IOC Report
LisectAVT_2403002A_136.exe

loading gif

Files

File Path
Type
Category
Malicious
LisectAVT_2403002A_136.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LisectAVT_2403002A_136.exe.log
CSV text
dropped
 malicious
C:\Users\user\AppData\Roaming\svchost.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\edb.log
data
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage engine DataBase, version 0x620, checksum 0xc28981b4, page size 16384, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
data
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_2876ef190476fb354f755ec1153f0cb1539ea29_7d4e6567_2cda585a-0f28-4270-9054-3a0ee6524bf6\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_2876ef190476fb354f755ec1153f0cb1539ea29_7d4e6567_73ad5387-4cf8-4085-a344-db19b44299a7\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_a34a4a53844defb88729999fba191b6c3bdf979_7d4e6567_9f9b670c-fd55-4662-ac91-1bd137f5a5e0\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_a34a4a53844defb88729999fba191b6c3bdf979_7d4e6567_ab6a2b1d-ac8c-4c6f-be3f-29e0b575ed66\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_c486d6cf83d122fb4dd5b4e453f8f2289b6d3ee_7d4e6567_55d197d9-067d-415e-8a2f-5ac48a5a8577\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_d99bb6b66d5e6067e6dfd853263bfce17a245360_7d4e6567_f9e03b64-0942-4aeb-9ade-dbacd2d8db6e\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1163.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER11A2.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER11C5.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1292.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AC8.tmp.dmp
Mini DuMP crash report, 16 streams, Thu Jul 25 21:55:50 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2038.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2087.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER209C.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2188.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3015.tmp.dmp
Mini DuMP crash report, 16 streams, Thu Jul 25 21:55:55 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3297.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER32E6.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER332C.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER33BA.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER81B.tmp.dmp
Mini DuMP crash report, 16 streams, Thu Jul 25 21:55:45 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER993.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B3.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C5.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA33.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREACF.tmp.dmp
Mini DuMP crash report, 16 streams, Thu Jul 25 21:55:38 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREC17.tmp.dmp
Mini DuMP crash report, 16 streams, Thu Jul 25 21:55:40 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF54.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF84.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFA1.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF05E.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5EB.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF6A8.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF735.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF89D.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9D.tmp.dmp
Mini DuMP crash report, 16 streams, Thu Jul 25 21:55:47 2024, 0x1205a4 type
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
modified
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_15fi33go.kj0.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1oeabht0.e3w.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2da0baiv.0yt.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ybddqlz.nh1.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aq40zuuz.ocp.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_epe2unu4.qld.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fwhoqwpb.myi.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h3dredv3.dzt.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jp3t0tyh.0ia.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lac35qpp.fak.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmnrrrfc.ewy.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rf04j4xp.vab.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ttoieoaj.prq.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v0cgc31m.fic.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wnsmxyi3.331.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhen4z3b.afq.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpD64D.tmp.bat
DOS batch file, ASCII text, with CRLF line terminators
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
\Device\Null
ASCII text, with CRLF line terminators, with overstriking
dropped
There are 54 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\LisectAVT_2403002A_136.exe
"C:\Users\user\Desktop\LisectAVT_2403002A_136.exe"
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
 malicious
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"' & exit
malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpD64D.tmp.bat""
 malicious
C:\Windows\System32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\user\AppData\Roaming\svchost.exe"'
malicious
C:\Users\user\AppData\Roaming\svchost.exe
C:\Users\user\AppData\Roaming\svchost.exe
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
malicious
C:\Users\user\AppData\Roaming\svchost.exe
"C:\Users\user\AppData\Roaming\svchost.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
 malicious
C:\Users\user\AppData\Roaming\svchost.exe
"C:\Users\user\AppData\Roaming\svchost.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
malicious
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
 malicious
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
 malicious
C:\Users\user\AppData\Roaming\svchost.exe
"C:\Users\user\AppData\Roaming\svchost.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\svchost.exe" -Force
malicious
C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\timeout.exe
timeout 3
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 7964 -ip 7964
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7964 -s 1196
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 436 -p 8048 -ip 8048
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 8048 -s 1176
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 552 -p 8048 -ip 8048
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 8048 -s 1176
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 1072 -ip 1072
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1072 -s 1424
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 7964 -ip 7964
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7964 -s 1196
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 516 -p 7920 -ip 7920
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7920 -s 1128
There are 33 hidden processes, click here to show them.

URLs

Name
IP
Malicious
Xerverfebarch.duckdns.org
malicious
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdference
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdsyVb/vlWA
unknown
http://schemas.mi
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdhema
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust
unknown
https://login.live.m/
unknown
https://login.microsoftonline.com/ppsecure/ResolveUser.srf
unknown
https://login.microsoftonline.com/MSARST2.srf
unknown
http://docs.oasis-open.org/wss/2004/XX/oasis-2004XX-wss-saml-token-profile-1.0#SAMLAssertionID
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
unknown
http://schemas.xmlsoap.org/ws/2005/02/sccI=c
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd.0.xs
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
unknown
http://geoplugin.net/json.gp/C
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdorg
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502ssuer
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srf
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603ssuer
unknown
http://www.w3.o
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srfres
unknown
https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
unknown
http://Passport.NET/tb
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdecuri
unknown
https://account.live.com/InlineSignup.aspx?iww=1&id=80502
unknown
http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srfMM
unknown
http://Passport.NET/STS</ds:KeyName>&lt:KeyInfo
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdJjT99GvGMU
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdVyq
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsis-2
unknown
https://signup.live.com/signup.aspx
unknown
http://Passport.NET/tb_
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd~
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdRYqRX
unknown
http://schemas.xmlsoap.org/ws/2004/09/policy
unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604
unknown
https://account.live.com/msangcwam
unknown
https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
unknown
http://crl.ver)
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsoa
unknown
http://passport.net/tb
unknown
http://upx.sf.net
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issueue
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd3wiK1y
unknown
http://geoplugin.net/json.gp
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdxml
unknown
https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
unknown
https://account.live.com/Wizard/Password/Change?id=80601
unknown
http://schemas.xmlsoap.org/ws/2005/02/sc
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAAAAAAAA
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600
unknown
https://g.live.com/odclientsettings/Prod-C:
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdp://sc
unknown
https://g.live.com/odclientsettings/ProdV2-C:
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdcurity
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
unknown
https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issuef
unknown
http://schemas.xmlsoap.org/ws/2005/02/trustn
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfs
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
unknown
http://schemas.xmlsoap.org/ws/2005/02/sconnce
unknown
There are 69 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
windowsserverfebarch.duckdns.org
45.128.223.185
 malicious

IPs

IP
Domain
Country
Malicious
45.128.223.185
windowsserverfebarch.duckdns.org
Estonia
malicious
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
Enabled
HKEY_CURRENT_USER\SOFTWARE\72626-GNX3E4
exepath
HKEY_CURRENT_USER\SOFTWARE\72626-GNX3E4
licence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\8048
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\8048
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\8048
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7964
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7964
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\7964
CreationTime
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
ProgramId
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
FileId
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
LowerCaseLongPath
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
LongPathHash
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
Name
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
OriginalFileName
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
Publisher
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
Version
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
BinFileVersion
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
BinaryType
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
ProductName
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
ProductVersion
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
LinkDate
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
BinProductVersion
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
AppxPackageFullName
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
AppxPackageRelativeId
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
Size
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
Language
\REGISTRY\A\{586b455c-cfa3-51a9-462e-65ffba2bc05d}\Root\InventoryApplicationFile\svchost.exe|e4616946fa75c3cd
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003
NegativeCacheState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003
LastSuccessfulRequestTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003
LastAccountPersistentFailureTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003\{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}\http://Passport.NET/tb_
RequestCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003\{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}\http://Passport.NET/tb_
StartedTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003\{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}\http://Passport.NET/tb_
ErrorCode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003\{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}\http://Passport.NET/tb_
FailureType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003\{67082621-8D18-4333-9C64-10DE93676363}\https://watson.telemetry.microsoft.com_MBI_SSL
RequestCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003\{67082621-8D18-4333-9C64-10DE93676363}\https://watson.telemetry.microsoft.com_MBI_SSL
StartedTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003\{67082621-8D18-4333-9C64-10DE93676363}\https://watson.telemetry.microsoft.com_MBI_SSL
ErrorCode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018C00B8FA4A2E4_S-1-5-21-2246122658-3693405117-2476756634-1003\{67082621-8D18-4333-9C64-10DE93676363}\https://watson.telemetry.microsoft.com_MBI_SSL
FailureType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\1
LastSuccessfulRequestTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\1\S-1-5-21-2246122658-3693405117-2476756634-1003\1
RequestCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\1\S-1-5-21-2246122658-3693405117-2476756634-1003\1
StartedTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\1\S-1-5-21-2246122658-3693405117-2476756634-1003\1
ErrorCode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\1\S-1-5-21-2246122658-3693405117-2476756634-1003\1
FailureType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\1\wlidsvc\1
RequestCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\1\wlidsvc\1
StartedTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\1\wlidsvc\1
ErrorCode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\1\wlidsvc\1
FailureType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_S-1-5-21-2246122658-3693405117-2476756634-1003
NegativeCacheState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_S-1-5-21-2246122658-3693405117-2476756634-1003
LastSuccessfulRequestTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_S-1-5-21-2246122658-3693405117-2476756634-1003
LastAccountPersistentFailureTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_S-1-5-21-2246122658-3693405117-2476756634-1003\{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}\http://Passport.NET/tb_
RequestCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_S-1-5-21-2246122658-3693405117-2476756634-1003\{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}\http://Passport.NET/tb_
StartedTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_S-1-5-21-2246122658-3693405117-2476756634-1003\{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}\http://Passport.NET/tb_
ErrorCode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_S-1-5-21-2246122658-3693405117-2476756634-1003\{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}\http://Passport.NET/tb_
FailureType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_wlidsvc
NegativeCacheState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_wlidsvc
LastSuccessfulRequestTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_wlidsvc
LastAccountPersistentFailureTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\NegativeCache\0018000DDB231F4C_wlidsvc\{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}\http://Passport.NET/tb_
StartedTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-2246122658-3693405117-2476756634-1003_{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}
ThrottleCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-2246122658-3693405117-2476756634-1003_{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}
ThrottleStartedTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\WLIDSVC_{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}
ThrottleCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\WLIDSVC_{fc177c6f-a3d6-4bb0-b1fa-23d0cd9b005d}
ThrottleStartedTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-2246122658-3693405117-2476756634-1003_{67082621-8D18-4333-9C64-10DE93676363}
ThrottleCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-2246122658-3693405117-2476756634-1003_{67082621-8D18-4333-9C64-10DE93676363}
ThrottleStartedTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018C00B8FA4A2E4
There are 81 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
50A7000
heap
page read and write
 malicious
5577000
heap
page read and write
 malicious
1389A606000
trusted library allocation
page read and write
 malicious
13F4F016000
trusted library allocation
page read and write
 malicious
138AA616000
trusted library allocation
page read and write
 malicious
21425A97000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
1C217577000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
1C227275000
trusted library allocation
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
2142576F000
trusted library allocation
page read and write
 malicious
2E87000
heap
page read and write
 malicious
20A45615000
trusted library allocation
page read and write
 malicious
13F3F317000
trusted library allocation
page read and write
 malicious
20A35606000
trusted library allocation
page read and write
 malicious
4E4B000
heap
page read and write
 malicious
1C22FA02000
heap
page read and write
7FF8879ED000
trusted library allocation
page execute and read and write
127C608B000
heap
page read and write
127C5925000
heap
page read and write
127C5975000
heap
page read and write
20A3382D000
heap
page read and write
1C21729B000
trusted library allocation
page read and write
250E68BD000
heap
page read and write
127C6013000
heap
page read and write
22C54800000
heap
page read and write
21907FE000
stack
page read and write
66E69FD000
stack
page read and write
2143DF53000
heap
page read and write
127C5998000
heap
page read and write
127C5013000
heap
page read and write
127C5927000
heap
page read and write
7FF887C00000
trusted library allocation
page read and write
250E68EC000
heap
page read and write
BA162FD000
stack
page read and write
2143E0F0000
heap
page read and write
127C597C000
heap
page read and write
127C514C000
heap
page read and write
127C5092000
heap
page read and write
7FF887BA0000
trusted library allocation
page execute and read and write
21423CCE000
heap
page read and write
28A2BC73000
heap
page read and write
3982FC000
stack
page read and write
127C50A1000
heap
page read and write
127C5979000
heap
page read and write
20A33BA0000
heap
page read and write
7FF887B80000
trusted library allocation
page read and write
20A3383B000
heap
page read and write
1FFF1890000
heap
page read and write
250E67B0000
trusted library allocation
page read and write
7FF8879E8000
trusted library allocation
page read and write
7FF413FB0000
trusted library allocation
page execute and read and write
4DBE000
stack
page read and write
250E128D000
heap
page read and write
F075FFD000
stack
page read and write
4CA0000
heap
page readonly
7FF887B80000
trusted library allocation
page read and write
3F442FE000
stack
page read and write
13F3D23B000
heap
page read and write
127C5952000
heap
page read and write
22C5483F000
heap
page read and write
7FF887BF2000
trusted library allocation
page read and write
7FF887BB0000
trusted library allocation
page read and write
1C2171D0000
trusted library allocation
page read and write
471000
remote allocation
page execute and read and write
4E37000
heap
page read and write
7FF887AF0000
trusted library allocation
page execute and read and write
7FF887AFA000
trusted library allocation
page execute and read and write
22C54E02000
trusted library allocation
page read and write
20A50800000
heap
page read and write
127C596B000
heap
page read and write
2142591A000
trusted library allocation
page read and write
13898D13000
heap
page read and write
127C5109000
heap
page read and write
3981FE000
stack
page read and write
7FF887A10000
trusted library allocation
page read and write
7FF887A4C000
trusted library allocation
page execute and read and write
3977FB000
stack
page read and write
214259C0000
trusted library allocation
page read and write
3F438FF000
stack
page read and write
7FF887A5C000
trusted library allocation
page execute and read and write
2143E0E0000
heap
page execute and read and write
7FF887BBE000
trusted library allocation
page read and write
7FF887B0C000
trusted library allocation
page execute and read and write
7FF887B2A000
trusted library allocation
page execute and read and write
214258D9000
trusted library allocation
page read and write
7FF887B8E000
trusted library allocation
page read and write
13F3D520000
heap
page execute and read and write
13F3D22C000
heap
page read and write
4DC0000
heap
page read and write
1C22F8C0000
heap
page read and write
250E6780000
trusted library allocation
page read and write
1389883E000
heap
page read and write
1389A6A1000
trusted library allocation
page read and write
127C5953000
heap
page read and write
127C6053000
heap
page read and write
127C5967000
heap
page read and write
127C60BA000
heap
page read and write
7FF887A00000
trusted library allocation
page read and write
21909FB000
stack
page read and write
13F57C6E000
heap
page read and write
7FF8879E4000
trusted library allocation
page read and write
397EFD000
stack
page read and write
13F57C81000
heap
page read and write
7FF887BD0000
trusted library allocation
page read and write
1E0A383B000
heap
page read and write
397BFE000
stack
page read and write
138B4135000
heap
page read and write
127C5094000
heap
page read and write
7FF887BA0000
trusted library allocation
page read and write
127C592D000
heap
page read and write
1C232672000
heap
page read and write
214258E4000
trusted library allocation
page read and write
214259D7000
trusted library allocation
page read and write
1E0A37A0000
heap
page read and write
127C514C000
heap
page read and write
127C60DB000
heap
page read and write
7FF8879FD000
trusted library allocation
page execute and read and write
20A4F102000
heap
page read and write
1E0A3D13000
heap
page read and write
21423B75000
heap
page read and write
3980FD000
stack
page read and write
127C6112000
heap
page read and write
127C5948000
heap
page read and write
BA15CFC000
stack
page read and write
1389A5DB000
trusted library allocation
page read and write
127C593A000
heap
page read and write
214259F3000
trusted library allocation
page read and write
7FF8879E3000
trusted library allocation
page execute and read and write
250E6D60000
trusted library allocation
page read and write
127C6056000
heap
page read and write
127C6100000
heap
page read and write
127C5943000
heap
page read and write
2143DF99000
heap
page read and write
250E128F000
heap
page read and write
127C57D0000
remote allocation
page read and write
1389A5A3000
trusted library allocation
page read and write
250E1293000
heap
page read and write
13898B50000
heap
page read and write
13898B70000
heap
page read and write
21425867000
trusted library allocation
page read and write
1C215625000
heap
page read and write
2190CFE000
stack
page read and write
13F3D23D000
heap
page read and write
1FFF1770000
heap
page read and write
250E2700000
trusted library allocation
page read and write
127C6077000
heap
page read and write
7FF887A90000
trusted library allocation
page execute and read and write
397AFF000
stack
page read and write
127C5938000
heap
page read and write
127C57F0000
remote allocation
page read and write
127C5102000
heap
page read and write
7FF8879EB000
trusted library allocation
page read and write
250E67C4000
trusted library allocation
page read and write
1C22F8D3000
trusted library allocation
page read and write
13F3D613000
heap
page read and write
250E1B00000
heap
page read and write
7FF887BB0000
trusted library allocation
page read and write
2190FFA000
stack
page read and write
20A33C13000
heap
page read and write
127C57F0000
remote allocation
page read and write
13F3D2B0000
heap
page read and write
13F57CAD000
heap
page read and write
250E6A90000
trusted library allocation
page read and write
20A33B20000
heap
page execute and read and write
7FF887A96000
trusted library allocation
page read and write
13F3F095000
trusted library allocation
page read and write
1C215702000
heap
page read and write
1C227207000
trusted library allocation
page read and write
13898C13000
heap
page read and write
127C60A1000
heap
page read and write
20A33790000
heap
page read and write
7FF887BB0000
trusted library allocation
page read and write
21425964000
trusted library allocation
page read and write
1E0A3D13000
heap
page read and write
13F3D654000
heap
page read and write
21425846000
trusted library allocation
page read and write
20A338AB000
heap
page read and write
66E64FB000
stack
page read and write
138B527F000
heap
page read and write
127C604E000
heap
page read and write
1C22FB13000
heap
page execute and read and write
314E000
stack
page read and write
250E12BD000
heap
page read and write
127C6102000
heap
page read and write
66E63FE000
stack
page read and write
1E0A383A000
heap
page read and write
13F57C9E000
heap
page read and write
250E1B13000
heap
page read and write
2ADC000
stack
page read and write
127C5076000
heap
page read and write
7FF8879E0000
trusted library allocation
page read and write
250E2040000
trusted library allocation
page read and write
7FF887AB6000
trusted library allocation
page execute and read and write
2142586D000
trusted library allocation
page read and write
13F4EFB1000
trusted library allocation
page read and write
7FF887B70000
trusted library allocation
page read and write
13F3D4F0000
trusted library allocation
page read and write
13F3D602000
heap
page read and write
7FF887C02000
trusted library allocation
page read and write
7FF887B71000
trusted library allocation
page read and write
21435727000
trusted library allocation
page read and write
1E0A3837000
heap
page read and write
127C593B000
heap
page read and write
BA15AFE000
stack
page read and write
127C5067000
heap
page read and write
138AA5A7000
trusted library allocation
page read and write
127C50E6000
heap
page read and write
21425801000
trusted library allocation
page read and write
250E682A000
heap
page read and write
250E126E000
heap
page read and write
66E6EFE000
stack
page read and write
1FFF18C0000
heap
page read and write
127C5952000
heap
page read and write
1E0A3D00000
heap
page read and write
250E1930000
trusted library allocation
page read and write
1C227211000
trusted library allocation
page read and write
4E30000
heap
page read and write
F37DEFE000
stack
page read and write
127C60D5000
heap
page read and write
F0768F9000
stack
page read and write
7FF887B90000
trusted library allocation
page read and write
127C6090000
heap
page read and write
2143E290000
heap
page read and write
127C591B000
heap
page read and write
127C5930000
heap
page read and write
475000
remote allocation
page execute and read and write
4D30000
heap
page read and write
127C50B5000
heap
page read and write
4D70000
heap
page readonly
BA163FE000
stack
page read and write
127C5929000
heap
page read and write
250E1B5A000
heap
page read and write
20A4DF02000
heap
page execute and read and write
21423DD0000
heap
page read and write
138988D3000
heap
page read and write
3976FE000
stack
page read and write
13F57802000
heap
page read and write
1C215647000
heap
page read and write
7FF887BDA000
trusted library allocation
page read and write
127C5932000
heap
page read and write
7FF887A02000
trusted library allocation
page read and write
138B2C60000
trusted library section
page readonly
20A33B00000
trusted library allocation
page read and write
1C232642000
heap
page read and write
2142589A000
trusted library allocation
page read and write
127C5ED0000
remote allocation
page read and write
127C591C000
heap
page read and write
20A33887000
heap
page read and write
7FF887BAA000
trusted library allocation
page read and write
7FF887A08000
trusted library allocation
page read and write
1C21732F000
trusted library allocation
page read and write
127C60B2000
heap
page read and write
7FF887A90000
trusted library allocation
page execute and read and write
20A33B30000
heap
page read and write
250E6E10000
trusted library allocation
page read and write
138B2E02000
heap
page read and write
E794CAB000
stack
page read and write
1C215699000
heap
page read and write
F37DE7C000
stack
page read and write
127C593E000
heap
page read and write
BA160FD000
stack
page read and write
2142587E000
trusted library allocation
page read and write
7FF8879F2000
trusted library allocation
page read and write
13F56FD0000
trusted library allocation
page read and write
127C592E000
heap
page read and write
13F3D1C0000
trusted library allocation
page read and write
13F3D570000
trusted library section
page readonly
13F3D1F0000
heap
page read and write
7FF887B85000
trusted library allocation
page read and write
127C594D000
heap
page read and write
127C60DA000
heap
page read and write
7FF8879E0000
trusted library allocation
page read and write
1E0A3900000
trusted library allocation
page read and write
1C2154E0000
heap
page read and write
66E62FE000
stack
page read and write
127C502B000
heap
page read and write
214258C2000
trusted library allocation
page read and write
250E681D000
heap
page read and write
127C50AF000
heap
page read and write
28A2BAC0000
heap
page read and write
3974FE000
stack
page read and write
21423C13000
heap
page read and write
127C5802000
heap
page read and write
127C505F000
heap
page read and write
214259CB000
trusted library allocation
page read and write
127C5084000
heap
page read and write
F0761F7000
stack
page read and write
127C592A000
heap
page read and write
4CEE000
stack
page read and write
250E6A70000
trusted library allocation
page read and write
250E1A15000
heap
page read and write
127C594D000
heap
page read and write
2190312000
stack
page read and write
7FF8879F8000
trusted library allocation
page read and write
2142589D000
trusted library allocation
page read and write
127C50D9000
heap
page read and write
127C5982000
heap
page read and write
1E0A3813000
unkown
page read and write
21906FE000
stack
page read and write
1C227201000
trusted library allocation
page read and write
127C60D7000
heap
page read and write
7FF8879F0000
trusted library allocation
page read and write
E79527D000
stack
page read and write
28A2BC3B000
heap
page read and write
66E6BFD000
stack
page read and write
53D0000
heap
page read and write
2142595B000
trusted library allocation
page read and write
250E11C0000
heap
page read and write
127C5957000
heap
page read and write
51ACFE000
unkown
page readonly
127C607D000
heap
page read and write
127C57F0000
remote allocation
page read and write
730F000
stack
page read and write
2143F50C000
heap
page read and write
138B3010000
heap
page read and write
1C21723B000
trusted library allocation
page read and write
7FF887BD0000
trusted library allocation
page read and write
1E0A3915000
trusted library allocation
page read and write
20A33851000
heap
page read and write
1E0A387E000
heap
page read and write
4A5C000
stack
page read and write
127C5917000
heap
page read and write
214257F5000
trusted library allocation
page read and write
127C5982000
heap
page read and write
127C60D8000
heap
page read and write
127C595C000
heap
page read and write
1E0A383B000
heap
page read and write
250E690A000
heap
page read and write
34CF7DD000
stack
page read and write
127C592F000
heap
page read and write
1C22F230000
trusted library allocation
page read and write
13898893000
heap
page read and write
127C603C000
heap
page read and write
3F439FD000
stack
page read and write
21908FE000
stack
page read and write
214259ED000
trusted library allocation
page read and write
127C5963000
heap
page read and write
7FF887A04000
trusted library allocation
page read and write
214258CB000
trusted library allocation
page read and write
7FF887AB6000
trusted library allocation
page read and write
127C596B000
heap
page read and write
7FF887ABC000
trusted library allocation
page execute and read and write
127C5066000
heap
page read and write
138B25D0000
trusted library allocation
page read and write
7FF887BD2000
trusted library allocation
page read and write
214256C0000
heap
page execute and read and write
2190EFD000
stack
page read and write
2143DF50000
heap
page read and write
214259A4000
trusted library allocation
page read and write
138B5253000
heap
page read and write
250E6A33000
trusted library allocation
page read and write
21425A2F000
trusted library allocation
page read and write
3979FF000
stack
page read and write
127C5923000
heap
page read and write
127C5932000
heap
page read and write
13F3D180000
heap
page read and write
7FF887BA0000
trusted library allocation
page read and write
3975FE000
stack
page read and write
2143F510000
heap
page read and write
138B5295000
heap
page read and write
7FF887B20000
trusted library allocation
page execute and read and write
13F3D4F3000
trusted library allocation
page read and write
250E68F2000
heap
page read and write
127C6009000
heap
page read and write
2142598D000
trusted library allocation
page read and write
21423CD0000
trusted library allocation
page read and write
250E68DF000
heap
page read and write
127C60DF000
heap
page read and write
7FF887A02000
trusted library allocation
page read and write
250E1B04000
heap
page read and write
1E0A387D000
heap
page read and write
7FF8879ED000
trusted library allocation
page execute and read and write
7FF887B90000
trusted library allocation
page execute and read and write
397CFD000
stack
page read and write
1C2154C0000
heap
page read and write
34CFAFE000
stack
page read and write
69C0000
heap
page read and write
127C5952000
heap
page read and write
138B4102000
heap
page read and write
7FF8879FD000
trusted library allocation
page execute and read and write
502F000
stack
page read and write
127C5047000
heap
page read and write
127C60A1000
heap
page read and write
7FF887A0D000
trusted library allocation
page execute and read and write
13F57B00000
heap
page read and write
20A50899000
heap
page read and write
20A5088B000
heap
page read and write
20A33C00000
heap
page read and write
127C5915000
heap
page read and write
F075E7B000
stack
page read and write
3F436FE000
stack
page read and write
7FF887BE0000
trusted library allocation
page execute and read and write
250E6780000
trusted library allocation
page read and write
127C50FA000
heap
page read and write
28A2BDD0000
heap
page read and write
7FF887AE6000
trusted library allocation
page execute and read and write
20A33C02000
heap
page read and write
66E6DFD000
stack
page read and write
138B4100000
heap
page read and write
66E68FE000
stack
page read and write
20A4F135000
heap
page read and write
127C6119000
heap
page read and write
127C5929000
heap
page read and write
250E688A000
heap
page read and write
51A54B000
stack
page read and write
250E67C0000
trusted library allocation
page read and write
127C5959000
heap
page read and write
21425931000
trusted library allocation
page read and write
127C591E000
heap
page read and write
20A338ED000
heap
page read and write
250E67F0000
trusted library allocation
page read and write
20A50866000
heap
page read and write
7FF8879F4000
trusted library allocation
page read and write
2143DF70000
heap
page read and write
250E19F0000
trusted library allocation
page read and write
13F3D2D6000
heap
page read and write
7FF887AF0000
trusted library allocation
page execute and read and write
127C590F000
heap
page read and write
13F3D550000
heap
page read and write
21913FE000
stack
page read and write
51AFF8000
stack
page read and write
127C60E1000
heap
page read and write
7FF8879F0000
trusted library allocation
page read and write
22C54802000
heap
page read and write
F076CFB000
stack
page read and write
1389882D000
heap
page read and write
46E000
remote allocation
page execute and read and write
1C21563D000
heap
page read and write
22C54610000
heap
page read and write
21423CAF000
heap
page read and write
20A33B40000
trusted library allocation
page read and write
20A4D5D0000
trusted library allocation
page read and write
13898B60000
heap
page execute and read and write
534D000
stack
page read and write
127C6112000
heap
page read and write
BA15EFE000
stack
page read and write
127C60D1000
heap
page read and write
7FF887A1D000
trusted library allocation
page execute and read and write
20A33800000
heap
page read and write
127C5113000
heap
page read and write
127C595D000
heap
page read and write
7FF8879ED000
trusted library allocation
page execute and read and write
BA165FE000
stack
page read and write
250E1200000
heap
page read and write
F6128FF000
unkown
page read and write
127C5962000
heap
page read and write
1FFF32F5000
heap
page read and write
21912FE000
stack
page read and write
127C6102000
heap
page read and write
7FF887BE2000
trusted library allocation
page read and write
7FF8879E2000
trusted library allocation
page read and write
13F3D4D0000
heap
page execute and read and write
7FF887C10000
trusted library allocation
page read and write
21914FB000
stack
page read and write
7FF887A04000
trusted library allocation
page read and write
127C5958000
heap
page read and write
BA157FE000
stack
page read and write
13F58010000
heap
page read and write
127C5082000
heap
page read and write
127C5970000
heap
page read and write
13898C00000
heap
page read and write
21425920000
trusted library allocation
page read and write
127C591F000
heap
page read and write
28A2BBA0000
heap
page read and write
127C596F000
heap
page read and write
214258FB000
trusted library allocation
page read and write
127C597D000
heap
page read and write
7FF8879F2000
trusted library allocation
page read and write
66E66FE000
stack
page read and write
127C593B000
heap
page read and write
28A2BC72000
heap
page read and write
127C4FE0000
heap
page read and write
4BC0000
heap
page read and write
127C514C000
heap
page read and write
138B2F02000
heap
page execute and read and write
7FF887B7A000
trusted library allocation
page read and write
250E6853000
heap
page read and write
F0762FE000
unkown
page readonly
250E68FB000
heap
page read and write
471000
remote allocation
page execute and read and write
127C6070000
heap
page read and write
7FF8879FB000
trusted library allocation
page read and write
127C6071000
heap
page read and write
7FF887B00000
trusted library allocation
page execute and read and write
20A4F002000
heap
page read and write
127C60D6000
heap
page read and write
127C595A000
heap
page read and write
250E2280000
trusted library allocation
page read and write
7FF887A86000
trusted library allocation
page read and write
2E80000
heap
page read and write
3F43FFA000
stack
page read and write
127C595A000
heap
page read and write
21423C44000
heap
page read and write
13F3D299000
heap
page read and write
127C50A7000
heap
page read and write
127C60EF000
heap
page read and write
7FF887B77000
trusted library allocation
page read and write
7FF887A00000
trusted library allocation
page read and write
7FF887A80000
trusted library allocation
page read and write
22C54710000
heap
page read and write
1C23266C000
heap
page read and write
127C511A000
heap
page read and write
127C594E000
heap
page read and write
13F57C13000
heap
page read and write
13F3D702000
heap
page read and write
127C5934000
heap
page read and write
7FF8879D9000
trusted library allocation
page read and write
BA161FA000
stack
page read and write
2143F590000
trusted library section
page read and write
1C22FD35000
heap
page read and write
127C5998000
heap
page read and write
127C5937000
heap
page read and write
7FF887BC0000
trusted library allocation
page read and write
1E0A37C0000
heap
page read and write
127C5959000
heap
page read and write
127C50AF000
heap
page read and write
250E6904000
heap
page read and write
250E1306000
heap
page read and write
21425A29000
trusted library allocation
page read and write
127C6082000
heap
page read and write
51AEFE000
unkown
page readonly
250E1213000
heap
page read and write
214258C7000
trusted library allocation
page read and write
7FF887BF0000
trusted library allocation
page execute and read and write
2142594E000
trusted library allocation
page read and write
127C60B1000
heap
page read and write
66E6AFA000
stack
page read and write
F0774FB000
stack
page read and write
127C611F000
heap
page read and write
127C6104000
heap
page read and write
214258F5000
trusted library allocation
page read and write
250E11A0000
heap
page read and write
127C5994000
heap
page read and write
7FF887C00000
trusted library allocation
page execute and read and write
127C607E000
heap
page read and write
127C5942000
heap
page read and write
5570000
heap
page read and write
20A50855000
heap
page read and write
127C5965000
heap
page read and write
127C596D000
heap
page read and write
127C5953000
heap
page read and write
2190DFE000
stack
page read and write
2142597C000
trusted library allocation
page read and write
250E1D00000
trusted library allocation
page read and write
250E6A00000
trusted library allocation
page read and write
13898BC0000
heap
page read and write
127C597D000
heap
page read and write
2143DF60000
heap
page read and write
7FF887BFA000
trusted library allocation
page read and write
127C606D000
heap
page read and write
7FF887AC6000
trusted library allocation
page execute and read and write
5020000
heap
page read and write
1C215677000
heap
page read and write
250E6790000
trusted library allocation
page read and write
21425916000
trusted library allocation
page read and write
127C5914000
heap
page read and write
127C5979000
heap
page read and write
7FF8879FB000
trusted library allocation
page execute and read and write
7FF887BA2000
trusted library allocation
page read and write
127C5979000
heap
page read and write
250E690B000
heap
page read and write
13F57B13000
heap
page read and write
BA15BFB000
stack
page read and write
28A2BC62000
heap
page read and write
250E1229000
heap
page read and write
7FF8879FD000
trusted library allocation
page execute and read and write
1C21563B000
heap
page read and write
1E0A3800000
unkown
page read and write
66E67FE000
stack
page read and write
127C5990000
heap
page read and write
214259D4000
trusted library allocation
page read and write
13F3D160000
heap
page read and write
21425854000
trusted library allocation
page read and write
7FF8879F3000
trusted library allocation
page execute and read and write
250E684E000
heap
page read and write
3F43AFD000
stack
page read and write
2143F4DC000
heap
page read and write
1E0A387E000
heap
page read and write
53B5000
heap
page read and write
127C5972000
heap
page read and write
4DE0000
heap
page read and write
1C215904000
heap
page read and write
1E0A3838000
heap
page read and write
7FF887B10000
trusted library allocation
page execute and read and write
2142597F000
trusted library allocation
page read and write
2142591D000
trusted library allocation
page read and write
20A337B0000
heap
page read and write
7FF8879FD000
trusted library allocation
page execute and read and write
7FF887BF0000
trusted library allocation
page read and write
250E1300000
heap
page read and write
21423CF0000
trusted library allocation
page read and write
127C6116000
heap
page read and write
1C232600000
heap
page read and write
5030000
heap
page readonly
7FF8879D0000
trusted library allocation
page read and write
138B5200000
heap
page read and write
21435721000
trusted library allocation
page read and write
250E12AD000
heap
page read and write
214258BF000
trusted library allocation
page read and write
1C215651000
heap
page read and write
F0775FE000
unkown
page readonly
2190BFE000
stack
page read and write
7FF887BA0000
trusted library allocation
page read and write
7FF887BB0000
trusted library allocation
page execute and read and write
127C608B000
heap
page read and write
1C2171E0000
heap
page read and write
13F57CA9000
heap
page read and write
127C591D000
heap
page read and write
214257E4000
trusted library allocation
page read and write
13F3D200000
heap
page read and write
22C54902000
heap
page read and write
214257E7000
trusted library allocation
page read and write
20A355A1000
trusted library allocation
page read and write
127C5996000
heap
page read and write
21423A50000
heap
page read and write
250E6900000
heap
page read and write
13F3D57F000
trusted library section
page readonly
13F3D140000
heap
page read and write
127C60D7000
heap
page read and write
127C5934000
heap
page read and write
28A2BC72000
heap
page read and write
127C593C000
heap
page read and write
1C217214000
trusted library allocation
page read and write
13898902000
heap
page read and write
127C60FC000
heap
page read and write
127C6102000
heap
page read and write
127C597E000
heap
page read and write
127C6000000
heap
page read and write
20A50895000
heap
page read and write
7FF8879F0000
trusted library allocation
page read and write
127C596E000
heap
page read and write
7FF8879F4000
trusted library allocation
page read and write
2143F514000
heap
page read and write
20A455A7000
trusted library allocation
page read and write
BA164FE000
stack
page read and write
127C594A000
heap
page read and write
138B525E000
heap
page read and write
20A33B10000
heap
page read and write
20A33840000
heap
page read and write
127C5952000
heap
page read and write
1C2171F0000
heap
page execute and read and write
250E1302000
heap
page read and write
1C2155C0000
heap
page read and write
13898AD0000
heap
page read and write
1C232667000
heap
page read and write
250E6792000
trusted library allocation
page read and write
127C5956000
heap
page read and write
1E0A383A000
heap
page read and write
13898B83000
trusted library allocation
page read and write
13F57C8F000
heap
page read and write
250E6A60000
trusted library allocation
page read and write
1C2326A7000
heap
page read and write
127C5982000
heap
page read and write
F0760FE000
unkown
page readonly
250E6B20000
remote allocation
page read and write
13F3F0BE000
trusted library allocation
page read and write
127C5000000
heap
page read and write
21423D90000
heap
page read and write
1389884B000
heap
page read and write
250E12B1000
heap
page read and write
127C6082000
heap
page read and write
138AA5A1000
trusted library allocation
page read and write
138B4002000
heap
page read and write
1389A5B4000
trusted library allocation
page read and write
1389A5F7000
trusted library allocation
page read and write
127C50A7000
heap
page read and write
1E0A383A000
heap
page read and write
BA15DFF000
stack
page read and write
20A3561D000
trusted library allocation
page read and write
1C215622000
heap
page read and write
2143E0E3000
heap
page execute and read and write
214259B5000
trusted library allocation
page read and write
7FF887B9E000
trusted library allocation
page read and write
13898813000
heap
page read and write
4D60000
heap
page read and write
250E68E1000
heap
page read and write
21425710000
heap
page execute and read and write
127C599C000
heap
page read and write
20A355EB000
trusted library allocation
page read and write
214257DC000
trusted library allocation
page read and write
1FFF1850000
heap
page read and write
214258AE000
trusted library allocation
page read and write
51AC7E000
stack
page read and write
138B528B000
heap
page read and write
7FF887C20000
trusted library allocation
page execute and read and write
127C5922000
heap
page read and write
127C5955000
heap
page read and write
214257D6000
trusted library allocation
page read and write
214257FF000
trusted library allocation
page read and write
127C513B000
heap
page read and write
13898B20000
trusted library allocation
page read and write
250E6841000
heap
page read and write
1C22F8D0000
trusted library allocation
page read and write
7FF887C10000
trusted library allocation
page execute and read and write
7FF8879D3000
trusted library allocation
page execute and read and write
20A337C0000
heap
page read and write
127C5954000
heap
page read and write
21423B30000
heap
page read and write
127C5952000
heap
page read and write
1FFF32F0000
heap
page read and write
250E6800000
heap
page read and write
7FF887BD7000
trusted library allocation
page read and write
250E6888000
heap
page read and write
250E1B02000
heap
page read and write
1C2171B0000
trusted library allocation
page read and write
13F3D2F6000
heap
page read and write
28A2BC72000
heap
page read and write
127C5082000
heap
page read and write
7FF887B80000
trusted library allocation
page read and write
13898846000
heap
page read and write
3F440FE000
stack
page read and write
7FF887A1D000
trusted library allocation
page execute and read and write
13F3D221000
heap
page read and write
6BE0000
heap
page read and write
127C5941000
heap
page read and write
127C5076000
heap
page read and write
21423D50000
heap
page read and write
127C5916000
heap
page read and write
7FF887BDA000
trusted library allocation
page read and write
22C54DA0000
trusted library allocation
page read and write
21435731000
trusted library allocation
page read and write
214239C0000
unkown
page readonly
7FF8879D2000
trusted library allocation
page read and write
2BA0000
heap
page read and write
127C50A1000
heap
page read and write
1E0A3924000
heap
page read and write
214259F9000
trusted library allocation
page read and write
127C5900000
heap
page read and write
1389A5EB000
trusted library allocation
page read and write
1E0A387C000
heap
page read and write
3F433C2000
stack
page read and write
51FB000
stack
page read and write
1389A62D000
trusted library allocation
page read and write
127C60F6000
heap
page read and write
20A33877000
heap
page read and write
1C2156A5000
heap
page read and write
1E0A387D000
heap
page read and write
250E1B1A000
heap
page read and write
1C22F930000
heap
page read and write
7FF8879D5000
trusted library allocation
page read and write
13F57A02000
heap
page read and write
127C5955000
heap
page read and write
1C217270000
trusted library allocation
page read and write
214258E1000
trusted library allocation
page read and write
250E6790000
trusted library allocation
page read and write
250E6760000
trusted library allocation
page read and write
127C5959000
heap
page read and write
E79537E000
unkown
page readonly
1C22F900000
heap
page execute and read and write
250E6AD0000
trusted library allocation
page read and write
21425836000
trusted library allocation
page read and write
20A355A3000
trusted library allocation
page read and write
7FF887AD6000
trusted library allocation
page execute and read and write
51B0FE000
unkown
page readonly
1C215800000
heap
page read and write
127C5977000
heap
page read and write
214259BE000
trusted library allocation
page read and write
214258A8000
trusted library allocation
page read and write
13F3D302000
heap
page read and write
138988F7000
heap
page read and write
127C5959000
heap
page read and write
1C232649000
heap
page read and write
127C5956000
heap
page read and write
7FF887A10000
trusted library allocation
page read and write
1FFF18CF000
heap
page read and write
127C5939000
heap
page read and write
127C592A000
heap
page read and write
51A8FE000
stack
page read and write
7FF887C20000
trusted library allocation
page read and write
250E6A70000
trusted library allocation
page read and write
7FF887BD2000
trusted library allocation
page read and write
1389A5A1000
trusted library allocation
page read and write
20A455A1000
trusted library allocation
page read and write
250E67F0000
trusted library allocation
page read and write
20A455B1000
trusted library allocation
page read and write
250E6770000
trusted library allocation
page read and write
13F57902000
heap
page execute and read and write
28A2BC62000
heap
page read and write
127C5955000
heap
page read and write
127C60CD000
heap
page read and write
138988CF000
heap
page read and write
127C5092000
heap
page read and write
250E1252000
heap
page read and write
127C514C000
heap
page read and write
127C591A000
heap
page read and write
250E12A8000
heap
page read and write
127C5902000
heap
page read and write
127C5955000
heap
page read and write
250E6CF0000
trusted library allocation
page read and write
250E6791000
trusted library allocation
page read and write
4DF0000
heap
page read and write
127C5967000
heap
page read and write
127C5956000
heap
page read and write
21425928000
trusted library allocation
page read and write
127C5972000
heap
page read and write
250E67C0000
trusted library allocation
page read and write
13F3D2DA000
heap
page read and write
127C60C6000
heap
page read and write
20A338FE000
heap
page read and write
250E1B1A000
heap
page read and write
20A33D02000
heap
page read and write
1C230010000
heap
page read and write
13F3D2E9000
heap
page read and write
475000
remote allocation
page execute and read and write
21425970000
trusted library allocation
page read and write
3F437FF000
stack
page read and write
127C5940000
heap
page read and write
7FF887A9C000
trusted library allocation
page execute and read and write
20A35631000
trusted library allocation
page read and write
20A33B80000
heap
page read and write
21425953000
trusted library allocation
page read and write
250E7000000
heap
page read and write
13F3D1E0000
trusted library allocation
page read and write
13898840000
heap
page read and write
21423E00000
heap
page read and write
1C21562D000
heap
page read and write
13F3F032000
trusted library allocation
page read and write
20A4DE02000
heap
page read and write
21425A3F000
trusted library allocation
page read and write
5080000
heap
page read and write
138B526F000
heap
page read and write
7FF887A03000
trusted library allocation
page execute and read and write
214259E5000
trusted library allocation
page read and write
127C590F000
heap
page read and write
250E1A00000
heap
page read and write
13F4EFA1000
trusted library allocation
page read and write
7FF887A2D000
trusted library allocation
page execute and read and write
250E12AD000
heap
page read and write
250E1264000
heap
page read and write
21423D80000
trusted library section
page readonly
2B90000
heap
page readonly
127C5921000
heap
page read and write
127C5924000
heap
page read and write
66E60F2000
stack
page read and write
13F3D2E3000
heap
page read and write
250E1250000
heap
page read and write
127C6088000
heap
page read and write
1FFF18C8000
heap
page read and write
7FF8879DD000
trusted library allocation
page execute and read and write
127C5800000
heap
page read and write
4CF0000
heap
page read and write
7FF887B90000
trusted library allocation
page execute and read and write
1E0A383A000
heap
page read and write
1E0A3802000
unkown
page read and write
127C5102000
heap
page read and write
BA15FFE000
stack
page read and write
13898B40000
trusted library allocation
page read and write
1E0A3D02000
heap
page read and write
127C597F000
heap
page read and write
127C6112000
heap
page read and write
20A337D0000
heap
page read and write
2142582A000
trusted library allocation
page read and write
1C2172A8000
trusted library allocation
page read and write
20A50842000
heap
page read and write
127C5934000
heap
page read and write
138988CA000
heap
page read and write
1C215902000
heap
page read and write
13F4EFA7000
trusted library allocation
page read and write
214258E7000
trusted library allocation
page read and write
20A35699000
trusted library allocation
page read and write
3F43EFD000
stack
page read and write
2B1C000
stack
page read and write
7FF887AF6000
trusted library allocation
page execute and read and write
21425897000
trusted library allocation
page read and write
F6129FE000
stack
page read and write
3978FC000
stack
page read and write
127C595B000
heap
page read and write
1389A919000
trusted library allocation
page read and write
1E0A3902000
trusted library allocation
page read and write
20A33B43000
trusted library allocation
page read and write
13F3F0BC000
trusted library allocation
page read and write
1C22FB02000
heap
page execute and read and write
1C22FC02000
heap
page read and write
471000
remote allocation
page execute and read and write
138AA5B1000
trusted library allocation
page read and write
28A2BC63000
heap
page read and write
4B5C000
stack
page read and write
13898BE0000
heap
page read and write
214257F8000
trusted library allocation
page read and write
7FF887AB0000
trusted library allocation
page read and write
50A0000
heap
page read and write
13F3D600000
heap
page read and write
250E68BF000
heap
page read and write
F0780FE000
unkown
page readonly
7FF887C00000
trusted library allocation
page read and write
127C5932000
heap
page read and write
20A33AE0000
trusted library allocation
page read and write
22C54856000
heap
page read and write
21423C11000
heap
page read and write
1E0A382B000
heap
page read and write
BA166FC000
stack
page read and write
1C215613000
heap
page read and write
13F3D530000
heap
page read and write
2143F9B2000
trusted library allocation
page read and write
1C232659000
heap
page read and write
4CAC000
stack
page read and write
127C5949000
heap
page read and write
3F43CFE000
stack
page read and write
7FF887A0D000
trusted library allocation
page execute and read and write
127C5088000
heap
page read and write
127C60FD000
heap
page read and write
710F000
stack
page read and write
7FF8879DD000
trusted library allocation
page execute and read and write
BA159FE000
stack
page read and write
1C2156AE000
heap
page read and write
7FF887B8E000
trusted library allocation
page read and write
13898C54000
heap
page read and write
21425721000
trusted library allocation
page read and write
127C513B000
heap
page read and write
214259A1000
trusted library allocation
page read and write
7FF8879EB000
trusted library allocation
page read and write
250E1A02000
heap
page read and write
F0765FE000
unkown
page readonly
7FF887AAC000
trusted library allocation
page execute and read and write
53B0000
heap
page read and write
1C2156FA000
heap
page read and write
138988AC000
heap
page read and write
138988D7000
heap
page read and write
7FF887C0A000
trusted library allocation
page read and write
7FF887A18000
trusted library allocation
page read and write
127C5972000
heap
page read and write
4DAC000
stack
page read and write
7FF887BAE000
trusted library allocation
page read and write
127C5963000
heap
page read and write
2142590D000
trusted library allocation
page read and write
127C5955000
heap
page read and write
51ADFB000
stack
page read and write
250E12B7000
heap
page read and write
127C60BE000
heap
page read and write
51B1FE000
stack
page read and write
1389A917000
trusted library allocation
page read and write
13898AE0000
heap
page read and write
127C6058000
heap
page read and write
7FF887AFE000
trusted library allocation
page execute and read and write
7FF887A00000
trusted library allocation
page read and write
127C5930000
heap
page read and write
20A508A3000
heap
page read and write
21425967000
trusted library allocation
page read and write
21423BD0000
heap
page read and write
22C5481B000
heap
page read and write
7FF887BEA000
trusted library allocation
page read and write
127C5952000
heap
page read and write
127C595D000
heap
page read and write
7FF887A12000
trusted library allocation
page read and write
7FF887B7C000
trusted library allocation
page read and write
F37DF7E000
stack
page read and write
127C5931000
heap
page read and write
20A33822000
heap
page read and write
21423E05000
heap
page read and write
51A9FE000
unkown
page readonly
250E12B7000
heap
page read and write
127C5929000
heap
page read and write
7FF887AA0000
trusted library allocation
page read and write
13F57C68000
heap
page read and write
7FF887AA0000
trusted library allocation
page execute and read and write
F37DFFF000
stack
page read and write
397DFA000
stack
page read and write
7FF887A20000
trusted library allocation
page read and write
1389A633000
trusted library allocation
page read and write
127C5956000
heap
page read and write
250E1269000
heap
page read and write
2142593C000
trusted library allocation
page read and write
13F57C00000
heap
page read and write
3971E2000
stack
page read and write
7FF887AB0000
trusted library allocation
page execute and read and write
13F3D243000
heap
page read and write
22C54630000
heap
page read and write
2190AFC000
stack
page read and write
475000
remote allocation
page execute and read and write
1C22F910000
heap
page read and write
250E6AB0000
trusted library allocation
page read and write
3F444FC000
stack
page read and write
1C22FD00000
heap
page read and write
13F57B02000
heap
page read and write
F0764FE000
stack
page read and write
127C596B000
heap
page read and write
13F3D251000
heap
page read and write
127C5955000
heap
page read and write
127C5952000
heap
page read and write
1C217201000
trusted library allocation
page read and write
127C594C000
heap
page read and write
F076DFE000
unkown
page readonly
1C217331000
trusted library allocation
page read and write
20A33B70000
heap
page execute and read and write
7FF887A90000
trusted library allocation
page read and write
1C215802000
heap
page read and write
127C5940000
heap
page read and write
51B2FE000
unkown
page readonly
250E129E000
heap
page read and write
3F43DFE000
stack
page read and write
250E1300000
heap
page read and write
7FF887BC0000
trusted library allocation
page read and write
250E123F000
heap
page read and write
21423BF9000
heap
page read and write
7FF887BD0000
trusted library allocation
page read and write
127C5750000
trusted library allocation
page read and write
20A338E1000
heap
page read and write
127C5955000
heap
page read and write
127C5946000
heap
page read and write
127C60C9000
heap
page read and write
127C514C000
heap
page read and write
7FF887A24000
trusted library allocation
page read and write
138987F0000
heap
page read and write
250E6860000
heap
page read and write
1C227529000
trusted library allocation
page read and write
214255B4000
heap
page read and write
1C2156D7000
heap
page read and write
127C6080000
heap
page read and write
4DF0000
heap
page read and write
127C5979000
heap
page read and write
3F443FE000
stack
page read and write
127C5920000
heap
page read and write
250E6A70000
trusted library allocation
page read and write
1C215854000
heap
page read and write
250E19C1000
trusted library allocation
page read and write
250E122B000
heap
page read and write
127C5930000
heap
page read and write
127C5952000
heap
page read and write
13F57C73000
heap
page read and write
1C2172B7000
trusted library allocation
page read and write
2BFE000
stack
page read and write
20A35917000
trusted library allocation
page read and write
20A3383D000
heap
page read and write
13898BB0000
heap
page execute and read and write
250E68C3000
heap
page read and write
7FF887BF0000
trusted library allocation
page read and write
127C605B000
heap
page read and write
13898C02000
heap
page read and write
250E6B20000
remote allocation
page read and write
7FF8879D4000
trusted library allocation
page read and write
28A2BC30000
heap
page read and write
127C590C000
heap
page read and write
22C54813000
heap
page read and write
1E0A37D0000
trusted library allocation
page read and write
1E0A3D02000
heap
page read and write
7FF8879E0000
trusted library allocation
page read and write
66E65FC000
stack
page read and write
13898828000
heap
page read and write
7FF887A3C000
trusted library allocation
page execute and read and write
1C217203000
trusted library allocation
page read and write
127C4FF0000
heap
page read and write
7FF887BE0000
trusted library allocation
page read and write
7FF8879F4000
trusted library allocation
page read and write
7FF887BE0000
trusted library allocation
page read and write
127C5994000
heap
page read and write
127C592F000
heap
page read and write
1E0A3811000
unkown
page read and write
7FF887A0D000
trusted library allocation
page execute and read and write
138B5269000
heap
page read and write
1C22FD02000
heap
page read and write
127C5929000
heap
page read and write
21423C3E000
heap
page read and write
F0769FE000
unkown
page readonly
13898878000
heap
page read and write
2B80000
heap
page read and write
7FF887BC0000
trusted library allocation
page read and write
21423BF1000
heap
page read and write
1C2155D0000
heap
page read and write
471000
remote allocation
page execute and read and write
20A4E010000
heap
page read and write
F6125BB000
stack
page read and write
13F3D240000
heap
page read and write
2143F490000
heap
page read and write
127C5992000
heap
page read and write
13898D02000
heap
page read and write
7FF887BA6000
trusted library allocation
page read and write
250E11D0000
heap
page read and write
21423B70000
heap
page read and write
127C5953000
heap
page read and write
20A338E5000
heap
page read and write
1C215642000
heap
page read and write
7FF887BE0000
trusted library allocation
page read and write
7FF887A8C000
trusted library allocation
page execute and read and write
7FF8879D3000
trusted library allocation
page execute and read and write
13F3F015000
trusted library allocation
page read and write
13898B80000
trusted library allocation
page read and write
13F3D170000
heap
page read and write
1E0A3C00000
heap
page read and write
20A35919000
trusted library allocation
page read and write
1E0A3D00000
heap
page read and write
2143E480000
heap
page read and write
13898800000
heap
page read and write
21425881000
trusted library allocation
page read and write
4D7E000
stack
page read and write
127C5959000
heap
page read and write
250E1313000
heap
page read and write
7FF887A2C000
trusted library allocation
page execute and read and write
13F57B35000
heap
page read and write
7FF887BF0000
trusted library allocation
page read and write
20A33842000
heap
page read and write
138B2F13000
heap
page execute and read and write
7FF8879E8000
trusted library allocation
page read and write
1C23267C000
heap
page read and write
3F43BFE000
stack
page read and write
21425828000
trusted library allocation
page read and write
2BB0000
heap
page read and write
512F000
stack
page read and write
7FF887A14000
trusted library allocation
page read and write
1C22F950000
trusted library section
page readonly
BA158FE000
stack
page read and write
20A4F100000
heap
page read and write
13898851000
heap
page read and write
127C5088000
heap
page read and write
2143E485000
heap
page read and write
13F3D277000
heap
page read and write
250E6AC0000
trusted library allocation
page read and write
7FF887A2B000
trusted library allocation
page execute and read and write
20A50881000
heap
page read and write
250E68F0000
heap
page read and write
2143D750000
trusted library allocation
page read and write
127C5932000
heap
page read and write
250E12B1000
heap
page read and write
21910FD000
stack
page read and write
7FF8879E2000
trusted library allocation
page read and write
127C6055000
heap
page read and write
127C592A000
heap
page read and write
7FF887BC0000
trusted library allocation
page execute and read and write
7FF887B0A000
trusted library allocation
page execute and read and write
250E67B0000
trusted library allocation
page read and write
7FF887B7A000
trusted library allocation
page read and write
127C595B000
heap
page read and write
1C217212000
trusted library allocation
page read and write
13F3D213000
heap
page read and write
7FF8879E2000
trusted library allocation
page read and write
7FF887AFA000
trusted library allocation
page execute and read and write
214258A5000
trusted library allocation
page read and write
7FF887B8A000
trusted library allocation
page read and write
21423C3C000
heap
page read and write
13898826000
heap
page read and write
127C5918000
heap
page read and write
7FF887A80000
trusted library allocation
page read and write
1C22FD13000
heap
page read and write
1E0A387D000
heap
page read and write
21423BFD000
heap
page read and write
138B4113000
heap
page read and write
13F57913000
heap
page execute and read and write
250E6700000
trusted library allocation
page read and write
250E120B000
heap
page read and write
28A2BDC0000
heap
page read and write
7FF887A1B000
trusted library allocation
page read and write
5380000
heap
page read and write
1C215600000
heap
page read and write
7FF887AB6000
trusted library allocation
page execute and read and write
127C595C000
heap
page read and write
7FF887BB0000
trusted library allocation
page read and write
7FF887BA0000
trusted library allocation
page read and write
21423B80000
heap
page read and write
7FF887BD0000
trusted library allocation
page read and write
138987D0000
heap
page read and write
20A50870000
heap
page read and write
1E0A3C13000
heap
page read and write
127C595D000
heap
page read and write
138B524D000
heap
page read and write
F07807E000
stack
page read and write
7FF887BD0000
trusted library allocation
page read and write
127C5926000
heap
page read and write
127C5960000
heap
page read and write
127C593D000
heap
page read and write
250E1317000
heap
page read and write
7FF8879D0000
trusted library allocation
page read and write
7FF887BF0000
trusted library allocation
page read and write
22C54824000
heap
page read and write
250E6B20000
remote allocation
page read and write
250E1302000
heap
page read and write
7FF887A86000
trusted library allocation
page read and write
4CFC000
stack
page read and write
127C5974000
heap
page read and write
21425A34000
trusted library allocation
page read and write
127C4FC0000
heap
page read and write
127C5815000
heap
page read and write
21423BD6000
heap
page read and write
1C23268E000
heap
page read and write
55A6000
heap
page read and write
127C6102000
heap
page read and write
127C5105000
heap
page read and write
127C5957000
heap
page read and write
53C0000
heap
page read and write
127C5919000
heap
page read and write
13F3EFFD000
trusted library allocation
page read and write
13F3EFA1000
trusted library allocation
page read and write
2142598A000
trusted library allocation
page read and write
21423B50000
heap
page read and write
7FF887A0B000
trusted library allocation
page execute and read and write
214258B1000
trusted library allocation
page read and write
2142599E000
trusted library allocation
page read and write
1E0A3C02000
heap
page read and write
13F3D4E0000
heap
page read and write
66E61FF000
stack
page read and write
127C5913000
heap
page read and write
13F3D713000
heap
page read and write
127C595F000
heap
page read and write
7FF887A2C000
trusted library allocation
page execute and read and write
21435795000
trusted library allocation
page read and write
127C60EF000
heap
page read and write
BA156F2000
stack
page read and write
20A33813000
heap
page read and write
21425950000
trusted library allocation
page read and write
127C60E0000
heap
page read and write
66E6FFB000
stack
page read and write
20A33902000
heap
page read and write
127C5907000
heap
page read and write
7FF887BC0000
trusted library allocation
page read and write
21425870000
trusted library allocation
page read and write
127C5953000
heap
page read and write
127C592C000
heap
page read and write
13F3D247000
heap
page read and write
250E12A5000
heap
page read and write
20A4DF13000
heap
page execute and read and write
127C6088000
heap
page read and write
7FF887B90000
trusted library allocation
page read and write
20A4F113000
heap
page read and write
127C595A000
heap
page read and write
1C215813000
heap
page read and write
20A33C54000
heap
page read and write
7FF887AA6000
trusted library allocation
page read and write
7FF887BE0000
trusted library allocation
page execute and read and write
28A2BBC0000
heap
page read and write
127C5953000
heap
page read and write
1C21725D000
trusted library allocation
page read and write
7FF887AC0000
trusted library allocation
page execute and read and write
1E0A387D000
heap
page read and write
7FF887A1B000
trusted library allocation
page execute and read and write
214239C2000
unkown
page readonly
21435A48000
trusted library allocation
page read and write
There are 1216 hidden memdumps, click here to show them.