IOC Report
PumpBotPremium.msi

loading gif

Files

File Path
Type
Category
Malicious
PumpBotPremium.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {7FFEF896-5843-4272-ACBA-A4977C267D92}, Number of Words: 2, Subject: PumpBotPremium, Author: Coinsw.app, Name of Creating Application: PumpBotPremium, Template: ;1033, Comments: This installer database contains the logic and data required to install PumpBotPremium., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Mar 5 02:13:07 2024, Number of Pages: 200
initial sample
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\BlockchainConnector.exe
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_Salsa20.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_raw_aes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_raw_aesni.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_raw_cbc.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_raw_cfb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_raw_ctr.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_raw_ecb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_raw_eksblowfish.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_raw_ocb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Cipher\_raw_ofb.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Hash\_BLAKE2s.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Hash\_MD5.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Hash\_SHA1.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Hash\_SHA256.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Hash\_ghash_clmul.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Hash\_ghash_portable.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Protocol\_scrypt.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Util\_cpuid_c.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\Crypto\Util\_strxor.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\PIL\_imaging.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\PIL\_imagingcms.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\PIL\_imagingft.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\PIL\_webp.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\PyQt5\QtCore.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\PyQt5\QtGui.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\PyQt5\QtWidgets.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\PyQt5\sip.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_brotli.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_bz2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_cffi_backend.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_ctypes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_decimal.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_elementtree.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_hashlib.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_lzma.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_queue.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_socket.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_sqlite3.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_ssl.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\_tkinter.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\charset_normalizer\md.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\charset_normalizer\md__mypyc.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\cryptography\hazmat\bindings\_rust.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\cv2\cv2.pyd
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\cv2\opencv_videoio_ffmpeg490_64.dll
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\libcrypto-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\libssl-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\.libs\libopenblas.EL2C6PLE4ZYW3ECEVIV3OXXGRN2NRFM2.gfortran-win_amd64.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\core\_multiarray_tests.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\core\_multiarray_umath.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\fft\_pocketfft_internal.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\linalg\_umath_linalg.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\random\_bounded_integers.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\random\_common.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\random\_generator.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\random\_mt19937.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\random\_pcg64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\random\_philox.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\random\_sfc64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\random\bit_generator.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\numpy\random\mtrand.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\psutil\_psutil_windows.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\pyexpat.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\python3.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\python310.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\pythoncom310.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\pywintypes310.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\select.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\sqlite3.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\tcl86t.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\tk86t.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\unicodedata.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\win32crypt.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\BlockchainConnector\BlockchainConnector.exe
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\aipackagechainer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI7B99.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI7BF7.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI7C27.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI7C48.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI7C87.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI7CB7.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\Installer\MSI8554.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Config.Msi\5c7179.rbs
data
dropped
C:\Config.Msi\5c717b.rbs
data
modified
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Autofills\Chrome_Default_AFILLS.txt
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Autofills\Edge_Default_AFILLS.txt
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Caches\Chrome_Default_Local State
JSON data
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Caches\Chrome_Default_afills.db
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Caches\Chrome_Default_cookies.db
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Caches\Chrome_Default_pass.db
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Caches\Edge_Default_Local State
JSON data
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Caches\Edge_Default_afills.db
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Caches\Edge_Default_pass.db
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Chrome_Default_PASS.txt
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Edge_Default_PASS.txt
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Infos\Running_Softwares.txt
Unicode text, UTF-8 text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\Xavier\Screenshot.png
PNG image data, 1280 x 1024, 8-bit/color RGB, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0qrgu5vq.u1l.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_en4screy.gl3.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ivhwg00s.d1k.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0mofyuw.m1b.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pkigec2k.hel.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1qambow.qiw.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_taia5r2k.wpj.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tzpwwpp3.yb1.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vtuhxin0.xow.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zbuebbkh.ghe.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\user_95030.zip
Zip archive data, at least v2.0 to extract, compression method=store
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\certifi\cacert.pem
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\concrt140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\libffi-7.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\msvcp140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\msvcp140_1.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\qt5core.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\qt5gui.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\qt5widgets.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\vcruntime140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\vcruntime140_1.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\aipackagechainer.ini
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\file_deleter.ps1
ASCII text, with CRLF line terminators
dropped
C:\Windows\Installer\5c7177.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {7FFEF896-5843-4272-ACBA-A4977C267D92}, Number of Words: 2, Subject: PumpBotPremium, Author: Coinsw.app, Name of Creating Application: PumpBotPremium, Template: ;1033, Comments: This installer database contains the logic and data required to install PumpBotPremium., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Mar 5 02:13:07 2024, Number of Pages: 200
dropped
C:\Windows\Installer\5c717a.msi
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {7FFEF896-5843-4272-ACBA-A4977C267D92}, Number of Words: 2, Subject: PumpBotPremium, Author: Coinsw.app, Name of Creating Application: PumpBotPremium, Template: ;1033, Comments: This installer database contains the logic and data required to install PumpBotPremium., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Mar 5 02:13:07 2024, Number of Pages: 200
dropped
C:\Windows\Installer\MSI7D93.tmp
data
dropped
C:\Windows\Installer\MSI8CB8.tmp
data
dropped
C:\Windows\Installer\SourceHash{26BCD435-D353-42A0-8C43-818FC0FA354F}
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Installer\inprogressinstallinfo.ipi
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07A7CCFBD28A674D95D3BF853C9007C6
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D97B1EC1F43DD6ED4FE7AB95E144BC_939EA6CA157B394821E4828989A41A02
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07A7CCFBD28A674D95D3BF853C9007C6
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A
data
dropped
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94D97B1EC1F43DD6ED4FE7AB95E144BC_939EA6CA157B394821E4828989A41A02
data
dropped
C:\Windows\SystemTemp\AI_D021.ps1
ASCII text, with CRLF line terminators
dropped
C:\Windows\Temp\~DF0D53DC9C7BBFC774.TMP
data
dropped
C:\Windows\Temp\~DF47F5555B91963625.TMP
data
dropped
C:\Windows\Temp\~DF50561FB6F2C930BB.TMP
data
dropped
C:\Windows\Temp\~DF5ABBBEBDCE86EACC.TMP
data
dropped
C:\Windows\Temp\~DF8CFE24CFB6B9F8D8.TMP
data
dropped
C:\Windows\Temp\~DF9E6F418B6A9C8200.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFA019D68DC125F497.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFA2D8E9CF71AD6417.TMP
data
dropped
C:\Windows\Temp\~DFB737F04A3758BF43.TMP
data
dropped
C:\Windows\Temp\~DFC308990B6750CFB8.TMP
data
dropped
C:\Windows\Temp\~DFD41682D5FD1F76DD.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFE626228802FF1ACE.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFF9A026285929888D.TMP
Composite Document File V2 Document, Cannot read section info
dropped
C:\Windows\Temp\~DFFB806C901D3CD508.TMP
Composite Document File V2 Document, Cannot read section info
dropped
There are 143 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\BlockchainConnector\BlockchainConnector.exe
"C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\BlockchainConnector\BlockchainConnector.exe" /s
 malicious
C:\Users\user\AppData\Local\Temp\onefile_7560_133747959131729392\BlockchainConnector.exe
"C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\BlockchainConnector\BlockchainConnector.exe" /s
 malicious
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\PumpBotPremium.msi"
C:\Windows\System32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B605B066270C5298BC361F916947E4D1
C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\aipackagechainer.exe
"C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\aipackagechainer.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -NonInteractive -NoLogo -ExecutionPolicy RemoteSigned -Command "C:\Windows\SystemTemp\AI_D021.ps1 -paths 'C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\file_deleter.ps1','C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium\prerequisites\aipackagechainer.exe','C:\Users\user\AppData\Roaming\Coinsw.app\PumpBotPremium','C:\Users\user\AppData\Roaming\Coinsw.app' -retry_count 10"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 8 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://www.tinyvago.com/pip/x/requirements.php
167.99.214.194
 malicious
https://onnx.ai/)
unknown
http://caffe.berkeleyvision.org/)
unknown
http://www.scipy.org/not/real/data.txt
unknown
https://github.com/opencv/opencv/issues/23152.
unknown
http://www.megginson.com/SAX/.
unknown
https://github.com/giampaolo/psutil/issues/875.
unknown
https://cloud.google.com/appengine/docs/standard/runtimes
unknown
http://torch.ch/)
unknown
https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp
unknown
https://web.archive.org/web/20170802060935/http://oss.sgi.com/projects/ogl-sample/registry/EXT/textu
unknown
https://github.com/opencv/opencv/issues/6293
unknown
https://github.com/opencv/opencv/issues/16739
unknown
http://goo.gl/zeJZl.
unknown
https://static.aminer.org/pdf/PDF/000/317/196/spatio_temporal_wiener_filtering_of_image_sequences_us
unknown
https://personal.math.ubc.ca/~cbm/aands/page_379.htm
unknown
https://github.com/torch/nn/blob/master/doc/module.md
unknown
https://streams.videolan.org/upload/
unknown
https://docs.python.org/X.Y/library/
unknown
https://docs.python.org/
unknown
https://nuget.org/nuget.exe
unknown
https://www.littlecms.com
unknown
https://tools.ietf.org/html/rfc3610
unknown
http://curl.haxx.se/rfc/cookie_spec.html
unknown
http://speleotrove.com/decimal/decarith.html
unknown
https://www.tensorflow.org/lite
unknown
http://www.gdal.org/ogr_formats.html).
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
http://arxiv.org/abs/1805.10941.
unknown
http://json.org
unknown
https://www.tensorflow.org/)
unknown
http://xml.python.org/entities/fragment-builder/internalz
unknown
http://httpbin.org/
unknown
http://docs.python.org/3/library/functools.html#functools.lru_cache.
unknown
https://exiv2.org/tags.html)
unknown
http://pesterbdd.com/images/Pester.png
unknown
http://mathworld.wolfram.com/NegativeBinomialDistribution.html
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://contoso.com/Icon
unknown
https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf
unknown
http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
unknown
https://httpbin.org/
unknown
https://numpy.org/doc/stable/reference/random/index.html
unknown
http://www.cl.cam.ac.uk/~mgk25/iso-time.html
unknown
http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html
unknown
https://github.com/pypa/packagingz
unknown
https://metacpan.org/pod/distribution/Math-Cephes/lib/Math/Cephes.pod#i0:-Modified-Bessel-function-o
unknown
https://github.com/Pester/Pester
unknown
https://github.com/numpy/numpy/issues/4763
unknown
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
unknown
http://mathworld.wolfram.com/CauchyDistribution.html
unknown
https://brew.sh
unknown
http://tools.ietf.org/html/rfc6125#section-6.4.3
unknown
http://schemas.xmlsoap.org/wsdl/
unknown
http://dashif.org/guidelines/trickmode
unknown
https://onnx.ai/
unknown
https://software.intel.com/openvino-toolkit)
unknown
http://caffe.berkeleyvision.org
unknown
https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-module
unknown
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
unknown
http://www.rfc-editor.org/info/rfc7253
unknown
https://github.com/pyca/cryptography/issues
unknown
https://web.archive.org/web/20080221202153/https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdf
unknown
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
unknown
https://mahler:8092/site-updates.py
unknown
https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:
unknown
https://optimized-einsum.readthedocs.io/en/stable/
unknown
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
unknown
https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
unknown
https://mouseinfo.readthedocs.io
unknown
https://www.cazabon.com
unknown
http://www.google.com/index.html
unknown
https://github.com/openvinotoolkit/open_model_zoo/blob/master/models/public/yolo-v2-tiny-tf/yolo-v2-
unknown
http://tip.tcl.tk/48)
unknown
https://github.com/python/cpython/blob/3.7/Objects/listsort.txt
unknown
http://pracrand.sourceforge.net/RNG_engines.txt
unknown
http://xml.org/sax/features/namespacesz.http://xml.org/sax/features/namespace-prefixesz
unknown
https://w3c.github.io/html/sec-forms.html#multipart-form-data
unknown
https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf
unknown
https://github.com/opencv/opencv/issues/21326
unknown
http://www.iana.org/time-zones/repository/tz-link.html
unknown
https://docs.python.org/%d.%d/libraryNrMc
unknown
http://www.ipol.im/pub/algo/bcm_non_local_means_denoising
unknown
https://www.openblas.net/
unknown
http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
unknown
https://www.python.org/
unknown
https://personal.math.ubc.ca/~cbm/aands/page_83.htm
unknown
https://www.python.org/dev/peps/pep-0205/
unknown
http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
unknown
https://arxiv.org/abs/1704.04503
unknown
https://twitter.com/
unknown
https://stackoverflow.com/questions/4457745#4457745.
unknown
https://code.google.com/archive/p/casadebender/wikis/Win32IconImagePlugin.wiki
unknown
http://www.ipol.im/pub/algo/bcm_non_local_means_denoising/
unknown
http://www.pcg-random.org/
unknown
https://github.com/opencv/opencv/issues/20833.
unknown
https://github.com/pydata/bottleneck
unknown
http://www.iana.org/assignments/character-sets
unknown
https://people.eecs.berkeley.edu/~wkahan/ieee754status/IEEE754.PDF
unknown
http://google.com/mail/
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
tinyvago.com
167.99.214.194
 malicious
www.tinyvago.com
unknown

IPs

IP
Domain
Country
Malicious
167.99.214.194
tinyvago.com
United States
malicious

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Config.Msi\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\5c7179.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\5c7179.rbsLow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DB5160969F7E384196453C013ED49E7
534DCB62353D0A24C83418F80CAF53F4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF6FB7155C13AEE499C3201A92F68FBE
534DCB62353D0A24C83418F80CAF53F4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B949A9FDB3C148A42A01073FFF5F9F01
534DCB62353D0A24C83418F80CAF53F4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\Coinsw.app\PumpBotPremium\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files (x86)\Coinsw.app\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Caphyon\Advanced Installer\Prereqs\{26BCD435-D353-42A0-8C43-818FC0FA354F}\1.0.0
BlockchainConnector
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Coinsw.app\PumpBotPremium
Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Coinsw.app\PumpBotPremium
Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
LocalPackage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
Language
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
AuthorizedCDFPrefix
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
Comments
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
Contact
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
HelpLink
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
HelpTelephone
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
InstallDate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
InstallSource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
ModifyPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
Publisher
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
Readme
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
Size
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
EstimatedSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
URLInfoAbout
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
URLUpdateInfo
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
VersionMajor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
VersionMinor
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
WindowsInstaller
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\8C1673E38C1729C409FF3D2BF8D10659
534DCB62353D0A24C83418F80CAF53F4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\InstallProperties
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26BCD435-D353-42A0-8C43-818FC0FA354F}
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\534DCB62353D0A24C83418F80CAF53F4
MainFeature
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\Features
MainFeature
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\534DCB62353D0A24C83418F80CAF53F4
BlockchainConnector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\Features
BlockchainConnector
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\534DCB62353D0A24C83418F80CAF53F4\Patches
AllPatches
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
Language
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
Assignment
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
AdvertiseFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
AuthorizedLUAApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
DeploymentFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\8C1673E38C1729C409FF3D2BF8D10659
534DCB62353D0A24C83418F80CAF53F4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4\SourceList
PackageName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4\SourceList\Net
1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4
Clients
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\534DCB62353D0A24C83418F80CAF53F4\SourceList
LastUsedSource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\5c717b.rbs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\5c717b.rbsLow
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
HKEY_USERS.DEFAULT\InterbootContext
NULL
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
TelemetrySalt
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\26\417C44EB
@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_USERS.DEFAULT\Software\Classes\Local Settings\MuiCache\26\417C44EB
@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
Blob
There are 83 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF7A34E8000
unkown
page readonly
 malicious
7FF7A3361000
unkown
page execute read
4E0F000
trusted library allocation
page read and write
78B3000
trusted library allocation
page read and write
7395000
heap
page read and write
4AD0000
trusted library allocation
page read and write
329D000
heap
page read and write
19A0C93C000
heap
page read and write
520C000
trusted library allocation
page read and write
28D4000
heap
page read and write
3289E0E000
stack
page read and write
19A0C230000
heap
page read and write
7B21000
heap
page read and write
5000000
heap
page execute and read and write
77EF000
heap
page read and write
2F0F000
unkown
page read and write
5556000
trusted library allocation
page read and write
19A0C8D3000
heap
page read and write
7FF664771000
unkown
page readonly
335A000
heap
page read and write
30E0000
trusted library allocation
page execute and read and write
3320000
heap
page read and write
5311000
trusted library allocation
page read and write
19A0D68F000
heap
page read and write
4B7D000
trusted library allocation
page execute and read and write
7A50000
trusted library allocation
page read and write
5C01000
trusted library allocation
page read and write
4AB2000
trusted library allocation
page read and write
92A4000
trusted library allocation
page read and write
76F0000
trusted library allocation
page read and write
742D000
heap
page read and write
19A0D68F000
heap
page read and write
7406000
heap
page read and write
7A60000
trusted library allocation
page read and write
9A73000
trusted library allocation
page read and write
CB0000
heap
page read and write
7700000
trusted library allocation
page read and write
19A0C630000
direct allocation
page read and write
80C9000
trusted library allocation
page read and write
511A000
trusted library allocation
page read and write
5466000
trusted library allocation
page read and write
760D000
stack
page read and write
5485000
trusted library allocation
page read and write
19A09F7A000
heap
page read and write
2D9C000
stack
page read and write
7DD9000
trusted library allocation
page read and write
77B0000
trusted library allocation
page read and write
7DF0000
heap
page read and write
4BA5000
trusted library allocation
page execute and read and write
508E000
stack
page read and write
4C70000
heap
page read and write
4A90000
trusted library allocation
page read and write
719D000
stack
page read and write
78E2000
heap
page read and write
4B90000
heap
page read and write
7813000
heap
page read and write
7FF665186000
unkown
page readonly
19A09FCF000
heap
page read and write
5512000
trusted library allocation
page read and write
19A0D655000
heap
page read and write
8486000
heap
page read and write
72FD000
stack
page read and write
9280000
trusted library allocation
page read and write
82D0000
heap
page read and write
4BA2000
trusted library allocation
page read and write
51E3000
trusted library allocation
page read and write
77D0000
heap
page read and write
739F000
stack
page read and write
19A0C236000
heap
page read and write
77F9000
heap
page read and write
2DE3000
trusted library allocation
page execute and read and write
77ED000
heap
page read and write
6DFD000
stack
page read and write
7639000
trusted library allocation
page read and write
8463000
heap
page read and write
19A0D733000
heap
page read and write
2D35000
heap
page read and write
7AE1000
trusted library allocation
page read and write
7699000
heap
page read and write
76E0000
heap
page read and write
50E0000
heap
page execute and read and write
4B90000
trusted library allocation
page read and write
7ACD000
stack
page read and write
2D6000
unkown
page write copy
2A80000
heap
page read and write
D25000
heap
page read and write
75EC000
heap
page read and write
4650000
heap
page read and write
4B9A000
trusted library allocation
page execute and read and write
6CFE000
stack
page read and write
19A0BED4000
heap
page read and write
6F0B000
stack
page read and write
770E000
stack
page read and write
22D767AA000
heap
page read and write
19A0C2F1000
heap
page read and write
19A0CD30000
direct allocation
page read and write
19A0BF30000
direct allocation
page read and write
7D90000
trusted library allocation
page execute and read and write
7B20000
trusted library allocation
page read and write
9284000
trusted library allocation
page read and write
19A0C9A0000
heap
page read and write
899D000
stack
page read and write
19A0D745000
heap
page read and write
7880000
trusted library allocation
page execute and read and write
22D768CE000
heap
page read and write
76CE000
stack
page read and write
774C000
heap
page read and write
2C98000
heap
page read and write
75D4000
heap
page read and write
19A0D5A3000
heap
page read and write
7940000
trusted library allocation
page read and write
7A90000
trusted library allocation
page read and write
51F1000
trusted library allocation
page read and write
4EB3000
trusted library allocation
page read and write
19A0C274000
heap
page read and write
19A14548000
direct allocation
page read and write
3330000
heap
page read and write
7368000
heap
page read and write
5005000
trusted library allocation
page read and write
7811000
heap
page read and write
78CC000
heap
page read and write
19A0CB64000
heap
page read and write
7820000
trusted library allocation
page execute and read and write
7491000
heap
page read and write
19A14051000
heap
page read and write
73C0000
heap
page read and write
501D000
trusted library allocation
page read and write
79C0000
trusted library allocation
page read and write
4B60000
trusted library allocation
page read and write
6119000
trusted library allocation
page read and write
7B15000
heap
page read and write
5035000
trusted library allocation
page read and write
93D000
stack
page read and write
4A70000
trusted library allocation
page read and write
5579000
trusted library allocation
page read and write
73B9000
heap
page read and write
74C0000
trusted library allocation
page read and write
73B7000
stack
page read and write
4C63000
trusted library allocation
page read and write
3130000
heap
page read and write
774D000
stack
page read and write
6FE0000
heap
page execute and read and write
7766000
trusted library allocation
page read and write
D29000
heap
page read and write
706E000
stack
page read and write
55C5000
trusted library allocation
page read and write
19A0D765000
heap
page read and write
2B9C000
heap
page read and write
89DD000
stack
page read and write
78A8000
heap
page read and write
7CB0000
trusted library allocation
page read and write
4B50000
trusted library section
page read and write
758E000
stack
page read and write
22D76753000
heap
page read and write
D25000
heap
page read and write
4CBE000
stack
page read and write
75A0000
heap
page execute and read and write
71CF000
stack
page read and write
558F000
trusted library allocation
page read and write
5191000
trusted library allocation
page read and write
19A0C243000
heap
page read and write
2DD9000
stack
page read and write
7A70000
trusted library allocation
page read and write
4A80000
trusted library allocation
page read and write
210609B0000
heap
page read and write
7BF7000
trusted library allocation
page read and write
2F40000
heap
page read and write
31DC000
heap
page read and write
47F0000
trusted library allocation
page read and write
5260000
trusted library allocation
page read and write
22D76A1F000
heap
page read and write
5CC9000
trusted library allocation
page read and write
33A6000
heap
page read and write
7860000
heap
page read and write
2D08000
heap
page read and write
22D78875000
heap
page read and write
75D0000
trusted library allocation
page read and write
19A09FCF000
heap
page read and write
22D76913000
heap
page read and write
19A14284000
direct allocation
page read and write
4BEE000
stack
page read and write
3286556000
stack
page read and write
19A0D446000
heap
page read and write
CD0000
heap
page read and write
2D90000
heap
page read and write
4A8D000
trusted library allocation
page execute and read and write
72E0000
heap
page read and write
7AB0000
trusted library allocation
page execute and read and write
7E05000
trusted library allocation
page read and write
9275000
trusted library allocation
page read and write
B00000
heap
page read and write
49E8000
trusted library allocation
page read and write
3150000
heap
page read and write
4FCA000
trusted library allocation
page read and write
19A0C280000
heap
page read and write
4A40000
heap
page read and write
3110000
heap
page read and write
863E000
stack
page read and write
19A144C8000
direct allocation
page read and write
19A14370000
trusted library allocation
page read and write
210000
unkown
page readonly
50D2000
trusted library allocation
page read and write
19A14490000
direct allocation
page read and write
74A3000
heap
page read and write
5E49000
trusted library allocation
page read and write
22D767DB000
heap
page read and write
30FE000
stack
page read and write
7425000
heap
page read and write
741E000
stack
page read and write
4B70000
trusted library allocation
page read and write
74D1000
heap
page read and write
19A0BE63000
heap
page read and write
7BD0000
trusted library allocation
page execute and read and write
211000
unkown
page execute read
2BEE000
heap
page read and write
6EAC000
stack
page read and write
7FF66476D000
unkown
page readonly
3310000
trusted library section
page read and write
2DF0000
heap
page read and write
19A0D699000
heap
page read and write
2DB0000
trusted library section
page read and write
7760000
trusted library allocation
page execute and read and write
D4E000
heap
page read and write
19A0C3F4000
heap
page read and write
33DD000
heap
page read and write
7818000
heap
page read and write
2F8E000
stack
page read and write
51BB000
trusted library allocation
page read and write
3366000
heap
page read and write
8489000
heap
page read and write
7DFC000
heap
page read and write
3244000
heap
page read and write
19A0CAF2000
heap
page read and write
315E000
stack
page read and write
19A0D6BF000
heap
page read and write
73AE000
heap
page read and write
78C0000
trusted library allocation
page read and write
47B9000
trusted library allocation
page read and write
75B0000
heap
page read and write
7700000
heap
page read and write
87DE000
stack
page read and write
766E000
stack
page read and write
7830000
trusted library allocation
page read and write
5031000
trusted library allocation
page read and write
319E000
unkown
page read and write
73C0000
heap
page read and write
4AE0000
heap
page read and write
7652000
heap
page read and write
702E000
stack
page read and write
AFA000
stack
page read and write
22D78CC1000
heap
page read and write
19A0D397000
heap
page read and write
9B0000
heap
page read and write
7AFE000
stack
page read and write
7770000
trusted library allocation
page read and write
8422000
heap
page read and write
754E000
stack
page read and write
19A0BE7D000
heap
page read and write
517F000
trusted library allocation
page read and write
7A60000
trusted library allocation
page read and write
32CA000
heap
page read and write
19A0CB58000
heap
page read and write
3020000
trusted library allocation
page read and write
7B10000
trusted library allocation
page read and write
8370000
heap
page read and write
D47000
heap
page read and write
19A0D3B7000
heap
page read and write
22D7897F000
heap
page read and write
19A0D394000
heap
page read and write
730A000
heap
page read and write
19A09F8E000
heap
page read and write
3039000
trusted library allocation
page read and write
4F7E000
stack
page read and write
732A000
heap
page read and write
47AD000
trusted library allocation
page execute and read and write
5220000
trusted library allocation
page read and write
19A141B0000
direct allocation
page read and write
7C6D000
stack
page read and write
4A83000
trusted library allocation
page execute and read and write
2F48000
heap
page read and write
19A0C9A0000
heap
page read and write
19A0D6BF000
heap
page read and write
7CD0000
heap
page read and write
2B2A000
heap
page read and write
19A0D670000
heap
page read and write
19A0D9F0000
direct allocation
page read and write
4A84000
trusted library allocation
page read and write
7851000
heap
page read and write
47D0000
trusted library allocation
page read and write
19A144A0000
direct allocation
page read and write
4F3C000
stack
page read and write
462E000
stack
page read and write
70CD000
stack
page read and write
7FF7A3389000
unkown
page readonly
4DFE000
stack
page read and write
317D000
trusted library allocation
page read and write
7960000
trusted library allocation
page read and write
6FAB000
stack
page read and write
4FA2000
trusted library allocation
page read and write
7C20000
trusted library allocation
page execute and read and write
338F000
stack
page read and write
3155000
heap
page read and write
19A09FCF000
heap
page read and write
4B40000
trusted library section
page read and write
324E000
heap
page read and write
7FF7A1560000
unkown
page readonly
7D6E000
stack
page read and write
6E9E000
stack
page read and write
3030000
trusted library allocation
page read and write
75CE000
stack
page read and write
19A0D39F000
heap
page read and write
8240000
trusted library allocation
page read and write
3250000
heap
page read and write
7780000
trusted library allocation
page read and write
54E4000
trusted library allocation
page read and write
7FF667986000
unkown
page readonly
7970000
trusted library allocation
page read and write
7DD0000
trusted library allocation
page read and write
7A30000
trusted library allocation
page read and write
786D000
stack
page read and write
19A0D1B0000
heap
page read and write
19A09F78000
heap
page read and write
19A0A145000
heap
page read and write
74A0000
trusted library allocation
page read and write
3100000
trusted library allocation
page read and write
6DEF000
stack
page read and write
19A0D676000
heap
page read and write
328949E000
stack
page read and write
19A0BECD000
heap
page read and write
7910000
trusted library allocation
page read and write
71DB000
stack
page read and write
50B9000
trusted library allocation
page read and write
19A0D675000
heap
page read and write
741A000
stack
page read and write
50D5000
heap
page execute and read and write
4A60000
trusted library section
page read and write
6D67000
stack
page read and write
2D60000
heap
page read and write
743E000
heap
page read and write
740C000
heap
page read and write
2DE0000
trusted library allocation
page read and write
79D0000
trusted library allocation
page read and write
739B000
heap
page read and write
731B000
stack
page read and write
4A80000
trusted library allocation
page read and write
78B8000
heap
page read and write
77E0000
trusted library allocation
page read and write
73C3000
heap
page read and write
77AE000
heap
page read and write
7440000
heap
page read and write
7630000
trusted library allocation
page read and write
19A0D3A9000
heap
page read and write
7420000
heap
page read and write
19A14380000
direct allocation
page read and write
4F77000
trusted library allocation
page read and write
869D000
stack
page read and write
19A14298000
direct allocation
page read and write
92AA000
trusted library allocation
page read and write
4DBE000
stack
page read and write
4C0E000
stack
page read and write
19A0C246000
heap
page read and write
846E000
heap
page read and write
4C01000
trusted library allocation
page read and write
8075000
trusted library allocation
page read and write
19A0C130000
direct allocation
page read and write
5256000
trusted library allocation
page read and write
7410000
trusted library allocation
page read and write
7BBF000
stack
page read and write
19A0D68F000
heap
page read and write
70AE000
stack
page read and write
5262000
trusted library allocation
page read and write
50CF000
stack
page read and write
927A000
trusted library allocation
page read and write
71F1000
heap
page read and write
B90000
heap
page read and write
19A0D679000
heap
page read and write
4C60000
trusted library allocation
page execute and read and write
6E5E000
stack
page read and write
724E000
stack
page read and write
5545000
trusted library allocation
page read and write
7450000
heap
page execute and read and write
733A000
stack
page read and write
19A0D733000
heap
page read and write
3052000
trusted library allocation
page read and write
19A0CB6D000
heap
page read and write
19A0BE7F000
heap
page read and write
77D5000
heap
page read and write
19A0C9A0000
heap
page read and write
55A1000
trusted library allocation
page read and write
7FF7A2961000
unkown
page execute read
19A0BE30000
heap
page read and write
22D76A0D000
heap
page read and write
928C000
trusted library allocation
page read and write
5C09000
trusted library allocation
page read and write
5254000
trusted library allocation
page read and write
19A0D64F000
heap
page read and write
4DCE000
trusted library allocation
page read and write
5228000
trusted library allocation
page read and write
7FF666F86000
unkown
page readonly
61FA000
trusted library allocation
page read and write
7664000
heap
page read and write
7B00000
trusted library allocation
page read and write
AA4E38D000
stack
page read and write
7950000
trusted library allocation
page read and write
766C000
stack
page read and write
4E46000
trusted library allocation
page read and write
4FC9000
trusted library allocation
page read and write
7980000
trusted library allocation
page read and write
7760000
trusted library allocation
page read and write
6F4E000
stack
page read and write
2B08000
heap
page read and write
77A3000
heap
page read and write
7841000
trusted library allocation
page read and write
4A90000
heap
page execute and read and write
19A0D74D000
heap
page read and write
4E35000
trusted library allocation
page read and write
72BE000
stack
page read and write
7930000
trusted library allocation
page read and write
7B3F000
stack
page read and write
8220000
trusted library allocation
page execute and read and write
739E000
stack
page read and write
2C0D000
unkown
page read and write
73A0000
trusted library allocation
page read and write
22D76A52000
heap
page read and write
782F000
heap
page read and write
78D0000
trusted library allocation
page execute and read and write
7500000
trusted library allocation
page read and write
889D000
stack
page read and write
19A0D6BF000
heap
page read and write
743A000
stack
page read and write
C70000
heap
page read and write
2F30000
trusted library section
page read and write
19A14360000
trusted library allocation
page read and write
6D201000
unkown
page execute read
702E000
stack
page read and write
19A09F91000
heap
page read and write
22D7684C000
heap
page read and write
3160000
trusted library allocation
page read and write
71AD000
stack
page read and write
55AC000
trusted library allocation
page read and write
19A0D584000
heap
page read and write
5471000
trusted library allocation
page read and write
5548000
trusted library allocation
page read and write
77C1000
heap
page read and write
7810000
trusted library allocation
page read and write
22D76901000
heap
page read and write
19A0BE5C000
heap
page read and write
7970000
heap
page read and write
7A8E000
stack
page read and write
6EEDB000
unkown
page readonly
2FE0000
heap
page read and write
19A0D0B0000
direct allocation
page read and write
6EE9000
stack
page read and write
999000
stack
page read and write
48BF000
stack
page read and write
19A144FC000
direct allocation
page read and write
6D200000
unkown
page readonly
D3B000
heap
page read and write
845A000
heap
page read and write
4C7C000
stack
page read and write
7449000
heap
page read and write
22D768DF000
heap
page read and write
19A0C938000
heap
page read and write
806F000
stack
page read and write
5005000
heap
page execute and read and write
19A0C830000
heap
page read and write
22D76A30000
heap
page read and write
50AF000
trusted library allocation
page read and write
19A14578000
direct allocation
page read and write
50F1000
trusted library allocation
page read and write
2FCF000
stack
page read and write
47D2000
trusted library allocation
page read and write
7FF66476C000
unkown
page write copy
7B13000
trusted library allocation
page read and write
4AB0000
trusted library allocation
page read and write
3055000
trusted library allocation
page execute and read and write
2DEF000
unkown
page read and write
7470000
trusted library allocation
page read and write
768D000
stack
page read and write
4BAE000
stack
page read and write
7430000
trusted library allocation
page read and write
2DE000
unkown
page readonly
789000
stack
page read and write
5259000
trusted library allocation
page read and write
2B90000
heap
page read and write
79F0000
trusted library allocation
page read and write
6DBE000
stack
page read and write
70EE000
stack
page read and write
54E6000
trusted library allocation
page read and write
19A0D765000
heap
page read and write
19A0D395000
heap
page read and write
710D000
stack
page read and write
708B000
stack
page read and write
22D76743000
heap
page read and write
4E03000
trusted library allocation
page read and write
19A0D701000
heap
page read and write
19A0D419000
heap
page read and write
50EB000
trusted library allocation
page read and write
3040000
trusted library allocation
page read and write
7850000
trusted library allocation
page read and write
7FF664750000
unkown
page readonly
30F0000
heap
page read and write
7640000
trusted library allocation
page execute and read and write
19A0D2DB000
heap
page read and write
7B7D000
stack
page read and write
8A1E000
stack
page read and write
4F80000
trusted library allocation
page read and write
76F0000
heap
page read and write
7DE0000
heap
page read and write
7DD1000
trusted library allocation
page read and write
7C00000
trusted library allocation
page read and write
720E000
stack
page read and write
50AD000
trusted library allocation
page read and write
19A14EC0000
heap
page read and write
76D0000
trusted library allocation
page read and write
927D000
trusted library allocation
page read and write
19A09F7C000
heap
page read and write
75C0000
trusted library allocation
page execute and read and write
74C000
stack
page read and write
19A0C9E2000
heap
page read and write
7D79000
trusted library allocation
page read and write
7BD0000
heap
page read and write
4EA4000
trusted library allocation
page read and write
21060A80000
heap
page read and write
4AA0000
trusted library allocation
page read and write
5271000
trusted library allocation
page read and write
7714000
heap
page read and write
7D70000
trusted library allocation
page read and write
77F1000
trusted library allocation
page read and write
19A0D485000
heap
page read and write
7AF5000
trusted library allocation
page read and write
19A0D74D000
heap
page read and write
19A0C530000
direct allocation
page read and write
8FC000
stack
page read and write
9B25000
trusted library allocation
page read and write
19A0D698000
heap
page read and write
7AF8000
heap
page read and write
86DE000
stack
page read and write
4E82000
trusted library allocation
page read and write
5339000
trusted library allocation
page read and write
7AC0000
heap
page read and write
45B0000
trusted library allocation
page read and write
7A81000
trusted library allocation
page read and write
45A9000
trusted library allocation
page read and write
54E0000
trusted library allocation
page read and write
5457000
trusted library allocation
page read and write
7859000
trusted library allocation
page read and write
6FE5000
heap
page execute and read and write
7A80000
trusted library allocation
page read and write
871E000
stack
page read and write
75E0000
trusted library allocation
page read and write
7FF666586000
unkown
page readonly
48F0000
heap
page read and write
19A14520000
direct allocation
page read and write
78C2000
heap
page read and write
7BBD000
stack
page read and write
50BE000
stack
page read and write
4E20000
trusted library allocation
page read and write
7FF7A337E000
unkown
page write copy
19A09FD8000
heap
page read and write
77D6000
heap
page read and write
4CA1000
trusted library allocation
page read and write
D22000
heap
page read and write
19A14AF7000
heap
page read and write
47D5000
trusted library allocation
page execute and read and write
7AE0000
trusted library allocation
page execute and read and write
6E3D000
stack
page read and write
7E05000
heap
page read and write
6DAE000
stack
page read and write
7FE0000
trusted library allocation
page read and write
2FF0000
heap
page read and write
509A000
trusted library allocation
page read and write
95C000
stack
page read and write
7FF665B86000
unkown
page readonly
762F000
stack
page read and write
82CE000
stack
page read and write
A00000
heap
page read and write
3135000
heap
page read and write
2F7D000
stack
page read and write
770C000
heap
page read and write
875F000
stack
page read and write
7FF7A1560000
unkown
page readonly
19A09F7B000
heap
page read and write
19A09FB8000
heap
page read and write
2CBA000
heap
page read and write
19A0BC30000
direct allocation
page read and write
9FE000
stack
page read and write
5199000
trusted library allocation
page read and write
19A0A020000
heap
page read and write
47B0000
trusted library allocation
page read and write
716E000
stack
page read and write
7FF664786000
unkown
page readonly
19A1455C000
direct allocation
page read and write
7890000
trusted library allocation
page read and write
6EECB000
unkown
page write copy
3288000
heap
page read and write
49E0000
trusted library allocation
page read and write
78C8000
heap
page read and write
19A0D26A000
heap
page read and write
33B2000
heap
page read and write
2DED000
trusted library allocation
page execute and read and write
19A0CA36000
heap
page read and write
7A4E000
stack
page read and write
5592000
trusted library allocation
page read and write
71FD000
stack
page read and write
B8E000
stack
page read and write
7DA0000
heap
page read and write
891E000
stack
page read and write
B4E000
stack
page read and write
7480000
trusted library allocation
page read and write
538A000
trusted library allocation
page read and write
7610000
trusted library allocation
page read and write
76E0000
trusted library allocation
page read and write
4C2E000
stack
page read and write
EFE000
stack
page read and write
3050000
trusted library allocation
page read and write
76EE000
stack
page read and write
5554000
trusted library allocation
page read and write
4B98000
heap
page read and write
30BE000
stack
page read and write
7669000
heap
page read and write
80A0000
trusted library allocation
page read and write
4E21000
trusted library allocation
page read and write
7AB0000
trusted library allocation
page read and write
2DE000
unkown
page readonly
765F000
heap
page read and write
74B5000
heap
page read and write
19A0C237000
heap
page read and write
46FD000
stack
page read and write
19A0D66F000
heap
page read and write
7CAF000
stack
page read and write
551A000
trusted library allocation
page read and write
FFE000
stack
page read and write
19A0D2BD000
heap
page read and write
4C4E000
stack
page read and write
7D2E000
stack
page read and write
7FF664783000
unkown
page write copy
19A0CB64000
heap
page read and write
73E1000
heap
page read and write
92A7000
trusted library allocation
page read and write
775C000
heap
page read and write
6C7D000
stack
page read and write
7490000
trusted library allocation
page read and write
8380000
heap
page read and write
7D80000
trusted library allocation
page read and write
72F9000
heap
page read and write
515E000
stack
page read and write
7659000
heap
page read and write
4B89000
trusted library allocation
page read and write
7CE1000
trusted library allocation
page read and write
7452000
heap
page read and write
22D76A75000
heap
page read and write
3070000
trusted library allocation
page read and write
795F000
stack
page read and write
21060AA0000
heap
page read and write
8090000
heap
page read and write
47A3000
trusted library allocation
page execute and read and write
50C7000
trusted library allocation
page read and write
741F000
heap
page read and write
30C0000
heap
page execute and read and write
6CBE000
stack
page read and write
7750000
trusted library allocation
page read and write
7FF7A33C9000
unkown
page readonly
4EB3000
trusted library allocation
page read and write
80D0000
trusted library allocation
page read and write
19A0D37E000
heap
page read and write
78A0000
trusted library allocation
page read and write
210607CB000
heap
page read and write
7DE0000
trusted library allocation
page execute and read and write
22D78981000
heap
page read and write
4D1C000
trusted library allocation
page read and write
54F3000
trusted library allocation
page read and write
712E000
stack
page read and write
210000
unkown
page readonly
19A09FD2000
heap
page read and write
CD5000
heap
page read and write
47A4000
trusted library allocation
page read and write
19A0C245000
heap
page read and write
7900000
heap
page execute and read and write
19A0D3AE000
heap
page read and write
4E3D000
trusted library allocation
page read and write
74B0000
trusted library allocation
page read and write
D4E000
heap
page read and write
509C000
trusted library allocation
page read and write
22D7697B000
heap
page read and write
70AC000
stack
page read and write
7730000
trusted library allocation
page read and write
4BB0000
heap
page read and write
71F0000
heap
page read and write
4F8F000
trusted library allocation
page read and write
77F0000
trusted library allocation
page read and write
74AE000
heap
page read and write
74B2000
heap
page read and write
6E6B000
stack
page read and write
833E000
stack
page read and write
79A0000
trusted library allocation
page read and write
7435000
heap
page read and write
78B0000
trusted library allocation
page read and write
72BE000
stack
page read and write
4858000
trusted library allocation
page read and write
19A0BD30000
direct allocation
page read and write
841F000
heap
page read and write
55BC000
trusted library allocation
page read and write
3338000
heap
page read and write
706F000
stack
page read and write
54F5000
trusted library allocation
page read and write
7FF664751000
unkown
page execute read
304A000
trusted library allocation
page execute and read and write
802E000
stack
page read and write
75E4000
heap
page read and write
2E3E000
stack
page read and write
19A09FB9000
heap
page read and write
19A0CB5C000
heap
page read and write
5D0A000
trusted library allocation
page read and write
9A90000
trusted library allocation
page read and write
3117000
heap
page read and write
19A0D745000
heap
page read and write
8A61000
trusted library allocation
page read and write
19A0D722000
heap
page read and write
5E8C000
trusted library allocation
page read and write
6EEDA000
unkown
page read and write
2CDB000
stack
page read and write
4DC4000
trusted library allocation
page read and write
19A09FDB000
heap
page read and write
32D6000
heap
page read and write
3050000
heap
page read and write
3023000
trusted library allocation
page execute and read and write
19A0D650000
heap
page read and write
5300000
trusted library allocation
page read and write
3326000
heap
page read and write
79A000
stack
page read and write
31DD000
unkown
page read and write
83CD000
heap
page read and write
49DE000
stack
page read and write
45C0000
trusted library allocation
page read and write
47A0000
trusted library allocation
page read and write
4AE8000
heap
page read and write
88DC000
stack
page read and write
483E000
stack
page read and write
7FF7A1561000
unkown
page execute read
22D7574D000
heap
page read and write
80C0000
trusted library allocation
page read and write
7443000
heap
page read and write
735E000
stack
page read and write
31B8000
heap
page read and write
77A0000
trusted library allocation
page read and write
7420000
trusted library allocation
page execute and read and write
22D76A42000
heap
page read and write
4D3F000
stack
page read and write
4DB3000
trusted library allocation
page read and write
7DC1000
trusted library allocation
page read and write
55BA000
trusted library allocation
page read and write
19A0C8AF000
heap
page read and write
85FE000
stack
page read and write
5091000
trusted library allocation
page read and write
3010000
trusted library allocation
page read and write
19A0C247000
heap
page read and write
5584000
trusted library allocation
page read and write
77D8000
heap
page read and write
7397000
heap
page read and write
2ACE000
unkown
page read and write
50A5000
trusted library allocation
page read and write
80B1000
trusted library allocation
page read and write
19A14528000
direct allocation
page read and write
2CC7000
heap
page read and write
31B0000
heap
page read and write
5598000
trusted library allocation
page read and write
4B60000
heap
page readonly
7597000
stack
page read and write
74D0000
trusted library allocation
page read and write
2C90000
heap
page read and write
3286EDD000
stack
page read and write
4A7E000
stack
page read and write
4C90000
heap
page execute and read and write
505D000
stack
page read and write
19A14508000
direct allocation
page read and write
19A0D279000
heap
page read and write
4790000
trusted library allocation
page read and write
4B6E000
stack
page read and write
19A0D40B000
heap
page read and write
615B000
trusted library allocation
page read and write
A00000
heap
page read and write
712D000
stack
page read and write
2B00000
heap
page read and write
19A0DBE0000
direct allocation
page read and write
19A0C2DC000
heap
page read and write
8230000
trusted library allocation
page read and write
4850000
trusted library allocation
page read and write
19A0D3B1000
heap
page read and write
19A14580000
direct allocation
page read and write
768E000
stack
page read and write
7446000
heap
page read and write
7439000
heap
page read and write
7800000
trusted library allocation
page read and write
45BA000
trusted library allocation
page execute and read and write
4B1E000
stack
page read and write
4B73000
trusted library allocation
page execute and read and write
77EA000
heap
page read and write
4A99000
trusted library allocation
page read and write
5C6A000
trusted library allocation
page read and write
19A0CE60000
direct allocation
page read and write
328784E000
stack
page read and write
73C8000
heap
page read and write
21060A70000
heap
page read and write
D08000
heap
page read and write
4870000
heap
page execute and read and write
19A13F40000
direct allocation
page read and write
7BC0000
trusted library allocation
page read and write
4FC8000
trusted library allocation
page read and write
76AE000
stack
page read and write
79E0000
trusted library allocation
page read and write
518F000
trusted library allocation
page read and write
762E000
stack
page read and write
938000
stack
page read and write
74AC000
heap
page read and write
19A0D426000
heap
page read and write
738E000
heap
page read and write
75C4000
heap
page read and write
7830000
trusted library allocation
page read and write
D29000
heap
page read and write
6D30000
heap
page execute and read and write
3130000
heap
page read and write
2CE9000
stack
page read and write
22D7614D000
heap
page read and write
74E0000
trusted library allocation
page read and write
527B000
trusted library allocation
page read and write
19A13E40000
direct allocation
page read and write
85BE000
stack
page read and write
7180000
heap
page read and write
19A0C281000
heap
page read and write
7AF0000
heap
page read and write
727E000
stack
page read and write
782E000
stack
page read and write
3024000
trusted library allocation
page read and write
6D2D000
stack
page read and write
73DE000
stack
page read and write
4DEE000
trusted library allocation
page read and write
2AD0000
heap
page read and write
2AE000
unkown
page readonly
19A0D749000
heap
page read and write
519B000
trusted library allocation
page read and write
77D0000
trusted library allocation
page read and write
6F6D000
stack
page read and write
D00000
heap
page read and write
2B8E000
unkown
page read and write
828E000
stack
page read and write
737C000
stack
page read and write
6EF0000
heap
page read and write
19A14570000
direct allocation
page read and write
2D41000
heap
page read and write
45C5000
trusted library allocation
page execute and read and write
45E0000
trusted library allocation
page read and write
5188000
heap
page read and write
4FDE000
stack
page read and write
79B0000
trusted library allocation
page read and write
704D000
stack
page read and write
6D7D000
stack
page read and write
6E601000
unkown
page execute read
328A77E000
stack
page read and write
7FF7A1F61000
unkown
page execute read
7FF7A34E2000
unkown
page write copy
19A0A040000
heap
page read and write
321E000
stack
page read and write
733E000
stack
page read and write
32881BE000
stack
page read and write
7990000
trusted library allocation
page read and write
22D7696A000
heap
page read and write
74F0000
trusted library allocation
page read and write
73F7000
heap
page read and write
4BC0000
trusted library allocation
page read and write
4E10000
heap
page read and write
5E21000
trusted library allocation
page read and write
2C4E000
stack
page read and write
2FE6000
heap
page read and write
22D7699D000
heap
page read and write
5524000
trusted library allocation
page read and write
72E9000
heap
page read and write
7DB0000
trusted library allocation
page read and write
31E9000
heap
page read and write
74B9000
heap
page read and write
19A0D749000
heap
page read and write
5180000
heap
page read and write
19A0D65B000
heap
page read and write
879E000
stack
page read and write
2D6000
unkown
page read and write
61B9000
trusted library allocation
page read and write
19A0BE61000
heap
page read and write
75EE000
stack
page read and write
791E000
stack
page read and write
9A83000
trusted library allocation
page read and write
22D77E75000
heap
page read and write
19A0D65B000
heap
page read and write
4E1F000
trusted library allocation
page read and write
929E000
trusted library allocation
page read and write
47C0000
trusted library allocation
page read and write
19A0CAB0000
heap
page read and write
22D769FD000
heap
page read and write
4E16000
trusted library allocation
page read and write
60F1000
trusted library allocation
page read and write
210607C0000
heap
page read and write
22D768F1000
heap
page read and write
22D767BB000
heap
page read and write
7790000
trusted library allocation
page read and write
7AA0000
trusted library allocation
page read and write
7883000
heap
page read and write
77FD000
heap
page read and write
342C000
heap
page read and write
7BC0000
trusted library allocation
page read and write
6F070000
unkown
page readonly
4B78000
trusted library allocation
page read and write
6F8E000
stack
page read and write
19A0D1F8000
heap
page read and write
19A0D401000
heap
page read and write
28D0000
heap
page read and write
4BA0000
trusted library allocation
page execute and read and write
2F10000
heap
page read and write
19A0D3A0000
heap
page read and write
5510000
trusted library allocation
page read and write
6FCC000
stack
page read and write
2FE0000
heap
page read and write
76CF000
stack
page read and write
2DAE000
unkown
page read and write
7D6E000
stack
page read and write
D41000
heap
page read and write
47CA000
trusted library allocation
page execute and read and write
3258000
heap
page read and write
6EEC9000
unkown
page read and write
75F0000
trusted library allocation
page read and write
4D31000
trusted library allocation
page read and write
19A0C3F4000
heap
page read and write
22D767AE000
heap
page read and write
7200000
heap
page read and write
19A0D6BF000
heap
page read and write
19A1457C000
direct allocation
page read and write
7620000
trusted library allocation
page read and write
2FE5000
heap
page read and write
5506000
trusted library allocation
page read and write
7580000
trusted library allocation
page read and write
7630000
trusted library allocation
page read and write
210607A0000
heap
page read and write
6F06D000
unkown
page write copy
2DDB000
stack
page read and write
30BE000
stack
page read and write
330F000
stack
page read and write
2C8E000
stack
page read and write
211000
unkown
page execute read
5181000
trusted library allocation
page read and write
19A09FBF000
heap
page read and write
6D35000
heap
page execute and read and write
73DD000
stack
page read and write
19A0DD20000
direct allocation
page read and write
19A0D3B6000
heap
page read and write
7AFE000
heap
page read and write
6E2D000
stack
page read and write
19A144D4000
direct allocation
page read and write
7870000
trusted library allocation
page read and write
2BC5000
heap
page read and write
33C5000
heap
page read and write
19A0CB6D000
heap
page read and write
19A0CC30000
direct allocation
page read and write
7BE0000
heap
page read and write
7C10000
trusted library allocation
page read and write
76D0000
trusted library allocation
page read and write
3330000
heap
page read and write
7460000
heap
page read and write
7774000
heap
page read and write
4CCC000
trusted library allocation
page read and write
5060000
trusted library allocation
page read and write
4A3C000
stack
page read and write
2DD0000
trusted library allocation
page read and write
7820000
trusted library allocation
page read and write
3527000
heap
page read and write
7B10000
heap
page read and write
527D000
trusted library allocation
page read and write
7740000
trusted library allocation
page read and write
6C3C000
stack
page read and write
7B30000
trusted library allocation
page execute and read and write
4B70000
trusted library allocation
page read and write
4D7E000
stack
page read and write
5057000
trusted library allocation
page read and write
511F000
stack
page read and write
7AD0000
trusted library allocation
page read and write
19A0C2F6000
heap
page read and write
5170000
heap
page execute and read and write
19A09F20000
heap
page read and write
767E000
heap
page read and write
3520000
heap
page read and write
2BCE000
stack
page read and write
2DE4000
trusted library allocation
page read and write
19A0C730000
direct allocation
page read and write
7742000
heap
page read and write
4E18000
heap
page read and write
501C000
stack
page read and write
22D7679E000
heap
page read and write
2B36000
heap
page read and write
76A9000
stack
page read and write
92A1000
trusted library allocation
page read and write
19A0C8CF000
heap
page read and write
4840000
heap
page readonly
7710000
trusted library allocation
page read and write
6F002000
unkown
page readonly
77EF000
stack
page read and write
50D0000
heap
page execute and read and write
4B80000
trusted library allocation
page read and write
D3B000
heap
page read and write
881E000
stack
page read and write
19A0D6BF000
heap
page read and write
8442000
heap
page read and write
4640000
trusted library allocation
page execute and read and write
19A0D796000
heap
page read and write
19A0C2DB000
heap
page read and write
723B000
stack
page read and write
4E5D000
trusted library allocation
page read and write
4A95000
heap
page execute and read and write
19A09F5A000
heap
page read and write
7D2E000
stack
page read and write
4630000
heap
page readonly
5003000
trusted library allocation
page read and write
755D000
stack
page read and write
7960000
trusted library allocation
page read and write
45A0000
trusted library allocation
page read and write
70E6000
stack
page read and write
19A09F40000
heap
page read and write
19A0C3EC000
heap
page read and write
19A0BE5D000
heap
page read and write
21060990000
heap
page read and write
73D7000
heap
page read and write
19A0D3FA000
heap
page read and write
2D0F000
heap
page read and write
7A0E000
stack
page read and write
19A0C8BE000
heap
page read and write
72FE000
stack
page read and write
73FE000
stack
page read and write
4C6E000
stack
page read and write
22D74D4D000
heap
page read and write
44FE000
stack
page read and write
4AB5000
trusted library allocation
page execute and read and write
4C50000
heap
page readonly
302D000
trusted library allocation
page execute and read and write
700A000
stack
page read and write
7BF0000
trusted library allocation
page read and write
7440000
trusted library allocation
page read and write
554C000
trusted library allocation
page read and write
7AF0000
trusted library allocation
page read and write
5207000
trusted library allocation
page read and write
508F000
trusted library allocation
page read and write
7720000
trusted library allocation
page read and write
19A0CA28000
heap
page read and write
6EDE000
stack
page read and write
19A09E30000
heap
page read and write
3230000
heap
page read and write
4E53000
trusted library allocation
page read and write
19A1454C000
direct allocation
page read and write
7704000
heap
page read and write
3288B2E000
stack
page read and write
19A14498000
direct allocation
page read and write
19A0D2BD000
heap
page read and write
7BE0000
trusted library allocation
page read and write
8210000
heap
page read and write
5287000
trusted library allocation
page read and write
3190000
heap
page read and write
19A141E0000
direct allocation
page read and write
5012000
trusted library allocation
page read and write
6ECD000
stack
page read and write
4BA0000
trusted library allocation
page read and write
54CA000
trusted library allocation
page read and write
75EE000
stack
page read and write
19A0C276000
heap
page read and write
4B5E000
stack
page read and write
6191000
trusted library allocation
page read and write
19A09F5D000
heap
page read and write
51F3000
trusted library allocation
page read and write
4CFE000
stack
page read and write
4FC0000
trusted library allocation
page read and write
2DC0000
trusted library section
page read and write
22D76924000
heap
page read and write
22D77475000
heap
page read and write
22D7698C000
heap
page read and write
CF0000
heap
page read and write
5560000
trusted library allocation
page read and write
4B2E000
stack
page read and write
71EB000
stack
page read and write
8A5D000
stack
page read and write
19A0BED9000
heap
page read and write
7750000
trusted library allocation
page read and write
45C2000
trusted library allocation
page read and write
48D0000
trusted library allocation
page read and write
504F000
stack
page read and write
AA4E7FE000
stack
page read and write
745E000
stack
page read and write
50D5000
trusted library allocation
page read and write
4AAA000
trusted library allocation
page execute and read and write
AA4E6FF000
unkown
page read and write
50A1000
trusted library allocation
page read and write
19A14564000
direct allocation
page read and write
19A0C430000
direct allocation
page read and write
2FD0000
trusted library section
page read and write
2DF0000
heap
page read and write
3197000
heap
page read and write
19A0A140000
heap
page read and write
5CA1000
trusted library allocation
page read and write
19A0D68F000
heap
page read and write
4B74000
trusted library allocation
page read and write
30D0000
heap
page readonly
49EA000
trusted library allocation
page read and write
7A20000
heap
page execute and read and write
19A145E0000
heap
page read and write
22D76A64000
heap
page read and write
7980000
heap
page read and write
77C0000
trusted library allocation
page read and write
7685000
heap
page read and write
19A09F9C000
heap
page read and write
5C29000
trusted library allocation
page read and write
895E000
stack
page read and write
8145000
trusted library allocation
page read and write
7600000
heap
page read and write
77AE000
stack
page read and write
5249000
trusted library allocation
page read and write
772F000
stack
page read and write
526D000
trusted library allocation
page read and write
7B7E000
stack
page read and write
4E2A000
trusted library allocation
page read and write
2B8E000
stack
page read and write
50EF000
trusted library allocation
page read and write
76A4000
heap
page read and write
19A13FC0000
direct allocation
page read and write
73B0000
heap
page execute and read and write
19A0A0E0000
unkown
page readonly
6DC01000
unkown
page execute read
556E000
trusted library allocation
page read and write
716A000
stack
page read and write
2CAC000
stack
page read and write
45FF000
stack
page read and write
307E000
stack
page read and write
737E000
stack
page read and write
4E92000
trusted library allocation
page read and write
72DD000
stack
page read and write
2BC0000
heap
page read and write
312E000
stack
page read and write
885E000
stack
page read and write
5594000
trusted library allocation
page read and write
313C000
stack
page read and write
3170000
trusted library allocation
page read and write
7AD0000
trusted library allocation
page read and write
51AD000
trusted library allocation
page read and write
19A0CA6E000
heap
page read and write
7CC0000
heap
page read and write
2AE000
unkown
page readonly
6F06C000
unkown
page read and write
48C0000
trusted library allocation
page execute and read and write
19A0D67A000
heap
page read and write
7FF7A1561000
unkown
page execute read
There are 1142 hidden memdumps, click here to show them.