IOC Report
NetSpot.exe

loading gif

Files

File Path
Type
Category
Malicious
NetSpot.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
C:\Program Files\NetSpot\BouncyCastle.Crypto.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\ITextSharp.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\LegacySurveyProject.ico (copy)
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
dropped
C:\Program Files\NetSpot\Microsoft.Web.WebView2.Core.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\Microsoft.Web.WebView2.WinForms.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\Microsoft.Web.WebView2.Wpf.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.Shell.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\Microsoft.WindowsAPICodePack.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-arm64.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x64.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\MuPDFCore.NativeAssets.Win-x86.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\MuPDFCore.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Base.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Base.dll.config (copy)
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Program Files\NetSpot\NetSpot.Core.Base.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Core.Discover.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Core.Predictive.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Core.Survey.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Discover.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Infrastructure.Engine.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Infrastructure.IperfServices.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Infrastructure.JsonServices.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Infrastructure.Polices.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Infrastructure.PredictiveProjectFormat.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyLegacyProjectFormat.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Infrastructure.SurveyProjectFormat.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Infrastructure.UniversalProjectFormat.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Infrastructure.WiFi.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Predictive.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.Survey.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.exe (copy)
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\NetSpot.exe.config (copy)
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Program Files\NetSpot\Newtonsoft.Json.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\PredictiveProject.ico (copy)
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
dropped
C:\Program Files\NetSpot\Resources\Sounds\Survey_ScanFail.mp3 (copy)
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
dropped
C:\Program Files\NetSpot\Resources\Sounds\Survey_ScanSuccess.mp3 (copy)
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
dropped
C:\Program Files\NetSpot\Resources\Sounds\is-0G99Q.tmp
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
dropped
C:\Program Files\NetSpot\Resources\Sounds\is-EC700.tmp
MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
dropped
C:\Program Files\NetSpot\SurveyProject.ico (copy)
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
dropped
C:\Program Files\NetSpot\System.Buffers.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\System.Data.SQLite.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\System.Memory.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\System.Numerics.Vectors.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\System.Runtime.CompilerServices.Unsafe.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\de\NetSpot.Base.resources.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\de\is-9IFIE.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\en\NetSpot.Base.resources.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\en\is-JJM2S.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\es\NetSpot.Base.resources.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\es\is-GLJO9.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\fr\NetSpot.Base.resources.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\fr\is-CM1JJ.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-07U2U.tmp
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
dropped
C:\Program Files\NetSpot\is-24KKF.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-33L5D.tmp
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Program Files\NetSpot\is-377HG.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-3JV3P.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-3TUDR.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-42MF6.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-4ET7L.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-4GPK1.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-5AA03.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-5BG51.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-5G8NL.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-5VC90.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-6E58C.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-8UH95.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-9GF1O.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-B1NJF.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-B9RJK.tmp
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
dropped
C:\Program Files\NetSpot\is-C3Q8S.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-CIROQ.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-CTAKS.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-HQR54.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-HRVUR.tmp
MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
dropped
C:\Program Files\NetSpot\is-IQU4U.tmp
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Program Files\NetSpot\is-JOU0Q.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-LEMM7.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-M74L2.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\is-MACOH.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-N15GE.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-NKE6A.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-NNF2R.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-O8J9C.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-OQL12.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-PLA7C.tmp
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-R0J2V.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-S0F5R.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-SEC79.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-T7BIU.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-TEQCU.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-U2GGI.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\is-V7Q4A.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\it\NetSpot.Base.resources.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\it\is-S2EDF.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\ja\NetSpot.Base.resources.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\ja\is-6CS50.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\pt\NetSpot.Base.resources.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\pt\is-KTD9U.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\ru\NetSpot.Base.resources.dll (copy)
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\ru\is-JL9ET.tmp
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
C:\Program Files\NetSpot\runtimes\win-arm64\native\WebView2Loader.dll (copy)
PE32+ executable (DLL) (console) Aarch64, for MS Windows
dropped
C:\Program Files\NetSpot\runtimes\win-arm64\native\is-UGST8.tmp
PE32+ executable (DLL) (console) Aarch64, for MS Windows
dropped
C:\Program Files\NetSpot\runtimes\win-x64\native\WebView2Loader.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\runtimes\win-x64\native\is-IIR56.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\runtimes\win-x86\native\WebView2Loader.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\runtimes\win-x86\native\is-D9116.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\unins000.dat
InnoSetup Log 64-bit NetSpot, version 0x418, 55272 bytes, 562258\37\user\376, C:\Program Files\NetSpot\376\377\377\007
dropped
C:\Program Files\NetSpot\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\unins000.msg
InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
dropped
C:\Program Files\NetSpot\x64\Act.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\MuPDFWrapper.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\Predictive.Interop.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\SQLite.Interop.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\cygwin1.dll (copy)
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\iperf3.exe (copy)
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\is-2KT7S.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\is-9LFKI.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\is-MK85Q.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\is-Q4QCI.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\is-QSS20.tmp
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x64\is-S8PNU.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Program Files\NetSpot\x86\Act.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\MuPDFWrapper.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\Predictive.Interop.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\SQLite.Interop.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\cyggcc_s-1.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\cygwin1.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\iperf3.exe (copy)
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\is-D8NFU.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\is-HC4RP.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\is-MLUMD.tmp
PE32 executable (console) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\is-OLDS2.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\is-SMHRU.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\is-UFOD4.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files\NetSpot\x86\is-VVTAO.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSpot\NetSpot.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 30 11:17:52 2024, mtime=Mon Sep 30 11:17:52 2024, atime=Thu Jan 25 20:29:34 2024, length=463552, window=hide
dropped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSpot\Uninstall NetSpot.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 30 11:17:48 2024, mtime=Mon Sep 30 11:17:48 2024, atime=Mon Sep 30 11:17:44 2024, length=3268288, window=hide
dropped
C:\Users\Public\Desktop\NetSpot.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Sep 30 11:17:52 2024, mtime=Mon Sep 30 11:18:00 2024, atime=Thu Jan 25 20:29:34 2024, length=463552, window=hide
dropped
C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\5ktvpi1j.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\ajks2tjb.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\krjc0po1.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\ly3x53tm.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\mxulld44.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\sw5lmzm3.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\user.config (copy)
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Etwok_Inc\NetSpot.exe_StrongName_0jhw1fpaucqhjjvuryn5slg1mxkclhg0\3.1.0.478\vo3cafdp.newcfg
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\is-OUV8N.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Logs\ns_cbc8a.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\NetSpot.act
OpenPGP Public Key
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\PredictiveParameters\JsonVersions.json
JSON data
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Predictive\Storage.xml
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Predictive\ZonePreviewImage_1_1.png
PNG image data, 499 x 352, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\Storage.xml
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_1_1.png
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_1_2.png
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_2_1.png
PNG image data, 500 x 417, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_2_2.png
PNG image data, 500 x 379, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Roaming\Etwok\NetSpot 3\Temp\Survey\ZonePreviewImage_2_3.png
PNG image data, 499 x 414, 8-bit/color RGBA, non-interlaced
dropped
There are 151 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\NetSpot.exe
"C:\Users\user\Desktop\NetSpot.exe"
C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp
"C:\Users\user\AppData\Local\Temp\is-DLR5V.tmp\NetSpot.tmp" /SL5="$1042E,82973157,925184,C:\Users\user\Desktop\NetSpot.exe"
C:\Program Files\NetSpot\NetSpot.exe
"C:\Program Files\NetSpot\NetSpot.exe" -firstrun

URLs

Name
IP
Malicious
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
unknown
https://www.netspotapp.com
unknown
https://www.netspotapp.com/pjf/WallMaterials.json
66.135.20.63
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
unknown
http://ocsp.sectigo.com0
unknown
https://www.netspotapp.com/help/wireless-transmit-rate/
unknown
https://github.com/esnet/iperf
unknown
https://www.netspotapp.com/help/troubleshooting-snr/
unknown
https://www.netspotapp.com/uploads/feedback/submit.php?project=NetSpotWin&utm_nooverride=1n=b77a5c56
unknown
https://www.netspotapp.com/help/what-is-download-speed/
unknown
https://github.com/Fonthausen/NunitoSans)Nunito
unknown
https://www.netspotapp.com/help/troubleshooting-upload-rate/
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
unknown
https://updates.netspotapp.com/s
unknown
https://www.netspotapp.com/help/signal-to-interference-ratio/
unknown
https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
unknown
https://www.netspotapp.com/pjf/WallMaterials.json8
unknown
http://www.sansoxygen.comThis
unknown
https://www.netspotapp.com/help/troubleshooting-noise/
unknown
http://www.openssl.org/support/faq.html.
unknown
https://www.netspotapp.com/help/what-is-the-signal-to-noise/
unknown
https://www.netspotapp.com/win-purchase-netspot.html
unknown
http://www.openssl.org/support/faq.html
unknown
https://cdn.netspotapp.com/download/Win/updater/updateManifest3.xml8
unknown
https://aka.ms/vs/17/release/vc_redist.x64.exe
unknown
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLNunito
unknown
https://www.netspotapp.com/features.html?utm_source=app_activator&utm_medium=win&utm_campaign=app_ac
unknown
https://www.netspotapp.com/netspot-enterprise.html
unknown
https://www.netspotapp.com/upgrade-netspot-win.html
unknown
https://www.remobjects.com/ps
unknown
https://www.netspotapp.com/pjf/JsonVersions.json
66.135.20.63
http://defaultcontainer/NetSpot;component/views/promowindow.xaml
unknown
https://www.innosetup.com/
unknown
https://www.netspotapp.com/netspot-enterprise.htmlBSJB
unknown
https://updates.netspotapp.com:443/activator/;
unknown
https://www.netspotapp.com/help/?utm_source=appmenu&utm_medium=win&utm_id=app
unknown
https://www.netspotapp.com/help/noise-level/
unknown
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
unknown
https://www.netspotapp.com/help/what-is-upload-speed/
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://cdn.netspotapp.com/download/Win/updater/updateManifest3.xml
unknown
https://updates.netspotapp.com/changehid/?mp-translate=en
unknown
https://www.netspotapp.com/?utm_nooverride=1
unknown
https://www.netspotapp.com/win-upgrade-to-netspot3.html?utm_source=app_win_upgradewindow_upgrade2to3
unknown
https://www.netspotapp.com/help/what-is-the-frequency-band-coverage-pro/
unknown
https://github.com/JamesNK/Newtonsoft.Json
unknown
https://sectigo.com/CPS0
unknown
https://updates.netspotapp.com/recover/?mp-translate=en
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
https://www.netspotapp.com/pjf/RouterModels.json
66.135.20.63
https://www.netspotapp.com/help/signal-level/
unknown
https://www.netspotapp.com/help/
unknown
https://updates.netspotapp.com/
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
unknown
https://www.netspotapp.com/help/troubleshooting-sir/
unknown
https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
unknown
https://www.sqlite.org/copyright.html2
unknown
http://james.newtonking.com/projects/json
unknown
https://www.netspotapp.com/help/quantity-of-access-points/
unknown
https://updates.netspotapp.com/activator/getKeyInfo
unknown
http://www.dk-soft.org/
unknown
https://updates.netspotapp.com/activator/graceBlockeddemoOvergracePeriodSecondsgraceStartedTimegrace
unknown
https://www.netspotapp.com/uploads/feedback/submit.php?project=NetSpotWin&utm_nooverride=1
unknown
https://updates.netspotapp.com
unknown
https://www.netspotapp.com/win-upgrade-to-netspot3.html?utm_source=app_win_activator_upgrade2to3&utm
unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
unknown
https://updates.netspotapp.com/activator/
66.135.20.63
https://aka.ms/vs/17/release/vc_redist.x86.exe
unknown
https://www.netspotapp.com/help/troubleshooting-signal-level/
unknown
https://www.newtonsoft.com/jsonschema
unknown
https://www.netspotapp.com/help/phy-mode-coverage/
unknown
https://cdn.netspotapp.com/download/NetSpotForWindows/3/UpdateManifest.xml
unknown
https://speedtest.netspotapp.com
unknown
https://www.nuget.org/packages/Newtonsoft.Json.Bson
unknown
http://software.es.net/iperf/
unknown
https://www.netspotapp.com/help/troubleshooting-download-rate/
unknown
There are 66 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.netspotapp.com
66.135.20.63
updates.netspotapp.com
66.135.20.63

IPs

IP
Domain
Country
Malicious
66.135.20.63
www.netspotapp.com
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.netspu
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetSpotSurveyUniversalProject
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetSpotSurveyUniversalProject\Shell\Open\Command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetSpotSurveyUniversalProject\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.netspp
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetSpotPredictiveUniversalProject
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetSpotPredictiveUniversalProject\Shell\Open\Command
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetSpotPredictiveUniversalProject\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.netspw
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetSpotLegacySurveyProject
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NetSpotLegacySurveyProject\DefaultIcon
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
Inno Setup: Setup Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
Inno Setup: App Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
Inno Setup: Icon Group
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
Inno Setup: User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
Inno Setup: Selected Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
Inno Setup: Deselected Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
Inno Setup: Language
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
DisplayIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
QuietUninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
MajorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
MinorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetSpot_is1
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetSpot_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\{20123844-321D-49D2-A1A0-42F129618965}
InternalParams
HKEY_CURRENT_USER\SOFTWARE\{20123844-321D-49D2-A1A0-42F129618965}
InternalParams
HKEY_CURRENT_USER\SOFTWARE\{20123844-321D-49D2-A1A0-42F129618965}
InternalParams
HKEY_CURRENT_USER\SOFTWARE\{20123844-321D-49D2-A1A0-42F129618965}
InternalParams
There are 46 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
257DC8F0000
unkown
page readonly
A15000
heap
page read and write
6C5000
unkown
page write copy
257DCF4C000
heap
page read and write
257E6950000
trusted library allocation
page read and write
257E50B3000
heap
page read and write
257E6DE0000
trusted library allocation
page read and write
374E000
direct allocation
page read and write
257DDE4A000
heap
page read and write
257DD813000
heap
page read and write
CBA000
direct allocation
page read and write
257DDE3E000
heap
page read and write
257E71D0000
trusted library allocation
page read and write
257DCE12000
unkown
page readonly
7FF4BADF8000
trusted library allocation
page readonly
7FF4BADE4000
trusted library allocation
page readonly
257DDBAF000
heap
page read and write
257DD13D000
heap
page read and write
34F0000
direct allocation
page read and write
77E000
stack
page read and write
3901000
heap
page read and write
257C4170000
heap
page read and write
257C4AB5000
trusted library allocation
page read and write
257D447B000
trusted library allocation
page read and write
257DF050000
trusted library allocation
page read and write
257DF010000
trusted library allocation
page read and write
A23000
heap
page read and write
257E7110000
trusted library allocation
page read and write
7FFD9BB60000
trusted library allocation
page read and write
A80000
heap
page read and write
257C2370000
unkown
page readonly
5074000
heap
page read and write
257E5C37000
heap
page read and write
9DE000
stack
page read and write
257DDE03000
heap
page read and write
7FFDEFDF0000
unkown
page readonly
7FFDF01C0000
unkown
page read and write
257C23B8000
unkown
page readonly
257DDE16000
heap
page read and write
257C28C2000
unkown
page readonly
257DCE66000
unkown
page readonly
257C2600000
heap
page read and write
257E69B0000
trusted library allocation
page read and write
257C40E6000
unkown
page readonly
257DF4F2000
unkown
page readonly
A00000
heap
page read and write
257E529F000
heap
page read and write
257E71A0000
trusted library allocation
page read and write
A8C000
heap
page read and write
7FFD9BE92000
trusted library allocation
page read and write
257C27A0000
heap
page read and write
257DD209000
heap
page read and write
257E543D000
heap
page read and write
257DD120000
heap
page read and write
A55000
heap
page read and write
7FFD9BC50000
trusted library allocation
page read and write
257DDC13000
heap
page read and write
7FFD9B9DB000
trusted library allocation
page execute and read and write
257C40C2000
unkown
page readonly
257DD5B9000
heap
page read and write
257DF080000
trusted library allocation
page read and write
8B325B4000
stack
page read and write
7FFD9BC10000
trusted library allocation
page read and write
257DDC6E000
heap
page read and write
257DC8A2000
unkown
page readonly
7FFD9BBE7000
trusted library allocation
page read and write
257DD4AA000
heap
page read and write
50E1000
heap
page read and write
257DD4CA000
heap
page read and write
7FFD9BDF0000
trusted library allocation
page execute and read and write
257DDE2E000
heap
page read and write
257DF0B2000
trusted library allocation
page read and write
257DDBEC000
heap
page read and write
257C5338000
trusted library allocation
page read and write
7FFDF01C4000
unkown
page read and write
257DDE12000
heap
page read and write
257DDE84000
heap
page read and write
257DC902000
unkown
page readonly
A39000
heap
page read and write
257DD7EE000
heap
page read and write
5075000
heap
page read and write
257DDE68000
heap
page read and write
288D000
direct allocation
page read and write
257DC8A0000
unkown
page readonly
730000
heap
page read and write
7FFD9BE3E000
trusted library allocation
page read and write
257E5973000
heap
page read and write
7FFD9B9BD000
trusted library allocation
page execute and read and write
257E5C10000
heap
page read and write
5062000
heap
page read and write
257DDE46000
heap
page read and write
2CF0000
trusted library allocation
page read and write
4B7000
unkown
page write copy
257E5D0D000
heap
page read and write
257E50BA000
heap
page read and write
257E6DA0000
trusted library allocation
page read and write
257DDBEA000
heap
page read and write
257E6920000
trusted library allocation
page read and write
257DDFAA000
heap
page read and write
3728000
direct allocation
page read and write
257E5C54000
heap
page read and write
257DDDD9000
heap
page read and write
257E5D03000
heap
page read and write
8B3193E000
stack
page read and write
257DCCB0000
unkown
page readonly
257DC8D0000
unkown
page readonly
257DDCD1000
heap
page read and write
257E6D30000
trusted library allocation
page read and write
257C40D0000
unkown
page readonly
6D4000
unkown
page read and write
257E7100000
trusted library allocation
page read and write
257DDBE8000
heap
page read and write
257DE130000
heap
page read and write
A92000
heap
page read and write
257DE162000
heap
page read and write
B10000
heap
page read and write
7FFD9BEA0000
trusted library allocation
page read and write
257E5CFD000
heap
page read and write
257E6DB0000
trusted library allocation
page read and write
7FF4BAE13000
trusted library allocation
page execute read
C8D000
direct allocation
page read and write
257DDE28000
heap
page read and write
257DDA49000
heap
page read and write
257DCF86000
heap
page read and write
257C4180000
unkown
page readonly
257DDB70000
heap
page read and write
257DC210000
trusted library allocation
page read and write
257E5C9F000
heap
page read and write
257C28D0000
unkown
page readonly
7FF4BAE00000
trusted library allocation
page readonly
7FF4BADEF000
trusted library allocation
page execute read
257C26E0000
trusted library allocation
page read and write
7FFD9BC70000
trusted library allocation
page read and write
CA4000
direct allocation
page read and write
257DD42F000
heap
page read and write
A84000
heap
page read and write
610000
heap
page read and write
257C505C000
trusted library allocation
page read and write
7FFD9BA66000
trusted library allocation
page read and write
CAB000
direct allocation
page read and write
7FF4BAE18000
trusted library allocation
page readonly
D0A000
direct allocation
page read and write
257D41E1000
trusted library allocation
page read and write
7FF4BAE20000
trusted library allocation
page execute and read and write
257DDE1C000
heap
page read and write
257E783B000
heap
page read and write
401000
unkown
page execute read
A82000
heap
page read and write
8B32FBB000
stack
page read and write
257E5BD1000
heap
page read and write
7FF4BAE01000
trusted library allocation
page execute read
257DCF8B000
heap
page read and write
257DDFDD000
heap
page read and write
6C5000
unkown
page read and write
257DD0B4000
heap
page read and write
7FFD9BBAD000
trusted library allocation
page read and write
257DD7EC000
heap
page read and write
7FFD9BBC0000
trusted library allocation
page read and write
7FFD9BBB0000
trusted library allocation
page read and write
A1F000
heap
page read and write
6DC000
unkown
page readonly
257DE2B3000
heap
page read and write
7FF4BADC0000
trusted library allocation
page readonly
257DC8FD000
unkown
page readonly
257C25E6000
heap
page read and write
2746000
direct allocation
page read and write
257DDE8D000
heap
page read and write
7FF4BADC1000
trusted library allocation
page execute read
A3B000
heap
page read and write
8B3223A000
stack
page read and write
7FFD9BC90000
trusted library allocation
page read and write
257DF79F000
unkown
page readonly
257DCF20000
heap
page read and write
257E53EE000
heap
page read and write
8B32039000
stack
page read and write
257C4150000
heap
page execute and read and write
257E6930000
trusted library allocation
page read and write
368E000
stack
page read and write
257DDA3A000
heap
page read and write
257DDB57000
heap
page read and write
7FFD9BCE0000
trusted library allocation
page read and write
257DD4B6000
heap
page read and write
257C25CA000
heap
page read and write
257E5B1C000
heap
page read and write
257DDA42000
heap
page read and write
7FFD9BE50000
trusted library allocation
page read and write
A2E000
heap
page read and write
D18000
direct allocation
page read and write
257DDC1E000
heap
page read and write
257E5024000
heap
page read and write
7FFD9BCA0000
trusted library allocation
page read and write
257E53A1000
heap
page read and write
257E70F0000
trusted library allocation
page read and write
37C3000
direct allocation
page read and write
257C2470000
heap
page read and write
6DE000
unkown
page readonly
257E6A30000
trusted library allocation
page read and write
D11000
direct allocation
page read and write
257DC973000
heap
page execute and read and write
D59000
heap
page read and write
257DCF8D000
heap
page read and write
257C40B2000
unkown
page readonly
2778000
direct allocation
page read and write
257E6CD0000
trusted library allocation
page read and write
257E5D4C000
heap
page read and write
257DF070000
trusted library allocation
page read and write
A33000
heap
page read and write
400000
unkown
page readonly
C7C000
direct allocation
page read and write
7FFD9BBC2000
trusted library allocation
page read and write
7FFD9BE40000
trusted library allocation
page read and write
3799000
direct allocation
page read and write
257E52FF000
heap
page read and write
3880000
heap
page read and write
257DD09B000
heap
page read and write
2771000
direct allocation
page read and write
2379000
direct allocation
page read and write
257DE700000
trusted library allocation
page read and write
257DC970000
heap
page execute and read and write
7FFD9BCB0000
trusted library allocation
page read and write
5060000
heap
page read and write
A40000
heap
page read and write
257C28E0000
heap
page read and write
7FFD9B9B0000
trusted library allocation
page read and write
7FFD9BBF5000
trusted library allocation
page read and write
257E545F000
heap
page read and write
257DCF3C000
heap
page read and write
257DE3BC000
heap
page read and write
257E6A40000
trusted library allocation
page read and write
257DE4B0000
trusted library allocation
page read and write
257C4146000
unkown
page readonly
257C4102000
unkown
page readonly
6C7000
unkown
page read and write
257E71B0000
trusted library allocation
page read and write
257DD4D5000
heap
page read and write
257E5B7F000
heap
page read and write
275C000
direct allocation
page read and write
257DD0CD000
heap
page read and write
7FF4BADD3000
trusted library allocation
page execute read
257E5C3A000
heap
page read and write
257C4140000
unkown
page readonly
257E5C6C000
heap
page read and write
257DC932000
unkown
page readonly
820000
heap
page read and write
257DE4E2000
unkown
page readonly
7FFD9B9D0000
trusted library allocation
page read and write
7FFD9BA60000
trusted library allocation
page read and write
7FF4BADD2000
trusted library allocation
page readonly
3901000
heap
page read and write
257DF040000
trusted library allocation
page read and write
27E3000
heap
page read and write
257C4797000
trusted library allocation
page read and write
257DD3F9000
heap
page read and write
257DDDEE000
heap
page read and write
257DD9FD000
heap
page read and write
7FFD9BBA0000
trusted library allocation
page read and write
7FF4BADCD000
trusted library allocation
page execute read
257E5D13000
heap
page read and write
257DDBF1000
heap
page read and write
7FFD9BE00000
trusted library allocation
page read and write
257DE4D0000
trusted library allocation
page read and write
257DF020000
trusted library allocation
page read and write
26F0000
direct allocation
page execute and read and write
257DD04C000
heap
page read and write
800000
heap
page read and write
8B31BFD000
stack
page read and write
257DD717000
heap
page read and write
5C00000
heap
page read and write
7FFD9BDB0000
trusted library allocation
page read and write
7FFD9BA0C000
trusted library allocation
page execute and read and write
373A000
direct allocation
page read and write
23A1000
direct allocation
page read and write
257DDB61000
heap
page read and write
828000
heap
page read and write
8B32BBB000
stack
page read and write
257DC930000
unkown
page readonly
274D000
direct allocation
page read and write
257DD614000
heap
page read and write
3789000
direct allocation
page read and write
7FF4BADD9000
trusted library allocation
page execute read
5060000
heap
page read and write
257D4226000
trusted library allocation
page read and write
7FFD9BC00000
trusted library allocation
page read and write
257E4D45000
trusted library allocation
page read and write
257DD0D6000
heap
page read and write
257C27AB000
heap
page read and write
257DCE20000
unkown
page readonly
257DE58E000
unkown
page readonly
257C25EA000
heap
page read and write
9E8000
heap
page read and write
7FFD9BA6C000
trusted library allocation
page execute and read and write
257DDD64000
heap
page read and write
7FFE10230000
unkown
page readonly
2754000
direct allocation
page read and write
7FFD9BBF2000
trusted library allocation
page read and write
7FFD9BE10000
trusted library allocation
page read and write
257E15AE000
unkown
page readonly
257DCFF1000
heap
page read and write
7FFD9BB70000
trusted library allocation
page read and write
7FFDF01B5000
unkown
page read and write
257E6940000
trusted library allocation
page read and write
7FFD9BDD0000
trusted library allocation
page read and write
271F000
direct allocation
page read and write
257E5D51000
heap
page read and write
257DCADA000
heap
page read and write
4B7000
unkown
page read and write
257E5C5A000
heap
page read and write
8B327BB000
stack
page read and write
257E6D60000
trusted library allocation
page read and write
257DEFA0000
trusted library allocation
page read and write
257DF0BC000
trusted library allocation
page read and write
8B31AFE000
stack
page read and write
C86000
direct allocation
page read and write
257E5BC3000
heap
page read and write
257E6D90000
trusted library allocation
page read and write
257E59D0000
heap
page read and write
257C5929000
trusted library allocation
page read and write
257DD0DA000
heap
page read and write
7FFD9BC30000
trusted library allocation
page read and write
257E5C1D000
heap
page read and write
7FF4BADE1000
trusted library allocation
page execute read
7FF4BADE6000
trusted library allocation
page readonly
3640000
direct allocation
page read and write
8B328BB000
stack
page read and write
257DCEE0000
trusted library section
page read and write
7FF4BADDC000
trusted library allocation
page readonly
23B8000
direct allocation
page read and write
257E6980000
trusted library allocation
page read and write
257DD86C000
heap
page read and write
BE0000
direct allocation
page read and write
3901000
heap
page read and write
257C5799000
trusted library allocation
page read and write
257E5240000
heap
page read and write
257E6CC0000
trusted library allocation
page read and write
257DDA92000
heap
page read and write
257E5D49000
heap
page read and write
2763000
direct allocation
page read and write
22EB000
direct allocation
page read and write
257E5C58000
heap
page read and write
37BB000
direct allocation
page read and write
257E6D10000
trusted library allocation
page read and write
257E5940000
heap
page read and write
257DE1B7000
heap
page read and write
257DD9A2000
heap
page read and write
257DD0E8000
heap
page read and write
257E5C08000
heap
page read and write
257DCE22000
unkown
page readonly
257D4383000
trusted library allocation
page read and write
7FE39000
direct allocation
page read and write
257E5CDD000
heap
page read and write
257DE337000
heap
page read and write
257DDF03000
heap
page read and write
377A000
direct allocation
page read and write
37A1000
direct allocation
page read and write
83A000
heap
page read and write
257DCF40000
heap
page read and write
257DDB7E000
heap
page read and write
7FFD9BD20000
trusted library allocation
page read and write
A3F000
heap
page read and write
257DDF30000
heap
page read and write
257DDE50000
heap
page read and write
257DCFEC000
heap
page read and write
257DD7DC000
heap
page read and write
D50000
heap
page read and write
7FFD9BC73000
trusted library allocation
page read and write
37D9000
direct allocation
page read and write
257DDCA8000
heap
page read and write
2780000
direct allocation
page read and write
A09000
heap
page read and write
257DE020000
heap
page read and write
376E000
direct allocation
page read and write
7FF4BADC6000
trusted library allocation
page readonly
257E5C56000
heap
page read and write
7FF4BADE7000
trusted library allocation
page execute read
257C40F3000
heap
page read and write
257E52A4000
heap
page read and write
257C40CA000
unkown
page readonly
7FFD9BE20000
trusted library allocation
page read and write
7FFD9BBF0000
trusted library allocation
page read and write
257E5CDB000
heap
page read and write
257DDBA1000
heap
page read and write
257C28DC000
unkown
page readonly
257E6D50000
trusted library allocation
page read and write
2CB0000
heap
page read and write
2640000
direct allocation
page read and write
257DD8E8000
heap
page read and write
5ADF000
stack
page read and write
23A8000
direct allocation
page read and write
257DDD8D000
heap
page read and write
257E5CEF000
heap
page read and write
257C2372000
unkown
page readonly
7FFD9BE70000
trusted library allocation
page execute and read and write
257DD7F7000
heap
page read and write
257E5D11000
heap
page read and write
257DDCC5000
heap
page read and write
257E4D60000
trusted library allocation
page read and write
257DDD80000
heap
page read and write
257E5E52000
heap
page read and write
380B000
direct allocation
page read and write
6CF000
unkown
page read and write
7C0000
heap
page read and write
257E7150000
trusted library allocation
page read and write
19D000
stack
page read and write
257E4D40000
trusted library allocation
page read and write
257E5192000
heap
page read and write
22C5000
direct allocation
page read and write
CF4000
direct allocation
page read and write
257E7130000
trusted library allocation
page read and write
7FFDEFDF1000
unkown
page execute read
257DCD52000
unkown
page readonly
A2D000
heap
page read and write
257C25C0000
heap
page read and write
257DD56D000
heap
page read and write
257E4EC0000
heap
page read and write
257DE470000
trusted library allocation
page read and write
273F000
direct allocation
page read and write
7FF4BAE14000
trusted library allocation
page readonly
7FFE1025F000
unkown
page readonly
257DDC0B000
heap
page read and write
7FFD9BE3B000
trusted library allocation
page read and write
7FF4BADC4000
trusted library allocation
page readonly
7FF4BADE0000
trusted library allocation
page readonly
A8C000
heap
page read and write
7FFD9BE80000
trusted library allocation
page read and write
257DDBA7000
heap
page read and write
257DD808000
heap
page read and write
23DC000
direct allocation
page read and write
257DD123000
heap
page read and write
8B31C3F000
stack
page read and write
239A000
direct allocation
page read and write
257DCF10000
trusted library allocation
page read and write
257DDFD5000
heap
page read and write
257DDCF2000
heap
page read and write
7FF4BADDD000
trusted library allocation
page execute read
5075000
heap
page read and write
257E5F1B000
heap
page read and write
257DDCB5000
heap
page read and write
7FB30000
direct allocation
page read and write
9B000
stack
page read and write
257DDCE9000
heap
page read and write
7FF4BADCC000
trusted library allocation
page readonly
257DDDE0000
heap
page read and write
7FFE1025D000
unkown
page read and write
257C2700000
trusted library allocation
page read and write
D40000
heap
page read and write
257C5336000
trusted library allocation
page read and write
4F0000
heap
page read and write
257C40D2000
unkown
page readonly
4C4000
unkown
page readonly
257DE710000
trusted library section
page readonly
7FFD9B9CD000
trusted library allocation
page execute and read and write
257DD7F9000
heap
page read and write
257C4142000
unkown
page readonly
257E6910000
trusted library allocation
page read and write
257E5CED000
heap
page read and write
7FFE10231000
unkown
page execute read
34F0000
heap
page read and write
257DDBCF000
heap
page read and write
257C2627000
heap
page read and write
257DDE26000
heap
page read and write
7FFD9B9D4000
trusted library allocation
page read and write
257DDCAE000
heap
page read and write
257DDE3C000
heap
page read and write
257E71C0000
trusted library allocation
page read and write
257DDC51000
heap
page read and write
A40000
heap
page read and write
7FF4BAE0D000
trusted library allocation
page execute read
BDF000
stack
page read and write
7FFD9BD00000
trusted library allocation
page read and write
257C41D0000
heap
page execute and read and write
257C4DDA000
trusted library allocation
page read and write
5060000
heap
page read and write
257C4AB9000
trusted library allocation
page read and write
257C4092000
unkown
page readonly
A04000
heap
page read and write
7FF4BAE12000
trusted library allocation
page readonly
257C4AA8000
trusted library allocation
page read and write
A84000
heap
page read and write
50E0000
heap
page read and write
7FFDF01B8000
unkown
page write copy
257E5CE5000
heap
page read and write
7FFD9BB50000
trusted library allocation
page read and write
805000
heap
page read and write
CD8000
direct allocation
page read and write
257E544B000
heap
page read and write
257DD8F4000
heap
page read and write
257DDC3F000
heap
page read and write
257E5B20000
heap
page read and write
257DCD50000
unkown
page readonly
257DD473000
heap
page read and write
257E5CD2000
heap
page read and write
257DDC5D000
heap
page read and write
257E5304000
heap
page read and write
257DE408000
heap
page read and write
257DDDB0000
heap
page read and write
37E7000
direct allocation
page read and write
37EE000
direct allocation
page read and write
7FFDF00AC000
unkown
page readonly
257E5D0B000
heap
page read and write
CB2000
direct allocation
page read and write
257C25A0000
heap
page read and write
257C41E1000
trusted library allocation
page read and write
257DE6F0000
trusted library allocation
page read and write
3812000
direct allocation
page read and write
401000
unkown
page execute read
7FF4BADEA000
trusted library allocation
page readonly
7FFD9BA96000
trusted library allocation
page execute and read and write
257E4F75000
heap
page read and write
7FF4BADD1000
trusted library allocation
page execute read
257E5D7D000
heap
page read and write
A40000
heap
page read and write
257DF094000
trusted library allocation
page read and write
257DD6C8000
heap
page read and write
7FF4BADE5000
trusted library allocation
page execute read
257E4FDA000
heap
page read and write
37FD000
direct allocation
page read and write
257DD854000
heap
page read and write
7FFD9BBED000
trusted library allocation
page read and write
6CC000
unkown
page read and write
C51000
direct allocation
page read and write
7BE000
stack
page read and write
7FFD9BBF8000
trusted library allocation
page read and write
7FF4BADC3000
trusted library allocation
page execute read
257E7170000
trusted library allocation
page read and write
257DDE56000
heap
page read and write
257DE348000
heap
page read and write
257DD7C8000
heap
page read and write
257DDBF3000
heap
page read and write
257DF78B000
unkown
page readonly
257E69C0000
trusted library allocation
page read and write
37BD000
direct allocation
page read and write
22D4000
direct allocation
page read and write
257DDC7E000
heap
page read and write
7FFD9BBE0000
trusted library allocation
page read and write
257DDC63000
heap
page read and write
257E4F3A000
heap
page read and write
257DCD4A000
unkown
page readonly
7FFD9BDBE000
trusted library allocation
page read and write
7FF4BADD0000
trusted library allocation
page readonly
257E5253000
heap
page read and write
257C2760000
heap
page read and write
257DD220000
heap
page read and write
7FFDF0193000
unkown
page write copy
9FC000
heap
page read and write
257E5BF4000
heap
page read and write
257DDE14000
heap
page read and write
7FF4BADFB000
trusted library allocation
page execute read
257DDC79000
heap
page read and write
257DDA3F000
heap
page read and write
7FFD9BA70000
trusted library allocation
page execute and read and write
257E5D09000
heap
page read and write
3804000
direct allocation
page read and write
22E4000
direct allocation
page read and write
22C0000
direct allocation
page read and write
257E5301000
heap
page read and write
3578000
direct allocation
page read and write
257D42BA000
trusted library allocation
page read and write
257DD9B5000
heap
page read and write
7FF4BADFA000
trusted library allocation
page readonly
257DD7FB000
heap
page read and write
A45000
heap
page read and write
4C0000
unkown
page read and write
257DD560000
heap
page read and write
257C25E0000
heap
page read and write
257C25A6000
heap
page read and write
7FF4BADFE000
trusted library allocation
page readonly
257DCA70000
heap
page read and write
7FFD9BBD0000
trusted library allocation
page execute and read and write
2780000
direct allocation
page read and write
257E6CE0000
trusted library allocation
page read and write
7FFD9BB91000
trusted library allocation
page read and write
257C4182000
unkown
page readonly
257DD442000
heap
page read and write
257C40C0000
unkown
page readonly
22F9000
direct allocation
page read and write
257E69A0000
trusted library allocation
page read and write
CFC000
direct allocation
page read and write
257C409E000
unkown
page readonly
5BDF000
stack
page read and write
23E3000
direct allocation
page read and write
4FE0000
heap
page read and write
7FFDF0197000
unkown
page read and write
257DD6D1000
heap
page read and write
257DE386000
heap
page read and write
257C262B000
heap
page read and write
257C4100000
unkown
page readonly
7FFD9BC60000
trusted library allocation
page read and write
257E6D00000
trusted library allocation
page read and write
7FFD9BAD0000
trusted library allocation
page execute and read and write
257DD806000
heap
page read and write
257DD7FF000
heap
page read and write
A1F000
heap
page read and write
257DDBF7000
heap
page read and write
257DD6AD000
heap
page read and write
257DE0CB000
heap
page read and write
C62000
direct allocation
page read and write
257E69E0000
trusted library allocation
page read and write
257DCFE2000
heap
page read and write
257DF4F0000
unkown
page readonly
5060000
heap
page read and write
73F000
stack
page read and write
257DDE38000
heap
page read and write
257E50E2000
heap
page read and write
381C000
direct allocation
page read and write
36F6000
direct allocation
page read and write
257DD46D000
heap
page read and write
7FFD9BBEA000
trusted library allocation
page read and write
257E7120000
trusted library allocation
page read and write
27E0000
heap
page read and write
257C2647000
heap
page read and write
257DDB52000
heap
page read and write
A39000
heap
page read and write
257DF7AE000
unkown
page readonly
22F2000
direct allocation
page read and write
257C5DBE000
trusted library allocation
page read and write
C70000
direct allocation
page read and write
7FF4BADC5000
trusted library allocation
page execute read
257E5D1A000
heap
page read and write
257DCB5F000
heap
page read and write
6D7000
unkown
page write copy
257DF030000
trusted library allocation
page read and write
257DC8BB000
unkown
page readonly
257C28C0000
unkown
page readonly
257E5BFC000
heap
page read and write
257E6A60000
heap
page read and write
257DDE48000
heap
page read and write
7FF4BADF9000
trusted library allocation
page execute read
7FF4BAE0A000
trusted library allocation
page readonly
257E5BE2000
heap
page read and write
77E000
stack
page read and write
257C579B000
trusted library allocation
page read and write
257C50FE000
trusted library allocation
page read and write
257C2713000
trusted library allocation
page read and write
257E7830000
heap
page read and write
A9E000
heap
page read and write
257C25F6000
heap
page read and write
400000
unkown
page readonly
257DD6C1000
heap
page read and write
257DD61A000
heap
page read and write
257DD7AA000
heap
page read and write
257E5CE3000
heap
page read and write
257DDBB4000
heap
page read and write
5060000
heap
page read and write
257DF7A9000
unkown
page readonly
4C6000
unkown
page readonly
22CD000
direct allocation
page read and write
257DDBB7000
heap
page read and write
37C7000
direct allocation
page read and write
C7F000
direct allocation
page read and write
23F1000
direct allocation
page read and write
7FFD9BC40000
trusted library allocation
page read and write
257DDCCD000
heap
page read and write
257DD420000
heap
page read and write
257DD71B000
heap
page read and write
257C27B7000
heap
page read and write
257DD7B2000
heap
page read and write
257E501F000
heap
page read and write
257C4134000
unkown
page readonly
9E0000
heap
page read and write
8B326BE000
stack
page read and write
257E6970000
trusted library allocation
page read and write
257DE241000
heap
page read and write
7FFD9BC62000
trusted library allocation
page read and write
716000
unkown
page readonly
7FFD9BCC6000
trusted library allocation
page read and write
257C26A0000
heap
page read and write
257DDDF4000
heap
page read and write
7FF4BADF3000
trusted library allocation
page execute read
257C25DE000
heap
page read and write
257DDE3A000
heap
page read and write
257DDE9C000
heap
page read and write
257E5CCE000
heap
page read and write
257DDE65000
heap
page read and write
257DD4C8000
heap
page read and write
23BF000
direct allocation
page read and write
7FFD9BE60000
trusted library allocation
page read and write
CE6000
direct allocation
page read and write
257DDE52000
heap
page read and write
276A000
direct allocation
page read and write
257DD4BB000
heap
page read and write
257E54F9000
heap
page read and write
C94000
direct allocation
page read and write
7FFDF01BE000
unkown
page read and write
257C4F0C000
trusted library allocation
page read and write
A1E000
stack
page read and write
257E4D48000
trusted library allocation
page read and write
2780000
direct allocation
page read and write
8B32EBA000
stack
page read and write
257DDC53000
heap
page read and write
257C50C4000
trusted library allocation
page read and write
7FFD9B9C3000
trusted library allocation
page read and write
257DDA7E000
heap
page read and write
8B32ABF000
stack
page read and write
7FFD9BDC0000
trusted library allocation
page execute and read and write
257DDE30000
heap
page read and write
257DDBFE000
heap
page read and write
257E4D4F000
trusted library allocation
page read and write
257C28E5000
heap
page read and write
A9A000
heap
page read and write
257DDE42000
heap
page read and write
257DCF38000
heap
page read and write
257E6CF0000
trusted library allocation
page read and write
257C2370000
unkown
page readonly
257E69D0000
trusted library allocation
page read and write
257DDE2C000
heap
page read and write
257E6D80000
trusted library allocation
page read and write
D03000
direct allocation
page read and write
257DDC5B000
heap
page read and write
7FF4BADC7000
trusted library allocation
page execute read
257C2570000
heap
page read and write
257C4D1B000
trusted library allocation
page read and write
8B3183F000
stack
page read and write
257E6960000
trusted library allocation
page read and write
257DDE1A000
heap
page read and write
7FFD9BD30000
trusted library allocation
page execute and read and write
257DE1F1000
heap
page read and write
7FFD9BC20000
trusted library allocation
page read and write
257DDC58000
heap
page read and write
4B9000
unkown
page read and write
257DDF0D000
heap
page read and write
257D4206000
trusted library allocation
page read and write
23C6000
direct allocation
page read and write
A0F000
heap
page read and write
2770000
heap
page read and write
257C4090000
unkown
page readonly
257E71E0000
trusted library allocation
page read and write
7FF4BADF2000
trusted library allocation
page readonly
7FF4BAE0C000
trusted library allocation
page readonly
7FF4BAE19000
trusted library allocation
page execute read
7FFD9BEC0000
trusted library allocation
page read and write
36CE000
stack
page read and write
7FFE1024F000
unkown
page readonly
34F0000
direct allocation
page read and write
257E5441000
heap
page read and write
51E0000
direct allocation
page read and write
257DDC71000
heap
page read and write
257E4E5D000
heap
page read and write
257DDBBE000
heap
page read and write
257DC8D2000
unkown
page readonly
257E5C9A000
heap
page read and write
7FFD9B9B4000
trusted library allocation
page read and write
257E7140000
trusted library allocation
page read and write
257C40F0000
heap
page read and write
630000
heap
page read and write
3721000
direct allocation
page read and write
257E0BAE000
unkown
page readonly
257E5CF1000
heap
page read and write
7FF4BAE05000
trusted library allocation
page execute read
8B324BE000
stack
page read and write
257DDD32000
heap
page read and write
7FF4BAE0B000
trusted library allocation
page execute read
257E4DB0000
heap
page read and write
7FFD9BD10000
trusted library allocation
page read and write
257E6D70000
trusted library allocation
page read and write
257DDC20000
heap
page read and write
C69000
direct allocation
page read and write
257E5CE1000
heap
page read and write
257E5C8E000
heap
page read and write
257C28D2000
unkown
page readonly
257E5BAB000
heap
page read and write
257DE4E0000
unkown
page readonly
23CD000
direct allocation
page read and write
257C4AB1000
trusted library allocation
page read and write
7FFDF01C9000
unkown
page readonly
257E5B41000
heap
page read and write
257DDC15000
heap
page read and write
257E4DE1000
heap
page read and write
7FFD9BC80000
trusted library allocation
page read and write
7FF4BADC2000
trusted library allocation
page readonly
358B000
direct allocation
page read and write
257C25AC000
heap
page read and write
23D4000
direct allocation
page read and write
257C2550000
heap
page read and write
7FFD9BBFB000
trusted library allocation
page read and write
23EA000
direct allocation
page read and write
7FF4BADEE000
trusted library allocation
page readonly
7FF4BAE11000
trusted library allocation
page execute read
8B315B3000
stack
page read and write
257DD710000
heap
page read and write
257E5394000
heap
page read and write
8B3213B000
stack
page read and write
257DDD7E000
heap
page read and write
7FFD9B9B3000
trusted library allocation
page execute and read and write
257E6D20000
trusted library allocation
page read and write
257E50DC000
heap
page read and write
3901000
heap
page read and write
7FFD9BBB8000
trusted library allocation
page read and write
7FF4BADEB000
trusted library allocation
page execute read
257DC8F2000
unkown
page readonly
257C2750000
heap
page read and write
257E6DC0000
trusted library allocation
page read and write
257C5013000
trusted library allocation
page read and write
257E5981000
heap
page read and write
257E6DD0000
trusted library allocation
page read and write
7FF4BADC8000
trusted library allocation
page readonly
257C2710000
trusted library allocation
page read and write
7FFD9BB80000
trusted library allocation
page read and write
257DE0FE000
heap
page read and write
A13000
heap
page read and write
7FFD9BE58000
trusted library allocation
page read and write
7FF4BADFF000
trusted library allocation
page execute read
D55000
heap
page read and write
7FFD9BCF0000
trusted library allocation
page execute and read and write
7FFD9B9C0000
trusted library allocation
page read and write
37F5000
direct allocation
page read and write
257DD485000
heap
page read and write
23F8000
direct allocation
page read and write
257DDC55000
heap
page read and write
A39000
heap
page read and write
3581000
direct allocation
page read and write
7FFD9BDE0000
trusted library allocation
page read and write
257DDE81000
heap
page read and write
257DD7FD000
heap
page read and write
257DD2D9000
heap
page read and write
257DF060000
trusted library allocation
page read and write
22DC000
direct allocation
page read and write
60E000
stack
page read and write
257DDBE6000
heap
page read and write
7FFD9BE30000
trusted library allocation
page read and write
3731000
direct allocation
page read and write
257E6D40000
trusted library allocation
page read and write
257E01AE000
unkown
page readonly
18C000
stack
page read and write
257E5C4E000
heap
page read and write
257E6A50000
trusted library allocation
page read and write
7FFD9BBFE000
trusted library allocation
page read and write
257DCAFF000
heap
page read and write
7FFD9BCD0000
trusted library allocation
page read and write
257DD820000
heap
page read and write
7FFDF0198000
unkown
page write copy
4C2000
unkown
page write copy
257E5295000
heap
page read and write
7FF4BADD8000
trusted library allocation
page readonly
7FFD9BCC0000
trusted library allocation
page read and write
7FFD9BEB0000
trusted library allocation
page read and write
375E000
direct allocation
page read and write
359D000
direct allocation
page read and write
A97000
heap
page read and write
93000
stack
page read and write
257E4E59000
heap
page read and write
257DE480000
trusted library allocation
page read and write
257C40B0000
unkown
page readonly
257DCCB2000
unkown
page readonly
257E5C4B000
heap
page read and write
257E5D72000
heap
page read and write
257DDE8F000
heap
page read and write
7FF4BADC9000
trusted library allocation
page execute read
257C2755000
heap
page read and write
257E5018000
heap
page read and write
257DDF4B000
heap
page read and write
257E5CDF000
heap
page read and write
7FF4BAE15000
trusted library allocation
page execute read
374A000
direct allocation
page read and write
257E5175000
heap
page read and write
2738000
direct allocation
page read and write
257DD051000
heap
page read and write
257DDB2C000
heap
page read and write
3901000
heap
page read and write
There are 848 hidden memdumps, click here to show them.