IOC Report
eset_internet_security_live_installer.exe

loading gif

Files

File Path
Type
Category
Malicious
eset_internet_security_live_installer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\BootHelper.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\NSF7F6B.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\NSF7F6C.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\NSF7F7C.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\NSF7F8D.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\NSF7F8E.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\NSF7FAF.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\NSF7FE0.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\NSF8001.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\NSF8013.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\NSF8141.tmp
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\.erm\epi-base.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\NOTICE_mod
ASCII text, with very long lines (460), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\acstest.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\eguiActivation.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\eguiActivationLang.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\em000_32\1113\em000_32.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\em000_32_l0.dll.nup
data
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\em024_32\1157\em024_32.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\em024_32_l0.dll.nup
data
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\em024_32_l1.dll.nup
data
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\em024_32_l2.dll.nup
data
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\em045_32\1091\em045_32.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\em045_32_l0.dll.nup
data
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\eset_internet_security_live_installer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\plgInstaller.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\sciter-x.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\temp40DCA6E3\NUP7FAE.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\temp40DCA6E3\NUP7FDF.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\temp40DCA6E3\NUP8000.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\temp40DCA6E3\NUP8012.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\temp40DCA6E3\NUP8014.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\temp40DCA6E3\NUP8063.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\temp40DCA6E3\NUP80D2.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\temp40DCA6E3\NUP8140.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\temp40DCA6E3\NUP8190.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\updater.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\eset\bts\bootstrapper_20240828135126.log
ASCII text, with CRLF line terminators
dropped
There are 29 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\BootHelper.exe
"C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\BootHelper.exe" --watchdog 7480 --product "ESET Live Installer" 17.2.1.0 1033
malicious
C:\Users\user\Desktop\eset_internet_security_live_installer.exe
"C:\Users\user\Desktop\eset_internet_security_live_installer.exe"
C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\eset_internet_security_live_installer.exe
"C:\Users\user\AppData\Local\Temp\eset\bts.session\d028ee84-001d-4453-90e8-72914dba41c5\eset_internet_security_live_installer.exe" --bts-container 7428 "C:\Users\user\Desktop\eset_internet_security_live_installer.exe"

URLs

Name
IP
Malicious
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.2.13.0/ehs_nt64.msieula
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.0.26.0/ehs_nt64.msieula
unknown
http://repositorynocdn.eset.com/v1/com/eset/apps/home/security/windows/metadata3.default
91.228.166.23
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.0.16.0/ehs_nt64.msi.eula)
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.0.26.0/ehs_nt64.msi.eulav
unknown
http://repository.eset.com/v18
unknown
http://pki.eset.comDisplayNameDerData.
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v15/15.2.17.0/ehs_nt64.msi.eula
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.0.26.0/ehs_nt64.msi
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.1.11.0/ehs_nt64.msi
unknown
http://repository.eset.com/v1s_com.eset.eulas.product.lg.ehswcom.eset.eulas.product.lg.ehswcom.eset.
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v12/12.2.31.0/ehs_nt64.msi
unknown
http://repository.eset.com/v1/
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v15/15.2.17.0/ehs_nt64.msi.eula=
unknown
https://go.eset.com/beta_$
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.1.11.0/ehs_nt64.msieulaR
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.2.13.0/ehs_nt64.msi
unknown
https://go.eset.comlatest$
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.1.14.0/ehs_nt64.msi.eula
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.0.26.0/ehs_nt64.msi.eula
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.1.13.0/ehs_nt64.msieulaR
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.1.13.0/ehs_nt64.msi.eula~
unknown
https://curl.se/docs/hsts.html
unknown
http://pugixml.org).
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.2.8.0/ehs_nt64.msi0
unknown
http://repository.eset.com/v1_ncom.eset.eulas.product.lg.ehswcom.eset.eulas.product.lg.ehsw
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v15/15.2.17.0/ehs_nt64.msi.eulaN
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v15/15.2.17.0/ehs_nt64.msi.eulahtt
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.0.24.0/ehs_nt64.msi.eula
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.2.13.0/ehs_nt64.msi.eula
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/metadata3
91.228.166.23
http://repository.eset.com/v1
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v12/12.2.31.0/ehs_nt64.msiula_FR
unknown
http://www.entrust.net/rpa0
unknown
http://pki.eset.com/crl/tsca2020.crl0?
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v12/12.2.31.0/ehs_nt64.msin_US
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.2.7.0/ehs_nt64.msi.eulaR
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.2.8.0/ehs_nt64.msieulaR
unknown
https://go.eset.com/wsta-referral?action=%s&code=%s&lng=%drefer1.svgreferalrefer3.svgrefer2.svgshowH
unknown
http://pki.eset.com/crt/rootca20
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.0.16.0/ehs_nt64.msieulaR
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.2.7.0/ehs_nt64.msi.eula
unknown
http://repository.eset.com/v1ehs_
unknown
http://repository.eset.com/v1_com.eset.eulas.product.lg.ehswcom.eset.eulas.product.lg.ehswcom.eset.e
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.2.8.0/ehs_nt64.msi
unknown
https://go.eset.com/enroll_qr?lng=&task_type=1469803Cactivation_wizard.ds.generated_qr.svghttps://go
unknown
http://www.winimage.com/zLibDll1.2.8
unknown
http://www.eset.com/ecp
unknown
https://www.apache.org/licenses/
unknown
http://pki.eset.com/crl/rootca2
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.1.13.0/ehs_nt64.msieula
unknown
https://curl.se/docs/alt-svc.html
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.0.15.0/ehs_nt64.msiula_FR
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.1.11.0/ehs_nt64.msi.eula
unknown
http://repository.eset.com/v1_n
unknown
http://repository.eset.com/v1com.eset.eulas.product.lg.ehsws_
unknown
http://repositorynocdn.eset.com/v1/com/eset/apps/home/security/windows/metadata3.defaultT
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.2.8.0/ehs_nt64.msi.eulaR
unknown
http://repository.eset.com/v1com.eset.eulas.product.lg.ehswcom.eset.eulas.product.lg.ehsws_com.eset.
unknown
http://repository.eset.com/prerelease/v1/http://repository.eset.com/v1/linuxother_linuxmetadata3REP
unknown
http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.2.15.0/ehs_nt64.msieulaR
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.0.15.0/ehs_nt64.msieulaR
unknown
http://repository.eset.com/v1com.eset.eulas.product.lg.ehswcom.eset.eulas.product.lg.ehsw
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.1.14.0/ehs_nt64.msi
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.0.15.0/ehs_nt64.msi
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.0.26.0/ehs_nt64.msi.eulaqrs
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.1.14.0/ehs_nt64.msieulaR
unknown
http://terrainformatica.com
unknown
http://www.eset.com/download$
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.1.11.0/ehs_nt64.msieula
unknown
https://help.eset.com$
unknown
http://www.eset.com/2012/02/ecpcodemessageecp:responseinvalid
unknown
http://repository.eset.com/v1bts.feature.repository.enabled
unknown
http://repository.eset.com/v1hs_n
unknown
http://pki.eset.com/crl/rootca2020.crl0?
unknown
http://repository.eset.com/v1com.eset.eulas.product.lg.ehswcom.eset.eulas.product.lg.ehsws_
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v12/12.2.31.0/ehs_nt64.msiula
unknown
http://terrainformatica.com/forums/topic.php?id=1772
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.2.13.0/ehs_nt64.msi.eulaY
unknown
http://www.inkscape.org/namespaces/inkscape
unknown
http://repository.eset.com/v1com.eset.eulas.product.lg.ehsw_Ucom.eset.eulas.product.lg.ehsws_com.ese
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.1.13.0/ehs_nt64.msi.eula1
unknown
https://www.entrust.net/rpa0
unknown
http://repository.eset.com/v1com.eset.eulas.product.lg.ehswcom.eset.eulas.product.lg.ehswcom.eset.eu
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.0.24.0/ehs_nt64.msi.eula)
unknown
http://pki.eset.com/crt/csca2020.crt05
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.1.11.0/ehs_nt64.msiseverity
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.2.15.0/ehs_nt64.msieula
unknown
http://www.eset.com/2012/02/ecp
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v17/17.2.8.0/ehs_nt64.msi.eulahttp
unknown
http://ocsp.entrust.net05
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v12/12.2.31.0/ehs_nt64.msi.eulaO
unknown
http://pki.eset.com/crt/tsca2020.crt0
unknown
http://pki.eset.com/csp0
unknown
http://pki.eset.comipm.eset.com.
unknown
http://www.ibsensoftware.com/
unknown
http://ocsp.entrust.net00
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.0.26.0/ehs_nt64.msiula
unknown
http://repository.eset.com/v1/com/eset/apps/home/security/windows/v16/16.0.24.0/ehs_nt64.msi
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
repositorynocdn.eset.com
unknown
 malicious
18.31.95.13.in-addr.arpa
unknown
 malicious
repository.eset.com
unknown
 malicious
iploc.eset.com
unknown
 malicious
nocdn-repository.gtm.eset.com
91.228.166.23
repository.gtm.eset.com
91.228.166.23

IPs

IP
Domain
Country
Malicious
91.228.166.23
nocdn-repository.gtm.eset.com
Slovakia (SLOVAK Republic)
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ESET\ESET Security\CurrentVersion\Plugins\01000400\settings
LastUpdateCertTimestamp

Memdumps

Base Address
Regiontype
Protect
Malicious
17000000
heap
page read and write
42E000
stack
page read and write
26A0000
heap
page read and write
2CC2000
heap
page read and write
62BC000
heap
page read and write
16E38000
heap
page read and write
170FF000
heap
page read and write
64A7000
heap
page read and write
2CCD000
heap
page read and write
17EFD000
heap
page read and write
16F85000
heap
page read and write
5D00000
heap
page read and write
6B8DD000
unkown
page readonly
16FB5000
heap
page read and write
43A000
stack
page read and write
6C595000
unkown
page readonly
318C000
stack
page read and write
2C9B000
heap
page read and write
60CD000
stack
page read and write
17403000
heap
page read and write
6274000
stack
page read and write
17FDC000
heap
page read and write
2C9B000
heap
page read and write
690000
heap
page read and write
171B1000
heap
page read and write
6000000
heap
page read and write
3442000
heap
page read and write
16FB8000
heap
page read and write
2C6C000
heap
page read and write
6A00000
heap
page read and write
17EF3000
heap
page read and write
2C6C000
heap
page read and write
17042000
heap
page read and write
2C6C000
heap
page read and write
2C7B000
heap
page read and write
5E00000
heap
page read and write
17FAD000
heap
page read and write
2C83000
heap
page read and write
2C9B000
heap
page read and write
64BD000
heap
page read and write
6C8D1000
unkown
page read and write
2CAD000
heap
page read and write
2CB6000
heap
page read and write
5ABF000
stack
page read and write
17EE7000
heap
page read and write
6400000
heap
page read and write
1740F000
heap
page read and write
1756C000
heap
page read and write
2C00000
heap
page read and write
17417000
heap
page read and write
16E6A000
heap
page read and write
66A000
unkown
page write copy
17501000
heap
page read and write
3506000
heap
page read and write
2C99000
heap
page read and write
587E000
stack
page read and write
2C9B000
heap
page read and write
2C96000
heap
page read and write
33B000
stack
page read and write
6C387000
unkown
page write copy
57F3000
heap
page read and write
2C74000
heap
page read and write
17EC2000
heap
page read and write
6C8D3000
unkown
page read and write
2C86000
heap
page read and write
2CF9000
heap
page read and write
2C9C000
heap
page read and write
2CA4000
heap
page read and write
5770000
heap
page read and write
16E1E000
heap
page read and write
16E00000
heap
page read and write
3202000
heap
page read and write
17E63000
heap
page read and write
2D01000
heap
page read and write
6B8E3000
unkown
page readonly
5776000
heap
page read and write
17600000
heap
page read and write
2C87000
heap
page read and write
6C8DE000
unkown
page readonly
171F0000
heap
page read and write
2CCA000
heap
page read and write
16C2A000
heap
page read and write
16D12000
heap
page read and write
18000000
heap
page read and write
2C96000
heap
page read and write
17434000
heap
page read and write
2C6C000
heap
page read and write
6C592000
unkown
page readonly
5770000
heap
page read and write
6C5F1000
unkown
page execute read
2C7A000
heap
page read and write
5901000
heap
page read and write
6C00000
heap
page read and write
17C00000
heap
page read and write
603B000
stack
page read and write
2C76000
heap
page read and write
1763E000
stack
page read and write
6FFE000
heap
page read and write
2CB3000
heap
page read and write
6100000
heap
page read and write
630E000
stack
page read and write
2C9B000
heap
page read and write
16DC0000
heap
page read and write
2802000
heap
page read and write
173C0000
remote allocation
page read and write
657F000
heap
page read and write
2E3D000
stack
page read and write
17500000
heap
page read and write
643A000
heap
page read and write
6B8C1000
unkown
page execute read
3494000
heap
page read and write
342D000
heap
page read and write
2C7D000
heap
page read and write
17EF5000
heap
page read and write
170E6000
heap
page read and write
5900000
heap
page read and write
2C4E000
heap
page read and write
2C9B000
heap
page read and write
6B767000
unkown
page write copy
3C0000
unkown
page readonly
17C00000
heap
page read and write
2C7D000
heap
page read and write
6C8D0000
unkown
page write copy
2C7E000
heap
page read and write
2C84000
heap
page read and write
2C31000
heap
page read and write
2CB7000
heap
page read and write
702000
unkown
page readonly
470000
unkown
page readonly
27E0000
heap
page read and write
6C190000
unkown
page readonly
2CBC000
heap
page read and write
2A00000
heap
page read and write
50EB000
stack
page read and write
17F27000
heap
page read and write
471000
unkown
page execute read
2C9B000
heap
page read and write
26F0000
heap
page read and write
2C9B000
heap
page read and write
2CAD000
heap
page read and write
2CB6000
heap
page read and write
17EA5000
heap
page read and write
2C60000
heap
page read and write
5612000
heap
page read and write
3C1000
unkown
page execute read
5A00000
heap
page read and write
702000
unkown
page readonly
2C6F000
heap
page read and write
471000
unkown
page execute read
2C50000
heap
page read and write
2CBC000
heap
page read and write
17FA5000
heap
page read and write
6C8CF000
unkown
page read and write
6600000
heap
page read and write
17E94000
heap
page read and write
16C00000
heap
page read and write
3471000
heap
page read and write
562C000
heap
page read and write
17C3D000
heap
page read and write
173C0000
remote allocation
page read and write
3422000
heap
page read and write
6C191000
unkown
page execute read
17FD1000
heap
page read and write
3428000
heap
page read and write
2F3E000
stack
page read and write
577C000
heap
page read and write
2C54000
heap
page read and write
17EF9000
heap
page read and write
6493000
heap
page read and write
17ED3000
heap
page read and write
854F000
stack
page read and write
2C8C000
heap
page read and write
17800000
heap
page read and write
40B000
unkown
page readonly
6B678000
unkown
page readonly
61CE000
stack
page read and write
2CC5000
heap
page read and write
25B0000
heap
page read and write
578E000
heap
page read and write
6A0000
heap
page read and write
2C5F000
heap
page read and write
634E000
stack
page read and write
16600000
heap
page read and write
2C62000
heap
page read and write
6624000
direct allocation
page read and write
3421000
heap
page read and write
1758C000
heap
page read and write
6B3E0000
unkown
page readonly
664000
unkown
page read and write
57B2000
heap
page read and write
6B766000
unkown
page read and write
3E8000
stack
page read and write
17C00000
heap
page read and write
3432000
heap
page read and write
5E12000
heap
page read and write
2C5E000
heap
page read and write
6C8CE000
unkown
page write copy
6B8C0000
unkown
page readonly
2A00000
heap
page read and write
16FC3000
heap
page read and write
6B0000
unkown
page readonly
2C4E000
heap
page read and write
2C4F000
heap
page read and write
5700000
heap
page read and write
2C78000
heap
page read and write
17083000
heap
page read and write
16B3E000
stack
page read and write
2C58000
heap
page read and write
346D000
heap
page read and write
2C8B000
heap
page read and write
17420000
heap
page read and write
17C00000
heap
page read and write
17C00000
heap
page read and write
5F01000
heap
page read and write
3452000
heap
page read and write
17512000
heap
page read and write
1718F000
heap
page read and write
2C4F000
heap
page read and write
174AD000
heap
page read and write
51F0000
heap
page read and write
2C97000
heap
page read and write
6B3A000
heap
page read and write
5DFE000
stack
page read and write
2C6B000
heap
page read and write
2C51000
heap
page read and write
6C852000
unkown
page readonly
2C5E000
heap
page read and write
3C0000
unkown
page readonly
17187000
heap
page read and write
257D000
stack
page read and write
5540000
heap
page read and write
6C38F000
unkown
page readonly
6B1000
unkown
page execute read
6B1A0000
unkown
page readonly
6B3D7000
unkown
page read and write
2C8B000
heap
page read and write
17F23000
heap
page read and write
17C6E000
heap
page read and write
2C77000
heap
page read and write
41C000
unkown
page readonly
6C332000
unkown
page readonly
17424000
heap
page read and write
5800000
heap
page read and write
59BC000
stack
page read and write
2C8F000
heap
page read and write
18036000
heap
page read and write
2C73000
heap
page read and write
2C85000
heap
page read and write
6471000
heap
page read and write
6B76A000
unkown
page read and write
613E000
stack
page read and write
64E0000
heap
page read and write
2C7E000
heap
page read and write
17425000
heap
page read and write
64EB000
heap
page read and write
41A000
unkown
page read and write
41C000
unkown
page readonly
5E01000
heap
page read and write
62B8000
heap
page read and write
2C92000
heap
page read and write
170E6000
heap
page read and write
175C6000
heap
page read and write
16FCE000
heap
page read and write
6B1A1000
unkown
page execute read
2A13000
heap
page read and write
714000
unkown
page write copy
470000
unkown
page readonly
51ED000
stack
page read and write
2C83000
heap
page read and write
2C12000
heap
page read and write
16F38000
heap
page read and write
64D6000
heap
page read and write
6B76D000
unkown
page readonly
1740D000
heap
page read and write
16FAD000
heap
page read and write
1752B000
heap
page read and write
1740B000
heap
page read and write
174CE000
heap
page read and write
16F53000
heap
page read and write
247C000
stack
page read and write
2C00000
heap
page read and write
1773F000
stack
page read and write
6B3D8000
unkown
page readonly
171FC000
heap
page read and write
64F7000
heap
page read and write
17EF1000
heap
page read and write
2CE0000
heap
page read and write
171EC000
heap
page read and write
63ED000
stack
page read and write
174F6000
heap
page read and write
57F1000
heap
page read and write
2C9B000
heap
page read and write
2C7C000
heap
page read and write
17500000
heap
page read and write
17C00000
heap
page read and write
2C7F000
heap
page read and write
6C8CD000
unkown
page read and write
31D0000
heap
page read and write
6B3E1000
unkown
page execute read
66B000
unkown
page readonly
2C43000
heap
page read and write
5212000
heap
page read and write
2CB1000
heap
page read and write
16EC0000
heap
page read and write
17FB1000
heap
page read and write
17E53000
heap
page read and write
2C79000
heap
page read and write
17CC7000
heap
page read and write
17423000
heap
page read and write
2CB7000
heap
page read and write
E620000
direct allocation
page read and write
2C75000
heap
page read and write
2CCF000
heap
page read and write
17F83000
heap
page read and write
3492000
heap
page read and write
717000
unkown
page readonly
2C9B000
heap
page read and write
17430000
heap
page read and write
7002000
heap
page read and write
3412000
heap
page read and write
2C8E000
heap
page read and write
3496000
heap
page read and write
17400000
heap
page read and write
1742D000
heap
page read and write
17C16000
heap
page read and write
5791000
heap
page read and write
66A000
unkown
page readonly
2C80000
heap
page read and write
3500000
heap
page read and write
2C79000
heap
page read and write
17EDF000
heap
page read and write
2C81000
heap
page read and write
5800000
heap
page read and write
5301000
heap
page read and write
173C0000
remote allocation
page read and write
3400000
heap
page read and write
17EAD000
heap
page read and write
2CC0000
heap
page read and write
17186000
heap
page read and write
17401000
heap
page read and write
2D12000
heap
page read and write
2C9B000
heap
page read and write
3200000
heap
page read and write
17E00000
heap
page read and write
17800000
heap
page read and write
17411000
heap
page read and write
344F000
heap
page read and write
5900000
heap
page read and write
26C0000
heap
page read and write
17185000
heap
page read and write
17F42000
heap
page read and write
6C8D2000
unkown
page write copy
17FE0000
heap
page read and write
55CE000
stack
page read and write
170C4000
heap
page read and write
16A3E000
stack
page read and write
2CBC000
heap
page read and write
2CBE000
heap
page read and write
16E97000
heap
page read and write
2C2C000
heap
page read and write
2CA4000
heap
page read and write
6B3C6000
unkown
page readonly
6100000
heap
page read and write
16EE3000
heap
page read and write
717000
unkown
page readonly
342A000
heap
page read and write
2C81000
heap
page read and write
4820000
unkown
page readonly
2C5A000
heap
page read and write
173AE000
stack
page read and write
597E000
stack
page read and write
668000
unkown
page read and write
17EEF000
heap
page read and write
620E000
stack
page read and write
3213000
heap
page read and write
6400000
heap
page read and write
5201000
heap
page read and write
3446000
heap
page read and write
2A27000
heap
page read and write
714000
unkown
page read and write
17F00000
heap
page read and write
2CCF000
heap
page read and write
666000
unkown
page write copy
3C1000
unkown
page execute read
5770000
heap
page read and write
2C83000
heap
page read and write
61A000
unkown
page readonly
2CBC000
heap
page read and write
6B8E2000
unkown
page read and write
670000
heap
page read and write
3512000
heap
page read and write
17FFA000
heap
page read and write
620000
heap
page read and write
2C81000
heap
page read and write
2A02000
heap
page read and write
61A000
unkown
page readonly
6B1000
unkown
page execute read
2C77000
heap
page read and write
5791000
heap
page read and write
174AE000
heap
page read and write
345C000
heap
page read and write
5C00000
heap
page read and write
25D0000
heap
page read and write
561F000
heap
page read and write
2C3A000
heap
page read and write
617A000
stack
page read and write
6400000
trusted library allocation
page read and write
170D6000
heap
page read and write
175E4000
heap
page read and write
2C7C000
heap
page read and write
57CF000
heap
page read and write
5ABC000
stack
page read and write
16E40000
heap
page read and write
17800000
heap
page read and write
2C8B000
heap
page read and write
6C38C000
unkown
page read and write
18025000
heap
page read and write
2C9B000
heap
page read and write
17142000
heap
page read and write
6C5F0000
unkown
page readonly
2C4E000
heap
page read and write
6C386000
unkown
page read and write
16E86000
heap
page read and write
17FEC000
heap
page read and write
717000
unkown
page readonly
169FE000
stack
page read and write
640000
heap
page read and write
17FE8000
heap
page read and write
1743C000
heap
page read and write
E600000
direct allocation
page read and write
2C5A000
heap
page read and write
6600000
direct allocation
page read and write
17465000
heap
page read and write
2C88000
heap
page read and write
5D00000
heap
page read and write
5600000
heap
page read and write
40B000
unkown
page readonly
2CA4000
heap
page read and write
2C93000
heap
page read and write
64DB000
heap
page read and write
2C8B000
heap
page read and write
4887000
unkown
page readonly
2C52000
heap
page read and write
2CA4000
heap
page read and write
6B0000
unkown
page readonly
2A12000
heap
page read and write
664000
unkown
page write copy
17F94000
heap
page read and write
17BFF000
stack
page read and write
41A000
unkown
page write copy
5D00000
heap
page read and write
17CFB000
heap
page read and write
There are 442 hidden memdumps, click here to show them.