IOC Report
bUWKfj04aU.exe

loading gif

Files

File Path
Type
Category
Malicious
bUWKfj04aU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\0Tp94y9MBurxJFhItxZ95EWw.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\1YUCcdc2ns8K2t45poUN7Amx.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\2dRkzCtGWj8VKkanaZyDrBYJ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\2pxZ3QGs5RsdEF32wezepFbS.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\3kkvcuaTSYv6zr1LL5n1fFGV.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\3u6RrNmizX68IHHLss9QqKUE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\6kv625NXRIyPYKeDaoPyctw3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\9xT7E5Pb81hXRamadrxhTcKa.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\A47mXAfrsBDpojX2UlRMyVjb.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\BD2oseXp7BCvMSmO4ZjO5L8H.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\EbkuLW0CG2HYrP9ej87UFUE5.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Ee4C8pygmuP2wWmHYlaPNRsj.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\EobcTZAHsg9TkKb6ZiDxOQpo.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\EwtRoEOPYdd062EDD7ELX587.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\GbMT76fl6mAPfbFsS3x29QL1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\HwwnZ3CpAQLjyKlmGEjpSgAe.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\JgoflcD9Q8N9LvT5krhponwA.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\KS0KCSisDq7pEmahBFThP4AT.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\KaHPEM2tjHD1595lRxdfqHsL.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\MSGhyVQl8QvU645EqnDaDG5h.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\4767d2e713f2021e8fe856e3ea638b58[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\DocuWorks[1].exe
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\gold[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\sarra[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\FirstZ[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\alexxxxxxxx[1].exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\cred64[1].dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\swiiii[1].exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\Uni400uni[1].exe
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\clip64[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\file300un[1].exe
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\swiiiii[1].exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\ISetup8[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\NewB[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\jok[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\MnKGY5RWTeEWMNUxbLjGgu1v.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\NVX3Pk7yCVoYnwk8B8rP7BRQ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\NXiJY5ksTtPuwWHLdp7c611m.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\QOC4MrQyBEQHndqZcvBUgBgA.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\QgQgG9QxK6KBBiRO6TDiG08X.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\SN8aMZWrntrM7YJrmHS2jN15.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\SSO4jRyuUDShfiudMUcxy9PM.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\SYo7pMEIUYDach25xrEqQtfo.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1001053001\gold.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1001084001\random.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1001107001\jok.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1001108001\swiiii.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1001142001\DocuWorks.exe
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\1001152001\DocuWorks.exe
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u5ps.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u5ps.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\U56AmqiMe1O1Xr1D2Q9NTKco.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\ULpJp44l4YgbS9xGxpGd4gFD.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\UNI7mc4Nnga4yNCGVfbOvnYn.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\UqEUiSMhaNIUaul1PMLhCUwN.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\VxBZwWSDvyrtFfizMLyM1BzT.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\XJI9AFzBIfKNprDgZXpUs99e.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\aCC9Y3uZiPILOE7CPQBm3dqe.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\b135cfRMuAwZwxqPJGvWitOU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\bhUVpYwvm9Cx2G2Rs1dNzx32.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\dG8PuyJTCxed1f6M5xR2MLtX.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\dUJDpd3reHboCY5zymPoYWZb.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\duWjVWTrdvxVwAVHrNA8iMHG.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\eVxkDSvCJmjQQtpfadM6vVRZ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\erPoCjwbFUG1W9A8W6y3CW6b.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\fCvVPrm4SypzMQ6EiBEadgs1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\g9ls6tmSqvqEPFEPMTLxj5T8.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\hcidkkgbJV63mERAuLfsQa8h.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\ikwgyD2WNrub0XxL5g8QM7GI.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\ilujg24U0DrNyFRHYG8F01Xq.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\iwNl8K5vXvEOpYcZRlgRArUI.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\l9eBjdHLCrnnkZZKJdDffPtE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\o8Jx9jV1oAFDNGwS0JdA5742.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\oLeePKVd7zLdWzK9yLk3y6uB.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\p2n3E86Xy4ldROofshdOCL5V.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\s72QQ1HEDtqfs0ltMB4uulZT.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\szmZp5wR4ysalkWrHfDx3ALH.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\tH2mUUONokvK3vL8ubpXbilZ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\vSXx0NPQvyjoNMnvb7CbbdI3.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\vjbBGdKLPrfqevTO8NoyWGaS.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\wQWWfYa2Wpi02lLWRtocQHQR.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\wXamxKfyZPmwZrj3GYJOigy8.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\xEsbKulN7hG8EPnegeeycsh4.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\yB6Uf0WkvSc9vwkxXb9qHuqG.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\yUsmdV5pQCUMcoI7bnDHRZY9.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\zFwKnsnVeTcdv2qgWZnCYFfo.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\zTSMwf6EqjBUbab8YHX1tAIc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\configurationValue\propro.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\1abyUXPEgy4bZxyXlnZFcHZ5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\1nTmHrERKdzkaXW6uWP0ApYm.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\3Qu8OOESjPevn9hgYpoGckO6.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\5t4J6LPx9worlCEV5lJ6PESB.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\5zJHpAJpIRB1HYZQQAYjkJ25.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\6OLUTXGxeOohIVqZzcEJ5alb.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\7cKVSqTv7NnDDL1Bxf0FokVy.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\7oogYDdOsBiWJ9MKZ1L5HbFc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\8UpBCIaVf6AAjxJPhsi6WXaA.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\AyNYT4O47VfBk09nQnrCijm6.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\DTvgIdE1FHJj9FUSxKWXL2RO.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\FUb10VYVGNCyaJzEYAYj3GQs.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\Gp0jcfXPIousEInbW21jIMsf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\HAM9LOmldo1zWlB6yIg4ket5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\HJ7xEP91cEUeBnkYZsutN6xz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\JLiIrbSzLzOnR0erkK3iGyEU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\Jow4Yx3Pjb1bpRyZH3KDPaVs.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\MpHOHCEEUzMhd1hQeZRzVhhz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\Mpw4JlCHhiliCOOFY4izjnxd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\NfgsIliNy2FIhgIHRMVtFDp6.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\NzMhoMiQShLnUxfisrCBpUcg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\OW0IY6qIxwA2vBNesoWOn7tx.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\PX9pw9BSDC6GcNiwEOwN9eIo.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\QGd5vowLDGLbl9fCzFQRFDz6.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\QHSpBJfT7rENIQ9ncyZXQ7Pm.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\QxCv5P4RWl5NZ4tvZO0mZrz2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\RTdjK9qJEXQ928Kc9bfdj8uO.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\RoyNg8B8qjQgITKbssh3ShCc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\RqikXgL90rwJFOFaZuJPlBKd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\TB8gyY0giMN6fcZjZLzipP7P.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\TjI0ijcIo0xtphiVp90L9Ox0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\VScSUh49U4ILUy7wHZccpWfB.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\XOhApkVOUtZE8u9vX17eosOR.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\Xi37RtmryfYQA7AgXeZvjKIg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\ZM1H78lrEQNEMSqAF8jMSK2I.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\ZoBfdkTi1TzYd4Qho9RGiD49.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\b7aAk4NsmjOyCEFaPAgyoXSd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\bgw33Otai3n3FHEj79p4BuQd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\dAQPk6VJcRnzNryadPob76ur.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\e9BFbVGJvYbRX1O9pfx94p87.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\eRuQ9CSoyYCbA7kgv2O4hBGL.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\emoDG0nH5rlkVVnXgc1mj5b6.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\fNXuIJPtZ25Cf8AC2M7nLhvu.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\fbQkxrJoAES30cVcdBN8aXwZ.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\iWlE1PLcvZdqKeIUsVDIfjKo.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\itMidjIgtoMzghFLrzdYkPDa.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\j5y10uqj39KWgJqNPePuwKtH.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\jEBnyzNlpnxYBpX0SzTsilYc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\kj4vlWepIIui5EUsEpaKN5uf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\lGY9WNr93099Iipz5J2xUIwU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\ngPRyE3pVf7AVqsG4El6sbei.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\oda8FFwXlvLarxOY0ZoPcs8X.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\pVHGmT1xb3UJCnVvgRWBUZ7Y.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\rig4vLmrODGxubaXNA7eu9mO.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\sNUwctL7GkZ5u0NI0scxfcy0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\sx0rXq9mQR9aeLWBWHbPdr14.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\tLniRa1wNfVBc8wtGlFeZuV5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\tqElYl8Fl4JU3kvWVy6e00VW.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\uOTCOcyWGW2C0V1L0OAjLfFo.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\uhjRBnwj8K4T9LYmtd6M66hw.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\uuRE7gXsEM4RR1NoZUBwtrlp.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\wZuV3PgWQZH6WkVb85MHgKez.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\yhDNs5CKgcvWpHQdXrg6et6I.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\zkP3dJByFmLvW6zaaFPB4q1s.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
Extensible storage user DataBase, version 0x620, checksum 0x3f41fe08, page size 16384, DirtyShutdown, Windows version 10.0
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Uni400uni.exe_abcc73dc4be9eccf93f57939ad34e24e865bf25_72d372f9_edad4638-018d-4178-8ee1-0f05c5001308\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_swiiiii.exe_4644a13ebcdb6e10e65a72b8ec8bc0b0ff32d1fa_6563360f_0de07880-8bf4-4e90-a473-63681402adc2\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER37A4.tmp.dmp
Mini DuMP crash report, 16 streams, Mon Apr 15 05:42:34 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER491A.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B0F.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD9D.tmp.dmp
Mini DuMP crash report, 15 streams, Mon Apr 15 05:42:08 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF25.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF55.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\Public\Desktop\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 05:47:17 2023, atime=Wed Sep 27 08:36:54 2023, length=3242272, window=hide
dropped
C:\Users\user\AppData\Local\33tIGBzVuCMQl3Wc6IvtNEjP.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\EqvNTTWJsgdaHBZM2vNGyoMV.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\IA1JiyWIGEvHCZKTDOlZNrXb.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Traffic.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\alexxxxxxxx.exe.log
CSV text
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gold.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\Stj0rnzdLizcr79amRyA4wnp.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
C:\Users\user\AppData\Local\Temp\1001059001\0lQs2u2bQN8wOmVXVy2wItPr.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\0tYrOK0l3oFbXddjsmtb931W.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\18oG7LNEo6QcClXRVAJbS4hd.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\3M4Jtk9KWHgh8ducxhTFcjW1.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\3mHg0ktrbc2PpU4ds9bpMhZZ.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\4hs64zd1vggd1u64GpeGCzqk.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\7INGj891a3Tm3DBdzkBBBu4f.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\7Px23zDNZXL8Wy0lPHfMYVTL.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\7czkMh8EvSiPUijWCDYmOA0H.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\83h7vd7bLREHOEODb4HLTiUR.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\97Lqi3WoncD5y5D9KjmTRajv.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\9Y7uMe8QnC7FFfGfNRzEDhaF.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\9vtbOcSuXHIUE3aqSLzyIs15.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\DXBbZJH6aLRZHAVt4F6j0AmN.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\Da4hPfXHBBjDyahp38gylcgg.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\E2yH5MLGXjpJh1srJDZoMcAl.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\EAIEYPMHLI2C96DGaxuSW1Wl.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\Elh8h4Mgm3Kyj26kaoBm2vi2.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\EuHH093mR5qKLZmV0JaXHXHY.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\F3BI9GaNOs6Ya1J9lebEzYL9.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\FYWrmh9kVvfjND8uGAmX5Y4l.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\G5mEm3jS1pvbju1MRv4tfDyu.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\HNvooPz7Vh4sIgGP39cslh4N.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\I8XeDfyDr6bDQhOsvcFng6ze.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\JXVwjDMgM09uvctWr995ZwGN.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\MgvqbtqceBiLGxlPZIfqyYea.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\NDXx6frQXtljightQZ1O7fjP.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\NQ4poDjMI3RXXj5p2XsaVrP3.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\NzzUKUXiYayfTxpveiz4EThB.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\ReJSK9WVd6KfmbU9BelU2dTM.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\RfYqto9ALRNpcVKkonPjQKeW.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\RhhG1gn0QUhYedfdbzAy5ZNg.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\RwTMC4vzdsOGTPwvVM2qZjtm.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\SbiAzImWgkT7MJB2PHgRcGax.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\Sv6g3ERXfxKD2J0JVlLThaHN.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\TgZOkQYQnPGPXD7pldT9f2PL.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\UDZw2rmIuxJqvLYxjDsuaurn.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\UjJo2kS8cmZcF5KHpYmSzplI.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\UjOBDHW3UrPljjSOmFiE3BQz.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\W0iQl0pZ5sWOTAcjwfLYYAT7.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\WoroixetAf5ka8XSLVlC1zOe.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\Wz6d3yrxvUiYF1DUYfgHq4pk.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\XRq4aN5F1IW0xzC6S5xN6i2b.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\Xxc1XEY9M6t5SKzF0RMTQR6B.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\aQDowDvx9wZiVLu5ax7aNCbI.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\cEHiDGk9wayAY1T1AaqMXTts.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\ctHd3czrPTUSeJ3p8SDBZ1v1.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\cv0AmfEhPjyqiSLT2h9xTanU.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\dQz83vXZCdAW6INUr81qydEi.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\dl67yGegABuy4cgIumPGhEid.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\f0pnZDMd6RaZV3ru6ZcvWYoh.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\flhAOmHuPU4rOQraF9et2tNv.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\gKz1moE7eup3G7nOTrAM5FEe.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\gexYuw0NRhQ8R1rZTdriSThP.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\gtUxZk6cj8wfEklu1LBTS737.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\hn24jhY0Fv65Hr2JNkbIUU32.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\iGgltwF3cPJJEQEEusF5Xi0h.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\isSKeeo2YpQheeY24R4j9G2t.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\jVb7NGJ5fDo17zuI07wKXTkn.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\k4WDKn5GdBylasbk9EPm9Oxn.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\nruxO9vtSEsvmw1nJfHLNbN3.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\o9rQUR3l55wTcAhNhuto03lk.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\oWpy9mG9Ds15Yw7FsUFYFKZz.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\ory2z8Uv63Q76t6KnnuaZBZ3.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\p8NzMeukSixzfsrv1eOsaArK.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\r2A0rS3VHsn8vyJeZHhKfWXr.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\rocNHTvv38JS6pWod6Y4Gd91.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\sKWhFmW1UBgSm2O3z2QVt6hX.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\sx87S9fjIWqhIFU42ChmdBD5.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\vWfNA9ItlVbIhYLgDbH2qYCB.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\vtH7nDBrnek0dvASVqeqkxmh.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\wECmGoZSCpcGomt5tgyfkCt8.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\wHUmqxGl1NXuimy6s35CfrOK.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\xTp4bHJiLrusMpbtmcQ6RM59.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\xfnvi9jPfFxOupLhRqQ53EM3.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\xly7DWkYKo5WnXstfCeJrt5O.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\1001059001\zjeauCZFVCgTqOll4Vc5L2Ft.bat
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\Tmp3775.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Tmp3776.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\TmpBCE6.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\TmpBD35.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\_Files_\GAOBCVIQIJ.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\_Files_\IPKGELNTQY.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\_Files_\IPKGELNTQY.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\_Files_\LSBIHQFDVT.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\_Files_\NEBFQQYWPS.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\_Files_\SFPUSAFIOL.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0z0fvjrp.5w0.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1kprbola.2vk.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2g4p5thq.ky5.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a1gfrcqo.kip.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hda1lzma.gbm.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r1c5fzge.c2k.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\UvmCGtz1aYTjhcoAhykwCuQw.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\a3XC8JYF0aYXxIZPljcBh92I.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\dkk7cRVuWpprbxEbDlw69GrM.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\domCqD7LBg1Q0KxGLvuFe0Aj.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\oxW5doxruDrLfkxekfdC42S3.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\swXqwxxcUE7SVCRYdUBHf3nm.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\vFvvln76msVyiTRvQQMSlc4y.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\xIvgySaF2JVAOfOVBY400p1d.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\yybBRlcB659iEk7Vesfqc6Zw.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06
data
modified
C:\Users\user\Pictures\0ZzXdtKbBOkMTYdVV1HNUsqT.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\0zuHPkqadZGFhsedqfFjHrEV.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\1Cki827fF40ubJ4RMKyP3Elr.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\6A6tSzDSK6P9F6s9kkiOZkgA.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\CCF32f9je00j8IZrr0Ff4c4t.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\IKulK0lzJvII432wpHMkGWRw.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\RvrkjxBwedY81Y68Ne47TzMs.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\SlwT2Dhb0jcRK2apeSa3FdHE.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\YtkUkgpbmZlbSuZT81owPAOw.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\gxNMHUmIRRsTpoh2kGfIr9lW.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\h9MmfvkW2XknV10h725GOqVL.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\uWDQa01moDg0YUv8UXTjuXuR.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\v05bbHszTdSghZlrnH5jWCvs.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
JSON data
dropped
C:\Windows\Tasks\explorgu.job
data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 297 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\bUWKfj04aU.exe
"C:\Users\user\Desktop\bUWKfj04aU.exe"
 malicious
C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
 malicious
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
 malicious
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
 malicious
C:\Windows\System32\netsh.exe
netsh wlan show profiles
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
malicious
C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe
"C:\Users\user\AppData\Local\Temp\1000985001\alexxxxxxxx.exe"
malicious
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Users\user\AppData\Roaming\configurationValue\propro.exe
"C:\Users\user\AppData\Roaming\configurationValue\propro.exe"
malicious
C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe
"C:\Users\user\AppData\Roaming\configurationValue\Traffic.exe"
malicious
C:\Users\user\AppData\Local\Temp\1001053001\gold.exe
"C:\Users\user\AppData\Local\Temp\1001053001\gold.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe
"C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe"
malicious
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN NewB.exe /TR "C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe" /F
malicious
C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe
C:\Users\user\AppData\Local\Temp\1001059001\NewB.exe
 malicious
C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe
"C:\Users\user\AppData\Local\Temp\1001073001\swiiiii.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
"C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe"
 malicious
C:\Users\user\AppData\Local\Temp\1001084001\random.exe
"C:\Users\user\AppData\Local\Temp\1001084001\random.exe"
malicious
C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe
"C:\Users\user\AppData\Local\Temp\1000191001\FirstZ.exe"
malicious
C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe
"C:\Users\user\AppData\Local\Temp\1001085001\file300un.exe"
malicious
C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe
"C:\Users\user\AppData\Local\Temp\1000192001\Uni400uni.exe"
malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
 malicious
C:\Users\user\AppData\Local\Temp\1001107001\jok.exe
"C:\Users\user\AppData\Local\Temp\1001107001\jok.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5564 -ip 5564
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 920
C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe
"C:\Users\user\AppData\Local\Temp\1000187001\4767d2e713f2021e8fe856e3ea638b58.exe"
C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe
"C:\Users\user\AppData\Local\Temp\1000188001\ISetup8.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 500 -p 7684 -ip 7684
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7684 -s 1076
There are 36 hidden processes, click here to show them.

URLs

Name
IP
Malicious
bordersoarmanusjuw.shop
malicious
mealplayerpreceodsju.shop
malicious
absentconvicsjawun.shop
malicious
pushjellysingeywus.shop
malicious
economicscreateojsu.shop
malicious
185.172.128.33:8970
malicious
wifeplasterbakewis.shop
malicious
suitcaseacanehalk.shop
malicious
entitlementappwo.shop
malicious
https://legal.opera.com/terms
unknown
http://ocsp.sectigo.com0
unknown
https://www.opera.com/privacy
unknown
https://crashpad.chromium.org/bug/new
unknown
https://help.opera.com/latest/
unknown
https://contoso.com/License
unknown
https://junglethomas.com/45c777cd634b90d85bd90992c72a11ec/4767d2e713f2021e8fe856e3ea638b58.exe
unknown
https://policies.google.com/terms;
unknown
https://api.ip.s
unknown
https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
unknown
http://www.indyproject.org/
unknown
http://google.com
unknown
https://gamemaker.io/en/education.
unknown
https://legal.opera.com/terms.
unknown
http://localhost:3001api/prefs/?product=$1&version=$2..
unknown
https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktophttps://cr
unknown
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
unknown
https://www.opera.com/download/
unknown
https://telegram.org/tos/
unknown
https://junglethomas.com/AV
unknown
https://addons.opera.com/extensions/download/be76331b95dfc399cd776d2fc68021e0db03cc4f.opera.com
unknown
https://junglethomas.com/IV
unknown
https://contoso.com/
unknown
https://nuget.org/nuget.exe
unknown
https://discord.com/api/v9/users/
unknown
https://junglethomas.com/a638b58.exe
unknown
https://sectigo.com/CPS0D
unknown
https://affordcharmcropwo.shop:443/api
unknown
https://www.opera.com
unknown
http://svc.iolo.com/__svc/sbv/DownloadManager.ashx
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://autoupdate.geo.opera.com/
unknown
https://twitter.com/en/tos;
unknown
http://nuget.org/NuGet.exe
unknown
https://aka.ms/winsvr-2022-pshelp
unknown
https://api.ip.sb/ip
unknown
https://economicscreateojsu.shop:443/api)
unknown
https://crashpad.chromium.org/
unknown
https://redir.opera.com/uninstallsurvey/
unknown
https://addons.opera.com/en/extensions/details/dify-cashback/
unknown
https://junglethomas.com/iV
unknown
http://pesterbdd.com/images/Pester.png
unknown
https://autoupdate.geo.opera.com/geolocation/
unknown
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://www.apache.org/licenses/LICENSE-2.0.html
unknown
https://crashstats-collector.opera.com/collector/submit
unknown
https://junglethomas.com/qV
unknown
http://www.opera.com0
unknown
https://contoso.com/Icon
unknown
https://aka.ms/winsvr-2022-pshelpX
unknown
https://g.live.com/odclientsettings/ProdV21C:
unknown
https://opera.com/privacy
unknown
https://legal.opera.com/eula/computers
unknown
https://gamemaker.io)
unknown
https://github.com/Pester/Pester
unknown
http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching
unknown
https://sourcecode.opera.com
unknown
https://pastebin.com/raw/V6VJsrV31https://yip.su/RNWPd.exe7https://iplogger.com/1djqU4
unknown
https://www.whatsapp.com/legal;
unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
unknown
https://parrotflight.com/4767d2e713f2021e8fe856e3ea638b58.exe
unknown
https://yip.su/RNWPd.exeChttps://pastebin.com/raw/E0rY26ni5https://iplogger.com/1lyxz
unknown
https://economicscreateojsu.shop/api
unknown
https://g.live.com/odclientsettings/Prod1C:
unknown
https://economicscreateojsu.shop/
unknown
https://affordcharmcropwo.shop/api
unknown
https://www.opera.com..
unknown
https://www.opera.com/
unknown
https://affordcharmcropwo.shop/apiW
unknown
https://economicscreateojsu.shop:443/api
unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
unknown
https://economicscreateojsu.shop/apip
unknown
http://schemas.xmlsoap.org/wsdl/
unknown
https://gamemaker.io/en/get.
unknown
https://gamemaker.io
unknown
https://affordcharmcropwo.shop/apiA
unknown
https://legal.opera.com/privacy
unknown
http://download.iolo.net
unknown
https://help.instagram.com/581066165581870;
unknown
https://aka.ms/pscore68
unknown
https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
unknown
https://affordcharmcropwo.shop/
unknown
https://junglethomas.com/
unknown
https://legal.opera.com/privacy.
unknown
There are 83 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
185.172.128.33
unknown
Russian Federation
malicious
185.215.113.32
unknown
Portugal
malicious
185.172.128.19
unknown
Russian Federation
malicious
185.172.128.90
unknown
Russian Federation
172.67.181.34
unknown
United States
185.215.113.45
unknown
Portugal
185.215.113.67
unknown
Portugal
193.233.132.175
unknown
Russian Federation
185.172.128.59
unknown
Russian Federation
104.208.16.94
unknown
United States
104.21.79.77
unknown
United States
88.218.93.76
unknown
Netherlands
104.21.31.124
unknown
United States
94.232.247.248
unknown
Lithuania
104.21.90.14
unknown
United States
23.62.134.148
unknown
United States
52.2.56.64
unknown
United States
185.172.128.228
unknown
Russian Federation
172.67.176.131
unknown
United States
172.67.187.204
unknown
United States
20.42.65.92
unknown
United States
172.67.34.170
unknown
United States
193.233.132.167
unknown
Russian Federation
104.21.92.190
unknown
United States
172.67.193.79
unknown
United States
104.21.47.60
unknown
United States
5.42.64.17
unknown
Russian Federation
104.20.67.143
unknown
United States
107.167.110.211
unknown
United States
127.0.0.1
unknown
unknown
There are 20 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
random.exe
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Startup
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
PerfMMFileName
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
ProgramId
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
FileId
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
LowerCaseLongPath
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
LongPathHash
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
Name
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
OriginalFileName
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
Publisher
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
Version
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
BinFileVersion
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
BinaryType
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
ProductName
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
ProductVersion
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
LinkDate
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
BinProductVersion
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
AppxPackageFullName
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
AppxPackageRelativeId
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
Size
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
Language
\REGISTRY\A\{1b912a2e-f96f-3367-5f24-81b84ad252bb}\Root\InventoryApplicationFile\swiiiii.exe|b9eef5c4f3166502
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\BroomCleaner
Installed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
DontOfferThroughWUAU
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\msbuild_RASMANCS
FileDirectory
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
ProgramId
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
FileId
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
LowerCaseLongPath
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
LongPathHash
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
Name
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
OriginalFileName
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
Publisher
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
Version
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
BinFileVersion
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
BinaryType
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
ProductName
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
ProductVersion
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
LinkDate
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
BinProductVersion
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
AppxPackageFullName
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
AppxPackageRelativeId
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
Size
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
Language
\REGISTRY\A\{e010ba09-bb30-16ea-8a66-b09d30c180fe}\Root\InventoryApplicationFile\uni400uni.exe|63332a4f626f9b1e
Usn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
0018000DDABBE6B3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
There are 64 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
191000
unkown
page execute read
 malicious
6A1000
unkown
page readonly
 malicious
400000
remote allocation
page execute and read and write
 malicious
25500041000
trusted library allocation
page read and write
 malicious
8C1000
unkown
page execute and read and write
 malicious
191000
unkown
page execute read
 malicious
5090000
direct allocation
page read and write
 malicious
342000
unkown
page readonly
 malicious
A22000
unkown
page readonly
 malicious
27AB9251000
trusted library allocation
page read and write
 malicious
3B73000
trusted library allocation
page read and write
 malicious
3B05000
trusted library allocation
page read and write
 malicious
12B1000
heap
page read and write
 malicious
191000
unkown
page execute read
 malicious
5F2000
unkown
page readonly
 malicious
125F1000
trusted library allocation
page read and write
 malicious
4C30000
direct allocation
page read and write
 malicious
27FE000
trusted library allocation
page read and write
FBD000
heap
page read and write
4C11000
heap
page read and write
14CF000
heap
page read and write
25500001000
trusted library allocation
page read and write
2763000
trusted library allocation
page read and write
7FFD34420000
trusted library allocation
page execute and read and write
D2D000
stack
page read and write
B90000
trusted library allocation
page read and write
1235000
heap
page read and write
27AB7580000
unkown
page readonly
28AA000
trusted library allocation
page read and write
3D4E000
stack
page read and write
27FA000
trusted library allocation
page read and write
1470000
direct allocation
page read and write
14E4000
heap
page read and write
4C11000
heap
page read and write
28CC000
trusted library allocation
page read and write
1A30D94F000
trusted library allocation
page read and write
2B01000
trusted library allocation
page read and write
398E000
stack
page read and write
25E4E91A000
heap
page read and write
E44000
heap
page read and write
4C11000
heap
page read and write
1B010000
heap
page read and write
27AB7990000
heap
page read and write
1A324620000
heap
page execute and read and write
3E8E000
stack
page read and write
2978000
trusted library allocation
page read and write
37B0000
heap
page read and write
7FFD3441C000
trusted library allocation
page execute and read and write
34ED000
stack
page read and write
14FE000
heap
page read and write
31CF000
stack
page read and write
35EE000
stack
page read and write
1A30C6D9000
trusted library allocation
page read and write
BC077E000
stack
page read and write
1470000
direct allocation
page read and write
29C3000
trusted library allocation
page read and write
47B1000
heap
page read and write
E44000
heap
page read and write
1A30D993000
trusted library allocation
page read and write
12A4000
heap
page read and write
27AB7820000
heap
page read and write
410E000
stack
page read and write
64C5000
heap
page read and write
65CD000
stack
page read and write
52DE000
stack
page read and write
DC5000
heap
page read and write
BC097F000
stack
page read and write
47B1000
heap
page read and write
236FF890000
trusted library allocation
page read and write
281E000
trusted library allocation
page read and write
12A4000
heap
page read and write
7FF6AD860000
unkown
page readonly
FF0000
direct allocation
page read and write
2933000
trusted library allocation
page read and write
4C11000
heap
page read and write
E44000
heap
page read and write
2769000
trusted library allocation
page read and write
27AD000
trusted library allocation
page read and write
11EE000
stack
page read and write
A3C000
stack
page read and write
E44000
heap
page read and write
1348000
heap
page read and write
1A30BF70000
heap
page read and write
2966000
trusted library allocation
page read and write
114E000
stack
page read and write
137B000
heap
page read and write
7FFD3441C000
trusted library allocation
page execute and read and write
400000
unkown
page readonly
C9A10F3000
stack
page read and write
1470000
direct allocation
page read and write
12A4000
heap
page read and write
28CE000
trusted library allocation
page read and write
223F2E94000
heap
page read and write
12A4000
heap
page read and write
273E000
stack
page read and write
2B30000
direct allocation
page read and write
14E4000
heap
page read and write
35FD000
trusted library allocation
page read and write
8C0000
unkown
page read and write
28F3000
trusted library allocation
page read and write
4C11000
heap
page read and write
1A30D953000
trusted library allocation
page read and write
3B20000
heap
page read and write
27EF000
trusted library allocation
page read and write
DA0000
heap
page read and write
1A30BF7A000
heap
page read and write
3441000
trusted library allocation
page read and write
4C11000
heap
page read and write
425000
unkown
page write copy
4C11000
heap
page read and write
28FE000
trusted library allocation
page read and write
FE0000
heap
page execute and read and write
125E3000
trusted library allocation
page read and write
10FA000
stack
page read and write
4C11000
heap
page read and write
2809000
trusted library allocation
page read and write
12EE000
stack
page read and write
1A31C798000
trusted library allocation
page read and write
4C11000
heap
page read and write
1A30C2F0000
trusted library allocation
page read and write
25E53790000
remote allocation
page read and write
7FFD345D0000
trusted library allocation
page read and write
FC0000
heap
page read and write
4C11000
heap
page read and write
4F70000
trusted library allocation
page read and write
4CC000
stack
page read and write
1584000
heap
page read and write
2900000
trusted library allocation
page read and write
7FFD3437D000
trusted library allocation
page execute and read and write
14AA000
heap
page read and write
5CB7000
heap
page read and write
27D8000
trusted library allocation
page read and write
1CE7E000
stack
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
14A0000
heap
page read and write
12A4000
heap
page read and write
7FFD34530000
trusted library allocation
page execute and read and write
25E53790000
remote allocation
page read and write
C10000
heap
page read and write
CDF000
stack
page read and write
6FB25FF000
stack
page read and write
E44000
heap
page read and write
27DA000
trusted library allocation
page read and write
27C7000
trusted library allocation
page read and write
7FFD345B0000
trusted library allocation
page read and write
1375000
heap
page read and write
27B8000
trusted library allocation
page read and write
12A4000
heap
page read and write
A52000
unkown
page readonly
236FF890000
trusted library allocation
page read and write
4C11000
heap
page read and write
5290000
direct allocation
page execute and read and write
4AF3000
heap
page read and write
AF0000
trusted library allocation
page read and write
2895000
trusted library allocation
page read and write
1A30CA86000
trusted library allocation
page read and write
47B1000
heap
page read and write
12A4000
heap
page read and write
2851000
trusted library allocation
page execute and read and write
38FE000
stack
page read and write
DCA000
heap
page read and write
223F0F77000
heap
page read and write
47B1000
heap
page read and write
1A30DD0D000
trusted library allocation
page read and write
11AD000
stack
page read and write
926000
unkown
page read and write
1040000
heap
page read and write
47B1000
heap
page read and write
27AB78F0000
trusted library section
page read and write
223F0FAE000
heap
page read and write
BC09FE000
stack
page read and write
FF0000
direct allocation
page read and write
750000
heap
page read and write
27CC000
trusted library allocation
page read and write
236FF890000
trusted library allocation
page read and write
51CF000
stack
page read and write
4C11000
heap
page read and write
D50000
trusted library allocation
page read and write
4C11000
heap
page read and write
47B1000
heap
page read and write
12A4000
heap
page read and write
13FF000
stack
page read and write
1A324957000
heap
page read and write
4C11000
heap
page read and write
27C9000
trusted library allocation
page read and write
FBF000
heap
page read and write
1A3244B0000
heap
page read and write
AC5000
unkown
page write copy
5270000
direct allocation
page execute and read and write
D63000
trusted library allocation
page execute and read and write
47B1000
heap
page read and write
AC0000
heap
page read and write
1A30A5C0000
heap
page read and write
DE0000
heap
page read and write
7FFD34373000
trusted library allocation
page read and write
47B1000
heap
page read and write
C9A15FF000
stack
page read and write
5280000
direct allocation
page execute and read and write
12A4000
heap
page read and write
874000
heap
page read and write
BC0CBE000
stack
page read and write
7FFD34542000
trusted library allocation
page read and write
BC0A79000
stack
page read and write
1B150000
heap
page execute and read and write
C9A19FC000
stack
page read and write
27ED000
trusted library allocation
page read and write
28B7000
trusted library allocation
page read and write
A70000
heap
page read and write
12A4000
heap
page read and write
354F000
stack
page read and write
6CE0000
heap
page read and write
AB0000
heap
page read and write
2935000
trusted library allocation
page read and write
BCA000
unkown
page execute and read and write
2937000
trusted library allocation
page read and write
D40000
heap
page read and write
27AB77C1000
heap
page read and write
2920000
trusted library allocation
page read and write
287B000
trusted library allocation
page read and write
4C11000
heap
page read and write
27AB77FA000
heap
page read and write
1A31C51F000
trusted library allocation
page read and write
FE0000
heap
page read and write
37AE000
stack
page read and write
688E000
stack
page read and write
1F7000
unkown
page readonly
62E000
unkown
page readonly
47B1000
heap
page read and write
CFB000
trusted library allocation
page execute and read and write
1580000
heap
page read and write
223F0FAE000
heap
page read and write
4C11000
heap
page read and write
12A4000
heap
page read and write
4C11000
heap
page read and write
2908000
trusted library allocation
page read and write
1A30D97D000
trusted library allocation
page read and write
BCB000
unkown
page execute and write copy
12A4000
heap
page read and write
143E000
stack
page read and write
D8A000
trusted library allocation
page execute and read and write
5280000
direct allocation
page execute and read and write
27AB78B0000
trusted library allocation
page read and write
2741000
trusted library allocation
page read and write
344E000
stack
page read and write
B6E000
stack
page read and write
4C20000
heap
page read and write
2E238FE000
stack
page read and write
1138000
stack
page read and write
13EE000
stack
page read and write
125E6000
trusted library allocation
page read and write
D74000
trusted library allocation
page read and write
FF0000
heap
page read and write
48B0000
trusted library allocation
page read and write
1E0000
unkown
page readonly
1A324819000
heap
page read and write
47B1000
heap
page read and write
C9A16FE000
stack
page read and write
A66000
unkown
page readonly
7FFD34550000
trusted library allocation
page execute and read and write
B90000
heap
page read and write
4D90000
direct allocation
page read and write
87E000
heap
page read and write
142E000
stack
page read and write
1195000
heap
page read and write
9E0000
heap
page read and write
DBD000
heap
page read and write
7FF6ADAED000
unkown
page readonly
27C5000
trusted library allocation
page read and write
2700000
heap
page execute and read and write
155E000
heap
page read and write
87AF000
stack
page read and write
223F0F00000
heap
page read and write
990000
heap
page read and write
25E535F1000
trusted library allocation
page read and write
1A30DD30000
trusted library allocation
page read and write
27AB78C3000
trusted library allocation
page read and write
5240000
direct allocation
page read and write
2C9F000
stack
page read and write
1A324914000
heap
page read and write
1B3B0000
heap
page read and write
28F1000
trusted library allocation
page read and write
4C11000
heap
page read and write
28E0000
trusted library allocation
page read and write
1F7000
unkown
page readonly
1A3244F6000
heap
page read and write
2EBE000
stack
page read and write
FBF000
heap
page read and write
430000
unkown
page readonly
2944000
trusted library allocation
page read and write
4B0E000
stack
page read and write
3BCF000
stack
page read and write
BA3000
trusted library allocation
page execute and read and write
4C11000
heap
page read and write
86A000
heap
page read and write
464000
unkown
page read and write
223F2E96000
heap
page read and write
29EA000
trusted library allocation
page read and write
2765000
trusted library allocation
page read and write
3E2000
unkown
page readonly
4C11000
heap
page read and write
47B1000
heap
page read and write
14E5000
heap
page read and write
47B1000
heap
page read and write
4C11000
heap
page read and write
D50000
heap
page read and write
5210000
direct allocation
page execute and read and write
29F0000
heap
page read and write
4C11000
heap
page read and write
A0D000
heap
page read and write
494D000
stack
page read and write
BC0C3A000
stack
page read and write
25DE000
stack
page read and write
2F7C000
trusted library allocation
page read and write
D70000
trusted library allocation
page read and write
27AB9200000
heap
page execute and read and write
50D0000
heap
page execute and read and write
2629000
trusted library allocation
page read and write
2F3F000
stack
page read and write
8991000
heap
page read and write
1470000
direct allocation
page read and write
7FFD34363000
trusted library allocation
page execute and read and write
45CF000
stack
page read and write
4C11000
heap
page read and write
1470000
direct allocation
page read and write
236FF440000
trusted library allocation
page read and write
1A30A550000
heap
page read and write
7FFD34520000
trusted library allocation
page read and write
B80000
trusted library section
page readonly
30CF000
stack
page read and write
4C11000
heap
page read and write
28A8000
trusted library allocation
page read and write
2873000
trusted library allocation
page read and write
660E000
stack
page read and write
25E4E91A000
heap
page read and write
E7B000
stack
page read and write
2B30000
direct allocation
page read and write
14E4000
heap
page read and write
7FFD34363000
trusted library allocation
page execute and read and write
FF0000
direct allocation
page read and write
888C000
stack
page read and write
7FFD34510000
trusted library allocation
page read and write
4C11000
heap
page read and write
BA0000
heap
page read and write
448F000
stack
page read and write
6FB29FB000
stack
page read and write
223F0F69000
heap
page read and write
28B9000
trusted library allocation
page read and write
4C11000
heap
page read and write
D9E000
stack
page read and write
5300000
heap
page read and write
4C11000
heap
page read and write
4AD2000
heap
page read and write
1A30E0CF000
trusted library allocation
page read and write
1558000
heap
page read and write
4C11000
heap
page read and write
1A30C4B1000
trusted library allocation
page read and write
5C27000
heap
page read and write
5F0000
unkown
page readonly
DF6000
heap
page read and write
27AB772A000
heap
page read and write
1A30A470000
heap
page read and write
1A30A630000
heap
page read and write
39FF000
stack
page read and write
12A4000
heap
page read and write
1A30D9C0000
trusted library allocation
page read and write
4C11000
heap
page read and write
2470000
heap
page read and write
4C11000
heap
page read and write
27E7000
trusted library allocation
page read and write
6FB22FF000
stack
page read and write
1290000
heap
page read and write
27AB7870000
heap
page read and write
7FFD34410000
trusted library allocation
page read and write
928000
unkown
page execute and read and write
E03000
heap
page read and write
1A3248C8000
heap
page read and write
36AE000
stack
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
D9A000
heap
page read and write
2E2331E000
stack
page read and write
3100000
unkown
page readonly
4C11000
heap
page read and write
2913000
trusted library allocation
page read and write
2963000
trusted library allocation
page read and write
223F11F5000
heap
page read and write
DD3000
heap
page read and write
1582000
heap
page read and write
6FB2AFD000
stack
page read and write
7FFD34364000
trusted library allocation
page read and write
12A4000
heap
page read and write
14EF000
heap
page read and write
340000
unkown
page readonly
27D4000
trusted library allocation
page read and write
4C11000
heap
page read and write
1A30DD83000
trusted library allocation
page read and write
27FC000
trusted library allocation
page read and write
2E23BFF000
stack
page read and write
7FFD343BC000
trusted library allocation
page execute and read and write
E44000
heap
page read and write
5210000
direct allocation
page execute and read and write
A08000
heap
page read and write
5A60000
direct allocation
page read and write
25E53790000
remote allocation
page read and write
2EC0000
heap
page read and write
1470000
direct allocation
page read and write
BD5000
heap
page read and write
926000
unkown
page write copy
4C11000
heap
page read and write
C9A18FE000
stack
page read and write
47B1000
heap
page read and write
270D000
trusted library allocation
page read and write
5240000
direct allocation
page execute and read and write
4C11000
heap
page read and write
5841000
heap
page read and write
401000
unkown
page execute read
52A0000
direct allocation
page execute and read and write
6FB26FE000
stack
page read and write
441000
unkown
page execute and write copy
236FF440000
trusted library allocation
page read and write
1A31C4E1000
trusted library allocation
page read and write
2E236FD000
unkown
page read and write
4C11000
heap
page read and write
848000
heap
page read and write
25E5364E000
trusted library allocation
page read and write
4C11000
heap
page read and write
223F0F66000
heap
page read and write
1150000
heap
page read and write
2940000
trusted library allocation
page read and write
1A324670000
trusted library allocation
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
980000
unkown
page readonly
47B1000
heap
page read and write
4C11000
heap
page read and write
334E000
stack
page read and write
1366000
heap
page read and write
FBD000
heap
page read and write
4D90000
direct allocation
page execute and read and write
440000
unkown
page readonly
C9A17FF000
stack
page read and write
1B3A0000
heap
page read and write
47B1000
heap
page read and write
5E2000
unkown
page readonly
2E3E000
stack
page read and write
1290000
heap
page read and write
712000
stack
page read and write
D2E000
stack
page read and write
44A000
remote allocation
page execute and read and write
223F2E93000
heap
page read and write
E44000
heap
page read and write
2473000
heap
page read and write
4C11000
heap
page read and write
FF0000
direct allocation
page read and write
7FF6ADAF0000
unkown
page readonly
4A6000
unkown
page write copy
47B1000
heap
page read and write
102E000
stack
page read and write
98E000
stack
page read and write
7FFD34360000
trusted library allocation
page read and write
6FB20F3000
stack
page read and write
35DC000
trusted library allocation
page read and write
981000
unkown
page execute and write copy
384E000
stack
page read and write
236FF440000
trusted library allocation
page read and write
3A20000
remote allocation
page read and write
87B000
heap
page read and write
1B39D000
stack
page read and write
F8F000
stack
page read and write
12A3000
heap
page read and write
7FFD34480000
trusted library allocation
page execute and read and write
498F000
stack
page read and write
921000
unkown
page execute and read and write
760000
heap
page read and write
12A4000
heap
page read and write
3E0000
unkown
page readonly
5210000
direct allocation
page execute and read and write
14E4000
heap
page read and write
14E4000
heap
page read and write
1250000
heap
page read and write
1AFAE000
stack
page read and write
29C9000
trusted library allocation
page read and write
7FFD34380000
trusted library allocation
page read and write
25E53750000
trusted library allocation
page read and write
D90000
heap
page read and write
296E000
trusted library allocation
page read and write
157D000
heap
page read and write
160000
heap
page read and write
FC0000
trusted library allocation
page execute and read and write
1A30A600000
trusted library allocation
page read and write
370E000
stack
page read and write
4C11000
heap
page read and write
14E4000
heap
page read and write
380F000
stack
page read and write
125E8000
trusted library allocation
page read and write
E44000
heap
page read and write
4DA1000
heap
page read and write
FF0000
direct allocation
page read and write
6A70000
heap
page read and write
1A3248E6000
heap
page read and write
4A65000
heap
page read and write
1470000
heap
page read and write
33BE000
trusted library allocation
page read and write
69C0000
heap
page read and write
470F000
stack
page read and write
156C000
heap
page read and write
C30000
heap
page read and write
4DA1000
heap
page read and write
2970000
trusted library allocation
page read and write
E44000
heap
page read and write
509E000
stack
page read and write
2905000
trusted library allocation
page read and write
4C11000
heap
page read and write
DE8000
heap
page read and write
6CC000
stack
page read and write
5250000
direct allocation
page execute and read and write
52B0000
direct allocation
page execute and read and write
14E4000
heap
page read and write
4D90000
direct allocation
page read and write
7FFD34511000
trusted library allocation
page read and write
12A0000
heap
page read and write
4C11000
heap
page read and write
2811000
trusted library allocation
page read and write
4FC000
stack
page read and write
4C11000
heap
page read and write
33CD000
trusted library allocation
page read and write
157E000
heap
page read and write
1A324800000
heap
page read and write
1A30A6B7000
heap
page read and write
DB7000
heap
page read and write
2812000
trusted library allocation
page execute and read and write
2879000
trusted library allocation
page read and write
5200000
direct allocation
page execute and read and write
1564000
heap
page read and write
157A000
heap
page read and write
136B000
heap
page read and write
BA0000
heap
page read and write
1246000
heap
page read and write
29A8000
trusted library allocation
page read and write
E44000
heap
page read and write
484F000
stack
page read and write
7FFD34540000
trusted library allocation
page execute and read and write
27AB7582000
unkown
page readonly
505F000
stack
page read and write
394F000
stack
page read and write
7FFD3436D000
trusted library allocation
page execute and read and write
E44000
heap
page read and write
4A6000
unkown
page write copy
14E4000
heap
page read and write
4C11000
heap
page read and write
7FFD345F0000
trusted library allocation
page read and write
47B1000
heap
page read and write
BA4000
trusted library allocation
page read and write
D60000
trusted library allocation
page read and write
1A324875000
heap
page read and write
FF0000
direct allocation
page read and write
1B019000
heap
page read and write
5280000
direct allocation
page execute and read and write
1A31C7A7000
trusted library allocation
page read and write
6BDB000
stack
page read and write
7FFD34380000
trusted library allocation
page read and write
DE8000
heap
page read and write
12A4000
heap
page read and write
7EC000
heap
page read and write
824000
unkown
page read and write
12A4000
heap
page read and write
7FFD3438D000
trusted library allocation
page execute and read and write
4D90000
direct allocation
page read and write
223F11C0000
heap
page read and write
4A89000
heap
page read and write
CAF000
stack
page read and write
1160000
heap
page read and write
277A000
trusted library allocation
page read and write
329E000
stack
page read and write
2884000
trusted library allocation
page read and write
27AB776D000
heap
page read and write
2899000
trusted library allocation
page read and write
223F0F58000
heap
page read and write
1A31C79F000
trusted library allocation
page read and write
BC08FE000
stack
page read and write
F81000
heap
page read and write
5230000
direct allocation
page execute and read and write
C9A14FF000
stack
page read and write
1E0000
unkown
page readonly
4D90000
direct allocation
page read and write
1369000
heap
page read and write
A4F000
stack
page read and write
12A4000
heap
page read and write
4D70000
direct allocation
page execute and read and write
4C11000
heap
page read and write
BC0DBC000
stack
page read and write
4C90000
direct allocation
page read and write
27A7000
trusted library allocation
page read and write
840000
heap
page read and write
4AE8000
heap
page read and write
7C1000
heap
page read and write
330F000
stack
page read and write
2813000
trusted library allocation
page read and write
6CE4000
heap
page read and write
1A32496F000
heap
page read and write
8C1000
unkown
page execute and write copy
12A4000
heap
page read and write
1A31C79D000
trusted library allocation
page read and write
28DE000
trusted library allocation
page read and write
D80000
heap
page read and write
28FF000
stack
page read and write
2787000
trusted library allocation
page read and write
BC0EBB000
stack
page read and write
2886000
trusted library allocation
page read and write
307D000
stack
page read and write
4C11000
heap
page read and write
7DF440230000
trusted library allocation
page execute and read and write
DCE000
heap
page read and write
5280000
direct allocation
page execute and read and write
4C11000
heap
page read and write
12A4000
heap
page read and write
190000
unkown
page readonly
4C11000
heap
page read and write
7FFD3438B000
trusted library allocation
page execute and read and write
BBC000
unkown
page execute and read and write
1B04F000
heap
page read and write
D30000
trusted library allocation
page read and write
27AB7610000
heap
page read and write
A57000
unkown
page readonly
281A000
trusted library allocation
page read and write
4C11000
heap
page read and write
1AB6C000
stack
page read and write
7FFD34500000
trusted library allocation
page read and write
6FB21FF000
stack
page read and write
12A4000
heap
page read and write
554F000
stack
page read and write
2931000
trusted library allocation
page read and write
4C11000
heap
page read and write
FF0000
direct allocation
page read and write
64BB000
stack
page read and write
1A3246C7000
heap
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
4D90000
direct allocation
page read and write
8990000
heap
page read and write
4DA1000
heap
page read and write
1343000
heap
page read and write
1A324810000
heap
page read and write
25E53620000
trusted library allocation
page read and write
51E0000
heap
page read and write
5280000
direct allocation
page execute and read and write
7FF468E70000
trusted library allocation
page execute and read and write
12A4000
heap
page read and write
3570000
trusted library allocation
page read and write
1AFF8000
heap
page read and write
E44000
heap
page read and write
7FFD34384000
trusted library allocation
page read and write
FF0000
direct allocation
page read and write
4D90000
direct allocation
page read and write
1A30D505000
trusted library allocation
page read and write
28ED000
trusted library allocation
page read and write
BC0ABF000
stack
page read and write
C9A11FF000
stack
page read and write
FF0000
direct allocation
page read and write
2875000
trusted library allocation
page read and write
1A30DCC1000
trusted library allocation
page read and write
35F0000
heap
page read and write
1A31C4B1000
trusted library allocation
page read and write
2902000
trusted library allocation
page read and write
1A30A6BB000
heap
page read and write
2648000
trusted library allocation
page read and write
1A30D93B000
trusted library allocation
page read and write
1A30A66F000
heap
page read and write
3815000
trusted library allocation
page read and write
F77000
heap
page read and write
14E4000
heap
page read and write
4C11000
heap
page read and write
E44000
heap
page read and write
7FFD34590000
trusted library allocation
page read and write
460E000
stack
page read and write
27AB7742000
heap
page read and write
EC000
stack
page read and write
279C000
trusted library allocation
page read and write
27DC000
trusted library allocation
page read and write
F97000
trusted library allocation
page execute and read and write
1A30A5B0000
heap
page read and write
47B1000
heap
page read and write
3811000
trusted library allocation
page read and write
1A30C4A0000
heap
page read and write
29C7000
trusted library allocation
page read and write
27AB770C000
heap
page read and write
1584000
heap
page read and write
7FFD34370000
trusted library allocation
page read and write
4C11000
heap
page read and write
424D000
stack
page read and write
12A4000
heap
page read and write
69C000
unkown
page readonly
4C11000
heap
page read and write
1190000
heap
page read and write
2888000
trusted library allocation
page read and write
33E1000
trusted library allocation
page read and write
14E4000
heap
page read and write
3D0F000
stack
page read and write
223F0F50000
heap
page read and write
12A4000
heap
page read and write
11A0000
heap
page read and write
4C11000
heap
page read and write
1B3C2000
heap
page read and write
129A000
heap
page read and write
5CB000
stack
page read and write
3FCE000
stack
page read and write
289D000
trusted library allocation
page read and write
4C11000
heap
page read and write
1554000
heap
page read and write
7DF440240000
trusted library allocation
page execute and read and write
D20000
trusted library allocation
page execute and read and write
447000
remote allocation
page execute and read and write
F9B000
trusted library allocation
page execute and read and write
223F11F0000
heap
page read and write
1333000
heap
page read and write
1A30D9AC000
trusted library allocation
page read and write
6FB24FF000
stack
page read and write
13B0000
heap
page read and write
AC5000
heap
page read and write
1AFC4000
heap
page read and write
B80000
trusted library allocation
page read and write
35CE000
stack
page read and write
E44000
heap
page read and write
7FFD34480000
trusted library allocation
page execute and read and write
42B000
unkown
page write copy
2CFE000
stack
page read and write
25579610000
unkown
page readonly
47B1000
heap
page read and write
27AB7740000
heap
page read and write
8C0000
unkown
page readonly
47B1000
heap
page read and write
4C11000
heap
page read and write
6B2000
unkown
page readonly
2821000
trusted library allocation
page read and write
7FFD34560000
trusted library allocation
page read and write
1B3D9000
heap
page read and write
7FFD34446000
trusted library allocation
page execute and read and write
4A6B000
heap
page read and write
4AAD000
heap
page read and write
BD0000
heap
page read and write
1A30BEE0000
trusted library allocation
page read and write
FF0000
direct allocation
page read and write
49CE000
stack
page read and write
4C11000
heap
page read and write
74A000
unkown
page execute and write copy
40CF000
stack
page read and write
440000
unkown
page readonly
47B1000
heap
page read and write
2801000
trusted library allocation
page read and write
6FB27FE000
stack
page read and write
12A4000
heap
page read and write
4AC2000
heap
page read and write
5C48000
heap
page read and write
BC188E000
stack
page read and write
684F000
stack
page read and write
4C11000
heap
page read and write
41C000
unkown
page readonly
4F60000
trusted library allocation
page execute and read and write
12A4000
heap
page read and write
BB0000
trusted library allocation
page read and write
146E000
stack
page read and write
2B0A000
trusted library allocation
page execute and read and write
295D000
trusted library allocation
page read and write
2FAD000
heap
page read and write
14AE000
heap
page read and write
4C11000
heap
page read and write
BC0879000
stack
page read and write
1B034000
heap
page read and write
4C11000
heap
page read and write
4D80000
direct allocation
page execute and read and write
51DE000
stack
page read and write
25579612000
unkown
page readonly
1A324557000
heap
page read and write
47B1000
heap
page read and write
27AB7840000
heap
page read and write
47B1000
heap
page read and write
1574000
heap
page read and write
5280000
direct allocation
page execute and read and write
3A40000
heap
page read and write
1A324640000
heap
page execute and read and write
2B9E000
stack
page read and write
4C11000
heap
page read and write
BB0000
heap
page read and write
279A000
trusted library allocation
page read and write
A20000
unkown
page readonly
278D000
trusted library allocation
page read and write
153D000
heap
page read and write
BC06FE000
unkown
page read and write
420F000
stack
page read and write
4D90000
direct allocation
page execute and read and write
4F40000
heap
page read and write
2985000
trusted library allocation
page read and write
290F000
trusted library allocation
page read and write
E44000
heap
page read and write
2853000
trusted library allocation
page read and write
157A000
heap
page read and write
7FFD34500000
trusted library allocation
page read and write
29B4000
trusted library allocation
page read and write
27EB000
trusted library allocation
page read and write
1A324827000
heap
page read and write
14E4000
heap
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
3613000
trusted library allocation
page read and write
4BFD000
stack
page read and write
27AB9236000
trusted library allocation
page read and write
7FFD34446000
trusted library allocation
page execute and read and write
2976000
trusted library allocation
page read and write
236FF440000
trusted library allocation
page read and write
340D000
trusted library allocation
page read and write
687000
unkown
page readonly
674E000
stack
page read and write
27AB77BD000
heap
page read and write
1470000
direct allocation
page read and write
2740000
heap
page execute and read and write
4EA0000
trusted library allocation
page read and write
4C11000
heap
page read and write
27F8000
trusted library allocation
page read and write
223F2E90000
heap
page read and write
4C11000
heap
page read and write
B38000
stack
page read and write
51F0000
direct allocation
page execute and read and write
36CF000
stack
page read and write
2915000
trusted library allocation
page read and write
292F000
trusted library allocation
page read and write
28FC000
trusted library allocation
page read and write
14E4000
heap
page read and write
5210000
direct allocation
page execute and read and write
400000
unkown
page readonly
27AB77E7000
heap
page read and write
2E2330D000
stack
page read and write
14E4000
heap
page read and write
1A30D10D000
trusted library allocation
page read and write
2961000
trusted library allocation
page read and write
4C11000
heap
page read and write
236FF890000
trusted library allocation
page read and write
1576000
heap
page read and write
E44000
heap
page read and write
2911000
trusted library allocation
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
7FF6AD86B000
unkown
page readonly
585C000
heap
page read and write
1A324647000
heap
page execute and read and write
2733000
trusted library allocation
page read and write
7AA000
heap
page read and write
2994000
trusted library allocation
page read and write
25E53634000
trusted library allocation
page read and write
2F1D000
stack
page read and write
F7E000
heap
page read and write
2E1F000
stack
page read and write
BAD000
trusted library allocation
page execute and read and write
1A30E005000
trusted library allocation
page read and write
276B000
trusted library allocation
page read and write
1E370000
trusted library allocation
page read and write
120A000
heap
page read and write
D64000
trusted library allocation
page read and write
12A4000
heap
page read and write
42B000
unkown
page write copy
2868000
trusted library allocation
page read and write
7FFD3437B000
trusted library allocation
page read and write
1B048000
heap
page read and write
434F000
stack
page read and write
12A4000
heap
page read and write
28EF000
trusted library allocation
page read and write
14F4000
heap
page read and write
4C11000
heap
page read and write
2D1D000
stack
page read and write
27AB7995000
heap
page read and write
FF0000
direct allocation
page read and write
3A8F000
stack
page read and write
12A4000
heap
page read and write
BFE000
stack
page read and write
1A3246A0000
heap
page read and write
3436000
trusted library allocation
page read and write
51E0000
direct allocation
page execute and read and write
103B000
stack
page read and write
27AB772D000
heap
page read and write
1470000
direct allocation
page read and write
6E1E000
stack
page read and write
47B1000
heap
page read and write
7FFD34570000
trusted library allocation
page read and write
1580000
heap
page read and write
1A30C339000
heap
page read and write
223F0F77000
heap
page read and write
357A000
trusted library allocation
page read and write
1AFF0000
heap
page read and write
B5E000
stack
page read and write
1576000
heap
page read and write
78C000
heap
page read and write
25E53630000
trusted library allocation
page read and write
288C000
trusted library allocation
page read and write
1574000
heap
page read and write
1A32481B000
heap
page read and write
AE4000
trusted library allocation
page read and write
47B1000
heap
page read and write
1A324837000
heap
page read and write
29B2000
trusted library allocation
page read and write
12A4000
heap
page read and write
1A30A68F000
heap
page read and write
1A32484D000
heap
page read and write
223F2B40000
heap
page read and write
9D4000
trusted library allocation
page read and write
5280000
direct allocation
page execute and read and write
2942000
trusted library allocation
page read and write
74A000
unkown
page execute and write copy
125E1000
trusted library allocation
page read and write
441000
unkown
page execute and write copy
1C6A2000
trusted library allocation
page read and write
7EA000
heap
page read and write
2B50000
direct allocation
page execute and read and write
BE0000
heap
page read and write
1CB7E000
stack
page read and write
401000
unkown
page execute read
BC0E3E000
stack
page read and write
1A30C536000
trusted library allocation
page read and write
280F000
stack
page read and write
384F000
stack
page read and write
25E1000
trusted library allocation
page read and write
474E000
stack
page read and write
4C11000
heap
page read and write
44CE000
stack
page read and write
1A30E0CB000
trusted library allocation
page read and write
27AB78C0000
trusted library allocation
page read and write
2FCF000
stack
page read and write
1280000
heap
page read and write
2992000
trusted library allocation
page read and write
374E000
stack
page read and write
12E0000
heap
page read and write
808000
heap
page read and write
519F000
stack
page read and write
7BF000
heap
page read and write
14E4000
heap
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
12A9000
heap
page read and write
4AF3000
heap
page read and write
7FFD34530000
trusted library allocation
page read and write
153D000
heap
page read and write
E44000
heap
page read and write
1554000
heap
page read and write
7FFD345E0000
trusted library allocation
page read and write
1567000
heap
page read and write
3ACE000
stack
page read and write
1A30D290000
trusted library allocation
page read and write
4C11000
heap
page read and write
24397F00000
unkown
page read and write
4C11000
heap
page read and write
27AB91F0000
heap
page execute and read and write
1A30DAD6000
trusted library allocation
page read and write
4C11000
heap
page read and write
12D5000
heap
page read and write
1A30D969000
trusted library allocation
page read and write
4C11000
heap
page read and write
2989000
trusted library allocation
page read and write
279E000
trusted library allocation
page read and write
7FFD343BC000
trusted library allocation
page execute and read and write
1E0000
unkown
page readonly
5210000
direct allocation
page execute and read and write
14E4000
heap
page read and write
236FF440000
trusted library allocation
page read and write
1470000
direct allocation
page read and write
6CDC000
stack
page read and write
4C11000
heap
page read and write
9C0000
trusted library allocation
page read and write
1200000
heap
page read and write
7FFD34416000
trusted library allocation
page read and write
25E53740000
trusted library allocation
page read and write
AAA000
unkown
page execute and read and write
299A000
trusted library allocation
page read and write
4C11000
heap
page read and write
35A0000
trusted library allocation
page read and write
4C11000
heap
page read and write
4C11000
heap
page read and write
780000
heap
page read and write
875000
heap
page read and write
1337000
heap
page read and write
FF0000
direct allocation
page read and write
1F7000
unkown
page readonly
47B1000
heap
page read and write
27AB7875000
heap
page read and write
1030000
heap
page read and write
6FB23FD000
stack
page read and write
4C11000
heap
page read and write
28EB000
trusted library allocation
page read and write
1A30D996000
trusted library allocation
page read and write
4AE8000
heap
page read and write
4D10000
trusted library allocation
page read and write
1A324935000
heap
page read and write
277E000
trusted library allocation
page read and write
BC0673000
stack
page read and write
344F000
stack
page read and write
29DD000
stack
page read and write
5260000
direct allocation
page execute and read and write
870000
heap
page read and write
1470000
direct allocation
page read and write
4C11000
heap
page read and write
27AB776B000
heap
page read and write
1A30A570000
heap
page read and write
1A324858000
heap
page read and write
348E000
stack
page read and write
3580000
trusted library allocation
page read and write
830000
heap
page read and write
12A4000
heap
page read and write
D9E000
heap
page read and write
AE0000
trusted library allocation
page read and write
438E000
stack
page read and write
AD0000
trusted library allocation
page read and write
277C000
trusted library allocation
page read and write
1035000
heap
page read and write
1A30D9AA000
trusted library allocation
page read and write
E44000
heap
page read and write
4D90000
direct allocation
page read and write
E44000
heap
page read and write
2767000
trusted library allocation
page read and write
BC0000
heap
page read and write
2E237FE000
stack
page read and write
2FD6000
heap
page read and write
6A60000
heap
page read and write
27AF000
trusted library allocation
page read and write
1A31C4D1000
trusted library allocation
page read and write
FD0000
trusted library allocation
page read and write
C9A13FD000
stack
page read and write
FF0000
direct allocation
page read and write
1AFFB000
heap
page read and write
12C8000
heap
page read and write
52F9000
stack
page read and write
4C11000
heap
page read and write
28CA000
trusted library allocation
page read and write
28BB000
trusted library allocation
page read and write
2681000
trusted library allocation
page read and write
2E7C000
stack
page read and write
1470000
direct allocation
page read and write
4C11000
heap
page read and write
680000
unkown
page readonly
A30000
heap
page read and write
281C000
trusted library allocation
page read and write
E34000
heap
page read and write
FF0000
direct allocation
page read and write
7C7000
stack
page read and write
BC0B37000
stack
page read and write
3C0E000
stack
page read and write
540B000
stack
page read and write
4C11000
heap
page read and write
1C4A0000
heap
page read and write
7FF6AD861000
unkown
page execute read
BE5000
heap
page read and write
9EE000
heap
page read and write
12A4000
heap
page read and write
268E000
stack
page read and write
1A30BF20000
heap
page execute and read and write
1A30BF75000
heap
page read and write
C9A12FF000
stack
page read and write
2DFD000
stack
page read and write
2946000
trusted library allocation
page read and write
29C5000
trusted library allocation
page read and write
7DF440250000
trusted library allocation
page execute and read and write
3B01000
trusted library allocation
page read and write
4C10000
heap
page read and write
1F2000
unkown
page read and write
2972000
trusted library allocation
page read and write
1AFB4000
heap
page read and write
7FFD34580000
trusted library allocation
page read and write
25E4E95A000
heap
page read and write
BC0D3E000
stack
page read and write
1A3248DA000
heap
page read and write
7FFD345C0000
trusted library allocation
page read and write
1AFE1000
heap
page read and write
4F4E000
stack
page read and write
D72000
unkown
page execute and write copy
1592000
heap
page read and write
1F2000
unkown
page write copy
12A4000
heap
page read and write
E44000
heap
page read and write
C35000
heap
page read and write
4C11000
heap
page read and write
27D6000
trusted library allocation
page read and write
190000
unkown
page readonly
190000
unkown
page readonly
7FFD34520000
trusted library allocation
page execute and read and write
1556000
heap
page read and write
255000CF000
trusted library allocation
page read and write
223F0F77000
heap
page read and write
289B000
trusted library allocation
page read and write
5304000
heap
page read and write
5280000
direct allocation
page execute and read and write
2F7E000
stack
page read and write
488E000
stack
page read and write
358F000
stack
page read and write
DED000
heap
page read and write
12A4000
heap
page read and write
898C000
stack
page read and write
1490000
direct allocation
page read and write
FC0000
heap
page read and write
24D0000
heap
page execute and read and write
5280000
direct allocation
page execute and read and write
670F000
stack
page read and write
7FF6AD86E000
unkown
page write copy
A50000
heap
page read and write
7FFD34416000
trusted library allocation
page read and write
29BA000
trusted library allocation
page read and write
6A6E000
heap
page read and write
5270000
direct allocation
page execute and read and write
236FF440000
trusted library allocation
page read and write
1582000
heap
page read and write
4C11000
heap
page read and write
7FFD345A0000
trusted library allocation
page read and write
2798000
trusted library allocation
page read and write
F84000
heap
page read and write
E44000
heap
page read and write
7FFD34364000
trusted library allocation
page read and write
4C11000
heap
page read and write
33B0000
trusted library allocation
page read and write
1A3248DE000
heap
page read and write
2825000
trusted library allocation
page read and write
4D90000
direct allocation
page execute and read and write
5E0000
unkown
page readonly
DBB000
heap
page read and write
223F0FA4000
heap
page read and write
4C11000
heap
page read and write
1A30D967000
trusted library allocation
page read and write
1490000
direct allocation
page read and write
27AB7800000
heap
page read and write
1240000
heap
page read and write
842000
heap
page read and write
1558000
heap
page read and write
3F8F000
stack
page read and write
223F0F9E000
heap
page read and write
4C11000
heap
page read and write
2981000
trusted library allocation
page read and write
4A60000
direct allocation
page read and write
1AFBA000
heap
page read and write
47B1000
heap
page read and write
27E9000
trusted library allocation
page read and write
1470000
direct allocation
page read and write
BC07FE000
stack
page read and write
3035000
heap
page read and write
1A30A675000
heap
page read and write
4D90000
direct allocation
page execute and read and write
12D9000
heap
page read and write
14E4000
heap
page read and write
1A30D9F3000
trusted library allocation
page read and write
4A6D000
heap
page read and write
47B1000
heap
page read and write
2E23314000
stack
page read and write
1A30A5B5000
heap
page read and write
1A3248AE000
heap
page read and write
1AFD8000
heap
page read and write
2877000
trusted library allocation
page read and write
9EA000
heap
page read and write
1CD7E000
stack
page read and write
49AD000
stack
page read and write
6F0000
heap
page read and write
5220000
direct allocation
page execute and read and write
A25000
heap
page read and write
7FFD34410000
trusted library allocation
page read and write
CEE000
stack
page read and write
150000
heap
page read and write
6CE000
unkown
page readonly
12750000
trusted library allocation
page read and write
7AD000
heap
page read and write
1A30A67B000
heap
page read and write
3855000
trusted library allocation
page read and write
E44000
heap
page read and write
27AB7950000
heap
page read and write
BB4000
unkown
page execute and read and write
27AB7700000
heap
page read and write
4C11000
heap
page read and write
3A20000
remote allocation
page read and write
295F000
trusted library allocation
page read and write
4C11000
heap
page read and write
89AA000
heap
page read and write
2790000
trusted library allocation
page read and write
12A4000
heap
page read and write
498E000
stack
page read and write
BCA000
unkown
page execute and write copy
288A000
trusted library allocation
page read and write
1490000
direct allocation
page read and write
CF7000
trusted library allocation
page execute and read and write
4C11000
heap
page read and write
157E000
heap
page read and write
29B6000
trusted library allocation
page read and write
27AB9211000
trusted library allocation
page read and write
4ACF000
stack
page read and write
400000
remote allocation
page execute and read and write
5280000
direct allocation
page execute and read and write
340000
unkown
page readonly
28BE000
trusted library allocation
page read and write
4C11000
heap
page read and write
B70000
trusted library allocation
page execute and read and write
3851000
trusted library allocation
page read and write
E44000
heap
page read and write
BA0000
heap
page read and write
2818000
trusted library allocation
page read and write
B50000
heap
page read and write
1B290000
heap
page read and write
25E536C0000
trusted library allocation
page read and write
223F0F30000
heap
page read and write
64C0000
heap
page read and write
800000
heap
page read and write
1A324580000
heap
page read and write
C15000
heap
page read and write
F78000
stack
page read and write
1050000
heap
page read and write
1A324921000
heap
page read and write
1A32492B000
heap
page read and write
1470000
direct allocation
page read and write
5250000
direct allocation
page execute and read and write
50F0000
direct allocation
page read and write
41C000
unkown
page readonly
1470000
direct allocation
page read and write
12A4000
heap
page read and write
169F000
stack
page read and write
1A30BED0000
heap
page readonly
2752000
trusted library allocation
page read and write
2EC7000
heap
page read and write
2983000
trusted library allocation
page read and write
155E000
heap
page read and write
7FFD34362000
trusted library allocation
page read and write
B10000
heap
page read and write
4C11000
heap
page read and write
1F2000
unkown
page write copy
4AD0000
heap
page read and write
4C11000
heap
page read and write
AC8000
unkown
page write copy
320E000
stack
page read and write
4C11000
heap
page read and write
698F000
stack
page read and write
4C11000
heap
page read and write
4C0F000
stack
page read and write
4C11000
heap
page read and write
1F4000
unkown
page write copy
5210000
direct allocation
page execute and read and write
B0B000
trusted library allocation
page execute and read and write
425000
unkown
page write copy
339F000
stack
page read and write
1F5000
unkown
page read and write
A16000
heap
page read and write
28D7000
trusted library allocation
page read and write
2CA0000
heap
page read and write
1A3246B1000
heap
page read and write
1AFB0000
heap
page read and write
2686000
trusted library allocation
page read and write
12FE000
heap
page read and write
4C11000
heap
page read and write
5280000
direct allocation
page execute and read and write
C9A1AFD000
stack
page read and write
27AB000
trusted library allocation
page read and write
DFB000
stack
page read and write
F84000
heap
page read and write
5260000
direct allocation
page execute and read and write
27AB7890000
trusted library allocation
page read and write
1A30A620000
trusted library allocation
page read and write
B83000
unkown
page execute and read and write
4C11000
heap
page read and write
1320000
direct allocation
page execute and read and write
157D000
heap
page read and write
BC0BB8000
stack
page read and write
4C11000
heap
page read and write
284E000
stack
page read and write
223F2E99000
heap
page read and write
1CC7E000
stack
page read and write
1A32489F000
heap
page read and write
2778000
trusted library allocation
page read and write
D60000
unkown
page execute and read and write
6FB28FE000
stack
page read and write
292D000
trusted library allocation
page read and write
2D40000
unkown
page readonly
223F2E9A000
heap
page read and write
25E535F0000
trusted library allocation
page read and write
47B1000
heap
page read and write
7FFD3436D000
trusted library allocation
page execute and read and write
E44000
heap
page read and write
25500026000
trusted library allocation
page read and write
544C000
stack
page read and write
4D90000
direct allocation
page execute and read and write
223F0F10000
heap
page read and write
4A61000
heap
page read and write
7A7000
heap
page read and write
7FFD3451A000
trusted library allocation
page read and write
4C11000
heap
page read and write
4A8F000
stack
page read and write
14E4000
heap
page read and write
50CE000
stack
page read and write
25E535F0000
trusted library allocation
page read and write
2AFF000
stack
page read and write
5280000
direct allocation
page execute and read and write
3A20000
remote allocation
page read and write
9D3000
trusted library allocation
page execute and read and write
4D90000
direct allocation
page execute and read and write
25E53913000
heap
page read and write
29A5000
trusted library allocation
page read and write
1030000
trusted library allocation
page read and write
47B1000
heap
page read and write
4F50000
heap
page execute and read and write
2B0C000
trusted library allocation
page read and write
1AFCE000
heap
page read and write
135F000
heap
page read and write
DC0000
heap
page read and write
2998000
trusted library allocation
page read and write
3E4F000
stack
page read and write
There are 1292 hidden memdumps, click here to show them.