly
 clean
7FF5DB85F000
unkown image
page readonly
 clean
7FF54435F000
unkown image
page readonly
 clean
15FAEA58000
unkown
page read and write
 clean
7FF52FC0E000
unkown image
page readonly
 clean
1AE00870000
unkown
page read and write
 clean
404000
unkown image
page read and write
 clean
151FCB01000
unkown
page read and write
 clean
7FF577AEF000
unkown image
page readonly
 clean
2E40000
heap private
page read and write
 clean
22D21FD0000
unkown image
page readonly
 clean
22D221F0000
unkown
page read and write
 clean
1382D602000
unkown
page read and write
 clean
7DF5AF952000
unkown image
page readonly
 clean
7FF52F49C000
unkown image
page readonly
 clean
7FF582CE7000
unkown image
page readonly
 clean
22D21FF0000
unkown image
page readonly
 clean
7DF559C92000
unkown image
page readonly
 clean
151FD42A000
unkown
page read and write
 clean
EA62C7C000
stack
page read and write
 clean
7DF544E80000
unkown image
page readonly
 clean
1AE00080000
unkown image
page readonly
 clean
2CFF9820000
heap default
page read and write
 clean
151FBC2A000
unkown
page read and write
 clean
7DF559C92000
unkown image
page readonly
 clean
EA62BFF000
stack
page read and write
 clean
7FF5DB58A000
unkown image
page readonly
 clean
7DF545530000
unkown image
page readonly
 clean
7FF52FA4D000
unkown image
page readonly
 clean
7FF52F4BD000
unkown image
page readonly
 clean
402000
unkown image
page readonly
 clean
7FF59DF3C000
unkown image
page readonly
 clean
6E0C5FE000
stack
page read and write
 clean
7FF5DB6CF000
unkown image
page readonly
 clean
15FAEA6C000
unkown
page read and write
 clean
15FAEA7E000
unkown
page read and write
 clean
7FF59DCDA000
unkown image
page readonly
 clean
7FF59DDED000
unkown image
page readonly
 clean
22D2227C000
unkown
page read and write
 clean
990000
unkown
page read and write
 clean
7FF52FC2B000
unkown image
page readonly
 clean
6E0C1FD000
stack
page read and write
 clean
7FF59E04B000
unkown image
page readonly
 clean
7FF59DE1F000
unkown image
page readonly
 clean
151FCCF0000
unkown image
page readonly
 clean
7FF59DFB5000
unkown image
page readonly
 clean
19C000
unkown
page read and write
 clean
7FF544293000
unkown image
page readonly
 clean
151FBC75000
unkown
page read and write
 clean
7DF5F1300000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
2C758313000
unkown
page read and write
 clean
7FF59A030000
unkown image
page readonly
 clean
15FAEA45000
unkown
page read and write
 clean
3A22E7B000
stack
page read and write
 clean
2D7F000
stack
page read and write
 clean
7FF59DF24000
unkown image
page readonly
 clean
6E0BFFE000
stack
page read and write
 clean
7FF52FBFF000
unkown image
page readonly
 clean
7FF582D45000
unkown image
page readonly
 clean
6E0C6FF000
stack
page read and write
 clean
560000
unkown
page read and write
 clean
1A4759C0000
unkown image
page readonly
 clean
3C062FE000
stack
page read and write
 clean
151FBC00000
unkown
page read and write
 clean
2C758010000
unkown image
page readonly
 clean
7FF5DB590000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
7FF59A02B000
unkown image
page readonly
 clean
7DF544E92000
unkown image
page readonly
 clean
70241BC000
unkown
page read and write
 clean
15FAEA2A000
unkown
page read and write
 clean
2CFF97B0000
unkown image
page read and write
 clean
7FF52FBF8000
unkown image
page readonly
 clean
7FF59E00F000
unkown image
page readonly
 clean
151FCB23000
unkown
page read and write
 clean
7FF5DB884000
unkown image
page readonly
 clean
7FF52F906000
unkown image
page readonly
 clean
2C758288000
unkown
page read and write
 clean
7FF577A1D000
unkown image
page readonly
 clean
7FF5DB9F4000
unkown image
page readonly
 clean
7FF599B38000
unkown image
page readonly
 clean
7FF5DB903000
unkown image
page readonly
 clean
22D2225E000
unkown
page read and write
 clean
7FF59A03D000
unkown image
page readonly
 clean
2CFF97D0000
unkown image
page readonly
 clean
7FF57788D000
unkown image
page readonly
 clean
7FF52F4C5000
unkown image
page readonly
 clean
7FF544214000
unkown image
page readonly
 clean
2CFF9AC4000
unkown
page read and write
 clean
5D6E17E000
stack
page read and write
 clean
1AE00780000
unkown image
page readonly
 clean
5D6E07C000
unkown
page read and write
 clean
15FAEA65000
unkown
page read and write
 clean
DE3577000
stack
page read and write
 clean
7FF52FC1D000
unkown image
page readonly
 clean
70246FB000
stack
page read and write
 clean
7FF58262C000
unkown image
page readonly
 clean
3C063FE000
stack
page read and write
 clean
7FF5779C0000
unkown image
page readonly
 clean
7DF559CA2000
unkown image
page readonly
 clean
7FF577AEF000
unkown image
page readonly
 clean
DFF63FB000
stack
page read and write
 clean
151FD49A000
unkown
page read and write
 clean
1AE00229000
unkown
page read and write
 clean
16E0000
unkown image
page readonly
 clean
3A230FE000
stack
page read and write
 clean
1382D029000
unkown
page read and write
 clean
7FF599FA3000
unkown image
page readonly
 clean
151FC260000
unkown image
page readonly
 clean
15FAEA6E000
unkown
page read and write
 clean
7FF577AED000
unkown image
page readonly
 clean
7FFC2000
unkown image
page readonly
 clean
14E0000
unkown image
page readonly
 clean
22D22780000
unkown image
page readonly
 clean
70245FB000
stack
page read and write
 clean
7FF5DB9CF000
unkown image
page readonly
 clean
22D2224C000
unkown
page read and write
 clean
71A000
heap default
page read and write
 clean
1AE00600000
unkown image
page readonly
 clean
151FD390000
unkown
page read and write
 clean
7FF59A05F000
unkown image
page readonly
 clean
15FAEA41000
unkown
page read and write
 clean
22D22020000
heap default
page read and write
 clean
1A475880000
heap private
page read and write
 clean
2C758248000
unkown
page read and write
 clean
1AE00241000
unkown
page read and write
 clean
151FBD13000
unkown
page read and write
 clean
EA62FFF000
stack
page read and write
 clean
7FF52F0F3000
unkown image
page readonly
 clean
22D22308000
unkown
page read and write
 clean
3C0667D000
stack
page read and write
 clean
15FAEA40000
unkown
page read and write
 clean
7FF5998AC000
unkown image
page readonly
 clean
7FF5DB7C8000
unkown image
page readonly
 clean
5D6E4FF000
stack
page read and write
 clean
7FF54439B000
unkown image
page readonly
 clean
151FD4A9000
unkown
page read and write
 clean
7FF577A25000
unkown image
page readonly
 clean
3C066FF000
stack
page read and write
 clean
7FF52FC3F000
unkown image
page readonly
 clean
2CFF9910000
unkown image
page readonly
 clean
30000
unkown image
page read and write
 clean
15FAEA5F000
unkown
page read and write
 clean
1A475E00000
unkown image
page readonly
 clean
151FD230000
unkown
page read and write
 clean
7FF5779E7000
unkown image
page readonly
 clean
2CFFA132000
unkown
page read and write
 clean
7FF59A05F000
unkown image
page readonly
 clean
560000
unkown
page read and write
 clean
7FF52F57B000
unkown image
page readonly
 clean
151FC559000
unkown
page read and write
 clean
7FF52F4D3000
unkown image
page readonly
 clean
7FF54436B000
unkown image
page readonly
 clean
2CFF97D0000
unkown image
page readonly
 clean
151FBBA0000
unkown image
page readonly
 clean
B40000
heap private
page read and write
 clean
1382D102000
unkown
page read and write
 clean
15FAEA46000
unkown
page read and write
 clean
560000
unkown
page read and write
 clean
15FAEA7C000
unkown
page read and write
 clean
7FF582C54000
unkown image
page readonly
 clean
7DF5986E0000
unkown image
page readonly
 clean
7DF545550000
unkown image
page readonly
 clean
7FF5DB516000
unkown image
page readonly
 clean
7DF5986D0000
unkown image
page readonly
 clean
7FF5442D9000
unkown image
page readonly
 clean
151FBB70000
heap private
page read and write
 clean
7DF58D3E0000
unkown image
page readonly
 clean
2C757FF0000
unkown image
page readonly
 clean
2C75824C000
unkown
page read and write
 clean
7FF59A044000
unkown image
page readonly
 clean
1A475C00000
unkown image
page readonly
 clean
151FD4EE000
unkown
page read and write
 clean
7FF52FBA5000
unkown image
page readonly
 clean
151FC518000
unkown
page read and write
 clean
1AE000D0000
heap default
page read and write
 clean
1A475B02000
unkown
page read and write
 clean
2CFF9B02000
unkown
page read and write
 clean
22D22266000
unkown
page read and write
 clean
7DF544E92000
unkown image
page readonly
 clean
22D22268000
unkown
page read and write
 clean
7FF59E008000
unkown image
page readonly
 clean
6E0BEFC000
stack
page read and write
 clean
1A475F80000
unkown image
page readonly
 clean
151FCD10000
unkown image
page readonly
 clean
1AE00258000
unkown
page read and write
 clean
1382CDD0000
unkown image
page readonly
 clean
7FF5DB1B6000
unkown image
page readonly
 clean
94E000
stack
page read and write
 clean
1A0000
unkown image
page readonly
 clean
151FCD40000
unkown image
page readonly
 clean
7DF5F1310000
unkown image
page readonly
 clean
7FF544370000
unkown image
page readonly
 clean
151FBD02000
unkown
page read and write
 clean
151FBB80000
unkown image
page readonly
 clean
151FD110000
unkown
page read and write
 clean
151FD0A0000
unkown
page read and write
 clean
6E0BD7B000
stack
page read and write
 clean
560000
unkown
page read and write
 clean
7FF5DB9DB000
unkown image
page readonly
 clean
7FF5441F5000
unkown image
page readonly
 clean
7FF577A29000
unkown image
page readonly
 clean
151FD4F9000
unkown
page read and write
 clean
7FF5DB8E4000
unkown image
page readonly
 clean
151FD340000
unkown
page read and write
 clean
15FAEA60000
unkown
page read and write
 clean
7FF5DB953000
unkown image
page readonly
 clean
7FF543E63000
unkown image
page readonly
 clean
6E0C4FE000
stack
page read and write
 clean
1A475F90000
unkown image
page readonly
 clean
7FF5DB701000
unkown image
page readonly
 clean
DFF62FC000
stack
page read and write
 clean
151FD4B2000
unkown
page read and write
 clean
7FF5777A6000
unkown image
page readonly
 clean
7DF5B3952000
unkown image
page readonly
 clean
151FBC92000
unkown
page read and write
 clean
7FF52F4C9000
unkown image
page readonly
 clean
2C757FE0000
heap private
page read and write
 clean
22D22313000
unkown
page read and write
 clean
400000
unkown image
page readonly
 clean
7FF52F476000
unkown image
page readonly
 clean
15FAEA6A000
unkown
page read and write
 clean
7DF5F1320000
unkown image
page readonly
 clean
2C758020000
unkown image
page readonly
 clean
7FF52F556000
unkown image
page readonly
 clean
7FF544358000
unkown image
page readonly
 clean
3A2327D000
stack
page read and write
 clean
7FF52F9D2000
unkown image
page readonly
 clean
151FD4E0000
unkown
page read and write
 clean
EA624DC000
unkown
page read and write
 clean
7FF52F487000
unkown image
page readonly
 clean
560000
unkown
page read and write
 clean
1AE000A0000
unkown image
page readonly
 clean
579000
unkown image
page readonly
 clean
7FF54439F000
unkown image
page readonly
 clean
2CFF97C0000
heap private
page read and write
 clean
7FF52FC2E000
unkown image
page readonly
 clean
7FF59DF47000
unkown image
page readonly
 clean
7DF48B2B0000
unkown image
page readonly
 clean
7FF59DF43000
unkown image
page readonly
 clean
151FD370000
unkown
page read and write
 clean
7FF52FB22000
unkown image
page readonly
 clean
7DF5AF962000
unkown image
page readonly
 clean
15FAE810000
unkown image
page readonly
 clean
2C758253000
unkown
page read and write
 clean
2CFF9F80000
unkown image
page readonly
 clean
2CFFA002000
unkown
page read and write
 clean
560000
unkown
page read and write
 clean
7FF582D23000
unkown image
page readonly
 clean
15FAEA3D000
unkown
page read and write
 clean
7FF52F55B000
unkown image
page readonly
 clean
7FF59DE16000
unkown image
page readonly
 clean
7DF5F1310000
unkown image
page readonly
 clean
70247F7000
stack
page read and write
 clean
15FAEC00000
unkown image
page readonly
 clean
7FF599E2E000
unkown image
page readonly
 clean
1A475A2A000
unkown
page read and write
 clean
7FF59DF93000
unkown image
page readonly
 clean
7DF544E90000
unkown image
page readonly
 clean
151FD238000
unkown
page read and write
 clean
151FC518000
unkown
page read and write
 clean
7FF5998CC000
unkown image
page readonly
 clean
7FF59DF85000
unkown image
page readonly
 clean
7FF599F95000
unkown image
page readonly
 clean
151FBC9D000
unkown
page read and write
 clean
7FF582D2A000
unkown image
page readonly
 clean
7FF5DB8BD000
unkown image
page readonly
 clean
7FF52F58F000
unkown image
page readonly
 clean
7FF5DB907000
unkown image
page readonly
 clean
7FF59E04F000
unkown image
page readonly
 clean
7FF577AAF000
unkown image
page readonly
 clean
7FF5DB7DC000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
560000
unkown
page read and write
 clean
7DF5B3950000
unkown image
page readonly
 clean
7FF5DB8F2000
unkown image
page readonly
 clean
1382D048000
unkown
page read and write
 clean
3A22978000
stack
page read and write
 clean
7DF58D3F2000
unkown image
page readonly
 clean
2C758213000
unkown
page read and write
 clean
7FF54416E000
unkown image
page readonly
 clean
7DF5AF962000
unkown image
page readonly
 clean
6E0C3FF000
stack
page read and write
 clean
7FF599F53000
unkown image
page readonly
 clean
2CFF9AE2000
unkown
page read and write
 clean
7DF5F1300000
unkown image
page readonly
 clean
7FF52EDFA000
unkown image
page readonly
 clean
1A475B13000
unkown
page read and write
 clean
151FD390000
unkown
page read and write
 clean
7FF5DB578000
unkown image
page readonly
 clean
DFF5FCE000
stack
page read and write
 clean
7DF544E82000
unkown image
page readonly
 clean
151FD4D9000
unkown
page read and write
 clean
7FF582625000
unkown image
page readonly
 clean
7FF52FAB4000
unkown image
page readonly
 clean
151FC340000
unkown image
page read and write
 clean
7DF4965A0000
unkown image
page readonly
 clean
7FF52F469000
unkown image
page readonly
 clean
3A22F7F000
stack
page read and write
 clean
15FAEFA0000
unkown
page read and write
 clean
7FF544297000
unkown image
page readonly
 clean
1382D053000
unkown
page read and write
 clean
2CFF9C00000
unkown image
page readonly
 clean
7FF52FC3B000
unkown image
page readonly
 clean
7FF599F57000
unkown image
page readonly
 clean
7DF4EF1D0000
unkown image
page readonly
 clean
15FAEA00000
unkown
page read and write
 clean
2C758270000
unkown
page read and write
 clean
401000
unkown image
page execute read
 clean
1A475A41000
unkown
page read and write
 clean
7FF5DB8E8000
unkown image
page readonly
 clean
7FF577ACD000
unkown image
page readonly
 clean
2CFFA100000
unkown
page read and write
 clean
328F000
stack
page read and write
 clean
15FAEA44000
unkown
page read and write
 clean
7DF5986F0000
unkown image
page readonly
 clean
2BF000
unkown
page read and write
 clean
ABB000
stack
page read and write
 clean
151FD400000
unkown
page read and write
 clean
7FF582D0D000
unkown image
page readonly
 clean
7DF5F1320000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
7FF599E23000
unkown image
page readonly
 clean
7FFB0000
unkown image
page readonly
 clean
3C068FD000
stack
page read and write
 clean
6E0C2FF000
stack
page read and write
 clean
151FD43F000
unkown
page read and write
 clean
7FF52FB79000
unkown image
page readonly
 clean
1AE00200000
unkown
page read and write
 clean
151FD120000
unkown
page read and write
 clean
151FD4E4000
unkown
page read and write
 clean
1AE00213000
unkown
page read and write
 clean
1AE001B0000
unkown image
page readonly
 clean
7FF5777E8000
unkown image
page readonly
 clean
DE337D000
stack
page read and write
 clean
7FF52F574000
unkown image
page readonly
 clean
1AE00A02000
unkown
page read and write
 clean
2C757FF0000
unkown image
page readonly
 clean
22D22213000
unkown
page read and write
 clean
7DF545540000
unkown image
page readonly
 clean
151FC0D0000
unkown image
page readonly
 clean
7FF52F918000
unkown image
page readonly
 clean
7FF59E03E000
unkown image
page readonly
 clean
7FF582BF3000
unkown image
page readonly
 clean
7FF59A018000
unkown image
page readonly
 clean
7DF545532000
unkown image
page readonly
 clean
7FF5DB8FC000
unkown image
page readonly
 clean
7FF59E034000
unkown image
page readonly
 clean
2C758308000
unkown
page read and write
 clean
2C758120000
unkown image
page readonly
 clean
571000
unkown image
page execute read
 clean
7FFD0000
unkown image
page readonly
 clean
151FBB80000
unkown image
page readonly
 clean
7DF5AF960000
unkown image
page readonly
 clean
151FD390000
unkown
page read and write
 clean
7FF5DB717000
unkown image
page readonly
 clean
151FD4F7000
unkown
page read and write
 clean
70249FD000
stack
page read and write
 clean
7FF52FB37000
unkown image
page readonly
 clean
DFF6577000
stack
page read and write
 clean
7DF559CB0000
unkown image
page readonly
 clean
7FF59A05B000
unkown image
page readonly
 clean
1A4759E0000
unkown
page read and write
 clean
7FF582BCE000
unkown image
page readonly
 clean
15FAEA47000
unkown
page read and write
 clean
7DF559C90000
unkown image
page readonly
 clean
22D2223C000
unkown
page read and write
 clean
2C758300000
unkown
page read and write
 clean
151FC250000
unkown image
page readonly
 clean
1AE00790000
unkown image
page readonly
 clean
7FF52F6EF000
unkown image
page readonly
 clean
7DF5AF970000
unkown image
page readonly
 clean
7FF582DAB000
unkown image
page readonly
 clean
7FF59E04D000
unkown image
page readonly
 clean
7FF582D9F000
unkown image
page readonly
 clean
2CFF99F0000
unkown
page read and write
 clean
15FAEA68000
unkown
page read and write
 clean
7FF52FB14000
unkown image
page readonly
 clean
580000
heap default
page read and write
 clean
7DF5986E2000
unkown image
page readonly
 clean
7FF582DCB000
unkown image
page readonly
 clean
15FAEA67000
unkown
page read and write
 clean
7DF545542000
unkown image
page readonly
 clean
7FF5DB949000
unkown image
page readonly
 clean
7DF544E90000
unkown image
page readonly
 clean
7FF5442CD000
unkown image
page readonly
 clean
15FAEA64000
unkown
page read and write
 clean
7FF5DB9DE000
unkown image
page readonly
 clean
6E0C0FF000
stack
page read and write
 clean
7FF577A3A000
unkown image
page readonly
 clean
7FFD0000
unkown image
page readonly
 clean
7FF582DC4000
unkown image
page readonly
 clean
151FCD00000
unkown image
page readonly
 clean
7FF5828A3000
unkown image
page readonly
 clean
7DF544EA0000
unkown image
page readonly
 clean
7DF58D3E2000
unkown image
page readonly
 clean
7FF52F57E000
unkown image
page readonly
 clean
7FF544366000
unkown image
page readonly
 clean
2CFF9A6E000
unkown
page read and write
 clean
151FBCFB000
unkown
page read and write
 clean
151FD274000
unkown
page read and write
 clean
151FBC56000
unkown
page read and write
 clean
7FF5DB5BD000
unkown image
page readonly
 clean
151FBBD0000
heap default
page read and write
 clean
1A475870000
unkown image
page read and write
 clean
7FF582C35000
unkown image
page readonly
 clean
1A475890000
unkown image
page readonly
 clean
EA62AFE000
stack
page read and write
 clean
1870000
unkown image
page readonly
 clean
14CB000
heap private
page read and write
 clean
22D2224B000
unkown
page read and write
 clean
1382D027000
unkown
page read and write
 clean
151FBC13000
unkown
page read and write
 clean
7FF5DB689000
unkown image
page readonly
 clean
1A4758C0000
unkown image
page readonly
 clean
70248FE000
stack
page read and write
 clean
7FF577A33000
unkown image
page readonly
 clean
7FFC0000
unkown image
page readonly
 clean
7FF5DB8C0000
unkown image
page readonly
 clean
1382D000000
unkown
page read and write
 clean
22D22264000
unkown
page read and write
 clean
7FF52FC24000
unkown image
page readonly
 clean
7FF5DB9D6000
unkown image
page readonly
 clean
7DF545540000
unkown image
page readonly
 clean
1AE00080000
unkown image
page readonly
 clean
7024AFA000
stack
page read and write
 clean
7FF599D13000
unkown image
page readonly
 clean
40000
unkown image
page readonly
 clean
151FD230000
unkown
page read and write
 clean
EA631FF000
stack
page read and write
 clean
151FCB20000
unkown
page read and write
 clean
151FBC79000
unkown
page read and write
 clean
560000
unkown
page read and write
 clean
2C758780000
unkown image
page readonly
 clean
7FF544207000
unkown image
page readonly
 clean
1AE00400000
unkown image
page readonly
 clean
7FF52F58B000
unkown image
page readonly
 clean
7FF582CD3000
unkown image
page readonly
 clean
7FF599F8D000
unkown image
page readonly
 clean
7FF54413D000
unkown image
page readonly
 clean
7FFB2000
unkown image
page readonly
 clean
7FF52FB75000
unkown image
page readonly
 clean
7FF59A01F000
unkown image
page readonly
 clean
2CFF9A3E000
unkown
page read and write
 clean
2CFF97F0000
unkown image
page readonly
 clean
1382CFF0000
unkown
page read and write
 clean
7DF5986E0000
unkown image
page readonly
 clean
7FF5DB8D0000
unkown image
page readonly
 clean
2C75824E000
unkown
page read and write
 clean
DE347B000
stack
page read and write
 clean
1382CE00000
unkown image
page readonly
 clean
5D6E5FF000
stack
page read and write
 clean
2C758600000
unkown image
page readonly
 clean
7DF5B3960000
unkown image
page readonly
 clean
EA630FF000
stack
page read and write
 clean
7FF599E73000
unkown image
page readonly
 clean
7FF5DB9ED000
unkown image
page readonly
 clean
7DF544E80000
unkown image
page readonly
 clean
7FF59E016000
unkown image
page readonly
 clean
7FF52FB83000
unkown image
page readonly
 clean
7FF5DB70D000
unkown image
page readonly
 clean
151FD360000
unkown
page read and write
 clean
15FAEA62000
unkown
page read and write
 clean
7FF52FB35000
unkown image
page readonly
 clean
7FF52FB33000
unkown image
page readonly
 clean
DE2F3E000
stack
page read and write
 clean
1382D002000
unkown
page read and write
 clean
7DF5B3942000
unkown image
page readonly
 clean
7FF577ADE000
unkown image
page readonly
 clean
7FF54418E000
unkown image
page readonly
 clean
7FF577AA8000
unkown image
page readonly
 clean
22D2225D000
unkown
page read and write
 clean
22D22200000
unkown
page read and write
 clean
15FAEA5A000
unkown
page read and write
 clean
406000
unkown image
page readonly
 clean
7DF5AF960000
unkown image
page readonly
 clean
404000
unkown image
page write copy
 clean
22D22400000
unkown image
page readonly
 clean
22D22802000
unkown
page read and write
 clean
7FF5DB93D000
unkown image
page readonly
 clean
7DF4AD820000
unkown image
page readonly
 clean
1382D200000
unkown image
page readonly
 clean
7FF599FAA000
unkown image
page readonly
 clean
7DF544EA0000
unkown image
page readonly
 clean
5D6E2FE000
stack
page read and write
 clean
151FC559000
unkown
page read and write
 clean
2CFF9A13000
unkown
page read and write
 clean
560000
unkown
page read and write
 clean
7FF5DB731000
unkown image
page readonly
 clean
151FBBB0000
unkown image
page readonly
 clean
1A475A13000
unkown
page read and write
 clean
2C757FD0000
unkown image
page read and write
 clean
7DF5F1312000
unkown image
page readonly
 clean
7FF599F78000
unkown image
page readonly
 clean
1382D400000
unkown image
page readonly
 clean
151FBBE0000
unkown image
page readonly
 clean
7FF5DB6FA000
unkown image
page readonly
 clean
7FF582DA6000
unkown image
page readonly
 clean
7FF599F67000
unkown image
page readonly
 clean
1382D100000
unkown
page read and write
 clean
151FD462000
unkown
page read and write
 clean
7FF582DBD000
unkown image
page readonly
 clean
7DF58D3F0000
unkown image
page readonly
 clean
151FD23E000
unkown
page read and write
 clean
15FAEA61000
unkown
page read and write
 clean
7FF52F32D000
unkown image
page readonly
 clean
3A22FFF000
stack
page read and write
 clean
151FCD20000
unkown image
page readonly
 clean
22D2225F000
unkown
page read and write
 clean
2C758200000
unkown
page read and write
 clean
7DF5F1312000
unkown image
page readonly
 clean
151FD380000
unkown
page read and write
 clean
7FF5441B3000
unkown image
page readonly
 clean
7FF59DF32000
unkown image
page readonly
 clean
7FF59DF5C000
unkown image
page readonly
 clean
22D22290000
unkown
page read and write
 clean
7FF5779F7000
unkown image
page readonly
 clean
7FF52F9DD000
unkown image
page readonly
 clean
EA62EFD000
stack
page read and write
 clean
151FC402000
unkown
page read and write
 clean
9B0000
heap private
page read and write
 clean
7FF52FA62000
unkown image
page readonly
 clean
2CFF9A29000
unkown
page read and write
 clean
15FAF002000
unkown
page read and write
 clean
1382D04E000
unkown
page read and write
 clean
3A22EFF000
stack
page read and write
 clean
22D22262000
unkown
page read and write
 clean
7FF544053000
unkown image
page readonly
 clean
7FF52FC0B000
unkown image
page readonly
 clean
1382D580000
unkown image
page readonly
 clean
15FAE820000
unkown image
page readonly
 clean
7DF5AF950000
unkown image
page readonly
 clean
1A475A00000
unkown
page read and write
 clean
151FD090000
unkown
page read and write
 clean
15FAEA4E000
unkown
page read and write
 clean
7FF599EAF000
unkown image
page readonly
 clean
22D21FC0000
heap private
page read and write
 clean
22D22261000
unkown
page read and write
 clean
7DF58D3E0000
unkown image
page readonly
 clean
7FF599B29000
unkown image
page readonly
 clean
7FF5DB975000
unkown image
page readonly
 clean
7FF543BE6000
unkown image
page readonly
 clean
7FF52FB58000
unkown image
page readonly
 clean
151FC513000
unkown
page read and write
 clean
7FF599EB5000
unkown image
page readonly
 clean
7FF582DDB000
unkown image
page readonly
 clean
7FF52EDFD000
unkown image
page readonly
 clean
2C758400000
unkown image
page readonly
 clean
7FF52F54F000
unkown image
page readonly
 clean
77E000
unkown
page read and write
 clean
151FCD30000
unkown image
page readonly
 clean
7FF543E78000
unkown image
page readonly
 clean
151FD41C000
unkown
page read and write
 clean
7FF59DF7D000
unkown image
page readonly
 clean
7DF457B60000
unkown image
page readonly
 clean
7FF5DB7A4000
unkown image
page readonly
 clean
7FF52F79E000
unkown image
page readonly
 clean
151FD250000
unkown
page read and write
 clean
There are 888 hidden memdumps, click here to show them.