IOC Report
qk9TaBBxh8.exe

loading gif

Files

File Path
Type
Category
Malicious
qk9TaBBxh8.exe
PE32+ executable (GUI) x86-64, for MS Windows
initial sample
 malicious
C:\ProgramData\MPGPH131\MPGPH131.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\ndfbaljqaqzm\dckuybanmlgp.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
JSON data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\Retailer_prog[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\d4814c7a[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\123p[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\Space_bake[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\rules[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\setup294[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\timeSync[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\060[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\Default16_team[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\cad54ba5b01423b1af8ec10ab5719d97[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\grabber[1].exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\lumma1504[1].exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\setup[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\sqln[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Soul Media Player\is-3VR8O.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Soul Media Player\is-EGFT5.tmp
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Soul Media Player\is-GP76V.tmp
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Soul Media Player\is-TIE2M.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Soul Media Player\libeay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Soul Media Player\libssl-1_1.dll (copy)
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Soul Media Player\soulmediaplayer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
 malicious
C:\Users\user\AppData\Local\Soul Media Player\ssleay32.dll (copy)
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Soul Media Player\unins000.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSDDAF.tmp\AggregatorHost.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSDDAF.tmp\BdeUISrv.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSDDAF.tmp\Install.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSDDAF.tmp\at.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSDDAF.tmp\atieclxx.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSDDAF.tmp\cacls.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSDDAF.tmp\twain_32.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\J4dorNOROd60TEXKOpUsDEA.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\SZM3Yb.I
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\YrWSGTvMbD1qxqADGULdj7d.zip
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\MSVCP140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\Pythonwin\mfc140u.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\Pythonwin\win32ui.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\VCRUNTIME140.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\VCRUNTIME140_1.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\_bz2.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\_ctypes.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\_elementtree.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\_hashlib.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\_lzma.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\_queue.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\_socket.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\_ssl.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\charset_normalizer\md.cp38-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\charset_normalizer\md__mypyc.cp38-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\exe\netconn_properties.exe
PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\exe\registers.exe
PE32 executable (console) Intel 80386, for MS Windows, UPX compressed
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\exe\upx.exe
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\libcrypto-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\libffi-7.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\libssl-1_1.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\psutil\_psutil_windows.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\pyexpat.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\python3.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\python38.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\pywin32_system32\pythoncom38.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\pywin32_system32\pywintypes38.dll
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\select.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\unicodedata.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\win32\_win32sysloader.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\win32\win32api.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\win32\win32net.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\win32\win32security.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\win32\win32trace.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\win32\win32wnet.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\zstandard\_cffi.cp38-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\_MEI40602\zstandard\backend_c.cp38-win_amd64.pyd
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\JpL3YVeZ0uQ2FWGpg5WG.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-7JMLT.tmp\is-P287H.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-BMP08.tmp\_isetup\_RegDLL.tmp
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-BMP08.tmp\_isetup\_iscrypt.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\is-BMP08.tmp\_isetup\_setup64.tmp
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\btswgej
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\45NBK9axc23mjqmbKvmG0NYP.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\70Leo0eE867BJ4vm1aky3Uk3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\EWdN3bvBjxAbF1GyzHE7_p73.exe
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\FSYOvyvMMT80PCsMousFK1Xa.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\Jsakr_KmqehdR6ptAH1OzwuM.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\NyiVs23yIO_0wMOj5TwwBpJ5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\T9n2wvLQ1PO2GfTxLTyp21hE.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\TUBbflj40zqtNIEKWH_MWjeG.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\bKj5ORDxbqgwdZav4hyONQmM.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\cjlnYlPYSIAljKunxGKtil91.exe
PE32 executable (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\eQEIduvtZVhzsp4oDFOuc1gy.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\kPBjgT9TnN00tvBCDizDiq41.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\nRGT2oA3F8V3EBSM6dmMTrGw.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\ocI8OvNXSYwHw7Rg5l6_f8IK.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\ooon0i8sg2EZy1pci_ppgkth.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\tXlQ3NLbQqxBkFS_TfaDHWX4.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\zFe0EAtgy56yDxXht4nmozfb.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\System32\GroupPolicy\gpt.ini
ASCII text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\BFBGHDGCFHIDBGDGIIIE
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\BFHIJEBKEBGHIDHJKJEG
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\BFIIIDAF
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\BQJUWOYRTO.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\CAKKEGDGCGDAKEBFIJECGHJEGC
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\CGIJECFIECBFIDGDAKFH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\EBAEBFII
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\ECFHIJKJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\EEGWXUHVUG.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\EEGWXUHVUG.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\EHJDGHJDBFIJKECAECAFBAKKEG
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\EIVQSAOTAQ.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\FBKJKEHIJECGCBFIJEGIDBGIEC
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\FCAAAAFB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\FIJDGIJJKEGIEBGCGDHCFIDAAE
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\ProgramData\GDHCGDGIEBKJKFHJJKFCBFBGDA
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\GHCGDAFC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\HIJEGIIJDGHDGCBGHCAAECFHCG
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\ProgramData\IECGIEBAEBFIIECBGCBGDHCAFC
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\IIIDAKJDHJKFHIEBFCGH
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\IPKGELNTQY.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\JJJDGIECFCAKKFHIIIJEGDHIIE
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\KFCFBFHI
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\MXPXCVPDVN.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER10F6.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER11C.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER131A.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER14B1.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1687.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER17D0.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER18AC.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A43.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AE1.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BEB.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1C88.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EDB.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FB7.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER20F0.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER22C6.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER23C1.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER246E.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C5E.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C8E.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D5A.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2DD8.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E37.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E67.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3974.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3975.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AED.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AFE.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D19.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E82.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER41B.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4271.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4291.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER435D.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER464.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F7.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER598D.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A68.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5CEA.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E91.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F7C.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FFA.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER61B1.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6319.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67AE.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6964.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6AAE.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B2C.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER714.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7157.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7167.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72A1.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B3D.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E6.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8204.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER835.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8409.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER85DF.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8728.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8729.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8739.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8A3.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B90.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BFE.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C4.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8CAB.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D39.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9170.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9643.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER96E0.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER976E.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A1F.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9ABC.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9BF.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9EC4.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA32A.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4A2.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4C2.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA59E.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA774.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB04E.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB1E6.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB206.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB301.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB39E.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3DE.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB42D.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB595.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB94.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9EC.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBA3B.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBAA9.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC31.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC61.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBC71.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBCC0.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0B9.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC483.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC61A.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC725.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC86E.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8EC.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8F.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC91C.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA84.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCBEC.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD45.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD005.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD054.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD14F.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD623.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD633.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD663.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD6B.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD9DF.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC51.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF9E.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE0B8.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE4C0.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE9F1.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA11.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA32.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREAA0.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB4D.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB4E.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERED14.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREDF0.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF081.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF12E.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF1AC.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF288.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF4EA.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5F5.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF682.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF73F.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF74F.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF7DD.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFC05.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFCC2.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDBA.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDFA.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE49.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE88.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF64.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF75.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFFC4.tmp.csv
data
dropped
C:\ProgramData\NWCXBPIUYI.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\SQRKHNBNYN.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\SQRKHNBNYN.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\UOOJJOZIRH.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\VAMYDFPUND.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\ZQIXMVQGAH.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\Public\Desktop\Google Chrome.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Thu Oct 5 05:47:12 2023, atime=Wed Sep 27 08:36:54 2023, length=3242272, window=hide
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\128.png
RIFF (little-endian) data, Web/P image
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\_metadata\verified_contents.json
JSON data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\manifest.json
JSON data
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\performance.js
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\popup.css
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\popup.html
HTML document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\popup.js
ASCII text
dropped
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjnniijcjakoaghpedjpcfkoclplenf\3.0_0\worker.js
ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001d.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\PL_Clients[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\crypted[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\crypted[2].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\setup[1].htm
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\page_error[1].jpg
Google Chrome extension, version 3
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\76561199673019888[1].htm
HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\files[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\imgdrive_2_1[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Soul Media Player\is-CQ6FP.tmp
data
dropped
C:\Users\user\AppData\Local\Soul Media Player\is-GGLJH.tmp
data
dropped
C:\Users\user\AppData\Local\Soul Media Player\is-J3AJ7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Soul Media Player\is-RB9QN.tmp
data
dropped
C:\Users\user\AppData\Local\Soul Media Player\snapshot_blob.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Soul Media Player\unins000.dat
InnoSetup Log Soul Media Player, version 0x2a, 3982 bytes, 549163\user, "C:\Users\user\AppData\Local\Soul Media Player"
dropped
C:\Users\user\AppData\Local\Soul Media Player\v8_context_snapshot.bin (copy)
data
dropped
C:\Users\user\AppData\Local\Soul Media Player\vk_swiftshader_icd.json (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Temp\TmpFE95.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\TmpFEA6.tmp
data
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-console-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-datetime-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-debug-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-errorhandling-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-file-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-file-l1-2-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-file-l2-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-handle-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-heap-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-interlocked-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-libraryloader-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-localization-l1-2-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-memory-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-namedpipe-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-processenvironment-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-processthreads-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-processthreads-l1-1-1.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-profile-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-rtlsupport-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-string-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-synch-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-synch-l1-2-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-sysinfo-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-timezone-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-core-util-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-conio-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-convert-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-environment-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-filesystem-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-heap-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-locale-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-math-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-multibyte-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-process-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-runtime-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-stdio-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-string-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-time-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\api-ms-win-crt-utility-l1-1-0.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\base_library.zip
Zip archive data, at least v2.0 to extract, compression method=store
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\certifi\cacert.pem
ASCII text
dropped
C:\Users\user\AppData\Local\Temp\_MEI40602\ucrtbase.dll
PE32+ executable (DLL) (console) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\adobeIT8d9rZTEaOT\Cookies\Chrome_Default.txt
ASCII text, with very long lines (369), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobeIT8d9rZTEaOT\information.txt
ASCII text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobeIT8d9rZTEaOT\passwords.txt
Unicode text, UTF-8 text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobeIT8d9rZTEaOT\screenshot.png
PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
dropped
C:\Users\user\AppData\Local\Temp\adobej9k8gMFSuoDn\Cookies\Chrome_Default.txt
ASCII text, with very long lines (369), with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobej9k8gMFSuoDn\information.txt
ASCII text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\adobej9k8gMFSuoDn\passwords.txt
Unicode text, UTF-8 text, with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\02zdBXl47cvzcookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\3b6N2Xdh3CYwplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\5ICYdbG24XfVCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\7XOcpMAv8YGZWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\CmSGx976RcNqHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\D87fZN3R3jFeplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\G8n0p_xzBDT7Login Data For Account
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\KLIgZM9i7iJeWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\KngKVvE0olMGHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\R4YSKZUrzgCtWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\TcE1Mjz1L98vWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\Y_SvE8ghBxMwWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\gVu_LOi9q3BYLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\i9xqFAzDO0YxWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\nroosGMedMsrCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\ppy3MT4f9KGOHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\qiFLgMzFChh7Login Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidiIT8d9rZTEaOT\yfIt_uZiO8nXHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\02zdBXl47cvzcookies.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\3b6N2Xdh3CYwplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\BjG4Pl6JQjVELogin Data For Account
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\D87fZN3R3jFeplaces.sqlite
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\HCvTVe1NgSBhHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\HryPooko75hJWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\HzdQqegxpmtrHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\LRJpK9SeWJhaLogin Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\LbDGYku8JXvhWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\kfeWYMIi4CWQHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\mP5yYEcjBhvBHistory
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\oDIultRrWET4Login Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\p4l2VSstkPgvCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\sHSeu0ENSSCpWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\tQJ704vN3QqzWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\usZ44QsS0xAfWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\vJdJoHZ9lhrgCookies
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\Users\user\AppData\Local\Temp\heidij9k8gMFSuoDn\xBY6fKs6BzehWeb Data
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\Users\user\AppData\Local\Temp\is-BMP08.tmp\_isetup\_shfoldr.dll
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
dropped
C:\Users\user\AppData\Local\Temp\rage131MP.tmp
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
data
dropped
C:\Users\user\Documents\SimpleAdobe\aniSiiwr9ACMsStraaf0y6pm.exe
HTML document, Non-ISO extended-ASCII text, with very long lines (17964)
dropped
C:\Users\user\Documents\SimpleAdobe\dCIjUPk4HQDvWsTSBTjdtIZC.exe
HTML document, Non-ISO extended-ASCII text, with very long lines (17964)
dropped
C:\Users\user\Documents\SimpleAdobe\rZoPW_w9AkmZC8G81vq8yNlT
Google Chrome extension, version 3
dropped
C:\Windows\Logs\StorGroupPolicy.log
data
modified
C:\Windows\SysWOW64\GroupPolicy\gpt.ini
ASCII text, with CRLF line terminators
dropped
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
RAGE Package Format (RPF),
dropped
There are 408 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\qk9TaBBxh8.exe
"C:\Users\user\Desktop\qk9TaBBxh8.exe"
 malicious
C:\Users\user\Documents\SimpleAdobe\zFe0EAtgy56yDxXht4nmozfb.exe
C:\Users\user\Documents\SimpleAdobe\zFe0EAtgy56yDxXht4nmozfb.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\EWdN3bvBjxAbF1GyzHE7_p73.exe
C:\Users\user\Documents\SimpleAdobe\EWdN3bvBjxAbF1GyzHE7_p73.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\70Leo0eE867BJ4vm1aky3Uk3.exe
C:\Users\user\Documents\SimpleAdobe\70Leo0eE867BJ4vm1aky3Uk3.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\nRGT2oA3F8V3EBSM6dmMTrGw.exe
C:\Users\user\Documents\SimpleAdobe\nRGT2oA3F8V3EBSM6dmMTrGw.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\FSYOvyvMMT80PCsMousFK1Xa.exe
C:\Users\user\Documents\SimpleAdobe\FSYOvyvMMT80PCsMousFK1Xa.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\Jsakr_KmqehdR6ptAH1OzwuM.exe
C:\Users\user\Documents\SimpleAdobe\Jsakr_KmqehdR6ptAH1OzwuM.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\eQEIduvtZVhzsp4oDFOuc1gy.exe
C:\Users\user\Documents\SimpleAdobe\eQEIduvtZVhzsp4oDFOuc1gy.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\T9n2wvLQ1PO2GfTxLTyp21hE.exe
C:\Users\user\Documents\SimpleAdobe\T9n2wvLQ1PO2GfTxLTyp21hE.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\NyiVs23yIO_0wMOj5TwwBpJ5.exe
C:\Users\user\Documents\SimpleAdobe\NyiVs23yIO_0wMOj5TwwBpJ5.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\45NBK9axc23mjqmbKvmG0NYP.exe
C:\Users\user\Documents\SimpleAdobe\45NBK9axc23mjqmbKvmG0NYP.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\tXlQ3NLbQqxBkFS_TfaDHWX4.exe
C:\Users\user\Documents\SimpleAdobe\tXlQ3NLbQqxBkFS_TfaDHWX4.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\TUBbflj40zqtNIEKWH_MWjeG.exe
C:\Users\user\Documents\SimpleAdobe\TUBbflj40zqtNIEKWH_MWjeG.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\cjlnYlPYSIAljKunxGKtil91.exe
C:\Users\user\Documents\SimpleAdobe\cjlnYlPYSIAljKunxGKtil91.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\kPBjgT9TnN00tvBCDizDiq41.exe
C:\Users\user\Documents\SimpleAdobe\kPBjgT9TnN00tvBCDizDiq41.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\bKj5ORDxbqgwdZav4hyONQmM.exe
C:\Users\user\Documents\SimpleAdobe\bKj5ORDxbqgwdZav4hyONQmM.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\ooon0i8sg2EZy1pci_ppgkth.exe
C:\Users\user\Documents\SimpleAdobe\ooon0i8sg2EZy1pci_ppgkth.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\ocI8OvNXSYwHw7Rg5l6_f8IK.exe
C:\Users\user\Documents\SimpleAdobe\ocI8OvNXSYwHw7Rg5l6_f8IK.exe
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
 malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
 malicious
C:\Windows\System32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" -s .\SZM3Yb.I -u
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\user\AppData\Local\Temp\is-7JMLT.tmp\is-P287H.tmp
"C:\Users\user\AppData\Local\Temp\is-7JMLT.tmp\is-P287H.tmp" /SL4 $20402 "C:\Users\user\Documents\SimpleAdobe\TUBbflj40zqtNIEKWH_MWjeG.exe" 3022131 52224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3108 -ip 3108
There are 30 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://sodez.ru/tmp/index.php
malicious
http://uama.com.ua/tmp/index.php
malicious
http://talesofpirates.net/tmp/index.php
malicious
http://185.172.128.23/f993692117a3fda2.phpt
unknown
https://duckduckgo.com/chrome_newtab
unknown
http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopResponseR
unknown
http://193.233.132.139/dacha/rules.exe
unknown
https://duckduckgo.com/ac/?q=
unknown
https://db-ip.com/demo/home.php?s=81.181.57.52k
unknown
https://carthewasher.net/fbdd1d2f6f7fd732cbea599f111537fe/cad54ba5b01423b1af8ec10ab5719d97.exed97.ex
unknown
https://t.me/RiseProSUPPORT_IDENTIFIER=Intel64
unknown
http://185.172.128.23/8e6d9db21fb63946/nss3.dll
unknown
https://palberryslicker.sbs/
unknown
https://papi.vk.com/pushsse/ruim
unknown
https://baldurgatez.com/
unknown
https://vk.com/doc5294803_668776833?hash=0O6PF91bZH66jRdVdr0Yhs0vV73FDPMFrSckqwaaZuH&dl=PH90vp0b08Gc
unknown
https://vk.com
unknown
https://www.instagram.com
unknown
http://185.172.128.23/8e6d9db21fb63946/freebl3.dll3Mu
unknown
http://185.172.128.23/8e6d9db21fb63946/mozglue.dll
unknown
https://st6-23.vk.com/dist/web/site_layout.20074c02.css
unknown
http://185.172.128.23/f993692117a3fda2.phpb36fd1cef167f046e714b525b44eclt-release2949fc6aa0d2f9ea88e
unknown
https://st6-23.vk.com/dist/web/page_layout.7b5800c2.js
unknown
https://aui-cdn.atlassian.com/
unknown
https://meet.crazyfigs.top/style/060.exeD
unknown
http://185.172.128.23/8e6d9db21fb63946/sqlite3.dll
unknown
http://www.innosetup.com
unknown
http://ACVC.WPF.Service.WcfT
unknown
http://193.233.132.253/lumma1504.exeH
unknown
https://st6-23.vk.com/dist/web/grip.0b3b493f.js
unknown
http://193.233.132.253/lumma1504.exe
unknown
https://baldurgatez.com/~
unknown
https://st6-23.vk.com/dist/web/polyfills.isolated.edaffb7b.js
unknown
https://ipinfo.io:443/widget/demo/81.181.57.52.
unknown
https://carthewasher.net/R
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://5.42.66.10/download/123p.exe.203/dl.php
unknown
https://t.me/RiseProSUPPORT
unknown
https://www.ecosia.org/newtab/
unknown
https://bbuseruploads.s3.amazonaws.com/8b0be658-c958-47a3-96e4-fc8e5fe7c5dc/downloads/dc50f97b-477f-
unknown
https://carthewasher.net/fbdd1d2f6f7fd732cbea599f111537fe/cad54ba5b01423b1af8ec10ab5719d97.exejd
unknown
https://triedchicken.net:80/cad54ba5b01423b1af8ec10ab5719d97.exe
unknown
https://stats.vk-portal.net
unknown
https://meet.crazyfigs.top/F
unknown
http://127.0.0.1:
unknown
http://185.172.128.23/8e6d9db21fb63946/msvcp140.dllkM-
unknown
https://ipinfo.io/
unknown
https://gigachadfanclub.org/
unknown
http://5.42.66.10/download/th/retail.phphps
unknown
https://r.mradx.net
unknown
https://baldurgatez.com/7725eaa6592c80f8124e769b4e8a07f7.exexe
unknown
https://cdn.cookielaw.org/
unknown
https://st6-23.vk.com/dist/web/unauthorized.f646a9e2.js
unknown
https://monoblocked.com/525403/setup.exexe
unknown
https://urn.to/r/sds_see
unknown
https://st6-23.vk.com/css/al/fonts_cnt.c7a76efe.css
unknown
https://static.vk.me
unknown
https://github.com/moq/moq4
unknown
https://meet.crazyfigs.top/Z
unknown
http://185.172.128.203/dl.phpL
unknown
https://t.me/irfailAt
unknown
https://st6-23.vk.com/dist/web/chunks/vkui.847cc706.js
unknown
https://palberryslicker.sbs:80/lander/File_294/setup294.exe;
unknown
https://st6-23.vk.com/dist/web/ui_common.20074c02.css
unknown
https://carthewasher.net/fbdd1d2f6f7fd732cbea599f111537fe/cad54ba5b01423b1af8ec10ab5719d97.exe
unknown
https://carthewasher.net/
unknown
https://monoblocked.com/
unknown
https://cdn.ampproject.org
unknown
https://management.core.usgovcloudapi.netGODEBUG
unknown
http://185.172.128.23/8e6d9db21fb63946/msvcp140.dll
unknown
https://monoblocked.com/525403/setup.exe
unknown
https://bitbucket.org/gs
unknown
https://db-ip.com/A
unknown
https://c.574859385.xyz/b
unknown
https://st6-23.vk.com/dist/web/css_types.1bff1a5b.js
unknown
https://www.security.us.panasonic.com
unknown
https://t.me/risepro_bot.52nia
unknown
https://vk.com:80/doc5294803_668771194?hash=7dzZFNgNMhFnf8UKhZ88SSJWzznhZJIEKWOI1nQNlbw&dl=jwd31UuZg
unknown
http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/IsAliveT
unknown
https://cdn.syndication.twimg.com
unknown
https://t.me/risepro_boteriSign
unknown
https://dev.vk.com
unknown
https://securepubads.g.doubleclick.net
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://vk.ru
unknown
https://web-security-reports.services.atlassian.com/csp-report/bb-website
unknown
https://management.core.chinacloudapi.cnchacha20poly1305:
unknown
https://palberryslicker.sbs/lander/File_294/setup294.exeS
unknown
https://steamcommunity.com/profiles/76561199673019888ve74rMozilla/5.0
unknown
https://vk.com/doc5294803_668771194?hash=7dzZFNgNMhFnf8UKhZ88SSJWzznhZJIEKWOI1nQNlbw&dl=jwd31UuZgmzf
unknown
https://d136azpfpnge1l.cloudfront.net/;
unknown
http://193.233.132.253/lumma1504.exe0
unknown
https://steamcommunity.com/profiles/76561199673019888
unknown
http://5.42.66.10/download/th/getimage16.php.php
unknown
https://st6-23.vk.com/dist/web/chunks/vkcom-kit-icons.826b9222.js
unknown
https://login.microsoftonline.us/scalar
unknown
https://connect.facebook.net
unknown
https://t.me/risepro_bot
unknown
http://5.42.66.10/download/th/retail.php16.php
unknown
http://ACVC.WPF.Service.Wcf/IOvpnProcessRunner/StopT
unknown
There are 90 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
5.42.65.50
unknown
Russian Federation
malicious
102.53.9.151
unknown
Morocco
malicious
185.172.128.23
unknown
Russian Federation
malicious
193.233.132.139
unknown
Russian Federation
34.117.186.192
unknown
United States
85.192.56.26
unknown
Russian Federation
37.221.125.202
unknown
Lithuania
18.205.93.1
unknown
United States
104.21.82.182
unknown
United States
104.26.5.15
unknown
United States
193.233.132.253
unknown
Russian Federation
87.240.132.72
unknown
Russian Federation
172.67.132.113
unknown
United States
172.67.169.146
unknown
United States
95.142.206.0
unknown
Russian Federation
95.142.206.2
unknown
Russian Federation
147.45.47.93
unknown
Russian Federation
95.142.206.1
unknown
Russian Federation
184.30.122.179
unknown
United States
104.21.63.150
unknown
United States
172.67.207.236
unknown
United States
190.12.87.61
unknown
Peru
37.27.87.155
unknown
Iran (ISLAMIC Republic Of)
185.172.128.203
unknown
Russian Federation
193.233.132.226
unknown
Russian Federation
172.67.132.207
unknown
United States
172.67.75.163
unknown
United States
172.67.180.119
unknown
United States
5.42.66.10
unknown
Russian Federation
52.216.33.65
unknown
United States
45.130.41.108
unknown
Russian Federation
There are 21 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
Exclusions_Extensions
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableAntiSpyware
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableRoutinelyTakingAction
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableBehaviorMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableOnAccessProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableScanOnRealtimeEnable
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{C3174531-87C3-4E8A-B459-F082A9BDC670}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRawWriteNotification
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RageMP131
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableAntiSpyware
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableRoutinelyTakingAction
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
Exclusions_Extensions
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableBehaviorMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableOnAccessProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableScanOnRealtimeEnable
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{F7268D09-0253-482E-9684-37327F29D4B0}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRawWriteNotification
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
C:\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
RegFilesHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
Servers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
UUID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
FirstInstallDate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
ServiceVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
PGDSE
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
ServersVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
OSCaption
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
OSArchitecture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
IsAdmin
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
AV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
PatchTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
CPU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\a839a7d7
GPU
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings
ejjnniijcjakoaghpedjpcfkoclplenf
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Owner
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
SessionHash
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Sequence
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFiles0000
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
RegFilesHash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3704
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3704
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3704
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\6028
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\6028
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\6028
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3872
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3872
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\3872
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
Inno Setup: Setup Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
Inno Setup: App Path
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
InstallLocation
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
Inno Setup: Icon Group
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
Inno Setup: User
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
QuietUninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
NoModify
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Soul Media Player_is1
NoRepair
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020420
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000001044C
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\ratvarre\NccQngn\Ybpny\EntrZC131\EntrZC131.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
a
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000004040A
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000001045A
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060428
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\ratvarre\NccQngn\Ybpny\NqborHcqngreI202_3r3n2orr5npr9r061s31n101p1269o0p\NqborHcqngreI202.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000080422
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids
Unpacker
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\ratvarre\Qbphzragf\FvzcyrNqbor\Wfnxe_XzdruqE6cgNU1BmjhZ.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
CheckSetting
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
InstalledWin32AppsRevision
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${296fb823-4948-4d16-a2af-34cf3493a5be}$$windows.data.unifiedtile.localstartvolatiletilepropertiesmap\Current
Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated
Chrome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\ratvarre\NccQngn\Ybpny\EntrZC131\EntrZC131.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\OpenWithProgids
WMP11.AssocFile.3G2
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\OpenWithProgids
WMP11.AssocFile.3GP
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\OpenWithProgids
WMP11.AssocFile.ADTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithProgids
WMP11.AssocFile.AIFF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au3\OpenWithProgids
AutoIt3Script
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithProgids
WMP11.AssocFile.AVI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids
CABFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdxml\OpenWithProgids
Microsoft.PowerShellCmdletDefinitionXML.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithProgids
CSSfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.csv\OpenWithProgids
Excel.CSV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\OpenWithProgids
ddsfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithProgids
Paint.Picture
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\OpenWithProgids
dllfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
Word.Document.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docm\OpenWithProgids
Word.DocumentMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithProgids
Word.Document.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dot\OpenWithProgids
Word.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotm\OpenWithProgids
Word.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dotx\OpenWithProgids
Word.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\OpenWithProgids
emffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
exefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\OpenWithProgids
WMP11.AssocFile.FLAC
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fon\OpenWithProgids
fonfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithProgids
giffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids
htmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithProgids
icofile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\OpenWithProgids
inffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\OpenWithProgids
inifile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\OpenWithProgids
pjpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithProgids
jpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithProgids
jpegfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jxr\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\OpenWithProgids
lnkfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithProgids
WMP11.AssocFile.m3u
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\OpenWithProgids
WMP11.AssocFile.M4A
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\OpenWithProgids
mhtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mk3d\OpenWithProgids
WMP11.AssocFile.MK3D
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\OpenWithProgids
WMP11.AssocFile.MKA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\OpenWithProgids
WMP11.AssocFile.MKV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithProgids
WMP11.AssocFile.MOV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\OpenWithProgids
WMP11.AssocFile.MP3
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithProgids
WMP11.AssocFile.MP4
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\OpenWithProgids
WMP11.AssocFile.MPEG
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\OpenWithProgids
Outlook.File.msg.15
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\OpenWithProgids
WMP11.AssocFile.M2TS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\OpenWithProgids
ocxfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odp\OpenWithProgids
PowerPoint.OpenDocumentPresentation.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ods\OpenWithProgids
Excel.OpenDocumentSpreadsheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt\OpenWithProgids
Word.OpenDocumentText.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.otf\OpenWithProgids
otffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithProgids
pngfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pot\OpenWithProgids
PowerPoint.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potm\OpenWithProgids
PowerPoint.TemplateMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.potx\OpenWithProgids
PowerPoint.Template.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppam\OpenWithProgids
PowerPoint.Addin.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsm\OpenWithProgids
PowerPoint.SlideShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppsx\OpenWithProgids
PowerPoint.SlideShow.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithProgids
PowerPoint.Show.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptm\OpenWithProgids
PowerPoint.ShowMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\OpenWithProgids
PowerPoint.Show.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1\OpenWithProgids
Microsoft.PowerShellScript.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps1xml\OpenWithProgids
Microsoft.PowerShellXMLData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd1\OpenWithProgids
Microsoft.PowerShellData.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psm1\OpenWithProgids
Microsoft.PowerShellModule.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pssc\OpenWithProgids
Microsoft.PowerShellSessionConfiguration.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\OpenWithProgids
rlefile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithProgids
WMP11.AssocFile.MIDI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithProgids
Word.RTF.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scf\OpenWithProgids
SHCmdFile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.search-ms\OpenWithProgids
SearchFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids
shtmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldm\OpenWithProgids
PowerPoint.SlideMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sldx\OpenWithProgids
PowerPoint.Slide.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithProgids
WMP11.AssocFile.AU
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\OpenWithProgids
sysfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithProgids
TIFImage.Document
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\OpenWithProgids
ttcfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\OpenWithProgids
ttffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\OpenWithProgids
WMP11.AssocFile.TTS
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithProgids
txtfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vsto\OpenWithProgids
bootstrap.vsto.1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithProgids
WMP11.AssocFile.WAV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\OpenWithProgids
WMP11.AssocFile.WAX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithProgids
wdpfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithProgids
WMP11.AssocFile.ASF
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithProgids
WMP11.AssocFile.WMA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithProgids
wmffile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithProgids
WMP11.AssocFile.WMV
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\OpenWithProgids
WMP11.AssocFile.ASX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\OpenWithProgids
WMP11.AssocFile.WPL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithProgids
WMP11.AssocFile.WVX
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlam\OpenWithProgids
Excel.AddInMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithProgids
Excel.Sheet.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsb\OpenWithProgids
Excel.SheetBinaryMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\OpenWithProgids
Excel.SheetMacroEnabled.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsx\OpenWithProgids
Excel.Sheet.12
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlt\OpenWithProgids
Excel.Template.8
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltm\OpenWithProgids
Excel.TemplateMacroEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xltx\OpenWithProgids
Excel.Template
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithProgids
xmlfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithProgids
xslfile
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\ratvarre\NccQngn\Ybpny\NqborHcqngreI202_3r3n2orr5npr9r061s31n101p1269o0p\NqborHcqngreI202.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
There are 226 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
402000
remote allocation
page execute and read and write
 malicious
454D000
trusted library allocation
page read and write
 malicious
434000
remote allocation
page execute and read and write
 malicious
1BD0000
direct allocation
page execute and read and write
 malicious
66F2000
heap
page read and write
 malicious
44AB000
trusted library allocation
page read and write
 malicious
EEA000
heap
page read and write
 malicious
1CD5000
heap
page read and write
 malicious
3760000
direct allocation
page read and write
 malicious
AE000
unkown
page read and write
 malicious
1C00000
direct allocation
page read and write
 malicious
2D27000
trusted library allocation
page read and write
 malicious
66F3000
heap
page read and write
 malicious
D12000
unkown
page readonly
 malicious
3961000
unclassified section
page read and write
 malicious
400000
remote allocation
page execute and read and write
 malicious
400000
unkown
page execute and read and write
 malicious
843000
unkown
page execute and read and write
 malicious
25E000
unkown
page read and write
 malicious
6130000
remote allocation
page read and write
C183000
unkown
page read and write
1AFF000
heap
page execute and read and write
7810000
unkown
page read and write
7FF5DF16B000
unkown
page readonly
1BF5164D000
unkown
page read and write
1D702154000
heap
page read and write
1D702154000
heap
page read and write
22634F1C000
heap
page read and write
EB0000
heap
page read and write
1D7021D0000
heap
page read and write
9F2A000
unkown
page read and write
FBD000
heap
page read and write
C000136000
direct allocation
page read and write
C000014000
direct allocation
page read and write
1F60000
heap
page read and write
6771000
heap
page read and write
38F0000
heap
page read and write
66B1000
heap
page read and write
83F0000
unkown
page read and write
1D702300000
heap
page read and write
F70000
unkown
page read and write
668C000
heap
page read and write
8AD000
unkown
page execute read
20A70620000
heap
page read and write
602000
unkown
page execute and write copy
76C5000
heap
page read and write
1D70224A000
heap
page read and write
678E000
heap
page read and write
ED6D000
unkown
page read and write
32FA000
stack
page read and write
C00003C000
direct allocation
page read and write
ED8A000
unkown
page read and write
67B7000
heap
page read and write
1BF51B13000
heap
page read and write
1D7020FA000
heap
page read and write
669B000
heap
page read and write
6771000
heap
page read and write
17B0000
direct allocation
page read and write
6798000
heap
page read and write
7FF5DF1CD000
unkown
page readonly
ADE000
unkown
page readonly
32F1000
heap
page read and write
6683000
heap
page read and write
7841000
heap
page read and write
6687000
heap
page read and write
791D000
heap
page read and write
EBB000
heap
page read and write
1D702154000
heap
page read and write
1D702148000
heap
page read and write
6683000
heap
page read and write
106FB000
stack
page read and write
67A7000
heap
page read and write
163B000
stack
page read and write
95F0000
unkown
page read and write
22634F2A000
heap
page read and write
8880000
unkown
page read and write
22634F1C000
heap
page read and write
7B60000
unkown
page readonly
EB0000
heap
page read and write
9A1000
unkown
page execute read
6798000
heap
page read and write
8880000
unkown
page read and write
96ED000
unkown
page read and write
A0A5000
unkown
page read and write
ED7A000
unkown
page read and write
76D4000
heap
page read and write
1D70244F000
heap
page read and write
C374000
unkown
page read and write
61BE000
stack
page read and write
1D70463B000
heap
page read and write
35EF000
stack
page read and write
22634F28000
heap
page read and write
7DF4E6760000
unkown
page readonly
A6FC000
unkown
page read and write
3419000
heap
page read and write
6078000
trusted library section
page read and write
F14000
heap
page read and write
7A00000
unkown
page read and write
C28000
unkown
page execute and read and write
1ED2000
heap
page read and write
141A11000
unkown
page readonly
79E0000
unkown
page readonly
7D0D000
stack
page read and write
1721B427000
heap
page read and write
6219000
heap
page read and write
356AD000
heap
page read and write
ED86000
unkown
page read and write
8B60000
unkown
page read and write
3471000
heap
page read and write
61E1000
heap
page read and write
6694000
heap
page read and write
7FF5DF4E3000
unkown
page readonly
1BF5164D000
unkown
page read and write
6694000
heap
page read and write
6770000
trusted library allocation
page read and write
42C000
unkown
page write copy
75B7000
heap
page read and write
33F0000
direct allocation
page read and write
1BF51CF6000
heap
page read and write
1D70214C000
heap
page read and write
67B4000
heap
page read and write
220F0000
heap
page read and write
18DE000
stack
page read and write
C192000
unkown
page read and write
677A000
heap
page read and write
D99000
heap
page read and write
61EA000
heap
page read and write
365D000
heap
page read and write
2F31000
heap
page read and write
6DC0000
heap
page read and write
66B7000
heap
page read and write
1D702160000
heap
page read and write
3659000
heap
page read and write
1D702154000
heap
page read and write
6580000
heap
page read and write
35676000
heap
page read and write
67A9000
heap
page read and write
1CA0000
heap
page read and write
6694000
heap
page read and write
67B9000
heap
page read and write
3471000
heap
page read and write
978C000
unkown
page read and write
7FF6359C9000
unkown
page readonly
6699000
heap
page read and write
3471000
heap
page read and write
67B5000
heap
page read and write
C000050000
direct allocation
page read and write
7FF5DF095000
unkown
page readonly
D04000
heap
page read and write
3392000
heap
page read and write
6279000
heap
page read and write
C00006E000
direct allocation
page read and write
35649000
heap
page read and write
8880000
unkown
page read and write
1A09000
unkown
page read and write
4766000
unkown
page read and write
36A7000
heap
page read and write
CE0000
direct allocation
page read and write
1C6B000
heap
page read and write
76A7000
heap
page read and write
C00007E000
direct allocation
page read and write
1E96000
heap
page read and write
F72000
heap
page read and write
22634F2A000
heap
page read and write
971C000
unkown
page read and write
6682000
heap
page read and write
739B000
unkown
page read and write
1C67000
heap
page read and write
2F31000
heap
page read and write
6799000
heap
page read and write
6218000
heap
page read and write
8880000
unkown
page read and write
194B000
heap
page read and write
364A000
heap
page read and write
7FF5DEEEB000
unkown
page readonly
1BF5163F000
heap
page read and write
11E0000
heap
page read and write
7FF5DF3F7000
unkown
page readonly
48A0000
unkown
page read and write
C000124000
direct allocation
page read and write
7FF635D27000
unkown
page write copy
AEF0000
unkown
page read and write
220EC000
heap
page read and write
1307000
heap
page read and write
14000B000
unkown
page read and write
1D702154000
heap
page read and write
355FE000
heap
page read and write
679F000
heap
page read and write
758F000
heap
page read and write
1538000
stack
page read and write
1D702112000
heap
page read and write
7FF5DF42F000
unkown
page readonly
214C000
direct allocation
page read and write
8880000
unkown
page read and write
1D701F02000
heap
page read and write
586000
heap
page read and write
37D1000
heap
page read and write
1BF51B02000
heap
page read and write
6694000
heap
page read and write
22634F2A000
heap
page read and write
7A00000
unkown
page read and write
1DB32810000
heap
page read and write
7A00000
unkown
page read and write
220F0000
heap
page read and write
67A5000
heap
page read and write
1D702704000
heap
page read and write
1200000
direct allocation
page read and write
623A000
heap
page read and write
6694000
heap
page read and write
99AB000
unkown
page read and write
6229000
heap
page read and write
66B1000
heap
page read and write
2F05000
trusted library allocation
page read and write
8880000
unkown
page read and write
220DA000
heap
page read and write
1BD4000
heap
page read and write
61F7000
heap
page read and write
1234000
unkown
page execute read
1D700069000
heap
page read and write
13DA000
heap
page read and write
22634F2A000
heap
page read and write
7A00000
unkown
page read and write
763E000
heap
page read and write
7FF5DF5F6000
unkown
page readonly
8880000
unkown
page read and write
3408000
trusted library allocation
page read and write
CF7000
stack
page read and write
67C1000
heap
page read and write
1D702263000
heap
page read and write
5F1000
remote allocation
page execute and read and write
848E000
stack
page read and write
320E000
stack
page read and write
1BD4000
heap
page read and write
1988000
heap
page read and write
1721BAA0000
remote allocation
page read and write
669B000
heap
page read and write
6798000
heap
page read and write
310A000
trusted library allocation
page execute and read and write
1D701F12000
heap
page read and write
E00000
heap
page read and write
7FF5DF519000
unkown
page readonly
32F4000
heap
page read and write
1D701F0B000
heap
page read and write
6798000
heap
page read and write
1D702122000
heap
page read and write
66A0000
heap
page read and write
76A2000
heap
page read and write
1BD4000
heap
page read and write
940D000
stack
page read and write
5B40000
heap
page read and write
E80000
heap
page read and write
3471000
heap
page read and write
9605000
unkown
page read and write
1D7021DF000
heap
page read and write
66F2000
heap
page read and write
6202000
heap
page read and write
6234000
heap
page read and write
7FF5DF169000
unkown
page readonly
83F0000
unkown
page read and write
C18A000
unkown
page read and write
6694000
heap
page read and write
C000043000
direct allocation
page read and write
794F000
heap
page read and write
67B3000
heap
page read and write
420000
unkown
page write copy
220E1000
heap
page read and write
AFFD000
stack
page read and write
1D702116000
heap
page read and write
410000
unkown
page readonly
61FA000
heap
page read and write
1C6B000
heap
page read and write
EE72000
heap
page read and write
220E6000
heap
page read and write
19DA000
heap
page read and write
56AD000
stack
page read and write
231000
unkown
page execute read
8880000
unkown
page read and write
1BF51C86000
heap
page read and write
36AA000
heap
page read and write
25C1FFC000
stack
page read and write
8AC000
unkown
page read and write
63D000
unkown
page execute and write copy
1D7021A0000
heap
page read and write
6795000
heap
page read and write
66F2000
heap
page read and write
5FAA000
trusted library section
page read and write
8880000
unkown
page read and write
22634F2A000
heap
page read and write
1D702353000
heap
page read and write
12E0000
heap
page read and write
1C261B60000
trusted library allocation
page read and write
1D702507000
heap
page read and write
63B000
unkown
page execute and write copy
1D701F02000
heap
page read and write
9B99000
stack
page read and write
7FF5DF549000
unkown
page readonly
6682000
heap
page read and write
8FE000
stack
page read and write
D04000
heap
page read and write
22634F2A000
heap
page read and write
4824000
unkown
page read and write
220F6000
heap
page read and write
364B000
heap
page read and write
C000012000
direct allocation
page read and write
67B7000
heap
page read and write
1D7021AF000
heap
page read and write
6B00000
trusted library allocation
page read and write
558000
remote allocation
page execute and read and write
2911000
heap
page read and write
3471000
heap
page read and write
32F2000
heap
page read and write
1DB32800000
direct allocation
page read and write
7FF5DF211000
unkown
page readonly
3610000
heap
page read and write
6698000
heap
page read and write
EB2000
heap
page read and write
47DC000
direct allocation
page read and write
6218000
heap
page read and write
22634F1C000
heap
page read and write
1BF5167D000
heap
page read and write
1721BA90000
trusted library allocation
page read and write
22634F28000
heap
page read and write
69B5E000
unkown
page readonly
2819E000
heap
page read and write
22634F28000
heap
page read and write
2F0B000
trusted library allocation
page read and write
66F1000
heap
page read and write
C000054000
direct allocation
page read and write
D04000
heap
page read and write
255000
unkown
page readonly
339000
unkown
page read and write
9714000
unkown
page read and write
22634F2A000
heap
page read and write
2F98000
trusted library allocation
page read and write
1D66000
heap
page read and write
335B000
unkown
page read and write
FD000
unkown
page readonly
CE0000
direct allocation
page read and write
47F3000
unkown
page read and write
66F2000
heap
page read and write
10A2000
heap
page read and write
F3A000
trusted library allocation
page execute and read and write
13BC000
heap
page read and write
8880000
unkown
page read and write
3471000
heap
page read and write
73B2000
unkown
page read and write
447000
unkown
page execute and read and write
1D7026EC000
heap
page read and write
8880000
unkown
page read and write
365E000
heap
page read and write
645000
unkown
page execute and write copy
669D000
heap
page read and write
220EA000
heap
page read and write
83F0000
unkown
page read and write
78BE000
heap
page read and write
9E9E000
stack
page read and write
7B4B000
stack
page read and write
400000
remote allocation
page execute and read and write
6780000
heap
page read and write
22634F2A000
heap
page read and write
6689000
heap
page read and write
22634F28000
heap
page read and write
1D70226D000
heap
page read and write
6791000
heap
page read and write
AD2B000
stack
page read and write
490000
unkown
page write copy
F70000
unkown
page read and write
D89000
unkown
page readonly
5D6B000
stack
page read and write
1D7026E6000
heap
page read and write
1D7020EA000
heap
page read and write
7599000
heap
page read and write
3562B000
heap
page read and write
7800000
unkown
page read and write
32CC000
stack
page read and write
6CB000
heap
page read and write
2210C000
heap
page read and write
2F31000
heap
page read and write
7A00000
unkown
page read and write
3471000
heap
page read and write
606000
unkown
page execute and write copy
346A000
heap
page read and write
13DB000
heap
page read and write
7FF5DF221000
unkown
page readonly
7C89000
stack
page read and write
2F31000
heap
page read and write
1D70226C000
heap
page read and write
7A00000
unkown
page read and write
67A8000
heap
page read and write
1D702150000
heap
page read and write
1D702353000
heap
page read and write
1D702116000
heap
page read and write
1224000
heap
page read and write
EBB000
heap
page read and write
22634F28000
heap
page read and write
7FF5DF07D000
unkown
page readonly
8880000
unkown
page read and write
EB5000
heap
page read and write
22634F1C000
heap
page read and write
6207000
heap
page read and write
37A0000
direct allocation
page read and write
66F3000
heap
page read and write
1BF51690000
heap
page read and write
22634F28000
heap
page read and write
4860000
unkown
page read and write
35694000
heap
page read and write
22634F2A000
heap
page read and write
3471000
heap
page read and write
8B60000
unkown
page read and write
1D701A00000
direct allocation
page read and write
67AF000
heap
page read and write
67A8000
heap
page read and write
1D7021A0000
heap
page read and write
1D7031A4000
heap
page read and write
1085000
heap
page read and write
66E1000
heap
page read and write
220EA000
heap
page read and write
1AC3000
trusted library allocation
page execute and read and write
2F31000
heap
page read and write
7909000
stack
page read and write
22634F2A000
heap
page read and write
1D701EF8000
heap
page read and write
761B000
heap
page read and write
1D702150000
heap
page read and write
2D0000
unkown
page readonly
608000
unkown
page execute and write copy
7FF5DF21A000
unkown
page readonly
7A00000
unkown
page read and write
87CD000
stack
page read and write
61E3000
heap
page read and write
8B60000
unkown
page read and write
6697000
heap
page read and write
1937000
heap
page read and write
6770000
trusted library allocation
page read and write
2E2000
unkown
page read and write
9F0000
heap
page read and write
EBB000
heap
page read and write
230000
unkown
page readonly
83F0000
unkown
page read and write
6694000
heap
page read and write
C000094000
direct allocation
page read and write
1D70265D000
heap
page read and write
A106000
unkown
page read and write
7A00000
unkown
page read and write
1D702150000
heap
page read and write
7FF635D19000
unkown
page read and write
BFAD000
unkown
page read and write
1C49000
heap
page read and write
C000056000
direct allocation
page read and write
677B000
heap
page read and write
8880000
unkown
page read and write
6694000
heap
page read and write
7FF654012000
unkown
page execute read
6787000
heap
page read and write
C00000C000
direct allocation
page read and write
3BA2000
heap
page read and write
7A00000
unkown
page read and write
1D702E3B000
heap
page read and write
17C4000
heap
page read and write
C1CC000
unkown
page read and write
6707000
heap
page read and write
B09E000
stack
page read and write
3471000
heap
page read and write
1D702122000
heap
page read and write
8880000
unkown
page read and write
64F8000
heap
page read and write
1D70224D000
heap
page read and write
22634F28000
heap
page read and write
1200000
direct allocation
page read and write
1D7025B2000
heap
page read and write
1D702241000
heap
page read and write
61FB000
heap
page read and write
678B000
heap
page read and write
1D702160000
heap
page read and write
7380000
unkown
page read and write
4760000
unkown
page read and write
1D61000
heap
page read and write
66AC000
heap
page read and write
132E000
heap
page read and write
83F0000
unkown
page read and write
BA76000
stack
page read and write
6788000
heap
page read and write
83F0000
unkown
page read and write
F30000
trusted library allocation
page read and write
1A30000
heap
page read and write
3664000
heap
page read and write
7499000
unkown
page read and write
75E9000
heap
page read and write
647000
unkown
page execute and write copy
8880000
unkown
page read and write
6682000
heap
page read and write
220E3000
heap
page read and write
EB0000
heap
page read and write
6780000
heap
page read and write
1DB32540000
direct allocation
page read and write
39E000
unkown
page read and write
6796000
heap
page read and write
F45000
trusted library allocation
page execute and read and write
13D8000
heap
page read and write
1D701F29000
heap
page read and write
1200000
heap
page read and write
8880000
unkown
page read and write
8880000
unkown
page read and write
159E000
heap
page read and write
2DAD000
trusted library allocation
page read and write
1D7023A2000
heap
page read and write
B120000
unkown
page readonly
1E95000
heap
page read and write
1D7021B0000
heap
page read and write
1D702148000
heap
page read and write
67A8000
heap
page read and write
1D702158000
heap
page read and write
67C8000
heap
page read and write
3950000
heap
page read and write
2F31000
heap
page read and write
1D702242000
heap
page read and write
17B0000
direct allocation
page read and write
65C0000
heap
page read and write
781E000
heap
page read and write
1D7020F4000
heap
page read and write
8B60000
unkown
page read and write
1D7020E6000
heap
page read and write
1E61000
heap
page read and write
1DB77A20000
direct allocation
page read and write
8880000
unkown
page read and write
677B000
heap
page read and write
EBB000
heap
page read and write
67B7000
heap
page read and write
1F7CD870000
heap
page read and write
BE80000
unkown
page read and write
32ED000
stack
page read and write
4B84000
trusted library allocation
page read and write
645000
unkown
page execute and write copy
1EAE000
heap
page read and write
1961000
heap
page read and write
220F0000
heap
page read and write
7FF5DF45A000
unkown
page readonly
67B7000
heap
page read and write
79E0000
unkown
page read and write
22634F28000
heap
page read and write
220EF000
heap
page read and write
D80000
direct allocation
page read and write
76BB000
heap
page read and write
8680000
unkown
page read and write
9F23000
unkown
page read and write
7FF5DEE5A000
unkown
page readonly
8B60000
unkown
page read and write
1ED1000
heap
page read and write
3471000
heap
page read and write
8880000
unkown
page read and write
4715000
direct allocation
page read and write
7FF5DF49C000
unkown
page readonly
7FF5DF3BE000
unkown
page readonly
140CAD000
unkown
page execute read
22634F1C000
heap
page read and write
1CAE000
heap
page read and write
6218000
heap
page read and write
EDA2000
unkown
page read and write
83F0000
unkown
page read and write
17C4000
heap
page read and write
3660000
heap
page read and write
1BF5163E000
heap
page read and write
401000
unkown
page execute read
17B0000
direct allocation
page read and write
400000
unkown
page execute and read and write
1D7022E1000
heap
page read and write
195B000
heap
page read and write
7FF5DEFAC000
unkown
page readonly
61EA000
heap
page read and write
96F1000
unkown
page read and write
7FF5DF343000
unkown
page readonly
677B000
heap
page read and write
3470000
heap
page read and write
7733000
heap
page read and write
2EFF000
trusted library allocation
page read and write
EB0000
heap
page read and write
220F0000
heap
page read and write
1D7021AF000
heap
page read and write
8B60000
unkown
page read and write
FAB14FF000
stack
page read and write
6B00000
trusted library allocation
page read and write
1D701A00000
direct allocation
page read and write
BF7E000
unkown
page read and write
630000
heap
page read and write
1D70220C000
heap
page read and write
22634F2A000
heap
page read and write
61E7000
heap
page read and write
141962000
unkown
page execute read
1E7B000
heap
page read and write
66B1000
heap
page read and write
7F0000
heap
page read and write
7FF5DF3AA000
unkown
page readonly
22634F2A000
heap
page read and write
6310000
heap
page execute and read and write
78FA000
heap
page read and write
13B8000
heap
page read and write
17C4000
heap
page read and write
8B60000
unkown
page read and write
C00045A000
direct allocation
page read and write
F70000
unkown
page read and write
134A000
heap
page read and write
F70000
unkown
page read and write
669B000
heap
page read and write
AEEE000
stack
page read and write
2EC0000
unkown
page readonly
8880000
unkown
page read and write
1D702140000
heap
page read and write
83F0000
unkown
page read and write
22634F1C000
heap
page read and write
1D703B50000
heap
page read and write
5980000
trusted library allocation
page read and write
B39000
unkown
page execute and read and write
8880000
unkown
page read and write
CE0000
heap
page read and write
2911000
heap
page read and write
37D1000
heap
page read and write
67A3000
heap
page read and write
1721B502000
heap
page read and write
8B60000
unkown
page read and write
3471000
heap
page read and write
1D701F42000
heap
page read and write
3306000
trusted library allocation
page read and write
63C1000
heap
page read and write
1D702104000
heap
page read and write
999000
stack
page read and write
F70000
unkown
page read and write
35621000
heap
page read and write
1D701A00000
direct allocation
page read and write
7FF5DF623000
unkown
page readonly
34EE000
stack
page read and write
454000
unkown
page readonly
140001000
unkown
page execute read
8B60000
unkown
page read and write
1BF5164F000
heap
page read and write
674000
unkown
page execute and read and write
AB8C000
stack
page read and write
901B000
stack
page read and write
60A000
unkown
page execute and write copy
C159000
unkown
page read and write
1721BC02000
trusted library allocation
page read and write
A75F000
unkown
page read and write
2F31000
heap
page read and write
6682000
heap
page read and write
2F31000
heap
page read and write
1AEA000
heap
page read and write
3770000
unclassified section
page read and write
10B3E000
stack
page read and write
C6B000
unkown
page execute and read and write
1D701F07000
heap
page read and write
7DF4E6771000
unkown
page execute read
6DD0000
trusted library allocation
page read and write
516000
unkown
page execute and write copy
3563F000
heap
page read and write
860000
heap
page read and write
8B60000
unkown
page read and write
F1E000
heap
page read and write
3471000
heap
page read and write
E48E000
stack
page read and write
1220000
heap
page read and write
10A5000
heap
page read and write
1D7020E1000
heap
page read and write
389B000
heap
page read and write
67A5000
heap
page read and write
6784000
heap
page read and write
6694000
heap
page read and write
776F000
heap
page read and write
E2D000
heap
page read and write
7602000
heap
page read and write
1B10000
heap
page read and write
1EAE000
heap
page read and write
1224000
heap
page read and write
9729000
unkown
page read and write
12EE000
heap
page read and write
7FF5DEFE2000
unkown
page readonly
3471000
heap
page read and write
2E50000
trusted library allocation
page read and write
EBB000
heap
page read and write
37A0000
direct allocation
page read and write
93E000
heap
page read and write
1D703B7A000
heap
page read and write
1D701F02000
heap
page read and write
2911000
heap
page read and write
1D70214C000
heap
page read and write
1D7026E7000
heap
page read and write
426000
unkown
page write copy
2BF1000
trusted library allocation
page read and write
C00046B000
direct allocation
page read and write
67AC000
heap
page read and write
602E000
stack
page read and write
B358000
stack
page read and write
1BD4000
heap
page read and write
1D7021F5000
heap
page read and write
1D70227F000
heap
page read and write
C69000
unkown
page execute and read and write
8590000
unkown
page readonly
9A6C000
stack
page read and write
61E1000
heap
page read and write
C57F000
unkown
page read and write
7936000
heap
page read and write
7FF635975000
unkown
page read and write
13DE000
heap
page read and write
37D1000
heap
page read and write
67D3000
heap
page read and write
66C0000
heap
page read and write
1AEE000
stack
page read and write
641000
unkown
page execute and write copy
1BF5164D000
heap
page read and write
677D000
heap
page read and write
76B1000
heap
page read and write
970000
unkown
page readonly
22634F1C000
heap
page read and write
9C000
stack
page read and write
670000
unkown
page execute and write copy
1D70214C000
heap
page read and write
6694000
heap
page read and write
678B000
heap
page read and write
66BB000
heap
page read and write
EDA2000
unkown
page read and write
1D7021D5000
heap
page read and write
7FF5DF3E4000
unkown
page readonly
69B34000
unkown
page readonly
8B60000
unkown
page read and write
8B60000
unkown
page read and write
514000
unkown
page read and write
678D000
heap
page read and write
17C4000
heap
page read and write
595E000
trusted library allocation
page read and write
1A90000
remote allocation
page read and write
889000
unkown
page execute and read and write
1C261A30000
heap
page read and write
668C000
heap
page read and write
3471000
heap
page read and write
8880000
unkown
page read and write
6B00000
trusted library allocation
page read and write
3380000
heap
page read and write
22634F1C000
heap
page read and write
1D702148000
heap
page read and write
22634F1C000
heap
page read and write
3471000
heap
page read and write
C00010A000
direct allocation
page read and write
1F7CD6A0000
heap
page read and write
669B000
heap
page read and write
7FF5DEE56000
unkown
page readonly
22634F2A000
heap
page read and write
CE0000
direct allocation
page read and write
75A8000
heap
page read and write
6770000
trusted library allocation
page read and write
8880000
unkown
page read and write
6682000
heap
page read and write
365F000
heap
page read and write
5110000
unkown
page write copy
8880000
unkown
page read and write
66F2000
heap
page read and write
22634F1C000
heap
page read and write
7FF6543E0000
unkown
page readonly
22634F1C000
heap
page read and write
7FF5DF4EC000
unkown
page readonly
C75000
stack
page read and write
1D702122000
heap
page read and write
2C5E000
trusted library allocation
page read and write
C000076000
direct allocation
page read and write
973C000
unkown
page read and write
22634F28000
heap
page read and write
67C3000
heap
page read and write
1D702104000
heap
page read and write
1BF51638000
heap
page read and write
1C261B30000
heap
page read and write
32D0000
heap
page execute and read and write
400000
unkown
page readonly
67A3000
heap
page read and write
35626000
heap
page read and write
22634F28000
heap
page read and write
5902000
heap
page read and write
2F31000
heap
page read and write
678A000
heap
page read and write
67C1000
heap
page read and write
1D702A1B000
heap
page read and write
254000
unkown
page readonly
1D701F0B000
heap
page read and write
8B60000
unkown
page read and write
678B000
heap
page read and write
66A3000
heap
page read and write
D10000
heap
page read and write
EFD000
heap
page read and write
FAB147D000
stack
page read and write
7FF5DEF87000
unkown
page readonly
9A5727E000
unkown
page readonly
797C000
heap
page read and write
61EE000
heap
page read and write
1E7F000
heap
page read and write
1C160000
trusted library allocation
page read and write
669B000
heap
page read and write
1D70232C000
heap
page read and write
584E000
stack
page read and write
60C0000
trusted library allocation
page read and write
E37000
heap
page read and write
1A30000
heap
page read and write
EF9000
heap
page read and write
1BD4000
heap
page read and write
8880000
unkown
page read and write
9716000
unkown
page read and write
8680000
unkown
page read and write
B9E0000
unkown
page read and write
BD7F000
stack
page read and write
634000
unkown
page execute and read and write
336C000
unkown
page read and write
5A30000
trusted library allocation
page read and write
7FF6359C0000
unkown
page write copy
28198000
heap
page read and write
1E80000
heap
page read and write
7D0000
heap
page read and write
7FF7A87FD000
unkown
page write copy
804000
unkown
page execute read
1D7031CB000
heap
page read and write
6678000
heap
page read and write
1D701EEF000
heap
page read and write
37A0000
direct allocation
page read and write
1225000
heap
page read and write
C00011E000
direct allocation
page read and write
1E73000
heap
page read and write
83F0000
unkown
page read and write
7A30000
unkown
page read and write
47F1000
unkown
page read and write
6205000
heap
page read and write
1D7022E1000
heap
page read and write
2900000
heap
page read and write
1224000
heap
page read and write
7FF5DF20C000
unkown
page readonly
C6D000
unkown
page execute and read and write
C000138000
direct allocation
page read and write
9700000
unkown
page read and write
9F0000
heap
page read and write
1D702122000
heap
page read and write
2E8400D0000
heap
page read and write
1721B42B000
heap
page read and write
60C0000
trusted library allocation
page read and write
20A70450000
heap
page read and write
163A000
heap
page read and write
1D70007F000
heap
page read and write
81000
unkown
page execute read
8B60000
unkown
page read and write
67D8000
heap
page read and write
C521000
unkown
page read and write
3112000
trusted library allocation
page read and write
6775000
heap
page read and write
C92000
unkown
page execute and read and write
8880000
unkown
page read and write
67D6000
heap
page read and write
1F4000
heap
page read and write
8880000
unkown
page read and write
83F0000
unkown
page read and write
3874000
heap
page read and write
678F000
heap
page read and write
6694000
heap
page read and write
643000
unkown
page execute and write copy
F00000
trusted library allocation
page read and write
66A0000
heap
page read and write
7FF5DF09B000
unkown
page readonly
356DA000
heap
page read and write
FEC4000
unkown
page read and write
83F0000
unkown
page read and write
3471000
heap
page read and write
1D70265D000
heap
page read and write
7FF5DEFB7000
unkown
page readonly
66C0000
heap
page read and write
6698000
heap
page read and write
83F0000
unkown
page read and write
66F1000
heap
page read and write
1D7023D1000
heap
page read and write
1D702150000
heap
page read and write
F70000
unkown
page read and write
C034000
unkown
page read and write
1A0A000
unkown
page readonly
5B80000
remote allocation
page read and write
6300000
heap
page read and write
73BC000
unkown
page read and write
1D702144000
heap
page read and write
8B60000
unkown
page read and write
2AB000
stack
page read and write
66D0000
trusted library allocation
page execute and read and write
9F3E000
unkown
page read and write
1D702DF4000
heap
page read and write
1D704113000
heap
page read and write
32EB000
stack
page read and write
3375000
unkown
page read and write
7A00000
unkown
page read and write
1F0000
trusted library allocation
page read and write
8880000
unkown
page read and write
1D702508000
heap
page read and write
6791000
heap
page read and write
E95000
heap
page read and write
22634F1C000
heap
page read and write
57D000
stack
page read and write
37D1000
heap
page read and write
1D7021A8000
heap
page read and write
677B000
heap
page read and write
7FF5DEFE8000
unkown
page readonly
6793000
heap
page read and write
8880000
unkown
page read and write
6218000
heap
page read and write
1D702BAB000
heap
page read and write
A757000
unkown
page read and write
9A0000
unkown
page readonly
2EB0000
unkown
page readonly
2210B000
heap
page read and write
8B60000
unkown
page read and write
7724000
heap
page read and write
EBB000
heap
page read and write
6279000
heap
page read and write
6218000
heap
page read and write
1D702150000
heap
page read and write
73E5000
unkown
page read and write
1D6C000
heap
page read and write
1D702144000
heap
page read and write
22634F1C000
heap
page read and write
8A34000
unkown
page read and write
75F8000
heap
page read and write
1D7023EB000
heap
page read and write
442000
unkown
page read and write
1D7021AC000
heap
page read and write
74E000
stack
page read and write
570000
heap
page read and write
42C000
unkown
page write copy
1D70214C000
heap
page read and write
8880000
unkown
page read and write
2F31000
heap
page read and write
22634F1C000
heap
page read and write
400000
unkown
page readonly
67CC000
heap
page read and write
17C4000
heap
page read and write
ED7C000
unkown
page read and write
1D701F3E000
heap
page read and write
1BD4000
heap
page read and write
EB5000
heap
page read and write
19EB000
heap
page read and write
7FB000
heap
page read and write
8880000
unkown
page read and write
61E4000
heap
page read and write
8B60000
unkown
page read and write
679F000
heap
page read and write
2F31000
heap
page read and write
7918000
heap
page read and write
C545000
unkown
page read and write
36A1000
heap
page read and write
7FF5DEFA6000
unkown
page readonly
7FF5DEF4B000
unkown
page readonly
35702000
heap
page read and write
3471000
heap
page read and write
22100000
heap
page read and write
6790000
heap
page read and write
678A000
heap
page read and write
6279000
heap
page read and write
1BF5163B000
heap
page read and write
76AC000
heap
page read and write
7FF5DF53F000
unkown
page readonly
7A00000
unkown
page read and write
370000
heap
page read and write
FFE000
stack
page read and write
1D70227D000
heap
page read and write
6791000
heap
page read and write
7DF4E6780000
unkown
page readonly
7FF5DF126000
unkown
page readonly
8680000
unkown
page read and write
22100000
heap
page read and write
C00006A000
direct allocation
page read and write
37D1000
heap
page read and write
1D70210A000
heap
page read and write
6793000
heap
page read and write
D50000
direct allocation
page read and write
5D2E000
stack
page read and write
83F0000
unkown
page read and write
2F8D000
stack
page read and write
8880000
unkown
page read and write
13D8000
heap
page read and write
61FA000
heap
page read and write
7A00000
unkown
page read and write
83F0000
unkown
page read and write
13D8000
heap
page read and write
C569000
unkown
page read and write
549000
unkown
page execute and read and write
1B91F000
stack
page read and write
8B60000
unkown
page read and write
400000
unkown
page readonly
74F1000
unkown
page read and write
7913000
heap
page read and write
6692000
heap
page read and write
668A000
heap
page read and write
220FE000
heap
page read and write
1DB32544000
direct allocation
page read and write
580000
heap
page read and write
52D9000
unkown
page read and write
5241000
unkown
page read and write
2F31000
heap
page read and write
49E000
unkown
page readonly
140000000
unkown
page readonly
1D7020E9000
heap
page read and write
B60A000
stack
page read and write
60C0000
trusted library allocation
page read and write
780000
heap
page read and write
1BF5164D000
heap
page read and write
1A0B000
unkown
page readonly
1AD3000
trusted library allocation
page read and write
7FF5DF3EA000
unkown
page readonly
668C000
heap
page read and write
7FF5DF3F1000
unkown
page readonly
140A0B000
unkown
page read and write
1200000
direct allocation
page read and write
1340000
unkown
page readonly
1A1BDDE0000
heap
page read and write
13D8000
heap
page read and write
78D2000
heap
page read and write
6207000
heap
page read and write
7A00000
unkown
page read and write
7FF5DF08F000
unkown
page readonly
14CE000
stack
page read and write
6795000
heap
page read and write
669B000
heap
page read and write
669A000
heap
page read and write
6784000
heap
page read and write
3471000
heap
page read and write
6790000
heap
page read and write
19EA000
heap
page read and write
1721B300000
heap
page read and write
1D701F12000
heap
page read and write
83F0000
unkown
page read and write
37A0000
direct allocation
page read and write
7A00000
unkown
page read and write
356E9000
heap
page read and write
6793000
heap
page read and write
1D70224A000
heap
page read and write
76F0000
unkown
page read and write
22634F28000
heap
page read and write
192E000
heap
page read and write
C569000
unkown
page read and write
22634F28000
heap
page read and write
3618000
heap
page read and write
7910000
unkown
page readonly
17B0000
direct allocation
page read and write
D50000
direct allocation
page read and write
1BD4000
heap
page read and write
60C0000
trusted library allocation
page read and write
365B000
heap
page read and write
8880000
unkown
page read and write
1BF51CF4000
heap
page read and write
3470000
heap
page read and write
8390000
unkown
page read and write
8B60000
unkown
page read and write
AC0D000
stack
page read and write
1D702377000
heap
page read and write
2E93000
trusted library allocation
page read and write
1E9A000
heap
page read and write
1200000
direct allocation
page read and write
63B6000
heap
page read and write
1ACE000
stack
page read and write
15C4000
heap
page read and write
ED9E000
unkown
page read and write
669A000
heap
page read and write
9F7C000
unkown
page read and write
669B000
heap
page read and write
1D7020FE000
heap
page read and write
8B60000
unkown
page read and write
1D91000
heap
page read and write
1A1BDB68000
heap
page read and write
8B60000
unkown
page read and write
1BF51C8B000
heap
page read and write
3395000
heap
page read and write
A747000
unkown
page read and write
6694000
heap
page read and write
3897000
heap
page read and write
8880000
unkown
page read and write
83F0000
unkown
page read and write
3636000
heap
page read and write
1224000
heap
page read and write
11A0000
unkown
page readonly
7DF5E896A000
unkown
page readonly
2F31000
heap
page read and write
1024000
heap
page read and write
2EB6000
trusted library allocation
page read and write
66C8000
heap
page read and write
2E50000
trusted library allocation
page read and write
66B6000
heap
page read and write
6205000
heap
page read and write
6784000
heap
page read and write
1D702148000
heap
page read and write
3471000
heap
page read and write
6207000
heap
page read and write
6205000
heap
page read and write
6269000
heap
page read and write
28D3000
heap
page read and write
678D000
heap
page read and write
6790000
heap
page read and write
1D7029B2000
heap
page read and write
1BD4000
heap
page read and write
2134000
heap
page read and write
BEDD000
stack
page read and write
FBD000
stack
page read and write
7FF5DF12A000
unkown
page readonly
FF8B000
unkown
page read and write
5E2E000
stack
page read and write
3110000
trusted library allocation
page read and write
32E0000
heap
page read and write
83F0000
unkown
page read and write
1BD4000
heap
page read and write
7FF5DF01B000
unkown
page readonly
33DC000
trusted library allocation
page read and write
511000
remote allocation
page execute and read and write
7FF5DF0D2000
unkown
page readonly
140F62000
unkown
page execute read
34C0000
unkown
page read and write
7FF5DF443000
unkown
page readonly
2F01000
trusted library allocation
page read and write
2EA000
stack
page read and write
1C10000
heap
page read and write
DCD000
unkown
page readonly
67A9000
heap
page read and write
E90000
heap
page read and write
762F000
heap
page read and write
7FF635D23000
unkown
page read and write
422000
unkown
page write copy
75B2000
heap
page read and write
1D701EF8000
heap
page read and write
8880000
unkown
page read and write
83F0000
unkown
page read and write
7FF635D1E000
unkown
page read and write
3107000
stack
page read and write
6694000
heap
page read and write
7FF5DF5B3000
unkown
page readonly
3362000
unkown
page read and write
6790000
heap
page read and write
C000022000
direct allocation
page read and write
F8A000
unkown
page read and write
7A00000
unkown
page read and write
1F7CD845000
heap
page read and write
22634F28000
heap
page read and write
1D702988000
heap
page read and write
2A3E000
stack
page read and write
61FA000
heap
page read and write
7FF5DF5A3000
unkown
page readonly
479B000
unkown
page read and write
400000
unkown
page readonly
67BF000
heap
page read and write
66B1000
heap
page read and write
6681000
heap
page read and write
C00015C000
direct allocation
page read and write
1BF51C98000
heap
page read and write
32C0000
trusted library allocation
page execute and read and write
BF90000
unkown
page read and write
636000
unkown
page execute and read and write
22634F28000
heap
page read and write
8880000
unkown
page read and write
758A000
heap
page read and write
6707000
heap
page read and write
1D70245C000
heap
page read and write
3471000
heap
page read and write
3E0000
heap
page read and write
B40000
heap
page read and write
1D702495000
heap
page read and write
C000035000
direct allocation
page read and write
D90000
remote allocation
page read and write
67CC000
heap
page read and write
198D000
heap
page read and write
1C261A50000
heap
page read and write
1BF5167E000
heap
page read and write
1E96000
heap
page read and write
1A09000
unkown
page read and write
61FE000
stack
page read and write
69B5C000
unkown
page read and write
22634F1C000
heap
page read and write
17C4000
heap
page read and write
AB0D000
stack
page read and write
6670000
heap
page read and write
1D702158000
heap
page read and write
1DB77B90000
direct allocation
page read and write
1D70227D000
heap
page read and write
67B2000
heap
page read and write
1348000
heap
page read and write
67C3000
heap
page read and write
66F1000
heap
page read and write
7FF5DF156000
unkown
page readonly
1721B440000
heap
page read and write
22634F28000
heap
page read and write
EB0000
heap
page read and write
83F0000
unkown
page read and write
67D3000
heap
page read and write
1BF51D02000
heap
page read and write
2210C000
heap
page read and write
1BF51B02000
heap
page read and write
13DE000
heap
page read and write
2911000
heap
page read and write
6771000
heap
page read and write
1D702217000
heap
page read and write
42C000
unkown
page write copy
6694000
heap
page read and write
1D70503B000
heap
page read and write
A6CF000
unkown
page read and write
C61000
unkown
page execute and read and write
7FF5DF23A000
unkown
page readonly
1D702277000
heap
page read and write
22634F1C000
heap
page read and write
1947000
heap
page read and write
C000090000
direct allocation
page read and write
7FF5DF364000
unkown
page readonly
1D22000
heap
page read and write
6796000
heap
page read and write
3682000
heap
page read and write
7FF5DEFFC000
unkown
page readonly
6B00000
trusted library allocation
page read and write
7840000
unkown
page read and write
7FF5DF21F000
unkown
page readonly
639000
unkown
page execute and write copy
BF9D000
unkown
page read and write
6687000
heap
page read and write
ED70000
unkown
page read and write
1D70224A000
heap
page read and write
17B0000
direct allocation
page read and write
34B0000
unkown
page readonly
11279000
stack
page read and write
2F31000
heap
page read and write
1D702144000
heap
page read and write
220E3000
heap
page read and write
7FF5DEFF8000
unkown
page readonly
61FA000
heap
page read and write
962B000
unkown
page read and write
9B000
stack
page read and write
7FF635701000
unkown
page execute read
66F2000
heap
page read and write
8880000
unkown
page read and write
83F0000
unkown
page read and write
1BD4000
heap
page read and write
7990000
unkown
page read and write
6687000
heap
page read and write
7FF5DF284000
unkown
page readonly
67B0000
heap
page read and write
1AC4000
trusted library allocation
page read and write
6780000
heap
page read and write
FF03000
unkown
page read and write
1E88000
heap
page read and write
1D70226D000
heap
page read and write
F70000
unkown
page read and write
1D7021B8000
heap
page read and write
1D7021B5000
heap
page read and write
CCE000
stack
page read and write
3DF000
unkown
page read and write
3471000
heap
page read and write
8880000
unkown
page read and write
1D78000
heap
page read and write
77F0000
unkown
page read and write
6205000
heap
page read and write
C354000
unkown
page read and write
D90000
remote allocation
page read and write
1929000
heap
page read and write
1D7021A8000
heap
page read and write
220FE000
heap
page read and write
7FF5DF18E000
unkown
page readonly
7870000
unkown
page read and write
1D702813000
heap
page read and write
6770000
trusted library allocation
page read and write
1D702A9D000
heap
page read and write
67CF000
heap
page read and write
400000
unkown
page readonly
1D701A00000
direct allocation
page read and write
1ED3000
heap
page read and write
59BA000
heap
page execute and read and write
EBB000
heap
page read and write
647000
unkown
page execute and write copy
1D702154000
heap
page read and write
6694000
heap
page read and write
1D702131000
heap
page read and write
6694000
heap
page read and write
2F31000
heap
page read and write
141962000
unkown
page execute read
1D702150000
heap
page read and write
165A000
heap
page read and write
1721B45D000
heap
page read and write
7A00000
unkown
page read and write
3570C000
heap
page read and write
7FF5DF191000
unkown
page readonly
E5FE000
stack
page read and write
67A8000
heap
page read and write
1D70214C000
heap
page read and write
F70000
unkown
page execute read
A072000
unkown
page read and write
77C4000
heap
page read and write
C30000
unkown
page execute and read and write
3687000
heap
page read and write
6694000
heap
page read and write
6797000
heap
page read and write
22634F2A000
heap
page read and write
8880000
unkown
page read and write
7693000
heap
page read and write
E8A000
heap
page read and write
17B0000
direct allocation
page read and write
1C67000
heap
page read and write
147E000
stack
page read and write
48D000
unkown
page write copy
1D702183000
heap
page read and write
6670000
trusted library allocation
page read and write
3672000
heap
page read and write
6209000
heap
page read and write
A0B1000
unkown
page read and write
5A6E000
stack
page read and write
9A0000
heap
page read and write
678B000
heap
page read and write
220E8000
heap
page read and write
7FF5DF537000
unkown
page readonly
D95000
unkown
page readonly
18F0000
heap
page read and write
5B80000
remote allocation
page read and write
1D70245C000
heap
page read and write
2F31000
heap
page read and write
7A00000
unkown
page read and write
8880000
unkown
page read and write
679F000
heap
page read and write
C54F000
unkown
page read and write
22100000
heap
page read and write
C298000
unkown
page read and write
7FF5DF0A5000
unkown
page readonly
3C10000
trusted library allocation
page read and write
7FF5DF361000
unkown
page readonly
71BB77E000
stack
page read and write
1D0000
heap
page read and write
294000
unkown
page readonly
E5C000
heap
page read and write
7FF5DF591000
unkown
page readonly
1D702275000
heap
page read and write
1C261C13000
heap
page read and write
32F2000
stack
page read and write
EB5000
heap
page read and write
7FF5DE9CB000
unkown
page readonly
DD8000
unkown
page readonly
7FF5DF2ED000
unkown
page readonly
7689000
heap
page read and write
7FF5DF486000
unkown
page readonly
5EF0000
trusted library section
page read and write
A6F5000
unkown
page read and write
C048000
unkown
page read and write
66B1000
heap
page read and write
6694000
heap
page read and write
7FF5DF2E2000
unkown
page readonly
67EC000
heap
page read and write
1C261C02000
heap
page read and write
22634F28000
heap
page read and write
83F0000
unkown
page read and write
317E000
stack
page read and write
33A000
unkown
page write copy
7FF7A87EA000
unkown
page readonly
7A00000
unkown
page read and write
400000
unkown
page readonly
7FF5DF5FF000
unkown
page readonly
1D73000
heap
page read and write
7A00000
unkown
page read and write
6B00000
trusted library allocation
page read and write
1D702158000
heap
page read and write
67A9000
heap
page read and write
6770000
trusted library allocation
page read and write
7FF635701000
unkown
page execute read
670000
unkown
page execute and write copy
22634F2A000
heap
page read and write
1BF5163B000
heap
page read and write
8B60000
unkown
page read and write
8B60000
unkown
page read and write
1D70214C000
heap
page read and write
1CAA000
heap
page read and write
6B00000
trusted library allocation
page read and write
C24C000
unkown
page read and write
7A00000
unkown
page read and write
77C9000
heap
page read and write
1D702122000
heap
page read and write
71BB47E000
unkown
page readonly
1D702138000
heap
page read and write
17C0000
heap
page read and write
1ED1000
heap
page read and write
1721B413000
heap
page read and write
420000
unkown
page read and write
8B60000
unkown
page read and write
1BF51CED000
heap
page read and write
2AB8000
trusted library allocation
page read and write
7FF5DEF84000
unkown
page readonly
60C0000
trusted library allocation
page read and write
73B8000
unkown
page read and write
7FF5DF59E000
unkown
page readonly
1D702154000
heap
page read and write
FF1000
unkown
page readonly
C439000
unkown
page read and write
1BF51D02000
heap
page read and write
BFAF000
unkown
page read and write
1BD4000
heap
page read and write
1BD4000
heap
page read and write
C000041000
direct allocation
page read and write
EE70000
heap
page read and write
131C000
heap
page read and write
EDA2000
unkown
page read and write
25C23FE000
stack
page read and write
5C2D000
stack
page read and write
D05000
heap
page read and write
67A8000
heap
page read and write
7594000
heap
page read and write
12FD000
stack
page read and write
37D1000
heap
page read and write
380F000
stack
page read and write
7FF5DF038000
unkown
page readonly
35671000
heap
page read and write
7FF5DF539000
unkown
page readonly
2D70000
unkown
page read and write
8B60000
unkown
page read and write
67C3000
heap
page read and write
BFAB000
unkown
page read and write
41B000
unkown
page readonly
7A00000
unkown
page read and write
66B1000
heap
page read and write
75A3000
heap
page read and write
63E000
stack
page read and write
2F31000
heap
page read and write
1D70215C000
heap
page read and write
5A40000
heap
page read and write
6698000
heap
page read and write
F70000
unkown
page read and write
5CCE000
stack
page read and write
F20000
trusted library allocation
page read and write
7FF5DEFAF000
unkown
page readonly
6218000
heap
page read and write
F70000
unkown
page read and write
677B000
heap
page read and write
6694000
heap
page read and write
22634F28000
heap
page read and write
7DC000
stack
page read and write
C000084000
direct allocation
page read and write
669B000
heap
page read and write
83F0000
unkown
page read and write
3437000
heap
page read and write
EDB6000
unkown
page read and write
2210C000
heap
page read and write
C19D000
unkown
page read and write
7FF635976000
unkown
page write copy
6C2BB7F000
stack
page read and write
1D7023EB000
heap
page read and write
3471000
heap
page read and write
6218000
heap
page read and write
22634F28000
heap
page read and write
EDB000
heap
page read and write
FF46000
unkown
page read and write
EB1000
heap
page read and write
7FF5C0B6B000
unkown
page readonly
20A70430000
heap
page read and write
83F0000
unkown
page read and write
20A70458000
heap
page read and write
6218000
heap
page read and write
220EC000
heap
page read and write
2C81000
trusted library allocation
page read and write
311B000
trusted library allocation
page execute and read and write
B1C0000
unkown
page readonly
78F0000
heap
page read and write
1940000
heap
page read and write
626A000
heap
page read and write
BFEF000
unkown
page read and write
A74C000
unkown
page read and write
401000
unkown
page execute read
7FF5DF207000
unkown
page readonly
60C0000
trusted library allocation
page read and write
6770000
heap
page read and write
220F6000
heap
page read and write
7FF5DF60D000
unkown
page readonly
3666000
heap
page read and write
22634F28000
heap
page read and write
8880000
unkown
page read and write
67B0000
heap
page read and write
1B15000
heap
page read and write
C85000
heap
page read and write
679E000
heap
page read and write
6203000
heap
page read and write
C00004E000
direct allocation
page read and write
63D000
unkown
page execute and write copy
ED7C000
unkown
page read and write
12F0000
unkown
page read and write
1D70214C000
heap
page read and write
C553000
unkown
page read and write
1D701EF1000
heap
page read and write
3480000
heap
page read and write
1D702158000
heap
page read and write
339F000
heap
page read and write
C000045000
direct allocation
page read and write
7A40000
unkown
page readonly
1C97000
heap
page read and write
8880000
unkown
page read and write
1D7020E6000
heap
page read and write
2F31000
heap
page read and write
13DB000
heap
page read and write
7760000
heap
page read and write
9E0000
unkown
page readonly
8880000
unkown
page read and write
67A0000
heap
page read and write
143B000
stack
page read and write
1D7020FB000
heap
page read and write
20A8000
direct allocation
page read and write
3A70000
direct allocation
page read and write
D04000
heap
page read and write
316000
unkown
page read and write
16B0000
heap
page read and write
22634F1C000
heap
page read and write
1D702104000
heap
page read and write
677A000
heap
page read and write
86C0000
unkown
page read and write
8880000
unkown
page read and write
6687000
heap
page read and write
7A00000
unkown
page read and write
446000
remote allocation
page execute and read and write
28186000
heap
page read and write
2D1000
unkown
page execute read
6B6F000
stack
page read and write
193C000
heap
page read and write
2911000
heap
page read and write
2210C000
heap
page read and write
BF40000
unkown
page read and write
6780000
heap
page read and write
6230000
heap
page read and write
1D7022E1000
heap
page read and write
12EA000
heap
page read and write
3471000
heap
page read and write
8880000
unkown
page read and write
73AF000
unkown
page read and write
60D000
unkown
page execute and write copy
EBC000
heap
page read and write
649000
unkown
page execute and write copy
EB5000
heap
page read and write
7A00000
unkown
page read and write
7A00000
unkown
page read and write
454000
unkown
page readonly
D60000
heap
page read and write
7A00000
unkown
page read and write
6798000
heap
page read and write
2F30000
heap
page read and write
69B4E000
unkown
page read and write
A098000
unkown
page read and write
67A8000
heap
page read and write
220FE000
heap
page read and write
1BF51C44000
heap
page read and write
59B0000
heap
page execute and read and write
3564E000
heap
page read and write
33AE000
heap
page read and write
658A000
heap
page read and write
6770000
trusted library allocation
page read and write
83F0000
unkown
page read and write
462D000
direct allocation
page readonly
1D7021DB000
heap
page read and write
6240000
heap
page read and write
6205000
heap
page read and write
6218000
heap
page read and write
77CF000
stack
page read and write
3185000
stack
page read and write
7A00000
unkown
page read and write
13DB000
heap
page read and write
1BF51C98000
heap
page read and write
1D702144000
heap
page read and write
7972000
heap
page read and write
6694000
heap
page read and write
22634F2A000
heap
page read and write
6692000
heap
page read and write
22634F1C000
heap
page read and write
6787000
heap
page read and write
1D70237D000
heap
page read and write
3677000
heap
page read and write
C54F000
unkown
page read and write
67B4000
heap
page read and write
286000
unkown
page readonly
8880000
unkown
page read and write
1D7020F4000
heap
page read and write
41F000
unkown
page readonly
668D000
heap
page read and write
83F0000
unkown
page read and write
1D702144000
heap
page read and write
669B000
heap
page read and write
500000
heap
page read and write
C553000
unkown
page read and write
1D701F42000
heap
page read and write
6F1F000
unkown
page read and write
930000
heap
page read and write
1D701F08000
heap
page read and write
9A571FE000
stack
page read and write
2920000
heap
page read and write
37A0000
direct allocation
page read and write
B010000
unkown
page read and write
C00009C000
direct allocation
page read and write
987C000
unkown
page read and write
7FF635D35000
unkown
page readonly
1DEE000
unkown
page readonly
67BF000
heap
page read and write
40A000
unkown
page write copy
37A0000
direct allocation
page read and write
8880000
unkown
page read and write
9F60000
unkown
page read and write
7FF5DF458000
unkown
page readonly
7FF5DF4A6000
unkown
page readonly
2D1000
unkown
page execute read
7FF5DF41B000
unkown
page readonly
C00001A000
direct allocation
page read and write
6279000
heap
page read and write
1D70245C000
heap
page read and write
2A7F000
stack
page read and write
22634F2A000
heap
page read and write
7FF5DEFCB000
unkown
page readonly
7611000
heap
page read and write
1C261C00000
heap
page read and write
6218000
heap
page read and write
C000372000
direct allocation
page read and write
2F27000
trusted library allocation
page read and write
668C000
heap
page read and write
3445000
heap
page read and write
8B60000
unkown
page read and write
2E4F000
stack
page read and write
1DAF000
stack
page read and write
8880000
unkown
page read and write
C24000
unkown
page execute and read and write
1B660644000
heap
page read and write
23D0000
direct allocation
page read and write
1D7022E1000
heap
page read and write
35658000
heap
page read and write
7819000
heap
page read and write
1BD4000
heap
page read and write
67A6000
heap
page read and write
6792000
heap
page read and write
1BF51678000
heap
page read and write
840000
unkown
page execute and read and write
1C261C41000
heap
page read and write
1D702138000
heap
page read and write
C42E000
unkown
page read and write
678D000
heap
page read and write
ED9E000
unkown
page read and write
880000
heap
page read and write
5BE000
unkown
page execute and read and write
2E21000
unkown
page read and write
7FF5DF606000
unkown
page readonly
6229000
heap
page read and write
7657000
heap
page read and write
279E000
unkown
page read and write
95EE000
stack
page read and write
6681000
heap
page read and write
22634F2A000
heap
page read and write
7FF5DF366000
unkown
page readonly
1D702487000
heap
page read and write
9F78000
unkown
page read and write
EB5000
heap
page read and write
4D0000
trusted library allocation
page read and write
41B000
unkown
page readonly
EB0000
heap
page read and write
6795000
heap
page read and write
22634F2A000
heap
page read and write
1D70227F000
heap
page read and write
7FF5DF1F8000
unkown
page readonly
8B60000
unkown
page read and write
1D701F02000
heap
page read and write
22634F2A000
heap
page read and write
EB5000
heap
page read and write
22634F28000
heap
page read and write
7FF5DF626000
unkown
page readonly
6792000
heap
page read and write
6797000
heap
page read and write
CE0000
direct allocation
page read and write
2956000
heap
page read and write
1D702112000
heap
page read and write
F2D000
trusted library allocation
page execute and read and write
32F2000
heap
page read and write
600000
unkown
page execute and write copy
885B000
stack
page read and write
8B60000
unkown
page read and write
22634F1C000
heap
page read and write
7A00000
unkown
page read and write
643000
unkown
page execute and write copy
6784000
heap
page read and write
6790000
heap
page read and write
9F27000
unkown
page read and write
669A000
heap
page read and write
76F2000
heap
page read and write
C000557000
direct allocation
page read and write
7930000
unkown
page readonly
22634F28000
heap
page read and write
1D702F0C000
heap
page read and write
356D5000
heap
page read and write
355F9000
heap
page read and write
42C000
unkown
page write copy
73D000
stack
page read and write
7698000
heap
page read and write
6686000
heap
page read and write
9E1E000
stack
page read and write
7FF5DF0C1000
unkown
page readonly
15D0000
heap
page read and write
1D701F0B000
heap
page read and write
5F9A67F000
stack
page read and write
2911000
heap
page read and write
1D702217000
heap
page read and write
C00047D000
direct allocation
page read and write
6694000
heap
page read and write
1D702507000
heap
page read and write
7FF5DF62C000
unkown
page readonly
3471000
heap
page read and write
2E8402D0000
heap
page read and write
C000080000
direct allocation
page read and write
DC4000
unkown
page readonly
2F11000
trusted library allocation
page read and write
1D701F0E000
heap
page read and write
792C000
heap
page read and write
69AB0000
unkown
page readonly
EDAF000
unkown
page read and write
30CE000
stack
page read and write
5DEE000
stack
page read and write
1D702138000
heap
page read and write
2EB000
stack
page read and write
1D701A40000
remote allocation
page read and write
F19000
heap
page read and write
37D1000
heap
page read and write
5B80000
remote allocation
page read and write
7FF5DF3A1000
unkown
page readonly
350000
heap
page read and write
6790000
heap
page read and write
37D1000
heap
page read and write
76E3000
heap
page read and write
1D70224D000
heap
page read and write
22634F28000
heap
page read and write
CE0000
direct allocation
page read and write
8B60000
unkown
page read and write
1D7021D0000
heap
page read and write
35699000
heap
page read and write
6796000
heap
page read and write
13DB000
heap
page read and write
220FE000
heap
page read and write
8880000
unkown
page read and write
4AC8000
trusted library allocation
page read and write
1D702160000
heap
page read and write
753F000
unkown
page read and write
1BF5163B000
heap
page read and write
7FF5DF0A2000
unkown
page readonly
1D7021B0000
heap
page read and write
1D7020FA000
heap
page read and write
ED72000
unkown
page read and write
C000462000
direct allocation
page read and write
3471000
heap
page read and write
6780000
heap
page read and write
668B000
heap
page read and write
65E0000
trusted library allocation
page read and write
8B60000
unkown
page read and write
26B000
stack
page read and write
3471000
heap
page read and write
1D701F02000
heap
page read and write
442000
unkown
page read and write
2F31000
heap
page read and write
679F000
heap
page read and write
22634F28000
heap
page read and write
D50000
unkown
page read and write
76D9000
heap
page read and write
1E9D000
heap
page read and write
1E5D000
heap
page read and write
7823000
heap
page read and write
37D1000
heap
page read and write
1190000
heap
page read and write
668D000
heap
page read and write
EDAE000
unkown
page read and write
8880000
unkown
page read and write
67BC000
heap
page read and write
71BB37E000
unkown
page readonly
669C000
heap
page read and write
6B00000
trusted library allocation
page read and write
7FF5DF551000
unkown
page readonly
7FF635979000
unkown
page write copy
37A0000
direct allocation
page read and write
1721BAA0000
remote allocation
page read and write
669C000
heap
page read and write
7FF5DF5AE000
unkown
page readonly
1BF51678000
heap
page read and write
5CEF000
stack
page read and write
1D70227F000
heap
page read and write
22104000
heap
page read and write
3661000
heap
page read and write
67A7000
heap
page read and write
3331000
trusted library allocation
page read and write
61FE000
heap
page read and write
7FF5DF452000
unkown
page readonly
17B0000
direct allocation
page read and write
7FF5DF0C9000
unkown
page readonly
18FA000
heap
page read and write
E41D000
stack
page read and write
9A0000
unkown
page readonly
6218000
heap
page read and write
18FE000
heap
page read and write
1BF5164D000
unkown
page read and write
2F31000
heap
page read and write
3460000
heap
page read and write
1340000
unkown
page readonly
2D1000
unkown
page execute read
589000
heap
page read and write
EDAE000
unkown
page read and write
36A8000
heap
page read and write
1D702144000
heap
page read and write
7FF5DEF94000
unkown
page readonly
592E000
stack
page read and write
1BF51C02000
heap
page read and write
17B0000
direct allocation
page read and write
7FF5DEE4E000
unkown
page readonly
1D7023D1000
heap
page read and write
5B6F000
stack
page read and write
7FF5DF4D5000
unkown
page readonly
2F31000
heap
page read and write
7FF5DF3FC000
unkown
page readonly
63F000
unkown
page execute and write copy
1DB32549000
direct allocation
page read and write
2911000
heap
page read and write
140CE1000
unkown
page read and write
1DB324E0000
heap
page read and write
8880000
unkown
page read and write
1AB0000
trusted library allocation
page read and write
6770000
trusted library allocation
page read and write
1D702150000
heap
page read and write
6777000
heap
page read and write
3695000
heap
page read and write
EB5000
heap
page read and write
346D000
stack
page read and write
7FF5DF36A000
unkown
page readonly
37A0000
direct allocation
page read and write
678D000
heap
page read and write
8880000
unkown
page read and write
F70000
unkown
page read and write
8B60000
unkown
page read and write
220F0000
heap
page read and write
3F0000
direct allocation
page execute and read and write
33BC000
heap
page read and write
67A8000
heap
page read and write
32F0000
heap
page read and write
327E000
stack
page read and write
3860000
heap
page read and write
B830000
unkown
page readonly
22103000
heap
page read and write
3471000
heap
page read and write
8B60000
unkown
page read and write
36AB000
heap
page read and write
5338000
trusted library allocation
page read and write
22634F1C000
heap
page read and write
9A5747E000
unkown
page readonly
22634F28000
heap
page read and write
75AD000
heap
page read and write
192000
stack
page read and write
6781000
heap
page read and write
9D9F000
stack
page read and write
1925000
heap
page read and write
17C4000
heap
page read and write
22103000
heap
page read and write
EBB000
heap
page read and write
C13D000
unkown
page read and write
1DB327B0000
direct allocation
page read and write
A6F8000
unkown
page read and write
668D000
heap
page read and write
2E4C000
trusted library allocation
page read and write
6770000
trusted library allocation
page read and write
914B000
stack
page read and write
2F31000
heap
page read and write
1D702241000
heap
page read and write
97B5000
unkown
page read and write
7FF5DF4E7000
unkown
page readonly
231000
unkown
page execute read
2F41000
heap
page read and write
3549A000
heap
page read and write
7FF6538E0000
unkown
page readonly
ED74000
unkown
page read and write
636000
unkown
page read and write
669C000
heap
page read and write
C00004A000
direct allocation
page read and write
61EA000
heap
page read and write
7FF5DEF57000
unkown
page readonly
C67000
unkown
page execute and read and write
670F000
heap
page read and write
3394000
unkown
page read and write
36A7000
heap
page read and write
669B000
heap
page read and write
F0D000
trusted library allocation
page execute and read and write
2F07000
trusted library allocation
page read and write
83B0000
unkown
page readonly
1D702112000
heap
page read and write
A6EA000
unkown
page read and write
66F3000
heap
page read and write
1224000
heap
page read and write
83F0000
unkown
page read and write
8880000
unkown
page read and write
7FF5DF380000
unkown
page readonly
C00008C000
direct allocation
page read and write
1A1BDB60000
heap
page read and write
A104000
unkown
page read and write
1BF5164D000
heap
page read and write
AB5000
unkown
page readonly
83F0000
unkown
page read and write
8880000
unkown
page read and write
6218000
heap
page read and write
6510000
heap
page read and write
669A000
heap
page read and write
7FF5DF422000
unkown
page readonly
D00000
heap
page read and write
ED86000
unkown
page read and write
AE5000
unkown
page readonly
7399000
unkown
page read and write
3639000
heap
page read and write
7607000
heap
page read and write
78FF000
heap
page read and write
3471000
heap
page read and write
1D7020E9000
heap
page read and write
6229000
heap
page read and write
1BF51CF2000
heap
page read and write
1D702158000
heap
page read and write
2DAB000
heap
page read and write
190000
heap
page read and write
668C000
heap
page read and write
294000
unkown
page readonly
1200000
direct allocation
page read and write
1BF51B13000
heap
page read and write
2F31000
heap
page read and write
1D70214C000
heap
page read and write
6690000
heap
page read and write
368E000
heap
page read and write
BF10000
unkown
page readonly
2E282000
heap
page read and write
2911000
heap
page read and write
67B2000
heap
page read and write
41F000
unkown
page readonly
16B5000
heap
page read and write
1D702125000
heap
page read and write
3640000
heap
page read and write
10DFD000
stack
page read and write
C000086000
direct allocation
page read and write
2F31000
heap
page read and write
FB0000
heap
page read and write
22634F1C000
heap
page read and write
22634F28000
heap
page read and write
140000000
unkown
page readonly
AEB000
stack
page read and write
BF84000
unkown
page read and write
63D000
stack
page read and write
220FE000
heap
page read and write
8880000
unkown
page read and write
412000
unkown
page execute and read and write
13DE000
heap
page read and write
D04000
heap
page read and write
3308000
trusted library allocation
page read and write
8B60000
unkown
page read and write
1D702160000
heap
page read and write
336F000
unkown
page read and write
8880000
unkown
page read and write
D50000
direct allocation
page read and write
22634F2A000
heap
page read and write
140CE7000
unkown
page execute read
6780000
heap
page read and write
6CDB000
unkown
page read and write
1F0000
heap
page read and write
66F2000
heap
page read and write
C2A000
unkown
page execute and read and write
C000128000
direct allocation
page read and write
130BD000
stack
page read and write
D89000
unkown
page readonly
67CE000
heap
page read and write
6670000
trusted library allocation
page read and write
22634F1C000
heap
page read and write
6699000
heap
page read and write
1DB77A60000
direct allocation
page read and write
426000
unkown
page write copy
1724000
unkown
page readonly
6218000
heap
page read and write
8680000
unkown
page read and write
6682000
heap
page read and write
1BF5164D000
unkown
page read and write
1DB324F0000
heap
page read and write
7DF4E67A1000
unkown
page execute read
69B51000
unkown
page read and write
7DF4E6781000
unkown
page execute read
83F0000
unkown
page read and write
9F92000
unkown
page read and write
66BB000
heap
page read and write
1D70227F000
heap
page read and write
3349000
unkown
page read and write
B45A000
stack
page read and write
1ACD000
trusted library allocation
page execute and read and write
37A0000
direct allocation
page read and write
1721B400000
heap
page read and write
6229000
heap
page read and write
1D70214C000
heap
page read and write
A08A000
unkown
page read and write
7FF5DF571000
unkown
page readonly
C42D000
unkown
page read and write
6798000
heap
page read and write
1D702356000
heap
page read and write
5BA000
stack
page read and write
6218000
heap
page read and write
22634F28000
heap
page read and write
1590000
heap
page read and write
16A0000
heap
page read and write
61EF000
heap
page read and write
7FF5DF48B000
unkown
page readonly
6781000
heap
page read and write
182F000
stack
page read and write
12AE000
stack
page read and write
F70000
unkown
page read and write
83F0000
unkown
page read and write
7FF5DF5B5000
unkown
page readonly
D4E000
stack
page read and write
950C000
stack
page read and write
1200000
direct allocation
page read and write
6422000
heap
page read and write
1D701F0B000
heap
page read and write
67B9000
heap
page read and write
69AB1000
unkown
page execute read
75DA000
heap
page read and write
7738000
heap
page read and write
6793000
heap
page read and write
33C0000
unkown
page readonly
1D702487000
heap
page read and write
1BF51C86000
heap
page read and write
909A000
stack
page read and write
C00044A000
direct allocation
page read and write
7FF5DF3F5000
unkown
page readonly
6320000
trusted library section
page read and write
7FF5DF5E9000
unkown
page readonly
F70000
unkown
page read and write
1D70298F000
heap
page read and write
7FF5DF54D000
unkown
page readonly
22634F1C000
heap
page read and write
7FF5DF388000
unkown
page readonly
33A9000
trusted library allocation
page read and write
C545000
unkown
page read and write
37A0000
direct allocation
page read and write
E7F000
stack
page read and write
96F5000
unkown
page read and write
3471000
heap
page read and write
C00045E000
direct allocation
page read and write
342B0000
trusted library allocation
page read and write
354F000
stack
page read and write
2F31000
heap
page read and write
1D701EF8000
heap
page read and write
2911000
heap
page read and write
7FF5DF3DF000
unkown
page readonly
C187000
unkown
page read and write
1BD4000
heap
page read and write
22104000
heap
page read and write
6795000
heap
page read and write
1D70215C000
heap
page read and write
1C261C2B000
heap
page read and write
2141000
heap
page read and write
1BD4000
heap
page read and write
8B60000
unkown
page read and write
6771000
heap
page read and write
8B60000
unkown
page read and write
22634F1C000
heap
page read and write
2C02000
trusted library allocation
page read and write
6694000
heap
page read and write
1BF51693000
heap
page read and write
F47000
trusted library allocation
page execute and read and write
34F8A000
heap
page read and write
7A00000
unkown
page read and write
1E67000
heap
page read and write
67A0000
heap
page read and write
32F5000
heap
page read and write
1D702487000
heap
page read and write
C1C4000
unkown
page read and write
668D000
heap
page read and write
ED9E000
unkown
page read and write
E58F000
stack
page read and write
2F0000
unkown
page execute and read and write
5C6E000
stack
page read and write
17C4000
heap
page read and write
9F51000
unkown
page read and write
1224000
heap
page read and write
66A6000
heap
page read and write
626A000
heap
page read and write
66B2000
heap
page read and write
220FE000
heap
page read and write
13D8000
heap
page read and write
1D7021C8000
heap
page read and write
2E8401B8000
heap
page read and write
7684000
heap
page read and write
1D70211A000
heap
page read and write
2E288000
heap
page read and write
771F000
heap
page read and write
3B60000
remote allocation
page read and write
7616000
heap
page read and write
C000096000
direct allocation
page read and write
6B00000
trusted library allocation
page read and write
D70000
heap
page read and write
35635000
heap
page read and write
60A000
unkown
page execute and write copy
61F0000
heap
page read and write
356B2000
heap
page read and write
1321000
heap
page read and write
48E0000
unkown
page read and write
1AF0000
heap
page read and write
1D702116000
heap
page read and write
2F9000
unkown
page readonly
18DF000
stack
page read and write
2F57000
trusted library allocation
page read and write
3743000
heap
page read and write
66AD000
heap
page read and write
C528000
unkown
page read and write
1332000
heap
page read and write
C1C000
unkown
page execute and read and write
1D703099000
heap
page read and write
668C000
heap
page read and write
6786000
heap
page read and write
67A8000
heap
page read and write
364E000
heap
page read and write
3565D000
heap
page read and write
FAE000
stack
page read and write
6772000
heap
page read and write
35680000
heap
page read and write
5FE000
unkown
page execute and write copy
67C9000
heap
page read and write
42C000
unkown
page write copy
22634F2A000
heap
page read and write
5970000
trusted library allocation
page read and write
6C2BA7D000
stack
page read and write
6205000
heap
page read and write
1C061000
heap
page read and write
22634F1A000
heap
page read and write
1656000
heap
page read and write
3471000
heap
page read and write
2E8402B0000
heap
page read and write
77F000
stack
page read and write
9C9E000
stack
page read and write
6420000
heap
page read and write
7FF5DEE43000
unkown
page readonly
6790000
heap
page read and write
2F31000
heap
page read and write
C0000E8000
direct allocation
page read and write
400000
unkown
page readonly
7FF6359C9000
unkown
page readonly
1D702150000
heap
page read and write
7A00000
unkown
page read and write
1D7023D1000
heap
page read and write
7904000
heap
page read and write
1BF5163C000
unkown
page read and write
6794000
heap
page read and write
9FA0000
unkown
page read and write
5482000
heap
page read and write
7634000
heap
page read and write
9F63000
unkown
page read and write
6798000
heap
page read and write
6699000
heap
page read and write
C000072000
direct allocation
page read and write
3471000
heap
page read and write
6694000
heap
page read and write
67B9000
heap
page read and write
220E3000
heap
page read and write
7FF5DF017000
unkown
page readonly
71BAF9C000
stack
page read and write
3300000
trusted library allocation
page read and write
3650000
direct allocation
page execute and read and write
1D702487000
heap
page read and write
1D7021C8000
heap
page read and write
79B3000
heap
page read and write
1D7023D1000
heap
page read and write
7954000
heap
page read and write
6688000
heap
page read and write
8B70000
unkown
page read and write
67B8000
heap
page read and write
668B000
heap
page read and write
1200000
direct allocation
page read and write
10B7E000
stack
page read and write
32F4000
heap
page read and write
1D702508000
heap
page read and write
1224000
heap
page read and write
2890000
unkown
page readonly
6218000
heap
page read and write
33BA000
heap
page read and write
2D0000
unkown
page readonly
163E000
heap
page read and write
2F0000
unkown
page execute and read and write
3471000
heap
page read and write
1DB327B3000
direct allocation
page read and write
7FF635D23000
unkown
page write copy
5CD0000
trusted library allocation
page execute and read and write
6699000
heap
page read and write
2BD4000
trusted library allocation
page read and write
5630000
trusted library allocation
page read and write
E0AB000
stack
page read and write
1D7021D0000
heap
page read and write
1200000
direct allocation
page read and write
1D70213F000
heap
page read and write
8400000
heap
page read and write
1D701EE7000
heap
page read and write
1BD4000
heap
page read and write
6790000
heap
page read and write
7FF5DF507000
unkown
page readonly
EB0000
heap
page read and write
73A3000
unkown
page read and write
7832000
heap
page read and write
75EE000
heap
page read and write
7FF5DF4AB000
unkown
page readonly
83D0000
unkown
page read and write
7A00000
unkown
page read and write
B11D000
stack
page read and write
1366000
heap
page read and write
1D701EEF000
heap
page read and write
1D701A00000
direct allocation
page read and write
7620000
heap
page read and write
BF98000
unkown
page read and write
C000474000
direct allocation
page read and write
22634F28000
heap
page read and write
17C4000
heap
page read and write
285000
unkown
page execute read
8880000
unkown
page read and write
BF82000
unkown
page read and write
1790000
heap
page read and write
EE7000
heap
page read and write
2210B000
heap
page read and write
2911000
heap
page read and write
C00046D000
direct allocation
page read and write
22634F1C000
heap
page read and write
7A00000
unkown
page read and write
6219000
heap
page read and write
6C0000
heap
page read and write
7FF5DF4F3000
unkown
page readonly
220FE000
heap
page read and write
1313E000
stack
page read and write
67B2000
heap
page read and write
870000
heap
page read and write
47D9000
unkown
page read and write
1362000
unkown
page readonly
E62000
heap
page read and write
76CF000
heap
page read and write
61F4000
heap
page read and write
4750000
unkown
page read and write
679C000
heap
page read and write
71BBA7E000
unkown
page readonly
1B2E000
stack
page read and write
1780000
heap
page read and write
BFA3000
unkown
page read and write
A4000
unkown
page readonly
D04000
heap
page read and write
2BF0000
heap
page read and write
5CE0000
trusted library allocation
page read and write
22634F1A000
heap
page read and write
132B000
heap
page read and write
6B00000
trusted library allocation
page read and write
6DE000
heap
page read and write
7A00000
unkown
page read and write
5F9A3AD000
stack
page read and write
6671000
heap
page read and write
C5F000
unkown
page execute and read and write
7FF5DF2BA000
unkown
page readonly
22634F1C000
heap
page read and write
75FD000
heap
page read and write
95DF000
stack
page read and write
67A9000
heap
page read and write
F6F000
unkown
page read and write
22634F28000
heap
page read and write
F60000
trusted library allocation
page read and write
8B60000
unkown
page read and write
2F20000
heap
page read and write
1A0B000
unkown
page readonly
7FF5DF2FE000
unkown
page readonly
6423000
heap
page read and write
58ED000
stack
page read and write
6799000
heap
page read and write
1E9F000
stack
page read and write
1BF51B02000
heap
page read and write
1200000
direct allocation
page read and write
D0E000
stack
page read and write
F70000
unkown
page read and write
6694000
heap
page read and write
54CE000
stack
page read and write
8C29000
stack
page read and write
1D702218000
heap
page read and write
22634F2A000
heap
page read and write
1D70226C000
heap
page read and write
7FF5DF45C000
unkown
page readonly
6681000
heap
page read and write
1BF5164F000
heap
page read and write
3560D000
heap
page read and write
19C2000
heap
page read and write
2AD000
stack
page read and write
61E0000
heap
page read and write
1D70237D000
heap
page read and write
22634F2A000
heap
page read and write
7FF5DF47E000
unkown
page readonly
3662000
heap
page read and write
66B1000
heap
page read and write
19EB000
heap
page read and write
7585000
heap
page read and write
1D701EF8000
heap
page read and write
8B60000
unkown
page read and write
668C000
heap
page read and write
1F0000
heap
page read and write
7830000
unkown
page read and write
66B1000
heap
page read and write
980000
unkown
page readonly
1ED1000
heap
page read and write
8880000
unkown
page read and write
6130000
remote allocation
page read and write
C39F000
unkown
page read and write
401000
unkown
page execute read
22634F2A000
heap
page read and write
794A000
heap
page read and write
1D7021B5000
heap
page read and write
7A00000
unkown
page read and write
C00015E000
direct allocation
page read and write
790E000
heap
page read and write
C000016000
direct allocation
page read and write
1D702ACD000
heap
page read and write
8880000
unkown
page read and write
7FF6359C5000
unkown
page write copy
3860000
heap
page read and write
13D9000
heap
page read and write
782D000
heap
page read and write
8880000
unkown
page read and write
6683000
heap
page read and write
6688000
heap
page read and write
8880000
unkown
page read and write
28184000
heap
page read and write
AD38000
unkown
page read and write
1D701F12000
heap
page read and write
37A0000
direct allocation
page read and write
22634F28000
heap
page read and write
6796000
heap
page read and write
8B60000
unkown
page read and write
AED000
stack
page read and write
3471000
heap
page read and write
B37000
unkown
page read and write
1D703599000
heap
page read and write
1DB77AA0000
direct allocation
page read and write
C000010000
direct allocation
page read and write
35653000
heap
page read and write
25C27FE000
stack
page read and write
3648000
heap
page read and write
1BF5164D000
heap
page read and write
1D702828000
heap
page read and write
4501000
direct allocation
page execute read
D04000
heap
page read and write
66C2000
heap
page read and write
EF0000
trusted library allocation
page read and write
C000047000
direct allocation
page read and write
67B7000
heap
page read and write
1D7027F3000
heap
page read and write
67B9000
heap
page read and write
6279000
heap
page read and write
8E5000
heap
page read and write
6791000
heap
page read and write
6269000
heap
page read and write
9A570FE000
stack
page read and write
7FF5DF0CC000
unkown
page readonly
356A8000
heap
page read and write
2A7F000
stack
page read and write
FA000
unkown
page execute and read and write
2D0000
unkown
page readonly
6207000
heap
page read and write
83F0000
unkown
page read and write
669B000
heap
page read and write
22634F2A000
heap
page read and write
1B14000
heap
page read and write
1D702148000
heap
page read and write
2F31000
heap
page read and write
2818C000
heap
page read and write
1BF51C02000
heap
page read and write
83F0000
unkown
page read and write
22634F28000
heap
page read and write
5C8E000
stack
page read and write
79E000
unkown
page execute and read and write
22103000
heap
page read and write
364A000
heap
page read and write
ED8A000
unkown
page read and write
1D702148000
heap
page read and write
32CE000
stack
page read and write
9B1D000
stack
page read and write
F70000
unkown
page read and write
83E0000
unkown
page read and write
33B4000
trusted library allocation
page read and write
7747000
heap
page read and write
EE7A000
heap
page read and write
1D701A00000
direct allocation
page read and write
1D702138000
heap
page read and write
1BF51C9A000
heap
page read and write
79F000
unkown
page execute and write copy
1D70212F000
heap
page read and write
6791000
heap
page read and write
67A5000
heap
page read and write
3660000
heap
page read and write
61EA000
heap
page read and write
377E000
stack
page read and write
76F7000
heap
page read and write
5C1000
unkown
page execute and write copy
140009000
unkown
page readonly
6791000
heap
page read and write
61E3000
heap
page read and write
67B4000
heap
page read and write
2911000
heap
page read and write
7FF5DF5B0000
unkown
page readonly
1DB77B90000
direct allocation
page read and write
2F31000
heap
page read and write
2F31000
heap
page read and write
32DC000
stack
page read and write
677B000
heap
page read and write
63B0000
heap
page read and write
1BF51C02000
heap
page read and write
639000
unkown
page execute and write copy
F70000
unkown
page read and write
220FE000
heap
page read and write
CE0000
direct allocation
page read and write
19EB000
heap
page read and write
C000458000
direct allocation
page read and write
1D702122000
heap
page read and write
1979000
heap
page read and write
78E6000
heap
page read and write
1A7E000
stack
page read and write
3740000
direct allocation
page read and write
F70000
unkown
page read and write
44B000
unkown
page write copy
2E840340000
heap
page read and write
776A000
heap
page read and write
382A000
trusted library allocation
page read and write
3567B000
heap
page read and write
1E92000
heap
page read and write
74F8000
heap
page read and write
C000008000
direct allocation
page read and write
C00000A000
direct allocation
page read and write
28D0000
heap
page read and write
7FF5DF067000
unkown
page readonly
61F7000
heap
page read and write
7A00000
unkown
page read and write
7FF5DF06F000
unkown
page readonly
2911000
heap
page read and write
33AA000
heap
page read and write
1BF5168E000
heap
page read and write
7FF7A880E000
unkown
page readonly
A757000
unkown
page read and write
7FF5DF089000
unkown
page readonly
6791000
heap
page read and write
2910000
heap
page read and write
22634F2A000
heap
page read and write
B9F0000
unkown
page read and write
6218000
heap
page read and write
1D701EE7000
heap
page read and write
427000
unkown
page readonly
7FF5DE9C3000
unkown
page readonly
7706000
heap
page read and write
3290000
unkown
page readonly
8B60000
unkown
page read and write
1D70219B000
heap
page read and write
7FF5DF5BE000
unkown
page readonly
1AEE000
heap
page read and write
6681000
heap
page read and write
61FA000
heap
page read and write
364E000
heap
page read and write
EB0000
heap
page read and write
7FF5DF50F000
unkown
page readonly
83F0000
unkown
page read and write
C00008E000
direct allocation
page read and write
22634F1C000
heap
page read and write
1BD4000
heap
page read and write
1D7021A0000
heap
page read and write
67DD000
heap
page read and write
35667000
heap
page read and write
3386000
heap
page read and write
61EE000
heap
page read and write
6205000
heap
page read and write
6781000
heap
page read and write
1D7021A0000
heap
page read and write
1E8B000
heap
page read and write
EB0000
heap
page read and write
66F2000
heap
page read and write
FFC4000
unkown
page read and write
1D70219B000
heap
page read and write
1200000
direct allocation
page read and write
6770000
trusted library allocation
page read and write
A690000
unkown
page read and write
637000
unkown
page execute and write copy
9A56DFC000
stack
page read and write
C0000AC000
direct allocation
page read and write
2E8401B0000
heap
page read and write
6694000
heap
page read and write
1721B600000
heap
page read and write
9C000
stack
page read and write
426000
unkown
page write copy
8880000
unkown
page read and write
EB5000
heap
page read and write
E48000
heap
page read and write
3471000
heap
page read and write
7FF5C0B65000
unkown
page readonly
2F31000
heap
page read and write
1D702148000
heap
page read and write
93A000
heap
page read and write
3356000
unkown
page read and write
1DB32510000
heap
page read and write
668C000
heap
page read and write
8880000
unkown
page read and write
1D7027F2000
heap
page read and write
66F2000
heap
page read and write
83F0000
unkown
page read and write
EB5000
heap
page read and write
8880000
unkown
page read and write
37D1000
heap
page read and write
1D7021A5000
heap
page read and write
7FF5DE5CC000
unkown
page readonly
1D70212D000
heap
page read and write
7FF635970000
unkown
page write copy
6279000
heap
page read and write
83F0000
unkown
page read and write
7ACE000
stack
page read and write
D90000
remote allocation
page read and write
1D702144000
heap
page read and write
7828000
heap
page read and write
677D000
heap
page read and write
6687000
heap
page read and write
1D7031AB000
heap
page read and write
41B000
unkown
page readonly
67BB000
heap
page read and write
6694000
heap
page read and write
F28000
stack
page read and write
1D701A40000
remote allocation
page read and write
3471000
heap
page read and write
66A0000
heap
page read and write
1D702144000
heap
page read and write
2F31000
heap
page read and write
F70000
unkown
page read and write
ED40000
unkown
page read and write
66F3000
heap
page read and write
6687000
heap
page read and write
28182000
heap
page read and write
3569E000
heap
page read and write
D50000
heap
page read and write
1D702154000
heap
page read and write
1D702257000
heap
page read and write
22634F28000
heap
page read and write
13DB000
heap
page read and write
1BF5163B000
heap
page read and write
1D702872000
heap
page read and write
1D7020F4000
heap
page read and write
7FF5DF577000
unkown
page readonly
32D0000
stack
page read and write
D04000
heap
page read and write
7FF5DF4F7000
unkown
page readonly
54B0000
heap
page read and write
A90000
heap
page read and write
1D7026EB000
heap
page read and write
11D0000
heap
page read and write
1BF5163B000
heap
page read and write
C000118000
direct allocation
page read and write
1BF51CF2000
heap
page read and write
7FF635700000
unkown
page readonly
2078000
direct allocation
page read and write
1D701EF8000
heap
page read and write
61EA000
heap
page read and write
1BD4000
heap
page read and write
8B60000
unkown
page read and write
2F0D000
trusted library allocation
page read and write
10CF000
heap
page read and write
22634F28000
heap
page read and write
22634F2A000
heap
page read and write
AF7E000
stack
page read and write
1F1C000
heap
page read and write
2911000
heap
page read and write
22634F1C000
heap
page read and write
8B60000
unkown
page read and write
1195000
heap
page read and write
22634F2A000
heap
page read and write
1D7023E9000
heap
page read and write
5A2F000
stack
page read and write
7A00000
unkown
page read and write
DFE000
stack
page read and write
7A00000
unkown
page read and write
13DE000
heap
page read and write
5EAE000
stack
page read and write
1D7024C0000
heap
page read and write
1D702160000
heap
page read and write
220F0000
heap
page read and write
670A000
heap
page read and write
363E000
heap
page read and write
6771000
heap
page read and write
83F0000
unkown
page read and write
28B0000
heap
page read and write
608000
unkown
page execute and write copy
5A9C000
stack
page read and write
61F7000
heap
page read and write
A0F7000
unkown
page read and write
669A000
heap
page read and write
67A8000
heap
page read and write
830F000
stack
page read and write
61E3000
heap
page read and write
61EE000
heap
page read and write
22634F2A000
heap
page read and write
73B4000
unkown
page read and write
27E0000
heap
page read and write
220F0000
heap
page read and write
6795000
heap
page read and write
EB0000
heap
page read and write
1D7022E1000
heap
page read and write
1BF51678000
heap
page read and write
668B000
heap
page read and write
1EAE000
heap
page read and write
83F0000
unkown
page read and write
678B000
heap
page read and write
6694000
heap
page read and write
98AD000
unkown
page read and write
C26000
unkown
page execute and read and write
1D7023D1000
heap
page read and write
66F1000
heap
page read and write
BF8C000
unkown
page read and write
220F0000
heap
page read and write
3651000
heap
page read and write
6795000
heap
page read and write
67BD000
heap
page read and write
13DE000
heap
page read and write
35644000
heap
page read and write
ACAE000
stack
page read and write
1BF51B02000
heap
page read and write
3659000
heap
page read and write
220EC000
heap
page read and write
358E000
stack
page read and write
1D701EFF000
heap
page read and write
32F1000
heap
page read and write
1D7020FC000
heap
page read and write
13DE000
heap
page read and write
2F31000
heap
page read and write
1D7023A2000
heap
page read and write
1D7021A0000
heap
page read and write
83F0000
unkown
page read and write
3364000
unkown
page read and write
BFB3000
unkown
page read and write
3471000
heap
page read and write
1337000
heap
page read and write
1D702487000
heap
page read and write
66D1000
heap
page read and write
8B60000
unkown
page read and write
1D7021A0000
heap
page read and write
C00001E000
direct allocation
page read and write
F36000
trusted library allocation
page execute and read and write
66F1000
heap
page read and write
7FF6359C2000
unkown
page read and write
6218000
heap
page read and write
47B6000
unkown
page read and write
6796000
heap
page read and write
1D7024C0000
heap
page read and write
3EE000
stack
page read and write
2F31000
heap
page read and write
1D702707000
heap
page read and write
32FE000
heap
page read and write
6201000
heap
page read and write
8880000
unkown
page read and write
6698000
heap
page read and write
25C25FD000
stack
page read and write
1B0000
heap
page read and write
7FF6359C7000
unkown
page read and write
86A0000
unkown
page read and write
6782000
heap
page read and write
6685000
heap
page read and write
C000000000
direct allocation
page read and write
60C0000
trusted library allocation
page read and write
7FF5DF28E000
unkown
page readonly
1D7027FE000
heap
page read and write
75CB000
heap
page read and write
27DF000
unkown
page read and write
15690000
heap
page read and write
2FA0000
trusted library allocation
page read and write
1D701EFD000
heap
page read and write
67A5000
heap
page read and write
6681000
heap
page read and write
A74C000
unkown
page read and write
47EC000
unkown
page read and write
1AF7000
heap
page read and write
22634F2A000
heap
page read and write
1DB32588000
heap
page read and write
22634F1C000
heap
page read and write
67D7000
heap
page read and write
ADC0000
unkown
page readonly
22634F2A000
heap
page read and write
83F0000
unkown
page read and write
304000
unkown
page write copy
1D702112000
heap
page read and write
67AF000
heap
page read and write
1D703C0D000
heap
page read and write
637000
unkown
page execute and write copy
22634F28000
heap
page read and write
64B000
unkown
page execute and write copy
970C000
unkown
page read and write
8B60000
unkown
page read and write
83F0000
unkown
page read and write
6790000
heap
page read and write
1D701EFD000
heap
page read and write
1959000
heap
page read and write
22634F1C000
heap
page read and write
3811000
trusted library allocation
page read and write
254000
unkown
page readonly
F70000
unkown
page read and write
67A0000
heap
page read and write
7860000
unkown
page read and write
677A000
heap
page read and write
2E50000
trusted library allocation
page read and write
1065000
heap
page read and write
6205000
heap
page read and write
73A7000
unkown
page read and write
7FF5DF429000
unkown
page readonly
6683000
heap
page read and write
44D000
unkown
page execute and read and write
669C000
heap
page read and write
EDE000
stack
page read and write
22634F2A000
heap
page read and write
6694000
heap
page read and write
CE0000
direct allocation
page read and write
1D70214C000
heap
page read and write
6694000
heap
page read and write
64C0000
heap
page read and write
7FF5DF582000
unkown
page readonly
7FF635970000
unkown
page read and write
594F000
stack
page read and write
668C000
heap
page read and write
22634F2A000
heap
page read and write
2F31000
heap
page read and write
13DA000
heap
page read and write
CE0000
direct allocation
page read and write
66F1000
heap
page read and write
670E000
heap
page read and write
7FF635CC4000
unkown
page read and write
32B0000
unkown
page read and write
1224000
heap
page read and write
6218000
heap
page read and write
8680000
unkown
page read and write
426000
unkown
page write copy
7FF5DF567000
unkown
page readonly
66F1000
heap
page read and write
8B60000
unkown
page read and write
B9BF000
stack
page read and write
6229000
heap
page read and write
1D70226C000
heap
page read and write
83F0000
unkown
page read and write
1200000
direct allocation
page read and write
1D701EFD000
heap
page read and write
1AF5000
heap
page read and write
7A00000
unkown
page read and write
22634F2A000
heap
page read and write
3668000
heap
page read and write
60C000
unkown
page execute and read and write
35617000
heap
page read and write
36BB000
heap
page read and write
623B000
heap
page read and write
83F0000
unkown
page read and write
F04000
trusted library allocation
page read and write
332B000
heap
page read and write
9FC3000
unkown
page read and write
7A00000
unkown
page read and write
1D7020FA000
heap
page read and write
1D702273000
heap
page read and write
F03000
trusted library allocation
page execute and read and write
65DE000
stack
page read and write
C1E000
unkown
page execute and read and write
8B60000
unkown
page read and write
604000
unkown
page execute and write copy
198000
stack
page read and write
8B60000
unkown
page read and write
83F0000
unkown
page read and write
97F3000
unkown
page read and write
6B00000
trusted library allocation
page read and write
5BEE000
stack
page read and write
1BF51C9A000
heap
page read and write
C3D9000
unkown
page read and write
7FF6359B3000
unkown
page read and write
6279000
heap
page read and write
1F7CD878000
heap
page read and write
C000018000
direct allocation
page read and write
C569000
unkown
page read and write
367F000
heap
page read and write
709F000
stack
page read and write
BF9B000
unkown
page read and write
6770000
trusted library allocation
page read and write
1D702131000
heap
page read and write
6212000
heap
page read and write
19EB000
heap
page read and write
320B000
stack
page read and write
EB6000
heap
page read and write
2D1E000
stack
page read and write
3890000
heap
page read and write
BE9C000
stack
page read and write
EDB4000
unkown
page read and write
75C1000
heap
page read and write
DB0000
heap
page read and write
38DB000
stack
page read and write
6771000
heap
page read and write
2F31000
heap
page read and write
8880000
unkown
page read and write
E70000
unkown
page readonly
ED8A000
unkown
page read and write
83F0000
unkown
page read and write
1D702263000
heap
page read and write
220EA000
heap
page read and write
1D7021F6000
heap
page read and write
E60000
heap
page read and write
7701000
heap
page read and write
1C60000
heap
page read and write
670F000
heap
page read and write
330B000
stack
page read and write
BE80000
unkown
page read and write
6780000
heap
page read and write
C65000
unkown
page execute and read and write
8B60000
unkown
page read and write
6694000
heap
page read and write
32D2000
stack
page read and write
9A5737C000
stack
page read and write
66B1000
heap
page read and write
7A00000
unkown
page read and write
6218000
heap
page read and write
6B00000
trusted library allocation
page read and write
1D701EF5000
heap
page read and write
C00013A000
direct allocation
page read and write
76FC000
heap
page read and write
602000
unkown
page execute and write copy
107D000
heap
page read and write
67B4000
heap
page read and write
A734000
unkown
page read and write
7FF5DF392000
unkown
page readonly
51A000
remote allocation
page execute and read and write
83F0000
unkown
page read and write
9D1F000
stack
page read and write
1DB77BD0000
direct allocation
page read and write
EB0000
heap
page read and write
8910000
unkown
page read and write
C000030000
direct allocation
page read and write
7FF5DF3C6000
unkown
page readonly
67A9000
heap
page read and write
6C2BAFF000
stack
page read and write
70F000
stack
page read and write
1D09000
heap
page read and write
6792000
heap
page read and write
1D70226C000
heap
page read and write
7FF5DF4FB000
unkown
page readonly
9EE000
stack
page read and write
1224000
heap
page read and write
6673000
heap
page read and write
7DF5E895F000
unkown
page readonly
7FF5DF24E000
unkown
page readonly
67A5000
heap
page read and write
1E96000
heap
page read and write
192F000
stack
page read and write
64B000
unkown
page execute and write copy
7FF5DF3D4000
unkown
page readonly
7FF5DF0C3000
unkown
page readonly
61FA000
heap
page read and write
22634F2A000
heap
page read and write
2141000
heap
page read and write
1D702257000
heap
page read and write
1C061000
heap
page read and write
6694000
heap
page read and write
3639000
heap
page read and write
2A80000
trusted library allocation
page read and write
AB6000
unkown
page execute and read and write
2E3B000
trusted library allocation
page read and write
9380000
unkown
page readonly
6790000
heap
page read and write
677A000
heap
page read and write
25C2BFE000
stack
page read and write
7544000
heap
page read and write
D10000
unkown
page readonly
8880000
unkown
page read and write
75E4000
heap
page read and write
C000020000
direct allocation
page read and write
126E000
stack
page read and write
C39F000
unkown
page read and write
1DB327A0000
direct allocation
page read and write
22634F28000
heap
page read and write
8B60000
unkown
page read and write
C000456000
direct allocation
page read and write
37A0000
direct allocation
page read and write
1D7020FE000
heap
page read and write
A6D2000
unkown
page read and write
27F0000
unkown
page readonly
22634F2A000
heap
page read and write
C6E000
stack
page read and write
6279000
heap
page read and write
EDAE000
unkown
page read and write
8880000
unkown
page read and write
1C261D02000
heap
page read and write
7FF5DEFC2000
unkown
page readonly
669B000
heap
page read and write
1ADD000
trusted library allocation
page execute and read and write
62FE000
stack
page read and write
577E000
stack
page read and write
140CAA000
unkown
page readonly
1D702150000
heap
page read and write
6694000
heap
page read and write
7922000
heap
page read and write
ED7E000
unkown
page read and write
1BD4000
heap
page read and write
304000
unkown
page read and write
1017000
heap
page read and write
44D000
unkown
page execute and read and write
EB8000
heap
page read and write
37D1000
heap
page read and write
1D7021A7000
heap
page read and write
BFA5000
unkown
page read and write
B259000
stack
page read and write
2F1B000
trusted library allocation
page read and write
2BCE000
stack
page read and write
EDB6000
unkown
page read and write
F10000
heap
page read and write
2911000
heap
page read and write
22634F2A000
heap
page read and write
30E0000
direct allocation
page read and write
C000025000
direct allocation
page read and write
13D8000
heap
page read and write
2870000
unkown
page read and write
293000
unkown
page read and write
1D7023EB000
heap
page read and write
6790000
heap
page read and write
7FF635974000
unkown
page write copy
67A0000
heap
page read and write
1BD4000
heap
page read and write
7FF5DEFDD000
unkown
page readonly
2FD0000
heap
page read and write
6677000
heap
page read and write
FB000
unkown
page read and write
6207000
heap
page read and write
1D70212C000
heap
page read and write
7FF5DF398000
unkown
page readonly
7FF5DF4C6000
unkown
page readonly
6771000
heap
page read and write
1200000
direct allocation
page read and write
7395000
unkown
page read and write
989F000
unkown
page read and write
1C261C22000
heap
page read and write
1D701A00000
direct allocation
page read and write
280000
unkown
page read and write
76ED000
heap
page read and write
180000
heap
page read and write
1BF51C02000
heap
page read and write
22634F28000
heap
page read and write
7FF5DF488000
unkown
page readonly
356D0000
heap
page read and write
7FF5DF3B5000
unkown
page readonly
3304000
unkown
page read and write
75DF000
heap
page read and write
E2D000
heap
page read and write
1D701EE7000
heap
page read and write
1BF5163C000
heap
page read and write
1721B402000
heap
page read and write
8B60000
unkown
page read and write
1945000
heap
page read and write
1D70230A000
heap
page read and write
220FE000
heap
page read and write
1AF7000
heap
page read and write
C003000
unkown
page read and write
7643000
heap
page read and write
67A5000
heap
page read and write
6218000
heap
page read and write
783C000
heap
page read and write
6218000
heap
page read and write
67D5000
heap
page read and write
2BFD000
trusted library allocation
page read and write
3100000
trusted library allocation
page read and write
83F0000
unkown
page read and write
CE0000
direct allocation
page read and write
401000
unkown
page execute read
67C0000
heap
page read and write
1D70212E000
heap
page read and write
5FA000
unkown
page execute and write copy
31CF000
stack
page read and write
60C0000
trusted library allocation
page read and write
335E000
stack
page read and write
15AF000
stack
page read and write
EDA2000
unkown
page read and write
67A0000
heap
page read and write
22634F1C000
heap
page read and write
1EAF000
stack
page read and write
7986000
heap
page read and write
22634F28000
heap
page read and write
1630000
heap
page read and write
6694000
heap
page read and write
3649000
heap
page read and write
6687000
heap
page read and write
6130000
remote allocation
page read and write
77BF000
heap
page read and write
4506000
direct allocation
page read and write
67CC000
heap
page read and write
401000
unkown
page execute read
C4BA000
unkown
page read and write
D7A000
heap
page read and write
88E0000
unkown
page read and write
884000
heap
page read and write
F4B000
trusted library allocation
page execute and read and write
6681000
heap
page read and write
EFB000
heap
page read and write
22634F1C000
heap
page read and write
1D7023C5000
heap
page read and write
83F0000
unkown
page read and write
EB5000
heap
page read and write
770B000
heap
page read and write
6697000
heap
page read and write
73BA000
unkown
page read and write
71BB3FE000
stack
page read and write
8880000
unkown
page read and write
61FB000
heap
page read and write
3130000
trusted library allocation
page read and write
13DB000
heap
page read and write
9A5717E000
unkown
page readonly
1BF51695000
heap
page read and write
EDAE000
unkown
page read and write
423000
unkown
page read and write
67A5000
heap
page read and write
279F000
stack
page read and write
1087000
heap
page read and write
2D50000
direct allocation
page read and write
2FE0000
heap
page readonly
677B000
heap
page read and write
1314000
heap
page read and write
ECE000
heap
page read and write
1BF51B13000
heap
page read and write
F70000
unkown
page read and write
7FF5DF0F1000
unkown
page readonly
2F31000
heap
page read and write
7A00000
unkown
page read and write
3467000
heap
page read and write
8880000
unkown
page read and write
308D000
stack
page read and write
69B50000
unkown
page write copy
74D6000
unkown
page read and write
6703000
heap
page read and write
22634F2A000
heap
page read and write
133A000
heap
page read and write
3568F000
heap
page read and write
66F2000
heap
page read and write
1D701F18000
heap
page read and write
D50000
direct allocation
page read and write
6782000
heap
page read and write
1D7023EB000
heap
page read and write
EBD000
unkown
page execute read
EDA2000
unkown
page read and write
364F000
heap
page read and write
A700000
unkown
page read and write
668A000
heap
page read and write
1D70214C000
heap
page read and write
1D702214000
heap
page read and write
A4000
unkown
page readonly
EDAE000
unkown
page read and write
6798000
heap
page read and write
10A7000
heap
page read and write
1224000
heap
page read and write
8680000
unkown
page read and write
6697000
heap
page read and write
5FC000
unkown
page execute and write copy
EFD000
heap
page read and write
2F31000
heap
page read and write
22D0000
direct allocation
page read and write
1D7020FE000
heap
page read and write
2C50000
trusted library allocation
page read and write
6790000
heap
page read and write
7FF5DF55A000
unkown
page readonly
2C9A000
stack
page read and write
7FF5DF435000
unkown
page readonly
E0F000
heap
page read and write
5A38000
trusted library allocation
page read and write
1DB32780000
direct allocation
page read and write
6279000
heap
page read and write
61FB000
heap
page read and write
33A000
unkown
page readonly
CE0000
direct allocation
page read and write
67A8000
heap
page read and write
17C4000
heap
page read and write
76E8000
heap
page read and write
EBB000
heap
page read and write
22634F2A000
heap
page read and write
6A7000
heap
page read and write
401000
unkown
page execute read
1200000
direct allocation
page read and write
772E000
heap
page read and write
88A000
unkown
page execute and write copy
1ED1000
heap
page read and write
3281000
stack
page read and write
66B1000
heap
page read and write
1103000
heap
page read and write
13F0000
heap
page read and write
33D0000
trusted library allocation
page read and write
7FF5DF2DA000
unkown
page readonly
1BF51B02000
heap
page read and write
B2DB000
stack
page read and write
1ED1000
heap
page read and write
6703000
heap
page read and write
98A7000
unkown
page read and write
2F31000
heap
page read and write
47A2000
unkown
page read and write
32C0000
stack
page read and write
22634F2A000
heap
page read and write
A02D000
unkown
page read and write
1D702144000
heap
page read and write
1D70224A000
heap
page read and write
7FF5DF396000
unkown
page readonly
140000
unkown
page readonly
7FF635D35000
unkown
page readonly
7A00000
unkown
page read and write
7FF5DF2E5000
unkown
page readonly
C2E000
unkown
page execute and read and write
6229000
heap
page read and write
1D702377000
heap
page read and write
AE0000
unkown
page read and write
F32000
trusted library allocation
page read and write
1BF5164D000
unkown
page read and write
1DB32790000
direct allocation
page read and write
1A40000
heap
page read and write
58C000
heap
page read and write
BF6D000
unkown
page read and write
2130000
heap
page read and write
EBB000
heap
page read and write
8880000
unkown
page read and write
2C70000
heap
page execute and read and write
8B60000
unkown
page read and write
61FD000
heap
page read and write
7B50000
unkown
page readonly
66E9000
heap
page read and write
8880000
unkown
page read and write
1D701EE7000
heap
page read and write
604000
unkown
page execute and write copy
22634F28000
heap
page read and write
EB0000
heap
page read and write
426000
unkown
page read and write
591E000
stack
page read and write
1310000
heap
page read and write
1D701A00000
direct allocation
page read and write
22634F1C000
heap
page read and write
C000100000
direct allocation
page read and write
1D7020F4000
heap
page read and write
220FE000
heap
page read and write
C000066000
direct allocation
page read and write
C000144000
direct allocation
page read and write
8B60000
unkown
page read and write
22634F1C000
heap
page read and write
1D702144000
heap
page read and write
22634F1C000
heap
page read and write
60C0000
trusted library allocation
page read and write
7A00000
unkown
page read and write
7FF5DF39C000
unkown
page readonly
762A000
heap
page read and write
1BF51C02000
heap
page read and write
6781000
heap
page read and write
5B2D000
stack
page read and write
1ED3000
heap
page read and write
8F0000
unkown
page read and write
C32000
unkown
page execute and read and write
6218000
heap
page read and write
2F10000
unkown
page read and write
66F1000
heap
page read and write
C149000
unkown
page read and write
1D7021A8000
heap
page read and write
1E82000
heap
page read and write
441000
unkown
page read and write
668C000
heap
page read and write
8AD000
unkown
page execute read
22634F1C000
heap
page read and write
1D702130000
heap
page read and write
32F1000
heap
page read and write
6678000
heap
page read and write
1200000
direct allocation
page read and write
E30000
heap
page read and write
EB5000
heap
page read and write
76C0000
heap
page read and write
7FF5DF3B9000
unkown
page readonly
1B660644000
heap
page read and write
5FC000
unkown
page execute and write copy
9C1D000
stack
page read and write
35662000
heap
page read and write
2186000
heap
page read and write
2911000
heap
page read and write
C2C000
unkown
page execute and read and write
8880000
unkown
page read and write
1E61000
heap
page read and write
1AC0000
trusted library allocation
page read and write
74A9000
unkown
page read and write
7FF5DF26F000
unkown
page readonly
669A000
heap
page read and write
66F3000
heap
page read and write
C63000
unkown
page execute and read and write
33AB000
heap
page read and write
2F31000
heap
page read and write
F40000
trusted library allocation
page read and write
BF9F000
unkown
page read and write
40C000
unkown
page write copy
30E0000
direct allocation
page read and write
1D702148000
heap
page read and write
6205000
heap
page read and write
678D000
heap
page read and write
22634F2A000
heap
page read and write
6694000
heap
page read and write
7FF5DF04D000
unkown
page readonly
2F9000
unkown
page readonly
8880000
unkown
page read and write
66F1000
heap
page read and write
D50000
direct allocation
page read and write
7FF5DF478000
unkown
page readonly
22634F28000
heap
page read and write
6771000
heap
page read and write
1BD4000
heap
page read and write
22634F28000
heap
page read and write
67A0000
heap
page read and write
6782000
heap
page read and write
17C5000
heap
page read and write
6687000
heap
page read and write
8880000
unkown
page read and write
57AD000
stack
page read and write
3659000
heap
page read and write
1D7021AC000
heap
page read and write
7A00000
unkown
page read and write
3682000
heap
page read and write
1BF5163F000
heap
page read and write
D60000
direct allocation
page read and write
1D70230A000
heap
page read and write
6A6F000
stack
page read and write
ED86000
unkown
page read and write
8B60000
unkown
page read and write
401000
unkown
page execute read
356C6000
heap
page read and write
356A3000
heap
page read and write
412000
unkown
page execute and read and write
8880000
unkown
page read and write
5A8E000
stack
page read and write
1D70245C000
heap
page read and write
1D703900000
heap
page read and write
6411000
heap
page read and write
3320000
heap
page read and write
7FF5DF341000
unkown
page readonly
83F0000
unkown
page read and write
67BB000
heap
page read and write
220F0000
heap
page read and write
774C000
heap
page read and write
7A00000
unkown
page read and write
7FF5DF58A000
unkown
page readonly
668C000
heap
page read and write
8E0000
heap
page read and write
63DD000
stack
page read and write
8880000
unkown
page read and write
7FF5DF584000
unkown
page readonly
C553000
unkown
page read and write
22634F1C000
heap
page read and write
1AA8000
unkown
page readonly
8880000
unkown
page read and write
EBE000
heap
page read and write
6770000
trusted library allocation
page read and write
37D1000
heap
page read and write
1BF51B00000
heap
page read and write
7710000
heap
page read and write
1D70227F000
heap
page read and write
680000
unkown
page execute and write copy
765C000
heap
page read and write
CE0000
direct allocation
page read and write
220F0000
heap
page read and write
1D702386000
heap
page read and write
1D701A40000
remote allocation
page read and write
661E000
stack
page read and write
8B60000
unkown
page read and write
220F0000
heap
page read and write
1D701E60000
trusted library allocation
page read and write
22100000
heap
page read and write
10BC000
heap
page read and write
83F0000
unkown
page read and write
61F7000
heap
page read and write
1D702351000
heap
page read and write
838B000
stack
page read and write
C22000
unkown
page execute and read and write
6694000
heap
page read and write
1E9B000
heap
page read and write
6680000
heap
page read and write
1200000
direct allocation
page read and write
39DC000
stack
page read and write
6790000
heap
page read and write
1D7021AC000
heap
page read and write
620000
heap
page read and write
7FF5DF382000
unkown
page readonly
80000
unkown
page readonly
1D7021A0000
heap
page read and write
6B00000
trusted library allocation
page read and write
1738000
stack
page read and write
1D7023A2000
heap
page read and write
1D702150000
heap
page read and write
7FF5DF349000
unkown
page readonly
8B60000
unkown
page read and write
7250000
trusted library allocation
page read and write
874C000
stack
page read and write
220D6000
heap
page read and write
7FF635D27000
unkown
page write copy
1330000
heap
page read and write
1D7021B0000
heap
page read and write
2F4D000
stack
page read and write
1D701EFD000
heap
page read and write
32F6000
heap
page read and write
66B1000
heap
page read and write
6792000
heap
page read and write
140F62000
unkown
page execute read
61EA000
heap
page read and write
8880000
unkown
page read and write
1D701EEF000
heap
page read and write
67A0000
heap
page read and write
22634F28000
heap
page read and write
1D701F3E000
heap
page read and write
2A90000
trusted library allocation
page read and write
ED78000
unkown
page read and write
7FF7A87C1000
unkown
page execute read
677A000
heap
page read and write
766B000
heap
page read and write
32F5000
heap
page read and write
6786000
heap
page read and write
8EA9000
stack
page read and write
3780000
heap
page read and write
7FF5DF045000
unkown
page readonly
8880000
unkown
page read and write
F70000
unkown
page read and write
600000
heap
page read and write
1D702440000
heap
page read and write
1BF51C44000
heap
page read and write
289E000
stack
page read and write
8B60000
unkown
page read and write
7FF5DF0F6000
unkown
page readonly
A0FC000
unkown
page read and write
514000
unkown
page write copy
2E30000
unkown
page read and write
1D70215C000
heap
page read and write
196A000
heap
page read and write
D50000
trusted library allocation
page read and write
17B0000
direct allocation
page read and write
73B6000
unkown
page read and write
1D702507000
heap
page read and write
1BF51C02000
heap
page read and write
2B8B000
stack
page read and write
96DF000
unkown
page read and write
C5D000
unkown
page execute and read and write
2E83000
trusted library allocation
page read and write
1EAE000
heap
page read and write
67C7000
heap
page read and write
9718000
unkown
page read and write
1D701F12000
heap
page read and write
C00044C000
direct allocation
page read and write
1D70342D000
heap
page read and write
669B000
heap
page read and write
EB5000
heap
page read and write
3471000
heap
page read and write
1BD4000
heap
page read and write
2C25000
trusted library allocation
page read and write
1D702300000
heap
page read and write
1AE0000
heap
page read and write
220E8000
heap
page read and write
2210B000
heap
page read and write
7FF5DEE52000
unkown
page readonly
A6F1000
unkown
page read and write
3672000
heap
page read and write
670F000
heap
page read and write
22634F1C000
heap
page read and write
356C1000
heap
page read and write
67A7000
heap
page read and write
41B000
unkown
page readonly
EB0000
heap
page read and write
A6EE000
unkown
page read and write
6780000
heap
page read and write
17DE000
stack
page read and write
1A1BDAE0000
heap
page read and write
1D7021A7000
heap
page read and write
1BF51C02000
heap
page read and write
1D701EF5000
heap
page read and write
D6F000
stack
page read and write
220FE000
heap
page read and write
AF8000
stack
page read and write
6219000
heap
page read and write
48B0000
unkown
page read and write
66F1000
heap
page read and write
2DA5000
trusted library allocation
page read and write
C00007A000
direct allocation
page read and write
1932000
heap
page read and write
340E000
stack
page read and write
364A000
heap
page read and write
6798000
heap
page read and write
22634F1C000
heap
page read and write
1A8E000
stack
page read and write
292000
unkown
page execute and read and write
1BD4000
heap
page read and write
6791000
heap
page read and write
2E3E000
trusted library allocation
page read and write
C000004000
direct allocation
page read and write
1B660664000
heap
page read and write
1C262402000
trusted library allocation
page read and write
83F0000
unkown
page read and write
7625000
heap
page read and write
1D701A00000
direct allocation
page read and write
FD0000
trusted library allocation
page read and write
1D701F29000
heap
page read and write
C00004C000
direct allocation
page read and write
75F3000
heap
page read and write
8880000
unkown
page read and write
ED9E000
unkown
page read and write
679F000
heap
page read and write
3471000
heap
page read and write
427000
unkown
page readonly
33D0000
heap
page read and write
22634F2A000
heap
page read and write
83F0000
unkown
page read and write
1ED1000
heap
page read and write
6229000
heap
page read and write
7230000
unkown
page read and write
8880000
unkown
page read and write
83F0000
unkown
page read and write
AFC000
stack
page read and write
F70000
unkown
page execute read
672C000
heap
page read and write
67C000
unkown
page execute and write copy
7FF5DF4BD000
unkown
page readonly
17B0000
direct allocation
page read and write
7FF5DF5A8000
unkown
page readonly
22634F1C000
heap
page read and write
629F000
stack
page read and write
1E8F000
heap
page read and write
2F0D000
stack
page read and write
6239000
heap
page read and write
EB0000
heap
page read and write
F42000
trusted library allocation
page read and write
8B90000
unkown
page read and write
67A5000
heap
page read and write
C80000
heap
page read and write
600000
unkown
page execute and write copy
3568A000
heap
page read and write
17B0000
direct allocation
page read and write
1DB32770000
direct allocation
page read and write
7639000
heap
page read and write
7931000
heap
page read and write
8B60000
unkown
page read and write
345F000
stack
page read and write
C2E4000
unkown
page read and write
1D702104000
heap
page read and write
20A70700000
heap
page read and write
EBB000
heap
page read and write
67EC000
heap
page read and write
1C51000
heap
page read and write
C20000
unkown
page execute and read and write
1D702F0C000
heap
page read and write
2E283000
heap
page read and write
6785000
heap
page read and write
EB0000
heap
page read and write
7FF5DEFBD000
unkown
page readonly
37A0000
direct allocation
page read and write
ED8A000
unkown
page read and write
1D7022E1000
heap
page read and write
677B000
heap
page read and write
28DD000
stack
page read and write
1D70224D000
heap
page read and write
2F31000
heap
page read and write
8B60000
unkown
page read and write
F70000
unkown
page read and write
1BF51B02000
heap
page read and write
3647000
heap
page read and write
19C000
stack
page read and write
668C000
heap
page read and write
1E7B000
heap
page read and write
6218000
heap
page read and write
2911000
heap
page read and write
2BF6000
trusted library allocation
page read and write
67A3000
heap
page read and write
6781000
heap
page read and write
6778000
heap
page read and write
51DB000
stack
page read and write
220D5000
heap
page read and write
13DC000
heap
page read and write
220FE000
heap
page read and write
6699000
heap
page read and write
AE6F000
stack
page read and write
EAF000
heap
page read and write
1DB32774000
direct allocation
page read and write
1D701E60000
trusted library allocation
page read and write
EB5000
heap
page read and write
6694000
heap
page read and write
BFC3000
unkown
page read and write
1D702158000
heap
page read and write
8B60000
unkown
page read and write
67C7000
heap
page read and write
2270000
heap
page read and write
1D7023EB000
heap
page read and write
37A0000
direct allocation
page read and write
6207000
heap
page read and write
22103000
heap
page read and write
67A8000
heap
page read and write
8880000
unkown
page read and write
330D000
stack
page read and write
767F000
heap
page read and write
2F8E000
trusted library allocation
page read and write
3117000
trusted library allocation
page execute and read and write
1BD4000
heap
page read and write
36D2000
heap
page read and write
C000037000
direct allocation
page read and write
1D701EF8000
heap
page read and write
2C30000
trusted library allocation
page read and write
5A90000
trusted library allocation
page read and write
6703000
heap
page read and write
22634F28000
heap
page read and write
669B000
heap
page read and write
BFA1000
unkown
page read and write
67B0000
heap
page read and write
1D702160000
heap
page read and write
6687000
heap
page read and write
336000
unkown
page read and write
67C3000
heap
page read and write
3689000
heap
page read and write
40B000
unkown
page execute read
8680000
unkown
page read and write
7DF4E6791000
unkown
page execute read
CE0000
direct allocation
page read and write
6790000
heap
page read and write
1D7020FE000
heap
page read and write
73C3000
unkown
page read and write
A757000
unkown
page read and write
1D7025B2000
heap
page read and write
510000
heap
page read and write
1D7031C4000
heap
page read and write
FF4B000
unkown
page read and write
1D702217000
heap
page read and write
B589000
stack
page read and write
19EA000
heap
page read and write
69B53000
unkown
page write copy
4331000
trusted library allocation
page read and write
35685000
heap
page read and write
66A0000
heap
page read and write
230000
unkown
page readonly
2AA0000
heap
page read and write
1D701EE9000
heap
page read and write
164C000
heap
page read and write
67A5000
heap
page read and write
83F0000
unkown
page read and write
36D1000
heap
page read and write
6B00000
trusted library allocation
page read and write
1D701EFA000
heap
page read and write
3840000
heap
page read and write
356EE000
heap
page read and write
7FF7A87C0000
unkown
page readonly
22634F1C000
heap
page read and write
7A00000
unkown
page read and write
1E67000
heap
page read and write
1AE0000
heap
page read and write
7FF5DE531000
unkown
page readonly
57EE000
stack
page read and write
1BF5167D000
heap
page read and write
ED77000
unkown
page read and write
7FF635700000
unkown
page readonly
6792000
heap
page read and write
1D7021A7000
heap
page read and write
EB5000
heap
page read and write
7FF5DF5FC000
unkown
page readonly
6205000
heap
page read and write
1D703BED000
heap
page read and write
63F000
unkown
page execute and write copy
668C000
heap
page read and write
1D701EF8000
heap
page read and write
6979000
heap
page read and write
FE84000
unkown
page read and write
22634F1C000
heap
page read and write
20A70705000
heap
page read and write
60C0000
trusted library allocation
page read and write
1CBF000
heap
page execute and read and write
6790000
heap
page read and write
1BF5163B000
unkown
page read and write
3310000
trusted library allocation
page read and write
37BE000
stack
page read and write
67A5000
heap
page read and write
81000
unkown
page execute read
1A1BD9E0000
heap
page read and write
1BF5167C000
heap
page read and write
360000
heap
page read and write
8880000
unkown
page read and write
6792000
heap
page read and write
220F0000
heap
page read and write
7A00000
unkown
page read and write
F70000
unkown
page read and write
1D702148000
heap
page read and write
2F31000
heap
page read and write
116C000
stack
page read and write
8880000
unkown
page read and write
6B00000
trusted library allocation
page read and write
10A9000
heap
page read and write
22634F1C000
heap
page read and write
37D1000
heap
page read and write
C474000
unkown
page read and write
ED75000
unkown
page read and write
BFA7000
unkown
page read and write
34C2000
heap
page read and write
6790000
heap
page read and write
7940000
unkown
page readonly
1D701EF8000
heap
page read and write
1D702507000
heap
page read and write
8880000
unkown
page read and write
BFDF000
unkown
page read and write
649000
unkown
page execute and write copy
A734000
unkown
page read and write
78B4000
heap
page read and write
2E4E000
stack
page read and write
A09A000
unkown
page read and write
8B60000
unkown
page read and write
6218000
heap
page read and write
1A0A000
unkown
page readonly
1721BAA0000
remote allocation
page read and write
25C29FF000
stack
page read and write
1D701A00000
direct allocation
page read and write
3115000
trusted library allocation
page execute and read and write
5A5E000
stack
page read and write
641000
unkown
page execute and write copy
83F0000
unkown
page read and write
8650000
unkown
page readonly
3651000
heap
page read and write
8880000
unkown
page read and write
C2F000
stack
page read and write
44B000
unkown
page read and write
3106000
trusted library allocation
page execute and read and write
4621000
direct allocation
page execute read
6202000
heap
page read and write
1D703DD4000
heap
page read and write
6697000
heap
page read and write
8B60000
unkown
page read and write
1910000
heap
page read and write
1D7023D1000
heap
page read and write
28195000
heap
page read and write
E80000
unkown
page read and write
5EEE000
stack
page read and write
668C000
heap
page read and write
6DDC000
unkown
page read and write
49F9000
trusted library allocation
page read and write
6694000
heap
page read and write
5FA000
unkown
page execute and write copy
669A000
heap
page read and write
514000
remote allocation
page execute and read and write
7D90000
unkown
page read and write
1D701F0B000
heap
page read and write
7FF5DF081000
unkown
page readonly
140000
unkown
page readonly
17B0000
direct allocation
page read and write
B4DB000
stack
page read and write
41B000
unkown
page readonly
22634F28000
heap
page read and write
1F0000
heap
page read and write
312000
unkown
page read and write
37A0000
direct allocation
page read and write
1A1BDAC0000
heap
page read and write
6694000
heap
page read and write
669B000
heap
page read and write
15B6000
heap
page read and write
22634F2A000
heap
page read and write
1D702193000
heap
page read and write
78D7000
heap
page read and write
83F0000
unkown
page read and write
1F7CD840000
heap
page read and write
EBB000
heap
page read and write
1BF51692000
heap
page read and write
AC0000
unkown
page readonly
2DC0000
unkown
page read and write
8B60000
unkown
page read and write
1DB77B8A000
direct allocation
page read and write
437000
remote allocation
page execute and read and write
3471000
heap
page read and write
2900000
heap
page read and write
1BF5167A000
unkown
page read and write
1BF51CDC000
heap
page read and write
30A000
unkown
page read and write
8880000
unkown
page read and write
3672000
heap
page read and write
6218000
heap
page read and write
60C0000
trusted library allocation
page read and write
3870000
heap
page read and write
83F0000
unkown
page read and write
66A0000
heap
page read and write
8B90000
unkown
page read and write
A738000
unkown
page read and write
C000400000
direct allocation
page read and write
7FF5DE539000
unkown
page readonly
677D000
heap
page read and write
22634F1C000
heap
page read and write
669A000
heap
page read and write
1BF51C97000
heap
page read and write
7FF5DF532000
unkown
page readonly
8880000
unkown
page read and write
1BF51681000
heap
page read and write
1D7026E8000
heap
page read and write
7FF635D24000
unkown
page write copy
BEF0000
heap
page read and write
1D702148000
heap
page read and write
401000
unkown
page execute read
220F0000
heap
page read and write
37D1000
heap
page read and write
7A00000
unkown
page read and write
67B4000
heap
page read and write
67BA000
heap
page read and write
22634F28000
heap
page read and write
7FF635CEC000
unkown
page read and write
34B0000
trusted library allocation
page read and write
17B0000
direct allocation
page read and write
1D701E60000
trusted library allocation
page read and write
CE0000
direct allocation
page read and write
8680000
unkown
page read and write
1BF51652000
unkown
page read and write
3394000
heap
page read and write
66F1000
heap
page read and write
22634F28000
heap
page read and write
6795000
heap
page read and write
C000132000
direct allocation
page read and write
1D7026E4000
heap
page read and write
1D701F02000
heap
page read and write
8B60000
unkown
page read and write
1D7020FE000
heap
page read and write
1D702154000
heap
page read and write
6694000
heap
page read and write
6773000
heap
page read and write
7FF5DF43C000
unkown
page readonly
8880000
unkown
page read and write
67A3000
heap
page read and write
37D1000
heap
page read and write
67A7000
heap
page read and write
220ED000
heap
page read and write
220F7000
heap
page read and write
686000
heap
page read and write
1BF5167E000
heap
page read and write
7FF5DF5CC000
unkown
page readonly
1D7020FC000
heap
page read and write
C00011C000
direct allocation
page read and write
7549000
heap
page read and write
83F0000
unkown
page read and write
678C000
heap
page read and write
C000146000
direct allocation
page read and write
2F31000
heap
page read and write
75C6000
heap
page read and write
1D7021A0000
heap
page read and write
67B2000
heap
page read and write
61FA000
heap
page read and write
D69000
heap
page read and write
66A0000
heap
page read and write
AEF000
stack
page read and write
1D702154000
heap
page read and write
22634F2A000
heap
page read and write
6229000
heap
page read and write
1D70224A000
heap
page read and write
2F17000
trusted library allocation
page read and write
141000
unkown
page execute read
4788000
unkown
page read and write
3471000
heap
page read and write
7FF5DF52D000
unkown
page readonly
364A000
heap
page read and write
13D8000
heap
page read and write
668C000
heap
page read and write
32E1000
stack
page read and write
67AA000
heap
page read and write
60C000
unkown
page execute and write copy
22634F28000
heap
page read and write
2D61000
unkown
page read and write
2BD0000
trusted library allocation
page read and write
3471000
heap
page read and write
13A0000
unkown
page readonly
2F31000
heap
page read and write
CE0000
direct allocation
page read and write
CE0000
direct allocation
page read and write
C000266000
direct allocation
page read and write
8880000
unkown
page read and write
5DAD000
stack
page read and write
C1A9000
unkown
page read and write
7FF5DEF90000
unkown
page readonly
679F000
heap
page read and write
1D702507000
heap
page read and write
8880000
unkown
page read and write
297F000
stack
page read and write
C0000A1000
direct allocation
page read and write
1BF51C44000
heap
page read and write
530000
heap
page read and write
E00000
heap
page read and write
D8A873D000
stack
page read and write
1D70224A000
heap
page read and write
7909000
heap
page read and write
7A00000
unkown
page read and write
1D7022E1000
heap
page read and write
C000120000
direct allocation
page read and write
83F0000
unkown
page read and write
1D703403000
heap
page read and write
1D7023E9000
heap
page read and write
6770000
trusted library allocation
page read and write
9489000
stack
page read and write
4855000
unkown
page read and write
3B60000
remote allocation
page read and write
1790000
heap
page read and write
1BF51639000
heap
page read and write
5950000
trusted library allocation
page read and write
1E9E000
heap
page read and write
71BB97E000
stack
page read and write
320000
heap
page read and write
2BEE000
trusted library allocation
page read and write
13E000
stack
page read and write
C545000
unkown
page read and write
8880000
unkown
page read and write
1D70224A000
heap
page read and write
1D7021D0000
heap
page read and write
9EA000
stack
page read and write
83F0000
unkown
page read and write
8880000
unkown
page read and write
1EAF000
heap
page read and write
1D70213F000
heap
page read and write
3090000
heap
page read and write
6798000
heap
page read and write
BE80000
unkown
page read and write
8880000
unkown
page read and write
1D7021D0000
heap
page read and write
8B60000
unkown
page read and write
1E61000
heap
page read and write
2210C000
heap
page read and write
83F0000
unkown
page read and write
2911000
heap
page read and write
9562000
unkown
page read and write
25E000
unkown
page write copy
FF99000
unkown
page read and write
75BC000
heap
page read and write
1D70413D000
heap
page read and write
97C6000
unkown
page read and write
1E7B000
heap
page read and write
2C10000
trusted library allocation
page read and write
290B000
heap
page read and write
37D1000
heap
page read and write
73CD000
unkown
page read and write
AF3000
stack
page read and write
2F66000
stack
page read and write
6218000
heap
page read and write
220F0000
heap
page read and write
2F31000
heap
page read and write
17B0000
direct allocation
page read and write
1BF5164D000
unkown
page read and write
22634F1C000
heap
page read and write
6790000
heap
page read and write
EB3000
heap
page read and write
2911000
heap
page read and write
2094000
direct allocation
page read and write
D60000
direct allocation
page read and write
1D70210A000
heap
page read and write
FF82000
unkown
page read and write
66A3000
heap
page read and write
9704000
unkown
page read and write
22634F28000
heap
page read and write
1D70224D000
heap
page read and write
626A000
heap
page read and write
71BB2FE000
stack
page read and write
220F0000
heap
page read and write
2E50000
trusted library allocation
page read and write
22634F1C000
heap
page read and write
365D000
heap
page read and write
6B00000
trusted library allocation
page read and write
17B0000
direct allocation
page read and write
19C000
stack
page read and write
7151000
heap
page read and write
7DF4E6770000
unkown
page readonly
66C2000
heap
page read and write
4260000
heap
page read and write
1324000
heap
page read and write
7A00000
unkown
page read and write
33B000
unkown
page readonly
8B60000
unkown
page read and write
191F000
heap
page read and write
1D702138000
heap
page read and write
1BF51CEF000
heap
page read and write
83F0000
unkown
page read and write
2E50000
unkown
page readonly
2D0000
unkown
page readonly
60C0000
trusted library allocation
page read and write
60C0000
trusted library allocation
page read and write
13DB000
heap
page read and write
159B000
heap
page read and write
C00014A000
direct allocation
page read and write
D6E000
stack
page read and write
22634F2A000
heap
page read and write
C0000E6000
direct allocation
page read and write
A74C000
unkown
page read and write
3373000
unkown
page read and write
624000
unkown
page execute and read and write
7837000
heap
page read and write
A738000
unkown
page read and write
22634F28000
heap
page read and write
367A000
heap
page read and write
7FF5DF2CB000
unkown
page readonly
8880000
unkown
page read and write
7FF5DF229000
unkown
page readonly
678B000
heap
page read and write
83F0000
unkown
page read and write
7FF5DF25E000
unkown
page readonly
3471000
heap
page read and write
17B0000
direct allocation
page read and write
6797000
heap
page read and write
7FF5DF5F0000
unkown
page readonly
22634F1C000
heap
page read and write
220D5000
heap
page read and write
1BF51C02000
heap
page read and write
7FF5DF122000
unkown
page readonly
383E000
stack
page read and write
7FF5DE535000
unkown
page readonly
1D702131000
heap
page read and write
C54F000
unkown
page read and write
22634F2A000
heap
page read and write
67EE000
heap
page read and write
1F7CD7A0000
heap
page read and write
C0000A6000
direct allocation
page read and write
7FF5DF195000
unkown
page readonly
ED8A000
unkown
page read and write
FD000
unkown
page readonly
1D70224A000
heap
page read and write
1D702122000
heap
page read and write
759E000
heap
page read and write
12B0000
direct allocation
page read and write
1F11000
heap
page read and write
60C0000
trusted library allocation
page read and write
C23D000
unkown
page read and write
7FF635978000
unkown
page read and write
14F0000
heap
page read and write
2C20000
trusted library allocation
page read and write
22634F2A000
heap
page read and write
1D7027F7000
heap
page read and write
2F31000
heap
page read and write
1D702130000
heap
page read and write
1BF5163F000
unkown
page read and write
7FF5DEFF0000
unkown
page readonly
1D702160000
heap
page read and write
220E8000
heap
page read and write
17B0000
direct allocation
page read and write
ED86000
unkown
page read and write
C00013E000
direct allocation
page read and write
83F0000
unkown
page read and write
995D000
stack
page read and write
1D70245C000
heap
page read and write
83F0000
unkown
page read and write
67EE000
heap
page read and write
7FF5DE4F2000
unkown
page readonly
80000
unkown
page readonly
6780000
heap
page read and write
AE000
unkown
page write copy
37A0000
direct allocation
page read and write
7FF5DF3C2000
unkown
page readonly
1D70224A000
heap
page read and write
6798000
heap
page read and write
2E28B000
heap
page read and write
6694000
heap
page read and write
7FF5DEF06000
unkown
page readonly
3440000
heap
page read and write
3660000
direct allocation
page read and write
C000006000
direct allocation
page read and write
C01A000
unkown
page read and write
367A000
heap
page read and write
5FE000
unkown
page execute and write copy
769D000
heap
page read and write
D50000
direct allocation
page read and write
41B000
unkown
page readonly
6791000
heap
page read and write
1C6B000
heap
page read and write
669B000
heap
page read and write
1D701EFD000
heap
page read and write
1BF51680000
heap
page read and write
37FE000
stack
page read and write
1BF51CF2000
heap
page read and write
172E000
stack
page read and write
8880000
unkown
page read and write
67B4000
heap
page read and write
37A0000
direct allocation
page read and write
422000
unkown
page write copy
1D701F02000
heap
page read and write
63B000
unkown
page execute and write copy
1D702158000
heap
page read and write
760C000
heap
page read and write
1D702148000
heap
page read and write
6682000
heap
page read and write
66B1000
heap
page read and write
1DB32580000
heap
page read and write
1D7026EB000
heap
page read and write
1D702116000
heap
page read and write
F70000
unkown
page read and write
220F7000
heap
page read and write
22634F1C000
heap
page read and write
2210B000
heap
page read and write
60C0000
trusted library allocation
page read and write
62DD000
stack
page read and write
1D7020FC000
heap
page read and write
7FF5DF25B000
unkown
page readonly
1200000
direct allocation
page read and write
65D0000
heap
page execute and read and write
66F3000
heap
page read and write
78F5000
heap
page read and write
83F0000
unkown
page read and write
61E1000
heap
page read and write
2EE000
unkown
page read and write
3382000
unkown
page read and write
5A1E000
stack
page read and write
2210C000
heap
page read and write
1EAE000
heap
page read and write
6770000
trusted library allocation
page read and write
9F74000
unkown
page read and write
3B60000
remote allocation
page read and write
1BF5163B000
heap
page read and write
7FF5DF5D6000
unkown
page readonly
32F5000
heap
page read and write
5ADE000
stack
page read and write
1BF5163F000
heap
page read and write
1D702241000
heap
page read and write
432000
remote allocation
page execute and read and write
C42D000
unkown
page read and write
EBB000
heap
page read and write
626A000
heap
page read and write
2E27A000
heap
page read and write
2E39000
trusted library allocation
page read and write
32BD000
stack
page read and write
1BF51B13000
heap
page read and write
367A000
heap
page read and write
7D89000
stack
page read and write
400000
unkown
page readonly
C20000
heap
page read and write
6798000
heap
page read and write
67CF000
heap
page read and write
1D703DAA000
heap
page read and write
1D70218A000
heap
page read and write
2E840345000
heap
page read and write
363F000
heap
page read and write
1BF5164D000
heap
page read and write
678D000
heap
page read and write
622E000
heap
page read and write
ED78000
unkown
page read and write
22634F28000
heap
page read and write
1362000
unkown
page readonly
67A5000
heap
page read and write
52C3000
unkown
page read and write
891A000
unkown
page read and write
83F0000
unkown
page read and write
FE0000
heap
page read and write
7A00000
unkown
page read and write
22634F1C000
heap
page read and write
FC0000
trusted library allocation
page execute and read and write
3471000
heap
page read and write
1BF51C88000
heap
page read and write
6229000
heap
page read and write
20A1000
direct allocation
page read and write
2FF0000
heap
page read and write
8880000
unkown
page read and write
E08000
heap
page read and write
1D701EF5000
heap
page read and write
EBC000
heap
page read and write
612F000
stack
page read and write
668C000
heap
page read and write
67B4000
heap
page read and write
8880000
unkown
page read and write
619E000
stack
page read and write
7FF5DEFF5000
unkown
page readonly
41B000
unkown
page readonly
67CE000
heap
page read and write
8B60000
unkown
page read and write
61F7000
heap
page read and write
1F7CD780000
heap
page read and write
D50000
direct allocation
page read and write
679C000
heap
page read and write
2143000
heap
page read and write
EBB000
heap
page read and write
F70000
unkown
page read and write
1DB77B40000
direct allocation
page read and write
516000
unkown
page execute and write copy
5FEF000
stack
page read and write
66B1000
heap
page read and write
567D000
stack
page read and write
7FF5DF08B000
unkown
page readonly
EB0000
heap
page read and write
8880000
unkown
page read and write
1D702507000
heap
page read and write
22634F28000
heap
page read and write
3371000
unkown
page read and write
7A00000
unkown
page read and write
2F31000
heap
page read and write
47D0000
direct allocation
page read and write
37D1000
heap
page read and write
1D7021D5000
heap
page read and write
8B70000
unkown
page read and write
13DA000
heap
page read and write
EBB000
heap
page read and write
60BE000
stack
page read and write
7FF5DF57F000
unkown
page readonly
1D7023D1000
heap
page read and write
7FF5DF2F3000
unkown
page readonly
8880000
unkown
page read and write
4828000
unkown
page read and write
1D702116000
heap
page read and write
6218000
heap
page read and write
2BDB000
trusted library allocation
page read and write
C319000
unkown
page read and write
EB6000
heap
page read and write
2D1000
unkown
page execute read
1D7021D0000
heap
page read and write
1D702154000
heap
page read and write
8880000
unkown
page read and write
3471000
heap
page read and write
1D702241000
heap
page read and write
7FF5DF310000
unkown
page readonly
28A0000
unkown
page readonly
1D7022E1000
heap
page read and write
C000088000
direct allocation
page read and write
67B0000
heap
page read and write
27D0000
unkown
page read and write
33A8000
heap
page read and write
98A1000
unkown
page read and write
76B6000
heap
page read and write
1D701F0B000
heap
page read and write
1E61000
heap
page read and write
83F0000
unkown
page read and write
22634F28000
heap
page read and write
25C2DFF000
stack
page read and write
384E000
heap
page read and write
1357000
heap
page read and write
1C2E000
stack
page read and write
6989000
heap
page read and write
400000
unkown
page execute and read and write
2DA0000
heap
page read and write
20A70640000
heap
page read and write
1200000
direct allocation
page read and write
ED86000
unkown
page read and write
669B000
heap
page read and write
FEB000
heap
page read and write
3645000
heap
page read and write
22634F2A000
heap
page read and write
B500000
unkown
page readonly
14E000
stack
page read and write
69B5A000
unkown
page read and write
4C53000
trusted library allocation
page read and write
C013000
unkown
page read and write
1D702909000
heap
page read and write
63F000
remote allocation
page execute and read and write
ED9E000
unkown
page read and write
6771000
heap
page read and write
C34E000
unkown
page read and write
83F0000
unkown
page read and write
8880000
unkown
page read and write
C000027000
direct allocation
page read and write
668D000
heap
page read and write
C58F000
unkown
page read and write
3392000
heap
page read and write
6697000
heap
page read and write
1D70227F000
heap
page read and write
1D701EFD000
heap
page read and write
22634F1C000
heap
page read and write
1D702150000
heap
page read and write
3471000
heap
page read and write
7A00000
unkown
page read and write
78CD000
stack
page read and write
106B000
stack
page read and write
34F80000
heap
page read and write
6E1E000
stack
page read and write
1D70265D000
heap
page read and write
1350000
heap
page read and write
C000180000
direct allocation
page read and write
67B9000
heap
page read and write
9F10000
unkown
page read and write
6205000
heap
page read and write
3665000
heap
page read and write
1D70213F000
heap
page read and write
1D702242000
heap
page read and write
1D7021D9000
heap
page read and write
1D702144000
heap
page read and write
75D0000
heap
page read and write
7FF5DF1D1000
unkown
page readonly
6790000
heap
page read and write
606000
unkown
page execute and write copy
76DE000
heap
page read and write
25C21FF000
stack
page read and write
7675000
heap
page read and write
1BD4000
heap
page read and write
EB5000
heap
page read and write
3563A000
heap
page read and write
3471000
heap
page read and write
6694000
heap
page read and write
1067C000
stack
page read and write
C000480000
direct allocation
page read and write
7A00000
unkown
page read and write
A0A7000
unkown
page read and write
7FF5DF029000
unkown
page readonly
F70000
unkown
page read and write
141A11000
unkown
page readonly
6410000
heap
page read and write
FE0000
unkown
page read and write
67A9000
heap
page read and write
4289000
direct allocation
page read and write
7FF5DF091000
unkown
page readonly
1D702BE5000
heap
page read and write
78F000
stack
page read and write
3471000
heap
page read and write
1A1BDDE5000
heap
page read and write
71BB87E000
unkown
page readonly
7FF5DF248000
unkown
page readonly
22634F28000
heap
page read and write
5EEE000
stack
page read and write
1567F000
stack
page read and write
1721B320000
heap
page read and write
A08D000
unkown
page read and write
1D701EEF000
heap
page read and write
7DF4E6761000
unkown
page execute read
D04000
heap
page read and write
6218000
heap
page read and write
1DB32815000
heap
page read and write
971A000
unkown
page read and write
1D702257000
heap
page read and write
There are 4172 hidden memdumps, click here to show them.