IOC Report
setup-lightshot 1.exe

loading gif

Files

File Path
Type
Category
Malicious
setup-lightshot 1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\is-QU5BV.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\Updater\MachineProducts.xml
XML 1.0 document, ASCII text, with very long lines (373), with no line terminators
dropped
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\Updater\info.xml
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Program Files (x86)\Skillbrains\Updater\is-A39OF.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\Updater\updater.log
Unicode text, UTF-8 text, with no line terminators
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\DXGIODScreenshot.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-1I1L2.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-1M2R2.tmp
MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/ru/learnmore.html>), ASCII text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-4BJ6H.tmp
MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/learnmore.html>), ASCII text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-A5GK1.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-BMVNO.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-NJRC2.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\is-V4MCF.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\learnmore.url (copy)
MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/learnmore.html>), ASCII text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\learnmore_ru.url (copy)
MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/ru/learnmore.html>), ASCII text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ar.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (610)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\be.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (960)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\bg.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1008)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\bn-BD.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (964)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\bs.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (972)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ca.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\cs.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1017)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\da.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1050)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\de.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1109)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\el.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1126)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\en.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1009)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\es.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1059)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\et.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (972)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\fa.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\fi.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1037)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\fr.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1243)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\gl.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\he.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1009)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\hr.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1021)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\hu.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1014)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\hy.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (887)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\id.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1077)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-04HG0.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (887)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-1K4BH.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-33HLK.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1062)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-340BK.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1009)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-35M74.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (960)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-3OTJ0.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1021)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-59G3F.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1014)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-6A71J.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1014)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-6IF55.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1028)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-7FPIH.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1120)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-81R26.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-8TG2P.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (606)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-8TNHF.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1055)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-9MOHS.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1077)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-A0PQV.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (758)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-AILAG.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-AVEB9.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (972)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-B0F5N.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1050)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-BE8DP.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-BSHMP.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1008)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-C53KF.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1029)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-CC49K.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1037)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-CD6D1.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-CLMGG.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (922)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-CQ1UE.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (610)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-EQC0G.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1126)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-ESSNP.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (651)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-F63GH.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1059)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-GSB4H.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (984)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-I74P8.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1017)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-IAHQC.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (964)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-IMREP.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (958)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-J0TS2.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1086)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-JRP0E.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1121)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-KIJS9.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-NAV72.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-NPUBO.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-OLJSA.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1094)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-OOBMK.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (972)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-P4415.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (321)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-PMK5V.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1201)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-RC65G.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1243)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-RG6F8.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-SBUF0.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (628)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-U9KAA.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1109)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-UAHT4.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1093)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-UT2N5.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (1009)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-V2G6L.tmp
Unicode text, UTF-8 (with BOM) text, with very long lines (910)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-V5QB8.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-VMJN0.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is-VU9P7.tmp
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\is.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\it.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1093)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ja.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ka.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (321)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ko.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (758)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ku.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\lt.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (606)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\lv.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\mk.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\nb-NO.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1120)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\nl.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1094)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\pl.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1029)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\pt-PT.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (651)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\pt-br.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1055)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ro.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1014)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ru.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1201)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sk.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1086)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sl.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sq.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1121)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sr-Cyrl.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sr.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (984)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\sv.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1028)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\th.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\tr.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (922)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\uk.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (910)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\ur.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (958)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\vi.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (1062)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\zh-CN.txt (copy)
Unicode text, UTF-8 (with BOM) text, with very long lines (628)
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\locales\zh-TW.txt (copy)
Unicode text, UTF-8 (with BOM) text
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\net.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\uploader.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\info.xml
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (317), with CRLF line terminators
dropped
C:\Program Files (x86)\Skillbrains\lightshot\is-5TND1.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\is-Q717B.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\unins000.dat
InnoSetup Log lightshot {30A5B3C9-2084-4063-A32A-628A98DE512B}, version 0x418, 53204 bytes, 045012\37\user\376, C:\Program Files (x86)\Skillbrains\lightsh
dropped
C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Skillbrains\lightshot\unins000.msg
InnoSetup messages, version 5.5.3, 221 messages (UTF-16), &About Setup...
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Learn More.url
MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/learnmore.html>), ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Sep 27 05:30:15 2024, mtime=Fri Sep 27 05:30:15 2024, atime=Mon Jul 22 02:21:52 2019, length=226728, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Screenshot history.url
MS Windows 95 Internet shortcut text (URL=<http://app.prntscr.com/about-gallery.html>), ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Uninstall Lightshot.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Sep 27 05:30:14 2024, mtime=Fri Sep 27 05:30:14 2024, atime=Fri Sep 27 05:30:00 2024, length=1558952, window=hide
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\1[1].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\__utm[1].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\updater[1].xml
XML 1.0 document, ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\1[1].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\1[2].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\1[3].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[1].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[2].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[3].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[4].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\__utm[5].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\lightshot[1].xml
XML 1.0 document, ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-elements-eula-ru.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-elements-eula-tr.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-eula-ru.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-eula-tr.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-page-ru.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\browser-page-tr.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\elements-eula-ru.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\elements-eula-tr.rtf (copy)
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-281D2.tmp
PC bitmap, Windows 3.x format, 114 x 57 x 24, image size 19608, resolution 3780 x 3780 px/m, cbSize 19662, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-2AOCI.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-75OKA.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-7AUPS.tmp
PC bitmap, Windows 3.x format, 164 x 312 x 24, image size 153504, resolution 2834 x 2834 px/m, cbSize 153558, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-7O4P8.tmp
PC bitmap, Windows 3.x format, 164 x 312 x 24, image size 153504, resolution 2834 x 2834 px/m, cbSize 153558, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-CT4LJ.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-H1O5D.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-I3RL7.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-IQOCQ.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-KB65G.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default language ID 1049
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-QUFDK.tmp
Rich Text Format data, version 1, ANSI, code page 1251, default middle east language ID 1025
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\is-RL95I.tmp
PC bitmap, Windows 3.x format, 114 x 57 x 24, image size 19608, resolution 3780 x 3780 px/m, cbSize 19662, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\yandex_browser_setup_ru.bmp (copy)
PC bitmap, Windows 3.x format, 164 x 312 x 24, image size 153504, resolution 2834 x 2834 px/m, cbSize 153558, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\yandex_browser_setup_tr.bmp (copy)
PC bitmap, Windows 3.x format, 164 x 312 x 24, image size 153504, resolution 2834 x 2834 px/m, cbSize 153558, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\yandex_logo_en.bmp (copy)
PC bitmap, Windows 3.x format, 114 x 57 x 24, image size 19608, resolution 3780 x 3780 px/m, cbSize 19662, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\yandex_logo_ru.bmp (copy)
PC bitmap, Windows 3.x format, 114 x 57 x 24, image size 19608, resolution 3780 x 3780 px/m, cbSize 19662, bits offset 54
dropped
C:\Users\user\AppData\Local\Temp\is-S06D3.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\UserProducts.xml
XML 1.0 document, ASCII text, with very long lines (424), with no line terminators
dropped
C:\Users\user\AppData\Local\updater.log
Unicode text, UTF-8 text, with no line terminators
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\1[1].gif
GIF image data, version 89a, 1 x 1
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\updater[1].xml
XML 1.0 document, ASCII text, with no line terminators
dropped
C:\Windows\Tasks\update-S-1-5-21-2246122658-3693405117-2476756634-1002.job
data
dropped
C:\Windows\Tasks\update-sys.job
data
dropped
Chrome Cache Entry: 171
PNG image data, 41 x 41, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 172
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 173
ASCII text, with very long lines (5945)
downloaded
Chrome Cache Entry: 174
HTML document, ASCII text, with CRLF line terminators
dropped
Chrome Cache Entry: 175
ASCII text, with very long lines (991)
downloaded
Chrome Cache Entry: 176
HTML document, ASCII text, with very long lines (566)
dropped
Chrome Cache Entry: 177
PNG image data, 626 x 20, 8-bit gray+alpha, non-interlaced
downloaded
Chrome Cache Entry: 178
Unicode text, UTF-8 text, with very long lines (65480)
downloaded
Chrome Cache Entry: 179
ASCII text, with very long lines (19948), with no line terminators
dropped
Chrome Cache Entry: 180
HTML document, ASCII text, with very long lines (566)
downloaded
Chrome Cache Entry: 181
PNG image data, 88 x 19, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 182
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 183
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 184
PNG image data, 57 x 38, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 185
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 186
ASCII text, with very long lines (991)
dropped
Chrome Cache Entry: 187
ASCII text, with very long lines (5945)
dropped
Chrome Cache Entry: 188
ASCII text, with very long lines (57906), with no line terminators
downloaded
Chrome Cache Entry: 189
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
downloaded
Chrome Cache Entry: 190
PNG image data, 19 x 18, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 191
ASCII text, with very long lines (2343)
dropped
Chrome Cache Entry: 192
PNG image data, 626 x 20, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 193
JSON data
downloaded
Chrome Cache Entry: 194
ASCII text, with very long lines (3824), with no line terminators
downloaded
Chrome Cache Entry: 195
PNG image data, 10 x 18, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 196
PNG image data, 130 x 40, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 197
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 198
PNG image data, 48 x 49, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 199
PNG image data, 144 x 144, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 200
ASCII text, with very long lines (5945)
downloaded
Chrome Cache Entry: 201
Unicode text, UTF-8 text, with very long lines (65480)
dropped
Chrome Cache Entry: 202
PNG image data, 18 x 15, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 203
ASCII text, with very long lines (5945)
dropped
Chrome Cache Entry: 204
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 205
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
dropped
Chrome Cache Entry: 206
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 207
JPEG image data, progressive, precision 8, 480x317, components 3
dropped
Chrome Cache Entry: 208
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 209
PNG image data, 160 x 160, 8-bit grayscale, non-interlaced
dropped
Chrome Cache Entry: 210
HTML document, Unicode text, UTF-8 text, with very long lines (7794)
downloaded
Chrome Cache Entry: 211
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 212
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 213
RIFF (little-endian) data, Web/P image
downloaded
Chrome Cache Entry: 214
PNG image data, 2 x 1, 8-bit gray+alpha, non-interlaced
dropped
Chrome Cache Entry: 215
ASCII text, with very long lines (19948), with no line terminators
downloaded
Chrome Cache Entry: 216
ASCII text, with very long lines (2343)
downloaded
Chrome Cache Entry: 217
JPEG image data, progressive, precision 8, 480x317, components 3
downloaded
There are 219 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\setup-lightshot 1.exe
"C:\Users\user\Desktop\setup-lightshot 1.exe"
C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp
"C:\Users\user\AppData\Local\Temp\is-UOU5D.tmp\setup-lightshot 1.tmp" /SL5="$10412,2148280,486912,C:\Users\user\Desktop\setup-lightshot 1.exe"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im lightshot.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /F /IM lightshot.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
"C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
"C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe
"C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent
C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp
"C:\Users\user\AppData\Local\Temp\is-F1J96.tmp\setupupdater.tmp" /SL5="$80080,490430,120832,C:\Users\user\AppData\Local\Temp\is-P7E8S.tmp\setupupdater.exe" /verysilent
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" START SCHEDULE
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 START SCHEDULE
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addsystask
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\Updater\info.xml"
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=ping -url="http://updater.prntscr.com/getver/updater?ping=true"
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=checkupdate
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addtask
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addtask
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\updater.exe" -runmode=addproduct -info="C:\Program Files (x86)\Skillbrains\lightshot\info.xml"
C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\Updater.exe" -runmode=checkupdate
C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe
"C:\Program Files (x86)\Skillbrains\Updater\1.8.0.0\Updater.exe" -runmode=checkupdate
C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
"C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe"
C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
"C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://app.prntscr.com/thankyou_desktop.html#install_source=default
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1888,i,7167525600281717774,4743937817464806075,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
There are 20 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
104.16.79.73
https://stats.g.doubleclick.net/g/collect
unknown
http://app.prntscr.com/ru/about-gallery.html
unknown
http://app.prntscr.com/bs/about-gallery.html
unknown
http://app.prntscr.com/thankyou_desktop.html#install_source=defaultx
unknown
http://app.prntscr.com/.http://app.prntscr.com/.http://app.prntscr.com/
unknown
http://crl.godaddy.com/gdig2s5-4.crl0
unknown
http://updater.prntscr.com/getver/lightshotb
unknown
http://www.jiyu-kobo.co.jp/&z
unknown
http://app.prntscr.com
unknown
http://www.fontbureau.com/designers
unknown
https://ampcid.google.com/v1/publisher:getClientId
unknown
https://app.prntscr.com/en/thankyou_desktop.html#install_source=default
http://updater.prntscr.com/getver/lightshotR
unknown
http://app.prntscr.com/thankyou_desktop.html
unknown
http://app.prntscr.com/thankyou_desktop.htmlRy
unknown
http://www.jiyu-kobo.co.jp/9
unknown
http://app.prntsrc.com/
unknown
https://st.prntscr.com/2023/07/24/0635/js/jquery.smartbanner.js
104.23.140.12
http://updater.prntscr.com/getver/updateral
unknown
http://www.jiyu-kobo.co.jp/2
unknown
http://www.galapagosdesign.com/DPlease
unknown
http://www.jiyu-kobo.co.jp/Y0
unknown
https://st.prntscr.com/2023/07/24/0635/img/footer-logo.png
104.23.140.12
https://stats.g.doubleclick.net/j/collect
unknown
http://www.palkornel.hu/innosetup%1
unknown
http://app.prntscr.com/pt-br/learnmore.htmla
unknown
http://updater.prntscr.com/getver/lightshot2z
unknown
http://www.zhongyicts.com.cn
unknown
https://mc.yandex.ru/watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Flightshot&ut=noindex&redirnss=1
93.158.134.119
http://updater.prntscr.com/getver/lightshot2
unknown
http://app.prntscr.com/cs/learnmore.html
unknown
https://code.google.com/p/chromium/issues/detail?id=150835
unknown
http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exe0
unknown
http://www.innosetup.com/
unknown
https://twitter.com/home?source=Lightshot&status=
unknown
https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
unknown
http://updater.prntscr.com/getver/lightshot34C:
unknown
http://blog.chromium.org/2013/09/saying-goodb
unknown
http://www.jiyu-kobo.co.jp/M
unknown
http://certs.godaddy.com/repository/1301
unknown
http://updater.prntscr.com/getver/updaterC:
unknown
https://st.prntscr.com/2023/07/24/0635/js/jquery.1.8.2.min.js
104.23.140.12
https://certs.godaddy.com/repository/0
unknown
http://app.prntscr.com/thankyou_desktop.html#install_source=default(
unknown
https://mc.yandex.ru/watch/44161209/1?page-url=%2Fusr%2FUpdater%2FAddProduct%2Fupdater&ut=noindex&redirnss=1
93.158.134.119
https://pinterest.com/pin/create/button/?url=
unknown
http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exeO
unknown
http://app.prntscr.com/about-gallery.html1
unknown
http://app.prntscr.com/about-gallery.html
unknown
http://www.carterandcone.coml
unknown
http://www.haysoft.org%1-k
unknown
http://crl.godaddy.com/gdroot-g2.crl0F
unknown
https://upload.prntscr.com/upload%s/%I64d/%s/application/octet-streamimagethumbTruedirect_linkwidthh
unknown
http://updater.prntscr.com/builds/setup-updater-1.8.0.0.exem
unknown
http://www.jiyu-kobo.co.jp/s
unknown
http://www.jiyu-kobo.co.jp/t
unknown
http://app.prntscr.com/pt-br/about-gallery.html
unknown
http://www.jiyu-kobo.co.jp/Y0/
unknown
https://app.prntscr.com/cdn-cgi/rum?
104.23.140.12
http://app.prntscr.com/thankyou_desktop.htmle/english&utmac=UA-11927135-1&utmcc=__utma%3D1.175951283
unknown
http://www.jiyu-kobo.co.jp/h
unknown
http://updater.skillbrains.com/user.xml
unknown
https://prntscr.com/gallery.html
unknown
https://st.prntscr.com/2023/07/24/0635/img/helper-button.png
104.23.140.12
https://st.prntscr.com/2023/07/24/0635/img/helper-share.png
104.23.140.12
http://app.prntscr.com/learnmore.html
unknown
http://updater.prntscr.com/getver/updater40
unknown
https://st.prntscr.com/2023/07/24/0635/img/icon-twitter_gscale.png
104.23.140.12
http://www.founder.com.cn/cn/bThe
unknown
http://app.prntscr.com/tr/learnmore.html
unknown
http://certificates.godaddy.com/repository/0
unknown
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
unknown
http://updater.skillbrains.com/machine.xml
unknown
http://updater.prntscr.com/%
unknown
http://app.prntscr.com/pt-br/learnmore.html
unknown
http://updater.prntscr.com/US_
unknown
http://updater.prntscr.com/getver/updater4
unknown
http://www.typography.netD
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
https://api.prntscr.com/v1/
104.23.140.12
http://app.prntscr.com/q
unknown
http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html
unknown
http://app.prntscr.com/cs/about-gallery.htmlaa
unknown
http://updater.prntscr.com/getver/lightshotuni
unknown
https://yandex.com.tr/soft/distribution/
unknown
https://code.google.com/p
unknown
http://updater.prntscr.com/E
unknown
http://www.fonts.com
unknown
http://www.sandoll.co.kr
unknown
http://app.prntscr.com/bs/thankyou_desktop.html
unknown
http://updater.prntscr.com/=
unknown
http://updater.prntscr.com/getver/updater-
unknown
https://api.prntscr.com/v1.1/useridDetachRequestDoneXBD
unknown
https://st.prntscr.com/2023/07/24/0635/img/icon-facebook_gscale.png
104.23.140.12
http://app.prntscr.com/uk/learnmore.html
unknown
http://app.prntscr.com/et/thankyou_desktop.html
unknown
http://www.fontbureau.com/jp/h
unknown
https://yandex.com.tr/legal/browser_agreement/
unknown
http://app.prntscr.com/tr/about-gallery.html1_
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
mc.yandex.ru
93.158.134.119
static.cloudflareinsights.com
104.16.79.73
app.prntscr.com
104.23.139.12
updater.prntscr.com
104.23.140.12
st.prntscr.com
104.23.140.12
www.google.com
142.250.184.196
api.prntscr.com
104.23.140.12

IPs

IP
Domain
Country
Malicious
142.250.184.196
www.google.com
United States
104.23.140.12
updater.prntscr.com
United States
104.23.139.12
app.prntscr.com
United States
192.168.2.4
unknown
unknown
104.16.80.73
unknown
United States
192.168.2.5
unknown
unknown
93.158.134.119
mc.yandex.ru
Russian Federation
239.255.255.250
unknown
Reserved
104.16.79.73
static.cloudflareinsights.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Lightshot
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Skillbrains\Lightshot
Locale
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Inno Setup: Setup Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Inno Setup: App Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Inno Setup: Icon Group
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Inno Setup: User
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Inno Setup: Language
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
QuietUninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
MajorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
MinorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
EstimatedSize
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Lightshot
Locale
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Lightshot
appFirstRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
RegFilesHash
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Skillbrains\Updater
path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Skillbrains\Updater
UserID
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Updater
ga_unique_id
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Updater
ga_first_time
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Updater
ga_counter
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Updater
ga_last_time
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Updater
ga_counter
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Updater
ga_last_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Skillbrains\Updater
LastCheck
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Skillbrains\Updater
Check
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Updater
ga_counter
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Updater
LastCheck
HKEY_CURRENT_USER\SOFTWARE\SkillBrains\Updater
Check
There are 39 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
3395000
heap
page read and write
A71000
direct allocation
page read and write
F7B000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
2066000
direct allocation
page read and write
1F4000
heap
page read and write
83E000
heap
page read and write
B10000
heap
page read and write
1F4000
heap
page read and write
FCD000
unkown
page readonly
6BB000
stack
page read and write
6F86D000
unkown
page readonly
31F0000
direct allocation
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
E1C000
heap
page read and write
1F4000
heap
page read and write
997000
unkown
page write copy
4DE000
stack
page read and write
34E8000
heap
page read and write
337B000
heap
page read and write
3395000
heap
page read and write
8FF000
stack
page read and write
1F4000
heap
page read and write
1DE0000
remote allocation
page read and write
79A000
heap
page read and write
1F4000
heap
page read and write
23E9000
heap
page read and write
1F4000
heap
page read and write
153E000
stack
page read and write
19B000
stack
page read and write
CA0000
heap
page read and write
9A9000
stack
page read and write
B45000
heap
page read and write
211D000
direct allocation
page read and write
3384000
heap
page read and write
6A7000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
D82000
heap
page read and write
D85000
heap
page read and write
3F1000
unkown
page execute read
3396000
heap
page read and write
972000
unkown
page readonly
2175000
direct allocation
page read and write
2800000
heap
page read and write
5FE000
heap
page read and write
1F4000
heap
page read and write
443000
unkown
page readonly
9A0000
unkown
page readonly
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
811000
heap
page read and write
1F4000
heap
page read and write
5E9000
heap
page read and write
607000
heap
page read and write
CE5000
heap
page read and write
3396000
heap
page read and write
9A0000
unkown
page readonly
337B000
heap
page read and write
99E000
unkown
page read and write
42E000
unkown
page readonly
3BD000
stack
page read and write
3373000
heap
page read and write
1F4000
heap
page read and write
F81000
unkown
page execute read
21F3000
heap
page read and write
1F4000
heap
page read and write
443000
unkown
page readonly
1F4000
heap
page read and write
1F4000
heap
page read and write
EF0000
heap
page read and write
1F4000
heap
page read and write
6B0000
heap
page read and write
3396000
heap
page read and write
1F4000
heap
page read and write
34E5000
heap
page read and write
1F4000
heap
page read and write
7E4000
heap
page read and write
1F4000
heap
page read and write
5E0000
heap
page read and write
3395000
heap
page read and write
476000
unkown
page readonly
2DE0000
heap
page read and write
6B4000
heap
page read and write
349E000
stack
page read and write
60C000
heap
page read and write
1F4000
heap
page read and write
31F0000
direct allocation
page read and write
8D1000
unkown
page execute read
11E0000
heap
page read and write
23E5000
heap
page read and write
1F4000
heap
page read and write
B94000
heap
page read and write
2380000
direct allocation
page read and write
9B000
stack
page read and write
1F4000
heap
page read and write
78C000
heap
page read and write
5B8000
heap
page read and write
AB0000
heap
page read and write
337E000
heap
page read and write
338E000
heap
page read and write
122E000
stack
page read and write
C3E000
stack
page read and write
3376000
heap
page read and write
3370000
heap
page read and write
1F4000
heap
page read and write
9A0000
unkown
page readonly
44C000
unkown
page readonly
3190000
direct allocation
page read and write
FAF000
stack
page read and write
630000
heap
page read and write
1F4000
heap
page read and write
207C000
direct allocation
page read and write
AAE000
stack
page read and write
2DCD000
stack
page read and write
21F0000
direct allocation
page read and write
F5E000
heap
page read and write
972000
unkown
page readonly
9B000
stack
page read and write
BEE000
stack
page read and write
337B000
heap
page read and write
DEA000
heap
page read and write
3371000
heap
page read and write
2420000
heap
page read and write
337B000
heap
page read and write
336E000
heap
page read and write
1F4000
heap
page read and write
6D0000
heap
page read and write
43B000
unkown
page readonly
37D2000
heap
page read and write
3395000
heap
page read and write
FBA000
unkown
page readonly
606000
heap
page read and write
65B000
stack
page read and write
438000
unkown
page write copy
7FC000
heap
page read and write
F6D000
heap
page read and write
E17000
heap
page read and write
187F000
stack
page read and write
3F0000
unkown
page readonly
443000
unkown
page readonly
1F4000
heap
page read and write
400000
unkown
page readonly
3397000
heap
page read and write
1F4000
heap
page read and write
F80000
unkown
page readonly
7BE000
heap
page read and write
6EF000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
5B9C000
stack
page read and write
502000
unkown
page write copy
346B000
direct allocation
page read and write
F7B000
heap
page read and write
1F4000
heap
page read and write
337C000
heap
page read and write
1F4000
heap
page read and write
35A0000
heap
page read and write
D9C000
stack
page read and write
324E000
stack
page read and write
D39000
heap
page read and write
22EF000
direct allocation
page read and write
34E5000
heap
page read and write
7D0000
heap
page read and write
1F4000
heap
page read and write
5F0E000
direct allocation
page read and write
351C000
heap
page read and write
6F81E000
unkown
page readonly
10BF000
stack
page read and write
F62000
heap
page read and write
1F4000
heap
page read and write
3396000
heap
page read and write
B30000
heap
page read and write
1F4000
heap
page read and write
3416000
direct allocation
page read and write
5C0000
heap
page read and write
3373000
heap
page read and write
1F4000
heap
page read and write
337B000
heap
page read and write
3395000
heap
page read and write
1F4000
heap
page read and write
6E7000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
449000
unkown
page readonly
42E000
unkown
page readonly
3385000
heap
page read and write
21CD000
direct allocation
page read and write
81F000
stack
page read and write
1F4000
heap
page read and write
2141000
direct allocation
page read and write
1F4000
heap
page read and write
147E000
stack
page read and write
E66000
unkown
page write copy
128E000
stack
page read and write
5ED000
heap
page read and write
1F4000
heap
page read and write
7B6000
heap
page read and write
338C000
heap
page read and write
1F4000
heap
page read and write
42E000
unkown
page readonly
1F4000
heap
page read and write
75D000
stack
page read and write
1F4000
heap
page read and write
21DC000
direct allocation
page read and write
EAF000
stack
page read and write
1F4000
heap
page read and write
F80000
unkown
page readonly
29CD000
stack
page read and write
4B2F000
stack
page read and write
446000
unkown
page readonly
1F4000
heap
page read and write
211B000
direct allocation
page read and write
D0C000
stack
page read and write
2183000
direct allocation
page read and write
44F000
unkown
page readonly
1F4000
heap
page read and write
1070000
heap
page read and write
3395000
heap
page read and write
337B000
heap
page read and write
93C000
stack
page read and write
1F31000
heap
page read and write
3CC000
stack
page read and write
3F1000
unkown
page execute read
2C8E000
stack
page read and write
BEF000
stack
page read and write
FCF000
unkown
page readonly
2116000
direct allocation
page read and write
3375000
heap
page read and write
11B9000
heap
page read and write
6CF21000
unkown
page execute read
1F4000
heap
page read and write
3400000
direct allocation
page read and write
2538000
direct allocation
page read and write
2138000
direct allocation
page read and write
20D4000
direct allocation
page read and write
A46000
direct allocation
page read and write
39FE000
stack
page read and write
2ADD000
stack
page read and write
1F4000
heap
page read and write
DC0000
heap
page read and write
7FE39000
direct allocation
page read and write
82B000
heap
page read and write
1F4000
heap
page read and write
8D0000
unkown
page readonly
1F4000
heap
page read and write
1F4000
heap
page read and write
C9E000
heap
page read and write
D6E000
stack
page read and write
8D1000
unkown
page execute read
798000
heap
page read and write
2E20000
heap
page read and write
DBE000
stack
page read and write
291D000
stack
page read and write
443000
unkown
page readonly
1F4000
heap
page read and write
1620000
heap
page read and write
255E000
stack
page read and write
972000
unkown
page readonly
51A000
unkown
page readonly
34A0000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
438000
unkown
page read and write
44C000
unkown
page readonly
35A1000
heap
page read and write
AAE000
stack
page read and write
1F4000
heap
page read and write
998000
unkown
page write copy
29DF000
stack
page read and write
34F3000
heap
page read and write
337D000
heap
page read and write
4EBE000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3500000
heap
page read and write
265C000
direct allocation
page read and write
1650000
heap
page read and write
C0F000
stack
page read and write
740000
heap
page read and write
336E000
heap
page read and write
620000
heap
page read and write
32A7000
direct allocation
page read and write
2780000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
690000
heap
page read and write
34F7000
heap
page read and write
1F4000
heap
page read and write
B40000
heap
page read and write
3464000
direct allocation
page read and write
1F4000
heap
page read and write
3F0000
unkown
page readonly
1F4000
heap
page read and write
337B000
heap
page read and write
3372000
heap
page read and write
5F9000
heap
page read and write
3395000
heap
page read and write
2157000
direct allocation
page read and write
1F4000
heap
page read and write
12FF000
stack
page read and write
3396000
heap
page read and write
784000
heap
page read and write
1F4000
heap
page read and write
21A5000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
F80000
unkown
page readonly
44F000
unkown
page readonly
338E000
heap
page read and write
44C000
unkown
page readonly
F0C000
heap
page read and write
23D0000
direct allocation
page read and write
648000
heap
page read and write
3372000
heap
page read and write
6FF000
stack
page read and write
48B0000
heap
page read and write
1F4000
heap
page read and write
FE0000
heap
page read and write
44C000
unkown
page readonly
1199000
heap
page read and write
D50000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
33A1000
heap
page read and write
D79000
heap
page read and write
6F811000
unkown
page execute read
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3372000
heap
page read and write
2B4E000
stack
page read and write
1F4000
heap
page read and write
3372000
heap
page read and write
1F4000
heap
page read and write
401000
unkown
page execute read
940000
direct allocation
page read and write
1F4000
heap
page read and write
23E0000
heap
page read and write
7B0000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
19BF000
stack
page read and write
7E1000
heap
page read and write
500000
unkown
page execute read
99B000
unkown
page read and write
3395000
heap
page read and write
F47000
heap
page read and write
3395000
heap
page read and write
1F4000
heap
page read and write
16B000
stack
page read and write
490000
heap
page read and write
3372000
heap
page read and write
38F0000
remote allocation
page read and write
F3E000
stack
page read and write
997000
unkown
page read and write
997000
unkown
page write copy
3781000
heap
page read and write
1DBF000
stack
page read and write
2EE0000
remote allocation
page read and write
7FE32000
direct allocation
page read and write
338A000
heap
page read and write
DE1000
heap
page read and write
784000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
449000
unkown
page readonly
1F4000
heap
page read and write
1F4000
heap
page read and write
42E000
unkown
page readonly
8D0000
unkown
page readonly
972000
unkown
page readonly
6F868000
unkown
page read and write
8D1000
unkown
page execute read
1F4000
heap
page read and write
42E000
unkown
page readonly
1F4000
heap
page read and write
1F4000
heap
page read and write
794000
heap
page read and write
43B000
unkown
page readonly
1F4000
heap
page read and write
2C3D000
stack
page read and write
2130000
direct allocation
page read and write
443000
unkown
page readonly
1F4000
heap
page read and write
337B000
heap
page read and write
801000
heap
page read and write
2B70000
heap
page read and write
C88000
heap
page read and write
66DC000
direct allocation
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3355000
heap
page read and write
3881000
heap
page read and write
337C000
heap
page read and write
11D5000
heap
page read and write
B08000
heap
page read and write
1F4000
heap
page read and write
33F0000
direct allocation
page read and write
2198000
direct allocation
page read and write
F6D000
heap
page read and write
1F4000
heap
page read and write
336C000
heap
page read and write
79F000
heap
page read and write
81A000
heap
page read and write
8D1000
unkown
page execute read
2671000
direct allocation
page read and write
3509000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
2BBE000
stack
page read and write
231A000
direct allocation
page read and write
E50000
unkown
page readonly
388F000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
6AC000
heap
page read and write
9A0000
unkown
page readonly
3396000
heap
page read and write
1F4000
heap
page read and write
3385000
heap
page read and write
2EE0000
remote allocation
page read and write
337B000
heap
page read and write
560000
heap
page read and write
20F2000
direct allocation
page read and write
3372000
heap
page read and write
215E000
direct allocation
page read and write
1F4000
heap
page read and write
43B000
unkown
page readonly
6F85B000
unkown
page readonly
2178000
direct allocation
page read and write
37BA000
heap
page read and write
1F4000
heap
page read and write
2ECE000
stack
page read and write
20EB000
direct allocation
page read and write
AAB000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
41C000
unkown
page readonly
443000
unkown
page readonly
337A000
heap
page read and write
DEE000
heap
page read and write
606000
heap
page read and write
1F4000
heap
page read and write
DC3000
heap
page read and write
E50000
unkown
page readonly
3395000
heap
page read and write
85E000
stack
page read and write
1170000
heap
page read and write
B8A000
heap
page read and write
11B9000
heap
page read and write
2058000
direct allocation
page read and write
3379000
heap
page read and write
1F4000
heap
page read and write
83C000
stack
page read and write
3372000
heap
page read and write
1F4000
heap
page read and write
5AE000
stack
page read and write
408000
unkown
page execute read
338E000
heap
page read and write
1F4000
heap
page read and write
336D000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
44F000
unkown
page readonly
3384000
heap
page read and write
2AA0000
heap
page read and write
51E000
unkown
page readonly
44F000
unkown
page readonly
21E3000
direct allocation
page read and write
419000
unkown
page write copy
2C03000
heap
page read and write
43B000
unkown
page readonly
A30000
direct allocation
page read and write
337B000
heap
page read and write
B3E000
heap
page read and write
338E000
heap
page read and write
1F4000
heap
page read and write
446000
unkown
page readonly
3395000
heap
page read and write
A29000
direct allocation
page read and write
1F4000
heap
page read and write
FCA000
unkown
page write copy
3481000
direct allocation
page read and write
3510000
heap
page read and write
DDD000
heap
page read and write
107F000
stack
page read and write
2EE0000
remote allocation
page read and write
D10000
heap
page read and write
1F4000
heap
page read and write
D81000
heap
page read and write
1160000
heap
page read and write
336D000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3384000
heap
page read and write
3385000
heap
page read and write
32BF000
stack
page read and write
D6B000
stack
page read and write
337E000
heap
page read and write
83C000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
E30000
heap
page read and write
31A0000
heap
page read and write
EC0000
heap
page read and write
1F4000
heap
page read and write
C2E000
stack
page read and write
3395000
heap
page read and write
CF0000
heap
page read and write
31A0000
direct allocation
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
520000
heap
page read and write
44C000
unkown
page readonly
31BC000
stack
page read and write
33A2000
heap
page read and write
3365000
heap
page read and write
846000
heap
page read and write
443000
unkown
page readonly
108C000
stack
page read and write
2BC0000
heap
page read and write
972000
unkown
page readonly
3399000
heap
page read and write
32F3000
direct allocation
page read and write
F6A000
heap
page read and write
1F4000
heap
page read and write
8D1000
unkown
page execute read
2B3C000
stack
page read and write
B2D000
stack
page read and write
1F4000
heap
page read and write
7AC000
stack
page read and write
1447000
heap
page read and write
337D000
heap
page read and write
1F4000
heap
page read and write
C80000
heap
page read and write
37D6000
heap
page read and write
6580000
heap
page read and write
1F4000
heap
page read and write
338E000
heap
page read and write
1F4000
heap
page read and write
2C4E000
stack
page read and write
1F4000
heap
page read and write
503000
unkown
page write copy
37CC000
heap
page read and write
E66000
unkown
page read and write
D80000
heap
page read and write
2328000
direct allocation
page read and write
E02000
heap
page read and write
1F4000
heap
page read and write
209A000
direct allocation
page read and write
30AF000
stack
page read and write
44F000
unkown
page readonly
1F4000
heap
page read and write
6E7000
heap
page read and write
FE5000
heap
page read and write
60C000
heap
page read and write
42E000
unkown
page readonly
3395000
heap
page read and write
C4E000
stack
page read and write
31F0000
remote allocation
page read and write
3F0000
unkown
page readonly
B91000
heap
page read and write
336F000
heap
page read and write
6984000
direct allocation
page read and write
337E000
heap
page read and write
1E0000
heap
page read and write
A4F000
stack
page read and write
D70000
heap
page read and write
3395000
heap
page read and write
997000
unkown
page write copy
3399000
heap
page read and write
6F810000
unkown
page readonly
9BF000
stack
page read and write
4FC000
stack
page read and write
163E000
stack
page read and write
17CF000
stack
page read and write
12D7000
heap
page read and write
1F4000
heap
page read and write
3456000
direct allocation
page read and write
3375000
heap
page read and write
1F4000
heap
page read and write
997000
unkown
page write copy
34DC000
heap
page read and write
37BA000
heap
page read and write
24A0000
heap
page read and write
2850000
heap
page read and write
1F4000
heap
page read and write
39BC000
stack
page read and write
6CF54000
unkown
page readonly
75C000
stack
page read and write
6F830000
unkown
page readonly
1F4000
heap
page read and write
337B000
heap
page read and write
1F4000
heap
page read and write
3614000
direct allocation
page read and write
2105000
direct allocation
page read and write
1F4000
heap
page read and write
449000
unkown
page readonly
2D5F000
stack
page read and write
31A0000
direct allocation
page read and write
337B000
heap
page read and write
337B000
heap
page read and write
1F4000
heap
page read and write
AEE000
stack
page read and write
F40000
heap
page read and write
20BE000
direct allocation
page read and write
21A9000
heap
page read and write
33A0000
heap
page read and write
3245000
heap
page read and write
3F0000
unkown
page readonly
42E000
unkown
page readonly
FBA000
unkown
page readonly
12FC000
stack
page read and write
50B000
unkown
page read and write
359F000
stack
page read and write
37CA000
heap
page read and write
4C7F000
stack
page read and write
52F000
unkown
page readonly
5F05000
direct allocation
page read and write
11BE000
stack
page read and write
1D0000
heap
page read and write
1F4000
heap
page read and write
263F000
direct allocation
page read and write
AFE000
stack
page read and write
C1E000
stack
page read and write
44C000
unkown
page readonly
4B7E000
stack
page read and write
1F4000
heap
page read and write
3376000
heap
page read and write
33A1000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
37DC000
heap
page read and write
93C000
stack
page read and write
336C000
heap
page read and write
8D1000
unkown
page execute read
47D000
unkown
page readonly
338E000
heap
page read and write
3395000
heap
page read and write
412000
unkown
page read and write
14CF000
stack
page read and write
998000
unkown
page write copy
38F0000
remote allocation
page read and write
438000
unkown
page read and write
1F4000
heap
page read and write
CB0000
heap
page read and write
3395000
heap
page read and write
99B000
unkown
page read and write
1F4000
heap
page read and write
8D0000
unkown
page readonly
34DC000
heap
page read and write
1A0000
heap
page read and write
7FE2E000
direct allocation
page read and write
338E000
heap
page read and write
2133000
direct allocation
page read and write
2D60000
heap
page read and write
D81000
heap
page read and write
2C70000
heap
page read and write
2B5F000
stack
page read and write
72A000
heap
page read and write
48BE000
heap
page read and write
1F4000
heap
page read and write
3396000
heap
page read and write
3672000
direct allocation
page read and write
BFF000
stack
page read and write
997000
unkown
page write copy
3396000
heap
page read and write
138F000
stack
page read and write
1F4000
heap
page read and write
3396000
heap
page read and write
43B000
unkown
page readonly
849000
heap
page read and write
F6D000
heap
page read and write
3881000
heap
page read and write
3F0000
unkown
page readonly
251E000
stack
page read and write
CCE000
heap
page read and write
337B000
heap
page read and write
6F86B000
unkown
page readonly
13B000
stack
page read and write
1F4000
heap
page read and write
2083000
direct allocation
page read and write
23D3000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
E62000
unkown
page readonly
443000
unkown
page readonly
3395000
heap
page read and write
1F4000
heap
page read and write
44F000
unkown
page readonly
2CB000
stack
page read and write
1F4000
heap
page read and write
3398000
heap
page read and write
1F4000
heap
page read and write
4DBF000
stack
page read and write
998000
unkown
page write copy
E17000
heap
page read and write
400000
unkown
page readonly
3380000
heap
page read and write
214D000
direct allocation
page read and write
10FC000
stack
page read and write
3F0000
unkown
page readonly
718000
heap
page read and write
61BF000
stack
page read and write
5E9000
heap
page read and write
2900000
heap
page read and write
15BF000
stack
page read and write
22A2000
direct allocation
page read and write
506000
unkown
page read and write
337D000
heap
page read and write
31BC000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
6CF52000
unkown
page read and write
8D0000
unkown
page readonly
2FAF000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
E69000
unkown
page readonly
412000
unkown
page write copy
2E40000
heap
page read and write
177E000
stack
page read and write
F65000
heap
page read and write
3395000
heap
page read and write
449000
unkown
page readonly
3020000
heap
page read and write
1100000
heap
page read and write
591E000
stack
page read and write
2340000
heap
page read and write
8D1000
unkown
page execute read
1F4000
heap
page read and write
2E50000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
40D000
unkown
page execute read
226A000
direct allocation
page read and write
3350000
heap
page read and write
479000
unkown
page readonly
418000
unkown
page read and write
44AE000
stack
page read and write
2350000
direct allocation
page execute and read and write
2BE0000
trusted library section
page readonly
99B000
unkown
page read and write
3210000
heap
page read and write
AAB000
stack
page read and write
1277000
heap
page read and write
337B000
heap
page read and write
3370000
heap
page read and write
337B000
heap
page read and write
3396000
heap
page read and write
332F000
stack
page read and write
11A8000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
E1A000
heap
page read and write
1F4000
heap
page read and write
998000
unkown
page write copy
1F4000
heap
page read and write
3395000
heap
page read and write
449000
unkown
page readonly
F5E000
heap
page read and write
997000
unkown
page read and write
2B1E000
stack
page read and write
BCE000
stack
page read and write
3385000
heap
page read and write
1F4000
heap
page read and write
F81000
unkown
page execute read
1F4000
heap
page read and write
334F000
stack
page read and write
6CF20000
unkown
page readonly
338C000
heap
page read and write
8D1000
unkown
page execute read
34E1000
heap
page read and write
1F4000
heap
page read and write
630000
heap
page read and write
972000
unkown
page readonly
1F4000
heap
page read and write
997000
unkown
page read and write
86B000
stack
page read and write
E66000
unkown
page write copy
1F4000
heap
page read and write
997000
unkown
page read and write
1F4000
heap
page read and write
3502000
heap
page read and write
206D000
direct allocation
page read and write
3660000
direct allocation
page read and write
5FD000
heap
page read and write
997000
unkown
page read and write
3379000
heap
page read and write
301F000
stack
page read and write
5C9D000
stack
page read and write
BD0000
heap
page read and write
21EE000
stack
page read and write
3384000
heap
page read and write
2541000
direct allocation
page read and write
44F000
unkown
page readonly
E40000
heap
page read and write
BCB000
stack
page read and write
825000
heap
page read and write
337B000
heap
page read and write
4FFE000
stack
page read and write
3F1000
unkown
page execute read
3385000
heap
page read and write
10DE000
stack
page read and write
22AD000
direct allocation
page read and write
400000
unkown
page readonly
2E9F000
stack
page read and write
266A000
direct allocation
page read and write
8D0000
unkown
page readonly
1F4000
heap
page read and write
20B0000
direct allocation
page read and write
338E000
heap
page read and write
41C000
unkown
page readonly
26A5000
direct allocation
page read and write
337B000
heap
page read and write
28F0000
heap
page read and write
D66000
heap
page read and write
343F000
direct allocation
page read and write
B6C000
stack
page read and write
2400000
direct allocation
page execute and read and write
34E1000
heap
page read and write
DBE000
stack
page read and write
1F4000
heap
page read and write
5A0000
heap
page read and write
337B000
heap
page read and write
2C1F000
stack
page read and write
348F000
direct allocation
page read and write
22FE000
stack
page read and write
1F4000
heap
page read and write
514000
unkown
page readonly
2091000
direct allocation
page read and write
7B9000
heap
page read and write
E66000
unkown
page read and write
DFF000
heap
page read and write
3F1000
unkown
page execute read
1F4000
heap
page read and write
8D1000
unkown
page execute read
696000
heap
page read and write
3365000
heap
page read and write
378E000
stack
page read and write
449000
unkown
page readonly
2D4F000
stack
page read and write
E70000
heap
page read and write
1F4000
heap
page read and write
37D2000
heap
page read and write
3395000
heap
page read and write
3395000
heap
page read and write
CEC000
stack
page read and write
B90000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
11B9000
heap
page read and write
34BF000
stack
page read and write
23DE000
stack
page read and write
503000
unkown
page read and write
37E0000
heap
page read and write
5F8000
heap
page read and write
401000
unkown
page execute read
1F4000
heap
page read and write
1F4000
heap
page read and write
34A1000
heap
page read and write
338C000
heap
page read and write
3385000
heap
page read and write
3663000
direct allocation
page read and write
9A0000
unkown
page readonly
3385000
heap
page read and write
3F1000
unkown
page execute read
1F4000
heap
page read and write
B00000
heap
page read and write
99E000
unkown
page read and write
F70000
heap
page read and write
34E1000
heap
page read and write
3200000
direct allocation
page read and write
20B7000
direct allocation
page read and write
44F000
unkown
page readonly
1F4000
heap
page read and write
1F4000
heap
page read and write
513C000
stack
page read and write
337B000
heap
page read and write
1F4000
heap
page read and write
AA0000
heap
page read and write
449000
unkown
page readonly
3395000
heap
page read and write
1F4000
heap
page read and write
38BF000
stack
page read and write
1F4000
heap
page read and write
84A000
heap
page read and write
5DE0000
direct allocation
page read and write
60E000
stack
page read and write
43B000
unkown
page readonly
337B000
heap
page read and write
307E000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
FCF000
unkown
page readonly
480000
heap
page read and write
A05000
heap
page read and write
412000
unkown
page write copy
1F4000
heap
page read and write
208A000
direct allocation
page read and write
11A8000
heap
page read and write
1F4000
heap
page read and write
3365000
heap
page read and write
7FCD0000
direct allocation
page read and write
B00000
heap
page read and write
9A0000
unkown
page readonly
AAF000
stack
page read and write
216A000
direct allocation
page read and write
3518000
heap
page read and write
1F4000
heap
page read and write
2BF0000
heap
page read and write
1F4000
heap
page read and write
3396000
heap
page read and write
20E4000
direct allocation
page read and write
DBC000
heap
page read and write
3379000
heap
page read and write
80E000
heap
page read and write
8D0000
unkown
page readonly
6F825000
unkown
page read and write
2B60000
heap
page read and write
1F4000
heap
page read and write
44F000
unkown
page readonly
347A000
direct allocation
page read and write
3472000
direct allocation
page read and write
7A8000
heap
page read and write
E51000
unkown
page execute read
1F4000
heap
page read and write
3372000
heap
page read and write
44C000
unkown
page readonly
8D0000
unkown
page readonly
6B4000
heap
page read and write
1F4000
heap
page read and write
E50000
unkown
page readonly
1F4000
heap
page read and write
972000
unkown
page readonly
E30000
heap
page read and write
2663000
direct allocation
page read and write
A10000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
2A0E000
stack
page read and write
1F4000
heap
page read and write
EDF000
stack
page read and write
1360000
heap
page read and write
EB0000
heap
page read and write
3395000
heap
page read and write
DBB000
heap
page read and write
2850000
heap
page read and write
446000
unkown
page readonly
8D0000
unkown
page readonly
8A0000
heap
page read and write
337B000
heap
page read and write
7A2000
heap
page read and write
835000
heap
page read and write
295E000
stack
page read and write
2163000
direct allocation
page read and write
997000
unkown
page read and write
93E000
stack
page read and write
8CE000
stack
page read and write
6CF56000
unkown
page readonly
FCF000
unkown
page readonly
972000
unkown
page readonly
337D000
heap
page read and write
2695000
direct allocation
page read and write
CCA000
heap
page read and write
1F4000
heap
page read and write
B90000
heap
page read and write
1F4000
heap
page read and write
344A000
heap
page read and write
449000
unkown
page readonly
3395000
heap
page read and write
997000
unkown
page write copy
6BE000
stack
page read and write
3396000
heap
page read and write
1F4000
heap
page read and write
14FF000
stack
page read and write
9A0000
heap
page read and write
38F0000
heap
page read and write
1F4000
heap
page read and write
2149000
direct allocation
page read and write
607C000
stack
page read and write
2146000
direct allocation
page read and write
3396000
heap
page read and write
11FE000
stack
page read and write
446000
unkown
page readonly
337E000
heap
page read and write
3384000
heap
page read and write
1F4000
heap
page read and write
9A0000
unkown
page readonly
29F0000
trusted library allocation
page read and write
3385000
heap
page read and write
6C0000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
2B3D000
stack
page read and write
217C000
direct allocation
page read and write
3460000
remote allocation
page read and write
338C000
heap
page read and write
BE0000
heap
page read and write
628000
heap
page read and write
1F4000
heap
page read and write
7FE34000
direct allocation
page read and write
1F4000
heap
page read and write
FCA000
unkown
page read and write
34FF000
heap
page read and write
2860000
heap
page read and write
341C000
stack
page read and write
972000
unkown
page readonly
1CBE000
stack
page read and write
229B000
direct allocation
page read and write
42E000
unkown
page readonly
337B000
heap
page read and write
2990000
trusted library allocation
page read and write
365E000
stack
page read and write
8D1000
unkown
page execute read
3399000
heap
page read and write
530000
heap
page read and write
3396000
heap
page read and write
2680000
direct allocation
page read and write
438000
unkown
page write copy
3385000
heap
page read and write
DBB000
heap
page read and write
37BE000
heap
page read and write
317C000
stack
page read and write
D88000
heap
page read and write
A63000
direct allocation
page read and write
37BC000
heap
page read and write
337B000
heap
page read and write
1F4000
heap
page read and write
F65000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
32C8000
direct allocation
page read and write
1F4000
heap
page read and write
F7C000
heap
page read and write
99B000
unkown
page read and write
37DC000
heap
page read and write
7DA000
heap
page read and write
997000
unkown
page read and write
32AF000
stack
page read and write
1F4000
heap
page read and write
EFC000
stack
page read and write
A11000
direct allocation
page read and write
43B000
unkown
page readonly
A6A000
direct allocation
page read and write
ADB000
stack
page read and write
336C000
heap
page read and write
CC0000
heap
page read and write
15FE000
stack
page read and write
3384000
heap
page read and write
1F4000
heap
page read and write
2122000
direct allocation
page read and write
146F000
stack
page read and write
337B000
heap
page read and write
2960000
heap
page read and write
998000
unkown
page write copy
1F4000
heap
page read and write
21A0000
heap
page read and write
443000
unkown
page readonly
14B0000
heap
page read and write
3396000
heap
page read and write
C60000
heap
page read and write
1F4000
heap
page read and write
21EA000
direct allocation
page read and write
34FE000
stack
page read and write
20FD000
direct allocation
page read and write
3395000
heap
page read and write
34F1000
heap
page read and write
620000
heap
page read and write
6B4000
heap
page read and write
338E000
heap
page read and write
A54000
direct allocation
page read and write
18E000
stack
page read and write
972000
unkown
page readonly
3F0000
unkown
page readonly
9A0000
unkown
page readonly
331B000
stack
page read and write
443000
unkown
page readonly
9A0000
unkown
page readonly
338C000
heap
page read and write
2040000
direct allocation
page read and write
1F4000
heap
page read and write
EBF000
stack
page read and write
1F4000
heap
page read and write
22D9000
direct allocation
page read and write
3365000
heap
page read and write
608000
heap
page read and write
218B000
direct allocation
page read and write
1F0000
heap
page read and write
338C000
heap
page read and write
1F4000
heap
page read and write
2154000
direct allocation
page read and write
1F4000
heap
page read and write
3781000
heap
page read and write
1F4000
heap
page read and write
269C000
direct allocation
page read and write
443000
unkown
page readonly
7A1000
heap
page read and write
1F4000
heap
page read and write
B1F000
stack
page read and write
F8C000
stack
page read and write
C60000
heap
page read and write
2646000
direct allocation
page read and write
3396000
heap
page read and write
F81000
unkown
page execute read
7AC000
heap
page read and write
1F4000
heap
page read and write
3395000
heap
page read and write
1F4000
heap
page read and write
50A000
unkown
page read and write
AED000
stack
page read and write
1F4000
heap
page read and write
3396000
heap
page read and write
1480000
heap
page read and write
1F4000
heap
page read and write
2A9D000
stack
page read and write
1F4000
heap
page read and write
3190000
direct allocation
page read and write
337B000
heap
page read and write
1F4000
heap
page read and write
B62000
heap
page read and write
AEE000
stack
page read and write
99E000
unkown
page read and write
2283000
direct allocation
page read and write
D52000
heap
page read and write
9EC000
stack
page read and write
143E000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
93000
stack
page read and write
797000
heap
page read and write
5A5E000
stack
page read and write
B40000
heap
page read and write
7BC000
heap
page read and write
7B2000
heap
page read and write
1F4000
heap
page read and write
253D000
direct allocation
page read and write
44C000
unkown
page readonly
507000
unkown
page read and write
C4F000
stack
page read and write
82D000
heap
page read and write
31BF000
stack
page read and write
CB8000
heap
page read and write
68C000
heap
page read and write
3385000
heap
page read and write
3395000
heap
page read and write
349E000
direct allocation
page read and write
19FB000
stack
page read and write
21F8000
direct allocation
page read and write
6F827000
unkown
page readonly
E50000
unkown
page readonly
2D8F000
stack
page read and write
8D0000
unkown
page readonly
2F2E000
stack
page read and write
345D000
direct allocation
page read and write
11AF000
heap
page read and write
42E000
unkown
page readonly
337B000
heap
page read and write
1F4000
heap
page read and write
446000
unkown
page readonly
579000
unkown
page readonly
6680000
direct allocation
page read and write
43B000
unkown
page readonly
1200000
heap
page read and write
1F4000
heap
page read and write
3F1000
unkown
page execute read
2165000
direct allocation
page read and write
337E000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3396000
heap
page read and write
1F4000
heap
page read and write
1270000
heap
page read and write
337B000
heap
page read and write
2ADF000
stack
page read and write
99E000
unkown
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3780000
heap
page read and write
34F7000
heap
page read and write
1F4000
heap
page read and write
3376000
heap
page read and write
972000
unkown
page readonly
9A0000
unkown
page readonly
1F4000
heap
page read and write
3376000
heap
page read and write
1F4000
heap
page read and write
3370000
heap
page read and write
338E000
heap
page read and write
337E000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3376000
heap
page read and write
620000
heap
page read and write
264D000
direct allocation
page read and write
7AF000
heap
page read and write
3374000
heap
page read and write
1E1E000
stack
page read and write
A5C000
direct allocation
page read and write
1F4000
heap
page read and write
43B000
unkown
page readonly
11A3000
heap
page read and write
30BB000
stack
page read and write
5F11000
direct allocation
page read and write
44C000
unkown
page readonly
1F4000
heap
page read and write
2B1E000
stack
page read and write
1F4000
heap
page read and write
2380000
direct allocation
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3396000
heap
page read and write
3385000
heap
page read and write
6980000
direct allocation
page read and write
7C9000
heap
page read and write
1F4000
heap
page read and write
47E000
stack
page read and write
2108000
direct allocation
page read and write
5B0000
heap
page read and write
339A000
heap
page read and write
34FD000
heap
page read and write
1F4000
heap
page read and write
3373000
heap
page read and write
D80000
heap
page read and write
7FE000
heap
page read and write
6F831000
unkown
page execute read
1F4000
heap
page read and write
E51000
unkown
page execute read
7F4000
heap
page read and write
2990000
heap
page read and write
1F4000
heap
page read and write
87E000
stack
page read and write
8BE000
stack
page read and write
21F1000
direct allocation
page read and write
1F1F000
stack
page read and write
50D000
unkown
page write copy
37BA000
heap
page read and write
212C000
direct allocation
page read and write
1F4000
heap
page read and write
443000
unkown
page readonly
E40000
heap
page read and write
340E000
direct allocation
page read and write
8BF000
stack
page read and write
1F4000
heap
page read and write
337D000
heap
page read and write
998000
unkown
page write copy
1F4000
heap
page read and write
2049000
direct allocation
page read and write
5EE000
stack
page read and write
337B000
heap
page read and write
758000
heap
page read and write
350C000
heap
page read and write
BD0000
heap
page read and write
CE0000
heap
page read and write
31AF000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
230C000
direct allocation
page read and write
1DE0000
remote allocation
page read and write
1F4000
heap
page read and write
3373000
heap
page read and write
336E000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
C65000
heap
page read and write
1F4000
heap
page read and write
3372000
heap
page read and write
37DA000
heap
page read and write
313E000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3F0000
unkown
page readonly
44C000
unkown
page readonly
34DA000
heap
page read and write
337D000
heap
page read and write
33BF000
stack
page read and write
1F4000
heap
page read and write
3F0000
unkown
page readonly
12D0000
heap
page read and write
5A0000
heap
page read and write
1F4000
heap
page read and write
B90000
heap
page read and write
1F4000
heap
page read and write
E17000
heap
page read and write
1440000
heap
page read and write
2B0E000
stack
page read and write
1F4000
heap
page read and write
438000
unkown
page write copy
3240000
heap
page read and write
66D000
heap
page read and write
A78000
direct allocation
page read and write
337B000
heap
page read and write
26AC000
direct allocation
page read and write
344D000
direct allocation
page read and write
61B000
heap
page read and write
446000
unkown
page readonly
700000
heap
page read and write
600000
heap
page read and write
337A000
heap
page read and write
7D6000
heap
page read and write
B88000
heap
page read and write
AF0000
heap
page read and write
5190000
heap
page read and write
2F48000
heap
page read and write
8D0000
unkown
page readonly
1F4000
heap
page read and write
3372000
heap
page read and write
337E000
heap
page read and write
5B5F000
stack
page read and write
788000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
C90000
heap
page read and write
438000
unkown
page write copy
7FDF4000
direct allocation
page read and write
10B0000
heap
page read and write
1F4000
heap
page read and write
3645000
direct allocation
page read and write
D2C000
stack
page read and write
337E000
heap
page read and write
19C000
stack
page read and write
8D0000
unkown
page readonly
338E000
heap
page read and write
438000
unkown
page read and write
33D0000
direct allocation
page read and write
1F4000
heap
page read and write
26B3000
direct allocation
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
417000
unkown
page read and write
E1B000
heap
page read and write
216E000
direct allocation
page read and write
2678000
direct allocation
page read and write
3384000
heap
page read and write
446000
unkown
page readonly
5F08000
direct allocation
page read and write
8D0000
unkown
page readonly
1F4000
heap
page read and write
1F4000
heap
page read and write
37BF000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
B48000
heap
page read and write
3691000
direct allocation
page read and write
8D1000
unkown
page execute read
FBA000
unkown
page readonly
124E000
stack
page read and write
24F8000
direct allocation
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
337F000
heap
page read and write
449000
unkown
page readonly
FCF000
unkown
page readonly
22CB000
direct allocation
page read and write
3396000
heap
page read and write
1F4000
heap
page read and write
26C2000
direct allocation
page read and write
336F000
heap
page read and write
567000
heap
page read and write
D9E000
stack
page read and write
33A1000
heap
page read and write
1F4000
heap
page read and write
D81000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
446000
unkown
page readonly
1F4000
heap
page read and write
1647000
heap
page read and write
1F4000
heap
page read and write
2BFE000
stack
page read and write
2F1E000
stack
page read and write
3385000
heap
page read and write
20F0000
direct allocation
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
C20000
heap
page read and write
1F4000
heap
page read and write
20DD000
direct allocation
page read and write
560000
heap
page read and write
7D2000
heap
page read and write
2AFC000
stack
page read and write
2496000
direct allocation
page read and write
3395000
heap
page read and write
337D000
heap
page read and write
E75000
heap
page read and write
1F4000
heap
page read and write
2313000
direct allocation
page read and write
8D1000
unkown
page execute read
EB7000
heap
page read and write
1F4000
heap
page read and write
11BD000
heap
page read and write
21A9000
direct allocation
page read and write
F7F000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
337B000
heap
page read and write
628000
heap
page read and write
DBB000
heap
page read and write
3656000
direct allocation
page read and write
34E4000
heap
page read and write
21BF000
direct allocation
page read and write
6CF46000
unkown
page readonly
870000
heap
page read and write
337B000
heap
page read and write
F80000
unkown
page readonly
640000
heap
page read and write
6DE000
heap
page read and write
7AF000
heap
page read and write
1F4000
heap
page read and write
37BE000
stack
page read and write
4DBD000
stack
page read and write
513000
unkown
page readonly
32D1000
direct allocation
page read and write
F6A000
heap
page read and write
124F000
stack
page read and write
7DC000
heap
page read and write
21F0000
heap
page read and write
3368000
heap
page read and write
1F4000
heap
page read and write
1F0000
heap
page read and write
3372000
heap
page read and write
8D1000
unkown
page execute read
2590000
heap
page read and write
6FE000
stack
page read and write
1F4000
heap
page read and write
38F0000
remote allocation
page read and write
1F4000
heap
page read and write
183F000
stack
page read and write
7AA000
heap
page read and write
337D000
heap
page read and write
3395000
heap
page read and write
ACE000
stack
page read and write
3300000
direct allocation
page read and write
3396000
heap
page read and write
997000
unkown
page write copy
7CD000
heap
page read and write
1F4000
heap
page read and write
446000
unkown
page readonly
21C6000
direct allocation
page read and write
33A0000
heap
page read and write
438000
unkown
page read and write
AB0000
heap
page read and write
1F4000
heap
page read and write
3373000
heap
page read and write
3500000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
22D2000
direct allocation
page read and write
2C00000
heap
page read and write
7F0000
heap
page read and write
1F4000
heap
page read and write
368A000
direct allocation
page read and write
1640000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
337E000
heap
page read and write
337B000
heap
page read and write
31F0000
remote allocation
page read and write
502000
unkown
page read and write
B05000
heap
page read and write
34E0000
heap
page read and write
FCD000
unkown
page readonly
E69000
unkown
page readonly
1F4000
heap
page read and write
89E000
stack
page read and write
3399000
heap
page read and write
44F000
unkown
page readonly
34E1000
heap
page read and write
18D000
stack
page read and write
3496000
direct allocation
page read and write
8D0000
unkown
page readonly
3395000
heap
page read and write
1F4000
heap
page read and write
123E000
stack
page read and write
60BE000
stack
page read and write
50FF000
stack
page read and write
337B000
heap
page read and write
E10000
heap
page read and write
AF0000
heap
page read and write
CFB000
stack
page read and write
3395000
heap
page read and write
1F4000
heap
page read and write
26BB000
direct allocation
page read and write
337B000
heap
page read and write
5B0000
heap
page read and write
4FB000
stack
page read and write
337B000
heap
page read and write
B49000
heap
page read and write
6B5000
heap
page read and write
9A0000
unkown
page readonly
446000
unkown
page readonly
338E000
heap
page read and write
5E5000
heap
page read and write
570000
unkown
page readonly
337B000
heap
page read and write
1F4000
heap
page read and write
CE8000
heap
page read and write
2129000
direct allocation
page read and write
446000
unkown
page readonly
1F4000
heap
page read and write
3376000
heap
page read and write
3460000
remote allocation
page read and write
1F4000
heap
page read and write
3395000
heap
page read and write
760000
heap
page read and write
3396000
heap
page read and write
213A000
direct allocation
page read and write
1F4000
heap
page read and write
44C000
unkown
page readonly
2654000
direct allocation
page read and write
1F4000
heap
page read and write
3360000
heap
page read and write
1F4000
heap
page read and write
32E8000
direct allocation
page read and write
367A000
direct allocation
page read and write
1F4000
heap
page read and write
43B000
unkown
page readonly
3350000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
84E000
heap
page read and write
87F000
stack
page read and write
3395000
heap
page read and write
30BD000
stack
page read and write
1F4000
heap
page read and write
3395000
heap
page read and write
9A0000
unkown
page readonly
C40000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
3460000
remote allocation
page read and write
109E000
stack
page read and write
44C000
unkown
page readonly
1F4000
heap
page read and write
375E000
stack
page read and write
99B000
unkown
page read and write
336E000
heap
page read and write
4CBE000
stack
page read and write
94E000
stack
page read and write
B77000
heap
page read and write
1F4000
heap
page read and write
61FE000
stack
page read and write
640000
heap
page read and write
6F829000
unkown
page readonly
792000
heap
page read and write
337B000
heap
page read and write
1F4000
heap
page read and write
54B000
stack
page read and write
2E50000
heap
page read and write
42E000
unkown
page readonly
1F4000
heap
page read and write
E69000
unkown
page readonly
540000
heap
page read and write
438000
unkown
page read and write
1308000
heap
page read and write
23F0000
heap
page read and write
3F0000
unkown
page readonly
650000
heap
page read and write
1F4000
heap
page read and write
430000
heap
page read and write
24DE000
stack
page read and write
565000
heap
page read and write
1F4000
heap
page read and write
44B0000
trusted library allocation
page read and write
322E000
stack
page read and write
415000
unkown
page read and write
B62000
heap
page read and write
1F4000
heap
page read and write
972000
unkown
page readonly
E8E000
stack
page read and write
1F4000
heap
page read and write
7BE000
stack
page read and write
2F40000
heap
page read and write
337B000
heap
page read and write
68E000
stack
page read and write
37CC000
heap
page read and write
DEE000
heap
page read and write
7FE3D000
direct allocation
page read and write
3396000
heap
page read and write
A80000
heap
page read and write
7BC000
stack
page read and write
990000
heap
page read and write
B90000
heap
page read and write
700000
heap
page read and write
2627000
direct allocation
page read and write
3373000
heap
page read and write
2125000
direct allocation
page read and write
337B000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1178000
heap
page read and write
1F4000
heap
page read and write
23D0000
direct allocation
page read and write
1F4000
heap
page read and write
210C000
direct allocation
page read and write
436000
unkown
page readonly
3399000
heap
page read and write
337E000
heap
page read and write
99E000
unkown
page read and write
336A000
heap
page read and write
20A1000
direct allocation
page read and write
3396000
heap
page read and write
2E50000
heap
page read and write
3395000
heap
page read and write
3220000
heap
page read and write
337B000
heap
page read and write
1F4000
heap
page read and write
23D0000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1AFD000
stack
page read and write
1F4000
heap
page read and write
401000
unkown
page execute read
412000
unkown
page read and write
1F4000
heap
page read and write
6A6000
heap
page read and write
32D8000
direct allocation
page read and write
1100000
heap
page read and write
1F4000
heap
page read and write
710000
heap
page read and write
1F4000
heap
page read and write
FCA000
unkown
page write copy
1F4000
heap
page read and write
337B000
heap
page read and write
34FD000
heap
page read and write
1F4000
heap
page read and write
F54000
heap
page read and write
86E000
stack
page read and write
1F4000
heap
page read and write
3515000
heap
page read and write
213F000
direct allocation
page read and write
42E000
unkown
page readonly
2687000
direct allocation
page read and write
5A1F000
stack
page read and write
424000
unkown
page readonly
21B0000
direct allocation
page read and write
1F4000
heap
page read and write
E69000
unkown
page readonly
CAE000
heap
page read and write
337B000
heap
page read and write
CF8000
heap
page read and write
DF2000
heap
page read and write
DE0000
heap
page read and write
795000
heap
page read and write
5E0000
heap
page read and write
337D000
heap
page read and write
3698000
direct allocation
page read and write
449000
unkown
page readonly
1F4000
heap
page read and write
37DC000
heap
page read and write
E62000
unkown
page readonly
2C5E000
stack
page read and write
1F4000
heap
page read and write
438000
unkown
page write copy
FCA000
unkown
page read and write
B85000
heap
page read and write
2293000
direct allocation
page read and write
E62000
unkown
page readonly
972000
unkown
page readonly
99F000
stack
page read and write
1F4000
heap
page read and write
750000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
20A8000
direct allocation
page read and write
449000
unkown
page readonly
8D0000
unkown
page readonly
BDC000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
364D000
direct allocation
page read and write
9A0000
unkown
page readonly
1F4000
heap
page read and write
3F1000
unkown
page execute read
1F4000
heap
page read and write
14FC000
stack
page read and write
268E000
direct allocation
page read and write
3F1000
unkown
page execute read
1F4000
heap
page read and write
1C3F000
stack
page read and write
2075000
direct allocation
page read and write
3395000
heap
page read and write
1DE0000
remote allocation
page read and write
1ED000
stack
page read and write
1B3E000
stack
page read and write
1F4000
heap
page read and write
2E30000
heap
page read and write
438000
unkown
page write copy
A00000
heap
page read and write
E51000
unkown
page execute read
3379000
heap
page read and write
31F0000
remote allocation
page read and write
3372000
heap
page read and write
449000
unkown
page readonly
6DA000
heap
page read and write
446000
unkown
page readonly
DBA000
heap
page read and write
3373000
heap
page read and write
44F000
unkown
page readonly
820000
heap
page read and write
B77000
heap
page read and write
CE0000
heap
page read and write
FCD000
unkown
page readonly
3200000
direct allocation
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
6680000
heap
page read and write
CDE000
heap
page read and write
337B000
heap
page read and write
66C4000
direct allocation
page read and write
2150000
direct allocation
page read and write
21D4000
direct allocation
page read and write
9D0000
heap
page read and write
21A1000
direct allocation
page read and write
2171000
direct allocation
page read and write
E90000
heap
page read and write
1F4000
heap
page read and write
22BC000
direct allocation
page read and write
FBA000
unkown
page readonly
1F4000
heap
page read and write
1F4000
heap
page read and write
2BBD000
stack
page read and write
7FD20000
direct allocation
page read and write
1300000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
50E000
unkown
page read and write
3396000
heap
page read and write
19C000
stack
page read and write
F81000
unkown
page execute read
3395000
heap
page read and write
1F4000
heap
page read and write
43B000
unkown
page readonly
33D000
stack
page read and write
35FF000
stack
page read and write
3384000
heap
page read and write
1F4000
heap
page read and write
3F1000
unkown
page execute read
1F4000
heap
page read and write
22B5000
direct allocation
page read and write
99E000
unkown
page read and write
62FF000
stack
page read and write
3395000
heap
page read and write
A3F000
direct allocation
page read and write
32C0000
direct allocation
page read and write
2B5E000
stack
page read and write
337B000
heap
page read and write
2C4F000
stack
page read and write
3F0000
unkown
page readonly
E62000
unkown
page readonly
1130000
heap
page read and write
3396000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
338C000
heap
page read and write
1F4000
heap
page read and write
694000
heap
page read and write
10FC000
stack
page read and write
337B000
heap
page read and write
3F1000
unkown
page execute read
302F000
stack
page read and write
622000
heap
page read and write
C25000
heap
page read and write
3488000
direct allocation
page read and write
215C000
direct allocation
page read and write
99B000
unkown
page read and write
1F4000
heap
page read and write
3F1000
unkown
page execute read
50D000
unkown
page read and write
F6B000
heap
page read and write
3395000
heap
page read and write
651000
heap
page read and write
18BE000
stack
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
438000
unkown
page read and write
FCD000
unkown
page readonly
1F4000
heap
page read and write
44D2000
trusted library allocation
page read and write
99E000
unkown
page read and write
1F4000
heap
page read and write
6AB000
stack
page read and write
AEE000
stack
page read and write
99B000
unkown
page read and write
400000
unkown
page readonly
42E000
unkown
page readonly
1F4000
heap
page read and write
337E000
heap
page read and write
30FE000
stack
page read and write
E51000
unkown
page execute read
3F0000
unkown
page readonly
FFC000
stack
page read and write
363D000
direct allocation
page read and write
1F4000
heap
page read and write
998000
unkown
page write copy
1230000
heap
page read and write
22E8000
direct allocation
page read and write
2D9E000
stack
page read and write
3F1000
unkown
page execute read
239F000
stack
page read and write
33A2000
heap
page read and write
81C000
heap
page read and write
3396000
heap
page read and write
43B000
unkown
page readonly
972000
unkown
page readonly
1640000
heap
page read and write
6AC000
heap
page read and write
3395000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
B87000
heap
page read and write
1F4000
heap
page read and write
1F4000
heap
page read and write
334D000
stack
page read and write
1F4000
heap
page read and write
A4D000
direct allocation
page read and write
9A0000
unkown
page readonly
1F4000
heap
page read and write
210F000
direct allocation
page read and write
8D1000
unkown
page execute read
96000
stack
page read and write
E1D000
heap
page read and write
3397000
heap
page read and write
44F000
unkown
page readonly
1F4000
heap
page read and write
1F4000
heap
page read and write
336E000
heap
page read and write
50E000
unkown
page write copy
1F4000
heap
page read and write
There are 1843 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://app.prntscr.com/en/thankyou_desktop.html#install_source=default
https://app.prntscr.com/en/thankyou_desktop.html#install_source=default