IOC Report
SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe
PE32+ executable (GUI) x86-64, for MS Windows
initial sample
 malicious
C:\ProgramData\ImageGuide 3.1.33.66\ImageGuide 3.1.33.66.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\MSIUpdaterV1_5fc4ccc1a69cead8abaf9c75121d8fec\MSIUpdaterV1.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
modified
 malicious
C:\ProgramData\MSIUpdaterV1_b169c3872385b2c3c15a1f5f96f34ffe\MSIUpdaterV1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\ndfbaljqaqzm\dckuybanmlgp.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\AdobeUpdaterV1_5fc4ccc1a69cead8abaf9c75121d8fec\AdobeUpdaterV1.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\AdobeUpdaterV1_b169c3872385b2c3c15a1f5f96f34ffe\AdobeUpdaterV1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\is-0MI7C.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\is-3KPDG.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\is-3TV13.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\is-FD6NC.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\libeay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\libssl-1_1.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\ssleay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
JSON data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\2eb29b48[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\setup[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\7725eaa6592c80f8124e769b4e8a07f7[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\cad54ba5b01423b1af8ec10ab5719d97[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\grabber[1].exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\lumma1504[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\sqln[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\123p[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\Space1.9_team[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\lumma1504[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\060[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Default12_team[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Retailer_prog[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\Retailer_prog[2].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\rules[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\setup294[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\timeSync[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\24PnbHlLLJLpyXRdC6DO5Pg.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSCA9.tmp\AppInstallerBackgroundUpdate.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSCA9.tmp\BdeHdCfg.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSCA9.tmp\CameraSettingsUIHost.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSCA9.tmp\Install.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSCA9.tmp\atieclxx.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSCA9.tmp\change.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSCA9.tmp\changepk.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\AjftBdcqEhUoRKcxg\EmHZJQvMUXyMfbh\tQYsPom.exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
 malicious
C:\Users\user\AppData\Local\Temp\DEC.exe
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\TaFd.XRA
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\MSVCP140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\Pythonwin\mfc140u.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\Pythonwin\win32ui.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\VCRUNTIME140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\VCRUNTIME140_1.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\_bz2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\_ctypes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\_elementtree.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\_hashlib.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\_lzma.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\_queue.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\_socket.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\_ssl.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\charset_normalizer\md.cp38-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\charset_normalizer\md__mypyc.cp38-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\exe\netconn_properties.exe
PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\exe\registers.exe
PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\exe\upx.exe
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\libcrypto-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\libffi-7.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\libssl-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\psutil\_psutil_windows.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\pyexpat.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\python3.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\python38.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\pywin32_system32\pythoncom38.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\pywin32_system32\pywintypes38.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\select.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\unicodedata.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\win32\_win32sysloader.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\win32\win32api.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\win32\win32net.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\win32\win32security.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\win32\win32trace.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\win32\win32wnet.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\zstandard\_cffi.cp38-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI56642\zstandard\backend_c.cp38-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\bynA5XZaUopLU9g6Euj0.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\p508E0L2OxcFz21C_cBt.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-0T16J.tmp\_isetup\_RegDLL.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-0T16J.tmp\_isetup\_iscrypt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-0T16J.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-1I1LT.tmp\is-RKCCV.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\fcegbwt
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\8q5xyu0coQILTrboZdACo84I.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\B0SLNTT0ZbIxZcHr0SHBJGEz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\DLdiRYbSxUKrp0thTehxs0R7.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\Fb9COhEBuDNRhtMnCgGo2QiL.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\GDL7jRat1qTWaJDTi_iESGFr.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\Honz_MBQI6vCkcbyCN3yB4rh.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\Hrpxb3VVNyjyS2Of2WrcJREY.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\M3c5GcarM7S9e4Fzg9fhkljA.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\OPHZ4RYtForDNHqUKDzFdbyl.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\QnkREgWvOVM7UiM40Bqj5sWB.exe
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\azloBsQlDmB56PqIarSd7g7V.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\f5PK0Fmcntr6Bz8d571_sPMM.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\jToGBYVMqv5v7FLLCc3PnzZj.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\rvzZmTKhzLAk54H0OO5fg4xv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\tNKXm3LImvO5in9OelWM8_lp.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\wjwNFr_3XWBVO8HOPBPzLGWO.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\xNcVS_VvZEHfTUaNtkua55mf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\yyfBua979C0ZzSPnCxybIlhk.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\System32\GroupPolicy\gpt.ini
ASCII text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\AAKJEGCFBGDHJJJJJKJECFCFCA
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\AEGDBAFH
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\AFHDHCAA
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\AKFCFBAAEHCFHJJKEHJK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\BAFCFBAEGDHIEBFHDGCBAECFBG
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\BFIIIDAFBFBKECBGDBGI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\CGCAKKKE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\CZQKSDDMWR.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\DAKFCGIJKJKFHIDHIIIEBGCBFB
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\ProgramData\DHCFIDAK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\DWTHNHNNJB.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\EBGCBAFCGDAAKFIDGIEGDGDHID
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\EFOYFBOLXA.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\EWZCVGNOWT.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\GLTYDMDUST.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\GNLQNHOLWB.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\GRXZDKKVDB.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\GRXZDKKVDB.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\HIEHDAFH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\HJKECAAAFHJECAAAEBFCAEBFHC
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\IECFHDBAAECAAKFHDHIIJKFHJE
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\IIEHJEHD
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\JDAFBKECAKFCAAAKJDAKJEGDAF
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\ProgramData\JDBGDHIIDAEBFHJJDBFI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\JDGCGHCGHCBFHJJKKJEHJEHJEH
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\KEBFBGDGHIIJJKEBKJDB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER12A5.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER13EE.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER193E.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AF5.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B3.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CBB.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1DF4.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER278A.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2912.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E72.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F8C.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER359.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3CCC.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D98.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E7.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4087.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER41C1.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4348.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER43E5.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER45F9.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4609.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER46A7.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4752.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A4.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4BD7.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C45.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D40.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4FB2.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER507B.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5159.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5215.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5216.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E1E.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5ECA.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FC5.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER613D.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6277.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER647C.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B62.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6BF0.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6C9D.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6D69.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER750C.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7559.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7664.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7ACA.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7AF9.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B77.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7C04.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D0F.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D1F.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D6F.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER81C5.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER82F8.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER83C4.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER83D9.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER85D9.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8764.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER88FC.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER897A.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER89D1.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8A8E.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BD7.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C1B.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8F33.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9167.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9705.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER977.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER98AE.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER99C5.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9AB3.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B8F.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9DED.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E4F.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA044.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA0EC.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA33.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA63.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB2.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB01F.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB0FB.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD230.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD35A.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD59D.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD6F6.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDABF.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD31.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDFF.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE06F.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE12B.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE4D6.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE5FF.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE9AA.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREAA5.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREAB6.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB53.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE23.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE81.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF29.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2D8.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2F8.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF386.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF3B5.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE94.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF7F.tmp.txt
data
dropped
C:\ProgramData\PALRGUCVEH.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\PALRGUCVEH.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\SNIPGPPREP.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\ZGGKNSUKOP.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\Public\Desktop\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 13:16:56 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
dropped
C:\Users\user\AppData\Local\CD-DVD-Runner\is-46DUV.tmp
data
dropped
C:\Users\user\AppData\Local\CD-DVD-Runner\is-O7LCO.tmp
data
dropped
C:\Users\user\AppData\Local\CD-DVD-Runner\is-OEOPV.tmp
data
dropped
C:\Users\user\AppData\Local\CD-DVD-Runner\is-QRQQR.tmp
JSON data
dropped
C:\Users\user\AppData\Local\CD-DVD-Runner\snapshot_blob.bin (copy)
data
dropped
C:\Users\user\AppData\Local\CD-DVD-Runner\unins000.dat
InnoSetup Log CD-DVD-Runner, version 0x2a, 3904 bytes, 302494\user, "C:\Users\user\AppData\Local\CD-DVD-Runner"
dropped
C:\Users\user\AppData\Local\CD-DVD-Runner\v8_context_snapshot.bin (copy)
data
dropped
C:\Users\user\AppData\Local\CD-DVD-Runner\vk_swiftshader_icd.json (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\128.png
RIFF (little-endian) data, Web/P image
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\performance.js
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\popup.css
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\popup.html
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\popup.js
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\worker.js
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000016.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\crypted[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\files[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\page_error[1].jpg
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\76561199673019888[1].htm
HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\setup[1].htm
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\PL_Clients[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\crypted[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\imgdrive_2_1[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\Tmp2BCA.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\Tmp2BDA.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-console-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-datetime-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-debug-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-errorhandling-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-file-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-file-l1-2-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-file-l2-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-handle-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-heap-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-interlocked-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-libraryloader-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-localization-l1-2-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-memory-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-namedpipe-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-processenvironment-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-processthreads-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-processthreads-l1-1-1.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-profile-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-rtlsupport-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-string-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-synch-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-synch-l1-2-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-sysinfo-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-timezone-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-core-util-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-conio-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-convert-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-environment-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-filesystem-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-heap-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-locale-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-math-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-multibyte-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-process-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-runtime-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-stdio-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-string-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-time-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\api-ms-win-crt-utility-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\base_library.zip
Zip archive data, at least v2.0 to extract, compression method=store
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\certifi\cacert.pem
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\_MEI56642\ucrtbase.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\adobe4Oj_OpvPYvao\Cookies\Chrome_Default.txt
ASCII text, with very long lines (369), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobe4Oj_OpvPYvao\History\Firefox_v6zchhhv.default-release.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobe4Oj_OpvPYvao\information.txt
ASCII text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobe4Oj_OpvPYvao\passwords.txt
Unicode text, UTF-8 text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobe4Oj_OpvPYvao\screenshot.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\adobeaHCIG8PSNyiV\Cookies\Chrome_Default.txt
ASCII text, with very long lines (369), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobeaHCIG8PSNyiV\information.txt
ASCII text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobeaHCIG8PSNyiV\passwords.txt
Unicode text, UTF-8 text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\02zdBXl47cvzcookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\3b6N2Xdh3CYwplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\3oQkzNzBij_CLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\5t6Ii1XbIVZuHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\7LZpu8lYLaL6Web Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\D87fZN3R3jFeplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\E8RYa_H9TXAVHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\EELYLfejcLztHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\Kd8a5INUbh_VWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\OLxn5hD6ZfoILogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\P4dxJ14wREOnWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\RDDdhvukKjzsCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\VwnlUULp97YQWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\YKYmNSWBkAcFWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\evAdx9NnKTiHWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\i9bQUwb0gVdGCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\y_jGoRJzS0CJHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidi4Oj_OpvPYvao\zdJpjA1Mr6mVLogin Data For Account
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\02zdBXl47cvzcookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\3b6N2Xdh3CYwplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\7RW6jxyALX6jWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\Abza6rTCIaCdLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\D87fZN3R3jFeplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\Gw8YbJCdnZfMHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\KKExVKdj4NSpWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\MB0fXnRaDxXiLogin Data For Account
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\MMzbRQzkD7lAHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\S6WYp_gBHkLSLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\T8nIqmgbl1ivWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\_4tm9JEac10JWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\hxJHbsgHe7kjCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\m2TmXBHr7008History
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\t0QvqjZ_6d3hCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\vXCN5za2dAGwWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\vw988PZTRRB5History
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiaHCIG8PSNyiV\yq9RQpgAvGCGWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\is-0T16J.tmp\_isetup\_shfoldr.dll
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\nyv8h1dp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\rage131MP.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpx_3rmj6g\gen_py\__init__.py
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\tmpx_3rmj6g\gen_py\dicts.dat
data
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm
data
dropped
C:\Users\user\Documents\SimpleAdobe\Gon5N1KYkyaNFzeeJDoj76Fi.exe
HTML document, Non-ISO extended-ASCII text, with very long lines (18154)
dropped
C:\Users\user\Documents\SimpleAdobe\f4Y7IGUXRMqOH79zw7TPvsbX.exe
HTML document, Non-ISO extended-ASCII text, with very long lines (18154)
dropped
C:\Users\user\Documents\SimpleAdobe\nACncdsaVw77ipiWE_oU4TxJ
Google Chrome extension, version 3
dropped
C:\Windows\Logs\StorGroupPolicy.log
data
modified
C:\Windows\SysWOW64\GroupPolicy\gpt.ini
ASCII text, with CRLF line terminators
dropped
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
RAGE Package Format (RPF),
dropped
There are 387 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe
"C:\Users\user\Desktop\SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe"
 malicious
C:\Users\user\Documents\SimpleAdobe\yyfBua979C0ZzSPnCxybIlhk.exe
C:\Users\user\Documents\SimpleAdobe\yyfBua979C0ZzSPnCxybIlhk.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\Fb9COhEBuDNRhtMnCgGo2QiL.exe
C:\Users\user\Documents\SimpleAdobe\Fb9COhEBuDNRhtMnCgGo2QiL.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\xNcVS_VvZEHfTUaNtkua55mf.exe
C:\Users\user\Documents\SimpleAdobe\xNcVS_VvZEHfTUaNtkua55mf.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\DLdiRYbSxUKrp0thTehxs0R7.exe
C:\Users\user\Documents\SimpleAdobe\DLdiRYbSxUKrp0thTehxs0R7.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\OPHZ4RYtForDNHqUKDzFdbyl.exe
C:\Users\user\Documents\SimpleAdobe\OPHZ4RYtForDNHqUKDzFdbyl.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\8q5xyu0coQILTrboZdACo84I.exe
C:\Users\user\Documents\SimpleAdobe\8q5xyu0coQILTrboZdACo84I.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\f5PK0Fmcntr6Bz8d571_sPMM.exe
C:\Users\user\Documents\SimpleAdobe\f5PK0Fmcntr6Bz8d571_sPMM.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\jToGBYVMqv5v7FLLCc3PnzZj.exe
C:\Users\user\Documents\SimpleAdobe\jToGBYVMqv5v7FLLCc3PnzZj.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\rvzZmTKhzLAk54H0OO5fg4xv.exe
C:\Users\user\Documents\SimpleAdobe\rvzZmTKhzLAk54H0OO5fg4xv.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\Hrpxb3VVNyjyS2Of2WrcJREY.exe
C:\Users\user\Documents\SimpleAdobe\Hrpxb3VVNyjyS2Of2WrcJREY.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\B0SLNTT0ZbIxZcHr0SHBJGEz.exe
C:\Users\user\Documents\SimpleAdobe\B0SLNTT0ZbIxZcHr0SHBJGEz.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\tNKXm3LImvO5in9OelWM8_lp.exe
C:\Users\user\Documents\SimpleAdobe\tNKXm3LImvO5in9OelWM8_lp.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\wjwNFr_3XWBVO8HOPBPzLGWO.exe
C:\Users\user\Documents\SimpleAdobe\wjwNFr_3XWBVO8HOPBPzLGWO.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\GDL7jRat1qTWaJDTi_iESGFr.exe
C:\Users\user\Documents\SimpleAdobe\GDL7jRat1qTWaJDTi_iESGFr.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\QnkREgWvOVM7UiM40Bqj5sWB.exe
C:\Users\user\Documents\SimpleAdobe\QnkREgWvOVM7UiM40Bqj5sWB.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\M3c5GcarM7S9e4Fzg9fhkljA.exe
C:\Users\user\Documents\SimpleAdobe\M3c5GcarM7S9e4Fzg9fhkljA.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\azloBsQlDmB56PqIarSd7g7V.exe
C:\Users\user\Documents\SimpleAdobe\azloBsQlDmB56PqIarSd7g7V.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\Honz_MBQI6vCkcbyCN3yB4rh.exe
C:\Users\user\Documents\SimpleAdobe\Honz_MBQI6vCkcbyCN3yB4rh.exe
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Users\user\AppData\Local\Temp\7zSCA9.tmp\Install.exe
.\Install.exe /dlhwdidkpGO "525403" /S
 malicious
C:\Users\user\Documents\SimpleAdobe\Honz_MBQI6vCkcbyCN3yB4rh.exe
C:\Users\user\Documents\SimpleAdobe\Honz_MBQI6vCkcbyCN3yB4rh.exe
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
 malicious
C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe
"C:\Users\user\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -i
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
 malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /S .\TaFD.XRA
C:\Users\user\AppData\Local\Temp\is-1I1LT.tmp\is-RKCCV.tmp
"C:\Users\user\AppData\Local\Temp\is-1I1LT.tmp\is-RKCCV.tmp" /SL4 $B0024 "C:\Users\user\Documents\SimpleAdobe\jToGBYVMqv5v7FLLCc3PnzZj.exe" 3625196 52224
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\sc.exe
C:\Windows\system32\sc.exe delete "OBGPQMHF"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\Conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 38 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://sodez.ru/tmp/index.php
malicious
economicscreateojsu.shop
malicious
entitlementappwo.shop
malicious
http://uama.com.ua/tmp/index.php
malicious
bordersoarmanusjuw.shop
malicious
http://talesofpirates.net/tmp/index.php
malicious
http://5.42.66.10/download/page_error.png
unknown
http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopResponseR
unknown
https://triedchicken.net/cad54ba5b01423b1af8ec10ab5719d97.exe.exe
unknown
http://193.233.132.139/dacha/rules.exe
unknown
https://sun6-21.userapi.com/c236331/u5294803/docs/d24/3cad94b79c70/imgdrive_2_1.bmp?extra=KSt_51f-h8
unknown
https://palberryslicker.sbs/
unknown
https://papi.vk.com/pushsse/ruim
unknown
https://meet.crazyfigs.top/2
unknown
https://baldurgatez.com/
unknown
https://docs.google.com/
unknown
https://ipinfo.io:443/widget/demo/81.181.57.52c
unknown
https://vk.com
unknown
https://www.instagram.com
unknown
https://st6-22.vk.com/dist/web/docs.20074c02.css
unknown
https://aui-cdn.atlassian.com/
unknown
http://5.42.66.10:80/download/page_error.pngZZ
unknown
http://www.innosetup.com
unknown
http://5.42.66.10:80/api/flash.php
unknown
http://ACVC.WPF.Service.WcfT
unknown
http://193.233.132.253/lumma1504.exe
unknown
https://api.ip.sb/ip
unknown
https://st6-22.vk.com/dist/web/ui_common.88618847.js
unknown
https://chrome.google.com/webstore
unknown
https://drive-daily-2.corp.google.com/
unknown
https://iplogger.org:443/1nhuM4.js
unknown
https://st6-22.vk.com/dist/web/page_layout.7b5800c2.js
unknown
https://st6-22.vk.com/dist/web/polyfills.isolated.edaffb7b.js
unknown
https://t.me/RiseProSUPPORT
unknown
http://185.172.128.203/dl.php(
unknown
http://5.42.66.10/
unknown
http://www.symauth.com/cps0(
unknown
https://bbuseruploads.s3.amazonaws.com/8b0be658-c958-47a3-96e4-fc8e5fe7c5dc/downloads/dc50f97b-477f-
unknown
https://drive-daily-1.corp.google.com/
unknown
https://drive-daily-5.corp.google.com/
unknown
http://5.42.66.10/download/page_error.png.
unknown
http://https://_bad_pdb_file.pdb
unknown
https://triedchicken.net:80/cad54ba5b01423b1af8ec10ab5719d97.exe
unknown
https://stats.vk-portal.net
unknown
https://page-error.comJ
unknown
https://meet.crazyfigs.top/style/060.exep/0/6
unknown
http://127.0.0.1:
unknown
https://st6-22.vk.com/css/al/fonts_utf.7fa94ada.css
unknown
https://ipinfo.io/
unknown
https://st6-22.vk.com/dist/web/common_web.6a09f0e1.js
unknown
http://www.symauth.com/rpa00
unknown
https://r.mradx.net
unknown
https://st6-22.vk.com/dist/web/unauthorized.20074c02.css
unknown
https://cdn.cookielaw.org/
unknown
https://iplis.ru/_F
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
unknown
https://chromewebstore.google.com/
unknown
https://monoblocked.com:80/525403/setup.exen$
unknown
https://palberryslicker.sbs/r
unknown
https://drive-preprod.corp.google.com/
unknown
https://urn.to/r/sds_see
unknown
https://chrome.google.com/webstore/
unknown
https://st6-22.vk.com/dist/web/raven_logger.ea0a2239.js
unknown
http://185.172.128.203/dl.php.exe
unknown
https://sandbox.google.com/
unknown
https://static.vk.me
unknown
https://sun6-21.userapi.com/p
unknown
http://193.233.132.253/lumma1504.exen%$
unknown
https://github.com/moq/moq4
unknown
https://st6-22.vk.com/dist/web/chunks/react.759f82b6.js
unknown
https://t.me/irfailAt
unknown
https://monoblocked.com/525403/setup.exenet/
unknown
https://iplis.ru/s
unknown
http://5.42.66.10:80/api/flash.php3
unknown
https://st6-22.vk.com
unknown
https://iplis.ru/
unknown
https://iplis.ru:443/1pRXr7.txt
unknown
https://iplogger.org/
unknown
https://ipinfo.io/namehttps://ipgeolocation.io/:
unknown
https://carthewasher.net/
unknown
https://monoblocked.com/
unknown
https://st6-22.vk.com/dist/web/performance_observers.4d12f60f.js
unknown
http://5.42.66.10/download/page_error.jpeg
unknown
https://cdn.ampproject.org
unknown
https://management.core.usgovcloudapi.netGODEBUG
unknown
https://st6-22.vk.com/css/al/vk_sans_display_faux.7d208ecb.css
unknown
https://monoblocked.com/525403/setup.exe
unknown
https://iplis.ru/1tqHh7.mp3
unknown
https://st6-22.vk.com/dist/web/chunks/vkui.bce4c996.js
unknown
https://iplis.ru/R
unknown
https://iplis.ru/P
unknown
https://baldurgatez.com:80/7725eaa6592c80f8124e769b4e8a07f7.exe;2
unknown
https://st6-22.vk.com/dist/web/jobs_devtools_notification.14f96f02.js
unknown
https://www.security.us.panasonic.com
unknown
http://5.42.66.10/rIMa
unknown
http://5.42.66.10/download/th/retail.php12.php
unknown
http://5.42.66.10/download/page_error.jpegF3
unknown
https://st6-22.vk.com/dist/web/chunks/audioplayer-lib.93b52d88.css
unknown
https://st6-22.vk.com/dist/web/site_layout.20074c02.css
unknown
https://iplis.ru:443/1BV4j7.mp4O
unknown
There are 90 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
172.67.196.94
unknown
United States
malicious
5.42.65.50
unknown
Russian Federation
malicious
186.10.34.51
unknown
Chile
malicious
185.172.128.23
unknown
Russian Federation
malicious
193.233.132.139
unknown
Russian Federation
34.117.186.192
unknown
United States
104.26.9.59
unknown
United States
52.216.50.177
unknown
United States
37.221.125.202
unknown
Lithuania
172.67.216.172
unknown
United States
18.205.93.1
unknown
United States
193.233.132.253
unknown
Russian Federation
87.240.137.164
unknown
Russian Federation
23.76.43.59
unknown
United States
172.67.161.113
unknown
United States
172.67.132.113
unknown
United States
172.67.169.146
unknown
United States
95.142.206.0
unknown
Russian Federation
147.45.47.93
unknown
Russian Federation
95.142.206.1
unknown
Russian Federation
104.21.63.150
unknown
United States
172.67.207.236
unknown
United States
37.27.87.155
unknown
Iran (ISLAMIC Republic Of)
185.172.128.203
unknown
Russian Federation
193.233.132.226
unknown
Russian Federation
109.175.29.39
unknown
Bosnia and Herzegowina
104.26.4.15
unknown
United States
104.21.5.28
unknown
United States
5.42.66.10
unknown
Russian Federation
104.21.91.214
unknown
United States
45.130.41.108
unknown
Russian Federation
There are 21 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
Exclusions_Extensions
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableAntiSpyware
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableRoutinelyTakingAction
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableBehaviorMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableOnAccessProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableScanOnRealtimeEnable
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{33071919-2175-4F9E-8105-BEAE0C730BFE}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRawWriteNotification
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableAntiSpyware
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableRoutinelyTakingAction
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
Exclusions_Extensions
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableBehaviorMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableOnAccessProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableScanOnRealtimeEnable
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{797FD966-CE70-43C0-B62D-A8420EB91151}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRawWriteNotification
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RageMP131
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdobeUpdaterV1_b169c3872385b2c3c15a1f5f96f34ffe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdobeUpdaterV1_5fc4ccc1a69cead8abaf9c75121d8fec
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
C:\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
Servers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
UUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
FirstInstallDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
ServiceVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
PGDSE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
ServersVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
OSCaption
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
OSArchitecture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
IsAdmin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
AV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
PatchTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
CPU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
GPU
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
ejjnniijcjakoaghpedjpcfkoclplenf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
Inno Setup: Setup Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
Inno Setup: App Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
Inno Setup: Icon Group
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
Inno Setup: User
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
QuietUninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CD-DVD-Runner_is1
NoRepair
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\SVGALabel
ig_i66_3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\2140
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\2140
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\2140
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\6768
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\6768
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\6768
CreationTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000001049E
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000030494
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nysbaf\NccQngn\Ybpny\EntrZC131\EntrZC131.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
a
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000007041E
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020438
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000008042C
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nysbaf\NccQngn\Ybpny\NqborHcqngreI202_3r3n2orr5npr9r061s31n101p1269o0p\NqborHcqngreI202.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000404E8
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000704BA
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nysbaf\Qbphzragf\FvzcyrNqbor\Ubam_ZODV6iPxpolPA3lO4eu.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
Excel.CSV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
Word.Document.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
Word.DocumentMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
Word.Document.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
Word.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
Word.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
Word.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
Outlook.File.msg.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\OpenWithProgids
PowerPoint.OpenDocumentPresentation.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
Excel.OpenDocumentSpreadsheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
Word.OpenDocumentText.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
PowerPoint.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
PowerPoint.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
PowerPoint.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
PowerPoint.Addin.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
PowerPoint.SlideShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
PowerPoint.SlideShow.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
PowerPoint.Show.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
PowerPoint.ShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
PowerPoint.Show.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
Word.RTF.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
PowerPoint.SlideMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
PowerPoint.Slide.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
bootstrap.vsto.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
Excel.AddInMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
Excel.Sheet.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
Excel.SheetBinaryMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
Excel.SheetMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
Excel.Sheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
Excel.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
Excel.TemplateMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
Excel.Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
Unpacker
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000005047E
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nysbaf\NccQngn\Ybpny\NqborHcqngreI1_o169p3872385o2p3p15n1s5s96s34ssr\NqborHcqngreI1.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
c
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
InstalledWin32AppsRevision
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
CheckSetting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated
Chrome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Puebzr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
InstalledWin32AppsRevision
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nysbaf\NccQngn\Ybpny\EntrZC131\EntrZC131.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
InstalledWin32AppsRevision
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nysbaf\NccQngn\Ybpny\NqborHcqngreI202_3r3n2orr5npr9r061s31n101p1269o0p\NqborHcqngreI202.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
WMP11.AssocFile.3G2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
WMP11.AssocFile.3GP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\OpenWithProgids
WMP11.AssocFile.3G2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\OpenWithProgids
WMP11.AssocFile.3GP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
AutoIt3Script
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
WMP11.AssocFile.AVI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
CABFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
Microsoft.PowerShellCmdletDefinitionXML.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
CSSfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
ddsfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
dllfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
emffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
exefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids
WMP11.AssocFile.FLAC
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
fonfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
giffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
htmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
icofile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
inffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
inifile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
pjpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
jpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
lnkfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
WMP11.AssocFile.m3u
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
WMP11.AssocFile.M4A
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
mhtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\OpenWithProgids
WMP11.AssocFile.MK3D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\OpenWithProgids
WMP11.AssocFile.MKA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\OpenWithProgids
WMP11.AssocFile.MKV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
WMP11.AssocFile.MOV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
WMP11.AssocFile.MP3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
ocxfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
otffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
pngfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\OpenWithProgids
Microsoft.PowerShellScript.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
Microsoft.PowerShellXMLData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd1\OpenWithProgids
Microsoft.PowerShellData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm1\OpenWithProgids
Microsoft.PowerShellModule.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
Microsoft.PowerShellSessionConfiguration.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
rlefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
SHCmdFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
SearchFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
shtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
sysfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
TIFImage.Document
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithProgids
TIFImage.Document
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
ttcfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
ttffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
txtfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
WMP11.AssocFile.WAV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
WMP11.AssocFile.WAX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
WMP11.AssocFile.WMA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
wmffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
WMP11.AssocFile.WMV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
WMP11.AssocFile.WPL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
WMP11.AssocFile.WVX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
xmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
xslfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
There are 223 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
C000360000
direct allocation
page read and write
 malicious
6B38000
heap
page read and write
 malicious
6AC1000
heap
page read and write
 malicious
843000
unkown
page read and write
 malicious
FED000
unkown
page read and write
 malicious
B20000
direct allocation
page read and write
 malicious
2DC0000
direct allocation
page read and write
 malicious
AF2000
unkown
page readonly
 malicious
452B000
trusted library allocation
page read and write
 malicious
82D000
unkown
page read and write
 malicious
2DE1000
unclassified section
page read and write
 malicious
45CD000
trusted library allocation
page read and write
 malicious
671F000
heap
page read and write
 malicious
5F5E000
stack
page read and write
F32A000
unkown
page read and write
2262FD24000
heap
page read and write
17C0000
heap
page read and write
33F0000
unkown
page read and write
434000
heap
page read and write
188D94F5000
heap
page read and write
435000
heap
page read and write
9B23B7B000
stack
page read and write
10474000
unkown
page read and write
2262FA0E000
heap
page read and write
25322F8C000
heap
page read and write
CF9000
stack
page read and write
2D546A80000
direct allocation
page read and write
2262F7EB000
heap
page read and write
1D1AAA5A000
heap
page read and write
140000000
unkown
page readonly
18C000
stack
page read and write
10589000
unkown
page read and write
9D4000
heap
page read and write
69820000
unkown
page readonly
EC0000
remote allocation
page read and write
1D1AAA58000
heap
page read and write
22630841000
heap
page read and write
F5A000
unkown
page execute and read and write
2262FA01000
heap
page read and write
C000045000
direct allocation
page read and write
9E0000
direct allocation
page read and write
757000
unkown
page execute and write copy
26A0000
heap
page read and write
31BB000
stack
page read and write
AA1C000
unkown
page read and write
DEFABFF000
stack
page read and write
2262FB02000
heap
page read and write
2262F9E8000
heap
page read and write
F50000
unkown
page execute and read and write
7FF5D705D000
unkown
page readonly
409000
unkown
page execute and read and write
85BE000
stack
page read and write
1D1AAA5A000
heap
page read and write
7FF656753000
unkown
page read and write
25322FBF000
heap
page read and write
F11000
unkown
page execute and read and write
6460000
remote allocation
page read and write
95FA000
stack
page read and write
33B0000
unkown
page readonly
2262FAAB000
heap
page read and write
6AA3000
heap
page read and write
58DE000
stack
page read and write
F8A000
heap
page read and write
1D1AAA5A000
heap
page read and write
25323801000
heap
page read and write
CA80000
unkown
page read and write
25325D16000
heap
page read and write
9D4000
heap
page read and write
7FF5D73F5000
unkown
page readonly
2262FA59000
heap
page read and write
7FF5D774C000
unkown
page readonly
2D80000
remote allocation
page read and write
7FF5D75A6000
unkown
page readonly
BBC000
unkown
page execute and read and write
2262FAA4000
heap
page read and write
1863000
trusted library allocation
page execute and read and write
2532301B000
heap
page read and write
140A0B000
unkown
page read and write
3851000
heap
page read and write
769A000
unkown
page read and write
2143000
heap
page read and write
7FF5D6A4B000
unkown
page readonly
96FE000
stack
page read and write
25325A00000
direct allocation
page read and write
11C4000
heap
page read and write
7FF5D774A000
unkown
page readonly
BEF000
unkown
page execute and read and write
25322FBF000
heap
page read and write
224C000
direct allocation
page read and write
C00004C000
direct allocation
page read and write
A391000
unkown
page read and write
25322FBC000
heap
page read and write
C8B3000
unkown
page read and write
FAB000
heap
page read and write
2262FC00000
heap
page read and write
7FF5D723F000
unkown
page readonly
2262FA19000
heap
page read and write
1A18C702000
heap
page read and write
7FF5D7799000
unkown
page readonly
F7F000
heap
page read and write
6772000
heap
page read and write
7FF5D7257000
unkown
page readonly
3260000
unkown
page read and write
7FF5D76F5000
unkown
page readonly
5463000
unkown
page read and write
2D501634000
direct allocation
page read and write
226300B7000
heap
page read and write
10CE000
stack
page read and write
21066000
heap
page read and write
2E1000
unkown
page execute read
25323031000
heap
page read and write
6CA7000
heap
page read and write
21052000
heap
page read and write
25325500000
heap
page read and write
DEFA9FF000
stack
page read and write
C000004000
direct allocation
page read and write
1F21CE8B000
heap
page read and write
434000
heap
page read and write
61B0000
heap
page read and write
6777000
heap
page read and write
7FF5D779E000
unkown
page readonly
E60000
direct allocation
page read and write
4AB0000
unkown
page read and write
C000480000
direct allocation
page read and write
345C000
trusted library allocation
page read and write
1380000
heap
page read and write
1D1AAA4C000
heap
page read and write
BFB000
unkown
page execute and read and write
226309E5000
heap
page read and write
41B000
unkown
page readonly
1FDBAA02000
trusted library allocation
page read and write
262D48D000
stack
page read and write
1460000
heap
page read and write
7FF5D7244000
unkown
page readonly
7FF7FE5A1000
unkown
page execute read
2F7D000
stack
page read and write
1B1000
unkown
page execute read
2262FA35000
heap
page read and write
2262F7EC000
heap
page read and write
1D1AAA4C000
heap
page read and write
2D5013A0000
heap
page read and write
140F62000
unkown
page execute read
1D1AAA4C000
heap
page read and write
2C01000
heap
page read and write
1D1AAA58000
heap
page read and write
1D1AAA58000
heap
page read and write
25325A00000
direct allocation
page read and write
3195000
heap
page read and write
2D51000
heap
page read and write
6AA0000
trusted library allocation
page read and write
7FF5D74B8000
unkown
page readonly
410000
unkown
page readonly
2262F300000
direct allocation
page read and write
6AA0000
trusted library allocation
page read and write
9E0000
heap
page read and write
2262F9F7000
heap
page read and write
F34E000
unkown
page read and write
7810000
unkown
page read and write
2262FA46000
heap
page read and write
41F000
unkown
page readonly
2106B000
heap
page read and write
25325A00000
direct allocation
page read and write
400000
unkown
page readonly
35D1000
unkown
page read and write
675A000
heap
page read and write
7FF5D7546000
unkown
page readonly
1A18C560000
heap
page read and write
A2E4EFF000
stack
page read and write
1021000
unkown
page execute and read and write
3B0C000
stack
page read and write
7FF7FE5EE000
unkown
page readonly
8D3C000
stack
page read and write
2262FAAB000
heap
page read and write
6811000
heap
page read and write
2262FC51000
heap
page read and write
A17000
heap
page read and write
1D1AAA4C000
heap
page read and write
2262F300000
direct allocation
page read and write
7FF5D720F000
unkown
page readonly
7FF656131000
unkown
page execute read
2262DA24000
heap
page read and write
2262FA32000
heap
page read and write
2F30000
heap
page read and write
67E000
unkown
page execute and read and write
7FF5D6BDB000
unkown
page readonly
C000012000
direct allocation
page read and write
6766000
heap
page read and write
B330000
unkown
page read and write
2106B000
heap
page read and write
2262FF98000
heap
page read and write
6ABC000
heap
page read and write
2262FA57000
heap
page read and write
2F40000
trusted library allocation
page read and write
8B70000
unkown
page read and write
2262FA61000
heap
page read and write
7FF5D71E6000
unkown
page readonly
7FF5D7760000
unkown
page readonly
253254BB000
heap
page read and write
34D7000
heap
page read and write
7FF656754000
unkown
page write copy
3787000
heap
page read and write
7FF5D7396000
unkown
page readonly
1023000
unkown
page readonly
F81000
heap
page read and write
C00015E000
direct allocation
page read and write
C80000
unkown
page readonly
6AB6000
heap
page read and write
14E000
stack
page read and write
A65000
unkown
page readonly
25322FBF000
heap
page read and write
7FF6563F5000
unkown
page write copy
1895000
trusted library allocation
page execute and read and write
7DF4F2470000
unkown
page readonly
2D51000
heap
page read and write
3530000
unkown
page read and write
68B8000
heap
page read and write
2AF0000
heap
page read and write
2262FACD000
heap
page read and write
4E4000
unkown
page execute and write copy
C81C000
unkown
page read and write
F334000
unkown
page read and write
6721000
heap
page read and write
4E2000
unkown
page execute and write copy
9D4000
heap
page read and write
2262FAAB000
heap
page read and write
2262F7EC000
heap
page read and write
E60000
direct allocation
page read and write
C000458000
direct allocation
page read and write
1D1AAA5A000
heap
page read and write
3851000
heap
page read and write
25323029000
heap
page read and write
226304DA000
heap
page read and write
434000
heap
page read and write
6ABF000
heap
page read and write
2262F9E8000
heap
page read and write
25325D2A000
heap
page read and write
4A1E000
stack
page read and write
7FF5D7722000
unkown
page readonly
35C3000
unkown
page read and write
F8C000
heap
page read and write
4AC0000
unkown
page read and write
3851000
heap
page read and write
C9CD000
unkown
page read and write
6440000
heap
page execute and read and write
3488000
trusted library allocation
page read and write
22630620000
heap
page read and write
2262FA11000
heap
page read and write
1D1AAA5A000
heap
page read and write
7FF5D7262000
unkown
page readonly
2262FC23000
heap
page read and write
1D1AAA4C000
heap
page read and write
A9A0000
unkown
page read and write
779E000
unkown
page read and write
768E000
unkown
page read and write
2262FC22000
heap
page read and write
A30000
heap
page read and write
76A000
unkown
page execute and write copy
7FF5D75F6000
unkown
page readonly
25325D17000
heap
page read and write
13E000
stack
page read and write
3434000
heap
page read and write
2262FE7C000
heap
page read and write
183F000
stack
page read and write
ED0000
heap
page read and write
2C11000
unkown
page readonly
3851000
heap
page read and write
333E000
stack
page read and write
2262FAAB000
heap
page read and write
2C20000
heap
page read and write
C46F000
unkown
page read and write
31A9000
heap
page read and write
2C01000
heap
page read and write
A33F000
unkown
page read and write
29C496D0000
heap
page read and write
1D1AAA4C000
heap
page read and write
296E000
stack
page read and write
1F0000
heap
page read and write
321D000
stack
page read and write
4261000
direct allocation
page execute read
3851000
heap
page read and write
6797000
heap
page read and write
2262FB1F000
heap
page read and write
6AAC000
heap
page read and write
7FF6563F2000
unkown
page read and write
1D1AAA4C000
heap
page read and write
761E000
unkown
page read and write
E60000
direct allocation
page read and write
6A0000
heap
page read and write
F21000
unkown
page execute and read and write
2262F7D2000
heap
page read and write
8B70000
unkown
page read and write
7FF6563A4000
unkown
page write copy
6ADB000
heap
page read and write
525000
unkown
page execute and write copy
21A8000
direct allocation
page read and write
DF0000
direct allocation
page read and write
25322FBF000
heap
page read and write
31A0000
heap
page read and write
260F000
stack
page read and write
190000
heap
page read and write
675C000
heap
page read and write
6745000
heap
page read and write
2262FA7E000
heap
page read and write
F8A000
heap
page read and write
9D4000
heap
page read and write
E90000
heap
page read and write
5F0000
direct allocation
page read and write
800000
unkown
page readonly
C81000
unkown
page execute read
579E000
stack
page read and write
4E8000
unkown
page execute and write copy
F64000
unkown
page execute and read and write
3260000
unkown
page read and write
5CD0000
trusted library section
page read and write
3851000
heap
page read and write
7AB0000
unkown
page read and write
7FF5D748A000
unkown
page readonly
2262FA89000
heap
page read and write
2C01000
heap
page read and write
2D51000
heap
page read and write
2981000
heap
page read and write
5F0000
heap
page read and write
7FF5D7309000
unkown
page readonly
3260000
unkown
page read and write
F81000
heap
page read and write
680000
heap
page read and write
87A000
unkown
page read and write
9ADB000
unkown
page read and write
3770000
heap
page read and write
400000
unkown
page readonly
6732000
heap
page read and write
24C0000
direct allocation
page read and write
C000090000
direct allocation
page read and write
2262FA11000
heap
page read and write
F84000
heap
page read and write
4E0000
unkown
page execute and write copy
960000
direct allocation
page read and write
2F7E000
stack
page read and write
25323882000
heap
page read and write
2262FAA4000
heap
page read and write
3851000
heap
page read and write
2262FA3C000
heap
page read and write
2262F7CC000
heap
page read and write
25326770000
direct allocation
page read and write
4AFE000
stack
page read and write
2D51000
heap
page read and write
3310000
unkown
page read and write
BB2000
unkown
page execute and read and write
343A000
heap
page read and write
1D1AAA58000
heap
page read and write
31EE000
stack
page read and write
377C000
heap
page read and write
467E000
stack
page read and write
2580000
heap
page read and write
2262FA7E000
heap
page read and write
1897000
trusted library allocation
page execute and read and write
6CA8000
heap
page read and write
21055000
heap
page read and write
B0BD000
stack
page read and write
6AB7000
heap
page read and write
2262F7C4000
heap
page read and write
A2B5000
unkown
page read and write
1873000
trusted library allocation
page read and write
1D1AAA58000
heap
page read and write
401000
unkown
page execute read
1B0000
heap
page read and write
9D4000
heap
page read and write
2262FAA7000
heap
page read and write
550000
unkown
page execute and write copy
6760000
heap
page read and write
634E000
stack
page read and write
2D51000
heap
page read and write
7FF5D71C4000
unkown
page readonly
7AE0000
unkown
page read and write
6AB3000
heap
page read and write
2D5013F4000
direct allocation
page read and write
F338000
unkown
page read and write
F80000
heap
page read and write
1D1AAA5A000
heap
page read and write
51B000
unkown
page execute and write copy
6AAD000
heap
page read and write
FC1000
unkown
page execute read
C000146000
direct allocation
page read and write
1D1AAA58000
heap
page read and write
1D1AAA58000
heap
page read and write
61C0000
heap
page read and write
C000035000
direct allocation
page read and write
7FF5D75E9000
unkown
page readonly
2262FBE1000
heap
page read and write
9D4000
heap
page read and write
11C4000
heap
page read and write
BF5000
unkown
page execute and read and write
35BA000
heap
page read and write
6AA3000
heap
page read and write
EF0000
heap
page read and write
2262F7CF000
heap
page read and write
2262FFED000
heap
page read and write
253253F6000
heap
page read and write
2262FA5B000
heap
page read and write
F21000
unkown
page execute read
3120000
unkown
page read and write
7FF656765000
unkown
page readonly
C73E000
unkown
page read and write
1D1AAA58000
heap
page read and write
7FF5D72BD000
unkown
page readonly
2262FA1F000
heap
page read and write
3310000
unkown
page read and write
7FF5D7267000
unkown
page readonly
2262F300000
direct allocation
page read and write
E60000
direct allocation
page read and write
145F000
stack
page read and write
401000
unkown
page execute read
E71000
unkown
page execute read
1FDBA0B0000
heap
page read and write
4481000
direct allocation
page read and write
1674000
heap
page read and write
7FF5D71DA000
unkown
page readonly
9D4000
heap
page read and write
490000
unkown
page write copy
72E000
stack
page read and write
C5F0000
unkown
page read and write
7FF5D71EA000
unkown
page readonly
C908000
unkown
page read and write
140F62000
unkown
page execute read
C000100000
direct allocation
page read and write
9D4000
heap
page read and write
A220000
unkown
page read and write
2D51000
heap
page read and write
7FF5D75D6000
unkown
page readonly
7FF5D77D2000
unkown
page readonly
7FF5D738E000
unkown
page readonly
2532380A000
heap
page read and write
3220000
direct allocation
page read and write
F84000
heap
page read and write
7FF5D75FF000
unkown
page readonly
400000
unkown
page execute and read and write
C5F4000
unkown
page read and write
C62D000
unkown
page read and write
6ACD000
heap
page read and write
F84000
heap
page read and write
BE70000
unkown
page readonly
2262F7BD000
heap
page read and write
3220000
direct allocation
page read and write
2262FF39000
heap
page read and write
2262F9DF000
heap
page read and write
2262FAA7000
heap
page read and write
25322FDE000
heap
page read and write
21881ED0000
heap
page read and write
7FF5D6ABD000
unkown
page readonly
6B3B000
heap
page read and write
25322FF1000
heap
page read and write
25325DCA000
heap
page read and write
9AF9000
unkown
page read and write
6ADB000
heap
page read and write
2262FC0E000
heap
page read and write
675C000
heap
page read and write
7FF5D74FA000
unkown
page readonly
7FF5D7235000
unkown
page readonly
41F000
unkown
page readonly
1D1AAA4C000
heap
page read and write
7FF5D66E8000
unkown
page readonly
1395000
heap
page read and write
C000456000
direct allocation
page read and write
1A70000
heap
page read and write
529000
unkown
page execute and write copy
7FF656130000
unkown
page readonly
E60000
direct allocation
page read and write
2105A000
heap
page read and write
2981000
heap
page read and write
C9F6000
unkown
page read and write
6939000
heap
page read and write
2262FC22000
heap
page read and write
9B23FFE000
unkown
page readonly
2262FB3C000
heap
page read and write
7FF5D75D9000
unkown
page readonly
9E0000
heap
page read and write
2262F73B000
heap
page read and write
2262FAAB000
heap
page read and write
F52000
unkown
page execute and read and write
3990000
heap
page read and write
1D1AAA4C000
heap
page read and write
5479000
unkown
page read and write
7FF6563A9000
unkown
page write copy
C00045A000
direct allocation
page read and write
DF0000
direct allocation
page read and write
2262FC6B000
heap
page read and write
7FF5D75B8000
unkown
page readonly
2262FC67000
heap
page read and write
2262FA00000
heap
page read and write
6ABF000
heap
page read and write
8B70000
unkown
page read and write
697F000
heap
page read and write
400000
unkown
page readonly
2D51000
heap
page read and write
7609000
unkown
page read and write
1E7D000
heap
page read and write
C00011C000
direct allocation
page read and write
605E000
stack
page read and write
76F8000
unkown
page read and write
25323017000
heap
page read and write
4A1000
unkown
page execute and write copy
942E000
stack
page read and write
29C49760000
heap
page read and write
514000
unkown
page execute and read and write
379A000
heap
page read and write
378E000
heap
page read and write
25322FBF000
heap
page read and write
11B0000
unkown
page read and write
226309C8000
heap
page read and write
7FF656765000
unkown
page readonly
25325A00000
direct allocation
page read and write
F5C000
unkown
page execute and read and write
4A71000
unkown
page read and write
2532553F000
heap
page read and write
3851000
heap
page read and write
760D000
unkown
page read and write
7FF5D7280000
unkown
page readonly
7FF5D744E000
unkown
page readonly
F8C000
heap
page read and write
7FF5D7065000
unkown
page readonly
2532551D000
heap
page read and write
630000
heap
page read and write
2981000
heap
page read and write
2262F7C1000
heap
page read and write
E60000
direct allocation
page read and write
2262FAAB000
heap
page read and write
2263083B000
heap
page read and write
1350000
unkown
page readonly
2262FA82000
heap
page read and write
A1AF000
stack
page read and write
2F40000
trusted library allocation
page read and write
7FF5D7458000
unkown
page readonly
2262F7D2000
heap
page read and write
2263028A000
heap
page read and write
6AA3000
heap
page read and write
51F000
unkown
page execute and write copy
25325D44000
heap
page read and write
2D51000
heap
page read and write
2C01000
heap
page read and write
3F6000
unkown
page execute and write copy
25322FBC000
heap
page read and write
21056000
heap
page read and write
2C01000
heap
page read and write
A28D000
unkown
page read and write
2D51000
heap
page read and write
226300F9000
heap
page read and write
4A79000
trusted library allocation
page read and write
886000
heap
page read and write
2CAE000
stack
page read and write
1D1AAA5A000
heap
page read and write
25325CCD000
heap
page read and write
9B23E7E000
stack
page read and write
25325D2B000
heap
page read and write
1D1AAA4C000
heap
page read and write
3600000
trusted library allocation
page read and write
14AE000
stack
page read and write
4BFF000
stack
page read and write
26E000
stack
page read and write
6E9F000
stack
page read and write
698C0000
unkown
page write copy
C00014A000
direct allocation
page read and write
6AB6000
heap
page read and write
2262F7D6000
heap
page read and write
3851000
heap
page read and write
1D1AAA58000
heap
page read and write
9ABD000
unkown
page read and write
675C000
heap
page read and write
2262FA93000
heap
page read and write
1D1AAA58000
heap
page read and write
3879000
heap
page read and write
9D4000
heap
page read and write
19B000
stack
page read and write
3100000
unkown
page read and write
11C4000
heap
page read and write
35FA000
unkown
page read and write
34EF000
heap
page read and write
4CD3000
trusted library allocation
page read and write
C000124000
direct allocation
page read and write
C000041000
direct allocation
page read and write
226300F2000
heap
page read and write
25323017000
heap
page read and write
F7F000
heap
page read and write
6C0000
heap
page read and write
25322FBA000
heap
page read and write
9820000
unkown
page read and write
2D546A80000
direct allocation
page read and write
620C000
stack
page read and write
9D4000
heap
page read and write
F8A000
heap
page read and write
2262FC6B000
heap
page read and write
2262F9FF000
heap
page read and write
2262FC6B000
heap
page read and write
675E000
heap
page read and write
F7F000
heap
page read and write
1CC000
stack
page read and write
1131000
unkown
page read and write
25322FB6000
heap
page read and write
517000
unkown
page execute and write copy
4392000
direct allocation
page readonly
82D000
unkown
page write copy
2D51000
heap
page read and write
25322FC8000
heap
page read and write
7989000
stack
page read and write
5B1E000
stack
page read and write
2262F300000
direct allocation
page read and write
C5F8000
unkown
page read and write
523000
unkown
page execute and write copy
2262FA32000
heap
page read and write
26D5000
heap
page read and write
2262FC67000
heap
page read and write
25325D2E000
heap
page read and write
2262FDA2000
heap
page read and write
AEE000
stack
page read and write
1150000
unkown
page read and write
166C000
heap
page read and write
C00007A000
direct allocation
page read and write
2D51000
heap
page read and write
79A2000
heap
page read and write
362A000
unkown
page read and write
401000
unkown
page execute read
12B0000
unkown
page read and write
A416000
unkown
page read and write
2C01000
heap
page read and write
2262FC6B000
heap
page read and write
2262FC67000
heap
page read and write
7FF6563A6000
unkown
page write copy
4B48000
trusted library allocation
page read and write
801000
unkown
page execute read
2262F7EC000
heap
page read and write
2262FA7E000
heap
page read and write
1D1AAA5A000
heap
page read and write
8A00000
unkown
page read and write
400000
unkown
page readonly
7FF5D7452000
unkown
page readonly
7FF5D71EF000
unkown
page readonly
1D1AAA58000
heap
page read and write
7FF5D7639000
unkown
page readonly
1D1AAA5A000
heap
page read and write
4DC000
unkown
page execute and write copy
C000066000
direct allocation
page read and write
F8A000
heap
page read and write
E54B000
stack
page read and write
21051000
heap
page read and write
C00046B000
direct allocation
page read and write
9D4000
heap
page read and write
8B70000
unkown
page read and write
2D5016F0000
direct allocation
page read and write
673000
heap
page read and write
16C3000
heap
page read and write
2682000
heap
page read and write
2262FA0F000
heap
page read and write
F8B000
heap
page read and write
9AAC000
unkown
page read and write
F54000
unkown
page execute and read and write
1F21CE8B000
heap
page read and write
2C01000
heap
page read and write
2D51000
heap
page read and write
29C49500000
heap
page read and write
2C60000
heap
page read and write
2EA0000
unkown
page readonly
997C000
stack
page read and write
F325000
unkown
page read and write
4C41000
heap
page read and write
3398000
trusted library allocation
page read and write
7FF5D77DD000
unkown
page readonly
1338000
stack
page read and write
565D000
stack
page read and write
C000010000
direct allocation
page read and write
2262FA73000
heap
page read and write
7FF5D66E3000
unkown
page readonly
6ABD000
heap
page read and write
22630229000
heap
page read and write
2262FC51000
heap
page read and write
E60000
direct allocation
page read and write
1D1AAA5A000
heap
page read and write
434000
heap
page read and write
3260000
unkown
page read and write
675C000
heap
page read and write
1D1AAA5A000
heap
page read and write
1FDBA190000
heap
page read and write
6812000
heap
page read and write
E00000
unkown
page readonly
3433000
heap
page read and write
6CA6000
heap
page read and write
434000
heap
page read and write
7637000
unkown
page read and write
927B000
stack
page read and write
7FF7FE5DD000
unkown
page write copy
C7CB000
unkown
page read and write
2262FC63000
heap
page read and write
1D1AAA5A000
heap
page read and write
1520000
heap
page read and write
A9E9000
unkown
page read and write
C01000
unkown
page execute and read and write
6AB6000
heap
page read and write
2970000
heap
page read and write
1D1AAA4C000
heap
page read and write
3165000
heap
page read and write
6816000
heap
page read and write
2262FC70000
heap
page read and write
2262FAAB000
heap
page read and write
2262FA1D000
heap
page read and write
A12F000
stack
page read and write
F0C000
heap
page read and write
675C000
heap
page read and write
2D51000
heap
page read and write
C460000
unkown
page read and write
11C4000
heap
page read and write
2CD0000
heap
page read and write
1F21CE7A000
heap
page read and write
37E0000
heap
page read and write
3260000
unkown
page read and write
6ADB000
heap
page read and write
16D1000
heap
page read and write
25323017000
heap
page read and write
F7F000
heap
page read and write
678B000
heap
page read and write
3400000
unkown
page read and write
F13000
heap
page read and write
49FD000
unkown
page read and write
420000
unkown
page write copy
2262FC40000
heap
page read and write
17E0000
heap
page read and write
2C01000
heap
page read and write
2D51000
heap
page read and write
2255000
heap
page read and write
1D1AAA5A000
heap
page read and write
2E0000
unkown
page readonly
7FF5D77E0000
unkown
page readonly
2262FAA5000
heap
page read and write
7FF5D706E000
unkown
page readonly
6ADC000
heap
page read and write
698BE000
unkown
page read and write
7FF5D75DF000
unkown
page readonly
25326670000
direct allocation
page read and write
2677000
heap
page read and write
3430000
heap
page read and write
268A000
heap
page read and write
F33C000
unkown
page read and write
2262FA56000
heap
page read and write
B7E000
heap
page read and write
B950000
unkown
page readonly
5920000
heap
page read and write
2D51000
heap
page read and write
6816000
heap
page read and write
9526000
heap
page read and write
2C01000
heap
page read and write
3870000
direct allocation
page read and write
AA9F000
unkown
page read and write
2262F9F3000
heap
page read and write
2262FDA2000
heap
page read and write
210000
heap
page read and write
22630001000
heap
page read and write
3260000
unkown
page read and write
7FF5D77B9000
unkown
page readonly
35AE000
heap
page read and write
DEFA7FF000
stack
page read and write
2262FA0F000
heap
page read and write
F334000
unkown
page read and write
6817000
heap
page read and write
2DD0000
unclassified section
page read and write
2D51000
heap
page read and write
A0A9000
stack
page read and write
3851000
heap
page read and write
C035000
stack
page read and write
22630D3F000
heap
page read and write
C48B000
unkown
page read and write
52B000
unkown
page execute and write copy
74F000
stack
page read and write
91F0000
unkown
page readonly
3E81000
unkown
page read and write
2DB0000
direct allocation
page execute and read and write
47A000
heap
page read and write
2104A000
heap
page read and write
2262F7C3000
heap
page read and write
F4D0000
heap
page read and write
C000084000
direct allocation
page read and write
2C01000
heap
page read and write
2262FA89000
heap
page read and write
2262F7ED000
heap
page read and write
4920000
trusted library allocation
page read and write
C549000
unkown
page read and write
401000
unkown
page execute read
7460000
unkown
page read and write
6811000
heap
page read and write
6AAB000
heap
page read and write
6AB1000
heap
page read and write
2532301E000
heap
page read and write
2105C000
heap
page read and write
2262FACA000
heap
page read and write
6BB2000
heap
page read and write
676C000
heap
page read and write
1D1AAA58000
heap
page read and write
6AAC000
heap
page read and write
2E50000
trusted library allocation
page read and write
17E0000
direct allocation
page read and write
7C30000
unkown
page read and write
C000025000
direct allocation
page read and write
2262FAAB000
heap
page read and write
355E000
heap
page read and write
2262FC67000
heap
page read and write
E70000
direct allocation
page read and write
FCB000
heap
page read and write
4A90000
unkown
page read and write
2262FA32000
heap
page read and write
8880000
unkown
page readonly
3851000
heap
page read and write
2262F7F6000
heap
page read and write
3851000
heap
page read and write
1A50000
trusted library allocation
page read and write
174F000
stack
page read and write
23EA000
trusted library allocation
page read and write
2262FA7E000
heap
page read and write
9D4000
heap
page read and write
30DE000
stack
page read and write
1383000
heap
page read and write
188D9328000
heap
page read and write
401000
unkown
page execute read
7FF5D732D000
unkown
page readonly
6B6000
heap
page read and write
3260000
unkown
page read and write
D8C22FF000
stack
page read and write
C806000
unkown
page read and write
26D3000
heap
page read and write
2C01000
heap
page read and write
2262FA13000
heap
page read and write
1023000
unkown
page readonly
599A000
heap
page execute and read and write
AA01000
unkown
page read and write
E60000
direct allocation
page read and write
53E1000
unkown
page read and write
9820000
unkown
page read and write
8B70000
unkown
page read and write
21053000
heap
page read and write
6AC2000
heap
page read and write
25322FA5000
heap
page read and write
7FF5D7752000
unkown
page readonly
860000
direct allocation
page read and write
4AA0000
unkown
page read and write
25325D4D000
heap
page read and write
22630224000
heap
page read and write
BB10000
heap
page read and write
DF0000
direct allocation
page read and write
2262FFEB000
heap
page read and write
318F000
stack
page read and write
2D51000
heap
page read and write
1731000
unkown
page readonly
6CA4000
heap
page read and write
1FDBA200000
heap
page read and write
E60000
direct allocation
page read and write
9F0000
heap
page read and write
3851000
heap
page read and write
C000076000
direct allocation
page read and write
1321000
heap
page read and write
68B1000
heap
page read and write
2CB6000
unkown
page readonly
9D4000
heap
page read and write
2262FBFD000
heap
page read and write
9AA0000
unkown
page read and write
6ABD000
heap
page read and write
22D0000
direct allocation
page read and write
2262FA56000
heap
page read and write
7FF5D720A000
unkown
page readonly
6B01000
heap
page read and write
7FF5D7523000
unkown
page readonly
1D1AAA5A000
heap
page read and write
7E0000
heap
page read and write
25322FBD000
heap
page read and write
818000
unkown
page read and write
3260000
unkown
page read and write
21058000
heap
page read and write
5F0000
direct allocation
page read and write
1D1AAA4C000
heap
page read and write
F353000
unkown
page read and write
1D1AAA58000
heap
page read and write
1D1AAA5A000
heap
page read and write
BAC000
unkown
page execute and read and write
3433000
heap
page read and write
F84000
heap
page read and write
6B5B000
heap
page read and write
1D1AAA5A000
heap
page read and write
1F21D100000
heap
page read and write
2262FAAB000
heap
page read and write
7FF5D6AB6000
unkown
page readonly
550000
heap
page read and write
DF0000
direct allocation
page read and write
6AB6000
heap
page read and write
68A000
heap
page read and write
125B000
unkown
page execute read
401000
unkown
page execute read
E60000
direct allocation
page read and write
2262F7ED000
heap
page read and write
8B70000
unkown
page read and write
9A96000
unkown
page read and write
25322FA5000
heap
page read and write
434000
heap
page read and write
BB4000
unkown
page execute and read and write
21056000
heap
page read and write
41F000
unkown
page readonly
7FF5D75B3000
unkown
page readonly
F18000
heap
page read and write
4DE000
unkown
page execute and write copy
801000
unkown
page execute read
2262FA33000
heap
page read and write
25322F91000
heap
page read and write
2262FA93000
heap
page read and write
F7F000
heap
page read and write
C00006E000
direct allocation
page read and write
6ADB000
heap
page read and write
5AC0000
trusted library allocation
page read and write
2107C000
heap
page read and write
7FF5D717C000
unkown
page readonly
427000
unkown
page readonly
1D1AAA58000
heap
page read and write
2262FC23000
heap
page read and write
3851000
heap
page read and write
FF0000
unkown
page readonly
C669000
unkown
page read and write
2262FD06000
heap
page read and write
1E06000
heap
page read and write
238E000
stack
page read and write
2262FC63000
heap
page read and write
2D80000
remote allocation
page read and write
9820000
unkown
page read and write
269BFF35000
heap
page read and write
711C000
unkown
page read and write
9D4000
heap
page read and write
2532301B000
heap
page read and write
FC0000
unkown
page readonly
1D1AAA58000
heap
page read and write
5281000
unkown
page read and write
4D0000
trusted library allocation
page read and write
21060000
heap
page read and write
13A0000
unkown
page readonly
768C000
unkown
page read and write
9A90000
unkown
page read and write
7FF5D781A000
unkown
page readonly
22630752000
heap
page read and write
25325A00000
direct allocation
page read and write
6810000
heap
page read and write
7FF5D7289000
unkown
page readonly
7FF5D72D7000
unkown
page readonly
F17000
unkown
page execute and read and write
1313000
unkown
page readonly
7B60000
unkown
page readonly
21060000
heap
page read and write
6BAE000
heap
page read and write
7B00000
unkown
page readonly
25325D81000
heap
page read and write
2532301B000
heap
page read and write
7FF5D7797000
unkown
page readonly
F84000
heap
page read and write
C642000
unkown
page read and write
1D1AAA58000
heap
page read and write
7FF5D75C1000
unkown
page readonly
34CF000
heap
page read and write
5B0E000
unkown
page read and write
22630C35000
heap
page read and write
1A18C62B000
heap
page read and write
35B5000
unkown
page read and write
6AB4000
heap
page read and write
8A44000
unkown
page read and write
22631449000
heap
page read and write
6ABD000
heap
page read and write
2D51000
heap
page read and write
22630207000
heap
page read and write
F7F000
heap
page read and write
4E4000
unkown
page execute and write copy
25325A00000
direct allocation
page read and write
32FF000
stack
page read and write
7FF5D764F000
unkown
page readonly
2262FAAB000
heap
page read and write
DF0000
direct allocation
page read and write
675C000
heap
page read and write
1F21CE8B000
heap
page read and write
8B70000
unkown
page read and write
7FF65674E000
unkown
page read and write
1D80000
heap
page read and write
523000
unkown
page execute and write copy
BED000
unkown
page execute and read and write
6AAB000
heap
page read and write
1892000
trusted library allocation
page read and write
F8A000
heap
page read and write
2262FAAB000
heap
page read and write
C00045E000
direct allocation
page read and write
31D3000
heap
page read and write
2C01000
heap
page read and write
11C4000
heap
page read and write
34C2000
heap
page read and write
21881D78000
heap
page read and write
4D3E000
stack
page read and write
2D1E8000
heap
page read and write
81A000
unkown
page read and write
1D1AAA4C000
heap
page read and write
7FF5D7795000
unkown
page readonly
2D51000
heap
page read and write
4A44000
unkown
page read and write
6910000
heap
page read and write
5970000
direct allocation
page read and write
22630D67000
heap
page read and write
435000
unkown
page write copy
C617000
unkown
page read and write
3390000
trusted library allocation
page read and write
3188000
trusted library allocation
page read and write
3813000
heap
page read and write
6AD7000
heap
page read and write
2262FA31000
heap
page read and write
1F0000
trusted library allocation
page read and write
7631000
unkown
page read and write
C00000C000
direct allocation
page read and write
1649000
heap
page read and write
B0E0000
unkown
page readonly
1D1AAA58000
heap
page read and write
1D1AAA5A000
heap
page read and write
87C000
unkown
page readonly
2262FDA2000
heap
page read and write
2C01000
heap
page read and write
35D5000
unkown
page read and write
C000016000
direct allocation
page read and write
5C81000
unkown
page read and write
7FF5D73A8000
unkown
page readonly
7FF5D77C2000
unkown
page readonly
186D000
trusted library allocation
page execute and read and write
2262FEED000
heap
page read and write
760B000
unkown
page read and write
7FF5D71BF000
unkown
page readonly
F34E000
unkown
page read and write
25322FC1000
heap
page read and write
2262F7D2000
heap
page read and write
9B244FE000
stack
page read and write
1F21CED6000
heap
page read and write
F84000
heap
page read and write
A384000
unkown
page read and write
2262FA61000
heap
page read and write
140009000
unkown
page readonly
676B000
heap
page read and write
2C01000
heap
page read and write
22630204000
heap
page read and write
1D1AAA58000
heap
page read and write
17E0000
direct allocation
page read and write
2262F735000
heap
page read and write
2C01000
heap
page read and write
6AA3000
heap
page read and write
3437000
heap
page read and write
1C44000
heap
page read and write
C2C000
unkown
page execute and read and write
25323030000
heap
page read and write
7FF5D7230000
unkown
page readonly
672E000
heap
page read and write
2262FB16000
heap
page read and write
6CE000
heap
page read and write
22630345000
heap
page read and write
2262FC51000
heap
page read and write
25325D48000
heap
page read and write
7FF5D762F000
unkown
page readonly
7FF77F541000
unkown
page execute read
2D501440000
heap
page read and write
44711FE000
stack
page read and write
2D80000
remote allocation
page read and write
A2E4B8D000
stack
page read and write
2D51000
heap
page read and write
5F0000
direct allocation
page read and write
6AAC000
heap
page read and write
33D000
unkown
page readonly
4D5000
unkown
page read and write
6797000
heap
page read and write
1D1AAA58000
heap
page read and write
2262FACE000
heap
page read and write
25322FA9000
heap
page read and write
44710FE000
stack
page read and write
670D000
stack
page read and write
26A4000
heap
page read and write
1E48000
heap
page read and write
C00000A000
direct allocation
page read and write
9A94000
unkown
page read and write
759000
unkown
page execute and write copy
4BD000
unkown
page readonly
2262F9D5000
heap
page read and write
7FF5D72E9000
unkown
page readonly
6CA3000
heap
page read and write
3F6000
unkown
page execute and write copy
5F0000
direct allocation
page read and write
2262FA8C000
heap
page read and write
69A000
heap
page read and write
6787000
heap
page read and write
24BCC750000
heap
page read and write
187D000
trusted library allocation
page execute and read and write
3851000
heap
page read and write
35B0000
unkown
page read and write
2262FAAD000
heap
page read and write
2106B000
heap
page read and write
2262FA31000
heap
page read and write
1D1AAA58000
heap
page read and write
140CAD000
unkown
page execute read
2EB01000
heap
page read and write
25322FDE000
heap
page read and write
2262FC6B000
heap
page read and write
2262FC51000
heap
page read and write
25323882000
heap
page read and write
7FF5D719C000
unkown
page readonly
49FA000
unkown
page read and write
1057B000
unkown
page read and write
2262FA31000
heap
page read and write
5900000
trusted library allocation
page read and write
22630D84000
heap
page read and write
F33C000
unkown
page read and write
2262FFE8000
heap
page read and write
2263039B000
heap
page read and write
9D4000
heap
page read and write
6AB3000
heap
page read and write
9D4000
heap
page read and write
1D1AAA58000
heap
page read and write
61B6000
heap
page read and write
F2F0000
unkown
page read and write
6ADB000
heap
page read and write
37B2000
heap
page read and write
2262FC51000
heap
page read and write
1AF90000
trusted library allocation
page read and write
4B20000
direct allocation
page read and write
2D51000
heap
page read and write
F84000
heap
page read and write
3196000
heap
page read and write
434000
heap
page read and write
25322FE6000
heap
page read and write
1D1AAA4C000
heap
page read and write
C3CB000
stack
page read and write
253238A6000
heap
page read and write
2262FA7E000
heap
page read and write
17E0000
direct allocation
page read and write
C000029000
direct allocation
page read and write
7FF6563A0000
unkown
page write copy
A3F000
unkown
page read and write
2247000
heap
page read and write
2262FA1F000
heap
page read and write
4E2000
unkown
page execute and write copy
5F0000
direct allocation
page read and write
6780000
heap
page read and write
A3AC000
unkown
page read and write
3798000
heap
page read and write
F7F000
heap
page read and write
1C45000
heap
page read and write
6BAE000
heap
page read and write
378A000
heap
page read and write
422000
unkown
page write copy
3370000
remote allocation
page read and write
6AA1000
heap
page read and write
400000
unkown
page readonly
C000037000
direct allocation
page read and write
F338000
unkown
page read and write
7605000
unkown
page read and write
A23A000
unkown
page read and write
3F4000
unkown
page read and write
32B7000
heap
page read and write
75F8000
unkown
page read and write
F35E000
unkown
page read and write
51D000
unkown
page execute and write copy
5F0000
direct allocation
page read and write
1D1AAA58000
heap
page read and write
4EA000
unkown
page execute and write copy
2262FC23000
heap
page read and write
21881C10000
heap
page read and write
2262FAAD000
heap
page read and write
6AF7000
heap
page read and write
2262FBE1000
heap
page read and write
2262FC70000
heap
page read and write
677C000
heap
page read and write
6A6000
heap
page read and write
447127E000
unkown
page readonly
BF3D000
stack
page read and write
7D3E000
stack
page read and write
2262FC63000
heap
page read and write
22630237000
heap
page read and write
3851000
heap
page read and write
B220000
unkown
page read and write
25325538000
heap
page read and write
1D1AAA4A000
heap
page read and write
2262FA7E000
heap
page read and write
25323836000
heap
page read and write
2990000
heap
page read and write
D96000
unkown
page execute and read and write
362D000
unkown
page read and write
1D1AAA5A000
heap
page read and write
25323017000
heap
page read and write
41F000
unkown
page readonly
2041000
heap
page read and write
307D000
stack
page read and write
2021000
direct allocation
page read and write
3851000
heap
page read and write
844000
heap
page read and write
2D501390000
heap
page read and write
4C1000
unkown
page write copy
25323036000
heap
page read and write
2262FA0F000
heap
page read and write
1D1AAA4C000
heap
page read and write
2262FBE1000
heap
page read and write
372D000
stack
page read and write
F56000
unkown
page execute and read and write
384E000
stack
page read and write
6AB6000
heap
page read and write
2EFE000
stack
page read and write
9C000
stack
page read and write
698C1000
unkown
page read and write
2262FA31000
heap
page read and write
A39F000
unkown
page read and write
7FF5D765F000
unkown
page readonly
1D1AAA4C000
heap
page read and write
35C9000
unkown
page read and write
E60000
direct allocation
page read and write
25322FF4000
heap
page read and write
6AA0000
trusted library allocation
page read and write
7654000
unkown
page read and write
678F000
heap
page read and write
6C8000
heap
page read and write
2262FC70000
heap
page read and write
25325DC3000
heap
page read and write
3CD8000
heap
page read and write
A264000
unkown
page read and write
F8A000
heap
page read and write
701C000
stack
page read and write
1D1AAA58000
heap
page read and write
C472000
unkown
page read and write
3851000
heap
page read and write
434000
heap
page read and write
3260000
unkown
page read and write
334000
unkown
page readonly
2262F300000
direct allocation
page read and write
2532381E000
heap
page read and write
6AA3000
heap
page read and write
4DA000
unkown
page execute and write copy
6EF000
stack
page read and write
25323017000
heap
page read and write
2262FE7C000
heap
page read and write
6AAD000
heap
page read and write
162E000
stack
page read and write
2262FA31000
heap
page read and write
400000
unkown
page readonly
2262FC6F000
heap
page read and write
17E0000
direct allocation
page read and write
2D501663000
direct allocation
page read and write
5F0000
direct allocation
page read and write
920000
unkown
page readonly
8B1000
unkown
page execute read
2262FA5B000
heap
page read and write
98FD000
stack
page read and write
1C10000
direct allocation
page read and write
1D4E000
stack
page read and write
1F21CE8B000
heap
page read and write
3190000
trusted library allocation
page read and write
10572000
unkown
page read and write
8C39000
stack
page read and write
1FDBA202000
heap
page read and write
16F2000
heap
page read and write
9B2C000
unkown
page read and write
7FF5D7455000
unkown
page readonly
7FF5D71D7000
unkown
page readonly
7FF5D7407000
unkown
page readonly
7FF5D76D7000
unkown
page readonly
2981000
heap
page read and write
32AE000
stack
page read and write
AB9000
unkown
page read and write
226304DB000
heap
page read and write
1FF8000
direct allocation
page read and write
3860000
heap
page read and write
C7C6000
unkown
page read and write
F5E000
unkown
page execute and read and write
4DE000
unkown
page execute and write copy
5AB0000
trusted library allocation
page execute and read and write
FC2000
heap
page read and write
7FF5D744B000
unkown
page readonly
7FF5D77E9000
unkown
page readonly
253238A4000
heap
page read and write
C977000
unkown
page read and write
F8B000
heap
page read and write
2D51000
heap
page read and write
2262FACD000
heap
page read and write
F84000
heap
page read and write
11C4000
heap
page read and write
1D1AAA4C000
heap
page read and write
2262FA0B000
heap
page read and write
2262FA62000
heap
page read and write
C0000A6000
direct allocation
page read and write
140CAA000
unkown
page readonly
2C01000
heap
page read and write
2D51000
heap
page read and write
C000072000
direct allocation
page read and write
31FE000
stack
page read and write
2262F9CE000
heap
page read and write
22630746000
heap
page read and write
2262FA31000
heap
page read and write
C00044C000
direct allocation
page read and write
7D0000
heap
page read and write
7FF5D749B000
unkown
page readonly
DEFB3FE000
stack
page read and write
6AA0000
trusted library allocation
page read and write
2262FC22000
heap
page read and write
5F0000
heap
page read and write
1FC000
stack
page read and write
7FF6563A5000
unkown
page read and write
4DBC000
stack
page read and write
9D4000
heap
page read and write
2C01000
heap
page read and write
2532301B000
heap
page read and write
1F21D102000
heap
page read and write
A237000
unkown
page read and write
7E58000
stack
page read and write
7FF5D7272000
unkown
page readonly
2262D96E000
heap
page read and write
2262FC6B000
heap
page read and write
2C01000
heap
page read and write
697E000
stack
page read and write
672F000
heap
page read and write
21060000
heap
page read and write
37A7000
heap
page read and write
9D4000
heap
page read and write
C1CC000
stack
page read and write
7FF5D743F000
unkown
page readonly
1D1AAA4C000
heap
page read and write
21055000
heap
page read and write
6AB3000
heap
page read and write
698000
heap
page read and write
3851000
heap
page read and write
2262F7F6000
heap
page read and write
6AA0000
trusted library allocation
page read and write
2262F7BE000
heap
page read and write
65CF000
stack
page read and write
7FF5D7385000
unkown
page readonly
7390000
heap
page read and write
7FF5D7641000
unkown
page readonly
2262FC22000
heap
page read and write
25322FDE000
heap
page read and write
BFF000
unkown
page execute and read and write
189B000
trusted library allocation
page execute and read and write
7FF5D7820000
unkown
page readonly
7FF5D7391000
unkown
page readonly
2263139C000
heap
page read and write
3370000
remote allocation
page read and write
6AB6000
heap
page read and write
2D51000
heap
page read and write
105CD000
direct allocation
page read and write
2262FBE1000
heap
page read and write
C00007E000
direct allocation
page read and write
E60000
direct allocation
page read and write
2D51000
heap
page read and write
7618000
unkown
page read and write
2980000
heap
page read and write
7FF5D770A000
unkown
page readonly
DF0000
direct allocation
page read and write
68B5000
heap
page read and write
9D4000
heap
page read and write
7FF5D7703000
unkown
page readonly
B8DB000
stack
page read and write
2262FCB2000
heap
page read and write
6AA3000
heap
page read and write
7A93DFF000
stack
page read and write
BF3000
unkown
page execute and read and write
1000000
unkown
page read and write
B559000
stack
page read and write
F85000
heap
page read and write
7FF5D71AF000
unkown
page readonly
C9A7000
unkown
page read and write
33B1000
trusted library allocation
page read and write
6B2E000
heap
page read and write
188D9320000
heap
page read and write
36EE000
stack
page read and write
9D4000
heap
page read and write
9E2D000
stack
page read and write
C00011E000
direct allocation
page read and write
83D000
stack
page read and write
17E0000
direct allocation
page read and write
724000
heap
page read and write
3851000
heap
page read and write
C0BA000
stack
page read and write
79A0000
trusted library allocation
page read and write
2262FC70000
heap
page read and write
675C000
heap
page read and write
BAA000
unkown
page execute and read and write
6ADB000
heap
page read and write
25323029000
heap
page read and write
21881D10000
heap
page read and write
6AA0000
trusted library allocation
page read and write
1F21CE8B000
heap
page read and write
7FF5D776D000
unkown
page readonly
678B000
heap
page read and write
2FFB000
unkown
page readonly
698A4000
unkown
page readonly
BB0000
unkown
page execute and read and write
C621000
unkown
page read and write
2262FC95000
heap
page read and write
2262FA0B000
heap
page read and write
7FF5D7740000
unkown
page readonly
2C01000
heap
page read and write
2262FAAB000
heap
page read and write
25322FD5000
heap
page read and write
9D4000
heap
page read and write
2666000
heap
page read and write
7FF5D7488000
unkown
page readonly
1D1AAA5A000
heap
page read and write
9D4000
heap
page read and write
6B2E000
heap
page read and write
2262FE7C000
heap
page read and write
94F2000
unkown
page read and write
2107C000
heap
page read and write
1D8A000
heap
page read and write
7FF5D76C8000
unkown
page readonly
2CD4000
heap
page read and write
C80000
unkown
page readonly
1D1AAA4C000
heap
page read and write
F7F000
heap
page read and write
739A000
heap
page read and write
22630FA0000
heap
page read and write
7FF6563F9000
unkown
page readonly
75FD000
unkown
page read and write
9D4000
heap
page read and write
25322FDE000
heap
page read and write
23D0000
direct allocation
page read and write
269F000
heap
page read and write
75E0000
unkown
page read and write
1E68000
heap
page read and write
C9F9000
unkown
page read and write
89FB000
stack
page read and write
E2B000
unkown
page read and write
2262F9F8000
heap
page read and write
123B000
stack
page read and write
2C01000
heap
page read and write
7FF5D72D3000
unkown
page readonly
40C000
unkown
page readonly
2262FC12000
heap
page read and write
2106B000
heap
page read and write
35CF000
unkown
page read and write
9D4000
heap
page read and write
3370000
remote allocation
page read and write
2107C000
heap
page read and write
7FF5D7075000
unkown
page readonly
6773000
heap
page read and write
F334000
unkown
page read and write
2C01000
heap
page read and write
675C000
heap
page read and write
6710000
heap
page read and write
7FF77F8DE000
unkown
page readonly
F4D2000
heap
page read and write
68BD000
heap
page read and write
C000180000
direct allocation
page read and write
FB5000
heap
page read and write
3A0C000
stack
page read and write
1D1AAA5A000
heap
page read and write
4381000
direct allocation
page execute read
2F40000
trusted library allocation
page read and write
2D51000
heap
page read and write
21060000
heap
page read and write
7FF5D75AF000
unkown
page readonly
1D0000
heap
page read and write
F8A000
heap
page read and write
25323801000
heap
page read and write
25325CC8000
heap
page read and write
40B000
unkown
page execute read
2EF0000
heap
page read and write
8B70000
unkown
page read and write
C000266000
direct allocation
page read and write
365D000
stack
page read and write
2262FEED000
heap
page read and write
2262F7C9000
heap
page read and write
2262FA93000
heap
page read and write
21060000
heap
page read and write
2262FD84000
heap
page read and write
6A2E000
stack
page read and write
7FF7FE5A1000
unkown
page execute read
2262F730000
trusted library allocation
page read and write
37D8000
heap
page read and write
F4C000
unkown
page execute and read and write
3432000
heap
page read and write
11C4000
heap
page read and write
A2E4E7F000
stack
page read and write
282F000
stack
page read and write
DF0000
direct allocation
page read and write
A7E000
stack
page read and write
1D1AAA4C000
heap
page read and write
2262FAAD000
heap
page read and write
25322FEF000
heap
page read and write
8360000
unkown
page read and write
1FDBA227000
heap
page read and write
2D51000
heap
page read and write
7FF5D73A5000
unkown
page readonly
26A4000
heap
page read and write
3626000
unkown
page read and write
2105C000
heap
page read and write
4720000
heap
page read and write
40C000
unkown
page readonly
2262F300000
direct allocation
page read and write
4A40000
unkown
page read and write
4A10000
heap
page read and write
6AB6000
heap
page read and write
1340000
unkown
page read and write
1500000
heap
page read and write
BB8000
unkown
page execute and read and write
6AB6000
heap
page read and write
3260000
unkown
page read and write
FB000
stack
page read and write
2262FC67000
heap
page read and write
7FF5D772C000
unkown
page readonly
9D4000
heap
page read and write
25322FE1000
heap
page read and write
17E0000
direct allocation
page read and write
2262F340000
remote allocation
page read and write
2262FAA4000
heap
page read and write
9C000
stack
page read and write
2262FA93000
heap
page read and write
E10000
unkown
page readonly
2262F300000
direct allocation
page read and write
37A0000
heap
page read and write
676F000
heap
page read and write
1D1AAA5A000
heap
page read and write
2532301C000
heap
page read and write
2262FC6F000
heap
page read and write
7AF1000
unkown
page read and write
6ADB000
heap
page read and write
E60000
direct allocation
page read and write
677D000
heap
page read and write
6787000
heap
page read and write
30E8000
trusted library allocation
page read and write
2262FF98000
heap
page read and write
6460000
remote allocation
page read and write
2262FA3C000
heap
page read and write
6AAD000
heap
page read and write
1864000
trusted library allocation
page read and write
C00013A000
direct allocation
page read and write
3747000
heap
page read and write
CCF000
unkown
page read and write
266A000
heap
page read and write
2262FB01000
heap
page read and write
2C01000
heap
page read and write
4C3E000
stack
page read and write
25325BA0000
direct allocation
page read and write
F7C000
heap
page read and write
18B000
stack
page read and write
1E77000
heap
page read and write
6BAC000
heap
page read and write
2D546920000
direct allocation
page read and write
BE49000
stack
page read and write
4266000
direct allocation
page read and write
358F000
heap
page read and write
2262FA19000
heap
page read and write
4E6000
unkown
page execute and write copy
21055000
heap
page read and write
3851000
heap
page read and write
2262FBE1000
heap
page read and write
2D51000
heap
page read and write
843F000
stack
page read and write
4AEA000
unkown
page read and write
6CAC000
heap
page read and write
6ADB000
heap
page read and write
2E90000
heap
page read and write
267A000
heap
page read and write
2E0000
unkown
page readonly
E60000
direct allocation
page read and write
7FF5D6BE4000
unkown
page readonly
2DB3000
heap
page read and write
26FC000
heap
page read and write
521000
unkown
page execute and write copy
1659000
unkown
page readonly
7AA0000
unkown
page read and write
2107B000
heap
page read and write
3851000
heap
page read and write
3851000
heap
page read and write
63A000
heap
page read and write
2262F9E2000
heap
page read and write
2262FA31000
heap
page read and write
34F4000
heap
page read and write
7FF5D76D5000
unkown
page readonly
F81000
heap
page read and write
6AA1000
heap
page read and write
F327000
unkown
page read and write
C00006A000
direct allocation
page read and write
6726000
heap
page read and write
25325D1E000
heap
page read and write
9D4000
heap
page read and write
35B3000
unkown
page read and write
21055000
heap
page read and write
2262FD24000
heap
page read and write
7FF6563F9000
unkown
page readonly
51B000
unkown
page execute and write copy
2262FAEC000
heap
page read and write
879000
unkown
page execute and read and write
BB0B000
stack
page read and write
262D58F000
stack
page read and write
43B1000
trusted library allocation
page read and write
C61D000
unkown
page read and write
2262FA0C000
heap
page read and write
EC0000
remote allocation
page read and write
400000
unkown
page execute and read and write
C000054000
direct allocation
page read and write
2262FA19000
heap
page read and write
7FF5D778A000
unkown
page readonly
2262FA31000
heap
page read and write
2D51000
heap
page read and write
6AAC000
heap
page read and write
2262FA5B000
heap
page read and write
1D1AAA58000
heap
page read and write
25325670000
direct allocation
page read and write
1D1AAA4C000
heap
page read and write
1FDBA1D0000
remote allocation
page read and write
10E0000
unkown
page read and write
41F000
unkown
page readonly
6778000
heap
page read and write
840000
heap
page read and write
676E000
heap
page read and write
21059000
heap
page read and write
7FF5D7284000
unkown
page readonly
2262F807000
heap
page read and write
32B000
unkown
page write copy
6AAC000
heap
page read and write
560000
unkown
page execute and write copy
2D51000
heap
page read and write
2981000
heap
page read and write
2262F7D2000
heap
page read and write
308F000
stack
page read and write
2262F340000
remote allocation
page read and write
31AB000
heap
page read and write
1D1AAA5A000
heap
page read and write
2262FE9B000
heap
page read and write
2262FA7E000
heap
page read and write
2262FA93000
heap
page read and write
C000557000
direct allocation
page read and write
1D1AAA4C000
heap
page read and write
269BFCC8000
heap
page read and write
49C2000
unkown
page read and write
25323017000
heap
page read and write
1D1AAA58000
heap
page read and write
8D0000
heap
page read and write
2C01000
heap
page read and write
25322FE3000
heap
page read and write
2262FA59000
heap
page read and write
1D1AAA58000
heap
page read and write
2262FE99000
heap
page read and write
2262FC63000
heap
page read and write
87A000
stack
page read and write
C9C9000
unkown
page read and write
2C01000
heap
page read and write
67CC000
heap
page read and write
9D4000
heap
page read and write
6AA0000
trusted library allocation
page read and write
7FF5D7591000
unkown
page readonly
9A76000
unkown
page read and write
517000
unkown
page execute and write copy
21881D70000
heap
page read and write
26B0000
heap
page read and write
F7F000
heap
page read and write
1F21D113000
heap
page read and write
9D4000
heap
page read and write
2262FECE000
heap
page read and write
4D7E000
stack
page read and write
2262F730000
trusted library allocation
page read and write
5E58000
trusted library section
page read and write
12D0000
unkown
page readonly
7FF5D72DF000
unkown
page readonly
A408000
unkown
page read and write
32F0000
trusted library allocation
page read and write
35CD000
unkown
page read and write
C605000
unkown
page read and write
253263B0000
direct allocation
page read and write
11C4000
heap
page read and write
2262FC6B000
heap
page read and write
33C0000
unkown
page read and write
7FF5D7482000
unkown
page readonly
2262FA3E000
heap
page read and write
7FF5D7589000
unkown
page readonly
2262FA93000
heap
page read and write
2D51000
heap
page read and write
9D4000
heap
page read and write
1022000
unkown
page read and write
3260000
unkown
page read and write
267B000
heap
page read and write
BA6000
unkown
page execute and read and write
52B000
unkown
page execute and write copy
1F21CED3000
heap
page read and write
2D51000
heap
page read and write
125B000
unkown
page execute read
2262FA56000
heap
page read and write
F325000
unkown
page read and write
9D4000
heap
page read and write
2D51000
heap
page read and write
2DC0000
direct allocation
page read and write
BDC0000
unkown
page read and write
519000
unkown
page execute and write copy
BA4000
unkown
page execute and read and write
1640000
heap
page read and write
25325EF3000
heap
page read and write
7FF5D766E000
unkown
page readonly
2262FA35000
heap
page read and write
2262FA42000
heap
page read and write
2262FFE9000
heap
page read and write
7FF5D75EE000
unkown
page readonly
2690000
heap
page read and write
141962000
unkown
page execute read
C7BE000
unkown
page read and write
17E0000
direct allocation
page read and write
C5FD000
unkown
page read and write
2262FE7C000
heap
page read and write
2FF000
unkown
page readonly
2262FD84000
heap
page read and write
29C49765000
heap
page read and write
2D501448000
heap
page read and write
322E000
stack
page read and write
7FF5D752F000
unkown
page readonly
1270000
unkown
page read and write
7DF4F2481000
unkown
page execute read
2262FC51000
heap
page read and write
3851000
heap
page read and write
22631429000
heap
page read and write
2FFB000
unkown
page readonly
2262FA1D000
heap
page read and write
9D4000
heap
page read and write
2C01000
heap
page read and write
550000
heap
page read and write
F86000
heap
page read and write
D8C227D000
stack
page read and write
371F000
stack
page read and write
7FF5D7643000
unkown
page readonly
6AE000
stack
page read and write
1F21CED4000
heap
page read and write
1FDBA1C0000
trusted library allocation
page read and write
9E2000
direct allocation
page read and write
2262FC51000
heap
page read and write
9D4000
heap
page read and write
17E0000
direct allocation
page read and write
8CB8000
stack
page read and write
F1B000
unkown
page execute and read and write
1D1AAA58000
heap
page read and write
7FF5D77FD000
unkown
page readonly
2FF000
unkown
page readonly
BEA0000
unkown
page readonly
7FF656757000
unkown
page write copy
269BFDC0000
heap
page read and write
21060000
heap
page read and write
2262FC6F000
heap
page read and write
3851000
heap
page read and write
2262FA59000
heap
page read and write
C000020000
direct allocation
page read and write
3438000
heap
page read and write
7FF5D71CC000
unkown
page readonly
262D8FE000
stack
page read and write
769000
unkown
page execute and read and write
6AB1000
heap
page read and write
C00001A000
direct allocation
page read and write
7FF5D76CD000
unkown
page readonly
315E000
heap
page read and write
25322FEF000
heap
page read and write
AA04000
unkown
page read and write
698CE000
unkown
page readonly
37A6000
heap
page read and write
8B70000
unkown
page read and write
112C000
stack
page read and write
2D546A30000
direct allocation
page read and write
1D1AAA58000
heap
page read and write
11C4000
heap
page read and write
2D7D000
stack
page read and write
19C000
stack
page read and write
7FF5D7694000
unkown
page readonly
644F000
stack
page read and write
C0002EC000
direct allocation
page read and write
84E000
stack
page read and write
FC1000
unkown
page execute read
21054000
heap
page read and write
6737000
heap
page read and write
29C49508000
heap
page read and write
6764000
heap
page read and write
DEFB1FE000
stack
page read and write
6340000
heap
page read and write
1D1AAA58000
heap
page read and write
1F21CE38000
heap
page read and write
25322FBA000
heap
page read and write
2262F9E8000
heap
page read and write
2107C000
heap
page read and write
7FF7FE5DD000
unkown
page write copy
3310000
trusted library allocation
page read and write
678B000
heap
page read and write
1AE91000
heap
page read and write
54AE000
stack
page read and write
18A0000
heap
page read and write
2532380A000
heap
page read and write
35D3000
unkown
page read and write
2262FA0F000
heap
page read and write
2262FA61000
heap
page read and write
2262FC51000
heap
page read and write
2262F731000
heap
page read and write
E5D000
stack
page read and write
9A8C000
unkown
page read and write
9D4000
heap
page read and write
B7A000
heap
page read and write
3140000
unkown
page read and write
A3C3000
unkown
page read and write
2D51000
heap
page read and write
21060000
heap
page read and write
2262FAAB000
heap
page read and write
4A80000
heap
page read and write
2262DA22000
heap
page read and write
2D501630000
direct allocation
page read and write
2262FC22000
heap
page read and write
7FF5D729E000
unkown
page readonly
2532553F000
heap
page read and write
361E000
stack
page read and write
2262FA95000
heap
page read and write
DF0000
direct allocation
page read and write
6774000
heap
page read and write
DEFADFC000
stack
page read and write
343B000
heap
page read and write
2262FC63000
heap
page read and write
6822000
heap
page read and write
25323017000
heap
page read and write
25322FC8000
heap
page read and write
4C04000
trusted library allocation
page read and write
11C4000
heap
page read and write
7FF5D770F000
unkown
page readonly
1D1AAA4C000
heap
page read and write
C03000
unkown
page execute and read and write
17B0000
heap
page read and write
675C000
heap
page read and write
1DFA000
heap
page read and write
11EE000
stack
page read and write
C5FA000
unkown
page read and write
6AB4000
heap
page read and write
6ABA000
heap
page read and write
E84C000
stack
page read and write
25322FBC000
heap
page read and write
7FF5D7534000
unkown
page readonly
E60000
direct allocation
page read and write
2262FA0F000
heap
page read and write
2262FC51000
heap
page read and write
33C000
unkown
page readonly
253238A1000
heap
page read and write
3260000
unkown
page read and write
21881ED5000
heap
page read and write
22630AE6000
heap
page read and write
24BCC7A8000
heap
page read and write
67CC000
heap
page read and write
8B70000
unkown
page read and write
76F000
stack
page read and write
2D501710000
heap
page read and write
2262FC63000
heap
page read and write
9820000
unkown
page read and write
1F21CE39000
heap
page read and write
C967000
unkown
page read and write
7FF5D760B000
unkown
page readonly
7FF5D745B000
unkown
page readonly
9D4000
heap
page read and write
7FF7FE5CA000
unkown
page readonly
6AA0000
trusted library allocation
page read and write
5F0000
direct allocation
page read and write
25322F8C000
heap
page read and write
C00004A000
direct allocation
page read and write
F7F000
heap
page read and write
25322FBF000
heap
page read and write
2C01000
heap
page read and write
2262F7D6000
heap
page read and write
7FF5D7691000
unkown
page readonly
6745000
heap
page read and write
7FF5D7593000
unkown
page readonly
1659000
unkown
page readonly
7FF5D7215000
unkown
page readonly
7FF5D69BB000
unkown
page readonly
2262FC51000
heap
page read and write
3851000
heap
page read and write
2D501700000
direct allocation
page read and write
F7C000
stack
page read and write
9AB2000
unkown
page read and write
6B3D000
heap
page read and write
447147E000
unkown
page readonly
1C44000
heap
page read and write
2262FC63000
heap
page read and write
2262FAEC000
heap
page read and write
10534000
unkown
page read and write
2262FA32000
heap
page read and write
6ACC000
heap
page read and write
9B243FE000
unkown
page readonly
527000
unkown
page execute and write copy
2D51000
heap
page read and write
9A9E000
unkown
page read and write
1D1AAA5A000
heap
page read and write
2262FA7E000
heap
page read and write
2262FA93000
heap
page read and write
82F000
stack
page read and write
1D1AAA5A000
heap
page read and write
C00008C000
direct allocation
page read and write
35E4000
unkown
page read and write
3851000
heap
page read and write
9D4000
heap
page read and write
4ADA000
unkown
page read and write
6AA0000
trusted library allocation
page read and write
2262F9F7000
heap
page read and write
2262FA42000
heap
page read and write
1B1000
unkown
page execute read
2262FF99000
heap
page read and write
555E000
stack
page read and write
2262FE30000
heap
page read and write
3850000
heap
page read and write
32EF000
heap
page read and write
7FF6563A8000
unkown
page read and write
2262F9FB000
heap
page read and write
575F000
stack
page read and write
2262F7D6000
heap
page read and write
7FF5D710B000
unkown
page readonly
C000118000
direct allocation
page read and write
9D4000
heap
page read and write
7FF5D72D0000
unkown
page readonly
6765000
heap
page read and write
FC0000
heap
page read and write
5F0000
direct allocation
page read and write
6ABA000
heap
page read and write
2262FC63000
heap
page read and write
8B70000
unkown
page read and write
7FF77EE30000
unkown
page readonly
2262FC67000
heap
page read and write
31E000
unkown
page read and write
DC0000
unkown
page read and write
BFB8000
stack
page read and write
1F21CE8B000
heap
page read and write
253251E0000
direct allocation
page read and write
671000
heap
page read and write
6AA0000
trusted library allocation
page read and write
400000
unkown
page readonly
2262FA61000
heap
page read and write
9D4000
heap
page read and write
2981000
heap
page read and write
2262FC19000
heap
page read and write
2262FF39000
heap
page read and write
1C40000
heap
page read and write
2262F805000
heap
page read and write
1D1AAA58000
heap
page read and write
3324000
heap
page read and write
1D1AAA5A000
heap
page read and write
2584000
heap
page read and write
3170000
unkown
page read and write
800000
heap
page read and write
3280000
unkown
page read and write
F84000
heap
page read and write
2262FA59000
heap
page read and write
1DEB000
heap
page read and write
267A000
heap
page read and write
2262FA61000
heap
page read and write
30BD000
stack
page read and write
3429000
trusted library allocation
page read and write
8B70000
unkown
page read and write
2262FB1E000
heap
page read and write
1D1AAA58000
heap
page read and write
F8A000
heap
page read and write
B7DE000
stack
page read and write
B85A000
stack
page read and write
2532301B000
heap
page read and write
880000
heap
page read and write
DEFA5FD000
stack
page read and write
7FF5D7784000
unkown
page readonly
6717000
heap
page read and write
1A18C600000
heap
page read and write
7FF5D77E3000
unkown
page readonly
1FDBA240000
heap
page read and write
1A60000
trusted library allocation
page execute and read and write
1A18C590000
trusted library allocation
page read and write
6929000
heap
page read and write
3435000
heap
page read and write
2262FAAB000
heap
page read and write
1D1AAA4C000
heap
page read and write
6AAD000
heap
page read and write
2262FA95000
heap
page read and write
2107C000
heap
page read and write
6ADB000
heap
page read and write
7FF5D776F000
unkown
page readonly
F8A000
heap
page read and write
F15000
unkown
page execute and read and write
6780000
heap
page read and write
1D1AAA4C000
heap
page read and write
C000474000
direct allocation
page read and write
3851000
heap
page read and write
2262FA77000
heap
page read and write
818000
unkown
page read and write
2532301B000
heap
page read and write
C000008000
direct allocation
page read and write
2262FACA000
heap
page read and write
1D1AAA5A000
heap
page read and write
9579000
stack
page read and write
1390000
heap
page read and write
2262FBE1000
heap
page read and write
1A18C602000
heap
page read and write
378A000
heap
page read and write
140A000
heap
page read and write
1D1AAA58000
heap
page read and write
5330000
unkown
page write copy
7FF5D77CD000
unkown
page readonly
BE9000
unkown
page execute and read and write
526C000
heap
page read and write
2262FAA4000
heap
page read and write
4EC000
unkown
page execute and read and write
401000
unkown
page execute read
188D9270000
heap
page read and write
2DAA000
heap
page read and write
1FDBA1D0000
remote allocation
page read and write
4C3000
unkown
page write copy
58C000
stack
page read and write
2262FC40000
heap
page read and write
6ADB000
heap
page read and write
6797000
heap
page read and write
21056000
heap
page read and write
2262F7CC000
heap
page read and write
2262F7CC000
heap
page read and write
22631945000
heap
page read and write
2262FA59000
heap
page read and write
69821000
unkown
page execute read
1570000
heap
page read and write
8B70000
unkown
page read and write
7FF5D7682000
unkown
page readonly
7FF6563F0000
unkown
page write copy
2262F7F5000
heap
page read and write
463F000
stack
page read and write
C615000
unkown
page read and write
3E0E000
stack
page read and write
6AA4000
heap
page read and write
5E24000
heap
page read and write
2262D95A000
heap
page read and write
C07000
unkown
page execute and read and write
3851000
heap
page read and write
556000
heap
page read and write
29C494D0000
heap
page read and write
7DBC000
stack
page read and write
6B3D000
heap
page read and write
4C40000
heap
page read and write
C000132000
direct allocation
page read and write
DF0000
direct allocation
page read and write
5F0000
direct allocation
page read and write
2262FC51000
heap
page read and write
86E0000
unkown
page readonly
21058000
heap
page read and write
C47F000
unkown
page read and write
2D51000
heap
page read and write
77BE000
unkown
page execute and write copy
9D4000
heap
page read and write
8FD9000
stack
page read and write
3260000
unkown
page read and write
C88000
unkown
page readonly
6AAB000
heap
page read and write
F35E000
unkown
page read and write
1D1AAA58000
heap
page read and write
7FF5D76AF000
unkown
page readonly
2981000
heap
page read and write
2262FD12000
heap
page read and write
140CE1000
unkown
page read and write
1C44000
heap
page read and write
523000
unkown
page execute and write copy
2D546A7A000
direct allocation
page read and write
51D000
unkown
page execute and write copy
C05000
unkown
page execute and read and write
A286000
unkown
page read and write
8B70000
unkown
page read and write
25322FB8000
heap
page read and write
22631965000
heap
page read and write
8A70000
unkown
page read and write
671B000
heap
page read and write
C000120000
direct allocation
page read and write
C609000
unkown
page read and write
C0000A8000
direct allocation
page read and write
9D4000
heap
page read and write
3740000
heap
page read and write
6AAC000
heap
page read and write
37A3000
heap
page read and write
C4BD000
unkown
page read and write
2262FC67000
heap
page read and write
2262FA11000
heap
page read and write
226304FB000
heap
page read and write
8B70000
unkown
page read and write
A9DF000
unkown
page read and write
51F000
unkown
page execute and write copy
2262F300000
direct allocation
page read and write
2262FE7C000
heap
page read and write
519000
unkown
page execute and write copy
8B70000
unkown
page read and write
FC0000
unkown
page readonly
31D0000
heap
page read and write
7FF5D7077000
unkown
page readonly
920000
unkown
page readonly
2E90000
unkown
page read and write
1AEE000
stack
page read and write
2262FA85000
heap
page read and write
6974000
heap
page read and write
7FF5D71E0000
unkown
page readonly
676C000
heap
page read and write
2262FCB2000
heap
page read and write
1250000
unkown
page read and write
2C01000
heap
page read and write
DEFAFFF000
stack
page read and write
2262FAAD000
heap
page read and write
6BAC000
heap
page read and write
C000018000
direct allocation
page read and write
2262FC67000
heap
page read and write
400000
unkown
page readonly
7FF5D7808000
unkown
page readonly
25322FEB000
heap
page read and write
2C01000
heap
page read and write
BB9E000
stack
page read and write
C61B000
unkown
page read and write
3851000
heap
page read and write
5930000
heap
page execute and read and write
401000
unkown
page execute read
8B70000
unkown
page read and write
199000
stack
page read and write
6ADB000
heap
page read and write
2D1E0000
heap
page read and write
1D1AAA4C000
heap
page read and write
7FF6566F4000
unkown
page read and write
41F000
unkown
page readonly
2263010F000
heap
page read and write
4980000
unkown
page read and write
8B70000
unkown
page read and write
25322FC1000
heap
page read and write
675C000
heap
page read and write
2262FA93000
heap
page read and write
81A000
unkown
page read and write
BB6000
unkown
page execute and read and write
C000086000
direct allocation
page read and write
675C000
heap
page read and write
220000
heap
page readonly
2262FACD000
heap
page read and write
1886000
trusted library allocation
page execute and read and write
7FF656131000
unkown
page execute read
2262FAAB000
heap
page read and write
554000
unkown
page execute and read and write
3851000
heap
page read and write
589F000
stack
page read and write
25325D30000
heap
page read and write
F1D000
unkown
page execute and read and write
2262FA04000
heap
page read and write
686000
heap
page read and write
7FF7FE5A0000
unkown
page readonly
21054000
heap
page read and write
2262FC22000
heap
page read and write
C800000
unkown
page read and write
3851000
heap
page read and write
140E000
heap
page read and write
F04000
heap
page read and write
1B0000
unkown
page readonly
3851000
heap
page read and write
7FF5D7705000
unkown
page readonly
1DD1000
heap
page read and write
675C000
heap
page read and write
97C000
stack
page read and write
C000088000
direct allocation
page read and write
1525000
heap
page read and write
6D9F000
stack
page read and write
7DF4F2460000
unkown
page readonly
2D501715000
heap
page read and write
5990000
heap
page execute and read and write
1DA7000
heap
page read and write
F20000
unkown
page read and write
7B80000
unkown
page readonly
7DD0000
heap
page read and write
77BF000
unkown
page readonly
25322FBA000
heap
page read and write
25325D2B000
heap
page read and write
17E0000
direct allocation
page read and write
8B70000
unkown
page read and write
1DDB000
heap
page read and write
2262FC51000
heap
page read and write
2EC40000
trusted library allocation
page read and write
17E0000
direct allocation
page read and write
104FB000
unkown
page read and write
9EAC000
stack
page read and write
6AA0000
trusted library allocation
page read and write
7FF5D7604000
unkown
page readonly
2263000B000
heap
page read and write
2262FA13000
heap
page read and write
7FF5D723C000
unkown
page readonly
2532301B000
heap
page read and write
2262F7EC000
heap
page read and write
2FF9000
stack
page read and write
25325D1B000
heap
page read and write
2C00000
heap
page read and write
6AA1000
heap
page read and write
25325E73000
heap
page read and write
2262DA29000
heap
page read and write
7FF5D748C000
unkown
page readonly
A50000
heap
page read and write
F84000
heap
page read and write
C78A000
unkown
page read and write
2262F9E5000
heap
page read and write
49BB000
unkown
page read and write
6ABD000
heap
page read and write
2C01000
heap
page read and write
7FF5D751F000
unkown
page readonly
7FF5D7394000
unkown
page readonly
1FDBA22B000
heap
page read and write
2262FC23000
heap
page read and write
F84000
heap
page read and write
25325CEA000
heap
page read and write
C0000A1000
direct allocation
page read and write
1C44000
heap
page read and write
2532301B000
heap
page read and write
7435000
stack
page read and write
676B000
heap
page read and write
E0E000
stack
page read and write
3DCD000
stack
page read and write
B70000
heap
page read and write
3250000
heap
page read and write
A9FD000
unkown
page read and write
1FDBA302000
heap
page read and write
2262F7C3000
heap
page read and write
25325F17000
heap
page read and write
F62000
unkown
page execute and read and write
8870000
unkown
page readonly
343E000
heap
page read and write
334000
unkown
page readonly
37CE000
heap
page read and write
6ADB000
heap
page read and write
1D1AAA5A000
heap
page read and write
7FF5D747F000
unkown
page readonly
59E0000
heap
page read and write
559000
heap
page read and write
3851000
heap
page read and write
C00009C000
direct allocation
page read and write
140000000
unkown
page readonly
7FF5D758D000
unkown
page readonly
22630390000
heap
page read and write
5980000
trusted library section
page read and write
4ED000
unkown
page execute and write copy
A273000
unkown
page read and write
2648000
heap
page read and write
25322FDE000
heap
page read and write
2532301B000
heap
page read and write
2262F9DD000
heap
page read and write
1D1AAA5A000
heap
page read and write
F84000
heap
page read and write
A02E000
stack
page read and write
C44F000
stack
page read and write
6AA0000
trusted library allocation
page read and write
1D1AAA58000
heap
page read and write
295F000
heap
page read and write
2C01000
heap
page read and write
2262FA0F000
heap
page read and write
7FF5D71F9000
unkown
page readonly
1F21CED3000
heap
page read and write
2D546AC0000
direct allocation
page read and write
5960000
direct allocation
page read and write
6ABB000
heap
page read and write
1D1AAA4C000
heap
page read and write
1AF9000
stack
page read and write
780000
heap
page read and write
610000
direct allocation
page read and write
6B99000
heap
page read and write
9B0B000
unkown
page read and write
269BFBB0000
heap
page read and write
6963000
heap
page read and write
1D0000
heap
page read and write
44D0000
heap
page read and write
6820000
heap
page read and write
1E7E000
heap
page read and write
6AA0000
heap
page read and write
34E3000
heap
page read and write
1D1AAA5A000
heap
page read and write
34EF000
heap
page read and write
C000138000
direct allocation
page read and write
1FDBA090000
heap
page read and write
104B3000
unkown
page read and write
2C01000
heap
page read and write
CD3000
unkown
page read and write
9D4000
heap
page read and write
1FDBA213000
heap
page read and write
1560000
heap
page read and write
677B000
heap
page read and write
E60000
direct allocation
page read and write
3851000
heap
page read and write
312000
unkown
page readonly
67CD000
heap
page read and write
C00010A000
direct allocation
page read and write
7FF5D7438000
unkown
page readonly
1D1AAA5A000
heap
page read and write
3199000
heap
page read and write
343D000
stack
page read and write
663000
heap
page read and write
49E000
unkown
page readonly
2106A000
heap
page read and write
7FF5D77A8000
unkown
page readonly
1D1AAA58000
heap
page read and write
2262FA1F000
heap
page read and write
315E000
heap
page read and write
9FAF000
stack
page read and write
1D8E000
heap
page read and write
2262FACD000
heap
page read and write
7DF4F2471000
unkown
page execute read
6823000
heap
page read and write
1D1AAA58000
heap
page read and write
270000
heap
page read and write
1D1AAA4C000
heap
page read and write
22630729000
heap
page read and write
7FF5D74A6000
unkown
page readonly
DF0000
direct allocation
page read and write
1C44000
heap
page read and write
2262FC51000
heap
page read and write
1D1AAA4C000
heap
page read and write
33A0000
heap
page execute and read and write
49A8000
unkown
page read and write
8DCB000
stack
page read and write
2262FAEC000
heap
page read and write
2262FA73000
heap
page read and write
8B70000
unkown
page read and write
4EC000
unkown
page execute and write copy
ABB000
unkown
page execute and read and write
17E0000
direct allocation
page read and write
2EA2000
heap
page execute and read and write
E2D000
unkown
page execute and read and write
2262FA82000
heap
page read and write
25325D69000
heap
page read and write
9B242FE000
stack
page read and write
2262FAAD000
heap
page read and write
1D1AAA5A000
heap
page read and write
4DA000
unkown
page execute and write copy
675C000
heap
page read and write
B4BD000
stack
page read and write
25323019000
heap
page read and write
6B27000
heap
page read and write
FE3000
unkown
page readonly
2D51000
heap
page read and write
F31000
heap
page read and write
9D4000
heap
page read and write
2262FA0F000
heap
page read and write
7C80000
unkown
page read and write
3788000
heap
page read and write
C000096000
direct allocation
page read and write
5B8E000
unkown
page read and write
6AC3000
heap
page read and write
2C01000
heap
page read and write
25322FB6000
heap
page read and write
2105F000
heap
page read and write
22630521000
heap
page read and write
31D1000
heap
page read and write
BF7000
unkown
page execute and read and write
2150000
heap
page read and write
2262FA0E000
heap
page read and write
1D1AAA58000
heap
page read and write
F8A000
heap
page read and write
32E000
unkown
page read and write
2262FA1E000
heap
page read and write
C000400000
direct allocation
page read and write
A2A2000
unkown
page read and write
2E1000
unkown
page execute read
2262FAB1000
heap
page read and write
BAE000
unkown
page execute and read and write
3260000
unkown
page read and write
4090000
heap
page read and write
316C000
heap
page read and write
7693000
unkown
page read and write
1D1AAA4A000
heap
page read and write
2532381C000
heap
page read and write
3310000
unkown
page read and write
F7F000
heap
page read and write
9D4000
heap
page read and write
C653000
unkown
page read and write
A3B6000
unkown
page read and write
3790000
heap
page read and write
6ADC000
heap
page read and write
25325D4B000
heap
page read and write
2262F7CC000
heap
page read and write
7FF5D77B6000
unkown
page readonly
A40E000
unkown
page read and write
24BCC770000
heap
page read and write
2262FC6F000
heap
page read and write
40C000
unkown
page readonly
CF6000
unkown
page read and write
21046000
heap
page read and write
1D1AAA4C000
heap
page read and write
2D546923000
direct allocation
page read and write
2C01000
heap
page read and write
6B3B000
heap
page read and write
4AFA000
unkown
page read and write
2D1EE000
heap
page read and write
7FF5D77F0000
unkown
page readonly
1F21CE38000
heap
page read and write
9DE000
unkown
page read and write
7FF656753000
unkown
page write copy
9AAA000
unkown
page read and write
59DF000
stack
page read and write
7FF5D7669000
unkown
page readonly
400000
unkown
page readonly
25322FDE000
heap
page read and write
7FF5D7398000
unkown
page readonly
119E000
stack
page read and write
1D1AAA4C000
heap
page read and write
25322FBF000
heap
page read and write
17E0000
direct allocation
page read and write
25325CA8000
heap
page read and write
3179000
heap
page read and write
7FF5D7745000
unkown
page readonly
2C6E000
stack
page read and write
2D501430000
direct allocation
page read and write
1D1AAA5A000
heap
page read and write
BA2000
unkown
page execute and read and write
2105A000
heap
page read and write
1A18CE02000
trusted library allocation
page read and write
2D501661000
direct allocation
page read and write
7FF5D75BF000
unkown
page readonly
7C70000
unkown
page readonly
8B70000
unkown
page read and write
5AA0000
heap
page read and write
F7F000
heap
page read and write
6AC1000
heap
page read and write
C000056000
direct allocation
page read and write
2262FB1E000
heap
page read and write
25325579000
heap
page read and write
24BCCA80000
heap
page read and write
1A18C613000
heap
page read and write
B980000
unkown
page readonly
25325CE5000
heap
page read and write
1DBD000
heap
page read and write
1B0000
unkown
page readonly
F4E000
unkown
page execute and read and write
32ED000
stack
page read and write
7FF5D75CB000
unkown
page readonly
9D4000
heap
page read and write
4D3000
unkown
page write copy
C000027000
direct allocation
page read and write
C000043000
direct allocation
page read and write
6ABD000
heap
page read and write
2262F7EC000
heap
page read and write
C000050000
direct allocation
page read and write
22630F83000
heap
page read and write
2532302A000
heap
page read and write
3310000
unkown
page read and write
1D1AAA4C000
heap
page read and write
6ADB000
heap
page read and write
2262FA3E000
heap
page read and write
7380000
remote allocation
page read and write
F34E000
unkown
page read and write
1D1AAA4C000
heap
page read and write
25322FAB000
heap
page read and write
9D0000
heap
page read and write
2262F804000
heap
page read and write
C80000
unkown
page readonly
2DFE000
stack
page read and write
9679000
stack
page read and write
5F0000
direct allocation
page read and write
7FF7FE5CA000
unkown
page readonly
DF0000
direct allocation
page read and write
1C44000
heap
page read and write
9D4000
heap
page read and write
6AA0000
trusted library allocation
page read and write
140CE7000
unkown
page execute read
4D3000
unkown
page read and write
7440000
unkown
page read and write
2262FF39000
heap
page read and write
3260000
unkown
page read and write
343C000
heap
page read and write
21060000
heap
page read and write
2262FA31000
heap
page read and write
40C000
unkown
page readonly
F8A000
heap
page read and write
ABF000
stack
page read and write
2262FBE1000
heap
page read and write
2CE000
stack
page read and write
49D6000
unkown
page read and write
34CD000
heap
page read and write
22630107000
heap
page read and write
7611000
unkown
page read and write
9AB4000
unkown
page read and write
267A000
heap
page read and write
9D4000
heap
page read and write
266A000
heap
page read and write
8B70000
unkown
page read and write
40C000
unkown
page readonly
2D5013C0000
heap
page read and write
7FF5D77F7000
unkown
page readonly
2262F7CC000
heap
page read and write
4A16000
unkown
page read and write
7FF5D75F9000
unkown
page readonly
4DC000
unkown
page execute and write copy
2D3D000
stack
page read and write
6AB1000
heap
page read and write
19B000
stack
page read and write
327000
unkown
page read and write
25322FBD000
heap
page read and write
2D1EC000
heap
page read and write
2EFA0000
trusted library allocation
page read and write
2D51000
heap
page read and write
BA8000
unkown
page execute and read and write
6752000
heap
page read and write
C000006000
direct allocation
page read and write
6AA3000
heap
page read and write
2262FC63000
heap
page read and write
7FF656757000
unkown
page write copy
9AC3000
unkown
page read and write
2262FC6F000
heap
page read and write
2262FA62000
heap
page read and write
F4DA000
heap
page read and write
800000
unkown
page readonly
2262F7EC000
heap
page read and write
1313000
unkown
page readonly
E60000
direct allocation
page read and write
676E000
heap
page read and write
8B70000
unkown
page read and write
67B9000
heap
page read and write
3325000
heap
page read and write
25323017000
heap
page read and write
2E9A000
heap
page read and write
7FF5D7837000
unkown
page readonly
C81000
unkown
page execute read
378E000
heap
page read and write
3260000
unkown
page read and write
25322FB8000
heap
page read and write
31AA000
heap
page read and write
9EB0000
unkown
page readonly
7FF5D7404000
unkown
page readonly
6AA5000
heap
page read and write
49E000
unkown
page execute and read and write
7FF5D72CE000
unkown
page readonly
226300F8000
heap
page read and write
3260000
unkown
page read and write
1D1AAA5A000
heap
page read and write
2262FA35000
heap
page read and write
64CE000
stack
page read and write
253238A3000
heap
page read and write
1D1AAA4C000
heap
page read and write
2262F9D5000
heap
page read and write
1A18C640000
heap
page read and write
7FF5D775C000
unkown
page readonly
C4C6000
unkown
page read and write
F7F000
heap
page read and write
2262FC95000
heap
page read and write
17E0000
direct allocation
page read and write
1D1AAA4C000
heap
page read and write
2262FEC7000
heap
page read and write
2670000
heap
page read and write
5F0000
direct allocation
page read and write
1A18C550000
heap
page read and write
25325D53000
heap
page read and write
DF0000
direct allocation
page read and write
25325E9C000
heap
page read and write
34DF000
heap
page read and write
678B000
heap
page read and write
BEB000
unkown
page execute and read and write
33C000
unkown
page write copy
2C01000
heap
page read and write
21060000
heap
page read and write
4E6000
unkown
page execute and write copy
F05000
heap
page read and write
21053000
heap
page read and write
3260000
unkown
page read and write
2EB0000
heap
page read and write
123A000
unkown
page read and write
8890000
unkown
page readonly
22630C18000
heap
page read and write
7FF5D716B000
unkown
page readonly
9AA8000
unkown
page read and write
2262FA0F000
heap
page read and write
840000
unkown
page read and write
2262FA22000
heap
page read and write
A3B9000
unkown
page read and write
34E3000
heap
page read and write
3260000
unkown
page read and write
525000
unkown
page execute and write copy
2D51000
heap
page read and write
9D4000
heap
page read and write
F84000
heap
page read and write
C000014000
direct allocation
page read and write
21053000
heap
page read and write
3E10000
heap
page read and write
1E0F000
heap
page read and write
470000
heap
page read and write
DC5000
unkown
page readonly
F89000
unkown
page execute and read and write
F8B000
heap
page read and write
6AC1000
heap
page read and write
2262FA35000
heap
page read and write
7FF65671C000
unkown
page read and write
823000
unkown
page readonly
3057000
heap
page read and write
141A11000
unkown
page readonly
1FA30845000
heap
page read and write
226310BC000
heap
page read and write
F7A000
heap
page read and write
2698000
heap
page read and write
6AA1000
heap
page read and write
2262FA42000
heap
page read and write
31D1000
heap
page read and write
2262F7C3000
heap
page read and write
3851000
heap
page read and write
9D4000
heap
page read and write
C24E000
stack
page read and write
2106E000
heap
page read and write
660D000
stack
page read and write
5F0000
direct allocation
page read and write
2532301B000
heap
page read and write
25322FBF000
heap
page read and write
3630000
unkown
page readonly
8B70000
unkown
page read and write
2981000
heap
page read and write
2262F9EB000
heap
page read and write
2262FACA000
heap
page read and write
2262FA3C000
heap
page read and write
2C01000
heap
page read and write
2262FA61000
heap
page read and write
7FF5D7792000
unkown
page readonly
1D1AAA58000
heap
page read and write
C00003C000
direct allocation
page read and write
678F000
heap
page read and write
37A0000
heap
page read and write
1D1AAA4C000
heap
page read and write
2FEF000
stack
page read and write
5F0000
direct allocation
page read and write
269BFCC0000
heap
page read and write
267F000
heap
page read and write
35C1000
unkown
page read and write
7FF5D7463000
unkown
page readonly
C00004E000
direct allocation
page read and write
1D1AAA4C000
heap
page read and write
48D000
unkown
page write copy
2262FA12000
heap
page read and write
1F21CE79000
heap
page read and write
DF0000
direct allocation
page read and write
42E000
unkown
page write copy
A233000
unkown
page read and write
1890000
trusted library allocation
page read and write
7FF5D760E000
unkown
page readonly
2262FAA4000
heap
page read and write
698CC000
unkown
page read and write
C00044A000
direct allocation
page read and write
268C000
heap
page read and write
2262FA0F000
heap
page read and write
4A0E000
unkown
page read and write
2262FE7C000
heap
page read and write
5F0000
direct allocation
page read and write
6799000
heap
page read and write
3260000
unkown
page read and write
DF0000
direct allocation
page read and write
214D000
heap
page read and write
68B2000
heap
page read and write
2262FA5C000
heap
page read and write
1680000
heap
page read and write
6B0B000
heap
page read and write
9D5000
heap
page read and write
7380000
remote allocation
page read and write
2262FA73000
heap
page read and write
6373000
heap
page read and write
6B3B000
heap
page read and write
188D94F0000
heap
page read and write
F35F000
unkown
page read and write
C000094000
direct allocation
page read and write
6AB6000
heap
page read and write
1281000
unkown
page readonly
1D1AAA4C000
heap
page read and write
25322FF1000
heap
page read and write
1D1AAA5A000
heap
page read and write
6AEE000
heap
page read and write
59E000
stack
page read and write
F08000
heap
page read and write
1380000
heap
page read and write
2D501650000
direct allocation
page read and write
7FF5D74F2000
unkown
page readonly
F8A000
heap
page read and write
C000462000
direct allocation
page read and write
2262FA31000
heap
page read and write
2262DA1E000
heap
page read and write
F13000
unkown
page execute and read and write
25322FA9000
heap
page read and write
675C000
heap
page read and write
188D9290000
heap
page read and write
6AA3000
heap
page read and write
3260000
unkown
page read and write
2262F7D6000
heap
page read and write
2262FEAE000
heap
page read and write
6ADB000
heap
page read and write
1D1AAA58000
heap
page read and write
7FF5D769E000
unkown
page readonly
1D1AAA4C000
heap
page read and write
760F000
unkown
page read and write
7B20000
unkown
page read and write
2532301E000
heap
page read and write
1DF1000
heap
page read and write
7FF656749000
unkown
page read and write
D95000
unkown
page readonly
2532301B000
heap
page read and write
21048000
heap
page read and write
597E000
stack
page read and write
6B0A000
heap
page read and write
921000
unkown
page execute read
2262FF39000
heap
page read and write
2262F730000
trusted library allocation
page read and write
6B8E000
heap
page read and write
7FF5D728E000
unkown
page readonly
836000
unkown
page readonly
2EB01000
heap
page read and write
7DF4F2491000
unkown
page execute read
1D1AAA4C000
heap
page read and write
AE1D000
stack
page read and write
1A18C625000
heap
page read and write
DB06BFF000
stack
page read and write
2D51000
heap
page read and write
6B2D000
heap
page read and write
75B000
unkown
page execute and write copy
2860000
heap
page read and write
3160000
unkown
page read and write
6817000
heap
page read and write
850000
heap
page read and write
2107C000
heap
page read and write
1D1AAA58000
heap
page read and write
9D4000
heap
page read and write
5DE000
stack
page read and write
130F000
unkown
page read and write
7FF5D7442000
unkown
page readonly
2262F7D6000
heap
page read and write
1140000
heap
page read and write
698C3000
unkown
page write copy
180000
heap
page read and write
8E0000
unkown
page read and write
DF0000
direct allocation
page read and write
2262F9F8000
heap
page read and write
1D1AAA5A000
heap
page read and write
1D1AAA58000
heap
page read and write
6AB3000
heap
page read and write
31BD000
stack
page read and write
1D1AAA4C000
heap
page read and write
266F000
heap
page read and write
9A8E000
unkown
page read and write
6BAC000
heap
page read and write
2262FA61000
heap
page read and write
9A72000
unkown
page read and write
1D1AAA4C000
heap
page read and write
C00015C000
direct allocation
page read and write
2D51000
heap
page read and write
AFBE000
stack
page read and write
40C000
unkown
page write copy
2262FC6B000
heap
page read and write
23B0000
heap
page read and write
EB5000
stack
page read and write
F58000
unkown
page execute and read and write
7FF5D72FB000
unkown
page readonly
6AA1000
heap
page read and write
2262FAA4000
heap
page read and write
F366000
unkown
page read and write
25322FE6000
heap
page read and write
A2D7000
unkown
page read and write
5F0000
direct allocation
page read and write
290F000
stack
page read and write
615F000
stack
page read and write
2532553E000
heap
page read and write
3798000
heap
page read and write
3186000
trusted library allocation
page read and write
FE3000
unkown
page readonly
1F21CE7A000
heap
page read and write
4C7000
unkown
page readonly
2262FA4A000
heap
page read and write
9D4000
heap
page read and write
25323017000
heap
page read and write
AA40000
unkown
page read and write
3348000
unkown
page read and write
F8A000
heap
page read and write
C000022000
direct allocation
page read and write
1A80000
heap
page read and write
3260000
unkown
page read and write
FED000
unkown
page write copy
7FF5D7073000
unkown
page readonly
7FF5CE33D000
unkown
page readonly
42E000
unkown
page read and write
F353000
unkown
page read and write
2D51000
heap
page read and write
F32C000
unkown
page read and write
3260000
unkown
page read and write
2262FC63000
heap
page read and write
1C44000
heap
page read and write
226303AD000
heap
page read and write
2D5013F0000
direct allocation
page read and write
4EA000
unkown
page execute and write copy
6B3A000
heap
page read and write
188D9190000
heap
page read and write
E60000
direct allocation
page read and write
818000
unkown
page write copy
6975000
heap
page read and write
7FF5D7700000
unkown
page readonly
430000
unkown
page read and write
6781000
heap
page read and write
2CB0000
heap
page read and write
2262F7EC000
heap
page read and write
2C01000
heap
page read and write
3783000
heap
page read and write
BE90000
unkown
page read and write
253268B0000
direct allocation
page read and write
2630000
heap
page read and write
7FF6563A0000
unkown
page read and write
34F5000
heap
page read and write
7FF656130000
unkown
page readonly
7DF4F2480000
unkown
page readonly
2262FC6F000
heap
page read and write
6752000
heap
page read and write
96000
stack
page read and write
F338000
unkown
page read and write
77BD000
unkown
page readonly
2262FC70000
heap
page read and write
2262FC95000
heap
page read and write
590000
heap
page read and write
3660000
trusted library allocation
page read and write
67B0000
heap
page read and write
2262FAA4000
heap
page read and write
F21000
unkown
page execute read
2532301B000
heap
page read and write
7FF6563F7000
unkown
page read and write
2262FC63000
heap
page read and write
7FF5D7425000
unkown
page readonly
3489000
stack
page read and write
1F0000
heap
page read and write
2D51000
heap
page read and write
1D1AAA5A000
heap
page read and write
2262FA85000
heap
page read and write
3851000
heap
page read and write
2D51000
heap
page read and write
2DA0000
heap
page read and write
3260000
unkown
page read and write
AF0000
unkown
page readonly
125A000
unkown
page read and write
226300F9000
heap
page read and write
1D1AAA5A000
heap
page read and write
C7A000
unkown
page read and write
1160000
unkown
page read and write
1A18C628000
heap
page read and write
1D1AAA5A000
heap
page read and write
63E000
heap
page read and write
35BD000
unkown
page read and write
55C000
heap
page read and write
9D4000
heap
page read and write
A35000
unkown
page readonly
6AC4000
heap
page read and write
2262FA7E000
heap
page read and write
17E0000
direct allocation
page read and write
2682000
heap
page read and write
BF1000
unkown
page execute and read and write
2262F9DA000
heap
page read and write
6AA1000
heap
page read and write
3851000
heap
page read and write
C000030000
direct allocation
page read and write
2C01000
heap
page read and write
40A000
unkown
page write copy
164E000
heap
page read and write
312000
unkown
page readonly
7DF4F2461000
unkown
page execute read
2D5016A0000
direct allocation
page read and write
3586000
heap
page read and write
6973000
heap
page read and write
7FF6563E3000
unkown
page read and write
25323811000
heap
page read and write
104F6000
unkown
page read and write
1850000
trusted library allocation
page read and write
6ACC000
heap
page read and write
6780000
heap
page read and write
675A000
heap
page read and write
7E60000
unkown
page read and write
1D1AAA5A000
heap
page read and write
5B0000
heap
page read and write
7FF5D6BEF000
unkown
page readonly
174B000
stack
page read and write
6AB2000
heap
page read and write
25322FB6000
heap
page read and write
2262FA59000
heap
page read and write
F353000
unkown
page read and write
7FF5D7764000
unkown
page readonly
9D4000
heap
page read and write
E60000
direct allocation
page read and write
2EC0000
unkown
page readonly
14000B000
unkown
page read and write
17E0000
direct allocation
page read and write
67F000
unkown
page execute and write copy
C00046D000
direct allocation
page read and write
F84000
heap
page read and write
610B000
stack
page read and write
6797000
heap
page read and write
84BB000
stack
page read and write
2262FC6B000
heap
page read and write
2DC0000
direct allocation
page read and write
1D1AAA5A000
heap
page read and write
2740000
heap
page read and write
1D1AAA5A000
heap
page read and write
3851000
heap
page read and write
7FF5D7648000
unkown
page readonly
6AAB000
heap
page read and write
7FF5D7376000
unkown
page readonly
25322FD5000
heap
page read and write
9B41000
unkown
page read and write
9B245FE000
unkown
page readonly
6AC1000
heap
page read and write
DBE000
unkown
page readonly
4530000
heap
page read and write
8B70000
unkown
page read and write
2262F9E7000
heap
page read and write
2D51000
heap
page read and write
2532381C000
heap
page read and write
267A000
heap
page read and write
9D4000
heap
page read and write
6ADB000
heap
page read and write
5D8A000
trusted library section
page read and write
67B000
heap
page read and write
1C44000
heap
page read and write
24BF000
stack
page read and write
14EE000
stack
page read and write
30FB000
stack
page read and write
7B10000
unkown
page read and write
7CB0000
unkown
page readonly
24BCC7A0000
heap
page read and write
3260000
unkown
page read and write
21060000
heap
page read and write
A60000
unkown
page read and write
E60000
trusted library allocation
page read and write
26D5000
heap
page read and write
2262FC40000
heap
page read and write
2262F7BE000
heap
page read and write
25322FBA000
heap
page read and write
25325DDB000
heap
page read and write
2262F7D6000
heap
page read and write
3796000
heap
page read and write
1DCC000
heap
page read and write
2106C000
heap
page read and write
5CCE000
stack
page read and write
696A000
heap
page read and write
40C000
unkown
page readonly
E60000
direct allocation
page read and write
6732000
heap
page read and write
434000
heap
page read and write
470000
heap
page read and write
1860000
trusted library allocation
page read and write
9F0000
direct allocation
page read and write
6735000
heap
page read and write
1D1AAA58000
heap
page read and write
9A84000
unkown
page read and write
25322FB6000
heap
page read and write
6ADB000
heap
page read and write
84D1000
unkown
page read and write
BBA000
unkown
page execute and read and write
F7F000
heap
page read and write
5F0000
direct allocation
page read and write
9A80000
unkown
page read and write
188A000
trusted library allocation
page execute and read and write
2262FBFD000
heap
page read and write
7FF5D777A000
unkown
page readonly
141962000
unkown
page execute read
6AA0000
trusted library allocation
page read and write
8F49000
stack
page read and write
430000
heap
page read and write
6B2E000
heap
page read and write
21881CF0000
heap
page read and write
677A000
heap
page read and write
9D4000
heap
page read and write
6AB6000
heap
page read and write
2262FC70000
heap
page read and write
870000
direct allocation
page read and write
2262FAAD000
heap
page read and write
32D4000
heap
page read and write
2262FA04000
heap
page read and write
6460000
remote allocation
page read and write
521000
unkown
page execute and write copy
2C01000
heap
page read and write
3260000
unkown
page read and write
2262FA93000
heap
page read and write
F328000
unkown
page read and write
4A12000
unkown
page read and write
2262FA1F000
heap
page read and write
3975000
heap
page read and write
8B70000
unkown
page read and write
24BCC740000
heap
page read and write
2262FA8D000
heap
page read and write
7FF5D7292000
unkown
page readonly
86D0000
unkown
page readonly
140001000
unkown
page execute read
A251000
unkown
page read and write
7FF5D77C7000
unkown
page readonly
2262FA8D000
heap
page read and write
6AA0000
trusted library allocation
page read and write
25325D74000
heap
page read and write
617F000
stack
page read and write
2262FC63000
heap
page read and write
7FF5D7336000
unkown
page readonly
2262F300000
direct allocation
page read and write
F19000
unkown
page execute and read and write
40F7000
direct allocation
page read and write
6974000
heap
page read and write
1D1AAA5A000
heap
page read and write
C483000
unkown
page read and write
2263077A000
heap
page read and write
1D1AAA4C000
heap
page read and write
2262FC6F000
heap
page read and write
7380000
remote allocation
page read and write
6AB6000
heap
page read and write
25325A00000
direct allocation
page read and write
9A92000
unkown
page read and write
3260000
unkown
page read and write
7FF5D71A6000
unkown
page readonly
1D1AAA4C000
heap
page read and write
25323017000
heap
page read and write
21060000
heap
page read and write
1D1AAA58000
heap
page read and write
7DC0000
unkown
page readonly
430000
heap
page read and write
21060000
heap
page read and write
3851000
heap
page read and write
3851000
heap
page read and write
21053000
heap
page read and write
447137C000
stack
page read and write
21060000
heap
page read and write
2262FFEF000
heap
page read and write
E64E000
stack
page read and write
1D1AAA5A000
heap
page read and write
1D1AAA58000
heap
page read and write
2262FA19000
heap
page read and write
1DD8000
heap
page read and write
1D1AAA4C000
heap
page read and write
1DD3000
heap
page read and write
7FF5D77EB000
unkown
page readonly
214B000
heap
page read and write
35F4000
unkown
page read and write
5B90000
trusted library allocation
page execute and read and write
1D1AAA5A000
heap
page read and write
3851000
heap
page read and write
253268F0000
direct allocation
page read and write
8C0000
heap
page read and write
7FF5D783B000
unkown
page readonly
2217000
heap
page read and write
9D4000
heap
page read and write
7FF5D768B000
unkown
page readonly
E70000
direct allocation
page read and write
687000
heap
page read and write
6CA000
heap
page read and write
25322FE5000
heap
page read and write
59E8000
heap
page read and write
37C3000
heap
page read and write
9C000
stack
page read and write
6AB4000
heap
page read and write
7FF5D7450000
unkown
page readonly
7FF5CE343000
unkown
page readonly
2262F7F6000
heap
page read and write
630F000
stack
page read and write
580000
direct allocation
page execute and read and write
6AC8000
heap
page read and write
9D4000
heap
page read and write
8D5000
heap
page read and write
5B4E000
unkown
page read and write
8B70000
unkown
page read and write
1D1AAA5A000
heap
page read and write
1D1AAA4C000
heap
page read and write
68B9000
heap
page read and write
7DF4F24A1000
unkown
page execute read
25325E76000
heap
page read and write
1880000
trusted library allocation
page read and write
DB06B7D000
stack
page read and write
2262FA1D000
heap
page read and write
2262FC19000
heap
page read and write
9D4000
heap
page read and write
DF0000
direct allocation
page read and write
7FF5D7485000
unkown
page readonly
2E0000
unkown
page readonly
C00013E000
direct allocation
page read and write
7FF7FE5A0000
unkown
page readonly
25322FBA000
heap
page read and write
21055000
heap
page read and write
D6F000
stack
page read and write
A9E000
stack
page read and write
25325541000
heap
page read and write
2262F9CE000
heap
page read and write
3260000
unkown
page read and write
17E0000
direct allocation
page read and write
EC0000
remote allocation
page read and write
1D1AAA5A000
heap
page read and write
4E8000
unkown
page execute and write copy
3851000
heap
page read and write
316D000
heap
page read and write
141A11000
unkown
page readonly
7FF5D72C8000
unkown
page readonly
818000
unkown
page write copy
6AA1000
heap
page read and write
7FF7FE5EE000
unkown
page readonly
2D5013F9000
direct allocation
page read and write
3180000
trusted library allocation
page read and write
3110000
unkown
page readonly
1D1AAA4C000
heap
page read and write
2C01000
heap
page read and write
1D1AAA5A000
heap
page read and write
7FF5D7507000
unkown
page readonly
2AF7000
heap
page read and write
2262FE9B000
heap
page read and write
7FF5D7202000
unkown
page readonly
8B70000
unkown
page read and write
8B70000
unkown
page read and write
3520000
unkown
page readonly
2262FAA4000
heap
page read and write
C625000
unkown
page read and write
2C01000
heap
page read and write
C4DC000
unkown
page read and write
3D8E000
stack
page read and write
1E77000
heap
page read and write
550000
unkown
page execute and write copy
675C000
heap
page read and write
97FE000
stack
page read and write
4545000
direct allocation
page read and write
1D1AAA58000
heap
page read and write
25322FA5000
heap
page read and write
E60000
direct allocation
page read and write
3851000
heap
page read and write
B4D0000
unkown
page readonly
6AA8000
heap
page read and write
22630297000
heap
page read and write
17E0000
direct allocation
page read and write
B03B000
stack
page read and write
7A93D7D000
stack
page read and write
2262FA7E000
heap
page read and write
2262FA8A000
heap
page read and write
23D1000
trusted library allocation
page read and write
C000144000
direct allocation
page read and write
6AB1000
heap
page read and write
A313000
unkown
page read and write
5F0000
trusted library allocation
page read and write
C496000
unkown
page read and write
9F0000
heap
page read and write
1E76000
heap
page read and write
2262F7C6000
heap
page read and write
1C44000
heap
page read and write
1D1AAA4C000
heap
page read and write
29C494E0000
heap
page read and write
C00008E000
direct allocation
page read and write
9D4000
heap
page read and write
9A98000
unkown
page read and write
30F7000
heap
page read and write
C663000
unkown
page read and write
1D1AAA58000
heap
page read and write
BBE000
unkown
page execute and read and write
32B000
unkown
page read and write
2262FFED000
heap
page read and write
37A1000
heap
page read and write
7FF5D76DA000
unkown
page readonly
21060000
heap
page read and write
2262FAAD000
heap
page read and write
44F0000
heap
page read and write
2262FA0B000
heap
page read and write
2262FC6B000
heap
page read and write
7FF5D7558000
unkown
page readonly
1150000
heap
page read and write
2D51000
heap
page read and write
2262FFE4000
heap
page read and write
2263020C000
heap
page read and write
9D67000
unkown
page read and write
E90000
direct allocation
page read and write
99B0000
unkown
page read and write
3190000
heap
page read and write
2C11000
unkown
page readonly
2105D000
heap
page read and write
BFD000
unkown
page execute and read and write
2262F7C5000
heap
page read and write
7C90000
unkown
page read and write
434000
heap
page read and write
1A18C530000
heap
page read and write
1400000
heap
page read and write
7FF5D71C8000
unkown
page readonly
77DB000
unkown
page read and write
3F4000
unkown
page write copy
1FDBA222000
heap
page read and write
D17000
unkown
page write copy
C000136000
direct allocation
page read and write
3851000
heap
page read and write
C450000
unkown
page read and write
1D1AAA5A000
heap
page read and write
2262FAA4000
heap
page read and write
9B23F7E000
stack
page read and write
4470DEB000
stack
page read and write
2C01000
heap
page read and write
9D4000
heap
page read and write
F84000
heap
page read and write
7FF5D77DA000
unkown
page readonly
34FB000
heap
page read and write
348E000
stack
page read and write
8FE000
stack
page read and write
25325E36000
heap
page read and write
F7F000
heap
page read and write
F25000
heap
page read and write
3851000
heap
page read and write
22630858000
heap
page read and write
96B000
stack
page read and write
823000
unkown
page readonly
1C0E000
stack
page read and write
2262FA61000
heap
page read and write
2D1F4000
heap
page read and write
24BCCA85000
heap
page read and write
2C01000
heap
page read and write
25323017000
heap
page read and write
1F21CE8B000
heap
page read and write
66C000
heap
page read and write
7AC0000
unkown
page read and write
2262F9F7000
heap
page read and write
2C6A000
heap
page read and write
2262FA7E000
heap
page read and write
1F21CED3000
heap
page read and write
A39C000
unkown
page read and write
2262FA2A000
heap
page read and write
269BFF30000
heap
page read and write
2262FBE1000
heap
page read and write
627C000
stack
page read and write
23D0000
direct allocation
page read and write
6799000
heap
page read and write
1FDBA1D0000
remote allocation
page read and write
87C000
unkown
page readonly
4E0000
unkown
page execute and write copy
2640000
heap
page read and write
ACD000
unkown
page read and write
2981000
heap
page read and write
25322FB6000
heap
page read and write
2262FE2F000
heap
page read and write
440000
heap
page read and write
2262FA3C000
heap
page read and write
7FF5D7429000
unkown
page readonly
31A9000
heap
page read and write
7FF5D771A000
unkown
page readonly
3260000
unkown
page read and write
2262F340000
remote allocation
page read and write
2262F7D2000
heap
page read and write
7686000
unkown
page read and write
7FF5D76E8000
unkown
page readonly
2262FC23000
heap
page read and write
C00001E000
direct allocation
page read and write
DF0000
direct allocation
page read and write
25322FAB000
heap
page read and write
7FF5D74C3000
unkown
page readonly
358F000
stack
page read and write
F85000
heap
page read and write
4B00000
unkown
page read and write
25322FB6000
heap
page read and write
6810000
heap
page read and write
2194000
direct allocation
page read and write
C000467000
direct allocation
page read and write
6ABD000
heap
page read and write
C65E000
unkown
page read and write
6AA3000
heap
page read and write
2262FA3C000
heap
page read and write
1D1AAA58000
heap
page read and write
1360000
unkown
page readonly
253238AB000
heap
page read and write
35DC000
unkown
page read and write
2262FC53000
heap
page read and write
E4CA000
stack
page read and write
2262FA61000
heap
page read and write
682000
heap
page read and write
2262F81A000
heap
page read and write
2262FAAD000
heap
page read and write
6AA9000
heap
page read and write
F35E000
unkown
page read and write
CEF000
unkown
page read and write
11B1000
unkown
page execute read
6AC3000
heap
page read and write
BF9000
unkown
page execute and read and write
307C000
stack
page read and write
25323811000
heap
page read and write
5C1F000
stack
page read and write
1D1AAA4C000
heap
page read and write
F60000
unkown
page execute and read and write
2C01000
heap
page read and write
2262FAA4000
heap
page read and write
6ABB000
heap
page read and write
C000047000
direct allocation
page read and write
25322FEF000
heap
page read and write
6ADB000
heap
page read and write
CA17000
unkown
page read and write
2107C000
heap
page read and write
25323017000
heap
page read and write
22630D5F000
heap
page read and write
A3AA000
unkown
page read and write
68B7000
heap
page read and write
2262FC6F000
heap
page read and write
2262FAA7000
heap
page read and write
9D4000
heap
page read and write
3500000
stack
page read and write
2262FA8D000
heap
page read and write
2262FA56000
heap
page read and write
2D51000
heap
page read and write
897B000
stack
page read and write
21060000
heap
page read and write
2D501640000
direct allocation
page read and write
2262FA3E000
heap
page read and write
379F000
heap
page read and write
9D4000
heap
page read and write
2262FA5C000
heap
page read and write
2C10000
heap
page read and write
1D1AAA58000
heap
page read and write
3851000
heap
page read and write
6CA2000
heap
page read and write
3260000
unkown
page read and write
A3A000
heap
page read and write
67B9000
heap
page read and write
529000
unkown
page execute and write copy
2532301B000
heap
page read and write
2981000
heap
page read and write
E60000
direct allocation
page read and write
6D6000
heap
page read and write
8B70000
unkown
page read and write
4534000
heap
page read and write
4881000
unkown
page read and write
2262F7D2000
heap
page read and write
269BFC90000
heap
page read and write
32FE000
trusted library allocation
page read and write
21046000
heap
page read and write
2E9E000
heap
page read and write
25322FB6000
heap
page read and write
2262FACA000
heap
page read and write
1DE9000
heap
page read and write
22D9000
direct allocation
page read and write
2C01000
heap
page read and write
1D1AAA58000
heap
page read and write
31E000
unkown
page write copy
1D1AAA58000
heap
page read and write
9A6A000
unkown
page read and write
6ABD000
heap
page read and write
21057000
heap
page read and write
22630B06000
heap
page read and write
AAA8000
unkown
page read and write
F33C000
unkown
page read and write
1C44000
heap
page read and write
401000
unkown
page execute read
2C01000
heap
page read and write
2C01000
heap
page read and write
3790000
heap
page read and write
1DC2000
heap
page read and write
2262FA8D000
heap
page read and write
3434000
trusted library allocation
page read and write
21066000
heap
page read and write
6ABD000
heap
page read and write
2DB2000
heap
page read and write
25322FF1000
heap
page read and write
3320000
trusted library allocation
page read and write
2262FC22000
heap
page read and write
2262F9F7000
heap
page read and write
C000128000
direct allocation
page read and write
1D5000
heap
page read and write
1D1AAA5A000
heap
page read and write
4986000
unkown
page read and write
7FF5D77A4000
unkown
page readonly
AA92000
unkown
page read and write
C9D1000
unkown
page read and write
F1F000
unkown
page execute and read and write
F8A000
heap
page read and write
2262FC70000
heap
page read and write
2691000
heap
page read and write
25326230000
direct allocation
page read and write
527000
unkown
page execute and write copy
1D1AAA4C000
heap
page read and write
C77000
unkown
page read and write
25322FA9000
heap
page read and write
6BAC000
heap
page read and write
7FF5D7360000
unkown
page readonly
7FF5D75F2000
unkown
page readonly
2262F80F000
heap
page read and write
2262F300000
direct allocation
page read and write
2262FA80000
heap
page read and write
1F21CE8B000
heap
page read and write
698CA000
unkown
page read and write
55C000
unkown
page execute and write copy
25323017000
heap
page read and write
There are 3339 hidden memdumps, click here to show them.