IOC Report
!!SetUp_2244_PassW0rds$.zip

loading gif

Files

File Path
Type
Category
Malicious
!!SetUp_2244_PassW0rds$.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\dqgis
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\fpmss
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\ohj
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\vtesbhvscpflt
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\desktop_drop_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\desktop_multi_window_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\file_selector_windows_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\flutter_custom_cursor_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\flutter_gpu_texture_renderer_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\flutter_windows.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\screen_retriever_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\texture_rgba_renderer_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\uni_links_desktop_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\url_launcher_windows_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\window_manager_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Pluginsig\window_size_plugin.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SearchIndexer.ex_cd53bb3f2f8e47747a257a3577baa06d94df3e33_9e0a92cb_31092b90-5a0b-4bab-855d-d2d338fb63c5\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SearchIndexer.ex_cd53bb3f2f8e47747a257a3577baa06d94df3e33_9e0a92cb_660dfc9a-8a8a-4a04-b30b-819eb4d27d44\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SearchIndexer.ex_cd53bb3f2f8e47747a257a3577baa06d94df3e33_9e0a92cb_c7c1e45b-bf3e-4103-b15f-48fb82114c87\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SearchIndexer.ex_cd53bb3f2f8e47747a257a3577baa06d94df3e33_9e0a92cb_f7491d2a-1787-4ae6-8b42-cec888524aed\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B44.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Aug 28 11:31:55 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D97.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DE6.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA2B2.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Aug 28 11:33:02 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA301.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA321.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC608.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Aug 28 11:33:11 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC648.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC668.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD446.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Aug 28 11:32:09 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD485.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD4A6.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\2866274d
data
dropped
C:\Users\user\AppData\Local\Temp\305b7104
data
dropped
C:\Users\user\AppData\Local\Temp\4f6b300e
data
dropped
C:\Users\user\AppData\Local\Temp\5509dc59
data
dropped
C:\Users\user\AppData\Roaming\Pluginsig\darw
data
dropped
C:\Users\user\AppData\Roaming\Pluginsig\dorhncv
data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 31 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe
"C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe"
malicious
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
 malicious
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
 malicious
C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe
"C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe"
malicious
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
 malicious
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
 malicious
C:\Users\user\Desktop\Setup.exe
"C:\Users\user\Desktop\Setup.exe"
malicious
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
 malicious
C:\Users\user\Desktop\Setup.exe
"C:\Users\user\Desktop\Setup.exe"
malicious
C:\Windows\SysWOW64\more.com
C:\Windows\SysWOW64\more.com
 malicious
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
 malicious
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
 malicious
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe
C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 396
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 396
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 212
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 384
There are 12 hidden processes, click here to show them.

URLs

Name
IP
Malicious
caffegclasiqwp.shop
malicious
condedqpwqm.shop
malicious
stagedchheiqwo.shop
malicious
stamppreewntnq.shop
malicious
https://anglebug.com/4674
unknown
http://www.vmware.com/0
unknown
http://anglebug.com/8280enableTranslatedShaderSubstitutionCheck
unknown
http://anglebug.com/4633
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
unknown
http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcodeRegularVersion
unknown
https://anglebug.com/7382
unknown
https://issuetracker.google.com/284462263
unknown
http://crbug.com/550292
unknown
http://crbug.com/883276
unknown
https://crbug.com/1356053
unknown
https://anglebug.com/7714
unknown
https://anglebug.com/5536
unknown
https://crbug.com/705865
unknown
http://crbug.com/110263
unknown
http://anglebug.com/6248
unknown
http://ocs(p.g
unknown
http://anglebug.com/6929
unknown
http://anglebug.com/5281
unknown
https://issuetracker.google.com/255411748
unknown
https://anglebug.com/7246
unknown
https://anglebug.com/7369
unknown
https://anglebug.com/7489
unknown
https://crbug.com/593024
unknown
https://crbug.com/1137851
unknown
https://issuetracker.google.com/161903006
unknown
http://anglebug.com/2152skipVSConstantRegisterZeroIn
unknown
https://crbug.com/1300575
unknown
http://www.symauth.com/cps0(
unknown
https://crbug.com/710443
unknown
https://crbug.com/1042393
unknown
https://crbug.com/1060012
unknown
http://anglebug.com/3078
unknown
http://anglebug.com/7553
unknown
http://anglebug.com/5375
unknown
http://anglebug.com/3246allowClearForRobustResourceInitSome
unknown
http://anglebug.com/5371
unknown
http://anglebug.com/3997
unknown
http://anglebug.com/4722
unknown
http://crbug.com/642605
unknown
http://www.symauth.com/rpa00
unknown
http://anglebug.com/1452
unknown
http://anglebug.com/7556
unknown
https://crbug.com/650547callClearTwiceUsing
unknown
http://crbug.com/1420130
unknown
http://anglebug.com/6692
unknown
https://issuetracker.google.com/258207403
unknown
https://www.digicert.c
unknown
http://ocsp.sectigo.com0
unknown
http://anglebug.com/3502
unknown
http://anglebug.com/3623
unknown
http://anglebug.com/3625
unknown
http://anglebug.com/3624
unknown
http://anglebug.com/5007
unknown
http://crbug.com/1181068
unknown
http://anglebug.com/2894
unknown
http://anglebug.com/3862
unknown
https://dartbug.com/52121.
unknown
http://anglebug.com/4836
unknown
https://issuetracker.google.com/issues/166475273
unknown
http://anglebug.com/4384
unknown
https://github.com/dart-lang/sdk/blob/master/runtime/docs/compiler/aot/entry_point_pragma.md
unknown
https://anglebug.com/7246enableCaptureLimitsSet
unknown
http://anglebug.com/3970
unknown
http://anglebug.com/4267
unknown
http://crbug.com/1181193
unknown
http://anglebug.com/482
unknown
http://anglebug.com/3045
unknown
https://anglebug.com/7604
unknown
http://anglebug.com/7761
unknown
http://anglebug.com/7760
unknown
http://crbug.com/308366
unknown
https://github.com/flutter/flutter/issues.
unknown
http://anglebug.com/5901
unknown
http://anglebug.com/3965
unknown
http://anglebug.com/6439
unknown
http://anglebug.com/7406
unknown
http://anglebug.com/7527
unknown
https://anglebug.com/7161
unknown
http://anglebug.com/5469
unknown
https://anglebug.com/7162
unknown
http://anglebug.com/3729
unknown
http://anglebug.com/5906
unknown
http://crbug.com/830046
unknown
http://anglebug.com/2517
unknown
http://anglebug.com/4937
unknown
http://c0rl.m%L
unknown
https://issuetracker.google.com/166809097
unknown
http://issuetracker.google.com/200067929
unknown
https://anglebug.com/7847
unknown
http://crbug.com/1094869
unknown
http://crbug.com/672380
unknown
http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
unknown
http://crbug.com/849576
unknown
http://anglebug.com/3832
unknown
http://anglebug.com/5577
unknown
There are 90 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDDFEBB86
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
ProgramId
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
FileId
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
LowerCaseLongPath
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
LongPathHash
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
Name
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
OriginalFileName
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
Publisher
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
Version
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
BinFileVersion
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
BinaryType
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
ProductName
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
ProductVersion
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
LinkDate
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
BinProductVersion
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
AppxPackageFullName
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
AppxPackageRelativeId
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
Size
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
Language
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
IsOsComponent
\REGISTRY\A\{ad1a7e61-8fd0-76b4-1a9b-e8c19d4c7bf4}\Root\InventoryApplicationFile\searchindexer.ex|d9957dd9f337b36a
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
There are 16 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
4C30000
direct allocation
page read and write
 malicious
1DD3F5DD000
heap
page read and write
2BFF000
stack
page read and write
13D40540000
heap
page read and write
13D43268000
unkown
page read and write
97A000
unkown
page readonly
7FFF297E3000
unkown
page readonly
2AB0000
heap
page read and write
8AE000
stack
page read and write
7FFF296F0000
unkown
page readonly
7FFF3C2EC000
unkown
page readonly
1E0000
heap
page read and write
7FFF2945B000
unkown
page read and write
7FF661977000
unkown
page readonly
612000
heap
page read and write
4AD0000
unkown
page read and write
2F14000
heap
page read and write
610000
heap
page read and write
7FF7989E0000
unkown
page readonly
A38000
unkown
page readonly
5ED000
stack
page read and write
59E000
stack
page read and write
1FCE23E0000
heap
page read and write
7FFF3C8DE000
unkown
page read and write
1DD4189F000
heap
page read and write
5EE000
heap
page read and write
1B2CBEA9000
heap
page read and write
1DD42022000
trusted library allocation
page read and write
7FFF3C458000
unkown
page readonly
48F4000
heap
page read and write
7FFF27318000
unkown
page readonly
7FF614722000
unkown
page readonly
679000
heap
page read and write
2D60000
heap
page read and write
7FFF3C40E000
unkown
page write copy
7FFF29855000
unkown
page write copy
7FFF3C464000
unkown
page readonly
1DD41EB0000
trusted library allocation
page read and write
7FFF3C379000
unkown
page read and write
13D427F5000
heap
page read and write
1F0000
heap
page read and write
9F26FA000
stack
page read and write
4C63000
unkown
page read and write
1DD3F3B1000
heap
page read and write
1A54BFD000
stack
page read and write
7FFF296C4000
unkown
page readonly
7FFF41590000
unkown
page readonly
4C61000
unkown
page read and write
6E8000
unkown
page readonly
5D0000
heap
page read and write
5262000
unkown
page read and write
7FF661989000
unkown
page write copy
7FFF27654000
unkown
page read and write
AF0000
heap
page read and write
7FF798A19000
unkown
page read and write
98E000
stack
page read and write
7FFF3C444000
unkown
page readonly
7C0000
heap
page read and write
3149000
heap
page read and write
3F0000
heap
page read and write
7FFF3C420000
unkown
page readonly
1B2CC6B8000
unkown
page read and write
7E4000
heap
page read and write
21D0000
heap
page read and write
A7D000
stack
page read and write
7FFF2973E000
unkown
page read and write
1B2CC8B0000
unkown
page read and write
13D43350000
unkown
page read and write
407000
unkown
page readonly
13D40500000
heap
page read and write
1FCE0910000
heap
page read and write
1DD40D99000
heap
page read and write
7FFF3C320000
unkown
page readonly
7FFF297EE000
unkown
page read and write
1DD41670000
heap
page read and write
7FFF27643000
unkown
page read and write
7FFF29734000
unkown
page readonly
7FFF27318000
unkown
page readonly
7FFF29797000
unkown
page read and write
7FFF26FB1000
unkown
page execute read
2F0E000
stack
page read and write
401000
unkown
page execute read
4E0000
heap
page read and write
7FFF29728000
unkown
page readonly
1DD3F412000
heap
page read and write
7FF614729000
unkown
page read and write
7FFF3C40F000
unkown
page read and write
1B2CBC80000
heap
page read and write
4322000
heap
page read and write
4B60000
unkown
page read and write
7FFF29778000
unkown
page readonly
7FFF295D3000
unkown
page readonly
3C4000
heap
page read and write
7FFF3C410000
unkown
page readonly
13D42922000
heap
page read and write
2DBF000
stack
page read and write
41DF000
heap
page read and write
1B2CBD80000
heap
page read and write
31B0000
heap
page read and write
7FFF297F0000
unkown
page read and write
2F14000
heap
page read and write
7FFF294F8000
unkown
page read and write
7FFF29792000
unkown
page readonly
6E4000
heap
page read and write
7FFF29600000
unkown
page readonly
7FFF3C3FD000
unkown
page read and write
6E4000
heap
page read and write
61E000
heap
page read and write
840000
heap
page read and write
7FFF29470000
unkown
page readonly
A90000
heap
page read and write
8DE000
stack
page read and write
1B2CC0BA000
heap
page read and write
614000
heap
page read and write
7FFF3C4C4000
unkown
page readonly
7FFF3C390000
unkown
page readonly
49D1000
unkown
page read and write
47AD000
direct allocation
page read and write
1FBD76D0000
heap
page read and write
13D40453000
heap
page read and write
A2E000
stack
page read and write
7FFF27654000
unkown
page read and write
1B2CB3A8000
heap
page read and write
8BC000
stack
page read and write
3C4000
heap
page read and write
1DD3F5D5000
heap
page read and write
7BC000
stack
page read and write
1FBD77B0000
heap
page read and write
7FFF297A0000
unkown
page readonly
B2D000
stack
page read and write
7FFF32EEB000
unkown
page read and write
1B2CC9BF000
unkown
page read and write
13D427F5000
heap
page read and write
7FFF3C8E0000
unkown
page read and write
1DD42036000
trusted library allocation
page read and write
7FFF29860000
unkown
page read and write
62A000
heap
page read and write
8F8000
heap
page read and write
7FFF295A1000
unkown
page execute read
7FFF29664000
unkown
page readonly
2DC000
stack
page read and write
13D42845000
heap
page read and write
6E0000
heap
page read and write
1F0000
heap
page read and write
7FFF29471000
unkown
page execute read
7FF614729000
unkown
page write copy
DF7493E000
stack
page read and write
AF0000
heap
page read and write
6E1000
unkown
page execute read
621000
heap
page read and write
21D9000
heap
page read and write
9A000
stack
page read and write
1B2C99E2000
heap
page read and write
AE0000
heap
page read and write
7FFF32E7A000
unkown
page readonly
1FBD9A40000
heap
page read and write
3A0000
direct allocation
page read and write
7FFF27318000
unkown
page readonly
2CD0000
heap
page read and write
3C4000
heap
page read and write
7FFF2973F000
unkown
page write copy
2A40000
heap
page read and write
31B8000
heap
page read and write
7FFF4151F000
unkown
page readonly
7FFF294F8000
unkown
page read and write
5EA000
heap
page read and write
31C000
stack
page read and write
7E0000
heap
page read and write
1FBD78A0000
heap
page read and write
314B000
heap
page read and write
7FFF414D0000
unkown
page readonly
13D43250000
unkown
page read and write
7C7000
heap
page read and write
7FFF29E53000
unkown
page readonly
4445000
heap
page read and write
8B0000
heap
page read and write
1FBD766E000
heap
page read and write
13D404B3000
heap
page read and write
7FFF41530000
unkown
page readonly
7FFF3C31E000
unkown
page write copy
3F0000
direct allocation
page read and write
7FFF32EDF000
unkown
page readonly
4B30000
unkown
page read and write
1DD3F460000
heap
page read and write
7FFF29603000
unkown
page readonly
7FF661950000
unkown
page readonly
1DD41845000
heap
page read and write
1FCE09E0000
heap
page read and write
89E000
stack
page read and write
13D427F5000
heap
page read and write
3C4000
heap
page read and write
4DB3000
trusted library allocation
page read and write
1B2C99B0000
heap
page read and write
7FF661989000
unkown
page read and write
7FFF29723000
unkown
page readonly
7FFF265B1000
unkown
page execute read
468D000
trusted library allocation
page read and write
2D69000
heap
page read and write
13D404B3000
heap
page read and write
7FFF3C459000
unkown
page read and write
35C000
stack
page read and write
7FFF295ED000
unkown
page read and write
7FFF32E73000
unkown
page readonly
DF74C7F000
stack
page read and write
7FFF29740000
unkown
page readonly
7FFF29848000
unkown
page readonly
7C0000
heap
page read and write
7FFF3C890000
unkown
page readonly
A9C4FD000
stack
page read and write
17C000
stack
page read and write
72E000
stack
page read and write
1FBD75C0000
heap
page read and write
67D000
heap
page read and write
7FFF2985F000
unkown
page write copy
619000
heap
page read and write
67C000
stack
page read and write
7FFF29549000
unkown
page readonly
7FFF32DDF000
unkown
page readonly
7FFF29690000
unkown
page readonly
7FFF3C46F000
unkown
page write copy
2A8000
unkown
page readonly
7FFF3C330000
unkown
page readonly
A67000
trusted library allocation
page read and write
2F9D000
heap
page read and write
7FFF296DF000
unkown
page read and write
7FFF29737000
unkown
page read and write
13D41E3A000
heap
page read and write
7FFF3C31D000
unkown
page read and write
13D427F3000
heap
page read and write
AFB000
heap
page read and write
3310000
heap
page read and write
7FFF3C513000
unkown
page readonly
7FFF2961D000
unkown
page read and write
7FFF295A0000
unkown
page readonly
7FFF29510000
unkown
page readonly
46E8000
trusted library allocation
page read and write
1DD3F40F000
heap
page read and write
4C61000
unkown
page read and write
6E4000
heap
page read and write
7FFF27640000
unkown
page read and write
306C000
heap
page read and write
2B7E000
stack
page read and write
7FFF41569000
unkown
page readonly
1DD41770000
heap
page read and write
9EE000
stack
page read and write
7FFF41579000
unkown
page read and write
7FFF3C450000
unkown
page readonly
7FFF2945B000
unkown
page read and write
7FFF41564000
unkown
page readonly
2D6B000
heap
page read and write
4CEB000
trusted library allocation
page read and write
7FFF2945D000
unkown
page read and write
7FFF3C310000
unkown
page readonly
3145000
heap
page read and write
1DD41845000
heap
page read and write
7FFF32E89000
unkown
page write copy
4B4E000
unkown
page read and write
7FFF32E70000
unkown
page readonly
2F14000
heap
page read and write
4196000
heap
page read and write
2F60000
heap
page read and write
13D4040B000
heap
page read and write
7FFF294FD000
unkown
page readonly
675000
heap
page read and write
13D40430000
heap
page read and write
81E000
stack
page read and write
7FFF415D3000
unkown
page readonly
516D000
unkown
page read and write
1FBD9B91000
heap
page read and write
7FFF3C550000
unkown
page read and write
AF9000
heap
page read and write
7FFF3C40D000
unkown
page read and write
7FFF29858000
unkown
page readonly
7FFF27640000
unkown
page read and write
13D404B0000
heap
page read and write
7FFF29660000
unkown
page readonly
7FFF3C3F0000
unkown
page readonly
4327000
heap
page read and write
1B2CBF85000
heap
page read and write
2F99000
heap
page read and write
3F9000
heap
page read and write
7FFF3C4B8000
unkown
page readonly
2E58000
heap
page read and write
7FFF2945D000
unkown
page read and write
2E50000
heap
page read and write
7FFF298BD000
unkown
page readonly
7FFF3C280000
unkown
page readonly
1FBDA5B8000
unkown
page read and write
1FBDA6A0000
unkown
page read and write
13D40680000
heap
page read and write
1FBD78A5000
heap
page read and write
1DD422C8000
unkown
page read and write
4CA0000
unkown
page read and write
9AE000
stack
page read and write
7FFF297F2000
unkown
page readonly
1DD3F412000
heap
page read and write
7FFF3C380000
unkown
page readonly
7FFF29856000
unkown
page read and write
7FFF32E6C000
unkown
page readonly
7FFF29631000
unkown
page execute read
1B2CBE53000
heap
page read and write
89614FD000
stack
page read and write
1B2C99BB000
heap
page read and write
A9C6FD000
stack
page read and write
2C80000
heap
page read and write
7FF614717000
unkown
page readonly
86E000
stack
page read and write
4B31000
unkown
page read and write
453F000
trusted library allocation
page read and write
4931000
heap
page read and write
7DE000
stack
page read and write
7FFF29E66000
unkown
page read and write
3067000
heap
page read and write
7FFF29679000
unkown
page read and write
9CF000
stack
page read and write
7FFF27657000
unkown
page readonly
3FB000
heap
page read and write
7FFF27643000
unkown
page read and write
1DD42016000
trusted library allocation
page read and write
A9C1AA000
stack
page read and write
4E0E000
trusted library allocation
page read and write
1DD3F270000
heap
page read and write
7FFF415E4000
unkown
page read and write
3018000
trusted library allocation
page read and write
4B38000
unkown
page read and write
8DF000
stack
page read and write
6E4000
heap
page read and write
7FFF3C320000
unkown
page read and write
7FFF32D70000
unkown
page readonly
7AE000
stack
page read and write
7FFF41504000
unkown
page readonly
7FFF294DC000
unkown
page readonly
614000
heap
page read and write
7FF798A07000
unkown
page readonly
7FFF32E88000
unkown
page read and write
5E0000
heap
page read and write
1FCE0930000
heap
page read and write
4551000
trusted library allocation
page read and write
1DD41C34000
heap
page read and write
2F14000
heap
page read and write
7FFF3C449000
unkown
page readonly
7FFF27640000
unkown
page read and write
7FFF32EE9000
unkown
page read and write
7FFF415CD000
unkown
page readonly
1DD3F5DB000
heap
page read and write
7FFF3C369000
unkown
page read and write
4A51000
heap
page read and write
4B33000
unkown
page read and write
8B7000
heap
page read and write
6E4000
heap
page read and write
5260000
unkown
page read and write
2AB000
unkown
page write copy
7FFF3C480000
unkown
page readonly
1FCE0A10000
heap
page read and write
7FFF296D9000
unkown
page read and write
931000
unkown
page execute read
7FFF32ED9000
unkown
page readonly
7FFF3C2A0000
unkown
page readonly
1DD3F38E000
heap
page read and write
7FFF29640000
unkown
page readonly
7E4000
heap
page read and write
1FBD9960000
heap
page read and write
3D0000
heap
page read and write
1DD3F360000
heap
page read and write
2F14000
heap
page read and write
7FFF3C4E1000
unkown
page readonly
7FFF29E64000
unkown
page read and write
1A54AFA000
stack
page read and write
840000
heap
page read and write
7FFF265B0000
unkown
page readonly
7FFF41513000
unkown
page readonly
7FFF29622000
unkown
page readonly
4AD1000
unkown
page read and write
7CC000
heap
page read and write
1DD422B0000
unkown
page read and write
1B2CBF93000
heap
page read and write
7FFF298B9000
unkown
page read and write
1FBD9C6A000
heap
page read and write
7FFF29574000
unkown
page readonly
A08000
unkown
page execute read
7FFF3C4CE000
unkown
page read and write
2F10000
heap
page read and write
6B8000
unkown
page execute read
1A54CFD000
stack
page read and write
7FFF2764E000
unkown
page read and write
7FFF414E0000
unkown
page readonly
63C000
stack
page read and write
7FF6146F0000
unkown
page readonly
7FFF32E00000
unkown
page readonly
7FFF297F6000
unkown
page read and write
7FFF29788000
unkown
page readonly
401000
unkown
page execute read
1FBD9A60000
heap
page read and write
DF748BC000
stack
page read and write
1DD3F412000
heap
page read and write
7FFF32ED4000
unkown
page readonly
7FF798A19000
unkown
page write copy
7FFF29741000
unkown
page execute read
7FFF3C4EF000
unkown
page read and write
7FFF29620000
unkown
page read and write
271000
unkown
page execute read
7FFF3C309000
unkown
page write copy
A31000
unkown
page execute read
7FFF32DED000
unkown
page read and write
7FFF29854000
unkown
page readonly
3C4000
heap
page read and write
7FFF29E65000
unkown
page write copy
1B2CBEA5000
heap
page read and write
3C0000
heap
page read and write
7FFF41518000
unkown
page readonly
5160000
unkown
page read and write
7FFF3C3E3000
unkown
page readonly
21C0000
heap
page read and write
67B000
heap
page read and write
7FFF29570000
unkown
page readonly
2D65000
heap
page read and write
7FFF415E5000
unkown
page write copy
1FBD9C78000
heap
page read and write
380000
heap
page read and write
A3C000
stack
page read and write
89612FA000
stack
page read and write
5AC000
stack
page read and write
7E4000
heap
page read and write
7FFF3C544000
unkown
page readonly
7FFF3C360000
unkown
page readonly
8FD000
stack
page read and write
7FFF41510000
unkown
page readonly
97F000
unkown
page write copy
7FFF3C51F000
unkown
page readonly
7FFF3C4D0000
unkown
page read and write
1FCE09E5000
heap
page read and write
7E4000
heap
page read and write
1FBD9B33000
heap
page read and write
7FF661989000
unkown
page read and write
7FFF3C308000
unkown
page read and write
49DF000
unkown
page read and write
7FFF29691000
unkown
page execute read
7FFF293E0000
unkown
page readonly
7FFF32EEC000
unkown
page write copy
AE0000
heap
page read and write
7FFF296C9000
unkown
page readonly
7FFF298B9000
unkown
page read and write
7FFF2978E000
unkown
page read and write
B40000
unkown
page read and write
7FFF3C370000
unkown
page readonly
6E0000
heap
page read and write
6EB000
unkown
page write copy
3C4000
heap
page read and write
1FBD75CD000
heap
page read and write
7FFF27642000
unkown
page write copy
1B2C9BF0000
heap
page read and write
7FFF2983D000
unkown
page readonly
452A000
heap
page read and write
7FFF29800000
unkown
page readonly
47A9000
direct allocation
page read and write
13D40619000
heap
page read and write
21D5000
heap
page read and write
848000
heap
page read and write
1B2C9BFB000
heap
page read and write
4680000
direct allocation
page read and write
B6E000
stack
page read and write
1FBD75F2000
heap
page read and write
7FFF3C8D4000
unkown
page readonly
13D40400000
heap
page read and write
7FFF41527000
unkown
page read and write
611000
heap
page read and write
13D42A5A000
heap
page read and write
2F90000
heap
page read and write
7FFF27643000
unkown
page read and write
1FBD9B8D000
heap
page read and write
7FFF2945C000
unkown
page write copy
7FFF29740000
unkown
page read and write
6E0000
heap
page read and write
7FFF2958D000
unkown
page read and write
618000
heap
page read and write
13D404B3000
heap
page read and write
1FBD9DAC000
heap
page read and write
7E4000
heap
page read and write
3C4000
heap
page read and write
5FD000
heap
page read and write
1DD3F5D7000
heap
page read and write
7FFF29634000
unkown
page readonly
7FFF296D1000
unkown
page readonly
7FFF3C400000
unkown
page read and write
13D40685000
heap
page read and write
7FFF29639000
unkown
page readonly
A01000
unkown
page execute read
7FFF3C401000
unkown
page readonly
7FFF415DA000
unkown
page readonly
7FFF29870000
unkown
page readonly
1FBD9088000
heap
page read and write
7FFF3C359000
unkown
page readonly
A1E000
trusted library allocation
page read and write
DF749BE000
stack
page read and write
7FFF41519000
unkown
page read and write
7FFF2961E000
unkown
page write copy
7FFF415E6000
unkown
page read and write
1DD41ABC000
heap
page read and write
7FFF27648000
unkown
page read and write
7FFF29649000
unkown
page read and write
7FFF297EA000
unkown
page readonly
1FBD7612000
heap
page read and write
7FFF32DD2000
unkown
page readonly
1B2C9A14000
heap
page read and write
7FFF29510000
unkown
page readonly
6E4000
heap
page read and write
7FFF3C2FA000
unkown
page readonly
5261000
unkown
page read and write
2C7F000
stack
page read and write
7FF7989E1000
unkown
page execute read
A00000
heap
page read and write
7FFF3C500000
unkown
page readonly
314D000
heap
page read and write
7FFF3C303000
unkown
page readonly
44F6000
trusted library allocation
page read and write
7FFF297F4000
unkown
page read and write
7FFF41509000
unkown
page readonly
1DD41977000
heap
page read and write
7FFF296F1000
unkown
page execute read
7FFF29E10000
unkown
page readonly
7FFF3C8C8000
unkown
page readonly
7FFF29550000
unkown
page readonly
4C60000
unkown
page read and write
7E4000
heap
page read and write
670000
heap
page read and write
7FFF29559000
unkown
page read and write
3C4000
heap
page read and write
1DD420B0000
unkown
page read and write
13D4305F000
unkown
page read and write
1DD41845000
heap
page read and write
7FFF32EA0000
unkown
page readonly
9F27FD000
stack
page read and write
7FFF27318000
unkown
page readonly
6EC000
heap
page read and write
540000
heap
page read and write
7FFF294F9000
unkown
page write copy
1DD41A3E000
heap
page read and write
7FFF3C4EE000
unkown
page write copy
3C0000
heap
page read and write
1DD420A7000
trusted library allocation
page read and write
1B2CBD5D000
heap
page read and write
7FF614717000
unkown
page readonly
7FFF29854000
unkown
page read and write
7FFF296DE000
unkown
page write copy
7FFF2978F000
unkown
page readonly
3E0000
direct allocation
page read and write
89613FD000
stack
page read and write
7FFF3C54E000
unkown
page read and write
82E000
stack
page read and write
89615FD000
stack
page read and write
7FFF3C3F4000
unkown
page readonly
1FBD75C7000
heap
page read and write
2F95000
heap
page read and write
1DD419CD000
heap
page read and write
7FFF296F0000
unkown
page readonly
96E000
stack
page read and write
13D427F5000
heap
page read and write
7FFF3C470000
unkown
page read and write
7FFF32EE0000
unkown
page readonly
1B2C9A0E000
heap
page read and write
13C000
stack
page read and write
9F28FD000
stack
page read and write
7FFF298C1000
unkown
page readonly
4885000
trusted library allocation
page read and write
1FBDA3AC000
unkown
page read and write
1DD3F5D0000
heap
page read and write
60A000
heap
page read and write
6E4000
heap
page read and write
5DE000
stack
page read and write
1B2C9BF5000
heap
page read and write
61B000
heap
page read and write
7FFF297F7000
unkown
page readonly
7E4000
heap
page read and write
7FFF295F0000
unkown
page read and write
7FFF29750000
unkown
page readonly
601000
heap
page read and write
7FFF3C46E000
unkown
page read and write
1DD4246A000
unkown
page read and write
7FFF296DD000
unkown
page read and write
1FCE0830000
heap
page read and write
1DD41845000
heap
page read and write
7FFF3C3FE000
unkown
page write copy
7FFF27654000
unkown
page read and write
7E4000
heap
page read and write
2F5E000
stack
page read and write
7FFF29871000
unkown
page execute read
7FFF29511000
unkown
page execute read
3F7000
heap
page read and write
9D0000
heap
page read and write
7FFF29790000
unkown
page read and write
527C000
unkown
page read and write
7FFF3C538000
unkown
page readonly
13D4061D000
heap
page read and write
7FFF32ED2000
unkown
page readonly
1DD422B1000
unkown
page read and write
7FFF2958E000
unkown
page write copy
7FF661982000
unkown
page readonly
13D40407000
heap
page read and write
13D40320000
heap
page read and write
278000
unkown
page execute read
2BBE000
stack
page read and write
7FFF296E1000
unkown
page readonly
1DD3F368000
heap
page read and write
481E000
direct allocation
page read and write
1DD420BD000
unkown
page read and write
400000
unkown
page readonly
7FFF3C2F3000
unkown
page readonly
606000
heap
page read and write
13D4305A000
unkown
page read and write
860000
heap
page read and write
616000
heap
page read and write
19C000
stack
page read and write
13D42720000
heap
page read and write
8FF000
stack
page read and write
7FFF295EE000
unkown
page write copy
AF7000
heap
page read and write
4B31000
unkown
page read and write
1B2CBE55000
heap
page read and write
7FF798A1D000
unkown
page readonly
1B2CC6B2000
unkown
page read and write
1DD3F3C5000
heap
page read and write
1B2C9980000
heap
page read and write
7FFF2764E000
unkown
page read and write
7FFF297D8000
unkown
page readonly
7FFF2978F000
unkown
page write copy
13D4068B000
heap
page read and write
7FFF293E1000
unkown
page execute read
7FFF3C4CF000
unkown
page write copy
7FF661977000
unkown
page readonly
2F9B000
heap
page read and write
6B1000
unkown
page execute read
2D6D000
heap
page read and write
2F14000
heap
page read and write
7FFF29810000
unkown
page readonly
7FFF27648000
unkown
page read and write
1DD40D8E000
heap
page read and write
608000
heap
page read and write
31C000
stack
page read and write
77C000
stack
page read and write
7FFF32EED000
unkown
page read and write
21C4000
heap
page read and write
5268000
unkown
page read and write
4C7C000
unkown
page read and write
7FFF3C4ED000
unkown
page read and write
1FBDA5A0000
unkown
page read and write
7FFF27643000
unkown
page read and write
4220000
trusted library allocation
page read and write
1B2C99B7000
heap
page read and write
7FFF3C364000
unkown
page readonly
1B2C9A62000
heap
page read and write
4AD8000
unkown
page read and write
7FFF297A1000
unkown
page execute read
7FFF32DEB000
unkown
page read and write
1FBD9A39000
heap
page read and write
13D427F8000
heap
page read and write
13D40240000
heap
page read and write
7FFF3C518000
unkown
page readonly
7FFF29630000
unkown
page readonly
4AEE000
unkown
page read and write
1DD4174F000
heap
page read and write
7FFF29460000
unkown
page readonly
1DD423B1000
unkown
page read and write
4A31000
unkown
page read and write
7FFF297DD000
unkown
page readonly
7FFF29592000
unkown
page readonly
1DD41845000
heap
page read and write
A9C5FD000
stack
page read and write
7FFF41570000
unkown
page readonly
2FF0000
heap
page read and write
4AD1000
unkown
page read and write
A6F000
stack
page read and write
1FBD78AB000
heap
page read and write
7FFF29E5A000
unkown
page readonly
7FFF29783000
unkown
page readonly
1B2C9A04000
heap
page read and write
7FF661977000
unkown
page readonly
7FFF297F5000
unkown
page write copy
96B000
unkown
page write copy
7FFF2967D000
unkown
page readonly
7FFF27648000
unkown
page read and write
7FFF275E9000
unkown
page write copy
85E000
stack
page read and write
7FFF2973B000
unkown
page readonly
21E0000
trusted library allocation
page read and write
9DF000
stack
page read and write
7FFF3C527000
unkown
page read and write
7FFF3C354000
unkown
page readonly
2FC0000
direct allocation
page read and write
A3B000
unkown
page write copy
7FFF298A4000
unkown
page readonly
6E4000
heap
page read and write
9F29FD000
stack
page read and write
7FFF29801000
unkown
page execute read
13D42847000
heap
page read and write
2F14000
heap
page read and write
1B2C9A66000
heap
page read and write
7FFF296C4000
unkown
page readonly
614000
heap
page read and write
8F0000
heap
page read and write
2A1000
unkown
page execute read
4C90000
trusted library allocation
page read and write
7FFF27654000
unkown
page read and write
7FFF29442000
unkown
page readonly
1FBDA3AF000
unkown
page read and write
1DD41848000
heap
page read and write
1B2C9B50000
heap
page read and write
7FFF3C470000
unkown
page readonly
7FFF2958F000
unkown
page read and write
1DD3F520000
heap
page read and write
7FFF2764E000
unkown
page read and write
7FFF297EF000
unkown
page write copy
6E7000
heap
page read and write
7FFF3C54F000
unkown
page write copy
1B2C98A0000
heap
page read and write
7FFF2985E000
unkown
page read and write
7FFF27648000
unkown
page read and write
390000
heap
page read and write
7FF798A07000
unkown
page readonly
7FFF29628000
unkown
page readonly
AD7000
trusted library allocation
page read and write
7FFF27640000
unkown
page read and write
1DD423FA000
unkown
page read and write
52E000
stack
page read and write
550000
heap
page read and write
13D42930000
heap
page read and write
7FFF296DD000
unkown
page readonly
7FFF32DEC000
unkown
page write copy
3060000
heap
page read and write
7FFF295E0000
unkown
page readonly
7FFF297A0000
unkown
page readonly
13D42825000
heap
page read and write
7FFF3C4E0000
unkown
page readonly
1FBD7880000
heap
page read and write
2F14000
heap
page read and write
7D0000
direct allocation
page read and write
7FFF2764E000
unkown
page read and write
7FFF29E4D000
unkown
page readonly
2CBE000
stack
page read and write
1FCE0A19000
heap
page read and write
7FFF3C369000
unkown
page readonly
8BC000
heap
page read and write
76E000
stack
page read and write
7FFF3C8DF000
unkown
page write copy
1A54DFD000
stack
page read and write
3140000
heap
page read and write
1B2C9A22000
heap
page read and write
7FFF29544000
unkown
page readonly
968000
unkown
page readonly
604000
heap
page read and write
1B2CC8C8000
unkown
page read and write
7FFF3C4D4000
unkown
page readonly
2A30000
heap
page read and write
There are 742 hidden memdumps, click here to show them.