IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32+ executable (console) x86-64, for MS Windows
initial sample
 malicious
C:\ProgramData\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\01ySZukOlUcP5NF6FSceJyuX.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\0WEfXyMPJw5gbxAkYoQ7foIu.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\0yHxI2NgcVq897URfu1bGLCU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\10ff9npsu4lZrEUNQDLknd3T.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\1CGwy9Tr3ZgPn871BvByOPxR.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\3CfyWUQfEPMLfwgMw9RKzj9q.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\4H9gwSn9hsmr1uT7Ln1OMxxi.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\4atMces8tYoo96OnbLT8HE6O.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\6uk7M8l1XN7kn2GGjKmOMQUi.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\8FauF1Ec16N4pbn45vApMB9Y.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\8Hs13Qx2L9GIxFG02dQv6hVO.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\9JPBg0fN0RIfaIShEtttlmtW.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\9rAJjYr1uJZPfASZhYrXXHW2.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\BCSbmKJiX30BH99M4SeS6WhT.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CzCAVDbVcAMwrBna8hMGEVEa.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\F9a5CAWDzjn4KX6pZMk93eNG.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\FQM2AbwszjT1lQzUoXGDxSTy.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\FcF2JyfJLWaSsoJShTukNm1O.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Fh7qhqxo9lqcq8fZJGpCZFiC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\H6XhhPCeuwAb2QQK3C3B1Lwl.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\H9xPrDydeyqRWbh69y5tSjbf.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\I7GsKiDVRkgU0AqHrZJ1PiD5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\IiFh1rXOMpGB7BnxmUig3wkQ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\JMNwDYLRHcfb7Lck3bh1QS4f.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\JUzoV9GxBJCDHhTcPnbRBLla.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\KgnOTzWY3o0raijub6ZAid5Z.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\LuXFYkxCqJv6U5aGsy6shXnX.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\790489aa[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\Default12_my[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\Opera_109.0.5097.59_Autoupdate_x64[2].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\Opera_109.0.5097.59_Autoupdate_x64[4].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\setup[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\7725eaa6592c80f8124e769b4e8a07f7[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\Space_my[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\cad54ba5b01423b1af8ec10ab5719d97[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\060[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\123p[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\Retailer_prog[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\timeSync[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\NdBfL9GQKAuQALK03ZlcLnBv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\NwvsoZspGn6vizp2axhKoY0Z.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\OFQ7ZJkbPO93pwjUuJw87q34.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\PNqnjNHui8frV2dffCZrA05K.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Pb9nMKWmPyxCQFZJxeJuCUeo.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\QbLPxQThjmTC7G98txUkfov6.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\ShiCqBALVwHXuLXc8u9Hf2su.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\SlHGsDZGgkpk7MxF0QDuypot.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\TZNY2jGrHaeFElorDDQMNtS0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\nxx62MIcAq1mLUazdUlt2emv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404232137541\opera_package
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404232138021\opera_package
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\vU4jsQbpuBQoMcavMx7b1jzX.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zS1198.tmp\ARP.EXE
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zS1198.tmp\Install.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zS1198.tmp\appidpolicyconverter.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zS1198.tmp\hh.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\JMPZeWvHhArmqROvY\NwfPJCCpQqPYDzK\koEMGMU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Opera_installer_2404231937382151588.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Opera_installer_2404231937415374172.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\driverRemote_debug\UIxMarketPlugin.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\driverRemote_debug\UniversalInstaller.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\driverRemote_debug\relay.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\ff086fda
PNG image data, 3680 x 2256, 8-bit/color RGB, non-interlaced
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u1hw.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u1hw.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u2r8.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u2r8.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u33c.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u33c.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u46g.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u46g.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u4dc.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u4dc.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u4hg.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u4hg.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u5v8.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u5v8.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u624.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u624.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u69w.0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\u69w.1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\V4R2L1ofXzAhB4UFI0Rj2LED.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\VKzps0C0te7NTLkv4QCHU1YW.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\VgRPuj2QfERyAHULRBeO1F20.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\W7lXXTFWXeTByuMsbD5hqZaG.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\XE6DyfdivLtuouzog1ddAcWy.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\XqzL1fMvCxCCFKp0SSzKRmTk.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\Yu3aePJPmCD2ksmvI16UpN6t.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\aTFJoaTi8xkup68H3WyrFIbQ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\bw9CU3SIyrt3JEs5ELMi3GM3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\eRAYqRRIfUj5yD0ovEh9HMd4.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\ehuKK8NkGWXoqtsyMQJdZvL3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\f1yTeHrlUuYsPLKRUrl6KMpe.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\hK1ls0Ofsd3l9PBQOnBvFrY4.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\hKiTsf257VLWDEryVqhdGiax.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\i5XdJ65IHwp8ssJDgSUt738t.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\idw0Y68mq2UfXecINGuMfSFO.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\jTODdSkaulFxtvMU8WoUUyzs.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\lOl0Z8MedrKL384KSuZP1lEu.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\mPkGObww76qlp1C09a4tgBES.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\p9kj7yqazy7x5QKCpeuskKjf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\pHBfSuis1Xhkv6ZdHJOyObLb.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\qGkRm1tZi3ZgbNWlurynDnJq.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\r1G18V8V8shEwNWwtcDq5rcn.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\rCkxIY3aeSpXebK5FfkxePC4.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\ra8RK0HZwqsQsFKuKAOljczn.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\rdJ9fWEopei9Jq2a4C4fmX3Z.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\sJ72s0PpaBNUmYNiHyJZFP9z.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\saftSBfOyQtbUhRB42BwTwJm.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\t5dER7PVcN8YbrHzsawB4xKm.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\tByrAP8ibeDbCSADnquqVBQi.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\vMRsi4avLKS3BjZRk9vaqhZz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\wDhpi03qlIbaSzF5WZoKo8eV.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\wkp6W1E2mbyM9VriyJKcQkLy.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\x3HF5f4W7zVGUR0m1DVxQqdq.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\xXfU3dY2WEStW3xUEgs7rT08.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\y1mf9KikiO68brzuQYIFxwgi.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\y6XaweA6d3ukZLoFeklnZ9Wr.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\z443T0kZxO5VAxRMw1cjpQdZ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\zfeRg1KL3b6mzyGkHfaolHvL.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0tqRsZaQXhm54caqwDUXuMHC.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\13YCUaamLsi0QOacTlyUtCF3.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1hkcRBWLeEPqv2ntphnoy15W.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3rRyjClAJ2k30QIrWGpVFDpo.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5vz9LfAQRgiDqx5aIN1rUzgI.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6Lj2r8HjpXGeANxR3KECgncY.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6fMi9oyVvviqTTN6Wr56ISLB.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6xZdoDoBUE5p5eHQogOzmCAe.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7BtjTi3FF9au1FQnlKymnDMg.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7IdlNY4tr5xX5jsAv5Xm1aGP.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7lgGvzEo7nECzBG3bpAxjivM.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\84qHSnAnloUyGTjudCcnx8X7.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8U1eBzGHaaLerzhFHg9U9VIJ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8xb4CYcBawbLerlRgmQScw49.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\913UuC1tRhVGy6AHxLqTaVLY.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A6qSF0ut9ErFpR3WVXzTlEB6.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ABVMMLQpGhcp1W2ujjO04sLV.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BN2W9TNO6kL3gJzRRzdUbTZg.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BosibbTKPcpK0gAFoIDe9sCf.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cg01RYFCgQ4yuUBvkQoejwXD.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DCp8sgzWACD6Vy523F9IlcQB.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DJXmw8FbD4RPPXhLeAm8SoVJ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DsmX5IKpf85YqLtUG2emopLQ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ECVVQonpjDvaVVq8u9A57jpg.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERBtXO5ho7nmZoFsGYVG8xKj.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EchWZdT95vOpzHp7On4mxxfQ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F2GuBTHnmBkN3dSsucJeBkQG.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gsl02wkLG0QjvXiDlgL1h1Gi.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HpILK5HtW16MD0UJ7pzV1QPJ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I1y6rl2pC8mUDNK8qfoy3mwi.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INQlUc1XgC4YubLIynK9wvrP.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JBjdJ2s3yN24CmoRslMpXshQ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JlRLEIpF3kijytHz1FaeY3WZ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JtkF0WemvMdybR3XRcsFyf1i.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KD5MxYvzde1avFdeWwU1rF85.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\L66Dh4NdwdeMMxg3HjUpU2VV.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKepX7TNvoxrvNCU36z69Z8U.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LlgTJb1fsKZaWWGOHpA0Z7jy.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LxHbHMNvefHp2Hvr6DcpzhYd.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MLlWxWjkKRHHt42qJxZpv3D4.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MeUXi1xZRfgTr34geRpmygtS.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MfQYCojjZujE183iHin4yvvN.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\N7bW39nU2llZKhOZXueEFrfF.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QJOvieJeRHqxL1CkBVqLAHn4.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RSzAVr1FmnmbHDkLIrabhsTB.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ra9dznGmjOHpZAiuMncAyjjm.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SobxUGvoTK5M02dimGqnbluB.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TVAm1QI1IkUDwXuoaPmgOaGO.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UNhgzOtBFiyZVWZ3q4kFYqN6.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UYav4djsSfeWrnxzOp8uz2JM.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uh3nu45INFmWm7584kVwgFUO.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UsRuWQ7xN6FZn5at6gRKTF3B.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WRO1mDUXRTjz6psEJDnxyxnx.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WubC0DiuPPNp4xftV5ZUsBRa.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X92VSFxhiRrhLMunkKi2h57u.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XlekvkCI3kM0b7NtTDTdRwQu.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YK212xIfnETeMj8HWzSaLpXm.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yja9y4U3Z3AC8NiP5CTtr4Gt.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yv6LDN6gTc8YJ8q14nqOwadt.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZZdfK51JZVeSwQUZVWqostT0.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZboQ6QzDUJYdvbmW1ugLygi3.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zf29JQFSkkWOPzBYpym8uJAy.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zg3gHfMVLuRw8ensa1FCPDaU.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bRXCsNtemAFBshpyVJXEffxd.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bbcng22Z0TSdvpG3NMlJFqMM.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bzGR4bdGfx80t9z5gTXhjS5m.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c30OjsA06vP0OjpHU4TSEFXy.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cYTbNzYImrDYIx7DZ1mq8uju.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cdlcSQxWa3EiYarbRMZZXW6B.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dfqsmrq9YcEQ7hPoIyQgCVFc.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\er4UWRAIc5nksPtzjAlnLniT.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fQToSS9BPvVcS8w6eNfcK0kY.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fagr44gehhmhQmsmZzIfzCC2.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jR7LsmZUnB4FZaCYUqyCsVgJ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kjmIHqcSIrCufgz14qWPPLBs.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfrK2eleGgknmu9FzWkpzB7c.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ljM3vcf9uuofRJ8ARCciU76L.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nqmQZESYWs8lMVQC5uSuvZGu.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oNOt66EI4etu2JX94D2Yxd2b.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oZiUKJGSA8G9xcONfqSnC56U.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pc0fUYEqajLGUWQtn2ftxoqL.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qjWESUwN5QphEhjbuV2RyE3e.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\r0iR2ukaNLwNYvPx5HIxG52l.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rVMvJuock0EvSLQr8i6oWa6o.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rn8SDNMr1p6wepdx6lkoczBh.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sPufcIhuWOPTECewJPFroVOs.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sS6m1zJ7SM7VOu619Ye9oRPC.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t1VNoyGIaOw1GtxZ1M3tjpAQ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t5Sezk8AJ1dVCIp8NlarOJfh.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tnYvJsdw6gVMo54pPIPOTk7f.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tsbzRFmTsKBykEPO6dTSp6Bo.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u4wmr0Bf4EXaMCuRI7IEqrEN.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u5dGk12YYILlpzhYxk2XzgEM.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v626yA0xMjbBDle6UIsKMxMX.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wfdWx9QBHbiX53OVW3ybKn3w.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wnPWh6gigyeyZklNGZd5SKHQ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpfphpa0v7Nt73NmqVDrheEB.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsTljUDyfomCxhnzNXfr7Xm9.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ylpTCbqw6Bd6MUStDnsoxMXB.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zEeQhGslvnDbo67JpIq1JJCf.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\0bDSNbGYZjXnI1v06off3DYe.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\62dRoO3BlNtGMcLNCSYzZeqJ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\F0mqqGl9pK9gdOm2cnZsC1mR.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\GyEiPhmZ7wFSCYXwTgsPkluJ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\HDCJLf7pYcxae1KSycA6A5eR.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\IsEPzSszgrCYUPQvHPDrLyFU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\KPGhFRImEtP9uUl6Tmi54GCR.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\NpXiURSjfclxWgcUlkMD5eJ8.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\PuQVr13ObJzLxhvCkSK1EXB6.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\PurfH4hAOpbVHLEkly68a3iu.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\UWxz0MPLJemfxFfuxrp6E5vU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\Zsk2cFkeBC4UsceqkHvvw1iU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\s2mORnBj3q8nWakBtFzD2977.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\urA10ZckYEEXLZZov5c00RO_.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\0Bos1rjatCgxKDAqeI5gMROw.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\0DWhHyQpdxsJp4gA1M0WjqnA.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\0FR80IiNvxJZyXnpOgiDlYNV.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\0Flev5sTDyJ3duKpLfv5ka2Z.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\2YL4IgWcBHinkIA211vO9Bpr.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\2pjOwxxUjFNOdrkI94TdGraH.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\5Q13Z1W5QdpwzXbxGFAdEXdB.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\5vt9Hlt4sHU3M9tLNtkwRemY.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\63TGqnDkcQpbTyiukd2djP6a.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\68bEfZA6FBu6lC5BaADYSIdx.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\6dpl9L7LbyabhVQNXZXXKjGL.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\6iaJRQnw7XfTmk0UWiyyOxOe.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\75ML2QNSkdxIefrPkvr0UjCi.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\7ajn4zo6v0GdgVSDv67pQ6UA.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\8wsOStmCG25nWXULr6UWy2Q5.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\9SfnYxeY7MBStUWc3d6vaufA.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\9UmuglKcKHgfePSzDJeh2tr3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\9teA9V2job1p0o0lcg2CuXcR.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\9wqoiPpK0NIQEBygxfm6h42G.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\B46afLBMY0mokUgVdA9CQR52.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\G3pV8gTsWQBVrGpK4ooPrlxI.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\IWNHTSCpSFApuke51w2EhXTa.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\MLHy8CHCXXPjzOh2OJFrG13g.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\NDdJEWHR1zXBL7ACRBN1bJsT.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\OYqxk9G3x4R05N4I0KLZXbXg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\Or8Lkccj3KUYl1SEoAAXBR7t.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\PA8JWMmRYiQsN7iqTjOvjsbW.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\QFdxqcJJKBnNvVH34NTBZO9k.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\QV2CtvThMWBnTkQtNtmINgo7.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\RHyh0hfeaEHqborlFdL4LJTH.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\SZ0cEDCrvP4evlvcOCUltmHu.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\SsTCNrfNwbE2RJWH23gTlxFP.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\TD0DvTWbvdprpaFzaf7f79H8.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\VmjwaGr6tPcRf0rEBWGZ46z3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\VtmtVe55Jwcf3rOGIU1yezyh.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\W9xI9q4MOUfVc9D8gPa3VVtC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\WMW9Xl8E0Ffe1Nak8GbEfdwd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\WjXPtwNxqwEpWrekfMAFvnPV.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\Xd5tydDy6Vge5DSIUsA4B8HM.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\a17F4G7WEa7FlwVixhjX6uYK.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\alB5HeuQna7ct24xMLLWf2EN.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\bfxtyeVJT5bBfIUy0v6XVgPU.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\fkwQUocr72Hw75SyPBzpetnQ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\gs73fZcRyFDJYoYkZbrtadCy.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\i7gUU3MlvTwbsK8r3hAjzW0p.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\ikL90ODaFTS7N6FbOffM2D1B.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\jZXBdg5rull5j6LgJCWVgVos.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\jl7RUebEK9s2GdCw2naZuXH3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\ka1rT1Ln7XhH1aQSgOeo3013.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\nMCfbx6hx0DUWGYJuDAMUAIJ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\nUulTm4TlMq3112NFdqwQUUv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\nxx62MIcAq1mLUazdUlt2emv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\oItrqw2PxeTCx2grDJJI9Sqg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\r0DfbOvsdOtWhxCPYUgwqjYI.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\rSpYcYxqkOCX3T18aW46DWhn.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\s2d02ZEHUbxI410yPzvUYGTP.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\sVP78YSUuB86fyhUIuxT6msl.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\skOP6h6U62cLrOTEAXi7XUT4.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\snOfq5H0Ss3VGXsE0fRFljun.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\t7IXQJi6R3tWUMJ8f9cQzMWm.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\tSUKH8w2Pv8sgaLWrFPRDr1i.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\tw6SuwCix1CRVfIYPT24Ycm6.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\ugGFIzLnD3Xk89zL7XSYeDGh.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\uhjAlwetTCGgkw8uV562JOyG.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\ult4yIpyxeTm9lUFFOHFNl2P.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\vU4jsQbpuBQoMcavMx7b1jzX.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\vg2jjUpoYoMsgaKeZN28z4wt.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\wAyxI7uUktpH5TtM4zqnMftR.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\wv3L00mTLTTnOX1S2obszDcX.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\xvXQt3HWUPHZOypqdys3bcAm.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\yPlMO3UKyKRvoEYPhbGYOyT0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\zFZkiprzkq8Ae7mkklwscu5a.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\zUOgRazdYnb35XHU4UIsV9Yc.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\zWhvfqZrtT7TUoWor4gRArPv.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Windows\System32\GroupPolicy\gpt.ini
ASCII text
dropped
 malicious
C:\Windows\Temp\ofqvFcNvzeRditbz\sCLSBctEBYVgufH\JUnCNhn.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\AFHDHCAAKECFIDHIEBAKFCGCFC
SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
dropped
C:\ProgramData\AFWAAFRXKO.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\AIXACVYBSB.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\CAAEBFHJJDAAKFIECGDBKJDGIJ
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\DGCAAAFC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\DGCAAAFCBFBAKFHJDBKJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\DGDAEHCBGIIJJJJKKKEHDGHJKF
SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\GDHIIIIEHCFIECAKFHJDAFCBFC
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\GHCGDAFCFHIDBGDHCFCB
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\JJJDGIEC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\KKFHJDAEHIEHJJKFBGDAKKKKEG
SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 5
dropped
C:\ProgramData\MNULNCRIYC.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\MNULNCRIYC.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\NEBFQQYWPS.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\NHPKIZUUSG.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\PSAMNLJHZW.docx
PSA archive data
dropped
C:\ProgramData\TQDGENUHWP.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\TQDGENUHWP.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\WKXEWIOTXI.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\WUTJSCBCFX.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\WUTJSCBCFX.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\XZXHAVGRAG.docx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\ZGGKNSUKOP.xlsx
ASCII text, with very long lines (1024), with CRLF line terminators
dropped
C:\ProgramData\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\3G30xcq8tfWItduGYVyT9CxK.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\3byEz2syG9SedsHKOY8fjUva.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\8iDMf15n1CQluRX22T9R9HtN.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\A7Npgp1C644Vm1weiCOIngpF.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\EuHyDssPP1nHlUuAX6xe7qHq.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\HPgOzBdOCsD6vN5fCp1Y0Y3P.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9H3TYFD3\crypted[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\PL_Clients[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\crypted[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B8DE7T9Q\file[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\DQNVS06W\setup[1].htm
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W9FILL1W\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\O85XP7ZryV2biCD7WlxJwLlh.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\OVzuyLkGPqt0m8hgNA0UwSGi.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\S0j14drhBOZGdsEYt1IovCSw.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\SzeKmiZzCnF5yGTNutlHXxk9.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404232137541\d192e6b4-4dc6-4f9e-ad8c-34b915fcdda7.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404232137541\installer_prefs_include.json (copy)
JSON data
dropped
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20240423213748763.log
ASCII text, with very long lines (533)
dropped
C:\Users\user\AppData\Local\Temp\.opera\Opera Installer\opera_installer_20240423213755078.log
ASCII text, with very long lines (533)
modified
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kvincwdt.k2z.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wxyxkspd.efo.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\driverRemote_debug\groupware.wav
data
dropped
C:\Users\user\AppData\Local\Temp\driverRemote_debug\macrospore.indd
data
dropped
C:\Users\user\AppData\Local\Temp\iolo\dm\ioloDMLog.txt
ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\UCtmeOC2UHPIofYPbbfGVnal.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\UK8ipx6lqPw4aE70mcGL0JtJ.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\ZHH3BNVA85IlSTeCpiV3Sgqb.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\deCnBzZpp4FSC4HClFNfim7T.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\fOd8yCx7heVUBotMVvn44Lkb.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\fUzbEYrAlNz7Rv11K6EiLt1x.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\kkscE0U22us2Ek0MCP4ULYeK.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\nCCWNGZR7QSL7YK34Xz98mnq.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\sih6EQ3BvpoPxj5e02CfNWP2.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\tGiGhkaVGjaUagcI8QYmh6fh.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\tM9DijOJq3CQOn3hcO2NIvuX.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\tse6OoEOj17quPLpMuzuQXuv.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\ukkppf7mf9IddXdKqN6kNkCJ.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\wW4vGceNlpE9ACIAc69a33Yc.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\wgX5ZSzR0AzMXHqanPag1gRj.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\ymBV9PkPmsW6KLoPxnFlPP0z.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\places.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
data
dropped
C:\Users\user\Documents\SimpleAdobe\7vjGPpkhw2aAaC2CnZlC02OG.exe
HTML document, Non-ISO extended-ASCII text, with very long lines (17990)
dropped
C:\Users\user\Documents\SimpleAdobe\ZJJS5bo63td4EjeR2XP_7oEx.exe
HTML document, Non-ISO extended-ASCII text, with very long lines (17990)
dropped
C:\Users\user\Documents\SimpleAdobe\qsEUVigKfPVLrm9GWTo8ucsA.exe
HTML document, Non-ISO extended-ASCII text, with very long lines (17990)
dropped
C:\Users\user\Pictures\2OefjtQaIUwmUU1DhudbapTO.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\5O2KNFG7blvHjvUDwarAfNHb.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\5u7SB52PiwyXmzPmIXkMxPnZ.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\CTyBq7xXhWynL963jluoRo4q.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\DNg5zB00z0ICTiOXsQq9DsCv.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\FwFq2CwBYW7qN3JbE79MHY4Z.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\INMby6bIteiPvZFBRf5MhptY.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\IoXU8aP1TtCLwW6SykMr9y3D.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\LnpGonVmQMt0HGAJRWXt8CZk.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\MDU18mQfPfwBDyDbk7CN3cwx.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\MG5MpTL6PRxqs920w9IrKJko.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\N3D3oWQLfg7NjRxQawhp2xIb.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\O6RtFEDLFiXwylenzKOH7OwY.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\R7XM8tWXgAp1wQYVEs65Btkd.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\RnLGWQq0a888ySvUu4yqkuTs.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\e1O1AS1wlBZ3lHR2WsdujqoS.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\iAPF4MKQOxaJ8L9hAx7lvOHo.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\iDLONIGJibQO1rqOKEJT8AYO.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\jqRWDGKFMtlcJKUGe2uvqxuP.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\kRFsXXLVSoPNsmIBFOClxrFF.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\lylTQvkvcBwpzWzbHg6So2Er.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\q4ApAlF0htaDXDwpRuZbSs2D.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\qYfRayRyiLshGUXCOWUSZUEQ.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\wAM2iVsYnasUH1XcQbAuEKO9.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\wsXaFUksxPKBrRgSF8fdC4UJ.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\yREZhEa2ap6ZrOOJ0dooObNn.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Windows\Logs\StorGroupPolicy.log
data
modified
C:\Windows\SysWOW64\GroupPolicy\gpt.ini
ASCII text, with CRLF line terminators
dropped
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
RAGE Package Format (RPF),
dropped
C:\Windows\Tasks\bWycNackLSywaqkmgR.job
data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
There are 416 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
 malicious
C:\Users\user\Pictures\VtmtVe55Jwcf3rOGIU1yezyh.exe
"C:\Users\user\Pictures\VtmtVe55Jwcf3rOGIU1yezyh.exe"
malicious
C:\Users\user\Pictures\9wqoiPpK0NIQEBygxfm6h42G.exe
"C:\Users\user\Pictures\9wqoiPpK0NIQEBygxfm6h42G.exe"
malicious
C:\Users\user\Pictures\i7gUU3MlvTwbsK8r3hAjzW0p.exe
"C:\Users\user\Pictures\i7gUU3MlvTwbsK8r3hAjzW0p.exe"
malicious
C:\Users\user\AppData\Local\Temp\u5v8.0.exe
"C:\Users\user\AppData\Local\Temp\u5v8.0.exe"
malicious
C:\Users\user\Pictures\yPlMO3UKyKRvoEYPhbGYOyT0.exe
"C:\Users\user\Pictures\yPlMO3UKyKRvoEYPhbGYOyT0.exe"
malicious
C:\Users\user\AppData\Local\Temp\7zS1198.tmp\Install.exe
.\Install.exe /nxdidQZJ "385118" /S
 malicious
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
malicious
C:\Windows\SysWOW64\wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
malicious
C:\Users\user\Pictures\B46afLBMY0mokUgVdA9CQR52.exe
"C:\Users\user\Pictures\B46afLBMY0mokUgVdA9CQR52.exe"
malicious
C:\Users\user\AppData\Local\Temp\u69w.0.exe
"C:\Users\user\AppData\Local\Temp\u69w.0.exe"
malicious
C:\Users\user\Pictures\t7IXQJi6R3tWUMJ8f9cQzMWm.exe
"C:\Users\user\Pictures\t7IXQJi6R3tWUMJ8f9cQzMWm.exe"
malicious
C:\Windows\System32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ECVVQonpjDvaVVq8u9A57jpg.bat" "
malicious
C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe
"C:\Users\user\AppData\Local\Temp\Qg_Appv5.exe"
malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bWycNackLSywaqkmgR" /SC once /ST 21:38:00 /RU "SYSTEM" /TR "\"C:\Users\user\AppData\Local\Temp\JMPZeWvHhArmqROvY\NwfPJCCpQqPYDzK\koEMGMU.exe\" em /VNsite_idnLd 385118 /S" /V1 /F
malicious
C:\Users\user\AppData\Local\H6XhhPCeuwAb2QQK3C3B1Lwl.exe
"C:\Users\user\AppData\Local\H6XhhPCeuwAb2QQK3C3B1Lwl.exe"
malicious
C:\Users\user\Pictures\l0nXYBHJHVq6UHyy1YDO9fn3.exe
"C:\Users\user\Pictures\l0nXYBHJHVq6UHyy1YDO9fn3.exe"
malicious
C:\Users\user\Pictures\wr6XLbv7Ijp4TImjm1ouF4U2.exe
"C:\Users\user\Pictures\wr6XLbv7Ijp4TImjm1ouF4U2.exe"
malicious
C:\Users\user\AppData\Local\Temp\u4dc.0.exe
"C:\Users\user\AppData\Local\Temp\u4dc.0.exe"
malicious
C:\Users\user\Pictures\PA8JWMmRYiQsN7iqTjOvjsbW.exe
"C:\Users\user\Pictures\PA8JWMmRYiQsN7iqTjOvjsbW.exe"
malicious
C:\Users\user\Pictures\zUOgRazdYnb35XHU4UIsV9Yc.exe
"C:\Users\user\Pictures\zUOgRazdYnb35XHU4UIsV9Yc.exe"
malicious
C:\Users\user\Pictures\6dpl9L7LbyabhVQNXZXXKjGL.exe
"C:\Users\user\Pictures\6dpl9L7LbyabhVQNXZXXKjGL.exe"
malicious
C:\Users\user\AppData\Local\Temp\u69w.1.exe
"C:\Users\user\AppData\Local\Temp\u69w.1.exe"
malicious
C:\Users\user\Pictures\0FR80IiNvxJZyXnpOgiDlYNV.exe
"C:\Users\user\Pictures\0FR80IiNvxJZyXnpOgiDlYNV.exe"
malicious
C:\Users\user\AppData\Local\Temp\JMPZeWvHhArmqROvY\NwfPJCCpQqPYDzK\koEMGMU.exe
C:\Users\user\AppData\Local\Temp\JMPZeWvHhArmqROvY\NwfPJCCpQqPYDzK\koEMGMU.exe em /VNsite_idnLd 385118 /S
 malicious
C:\Users\user\Pictures\68bEfZA6FBu6lC5BaADYSIdx.exe
"C:\Users\user\Pictures\68bEfZA6FBu6lC5BaADYSIdx.exe"
malicious
C:\Users\user\Pictures\ikL90ODaFTS7N6FbOffM2D1B.exe
"C:\Users\user\Pictures\ikL90ODaFTS7N6FbOffM2D1B.exe"
malicious
C:\Users\user\Pictures\ka1rT1Ln7XhH1aQSgOeo3013.exe
"C:\Users\user\Pictures\ka1rT1Ln7XhH1aQSgOeo3013.exe"
malicious
C:\Users\user\Pictures\G3pV8gTsWQBVrGpK4ooPrlxI.exe
"C:\Users\user\Pictures\G3pV8gTsWQBVrGpK4ooPrlxI.exe"
malicious
C:\Users\user\Pictures\vU4jsQbpuBQoMcavMx7b1jzX.exe
"C:\Users\user\Pictures\vU4jsQbpuBQoMcavMx7b1jzX.exe" --silent --allusers=0
 malicious
C:\Users\user\Pictures\OYqxk9G3x4R05N4I0KLZXbXg.exe
"C:\Users\user\Pictures\OYqxk9G3x4R05N4I0KLZXbXg.exe"
malicious
C:\Users\user\Pictures\nxx62MIcAq1mLUazdUlt2emv.exe
"C:\Users\user\Pictures\nxx62MIcAq1mLUazdUlt2emv.exe" --silent --allusers=0
 malicious
C:\Users\user\Documents\SimpleAdobe\UWxz0MPLJemfxFfuxrp6E5vU.exe
C:\Users\user\Documents\SimpleAdobe\UWxz0MPLJemfxFfuxrp6E5vU.exe
 malicious
C:\Users\user\Documents\SimpleAdobe\F0mqqGl9pK9gdOm2cnZsC1mR.exe
C:\Users\user\Documents\SimpleAdobe\F0mqqGl9pK9gdOm2cnZsC1mR.exe
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 34 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://185.172.128.76/3cd2b41cbde8fc9c.php
malicious
http://localhost:3433/https://duniadekho.baridna:
unknown
 malicious
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
http://5.42.66.10/download/123p.exe3W
unknown
http://www.vmware.com/0
unknown
http://5.42.66.10/download/th/retail.phphp
unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
unknown
http://togaterecutirenics.sbs/0
unknown
https://zanzibarpivo.com/7725eaa6592c80f8124e769b4e8a07f7.exek
unknown
http://invalidlog.txtlookup
unknown
http://wikkt.com/forum/index.php3su
unknown
https://togaterecutirenics.sbs/rt
unknown
https://zanzibarpivo.com/7725eaa6592c80f8124e769b4e8a07f7.exet
unknown
http://www.indyproject.org/
unknown
https://vk.com/doc5294803_668776833?hash=0O6PF91bZH66jRdVdr0Yhs0vV73FDPMFrSckqwaaZuH&dl=PH90vp0b08Gc
unknown
https://carthewasher.net/EQ
unknown
https://vk.com:80/doc5294803_668862025?hash=rZAtNKZ8jzd7e9UKuB7jZZstkXZGEcmTXg0oxAzukh8&dl=bnAa6o9El
unknown
https://zanzibarpivo.com/
unknown
https://vk.com:80/doc5294803_668907894?hash=eTJ5SXFgNlVQn3fSuayzbK2uQj2QDtrGinGQ1gFeZF8&dl=85Q0IzWrQ
unknown
https://vk.com/doc5294803_668900186?hash=FpdDjHFtSx5c0WPZoJe3fUQ5LwI9qJk1fUTDbMELBQ8&dl=XG2RO9fdQ1T9
unknown
https://vk.com/6
unknown
http://wikkt.com/forum/index.php
unknown
http://5.42.66.10/download/th/space.php=W
unknown
http://5.42.66.10/download/th/getimage12.phpAV
unknown
https://monoblocked.com/525403/setup.exes
unknown
https://turnitin.com/robot/crawlerinfo.html)cannot
unknown
http://5.42.66.10/download/th/space.php(
unknown
https://dod.fastbutters.com:80/style/060.exeEQ
unknown
https://c.574859385.xyz/
unknown
http://5.42.66.10/download/th/getimage12.phpUV
unknown
https://carthewasher.net/ba05c0a0a72880db02f3b2bf7866285a/cad54ba5b01423b1af8ec10ab5719d97.exe
unknown
https://zanzibarpivo.com:80/7725eaa6592c80f8124e769b4e8a07f7.exe8
unknown
https://monoblocked.com:80/525403/setup.exe
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4
unknown
http://gdlp01.c-wss.com/rmds/ic/universalinstaller/common/checkconnection
unknown
https://zanzibarpivo.com:80/7725eaa6592c80f8124e769b4e8a07f7.exe
unknown
https://www.ecosia.org/newtab/
unknown
http://ocsp.sectigo.com0&
unknown
http://www.symauth.com/cps0(
unknown
https://zanzibarpivo.com:80/7725eaa6592c80f8124e769b4e8a07f7.exeJ
unknown
http://5.42.66.10/download/th/space.php4W
unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
unknown
http://togaterecutirenics.sbs/rt
unknown
https://cheremushki.net/mV
unknown
https://triedchicken.net:80/cad54ba5b01423b1af8ec10ab5719d97.exe
unknown
https://yip.su/RNWPd.exeChttps://pastebin.com/raw/E0rY26ni5https://iplogger.com/1lyxz
unknown
https://vk.com:80/doc329118071_676158749?hash=wJqTXfnxe0acmwC4vumRgawHgxCuE6EviXjICmkirIT&dl=YVEMDGi
unknown
http://176.113.115.135/ohhellyxe
unknown
http://togaterecutirenics.sbs/rtxe3W
unknown
https://vk.com:80/doc5294803_668776833?hash=0O6PF91bZH66jRdVdr0Yhs0vV73FDPMFrSckqwaaZuH&dl=PH90vp0b0
unknown
http://176.113.115.135/ohhellyPJ
unknown
http://www.symauth.com/rpa00
unknown
https://carthewasher.net/uQ
unknown
http://www.google.com/feedfetcher.html)HKLM
unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.Qb0WswhkLhoa
unknown
https://ipinfo.io/namehttps://ipgeolocation.io/status
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepP#
unknown
https://blockchain.infoindex
unknown
http://www.info-zip.org/
unknown
https://vk.com/doc5294803_668862025?hash=rZAtNKZ8jzd7e9UKuB7jZZstkXZGEcmTXg0oxAzukh8&dl=bnAa6o9El06I
unknown
https://zanzibarpivo.com/7725eaa6592c80f8124e769b4e8a07f7.exexe
unknown
http://www.avantbrowser.com)MOT-V9mm/00.62
unknown
https://zanzibarpivo.com/7725eaa6592c80f8124p
unknown
http://search.msn.com/msnbot.htm)pkcs7:
unknown
http://185.172.128.203/dl.php
unknown
https://cheremushki.net/EQ
unknown
https://vk.com/doc5294803_668627934?hash=KOcSmbd2hjdTG4DLhdJgoCSrHOpCJeuTNRte86dnj0k&dl=iwW1iFTFzY3z
unknown
http://176.113.115.135/ohhellyOW
unknown
https://monoblocked.com:80/525403/setup.exemQ
unknown
https://zanzibarpivo.com/7725eaa6592c80f8124e769b4e8a07f7.exe4ba5b01423b1af8ec10ab5719d97.exe
unknown
http://ocsp.sectigo.com0
unknown
https://monoblocked.com/525403/setup.exexemQ
unknown
http://wikkt.com/forum/index.phpEsc
unknown
https://dod.fastbutters.com:80/style/060.exeG
unknown
https://zanzibarpivo.com/7725eaa6592c80f8124e769b4e8a07f7.exeexe
unknown
https://togaterecutirenics.sbs/rtB
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
https://monoblocked.com/525403/setup.exes.#
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
unknown
https://triedchicken.net/
unknown
http://google.com
unknown
https://carthewasher.net/
unknown
https://monoblocked.com/
unknown
https://vk.com/doc5294803_668907894?hash=eTJ5SXFgNlVQn3fSuayzbK2uQj2QDtrGinGQ1gFeZF8&dl=85Q0IzWrQzIU
unknown
https://c.574859385.xyz/MV
unknown
https://monoblocked.com/525403/setup.exe
unknown
http://devlog.gregarius.net/docs/ua)Links
unknown
https://dod.fastbutters.com/style/060.exe3/
unknown
https://monoblocked.com/IV
unknown
https://aka.ms/dotnet-warnings/
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0
unknown
https://cheremushki.net/ba05c0a0a72880db02f3b2bf7866285a/7725eaa6592c80f8124e769b4e8a07f7.exeWebKit/
unknown
http://5.42.66.10/download/th/retail.php.
unknown
https://dod.fastbutters.com:80/style/060.exe
unknown
http://5.42.66.10/download/th/getimage12.php
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://5.42.66.10/download/123p.exe
unknown
https://sectigo.com/CPS0D
unknown
There are 90 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
185.172.128.76
unknown
Russian Federation
malicious
185.172.128.90
unknown
Russian Federation
34.117.186.192
unknown
United States
85.192.56.26
unknown
Russian Federation
37.221.125.202
unknown
Lithuania
193.233.132.175
unknown
Russian Federation
176.97.76.106
unknown
United Kingdom
193.233.132.253
unknown
Russian Federation
104.21.86.198
unknown
United States
87.240.137.164
unknown
Russian Federation
193.233.132.234
unknown
Russian Federation
37.228.108.132
unknown
Norway
185.172.128.59
unknown
Russian Federation
172.67.161.113
unknown
United States
176.113.115.135
unknown
Russian Federation
104.21.49.118
unknown
United States
95.142.206.3
unknown
Russian Federation
104.21.79.77
unknown
United States
95.142.206.0
unknown
Russian Federation
104.21.31.124
unknown
United States
104.21.63.150
unknown
United States
104.21.90.14
unknown
United States
172.67.169.89
unknown
United States
172.67.188.178
unknown
United States
104.20.3.235
unknown
United States
185.172.128.228
unknown
Russian Federation
172.67.176.131
unknown
United States
186.145.236.18
unknown
Colombia
185.172.128.203
unknown
Russian Federation
172.67.144.181
unknown
United States
172.67.75.166
unknown
United States
104.21.55.189
unknown
United States
104.26.8.59
unknown
United States
172.67.180.119
unknown
United States
5.42.66.10
unknown
Russian Federation
172.67.193.79
unknown
United States
104.20.4.235
unknown
United States
172.67.19.24
unknown
United States
107.167.110.218
unknown
United States
107.167.110.216
unknown
United States
104.18.11.89
unknown
United States
104.21.4.208
unknown
United States
107.167.110.211
unknown
United States
45.130.41.108
unknown
Russian Federation
107.167.125.189
unknown
United States
There are 35 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064
Blob
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
Exclusions_Extensions
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableAntiSpyware
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableRoutinelyTakingAction
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableBehaviorMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableOnAccessProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableScanOnRealtimeEnable
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{AF4B7D10-C04F-40BD-A9F0-1F789BBF0FCA}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRawWriteNotification
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableAntiSpyware
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableRoutinelyTakingAction
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
Exclusions_Extensions
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableBehaviorMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableOnAccessProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableScanOnRealtimeEnable
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{3FAACE9B-0B9D-4D37-90B5-C9D5F39DABA7}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRawWriteNotification
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
FileDirectory
HKEY_CURRENT_USER\SOFTWARE\BroomCleaner
Installed
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
C:\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
TelemetrySalt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
There are 38 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
843000
unkown
page execute and read and write
 malicious
41E0000
direct allocation
page read and write
 malicious
4200000
direct allocation
page read and write
 malicious
843000
unkown
page execute and read and write
 malicious
843000
unkown
page execute and read and write
 malicious
843000
unkown
page execute and read and write
 malicious
843000
unkown
page execute and read and write
 malicious
41D0000
direct allocation
page read and write
 malicious
2AF3000
heap
page read and write
2AFB000
heap
page read and write
401000
unkown
page execute read
2D3A9213000
heap
page read and write
990000
heap
page read and write
2B34000
heap
page read and write
140A7C000
unkown
page write copy
804000
heap
page read and write
35804000
direct allocation
page read and write
552F000
stack
page read and write
2B34000
heap
page read and write
9C000
stack
page read and write
4BED000
heap
page read and write
40BE000
heap
page read and write
2E9E000
stack
page read and write
11DE000
heap
page read and write
CDC000
unkown
page execute and write copy
32B0000
heap
page read and write
41AA000
heap
page read and write
2AD0000
heap
page read and write
5D61000
heap
page read and write
43EF000
stack
page read and write
4070000
heap
page read and write
87E000
unkown
page readonly
4138000
heap
page read and write
2B34000
heap
page read and write
1D0000
heap
page read and write
43CF000
stack
page read and write
2603000
heap
page read and write
5D70000
remote allocation
page read and write
2AF9000
heap
page read and write
40F0000
heap
page read and write
4070000
heap
page read and write
4180000
heap
page read and write
5AB000
heap
page read and write
2B0E000
heap
page read and write
140A7B000
unkown
page execute and read and write
804000
heap
page read and write
6A2C000
stack
page read and write
98B000
heap
page read and write
64AE000
stack
page read and write
411000
unkown
page readonly
960000
direct allocation
page read and write
11E2000
heap
page read and write
2AF7000
heap
page read and write
2EA38000
direct allocation
page read and write
440A000
unkown
page readonly
400000
unkown
page execute and read and write
2D0E000
stack
page read and write
359B0000
direct allocation
page read and write
140A7B000
unkown
page execute and write copy
2B34000
heap
page read and write
41A000
unkown
page write copy
415A000
heap
page read and write
7FF6388B2000
unkown
page write copy
42C0000
heap
page read and write
6C0000
heap
page read and write
417F000
heap
page read and write
2D61000
heap
page read and write
7FFE80030000
direct allocation
page execute and read and write
2B2C000
heap
page read and write
400000
unkown
page readonly
133E000
heap
page read and write
1D257613000
heap
page read and write
2CDE000
stack
page read and write
5DF0000
heap
page read and write
140488000
unkown
page execute and read and write
5E31000
heap
page read and write
35B24000
direct allocation
page read and write
2B90000
heap
page read and write
5F10000
heap
page read and write
4100000
heap
page read and write
41C0000
direct allocation
page execute and read and write
76A000
unkown
page read and write
2B34000
heap
page read and write
143000
stack
page read and write
347A000
heap
page read and write
14026E000
unkown
page execute and read and write
400000
unkown
page execute and read and write
649E000
stack
page read and write
57A4000
unkown
page read and write
3590C000
direct allocation
page read and write
503B000
heap
page read and write
27F51071000
direct allocation
page read and write
140A7B000
unkown
page execute and write copy
2D61000
heap
page read and write
52B0000
heap
page read and write
35AFC000
direct allocation
page read and write
140A7C000
unkown
page write copy
27F39071000
direct allocation
page read and write
59BF000
stack
page read and write
2929000
direct allocation
page read and write
27F3A471000
direct allocation
page read and write
1F0000
direct allocation
page read and write
2D61000
heap
page read and write
426F000
heap
page read and write
930000
heap
page read and write
35704000
direct allocation
page read and write
A22000
heap
page read and write
2D61000
heap
page read and write
6E20000
heap
page read and write
40F7000
heap
page read and write
4049000
unkown
page read and write
2D61000
heap
page read and write
5DF1000
heap
page read and write
2EB20000
direct allocation
page read and write
5EEE000
heap
page read and write
2DF1000
heap
page read and write
2CA1000
heap
page read and write
BDB000
unkown
page readonly
64A0000
heap
page read and write
307C000
stack
page read and write
4BEE000
heap
page read and write
140468000
unkown
page execute and read and write
68CF000
stack
page read and write
2410000
trusted library allocation
page read and write
6A10000
heap
page read and write
FD0000
heap
page read and write
2400000
heap
page read and write
41AA000
heap
page read and write
421E000
heap
page read and write
1D2575D0000
remote allocation
page read and write
2B1D000
heap
page read and write
4F20000
heap
page read and write
2B19000
heap
page read and write
43CF000
stack
page read and write
2B34000
heap
page read and write
5F8000
heap
page read and write
1F0000
direct allocation
page read and write
400000
unkown
page execute and read and write
417A000
heap
page read and write
950000
direct allocation
page read and write
1F0000
direct allocation
page read and write
2EC04000
direct allocation
page read and write
4163000
heap
page read and write
24701000
heap
page read and write
2470B000
heap
page read and write
1D257E02000
trusted library allocation
page read and write
CDA000
unkown
page execute and write copy
41A000
unkown
page write copy
2C87000
heap
page read and write
774000
unkown
page read and write
417E000
heap
page read and write
2D61000
heap
page read and write
433A000
heap
page read and write
140234000
unkown
page execute and read and write
1338000
heap
page read and write
419C000
heap
page read and write
56D9000
heap
page read and write
2EBAC000
direct allocation
page read and write
9C000
stack
page read and write
2B23000
heap
page read and write
41F0000
heap
page read and write
93E000
heap
page read and write
411000
unkown
page readonly
679E000
stack
page read and write
433E000
heap
page read and write
1F00000
heap
page read and write
440A000
unkown
page readonly
5784000
heap
page read and write
1F0000
direct allocation
page read and write
2D61000
heap
page read and write
41B0000
direct allocation
page execute and read and write
4BED000
heap
page read and write
2B34000
heap
page read and write
401000
unkown
page execute read
2EB38000
direct allocation
page read and write
1D257642000
heap
page read and write
2938000
direct allocation
page read and write
1338000
heap
page read and write
7201000
heap
page read and write
4BDF000
heap
page read and write
5D50000
heap
page read and write
24703000
heap
page read and write
41C9000
heap
page read and write
7FF6385C1000
unkown
page execute read
2A51000
heap
page read and write
5C5E000
stack
page read and write
950000
direct allocation
page read and write
42C8000
heap
page read and write
415C000
heap
page read and write
9C0000
heap
page read and write
2D61000
heap
page read and write
6DA0000
direct allocation
page read and write
4F4A000
heap
page read and write
2470E000
heap
page read and write
52AD000
stack
page read and write
6560000
heap
page read and write
68AF000
stack
page read and write
5DE3000
heap
page read and write
68BF000
stack
page read and write
2D61000
heap
page read and write
2971000
direct allocation
page read and write
35744000
direct allocation
page read and write
4181000
heap
page read and write
11C8000
heap
page read and write
974000
heap
page read and write
417000
unkown
page execute read
2D61000
heap
page read and write
11A9000
heap
page read and write
4168000
heap
page read and write
41A3000
heap
page read and write
2600000
heap
page read and write
1017000
unkown
page readonly
133C000
heap
page read and write
4E8000
unkown
page write copy
30AA4000
heap
page read and write
CCC000
unkown
page execute and write copy
2D3A9A02000
trusted library allocation
page read and write
401000
unkown
page execute read
2EAB8000
direct allocation
page read and write
3470000
heap
page read and write
974000
heap
page read and write
2B1D000
heap
page read and write
974000
heap
page read and write
404B000
unkown
page readonly
415E000
stack
page read and write
2EBE4000
direct allocation
page read and write
2D61000
heap
page read and write
2D60000
heap
page read and write
2B34000
heap
page read and write
4158000
heap
page read and write
41ED000
heap
page read and write
400000
unkown
page execute and read and write
200F000
stack
page read and write
417E000
heap
page read and write
6A21000
heap
page read and write
140000000
unkown
page readonly
AEF000
stack
page read and write
404B000
unkown
page readonly
1401D9000
unkown
page execute and read and write
4049000
unkown
page read and write
400000
unkown
page readonly
140472000
unkown
page execute and read and write
1F0000
direct allocation
page read and write
5A3000
heap
page read and write
41B0000
heap
page read and write
2B34000
heap
page read and write
3327000
heap
page read and write
400000
unkown
page execute and read and write
11C8000
heap
page read and write
601000
heap
page read and write
28EE000
direct allocation
page read and write
2ECDC000
direct allocation
page read and write
6A3A000
heap
page read and write
271B000
stack
page read and write
1344000
heap
page read and write
11C8000
heap
page read and write
2E70000
heap
page read and write
410B000
heap
page read and write
1338000
heap
page read and write
400000
unkown
page readonly
69EC000
stack
page read and write
3FB0000
remote allocation
page read and write
1404C1000
unkown
page execute and read and write
4181000
heap
page read and write
2AF7000
heap
page read and write
2D61000
heap
page read and write
4125000
heap
page read and write
67CE000
stack
page read and write
4430000
heap
page read and write
2B34000
heap
page read and write
4181000
heap
page read and write
5E7F000
heap
page read and write
11B4000
heap
page read and write
F0F000
stack
page read and write
2AF3000
heap
page read and write
5FD000
heap
page read and write
417A000
heap
page read and write
4070000
heap
page read and write
2C90000
heap
page read and write
602000
heap
page read and write
9C000
stack
page read and write
1337000
heap
page read and write
410B000
heap
page read and write
2CA1000
heap
page read and write
420000
unkown
page write copy
2CBF000
heap
page read and write
401000
unkown
page execute read
41AA000
heap
page read and write
4B21000
heap
page read and write
42F0000
heap
page read and write
278B000
stack
page read and write
401000
unkown
page execute read
974000
heap
page read and write
427000
unkown
page readonly
2ED64000
direct allocation
page read and write
2D61000
heap
page read and write
6A40000
heap
page read and write
2B34000
heap
page read and write
417E000
heap
page read and write
4049000
unkown
page read and write
43DA000
heap
page read and write
7FF6388CF000
unkown
page write copy
28B9000
direct allocation
page read and write
404B000
unkown
page readonly
2EB44000
direct allocation
page read and write
195000
stack
page read and write
D51307B000
stack
page read and write
401000
unkown
page execute read
2B34000
heap
page read and write
404B000
unkown
page readonly
41AA000
heap
page read and write
4175000
heap
page read and write
418C000
heap
page execute and read and write
668C000
stack
page read and write
7FF6388CC000
unkown
page read and write
955000
heap
page read and write
35750000
direct allocation
page read and write
67AE000
stack
page read and write
1F0000
direct allocation
page read and write
2B34000
heap
page read and write
960000
direct allocation
page read and write
11CF000
heap
page read and write
1F39000
heap
page read and write
40BA000
heap
page read and write
414C000
heap
page read and write
67AE000
stack
page read and write
5E30000
heap
page read and write
358FC000
direct allocation
page read and write
4180000
heap
page read and write
6520000
heap
page read and write
417F000
heap
page read and write
133A000
heap
page read and write
42CE000
stack
page read and write
2D61000
heap
page read and write
3329000
heap
page read and write
4130000
heap
page read and write
974000
heap
page read and write
601000
heap
page read and write
7FFE80000000
direct allocation
page execute and read and write
4EC000
unkown
page read and write
6A1C000
stack
page read and write
410A000
heap
page read and write
195000
stack
page read and write
11B4000
heap
page read and write
974000
heap
page read and write
27F376EC000
heap
page read and write
2CCA000
heap
page read and write
401000
unkown
page execute read
420000
unkown
page write copy
6B1C000
stack
page read and write
41B6000
heap
page read and write
950000
direct allocation
page read and write
2ED64000
direct allocation
page read and write
2D61000
heap
page read and write
2CA1000
heap
page read and write
4296000
heap
page read and write
2B34000
heap
page read and write
C30000
heap
page read and write
19D000
stack
page read and write
5149000
heap
page read and write
140A7B000
unkown
page execute and write copy
2CA1000
heap
page read and write
2B31000
heap
page read and write
67EE000
stack
page read and write
2DF1000
heap
page read and write
4BE4000
heap
page read and write
19D000
stack
page read and write
B24000
unkown
page readonly
143000
stack
page read and write
5FE000
heap
page read and write
2AE6000
heap
page read and write
18ACA7B000
stack
page read and write
950000
direct allocation
page read and write
6E14000
heap
page read and write
68EF000
stack
page read and write
2CA1000
heap
page read and write
5DAF000
heap
page read and write
67DE000
stack
page read and write
2D61000
heap
page read and write
6A31000
heap
page read and write
358F4000
direct allocation
page read and write
4DF000
unkown
page write copy
11DC000
heap
page read and write
2A10000
heap
page read and write
400000
unkown
page readonly
2EB60000
direct allocation
page read and write
2B34000
heap
page read and write
974000
heap
page read and write
69EC000
stack
page read and write
1E780000
trusted library allocation
page read and write
2470C000
heap
page read and write
4130000
heap
page read and write
1E681000
heap
page read and write
35904000
direct allocation
page read and write
65BE000
stack
page read and write
5410000
heap
page read and write
417B000
heap
page read and write
40E6000
heap
page read and write
5F90000
heap
page read and write
4340000
direct allocation
page read and write
24F0000
remote allocation
page read and write
2A30000
heap
page read and write
2B31000
heap
page read and write
7243000
heap
page read and write
2B31000
heap
page read and write
413F000
heap
page read and write
F30000
direct allocation
page execute and read and write
2D61000
heap
page read and write
974000
heap
page read and write
24F0000
remote allocation
page read and write
9A0000
unkown
page readonly
418C000
heap
page execute and read and write
5F8000
heap
page read and write
28FD000
direct allocation
page read and write
40FA000
heap
page read and write
2978000
direct allocation
page read and write
358F4000
direct allocation
page read and write
6844000
heap
page read and write
1337000
heap
page read and write
A3B000
heap
page read and write
2B34000
heap
page read and write
FD3000
heap
page read and write
418B000
heap
page read and write
5DE0000
heap
page read and write
11DA000
heap
page read and write
414D000
heap
page read and write
2B34000
heap
page read and write
41AA000
heap
page read and write
2B34000
heap
page read and write
4230000
heap
page read and write
2D61000
heap
page read and write
4BDF000
heap
page read and write
974000
heap
page read and write
420000
unkown
page write copy
65FD000
stack
page read and write
1404BA000
unkown
page execute and read and write
804000
heap
page read and write
2ED64000
direct allocation
page read and write
4B3E000
heap
page read and write
2B35000
heap
page read and write
5A3000
heap
page read and write
35638000
direct allocation
page read and write
418B000
heap
page read and write
6A5E000
stack
page read and write
41C5000
heap
page read and write
1D257600000
heap
page read and write
2ED64000
direct allocation
page read and write
24716000
heap
page read and write
4340000
heap
page read and write
1F0000
direct allocation
page read and write
418B000
heap
page read and write
4301000
heap
page read and write
5773000
heap
page read and write
7FF6385C0000
unkown
page readonly
D0D000
unkown
page execute and write copy
356C0000
direct allocation
page read and write
43E000
unkown
page execute and read and write
4027000
unkown
page readonly
2ECCC000
direct allocation
page read and write
2B34000
heap
page read and write
51AE000
stack
page read and write
986000
heap
page read and write
4BED000
heap
page read and write
2B34000
heap
page read and write
2EB90000
direct allocation
page read and write
420000
unkown
page write copy
2AE2000
heap
page read and write
400000
unkown
page readonly
2B34000
heap
page read and write
2B23000
heap
page read and write
400000
unkown
page execute and read and write
1338000
heap
page read and write
4F20000
heap
page read and write
35720000
direct allocation
page read and write
76D000
unkown
page read and write
416F000
heap
page read and write
41CB000
heap
page read and write
662D000
stack
page read and write
2B1D000
heap
page read and write
2D61000
heap
page read and write
19B000
stack
page read and write
2EC70000
direct allocation
page read and write
11D8000
heap
page read and write
974000
heap
page read and write
2440000
direct allocation
page read and write
195000
stack
page read and write
41AA000
heap
page read and write
2B34000
heap
page read and write
2B30000
heap
page read and write
440A000
unkown
page readonly
422000
unkown
page write copy
2B34000
heap
page read and write
2CD1000
heap
page read and write
41CB000
heap
page read and write
6A20000
heap
page read and write
1F0000
direct allocation
page read and write
2070000
direct allocation
page read and write
5DFE000
heap
page read and write
2B34000
heap
page read and write
420000
unkown
page write copy
F02000
unkown
page read and write
6A38000
heap
page read and write
2EAC0000
direct allocation
page read and write
41D4000
heap
page read and write
27F377D0000
heap
page read and write
666E000
stack
page read and write
1D257490000
heap
page read and write
2B34000
heap
page read and write
359B0000
direct allocation
page read and write
35AF8000
direct allocation
page read and write
974000
heap
page read and write
359B0000
direct allocation
page read and write
761000
unkown
page read and write
358F4000
direct allocation
page read and write
418C000
heap
page read and write
35880000
direct allocation
page read and write
2D1F000
stack
page read and write
7FFE80030000
direct allocation
page execute and read and write
43AD000
heap
page read and write
27F49071000
direct allocation
page read and write
974000
heap
page read and write
2ACE000
heap
page read and write
6050000
heap
page read and write
2D61000
heap
page read and write
2A20000
heap
page read and write
4B3E000
heap
page read and write
51CC000
heap
page read and write
401000
unkown
page execute read
2CA1000
heap
page read and write
2CA1000
heap
page read and write
6328000
heap
page read and write
664E000
stack
page read and write
332A000
heap
page read and write
2D61000
heap
page read and write
2B34000
heap
page read and write
2D61000
heap
page read and write
424E000
heap
page read and write
2AEB000
heap
page read and write
804000
heap
page read and write
503E000
heap
page read and write
91C26FE000
stack
page read and write
945000
heap
page read and write
2A75000
heap
page read and write
2BBE000
stack
page read and write
40C0000
heap
page read and write
2EB34000
direct allocation
page read and write
4B21000
heap
page read and write
9D8000
heap
page read and write
20F0000
heap
page read and write
7FF638782000
unkown
page readonly
2CBE000
heap
page read and write
417E000
heap
page read and write
35880000
direct allocation
page read and write
56BB000
heap
page read and write
3583C000
direct allocation
page read and write
2EB60000
direct allocation
page read and write
4150000
heap
page read and write
599000
heap
page read and write
2B18000
heap
page read and write
41A000
unkown
page write copy
974000
heap
page read and write
974000
heap
page read and write
417B000
heap
page read and write
8FA000
heap
page read and write
5DCF000
stack
page read and write
4D4E000
stack
page read and write
11E2000
heap
page read and write
410B000
heap
page read and write
CD2000
unkown
page execute and write copy
974000
heap
page read and write
19D000
stack
page read and write
2D61000
heap
page read and write
43CE000
stack
page read and write
D5134FE000
unkown
page readonly
2C2F000
stack
page read and write
4168000
heap
page read and write
41A000
unkown
page write copy
19D000
stack
page read and write
400000
unkown
page readonly
1F0000
direct allocation
page read and write
1D257702000
heap
page read and write
35B14000
direct allocation
page read and write
24709000
heap
page read and write
2D61000
heap
page read and write
2B35000
heap
page read and write
420000
unkown
page write copy
1108000
unkown
page execute read
2CA1000
heap
page read and write
2D61000
heap
page read and write
5BDC000
heap
page read and write
2CB2000
heap
page read and write
1025000
unkown
page write copy
6F69000
heap
page read and write
2B1D000
heap
page read and write
27F37A50000
heap
page read and write
133D000
heap
page read and write
950000
direct allocation
page read and write
42C8000
heap
page read and write
2B49000
heap
page read and write
414B000
heap
page read and write
2B34000
heap
page read and write
2B34000
heap
page read and write
44A7000
heap
page read and write
140000000
unkown
page readonly
2ECCC000
direct allocation
page read and write
2D61000
heap
page read and write
2AF7000
heap
page read and write
35780000
direct allocation
page read and write
2963000
direct allocation
page read and write
2472C000
heap
page read and write
5B4000
heap
page read and write
44DE000
stack
page read and write
2D61000
heap
page read and write
1F11000
heap
page read and write
41AA000
heap
page read and write
2DF1000
heap
page read and write
5CD6000
heap
page read and write
68EC000
stack
page read and write
43E000
unkown
page execute and read and write
2D61000
heap
page read and write
91C25FF000
stack
page read and write
411000
unkown
page readonly
974000
heap
page read and write
4307000
heap
page read and write
5E6000
heap
page read and write
426D000
heap
page read and write
4870000
heap
page read and write
2B34000
heap
page read and write
2B34000
heap
page read and write
43E000
unkown
page execute and read and write
4BDF000
heap
page read and write
35900000
direct allocation
page read and write
2B34000
heap
page read and write
5DC0000
heap
page read and write
2B1B000
heap
page read and write
2C7E000
stack
page read and write
4D0000
direct allocation
page read and write
452F000
stack
page read and write
11E4000
heap
page read and write
64CC000
stack
page read and write
41AA000
heap
page read and write
4DCB000
stack
page read and write
2D61000
heap
page read and write
35AF0000
direct allocation
page read and write
133E000
heap
page read and write
F2F000
unkown
page read and write
420000
unkown
page write copy
2470F000
heap
page read and write
11DC000
heap
page read and write
5A3000
heap
page read and write
2CA1000
heap
page read and write
140258000
unkown
page execute and read and write
14046A000
unkown
page execute and read and write
2D61000
heap
page read and write
359C0000
direct allocation
page read and write
1345000
heap
page read and write
14026E000
unkown
page execute and read and write
195000
stack
page read and write
27CA000
stack
page read and write
419B000
heap
page read and write
5E3F000
heap
page read and write
974000
heap
page read and write
5AB000
heap
page read and write
3963000
heap
page read and write
27F376B0000
heap
page read and write
2B34000
heap
page read and write
4148000
heap
page read and write
7FF6388D1000
unkown
page read and write
4BED000
heap
page read and write
974000
heap
page read and write
420000
unkown
page write copy
41AC000
heap
page read and write
6CE000
heap
page read and write
423C000
heap
page read and write
4BDD000
heap
page read and write
2AE6000
heap
page read and write
41C2000
heap
page read and write
1486000
unkown
page readonly
30AA1000
heap
page read and write
2070000
direct allocation
page read and write
950000
direct allocation
page read and write
6CE000
heap
page read and write
27F37680000
heap
page read and write
41A000
unkown
page write copy
35B0C000
direct allocation
page read and write
303C000
stack
page read and write
2CD9000
heap
page read and write
65EE000
stack
page read and write
63B0000
heap
page read and write
190000
heap
page read and write
1F0000
direct allocation
page read and write
4BDD000
heap
page read and write
3BE0000
remote allocation
page read and write
678D000
stack
page read and write
FF0000
remote allocation
page read and write
4181000
heap
page read and write
41AF000
heap
page read and write
3410000
trusted library allocation
page read and write
503E000
heap
page read and write
975000
heap
page read and write
2AEB000
heap
page read and write
2B34000
heap
page read and write
974000
heap
page read and write
42AE000
stack
page read and write
2E60000
trusted library allocation
page read and write
7FF638782000
unkown
page readonly
2B34000
heap
page read and write
40F9000
heap
page read and write
359B0000
direct allocation
page read and write
4164000
heap
page read and write
6A37000
heap
page read and write
32EF000
stack
page read and write
2EA38000
direct allocation
page read and write
401000
unkown
page execute read
D0F000
unkown
page execute and write copy
4080000
heap
page read and write
68DC000
stack
page read and write
2D61000
heap
page read and write
401000
unkown
page execute read
78E000
stack
page read and write
2B22000
heap
page read and write
4104000
heap
page read and write
2B34000
heap
page read and write
2D61000
heap
page read and write
30A93000
heap
page read and write
804000
heap
page read and write
2D61000
heap
page read and write
401000
unkown
page execute read
2AEF000
heap
page read and write
3305000
heap
page read and write
296A000
direct allocation
page read and write
4546000
heap
page read and write
359B0000
direct allocation
page read and write
27F3A57C000
direct allocation
page read and write
424E000
heap
page read and write
2F9D000
unkown
page execute and write copy
11DA000
heap
page read and write
417B000
heap
page read and write
401000
unkown
page execute read
2ED64000
direct allocation
page read and write
24726000
heap
page read and write
2D61000
heap
page read and write
FF0000
remote allocation
page read and write
400000
unkown
page execute and read and write
42C8000
heap
page read and write
41AA000
heap
page read and write
1404BA000
unkown
page execute and read and write
2D61000
heap
page read and write
2AD0000
heap
page read and write
4D8F000
stack
page read and write
FA0000
heap
page read and write
4080000
heap
page read and write
27F37A40000
direct allocation
page read and write
5FA0000
heap
page read and write
2B34000
heap
page read and write
2B31000
heap
page read and write
1338000
heap
page read and write
7170000
heap
page read and write
41B3000
heap
page read and write
5788000
heap
page read and write
6A1C000
stack
page read and write
950000
direct allocation
page read and write
400000
unkown
page readonly
692C000
stack
page read and write
411000
unkown
page readonly
2AE6000
heap
page read and write
11E2000
heap
page read and write
4105000
heap
page read and write
B3E000
stack
page read and write
11BC000
heap
page read and write
3A4C000
unkown
page readonly
24726000
heap
page read and write
9C000
stack
page read and write
407E000
heap
page read and write
4184000
heap
page read and write
2D61000
heap
page read and write
2EBCC000
direct allocation
page read and write
326F000
stack
page read and write
1339000
heap
page read and write
596000
heap
page read and write
2B2D000
heap
page read and write
608000
heap
page read and write
1E80000
direct allocation
page read and write
1343000
heap
page read and write
424E000
heap
page read and write
3323000
heap
page read and write
2B34000
heap
page read and write
41A0000
heap
page read and write
1343000
heap
page read and write
5DDF000
stack
page read and write
4221000
heap
page read and write
2472B000
heap
page read and write
5C20000
remote allocation
page read and write
401000
unkown
page execute read
2B34000
heap
page read and write
3FB0000
remote allocation
page read and write
9C5000
heap
page read and write
2D61000
heap
page read and write
19D000
stack
page read and write
140490000
unkown
page execute and read and write
46C0000
heap
page read and write
2EB56000
direct allocation
page read and write
2EB4C000
direct allocation
page read and write
2EB64000
direct allocation
page read and write
1401E5000
unkown
page execute and read and write
2EBB4000
direct allocation
page read and write
C1D000
unkown
page readonly
41CB000
heap
page read and write
2B34000
heap
page read and write
28F6000
direct allocation
page read and write
623C000
unkown
page read and write
4027000
unkown
page readonly
2D3A91B0000
heap
page read and write
424E000
heap
page read and write
2AF7000
heap
page read and write
5A3000
heap
page read and write
974000
heap
page read and write
400000
unkown
page readonly
BEF000
stack
page read and write
76F000
unkown
page read and write
4520000
heap
page read and write
5F8000
heap
page read and write
2B34000
heap
page read and write
42AF000
stack
page read and write
4157000
heap
page read and write
7241000
heap
page read and write
18ACFFE000
stack
page read and write
8F0000
heap
page read and write
30E0000
heap
page read and write
2B34000
heap
page read and write
2B34000
heap
page read and write
44B0000
heap
page read and write
5F1000
heap
page read and write
358F4000
direct allocation
page read and write
2B0E000
heap
page read and write
974000
heap
page read and write
4C7000
unkown
page readonly
2AEB000
heap
page read and write
9A1000
unkown
page execute read
D11000
unkown
page execute and write copy
43E000
unkown
page execute and read and write
411000
unkown
page readonly
2B35000
heap
page read and write
804000
heap
page read and write
3578C000
direct allocation
page read and write
CD6000
unkown
page execute and write copy
133C000
heap
page read and write
5DD0000
heap
page read and write
35B20000
direct allocation
page read and write
18AD1FE000
stack
page read and write
2B34000
heap
page read and write
974000
heap
page read and write
2759000
stack
page read and write
6A2F000
heap
page read and write
92C000
heap
page read and write
2B34000
heap
page read and write
35908000
direct allocation
page read and write
2CA1000
heap
page read and write
41C1000
heap
page read and write
2D61000
heap
page read and write
950000
direct allocation
page read and write
416C000
heap
page read and write
133C000
heap
page read and write
42FE000
stack
page read and write
35A04000
direct allocation
page read and write
6B9000
heap
page read and write
2D61000
heap
page read and write
974000
heap
page read and write
4418000
heap
page read and write
2CCE000
heap
page read and write
41A000
unkown
page write copy
43D0000
direct allocation
page execute and read and write
2B49000
heap
page read and write
2B34000
heap
page read and write
2B35000
heap
page read and write
1F11000
heap
page read and write
4180000
heap
page read and write
2B34000
heap
page read and write
6E35000
heap
page read and write
1F0000
direct allocation
page read and write
2B03000
heap
page read and write
4155000
heap
page read and write
4425000
heap
page read and write
5DD0000
heap
page read and write
6B5F000
stack
page read and write
440A000
unkown
page readonly
94C000
heap
page read and write
359B8000
direct allocation
page read and write
2070000
direct allocation
page read and write
4E6000
unkown
page read and write
528E000
heap
page read and write
677C000
stack
page read and write
974000
heap
page read and write
415B000
heap
page read and write
4114000
heap
page read and write
43DE000
heap
page read and write
2AE5000
heap
page read and write
4221000
heap
page read and write
4B63000
heap
page read and write
41B0000
heap
page read and write
4125000
heap
page read and write
2D3A9227000
heap
page read and write
35B1C000
direct allocation
page read and write
2D61000
heap
page read and write
2B0E000
heap
page read and write
41ED000
heap
page read and write
416B000
heap
page read and write
23C0000
direct allocation
page read and write
4150000
heap
page read and write
35744000
direct allocation
page read and write
14046A000
unkown
page execute and read and write
2B18000
heap
page read and write
2B35000
heap
page read and write
2B19000
heap
page read and write
419C000
heap
page read and write
5462000
heap
page read and write
423C000
heap
page read and write
4BE4000
heap
page read and write
950000
direct allocation
page read and write
358F4000
direct allocation
page read and write
950000
direct allocation
page read and write
19D000
stack
page read and write
423C000
heap
page read and write
2AFB000
heap
page read and write
11BC000
heap
page read and write
739E000
heap
page read and write
4BAE000
heap
page read and write
400000
unkown
page readonly
1F0000
direct allocation
page read and write
357E4000
direct allocation
page read and write
7FFE80000000
direct allocation
page execute and read and write
4144000
heap
page read and write
950000
direct allocation
page read and write
2EB80000
direct allocation
page read and write
35B18000
direct allocation
page read and write
2B23000
heap
page read and write
2ECCC000
direct allocation
page read and write
14046C000
unkown
page execute and read and write
4153000
heap
page read and write
2B2C000
heap
page read and write
3479000
heap
page read and write
5DD1000
heap
page read and write
1F43000
heap
page read and write
2EC2C000
direct allocation
page read and write
6C32000
heap
page read and write
C3F000
stack
page read and write
2B35000
heap
page read and write
357C4000
direct allocation
page read and write
5032000
heap
page read and write
443F000
stack
page read and write
D4E000
stack
page read and write
1F0000
direct allocation
page read and write
2D61000
heap
page read and write
5E0000
heap
page read and write
357AC000
direct allocation
page read and write
53EF000
stack
page read and write
4B83000
heap
page read and write
D80000
unkown
page readonly
5DC1000
heap
page read and write
1343000
heap
page read and write
2070000
direct allocation
page read and write
505B000
heap
page read and write
4B63000
heap
page read and write
41A4000
heap
page read and write
1343000
heap
page read and write
2B34000
heap
page read and write
4F2B000
heap
page read and write
3571C000
direct allocation
page read and write
43FD000
heap
page read and write
444D000
heap
page read and write
2CC0000
heap
page read and write
4215000
heap
page read and write
2AE6000
heap
page read and write
41CC000
heap
page read and write
410B000
heap
page read and write
41AA000
heap
page read and write
6A4C000
heap
page read and write
4426000
heap
page read and write
1338000
heap
page read and write
5CF000
stack
page read and write
D07000
unkown
page execute and write copy
542E000
stack
page read and write
41AA000
heap
page read and write
2922000
direct allocation
page read and write
35B10000
direct allocation
page read and write
1F0000
direct allocation
page read and write
133C000
heap
page read and write
5DB0000
heap
page read and write
FD0000
unkown
page readonly
401000
unkown
page execute read
3A4F000
unkown
page readonly
416C000
heap
page read and write
2B36000
heap
page read and write
2D61000
heap
page read and write
2070000
direct allocation
page read and write
30A9B000
heap
page read and write
4EC1000
heap
page read and write
5E61000
heap
page read and write
572000
heap
page read and write
2AA0000
trusted library allocation
page read and write
2D3A922B000
heap
page read and write
404B000
unkown
page readonly
4115000
heap
page read and write
11CF000
heap
page read and write
411000
unkown
page readonly
690C000
stack
page read and write
2D61000
heap
page read and write
2B35000
heap
page read and write
2D61000
heap
page read and write
419E000
stack
page read and write
4586000
heap
page read and write
2B34000
heap
page read and write
D19000
unkown
page execute and write copy
7FF6388E4000
unkown
page readonly
2EC30000
direct allocation
page read and write
27F377CB000
heap
page read and write
2FAC000
stack
page read and write
19D000
stack
page read and write
140470000
unkown
page execute and read and write
35880000
direct allocation
page read and write
2DF1000
heap
page read and write
D30000
unkown
page readonly
1F0000
direct allocation
page read and write
2B31000
heap
page read and write
2AF3000
heap
page read and write
9B000
stack
page read and write
4258000
heap
page read and write
4420000
heap
page read and write
4580000
heap
page read and write
2B34000
heap
page read and write
6A3F000
heap
page read and write
52D7000
heap
page read and write
2AF3000
heap
page read and write
2D61000
heap
page read and write
2B34000
heap
page read and write
24704000
heap
page read and write
11B4000
heap
page read and write
974000
heap
page read and write
411000
unkown
page readonly
358F4000
direct allocation
page read and write
5E7E000
heap
page read and write
280000
unkown
page readonly
957000
heap
page read and write
41B5000
heap
page read and write
D17000
unkown
page execute and write copy
813000
unkown
page readonly
D5133FC000
stack
page read and write
1334000
heap
page read and write
4BED000
heap
page read and write
968000
heap
page read and write
2AEB000
heap
page read and write
51C2000
heap
page read and write
11B9000
heap
page read and write
4B80000
heap
page read and write
433F000
stack
page read and write
41EB000
heap
page read and write
411000
unkown
page readonly
4150000
heap
page read and write
400000
unkown
page readonly
2B3C000
heap
page read and write
804000
heap
page read and write
41A000
unkown
page write copy
411000
unkown
page readonly
4154000
heap
page read and write
2B25000
heap
page read and write
2D61000
heap
page read and write
400000
unkown
page readonly
401000
unkown
page execute read
2AEF000
heap
page read and write
4BE4000
heap
page read and write
2AF7000
heap
page read and write
293F000
direct allocation
page read and write
4168000
heap
page read and write
2B1D000
heap
page read and write
5DDD000
heap
page read and write
2B34000
heap
page read and write
42C8000
heap
page read and write
FA8000
heap
page read and write
974000
heap
page read and write
41A000
unkown
page write copy
974000
heap
page read and write
2B3C000
heap
page read and write
2471D000
heap
page read and write
2B34000
heap
page read and write
4070000
heap
page read and write
133C000
heap
page read and write
5E04000
heap
page read and write
5AB000
heap
page read and write
19D000
stack
page read and write
2D61000
heap
page read and write
974000
heap
page read and write
2ECCC000
direct allocation
page read and write
2EA38000
direct allocation
page read and write
2ADF000
heap
page read and write
12AB000
heap
page read and write
2470D000
heap
page read and write
2B22000
heap
page read and write
11AC000
heap
page read and write
5E1F000
heap
page read and write
2B34000
heap
page read and write
404B000
unkown
page readonly
3275000
heap
page read and write
68DF000
stack
page read and write
55F1000
unkown
page read and write
950000
direct allocation
page read and write
1D25762B000
heap
page read and write
1D0000
heap
page read and write
5E0E000
heap
page read and write
2D61000
heap
page read and write
440A000
unkown
page readonly
2471E000
heap
page read and write
2A3E000
unkown
page read and write
D15000
unkown
page execute and write copy
2070000
direct allocation
page read and write
52EE000
stack
page read and write
2AEB000
heap
page read and write
19D000
stack
page read and write
417A000
heap
page read and write
5E2F000
heap
page read and write
59C000
heap
page read and write
2CA1000
heap
page read and write
2CA1000
heap
page read and write
D51317E000
stack
page read and write
41C9000
heap
page read and write
2F9C000
unkown
page readonly
411000
unkown
page readonly
23C0000
direct allocation
page read and write
1D2575C0000
trusted library allocation
page read and write
DFA000
unkown
page write copy
6A55000
heap
page read and write
4DA000
unkown
page readonly
359B0000
direct allocation
page read and write
974000
heap
page read and write
91C24FF000
stack
page read and write
13BB9000
direct allocation
page read and write
4138000
heap
page read and write
2410000
trusted library allocation
page read and write
6E25000
heap
page read and write
2B25000
heap
page read and write
649E000
stack
page read and write
4BE4000
heap
page read and write
2B34000
heap
page read and write
2B25000
heap
page read and write
AEF000
unkown
page readonly
2EB9C000
direct allocation
page read and write
5E64000
heap
page read and write
140470000
unkown
page execute and read and write
415F000
heap
page read and write
5412000
heap
page read and write
400000
unkown
page execute and read and write
4260000
heap
page read and write
44B0000
direct allocation
page read and write
281000
unkown
page execute read
2C60000
heap
page read and write
40C5000
heap
page read and write
4250000
heap
page read and write
1F46000
heap
page read and write
2AEB000
heap
page read and write
2B25000
heap
page read and write
1F0000
direct allocation
page read and write
2070000
direct allocation
page read and write
140001000
unkown
page execute and write copy
2ED68000
direct allocation
page read and write
424E000
heap
page read and write
410E000
stack
page read and write
1F0000
direct allocation
page read and write
417B000
heap
page read and write
68FC000
stack
page read and write
421D000
heap
page read and write
1F0000
direct allocation
page read and write
2C80000
remote allocation
page read and write
D0B000
unkown
page execute and write copy
D80000
unkown
page readonly
840000
unkown
page execute and read and write
4385000
heap
page read and write
2B35000
heap
page read and write
400000
unkown
page readonly
426D000
heap
page read and write
5E5F000
heap
page read and write
2D61000
heap
page read and write
2D3A90D0000
heap
page read and write
4B21000
heap
page read and write
421D000
heap
page read and write
6CC7000
heap
page read and write
974000
heap
page read and write
43EC000
heap
page execute and read and write
41CB000
heap
page read and write
2D61000
heap
page read and write
59C000
heap
page read and write
4E90000
heap
page read and write
11E7000
heap
page read and write
42C8000
heap
page read and write
6A3F000
heap
page read and write
41A4000
heap
page read and write
11BC000
heap
page read and write
52AC000
heap
page read and write
35AE8000
direct allocation
page read and write
2C80000
remote allocation
page read and write
2B34000
heap
page read and write
2D61000
heap
page read and write
EDA000
unkown
page readonly
1051000
heap
page read and write
5D7E000
heap
page read and write
2A12000
heap
page read and write
2B31000
heap
page read and write
601000
heap
page read and write
43E000
unkown
page execute and read and write
2AEF000
heap
page read and write
356B8000
direct allocation
page read and write
2ED74000
direct allocation
page read and write
2EB1C000
direct allocation
page read and write
2B7E000
stack
page read and write
5411000
heap
page read and write
804000
heap
page read and write
40B0000
heap
page read and write
1181000
heap
page read and write
417F000
heap
page read and write
28A2000
direct allocation
page read and write
69DD000
stack
page read and write
30AE000
stack
page read and write
291B000
direct allocation
page read and write
2ECCC000
direct allocation
page read and write
950000
direct allocation
page read and write
29404000
direct allocation
page read and write
359C8000
direct allocation
page read and write
24704000
heap
page read and write
2ED64000
direct allocation
page read and write
51C0000
heap
page read and write
11DE000
heap
page read and write
24B4000
direct allocation
page read and write
418B000
heap
page read and write
401000
unkown
page execute read
6540000
heap
page read and write
4BDD000
heap
page read and write
411C000
heap
page execute and read and write
1345000
heap
page read and write
140001000
unkown
page execute and read and write
4BED000
heap
page read and write
2B34000
heap
page read and write
6A32000
heap
page read and write
71FF000
heap
page read and write
420000
unkown
page write copy
2B70000
heap
page read and write
35700000
direct allocation
page read and write
443F000
stack
page read and write
400000
unkown
page execute and read and write
2A70000
heap
page read and write
1E0000
heap
page read and write
41AA000
heap
page read and write
64DE000
stack
page read and write
4147000
heap
page read and write
4138000
heap
page read and write
34A000
unkown
page write copy
3BE0000
remote allocation
page read and write
412D000
heap
page read and write
9E0000
heap
page read and write
2B34000
heap
page read and write
420000
unkown
page write copy
41AC000
heap
page read and write
140A7C000
unkown
page write copy
414B000
heap
page read and write
2ED6C000
direct allocation
page read and write
359B4000
direct allocation
page read and write
FC6000
heap
page read and write
7FF6388B2000
unkown
page write copy
6A0C000
stack
page read and write
359B0000
direct allocation
page read and write
2889000
heap
page read and write
2CA1000
heap
page read and write
2D61000
heap
page read and write
35720000
direct allocation
page read and write
D51327E000
stack
page read and write
404B000
unkown
page readonly
359B0000
direct allocation
page read and write
140269000
unkown
page execute and read and write
2B01000
heap
page read and write
2D61000
heap
page read and write
950000
direct allocation
page read and write
2AEF000
heap
page read and write
4440000
heap
page read and write
29F0000
unkown
page read and write
2B34000
heap
page read and write
2BFE000
stack
page read and write
2B34000
heap
page read and write
359CC000
direct allocation
page read and write
419C000
heap
page read and write
133E000
heap
page read and write
1E5000
heap
page read and write
420000
unkown
page write copy
2B0E000
heap
page read and write
6285000
heap
page read and write
2B34000
heap
page read and write
4440000
direct allocation
page execute and read and write
400000
unkown
page readonly
4380000
heap
page read and write
2B34000
heap
page read and write
40CC000
heap
page execute and read and write
41CC000
heap
page read and write
11DA000
heap
page read and write
974000
heap
page read and write
25CE000
stack
page read and write
40F7000
heap
page read and write
419C000
heap
page read and write
2EB60000
direct allocation
page read and write
2B34000
heap
page read and write
804000
heap
page read and write
35770000
direct allocation
page read and write
1107000
unkown
page read and write
401000
unkown
page execute read
2930000
direct allocation
page read and write
426D000
heap
page read and write
133C000
heap
page read and write
2D61000
heap
page read and write
6A3E000
heap
page read and write
4168000
heap
page read and write
1336000
heap
page read and write
4165000
heap
page read and write
7243000
heap
page read and write
974000
heap
page read and write
6E41000
heap
page read and write
1F0000
direct allocation
page read and write
2ECCC000
direct allocation
page read and write
411000
unkown
page readonly
57B0000
heap
page read and write
3588C000
direct allocation
page read and write
5240000
trusted library allocation
page read and write
417F000
heap
page read and write
35AE4000
direct allocation
page read and write
1342000
heap
page read and write
2D61000
heap
page read and write
24701000
heap
page read and write
2AE6000
heap
page read and write
6032000
heap
page read and write
439C000
heap
page execute and read and write
2CAA000
heap
page read and write
41A3000
heap
page read and write
2ADF000
heap
page read and write
2B1D000
heap
page read and write
97D000
heap
page read and write
140A7C000
unkown
page write copy
5CCE000
stack
page read and write
8FE000
heap
page read and write
195000
stack
page read and write
133C000
heap
page read and write
356C0000
direct allocation
page read and write
2B34000
heap
page read and write
2AEB000
heap
page read and write
140A7B000
unkown
page execute and read and write
5D60000
direct allocation
page read and write
783000
unkown
page readonly
140000000
unkown
page readonly
2C3E000
stack
page read and write
69EC000
stack
page read and write
2ED70000
direct allocation
page read and write
4049000
unkown
page read and write
417B000
heap
page read and write
2AE6000
heap
page read and write
4080000
heap
page read and write
4B96000
heap
page read and write
974000
heap
page read and write
2B34000
heap
page read and write
649C000
stack
page read and write
6A32000
heap
page read and write
2B34000
heap
page read and write
358F8000
direct allocation
page read and write
401000
unkown
page execute read
2B34000
heap
page read and write
2914000
direct allocation
page read and write
101C000
heap
page read and write
4144000
heap
page read and write
140000000
unkown
page readonly
404B000
unkown
page readonly
4BDF000
heap
page read and write
4138000
heap
page read and write
5B2000
heap
page read and write
950000
direct allocation
page read and write
4BCF000
heap
page read and write
359B0000
direct allocation
page read and write
3327000
heap
page read and write
4BDD000
heap
page read and write
6CB9000
heap
page read and write
649C000
stack
page read and write
11E8000
heap
page read and write
207B000
heap
page read and write
E05000
heap
page read and write
5FA000
heap
page read and write
2AD0000
heap
page read and write
679F000
stack
page read and write
57CE000
heap
page read and write
5E14000
heap
page read and write
5073000
heap
page read and write
416C000
heap
page read and write
804000
heap
page read and write
6A20000
heap
page read and write
358F4000
direct allocation
page read and write
27F59524000
heap
page read and write
41A000
unkown
page write copy
459000
unkown
page read and write
2B34000
heap
page read and write
4164000
heap
page read and write
40ED000
heap
page read and write
5F8000
heap
page read and write
2EC7C000
direct allocation
page read and write
4168000
heap
page read and write
43AF000
stack
page read and write
420000
unkown
page write copy
2C6C000
heap
page read and write
27F37690000
heap
page read and write
4300000
direct allocation
page execute and read and write
4BDF000
heap
page read and write
2ED64000
direct allocation
page read and write
27F376E0000
heap
page read and write
4245000
heap
page read and write
4148000
heap
page read and write
5E60000
heap
page read and write
6FCC000
stack
page read and write
358F4000
direct allocation
page read and write
6A30000
heap
page read and write
4070000
heap
page read and write
1F0000
direct allocation
page read and write
66AE000
stack
page read and write
1F0000
direct allocation
page read and write
2AE2000
heap
page read and write
41A000
unkown
page write copy
2AEF000
heap
page read and write
3579C000
direct allocation
page read and write
636000
unkown
page read and write
11DE000
heap
page read and write
35890000
direct allocation
page read and write
4154000
heap
page read and write
9C000
stack
page read and write
6A39000
heap
page read and write
606000
heap
page read and write
2EB04000
direct allocation
page read and write
404B000
unkown
page readonly
5CC9000
heap
page read and write
2071000
heap
page read and write
35760000
direct allocation
page read and write
2CA0000
heap
page read and write
202F000
stack
page read and write
27F376E6000
heap
page read and write
59FE000
stack
page read and write
2B34000
heap
page read and write
6F65000
heap
page read and write
40CC000
heap
page execute and read and write
2D61000
heap
page read and write
4235000
heap
page read and write
4430000
direct allocation
page read and write
57B5000
unkown
page read and write
2AE2000
heap
page read and write
18ACB7E000
stack
page read and write
6C2000
heap
page read and write
41C000
unkown
page execute read
629C000
unkown
page read and write
421D000
heap
page read and write
2BDD000
stack
page read and write
2EB00000
direct allocation
page read and write
2D61000
heap
page read and write
420000
unkown
page write copy
2A90000
heap
page read and write
1A0000
heap
page read and write
416C000
heap
page read and write
420000
unkown
page write copy
6A40000
heap
page read and write
6B9000
heap
page read and write
4EF000
unkown
page readonly
804000
heap
page read and write
57A1000
unkown
page read and write
42F0000
heap
page read and write
4210000
heap
page read and write
357C0000
direct allocation
page read and write
65CE000
stack
page read and write
6A1E000
heap
page read and write
2AE6000
heap
page read and write
950000
direct allocation
page read and write
2B20000
heap
page read and write
840000
unkown
page execute and read and write
805000
heap
page read and write
2954000
direct allocation
page read and write
5D60000
heap
page read and write
295C000
direct allocation
page read and write
842F000
trusted library allocation
page read and write
974000
heap
page read and write
6A2E000
heap
page read and write
404B000
unkown
page readonly
35700000
direct allocation
page read and write
46D0000
heap
page read and write
E00000
heap
page read and write
974000
heap
page read and write
2EC34000
direct allocation
page read and write
2D61000
heap
page read and write
41AA000
heap
page read and write
58BE000
stack
page read and write
804000
heap
page read and write
2D61000
heap
page read and write
2AE2000
heap
page read and write
40BA000
heap
page read and write
2070000
direct allocation
page read and write
2D61000
heap
page read and write
401000
unkown
page execute read
2B2C000
heap
page read and write
2ECCC000
direct allocation
page read and write
2B34000
heap
page read and write
2070000
direct allocation
page read and write
28B0000
direct allocation
page read and write
2EC38000
direct allocation
page read and write
43D0000
heap
page read and write
359D4000
direct allocation
page read and write
446A000
heap
page read and write
D40000
unkown
page execute and write copy
41AA000
heap
page read and write
4168000
heap
page read and write
1338000
heap
page read and write
408C000
heap
page execute and read and write
6B56000
heap
page read and write
64F6000
heap
page read and write
624000
unkown
page read and write
41B3000
heap
page read and write
4070000
heap
page read and write
5D5F000
stack
page read and write
974000
heap
page read and write
FF0000
remote allocation
page read and write
6A3E000
heap
page read and write
31E2000
heap
page read and write
4BE4000
heap
page read and write
102A000
unkown
page readonly
40A0000
heap
page read and write
5DCF000
stack
page read and write
2D61000
heap
page read and write
4B6B000
heap
page read and write
2B34000
heap
page read and write
4440000
direct allocation
page read and write
974000
heap
page read and write
2D61000
heap
page read and write
359B0000
direct allocation
page read and write
2AE8000
heap
page read and write
974000
heap
page read and write
418B000
heap
page read and write
CD8000
unkown
page execute and write copy
2CD0000
heap
page read and write
400000
unkown
page readonly
35910000
direct allocation
page read and write
FB0000
direct allocation
page read and write
417E000
heap
page read and write
2D61000
heap
page read and write
2AF7000
heap
page read and write
4198000
heap
page read and write
11D8000
heap
page read and write
2C9F000
unkown
page read and write
710C000
stack
page read and write
133A000
heap
page read and write
426D000
heap
page read and write
57A1000
unkown
page read and write
5E60000
heap
page read and write
4049000
unkown
page read and write
140A7C000
unkown
page write copy
5E0F000
heap
page read and write
2ECD0000
direct allocation
page read and write
974000
heap
page read and write
41A000
unkown
page write copy
2D61000
heap
page read and write
2EB04000
direct allocation
page read and write
400000
unkown
page readonly
2EB64000
direct allocation
page read and write
4BDD000
heap
page read and write
41AC000
heap
page read and write
42FA000
heap
page read and write
4BDF000
heap
page read and write
5DE0000
heap
page read and write
2ADF000
heap
page read and write
95F000
heap
page read and write
4168000
heap
page read and write
35888000
direct allocation
page read and write
2AE2000
heap
page read and write
5B2000
heap
page read and write
35638000
direct allocation
page read and write
2B34000
heap
page read and write
2070000
direct allocation
page read and write
290C000
direct allocation
page read and write
140001000
unkown
page execute and write copy
2ACE000
heap
page read and write
2D61000
heap
page read and write
140224000
unkown
page execute and read and write
4130000
heap
page read and write
75E000
unkown
page write copy
41EC000
heap
page read and write
804000
heap
page read and write
2ECE0000
direct allocation
page read and write
4164000
heap
page read and write
409000
unkown
page execute read
6A1E000
heap
page read and write
41A2000
heap
page read and write
974000
heap
page read and write
2CA2000
heap
page read and write
413F000
heap
page read and write
5D94000
heap
page read and write
2EB50000
direct allocation
page read and write
5AB000
heap
page read and write
4BEE000
heap
page read and write
2D61000
heap
page read and write
418B000
heap
page read and write
7200000
heap
page read and write
D13000
unkown
page execute and write copy
140258000
unkown
page execute and read and write
2EAC0000
direct allocation
page read and write
5BBE000
heap
page read and write
5EAF000
heap
page read and write
4165000
heap
page read and write
536D000
trusted library allocation
page read and write
1343000
heap
page read and write
2D61000
heap
page read and write
2B0E000
heap
page read and write
2D61000
heap
page read and write
2CA1000
heap
page read and write
356B8000
direct allocation
page read and write
4DF000
unkown
page read and write
133F000
heap
page read and write
CD4000
unkown
page execute and write copy
140488000
unkown
page execute and read and write
4BED000
heap
page read and write
18AD0FE000
unkown
page readonly
974000
heap
page read and write
416B000
heap
page read and write
2D61000
heap
page read and write
2EBE4000
direct allocation
page read and write
3280000
direct allocation
page read and write
41FF000
heap
page read and write
347B000
heap
page read and write
6E50000
direct allocation
page read and write
4BDD000
heap
page read and write
1343000
heap
page read and write
1401E5000
unkown
page execute and read and write
804000
heap
page read and write
2EDE000
stack
page read and write
140224000
unkown
page execute and read and write
407A000
heap
page read and write
BE6000
unkown
page execute and write copy
64F0000
heap
page read and write
24707000
heap
page read and write
2AE6000
heap
page read and write
2946000
direct allocation
page read and write
2AF7000
heap
page read and write
27FF000
stack
page read and write
1404C1000
unkown
page execute and read and write
4BDD000
heap
page read and write
404B000
unkown
page readonly
2AF3000
heap
page read and write
2CA1000
heap
page read and write
1F55000
heap
page read and write
6B9E000
stack
page read and write
4184000
heap
page read and write
2B35000
heap
page read and write
2D61000
heap
page read and write
D4C000
unkown
page execute and write copy
5DCF000
stack
page read and write
417A000
heap
page read and write
2EB44000
direct allocation
page read and write
974000
heap
page read and write
2B34000
heap
page read and write
27D0000
heap
page read and write
42C8000
heap
page read and write
2D61000
heap
page read and write
D50000
heap
page read and write
1D2574B0000
heap
page read and write
66EF000
stack
page read and write
840000
unkown
page execute and read and write
4181000
heap
page read and write
4F2A000
heap
page read and write
5F00000
heap
page read and write
140751000
unkown
page execute and read and write
2AFA000
heap
page read and write
1F0000
direct allocation
page read and write
2D61000
heap
page read and write
400000
unkown
page execute and read and write
5369000
trusted library allocation
page read and write
2DF1000
heap
page read and write
418B000
heap
page read and write
65AE000
stack
page read and write
2B0E000
heap
page read and write
2EB04000
direct allocation
page read and write
2C5E000
stack
page read and write
974000
heap
page read and write
2D61000
heap
page read and write
9C000
stack
page read and write
6A20000
heap
page read and write
2CA1000
heap
page read and write
424E000
heap
page read and write
2ED64000
direct allocation
page read and write
2D61000
heap
page read and write
5DD1000
heap
page read and write
4B21000
heap
page read and write
1401E2000
unkown
page execute and read and write
44BB000
heap
page read and write
416C000
heap
page read and write
5B6000
heap
page read and write
32BB000
heap
page read and write
F38000
heap
page read and write
2ED64000
direct allocation
page read and write
2B34000
heap
page read and write
2B20000
heap
page read and write
4179000
heap
page read and write
974000
heap
page read and write
FB0000
trusted library allocation
page read and write
2D61000
heap
page read and write
418B000
heap
page read and write
2CA1000
heap
page read and write
35B08000
direct allocation
page read and write
2B31000
heap
page read and write
4330000
heap
page read and write
2B34000
heap
page read and write
4862000
heap
page read and write
2AEF000
heap
page read and write
6A32000
heap
page read and write
91C21B9000
stack
page read and write
2B7E000
stack
page read and write
41C0000
heap
page read and write
4177000
heap
page read and write
67BE000
stack
page read and write
35884000
direct allocation
page read and write
2EB20000
direct allocation
page read and write
41AF000
heap
page read and write
195000
stack
page read and write
40DE000
stack
page read and write
804000
heap
page read and write
195000
stack
page read and write
434C000
heap
page execute and read and write
2B1D000
heap
page read and write
6CB9000
heap
page read and write
78F000
stack
page read and write
359C4000
direct allocation
page read and write
4049000
unkown
page read and write
28D0000
direct allocation
page read and write
2CA1000
heap
page read and write
2EE0000
heap
page read and write
195000
stack
page read and write
140751000
unkown
page execute and read and write
4E0B000
stack
page read and write
BE4000
unkown
page write copy
2B1B000
heap
page read and write
4BEE000
heap
page read and write
7FF6385C1000
unkown
page execute read
1F14000
heap
page read and write
404B000
unkown
page readonly
CD0000
unkown
page execute and write copy
B1B000
unkown
page write copy
2D61000
heap
page read and write
359D0000
direct allocation
page read and write
6C4A000
heap
page read and write
4164000
heap
page read and write
4250000
direct allocation
page read and write
133C000
heap
page read and write
400000
unkown
page readonly
359B0000
direct allocation
page read and write
43E000
unkown
page execute and read and write
14048C000
unkown
page execute and read and write
404B000
unkown
page readonly
2F9F000
unkown
page readonly
3500000
heap
page read and write
4049000
unkown
page read and write
6A5A000
heap
page read and write
418B000
heap
page read and write
4BDF000
heap
page read and write
676D000
stack
page read and write
410E000
heap
page read and write
7160000
heap
page read and write
2DF1000
heap
page read and write
2B34000
heap
page read and write
676F000
stack
page read and write
6B79000
heap
page read and write
190000
heap
page read and write
2B20000
heap
page read and write
2B35000
heap
page read and write
4437000
heap
page read and write
11E2000
heap
page read and write
950000
direct allocation
page read and write
5BB0000
direct allocation
page execute and read and write
426D000
heap
page read and write
401000
unkown
page execute read
601000
heap
page read and write
289B000
direct allocation
page read and write
2DF1000
heap
page read and write
2B1B000
heap
page read and write
416C000
heap
page read and write
24726000
heap
page read and write
1338000
heap
page read and write
2B34000
heap
page read and write
339B000
unkown
page read and write
41AA000
heap
page read and write
4070000
heap
page read and write
400000
unkown
page readonly
425A000
heap
page read and write
420000
unkown
page write copy
2D61000
heap
page read and write
58A000
heap
page read and write
F35000
unkown
page execute read
5B6000
heap
page read and write
140000000
unkown
page readonly
1338000
heap
page read and write
2CCC000
heap
page read and write
416C000
heap
page read and write
4BCF000
heap
page read and write
4F2C000
heap
page read and write
195000
stack
page read and write
778000
unkown
page read and write
35704000
direct allocation
page read and write
5E24000
heap
page read and write
5AB000
heap
page read and write
4BDD000
heap
page read and write
140468000
unkown
page execute and read and write
4105000
heap
page read and write
2EE8000
heap
page read and write
2EC70000
direct allocation
page read and write
2AF3000
heap
page read and write
6E70000
direct allocation
page read and write
804000
heap
page read and write
18AD2FE000
unkown
page readonly
2B34000
heap
page read and write
95A000
heap
page read and write
4170000
heap
page read and write
2B1D000
heap
page read and write
70FA000
heap
page read and write
67AF000
stack
page read and write
41C5000
heap
page read and write
2CB1000
heap
page read and write
246F9000
heap
page read and write
766000
unkown
page read and write
83FE000
trusted library allocation
page read and write
43E000
unkown
page execute and read and write
40F000
unkown
page execute read
44AB000
heap
page read and write
11B4000
heap
page read and write
4154000
heap
page read and write
2B34000
heap
page read and write
42C8000
heap
page read and write
35894000
direct allocation
page read and write
666C000
stack
page read and write
1014000
heap
page read and write
2D3A9200000
heap
page read and write
2B34000
heap
page read and write
2EB38000
direct allocation
page read and write
2B2D000
heap
page read and write
A08000
heap
page read and write
2B10000
heap
page read and write
DD0000
heap
page read and write
2B34000
heap
page read and write
40BE000
heap
page read and write
840000
unkown
page execute and read and write
404B000
unkown
page readonly
2ECD8000
direct allocation
page read and write
974000
heap
page read and write
D1B000
unkown
page execute and write copy
5E50000
heap
page read and write
2471D000
heap
page read and write
42F6000
heap
page read and write
4148000
heap
page read and write
140269000
unkown
page execute and read and write
5AFF000
stack
page read and write
4027000
unkown
page readonly
4BE4000
heap
page read and write
140490000
unkown
page execute and read and write
4170000
heap
page read and write
5D50000
direct allocation
page read and write
2B0E000
heap
page read and write
1343000
heap
page read and write
35AEC000
direct allocation
page read and write
4200000
heap
page read and write
94E000
unkown
page read and write
1344000
heap
page read and write
2EB00000
direct allocation
page read and write
2B2C000
heap
page read and write
53DE000
trusted library allocation
page read and write
1486000
unkown
page readonly
2D61000
heap
page read and write
2CA1000
heap
page read and write
4170000
heap
page read and write
41A5000
heap
page read and write
2D61000
heap
page read and write
4B63000
heap
page read and write
359B0000
direct allocation
page read and write
400000
unkown
page readonly
2B34000
heap
page read and write
4147000
heap
page read and write
24704000
heap
page read and write
6FB000
stack
page read and write
2E60000
trusted library allocation
page read and write
32AE000
stack
page read and write
CCE000
unkown
page execute and write copy
2B31000
heap
page read and write
4BE4000
heap
page read and write
4B21000
heap
page read and write
2CB0000
heap
page read and write
11CE000
heap
page read and write
9C000
stack
page read and write
140472000
unkown
page execute and read and write
140486000
unkown
page execute and read and write
357C0000
direct allocation
page read and write
2B2C000
heap
page read and write
5C20000
direct allocation
page read and write
68EC000
stack
page read and write
974000
heap
page read and write
2B28000
heap
page read and write
2B0E000
heap
page read and write
4F3E000
heap
page read and write
2AF7000
heap
page read and write
41CB000
heap
page read and write
400000
unkown
page execute and read and write
65EE000
stack
page read and write
5E9000
heap
page read and write
41CB000
heap
page read and write
357E0000
direct allocation
page read and write
1401E2000
unkown
page execute and read and write
2ED64000
direct allocation
page read and write
2070000
direct allocation
page read and write
62A3000
heap
page read and write
41B000
unkown
page readonly
400000
unkown
page readonly
6DD0000
direct allocation
page read and write
42C8000
heap
page read and write
4F3E000
heap
page read and write
1D257602000
heap
page read and write
2B0E000
heap
page read and write
418B000
heap
page read and write
974000
heap
page read and write
4240000
heap
page read and write
5DEE000
heap
page read and write
974000
heap
page read and write
9C000
stack
page read and write
2CA1000
heap
page read and write
2B34000
heap
page read and write
420000
unkown
page write copy
404B000
unkown
page readonly
41CB000
heap
page read and write
4181000
heap
page read and write
5038000
heap
page read and write
804000
heap
page read and write
18ACC7E000
stack
page read and write
FCA000
heap
page read and write
34C000
unkown
page write copy
6CA0000
heap
page read and write
41A000
unkown
page write copy
140001000
unkown
page execute and write copy
2D3A91E0000
trusted library allocation
page read and write
2470A000
heap
page read and write
4114000
heap
page read and write
4168000
heap
page read and write
5FD000
heap
page read and write
6A52000
heap
page read and write
4164000
heap
page read and write
40B0000
heap
page read and write
35770000
direct allocation
page read and write
4164000
heap
page read and write
4049000
unkown
page read and write
1338000
heap
page read and write
2B34000
heap
page read and write
43E000
unkown
page execute and read and write
3A4D000
unkown
page execute and write copy
417F000
heap
page read and write
359BC000
direct allocation
page read and write
7FF6385C0000
unkown
page readonly
1F0000
direct allocation
page read and write
2AEB000
heap
page read and write
4198000
heap
page read and write
24F0000
remote allocation
page read and write
2B34000
heap
page read and write
480000
unkown
page readonly
2B0E000
heap
page read and write
4114000
heap
page read and write
420000
unkown
page write copy
2E00000
heap
page read and write
2D61000
heap
page read and write
1D2575D0000
remote allocation
page read and write
3476000
heap
page read and write
1F0000
direct allocation
page read and write
2EAC0000
direct allocation
page read and write
4B63000
heap
page read and write
30AAC000
heap
page read and write
4660000
remote allocation
page read and write
5CE0000
direct allocation
page execute and read and write
2470E000
heap
page read and write
35B00000
direct allocation
page read and write
974000
heap
page read and write
5ED1000
heap
page read and write
2D61000
heap
page read and write
2B35000
heap
page read and write
1338000
heap
page read and write
5EC000
heap
page read and write
1F0000
direct allocation
page read and write
F20000
heap
page read and write
133C000
heap
page read and write
2D61000
heap
page read and write
2DF1000
heap
page read and write
689F000
stack
page read and write
1343000
heap
page read and write
2EC74000
direct allocation
page read and write
41A000
unkown
page write copy
3CB000
stack
page read and write
2CA1000
heap
page read and write
4114000
heap
page read and write
4540000
heap
page read and write
421E000
heap
page read and write
4BED000
heap
page read and write
2AEB000
heap
page read and write
359B0000
direct allocation
page read and write
4F20000
heap
page read and write
2D61000
heap
page read and write
421E000
heap
page read and write
2B31000
heap
page read and write
1343000
heap
page read and write
35734000
direct allocation
page read and write
943000
heap
page read and write
93A000
heap
page read and write
1338000
heap
page read and write
3BE0000
remote allocation
page read and write
5E4E000
heap
page read and write
133C000
heap
page read and write
41A000
unkown
page write copy
67AE000
stack
page read and write
6E04000
heap
page read and write
974000
heap
page read and write
419D000
heap
page read and write
1F16000
heap
page read and write
417D000
heap
page read and write
2D61000
heap
page read and write
411000
unkown
page readonly
418B000
heap
page read and write
40CE000
stack
page read and write
2AE6000
heap
page read and write
4114000
heap
page read and write
6D80000
direct allocation
page read and write
2AF3000
heap
page read and write
481000
unkown
page execute read
404B000
unkown
page readonly
69FC000
stack
page read and write
27F59500000
heap
page read and write
590000
heap
page read and write
6A20000
heap
page read and write
43D5000
heap
page read and write
4380000
heap
page read and write
41A000
unkown
page write copy
11BC000
heap
page read and write
4070000
heap
page read and write
423C000
heap
page read and write
974000
heap
page read and write
676F000
stack
page read and write
4596000
heap
page read and write
64EE000
stack
page read and write
2EC78000
direct allocation
page read and write
2410000
trusted library allocation
page read and write
400000
unkown
page execute and read and write
6C5B000
heap
page read and write
359B0000
direct allocation
page read and write
2D61000
heap
page read and write
2AEF000
heap
page read and write
5E94000
heap
page read and write
6C9C000
stack
page read and write
950000
direct allocation
page read and write
64C0000
heap
page read and write
2E0F000
stack
page read and write
411000
unkown
page readonly
1108000
unkown
page execute read
400000
unkown
page execute and read and write
2ED64000
direct allocation
page read and write
1A0000
heap
page read and write
606000
heap
page read and write
4BED000
heap
page read and write
43C0000
direct allocation
page execute and read and write
41EE000
stack
page read and write
60D000
heap
page read and write
5F04000
heap
page read and write
404B000
unkown
page readonly
2CD3000
heap
page read and write
11E8000
heap
page read and write
4176000
heap
page read and write
140234000
unkown
page execute and read and write
41AA000
heap
page read and write
4114000
heap
page read and write
43E000
unkown
page execute and read and write
35838000
direct allocation
page read and write
7201000
heap
page read and write
438E000
heap
page read and write
2EB70000
direct allocation
page read and write
3200000
heap
page read and write
9C000
stack
page read and write
5CDF000
stack
page read and write
4130000
heap
page read and write
19C000
stack
page read and write
2AF3000
heap
page read and write
2AE3000
heap
page read and write
5BD0000
direct allocation
page execute and read and write
411000
unkown
page readonly
4165000
heap
page read and write
5DDE000
heap
page read and write
2EBB4000
direct allocation
page read and write
3250000
heap
page read and write
2B34000
heap
page read and write
438A000
heap
page read and write
140001000
unkown
page execute and read and write
1F0000
direct allocation
page read and write
950000
direct allocation
page read and write
804000
heap
page read and write
35B04000
direct allocation
page read and write
2B2D000
heap
page read and write
4156000
heap
page read and write
974000
heap
page read and write
35834000
direct allocation
page read and write
3FB0000
remote allocation
page read and write
40E0000
heap
page read and write
2EB56000
direct allocation
page read and write
5B6000
heap
page read and write
6C56000
heap
page read and write
1343000
heap
page read and write
412D000
heap
page read and write
140486000
unkown
page execute and read and write
2D30000
heap
page read and write
2AE6000
heap
page read and write
1D2575D0000
remote allocation
page read and write
1F0000
direct allocation
page read and write
75E000
unkown
page read and write
974000
heap
page read and write
3410000
trusted library allocation
page read and write
35880000
direct allocation
page read and write
5DF4000
heap
page read and write
2ED64000
direct allocation
page read and write
5031000
heap
page read and write
2C50000
heap
page read and write
FC2000
heap
page read and write
27C0000
heap
page read and write
2A53000
heap
page read and write
D09000
unkown
page execute and write copy
35AF4000
direct allocation
page read and write
7FF6388E4000
unkown
page readonly
3574C000
direct allocation
page read and write
4184000
heap
page read and write
2EB5C000
direct allocation
page read and write
941000
heap
page read and write
41C9000
heap
page read and write
2CA1000
heap
page read and write
FD1000
unkown
page execute read
2A9B000
heap
page read and write
4D5000
unkown
page write copy
2EB0000
heap
page read and write
2B34000
heap
page read and write
2B1D000
heap
page read and write
2070000
direct allocation
page read and write
43A000
unkown
page execute read
411000
unkown
page readonly
40D000
unkown
page execute read
2A5D000
heap
page read and write
2B34000
heap
page read and write
414D000
heap
page read and write
800000
heap
page read and write
5F80000
heap
page read and write
14046C000
unkown
page execute and read and write
1343000
heap
page read and write
4460000
remote allocation
page read and write
2EBCC000
direct allocation
page read and write
3322000
heap
page read and write
4114000
heap
page read and write
2B15000
heap
page read and write
6A49000
heap
page read and write
666D000
stack
page read and write
2D61000
heap
page read and write
1343000
heap
page read and write
46C6000
heap
page read and write
14048C000
unkown
page execute and read and write
4049000
unkown
page read and write
13BB9000
direct allocation
page read and write
606000
heap
page read and write
3410000
trusted library allocation
page read and write
974000
heap
page read and write
2B27000
heap
page read and write
950000
direct allocation
page read and write
2EB70000
direct allocation
page read and write
1F0000
direct allocation
page read and write
2A57000
heap
page read and write
6B64000
heap
page read and write
417E000
heap
page read and write
4E10000
heap
page read and write
2B34000
heap
page read and write
1338000
heap
page read and write
35B2C000
direct allocation
page read and write
2D61000
heap
page read and write
4110000
heap
page read and write
2EB1C000
direct allocation
page read and write
4BDD000
heap
page read and write
28E7000
direct allocation
page read and write
950000
direct allocation
page read and write
2DF1000
heap
page read and write
2440000
heap
page read and write
2B34000
heap
page read and write
669E000
stack
page read and write
358F4000
direct allocation
page read and write
11E7000
heap
page read and write
4BED000
heap
page read and write
2C1D000
stack
page read and write
419E000
stack
page read and write
24707000
heap
page read and write
667C000
stack
page read and write
2B1D000
heap
page read and write
8B0000
heap
page read and write
2D61000
heap
page read and write
840000
unkown
page execute and read and write
356C0000
direct allocation
page read and write
1F0000
direct allocation
page read and write
2D61000
heap
page read and write
2DF1000
heap
page read and write
2CA1000
heap
page read and write
4181000
heap
page read and write
2EAB8000
direct allocation
page read and write
35B28000
direct allocation
page read and write
2D61000
heap
page read and write
2D61000
heap
page read and write
133C000
heap
page read and write
2D61000
heap
page read and write
4107000
heap
page read and write
2B34000
heap
page read and write
416F000
heap
page read and write
CCA000
unkown
page execute and write copy
1401D9000
unkown
page execute and read and write
68EC000
stack
page read and write
2D61000
heap
page read and write
2B34000
heap
page read and write
6F44000
heap
page read and write
A00000
heap
page read and write
400000
unkown
page execute and read and write
2ECD4000
direct allocation
page read and write
4154000
heap
page read and write
2B34000
heap
page read and write
2F144000
direct allocation
page read and write
28C9000
direct allocation
page read and write
1F4B000
heap
page read and write
2B28000
heap
page read and write
359B0000
direct allocation
page read and write
5C40000
direct allocation
page read and write
5F00000
heap
page read and write
7353000
heap
page read and write
5DEF000
stack
page read and write
974000
heap
page read and write
400000
unkown
page readonly
43F000
unkown
page execute read
4153000
heap
page read and write
584D000
heap
page read and write
2D3A90B0000
heap
page read and write
41AF000
heap
page read and write
4153000
heap
page read and write
730000
heap
page read and write
4203000
heap
page read and write
2B34000
heap
page read and write
41CC000
heap
page read and write
804000
heap
page read and write
41A000
unkown
page write copy
2B34000
heap
page read and write
2B34000
heap
page read and write
294D000
direct allocation
page read and write
2B34000
heap
page read and write
35738000
direct allocation
page read and write
68AF000
stack
page read and write
35840000
direct allocation
page read and write
841F000
trusted library allocation
page read and write
4150000
heap
page read and write
2AF3000
heap
page read and write
1F0000
direct allocation
page read and write
410B000
heap
page read and write
2070000
direct allocation
page read and write
804000
heap
page read and write
119D000
heap
page read and write
2472C000
heap
page read and write
1339000
heap
page read and write
41CC000
heap
page read and write
2D61000
heap
page read and write
2905000
direct allocation
page read and write
420000
unkown
page write copy
7FF6388DC000
unkown
page read and write
2C80000
remote allocation
page read and write
64D8000
heap
page read and write
606000
heap
page read and write
3320000
heap
page read and write
2070000
direct allocation
page read and write
2B34000
heap
page read and write
2B23000
heap
page read and write
47D4000
heap
page read and write
949000
heap
page read and write
2AEF000
heap
page read and write
4B21000
heap
page read and write
4080000
heap
page read and write
7CE000
stack
page read and write
2127EC44000
heap
page read and write
2B31000
heap
page read and write
414E000
stack
page read and write
DCE000
stack
page read and write
41C9000
heap
page read and write
7FF6388E1000
unkown
page read and write
2B23000
heap
page read and write
24709000
heap
page read and write
133C000
heap
page read and write
4526000
heap
page read and write
64BE000
stack
page read and write
4080000
heap
page read and write
411000
unkown
page readonly
41AC000
heap
page read and write
6D61000
heap
page read and write
35764000
direct allocation
page read and write
41A000
unkown
page write copy
804000
heap
page read and write
5B2000
heap
page read and write
27F59600000
direct allocation
page read and write
2D61000
heap
page read and write
11B9000
heap
page read and write
8E0000
heap
page read and write
D5132FE000
unkown
page readonly
2AF7000
heap
page read and write
42F5000
heap
page read and write
35774000
direct allocation
page read and write
740000
heap
page read and write
2B34000
heap
page read and write
27F39A71000
direct allocation
page read and write
5292000
heap
page read and write
68AF000
stack
page read and write
D81000
unkown
page execute read
2B23000
heap
page read and write
417A000
heap
page read and write
421E000
heap
page read and write
418B000
heap
page read and write
28C0000
direct allocation
page read and write
2B15000
heap
page read and write
F07000
unkown
page execute read
415B000
heap
page read and write
416C000
heap
page read and write
28B2000
direct allocation
page read and write
411000
unkown
page readonly
5E2F000
stack
page read and write
49F0000
heap
page read and write
426D000
heap
page read and write
691C000
stack
page read and write
503A000
heap
page read and write
804000
heap
page read and write
41AA000
heap
page read and write
97000
stack
page read and write
2410000
direct allocation
page execute and read and write
2EC70000
direct allocation
page read and write
2CD9000
heap
page read and write
1D257590000
heap
page read and write
5DE1000
heap
page read and write
2350000
direct allocation
page read and write
2D61000
heap
page read and write
2B0E000
heap
page read and write
2AEF000
heap
page read and write
404B000
unkown
page readonly
2D3A9240000
heap
page read and write
2D3A9202000
heap
page read and write
4F21000
heap
page read and write
133C000
heap
page read and write
4BED000
heap
page read and write
2EC70000
direct allocation
page read and write
2D61000
heap
page read and write
410B000
heap
page read and write
D31000
unkown
page execute read
4184000
heap
page read and write
40C6000
heap
page read and write
4155000
heap
page read and write
419E000
stack
page read and write
4590000
heap
page read and write
35B30000
direct allocation
page read and write
2B19000
heap
page read and write
2B23000
heap
page read and write
2B35000
heap
page read and write
41E9000
heap
page read and write
FD5000
heap
page read and write
6CE000
heap
page read and write
2D61000
heap
page read and write
2D61000
heap
page read and write
2EA38000
direct allocation
page read and write
5E1F000
heap
page read and write
1343000
heap
page read and write
4090000
heap
page read and write
2CA8000
heap
page read and write
2D3A9302000
heap
page read and write
974000
heap
page read and write
35638000
direct allocation
page read and write
6B5E000
heap
page read and write
77B000
unkown
page write copy
44EE000
stack
page read and write
426D000
heap
page read and write
4560000
heap
page read and write
There are 2374 hidden memdumps, click here to show them.