Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

ll.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab

PGP\011Secret Key -

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.NB65 (copy)

PGP\011Secret Key -

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.cab

data

dropped

C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.cab

data

dropped

C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\branding.xml

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\branding.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\setup.chm

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\setup.chm.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab

data

dropped

C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.cab

data

dropped

C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.cab.NB65 (copy)

data

dropped

C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm

data

dropped

C:\Program Files (x86)\AutoIt3\AutoIt.chm

data

dropped

C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm

data

dropped

C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.psd1

data

dropped

C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.xml

data

dropped

C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.lib

data

dropped

C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64_DLL.lib

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\au3.ico

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\au3script_v10.ico

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\au3script_v11.ico

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\au3script_v9.ico

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\filetype-blank.ico

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIErrorsConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIFilesConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIGdiConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIShellExConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Array.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ArrayDisplayInternals.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\CUIAutomation2.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Clipboard.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Crypt.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Date.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Debug.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\EventLog.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Excel.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\FTPEx.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\File.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GDIPlus.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GDIPlusConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiButton.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiComboBox.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiComboBoxEx.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiEdit.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiHeader.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiImageList.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiListBox.au3

SysEx File -

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiListView.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiMenu.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiMonthCal.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiReBar.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiRichEdit.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiScrollBars.au3

DOS executable (COM)

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiSlider.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiStatusBar.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiTab.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiToolTip.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiToolbar.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiTreeView.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ListViewConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Misc.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\NTSTATUSConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\NetShare.au3

COM executable for DOS

dropped

C:\Program Files (x86)\AutoIt3\Include\PowerPoint.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\SQLite.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Security.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Sound.au3

DOS executable (COM, 0x8C-variant)

dropped

C:\Program Files (x86)\AutoIt3\Include\StructureConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\UIAWrappers.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Visa.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIConv.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIDiag.au3

PGP\011Secret Key -

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIDlg.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIFiles.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIGdi.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiDC.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiInternals.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIIcons.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPILocale.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIMem.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIProc.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIReg.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIRes.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIShPath.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIShellEx.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPISys.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPISysInternals.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPISysWin.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPITheme.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinNet.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WindowsConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Word.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\helper.au3

DOS executable (COM)

dropped

C:\Program Files (x86)\AutoIt3\Include\ie.au3

data

dropped

C:\Program Files (x86)\AutoIt3\SciTE\au3.keywords.properties

data

dropped

C:\Program Files (x86)\Google\Update\GoogleUpdate.bk

data

dropped

C:\Program Files (x86)\Java\jre1.8.0_211\THIRDPARTYLICENSEREADME-JAVAFX.txt

data

dropped

C:\Program Files (x86)\Java\jre1.8.0_211\THIRDPARTYLICENSEREADME.txt

data

dropped

C:\Program Files (x86)\Microsoft Office\Document Themes 16\Facet.thmx

data

modified

C:\Program Files (x86)\autoit3\AutoIt.chm.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\AutoItX\AutoItX.chm.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\AutoItX\AutoItX.psd1.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.Assembly.xml.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_DLL.lib.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_x64_DLL.lib.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Icons\au3.ico.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Icons\au3script_v10.ico.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Icons\au3script_v11.ico.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Icons\au3script_v9.ico.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Icons\filetype-blank.ico.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIErrorsConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIFilesConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIGdiConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIShellExConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Array.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ArrayDisplayInternals.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\CUIAutomation2.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Clipboard.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Crypt.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Date.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Debug.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\EventLog.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Excel.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\FTPEx.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\File.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GDIPlus.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GDIPlusConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiButton.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiComboBox.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiComboBoxEx.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiEdit.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiHeader.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiImageList.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiListBox.au3.NB65 (copy)

SysEx File -

dropped

C:\Program Files (x86)\autoit3\Include\GuiListView.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiMenu.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiMonthCal.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiReBar.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiRichEdit.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiScrollBars.au3.NB65 (copy)

DOS executable (COM)

dropped

C:\Program Files (x86)\autoit3\Include\GuiSlider.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiStatusBar.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiTab.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiToolTip.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiToolbar.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiTreeView.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ListViewConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Misc.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\NTSTATUSConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\NetShare.au3.NB65 (copy)

COM executable for DOS

dropped

C:\Program Files (x86)\autoit3\Include\PowerPoint.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\SQLite.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Security.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Sound.au3.NB65 (copy)

DOS executable (COM, 0x8C-variant)

dropped

C:\Program Files (x86)\autoit3\Include\StructureConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\UIAWrappers.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Visa.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIConv.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIDiag.au3.NB65 (copy)

PGP\011Secret Key -

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIDlg.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIFiles.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIGdi.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIGdiDC.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIGdiInternals.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIIcons.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPILocale.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIMem.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIProc.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIReg.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIRes.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIShPath.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIShellEx.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPISys.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPISysInternals.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPISysWin.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPITheme.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinNet.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WindowsConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Word.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\helper.au3.NB65 (copy)

DOS executable (COM)

dropped

C:\Program Files (x86)\autoit3\Include\ie.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\SciTE\au3.keywords.properties.NB65 (copy)

data

dropped

C:\Program Files (x86)\google\Update\GoogleUpdate.bk.NB65 (copy)

data

dropped

C:\Program Files (x86)\java\jre1.8.0_211\THIRDPARTYLICENSEREADME-JAVAFX.txt.NB65 (copy)

data

dropped

C:\Program Files\UNP\Logs\UpdateNotificationPipeline.001.etl

data

dropped

C:\Program Files\UNP\Logs\UpdateNotificationPipeline.001.etl.NB65 (copy)

data

dropped

C:\Program Files\UNP\Logs\UpdateNotificationPipeline.002.etl

data

dropped

C:\Program Files\UNP\Logs\UpdateNotificationPipeline.002.etl.NB65 (copy)

data

dropped

C:\Program Files\UNP\Logs\UpdateNotificationPipeline.003.etl

data

dropped

C:\Program Files\UNP\Logs\UpdateNotificationPipeline.003.etl.NB65 (copy)

data

dropped

C:\Users\Default\NTUSER.DAT

data

dropped

C:\Users\Default\NTUSER.DAT.LOG1

data

dropped

C:\Users\Default\NTUSER.DAT.LOG1.NB65 (copy)

data

dropped

C:\Users\Default\NTUSER.DAT.NB65 (copy)

data

dropped

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf

WE32000 COFF executable not stripped

dropped

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf.NB65 (copy)

WE32000 COFF executable not stripped

dropped

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms

data

dropped

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms.NB65 (copy)

data

dropped

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms

data

dropped

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms.NB65 (copy)

data

dropped

C:\MSOCache\All Users\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0011-0000-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proofing.xml

data

dropped

C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Proofing.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-0044-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\DCFMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-0090-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-00A1-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-00BA-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\OSMMUI.cab

data

dropped

C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\OSMMUI.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\OSMMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\OSMMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-00E1-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\OSMUXMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-00E2-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OffSetLR.cab

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OffSetLR.cab.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm

data

dropped

C:\MSOCache\All Users\{90160000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml

data

dropped

C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-0116-0409-1000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\AccessMUISet.xml

data

dropped

C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\AccessMUISet.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-0117-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.xml

data

dropped

C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\LyncMUI.xml.NB65 (copy)

data

dropped

C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\Setup.xml

data

dropped

C:\MSOCache\All Users\{90160000-012B-0409-0000-0000000FF1CE}-C\Setup.xml.NB65 (copy)

data

dropped

C:\MSOCache\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\PerfLogs\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Adobe\Acrobat Reader DC\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Adobe\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\AutoIt3\Au3Check.dat

data

dropped

C:\Program Files (x86)\AutoIt3\Aut2Exe\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\AutoIt3\AutoIt v3 Website.url

data

dropped

C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.h

data

dropped

C:\Program Files (x86)\AutoIt3\AutoItX\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\AutoIt3\Examples\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\AutoIt3\Examples\_ReadMe_.txt

data

dropped

C:\Program Files (x86)\AutoIt3\Examples\calculator.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Examples\count-do.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Examples\count-for.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Examples\count-while.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Examples\functions.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Examples\inputbox.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Examples\msgbox.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Examples\notepad1.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Examples\notepad2.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Extras\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\AutoIt3\Extras\_ReadMe_.txt

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Blue.ico

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Green.ico

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Red.ico

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Yellow.ico

data

dropped

C:\Program Files (x86)\AutoIt3\Icons\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\AutoIt3\Include\APIComConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIDiagConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIDlgConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APILocaleConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIMiscConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIProcConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIRegConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIResConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIShPathConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APISysConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\APIThemeConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\AVIConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\AutoItConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\BorderConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ButtonConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Color.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ColorConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ComboConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Constants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\DateTimeConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\DirConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\EditConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ExcelConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\FileConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\FontConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\FrameConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GUIConstants.au3

DOS executable (COM, 0x8C-variant)

dropped

C:\Program Files (x86)\AutoIt3\Include\GUIConstantsEx.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiAVI.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiDateTimePicker.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\GuiIPAddress.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\HeaderConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\IPAddressConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ImageListConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Inet.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\InetConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ListBoxConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Math.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\MathConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Memory.au3

COM executable for DOS

dropped

C:\Program Files (x86)\AutoIt3\Include\MemoryConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\MenuConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\MsgBoxConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\NamedPipes.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\PowerPointConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Process.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ProcessConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ProgressConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\AutoIt3\Include\RebarConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\RichEditConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ScreenCapture.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ScrollBarConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ScrollBarsConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\SecurityConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\SendMessage.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\SliderConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\StaticConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\StatusBarConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\String.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\StringConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\TabConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\Timers.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ToolTipConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\ToolbarConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\TrayConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\TreeViewConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\UDFGlobalID.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\UpDownConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPI.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPICom.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIError.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIEx.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIHObj.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIInternals.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIMisc.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIlangConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIsysinfoConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WinAPIvkeysConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\WordConstants.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\_ReadMe_.txt

data

dropped

C:\Program Files (x86)\AutoIt3\Include\analysistimer.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\cleanup.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\htmlfetcher.au3

data

dropped

C:\Program Files (x86)\AutoIt3\Include\liveprocess.au3

data

dropped

C:\Program Files (x86)\AutoIt3\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\AutoIt3\SciTE\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\BqAkjNodUdHbHouxLASvwteFrQplaxonGJfrhccpfkNshmHIlOpYapDdPOSOogtd\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Common Files\Adobe\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.OLB

data

dropped

C:\Program Files (x86)\Common Files\DESIGNER\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Common Files\Java\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Common Files\Oracle\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Common Files\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Common Files\Services\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Common Files\microsoft shared\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Common Files\system\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Google\CrashReports\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Google\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Google\Update\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Internet Explorer\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Internet Explorer\SIGNUP\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins

data

dropped

C:\Program Files (x86)\Internet Explorer\en-US\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Internet Explorer\images\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Java\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Java\jre1.8.0_211\COPYRIGHT

data

dropped

C:\Program Files (x86)\Java\jre1.8.0_211\LICENSE

data

dropped

C:\Program Files (x86)\Java\jre1.8.0_211\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Java\jre1.8.0_211\README.txt

DOS executable (COM, 0x8C-variant)

dropped

C:\Program Files (x86)\Java\jre1.8.0_211\Welcome.html

data

dropped

C:\Program Files (x86)\Java\jre1.8.0_211\release

data

dropped

C:\Program Files (x86)\MSBuild\Microsoft\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\MSBuild\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft Analysis Services\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft Office\CLIPART\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft Office\Document Themes 16\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft Office\Office16\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft Office\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft Office\Stationery\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft SQL Server\110\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft SQL Server\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft.NET\ADOMD.NET\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft.NET\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Microsoft.NET\RedistList\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Mozilla Firefox\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Mozilla Firefox\plugins\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Reference Assemblies\Microsoft\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\Reference Assemblies\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\adobe\Acrobat Reader DC\ReadMe.htm.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Au3Check.dat.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\AutoIt v3 Website.url.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_DLL.h.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\_ReadMe_.txt.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\calculator.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\count-do.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\count-for.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\count-while.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\functions.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\inputbox.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\msgbox.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\notepad1.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Examples\notepad2.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Extras\_ReadMe_.txt.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Icons\MyAutoIt3_Blue.ico.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Icons\MyAutoIt3_Green.ico.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Icons\MyAutoIt3_Red.ico.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Icons\MyAutoIt3_Yellow.ico.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIComConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIDiagConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIDlgConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APILocaleConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIMiscConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIProcConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIRegConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIResConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIShPathConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APISysConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\APIThemeConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\AVIConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\AutoItConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\BorderConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ButtonConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Color.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ColorConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ComboConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Constants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\DateTimeConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\DirConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\EditConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ExcelConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\FileConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\FontConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\FrameConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GUIConstants.au3.NB65 (copy)

DOS executable (COM, 0x8C-variant)

dropped

C:\Program Files (x86)\autoit3\Include\GUIConstantsEx.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiAVI.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiDateTimePicker.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\GuiIPAddress.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\HeaderConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\IPAddressConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ImageListConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Inet.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\InetConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ListBoxConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Math.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\MathConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Memory.au3.NB65 (copy)

COM executable for DOS

dropped

C:\Program Files (x86)\autoit3\Include\MemoryConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\MenuConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\MsgBoxConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\NamedPipes.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\PowerPointConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Process.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ProcessConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ProgressConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\RebarConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\RichEditConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ScreenCapture.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ScrollBarConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ScrollBarsConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\SecurityConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\SendMessage.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\SliderConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\StaticConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\StatusBarConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\String.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\StringConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\TabConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\Timers.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ToolTipConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\ToolbarConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\TrayConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\TreeViewConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\UDFGlobalID.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\UpDownConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPI.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPICom.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIError.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIEx.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIHObj.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIInternals.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIMisc.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIlangConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIsysinfoConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WinAPIvkeysConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\WordConstants.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\_ReadMe_.txt.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\analysistimer.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\cleanup.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\htmlfetcher.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\autoit3\Include\liveprocess.au3.NB65 (copy)

data

dropped

C:\Program Files (x86)\common files\DESIGNER\MSADDNDR.OLB.NB65 (copy)

data

dropped

C:\Program Files (x86)\desktop.ini

data

dropped

C:\Program Files (x86)\desktop.ini.NB65 (copy)

data

dropped

C:\Program Files (x86)\internet explorer\SIGNUP\install.ins.NB65 (copy)

data

dropped

C:\Program Files (x86)\jDownloader\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\jDownloader\config\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files (x86)\jDownloader\config\database.script

data

dropped

C:\Program Files (x86)\java\jre1.8.0_211\COPYRIGHT.NB65 (copy)

data

dropped

C:\Program Files (x86)\java\jre1.8.0_211\LICENSE.NB65 (copy)

data

dropped

C:\Program Files (x86)\java\jre1.8.0_211\README.txt.NB65 (copy)

DOS executable (COM, 0x8C-variant)

dropped

C:\Program Files (x86)\java\jre1.8.0_211\release.NB65 (copy)

data

dropped

C:\Program Files\Common Files\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Common Files\Services\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Common Files\microsoft shared\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Common Files\system\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Google\Chrome\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Google\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\MSBuild\Microsoft\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\MSBuild\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Microsoft Office\Office16\Custom.propdesc

data

dropped

C:\Program Files\Microsoft Office\Office16\Custom.propdesc.NB65 (copy)

data

dropped

C:\Program Files\Microsoft Office\Office16\Mso Example Setup File A.txt

data

dropped

C:\Program Files\Microsoft Office\Office16\Mso Example Setup File A.txt.NB65 (copy)

data

dropped

C:\Program Files\Microsoft Office\Office16\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Microsoft Office\Office16\VisioCustom.propdesc

data

dropped

C:\Program Files\Microsoft Office\Office16\VisioCustom.propdesc.NB65 (copy)

data

dropped

C:\Program Files\Microsoft Office\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Reference Assemblies\Microsoft\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Reference Assemblies\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\UNP\Logs\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\UNP\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\UNP\UpdateNotificationMgr\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\Uninstall Information\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\desktop.ini

data

dropped

C:\Program Files\desktop.ini.NB65 (copy)

data

dropped

C:\Program Files\internet explorer\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\internet explorer\SIGNUP\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\internet explorer\SIGNUP\install.ins

data

dropped

C:\Program Files\internet explorer\SIGNUP\install.ins.NB65 (copy)

data

dropped

C:\Program Files\internet explorer\en-US\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Program Files\internet explorer\images\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Adobe\ARM\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Adobe\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Adobe\Setup\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn

PGP\011Secret Key -

dropped

C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn.NB65 (copy)

PGP\011Secret Key -

dropped

C:\ProgramData\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.MSACCESS.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.MSACCESS.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.ONENOTE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.ONENOTE.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.OUTLOOK.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.OUTLOOK.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.POWERPNT.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.POWERPNT.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.SETLANG.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SETLANG.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\MS.WINWORD.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.WINWORD.16.1033.hxn.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft Help\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft Help\nslist.hxl

data

dropped

C:\ProgramData\Microsoft Help\nslist.hxl.NB65 (copy)

data

dropped

C:\ProgramData\Microsoft OneDrive\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft OneDrive\setup\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\AppV\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Crypto\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\DRM\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Device Stage\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\DeviceSync\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Diagnosis\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\IdentityCRL\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\MF\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\MapData\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\NetFramework\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Network\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\OFFICE\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Provisioning\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Search\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Settings\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\SmsRouter\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Spectrum\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Speech_OneCore\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Storage Health\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\UEV\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\User Account Pictures\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\Vault\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\WDF\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\WinMSIPC\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Microsoft\WwanSvc\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Oracle\Java\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Oracle\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\SoftwareDistribution\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\USOPrivate\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\USOShared\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\dbg\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\regid.1991-06.com.microsoft\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Microsoft Office Professional Plus 2016.swidtag

data

dropped

C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Microsoft Office Professional Plus 2016.swidtag.NB65 (copy)

data

dropped

C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag

data

dropped

C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.NB65 (copy)

data

dropped

C:\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Recovery\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Users\Default\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Users\Public\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Users\Public\desktop.ini

data

dropped

C:\Users\Public\desktop.ini.NB65 (copy)

data

dropped

C:\Users\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Users\desktop.ini

data

dropped

C:\Users\desktop.ini.NB65 (copy)

data

dropped

C:\Users\user\R3ADM3.txt

ASCII text, with CRLF, LF line terminators

dropped

C:\Users\user\ntuser.ini

data

dropped

C:\Users\user\ntuser.ini.NB65 (copy)

data

dropped

C:\bootTel.dat

data

dropped

C:\bootTel.dat.NB65 (copy)

data

dropped

There are 737 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\ll.exe

"C:\Users\user\Desktop\ll.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7164
Target ID:	1
Parent PID:	5608
Name:	ll.exe
Path:	C:\Users\user\Desktop\ll.exe
Commandline:	"C:\Users\user\Desktop\ll.exe"
Size:	179712
MD5:	F746EA39C0C5FF9D0A1F2D250170AD80
Time:	10:01:35
Date:	08/04/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xf20000
Modulesize:	200704
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary

IPs

Domain

Country

Malicious

192.168.2.148

unknown

192.168.2.149

unknown

192.168.2.146

unknown

192.168.2.147

unknown

192.168.2.140

unknown

192.168.2.141

unknown

192.168.2.144

unknown

192.168.2.145

unknown

192.168.2.142

unknown

192.168.2.143

unknown

192.168.2.159

unknown

192.168.2.157

unknown

192.168.2.158

unknown

192.168.2.151

unknown

192.168.2.152

unknown

192.168.2.150

unknown

192.168.2.155

unknown

192.168.2.156

unknown

192.168.2.153

unknown

192.168.2.154

unknown

192.168.2.126

unknown

192.168.2.247

unknown

192.168.2.127

unknown

192.168.2.248

unknown

192.168.2.124

unknown

192.168.2.245

unknown

192.168.2.125

unknown

192.168.2.246

unknown

192.168.2.128

unknown

192.168.2.249

unknown

192.168.2.129

unknown

192.168.2.240

unknown

192.168.2.122

unknown

192.168.2.243

unknown

192.168.2.123

unknown

192.168.2.244

unknown

192.168.2.120

unknown

192.168.2.241

unknown

192.168.2.121

unknown

192.168.2.242

unknown

192.168.2.97

unknown

192.168.2.137

unknown

192.168.2.96

unknown

192.168.2.138

unknown

192.168.2.99

unknown

192.168.2.135

unknown

192.168.2.98

unknown

192.168.2.136

unknown

192.168.2.139

unknown

192.168.2.250

unknown

192.168.2.130

unknown

192.168.2.251

unknown

192.168.2.91

unknown

192.168.2.90

unknown

192.168.2.93

unknown

192.168.2.133

unknown

192.168.2.254

unknown

192.168.2.92

unknown

192.168.2.134

unknown

192.168.2.95

unknown

192.168.2.131

unknown

192.168.2.252

unknown

192.168.2.94

unknown

192.168.2.132

unknown

192.168.2.253

unknown

192.168.2.104

unknown

192.168.2.225

unknown

192.168.2.105

unknown

192.168.2.226

unknown

192.168.2.102

unknown

192.168.2.223

unknown

192.168.2.103

unknown

192.168.2.224

unknown

192.168.2.108

unknown

192.168.2.229

unknown

192.168.2.109

unknown

192.168.2.106

unknown

192.168.2.227

unknown

192.168.2.107

unknown

192.168.2.228

unknown

192.168.2.100

unknown

192.168.2.221

unknown

192.168.2.101

unknown

192.168.2.222

unknown

192.168.2.220

unknown

192.168.2.115

unknown

192.168.2.236

unknown

192.168.2.116

unknown

192.168.2.237

unknown

192.168.2.113

unknown

192.168.2.234

unknown

192.168.2.114

unknown

192.168.2.235

unknown

192.168.2.119

unknown

192.168.2.117

unknown

192.168.2.238

unknown

192.168.2.118

unknown

192.168.2.239

unknown

192.168.2.111

unknown

192.168.2.232

unknown

There are 90 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000

RegFilesHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001

Owner

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001

SessionHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001

Sequence

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001

RegFiles0000

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001

RegFilesHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0002

Owner

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0002

SessionHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0002

Sequence

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0002

RegFiles0000

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0002

RegFilesHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0003

Owner

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0003

SessionHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0003

Sequence

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0003

RegFiles0000

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0003

RegFilesHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000

RegFiles0000

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000

RegFilesHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001

SessionHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001

RegFiles0000

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001

RegFilesHash

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000

Sequence

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001

Sequence

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0002

Sequence

HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0003

Sequence

There are 20 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

E97000

heap

page read and write

2498C62F000

heap

page read and write

2BE3D160000

trusted library allocation

page read and write

23740ECE000

heap

page read and write

2498C62C000

heap

page read and write

20460BB9000

heap

page read and write

2566F347000

heap

page read and write

8396000

trusted library allocation

page read and write

20460B97000

heap

page read and write

26C1AE4B000

heap

page read and write

1F793AD0000

heap

page read and write

463E000

stack

page read and write

2BE3CEA0000

trusted library allocation

page read and write

2846F029000

heap

page read and write

823C000

trusted library allocation

page read and write

83B0000

trusted library allocation

page read and write

E93000

heap

page read and write

20460BA8000

heap

page read and write

E4F000

heap

page read and write

DBA6E7C000

stack

page read and write

86B1000

trusted library allocation

page read and write

1F6FC02A000

heap

page read and write

83A0000

trusted library allocation

page read and write

8191000

trusted library allocation

page read and write

F15E2FF000

stack

page read and write

2BE38AD0000

trusted library section

page readonly

2BE3D200000

heap

page read and write

E93000

heap

page read and write

770000

heap

page read and write

2566F34B000

heap

page read and write

8361000

trusted library allocation

page read and write

83A0000

trusted library allocation

page read and write

20460BC6000

heap

page read and write

8689000

trusted library allocation

page read and write

20460B7C000

heap

page read and write

1F6FC05D000

heap

page read and write

2BE38202000

heap

page read and write

792B000

heap

page read and write

20460B8B000

heap

page read and write

81C3000

trusted library allocation

page read and write

20460B97000

heap

page read and write

1F6FC09B000

heap

page read and write

20460288000

heap

page read and write

E97000

heap

page read and write

2BE37A89000

heap

page read and write

2566F2F0000

heap

page read and write

81C3000

trusted library allocation

page read and write

2498C646000

heap

page read and write

8207000

trusted library allocation

page read and write

2498C645000

heap

page read and write

E45000

heap

page read and write

6EAFAFF000

stack

page read and write

839C000

trusted library allocation

page read and write

F15DCFE000

stack

page read and write

86B0000

trusted library allocation

page read and write

20460B95000

heap

page read and write

E16000

heap

page read and write

8394000

trusted library allocation

page read and write

2BE3D051000

trusted library allocation

page read and write

E45000

heap

page read and write

86B1000

trusted library allocation

page read and write

8200000

trusted library allocation

page read and write

81FC000

trusted library allocation

page read and write

F4A000

unkown

page write copy

E93000

heap

page read and write

2BE37960000

heap

page read and write

F21000

unkown

page execute read

2498C666000

heap

page read and write

17F07270000

heap

page read and write

20460B8B000

heap

page read and write

E93000

heap

page read and write

779F000

stack

page read and write

14871D15000

trusted library allocation

page read and write

8718000

trusted library allocation

page read and write

1F6FC063000

heap

page read and write

827C000

trusted library allocation

page read and write

DBF5ED000

stack

page read and write

E93000

heap

page read and write

1F793BD0000

trusted library allocation

page read and write

20460BBA000

heap

page read and write

C355E7E000

stack

page read and write

2BE37A93000

heap

page read and write

1F6FC000000

heap

page read and write

20460BB9000

heap

page read and write

440417E000

stack

page read and write

204602E1000

heap

page read and write

8249000

trusted library allocation

page read and write

78F9000

heap

page read and write

8394000

trusted library allocation

page read and write

2046024F000

heap

page read and write

B96D6FD000

stack

page read and write

E97000

heap

page read and write

2BE37A76000

heap

page read and write

81FE000

trusted library allocation

page read and write

E93000

heap

page read and write

26C1ADC0000

heap

page read and write

2498C630000

heap

page read and write

E93000

heap

page read and write

8249000

trusted library allocation

page read and write

20460BBB000

heap

page read and write

8239000

trusted library allocation

page read and write

8249000

trusted library allocation

page read and write

755E000

stack

page read and write

E93000

heap

page read and write

1F794260000

remote allocation

page read and write

E46000

heap

page read and write

DBFA7C000

stack

page read and write

8249000

trusted library allocation

page read and write

20461002000

heap

page read and write

E93000

heap

page read and write

8396000

trusted library allocation

page read and write

2566F34B000

heap

page read and write

86DC000

trusted library allocation

page read and write

78E1000

heap

page read and write

827D000

trusted library allocation

page read and write

2BE3D03E000

trusted library allocation

page read and write

20460B96000

heap

page read and write

C05000

heap

page read and write

17F07260000

heap

page read and write

827C000

trusted library allocation

page read and write

E93000

heap

page read and write

20460249000

heap

page read and write

83A1000

trusted library allocation

page read and write

81C3000

trusted library allocation

page read and write

DBA6FFB000

stack

page read and write

E93000

heap

page read and write

F44000

unkown

page readonly

20460B7C000

heap

page read and write

81C3000

trusted library allocation

page read and write

823D000

trusted library allocation

page read and write

20460BA3000

heap

page read and write

2846EE20000

heap

page read and write

2566F36D000

heap

page read and write

827C000

trusted library allocation

page read and write

8681000

trusted library allocation

page read and write

DA0000

heap

page read and write

8724000

trusted library allocation

page read and write

2498C66D000

heap

page read and write

83A0000

trusted library allocation

page read and write

20461002000

heap

page read and write

2BE3D300000

heap

page read and write

204602A9000

heap

page read and write

86B1000

trusted library allocation

page read and write

20460B87000

heap

page read and write

E93000

heap

page read and write

2846F082000

heap

page read and write

79E0000

trusted library allocation

page read and write

DC0000

heap

page read and write

2566F336000

heap

page read and write

E93000

heap

page read and write

E93000

heap

page read and write

78F1000

heap

page read and write

C355C7E000

stack

page read and write

83A0000

trusted library allocation

page read and write

48FE000

stack

page read and write

20460BA1000

heap

page read and write

2BE3D255000

heap

page read and write

E93000

heap

page read and write

20460BC4000

heap

page read and write

86B1000

trusted library allocation

page read and write

866B000

trusted library allocation

page read and write

81C3000

trusted library allocation

page read and write

E93000

heap

page read and write

DBF978000

stack

page read and write

3A426FA000

stack

page read and write

823C000

trusted library allocation

page read and write

5BD0000

direct allocation

page read and write

1D69C0F0000

heap

page read and write

1F6FC07C000

heap

page read and write

8361000

trusted library allocation

page read and write

2BE38358000

heap

page read and write

2B7827C000

stack

page read and write

F15DC7B000

stack

page read and write

2BE38318000

heap

page read and write

E86000

heap

page read and write

20460B8D000

heap

page read and write

2BE3D140000

trusted library allocation

page read and write

1D69C100000

heap

page read and write

827C000

trusted library allocation

page read and write

823D000

trusted library allocation

page read and write

823C000

trusted library allocation

page read and write

8396000

trusted library allocation

page read and write

8361000

trusted library allocation

page read and write

2BE38130000

trusted library allocation

page read and write

F20000

unkown

page readonly

20460BBA000

heap

page read and write

20460B97000

heap

page read and write

204602EA000

heap

page read and write

23741732000

heap

page read and write

4403FFD000

stack

page read and write

8394000

trusted library allocation

page read and write

20460B7C000

heap

page read and write

2566F35D000

heap

page read and write

20460B83000

heap

page read and write

E21000

heap

page read and write

23741602000

heap

page read and write

20460B85000

heap

page read and write

8249000

trusted library allocation

page read and write

C355D7E000

stack

page read and write

823C000

trusted library allocation

page read and write

20460B97000

heap

page read and write

17F07478000

heap

page read and write

20460B78000

heap

page read and write

6EAF37A000

stack

page read and write

20460B88000

heap

page read and write

827C000

trusted library allocation

page read and write

42BD000

stack

page read and write

E93000

heap

page read and write

2498C669000

heap

page read and write

8374000

trusted library allocation

page read and write

20460B9F000

heap

page read and write

2BE3D150000

trusted library allocation

page read and write

8191000

trusted library allocation

page read and write

823C000

trusted library allocation

page read and write

2846F102000

heap

page read and write

E45000

heap

page read and write

1F6FC102000

heap

page read and write

E93000

heap

page read and write

EC200FB000

stack

page read and write

8209000

trusted library allocation

page read and write

2566F341000

heap

page read and write

1F6FBDE0000

heap

page read and write

E93000

heap

page read and write

C09000

heap

page read and write

20461002000

heap

page read and write

8522000

trusted library allocation

page read and write

20460B97000

heap

page read and write

86F5000

trusted library allocation

page read and write

E97000

heap

page read and write

8209000

trusted library allocation

page read and write

83A0000

trusted library allocation

page read and write

E5C000

heap

page read and write

827C000

trusted library allocation

page read and write

8191000

trusted library allocation

page read and write

20460316000

heap

page read and write

8206000

trusted library allocation

page read and write

EC2027F000

stack

page read and write

20460BA4000

heap

page read and write

5BB0000

heap

page read and write

20460BBB000

heap

page read and write

2BE3D302000

heap

page read and write

E93000

heap

page read and write

2BE38501000

trusted library allocation

page read and write

827C000

trusted library allocation

page read and write

8209000

trusted library allocation

page read and write

81C9000

trusted library allocation

page read and write

E46000

heap

page read and write

2498C67A000

heap

page read and write

8724000

trusted library allocation

page read and write

E93000

heap

page read and write

2BE3D2F7000

heap

page read and write

B96DA77000

stack

page read and write

2BE3D074000

trusted library allocation

page read and write

43FD000

stack

page read and write

C3556BB000

stack

page read and write

8394000

trusted library allocation

page read and write

8522000

trusted library allocation

page read and write

4B7D000

stack

page read and write

2BE38E80000

trusted library allocation

page read and write

2846F04E000

heap

page read and write

83A0000

trusted library allocation

page read and write

2846EDB0000

heap

page read and write

E97000

heap

page read and write

2BE3D190000

remote allocation

page read and write

81C5000

trusted library allocation

page read and write

20460BA8000

heap

page read and write

20460B88000

heap

page read and write

26C1AE3C000

heap

page read and write

204601F0000

remote allocation

page read and write

26C1AF02000

heap

page read and write

2846F000000

heap

page read and write

827C000

trusted library allocation

page read and write

2B780FE000

stack

page read and write

2BE38AE0000

trusted library section

page readonly

8B2F000

stack

page read and write

20460BB9000

heap

page read and write

26C1AE4A000

heap

page read and write

6EAEF7B000

stack

page read and write

2498C64F000

heap

page read and write

B96DD7F000

stack

page read and write

20461002000

heap

page read and write

2BE37A70000

heap

page read and write

E93000

heap

page read and write

8249000

trusted library allocation

page read and write

20460BA8000

heap

page read and write

2BE3D030000

trusted library allocation

page read and write

1D69C230000

heap

page read and write

1F6FC05B000

heap

page read and write

E5B000

heap

page read and write

2566F352000

heap

page read and write

A2CFD0E000

stack

page read and write

2BE38300000

heap

page read and write

827E000

trusted library allocation

page read and write

6EAFCFF000

stack

page read and write

2498C629000

heap

page read and write

823D000

trusted library allocation

page read and write

20460281000

heap

page read and write

E93000

heap

page read and write

E93000

heap

page read and write

86E3000

trusted library allocation

page read and write

2BE3D100000

trusted library allocation

page read and write

20460200000

heap

page read and write

DBA72FC000

stack

page read and write

C0A000

heap

page read and write

C07000

heap

page read and write

2BE3D190000

trusted library allocation

page read and write

2BE3D2E7000

heap

page read and write

2566F372000

heap

page read and write

2566F320000

heap

page read and write

2BE38313000

heap

page read and write

6EAF5FC000

stack

page read and write

C07000

heap

page read and write

4C7E000

stack

page read and write

23740D60000

heap

page read and write

2BE37ABA000

heap

page read and write

8191000

trusted library allocation

page read and write

792C000

heap

page read and write

81FE000

trusted library allocation

page read and write

E97000

heap

page read and write

81A0000

trusted library allocation

page read and write

8631000

trusted library allocation

page read and write

1F6FC013000

heap

page read and write

2B7817E000

stack

page read and write

8396000

trusted library allocation

page read and write

DBFB7C000

stack

page read and write

2BE37B02000

heap

page read and write

839C000

trusted library allocation

page read and write

2BE3D24B000

heap

page read and write

8206000

trusted library allocation

page read and write

81C6000

trusted library allocation

page read and write

3A422CD000

stack

page read and write

E97000

heap

page read and write

2498C64A000

heap

page read and write

86E3000

trusted library allocation

page read and write

E5B000

heap

page read and write

20460B6E000

heap

page read and write

1F793C02000

heap

page read and write

E93000

heap

page read and write

2B78377000

stack

page read and write

20460180000

trusted library allocation

page read and write

78F9000

heap

page read and write

2BE3D060000

trusted library allocation

page read and write

2566F369000

heap

page read and write

8522000

trusted library allocation

page read and write

17F072D0000

heap

page read and write

EC1FCFA000

stack

page read and write

C3557BE000

stack

page read and write

E1B000

heap

page read and write

1F6FC061000

heap

page read and write

E93000

heap

page read and write

E1B000

heap

page read and write

6EAFBFF000

stack

page read and write

2566F35D000

heap

page read and write

EC2017F000

stack

page read and write

20460B84000

heap

page read and write

827C000

trusted library allocation

page read and write

2BE3D212000

heap

page read and write

8394000

trusted library allocation

page read and write

8361000

trusted library allocation

page read and write

2BE38359000

heap

page read and write

81FC000

trusted library allocation

page read and write

26C1AD60000

heap

page read and write

26C1B602000

trusted library allocation

page read and write

20460B97000

heap

page read and write

467D000

stack

page read and write

E93000

heap

page read and write

23740E00000

heap

page read and write

20460BC4000

heap

page read and write

822F000

trusted library allocation

page read and write

81C3000

trusted library allocation

page read and write

2BE3D190000

remote allocation

page read and write

E93000

heap

page read and write

2BE3D2FA000

heap

page read and write

E29000

heap

page read and write

4A3E000

stack

page read and write

8209000

trusted library allocation

page read and write

3A429FE000

stack

page read and write

83C1000

trusted library allocation

page read and write

EAB000

heap

page read and write

20460308000

heap

page read and write

F4D000

unkown

page readonly

8206000

trusted library allocation

page read and write

20460BA8000

heap

page read and write

81C9000

trusted library allocation

page read and write

2BE38E90000

trusted library allocation

page read and write

E44000

heap

page read and write

2566F336000

heap

page read and write

20460B97000

heap

page read and write

E93000

heap

page read and write

17F07429000

heap

page read and write

81C0000

trusted library allocation

page read and write

2846F091000

heap

page read and write

2498C64D000

heap

page read and write

E97000

heap

page read and write

1F793C3D000

heap

page read and write

2BE379D0000

heap

page read and write

1F794260000

remote allocation

page read and write

E45000

heap

page read and write

23740F02000

heap

page read and write

81A8000

trusted library allocation

page read and write

2B786FE000

unkown

page read and write

2B78578000

stack

page read and write

26C1AE8E000

heap

page read and write

2BE3D221000

heap

page read and write

1D69C288000

heap

page read and write

E93000

heap

page read and write

DBA6CFF000

stack

page read and write

2498C66B000

heap

page read and write

8394000

trusted library allocation

page read and write

81C3000

trusted library allocation

page read and write

8206000

trusted library allocation

page read and write

8191000

trusted library allocation

page read and write

20460270000

heap

page read and write

20460B97000

heap

page read and write

8191000

trusted library allocation

page read and write

2566F352000

heap

page read and write

8208000

trusted library allocation

page read and write

827C000

trusted library allocation

page read and write

C07000

heap

page read and write

8249000

trusted library allocation

page read and write

DF9000

heap

page read and write

2BE38140000

trusted library section

page read and write

20461002000

heap

page read and write

81C5000

trusted library allocation

page read and write

827C000

trusted library allocation

page read and write

839C000

trusted library allocation

page read and write

8394000

trusted library allocation

page read and write

4403BFE000

stack

page read and write

EC2067F000

stack

page read and write

78E0000

heap

page read and write

2498C62D000

heap

page read and write

8631000

trusted library allocation

page read and write

78F9000

heap

page read and write

8361000

trusted library allocation

page read and write

14871E02000

heap

page read and write

2046101B000

heap

page read and write

204601F0000

remote allocation

page read and write

2566F34B000

heap

page read and write

1F793A70000

heap

page read and write

E93000

heap

page read and write

8396000

trusted library allocation

page read and write

839C000

trusted library allocation

page read and write

E45000

heap

page read and write

769E000

stack

page read and write

20460B7E000

heap

page read and write

2498C420000

heap

page read and write

E27000

heap

page read and write

26C1AF00000

heap

page read and write

86DA000

trusted library allocation

page read and write

8208000

trusted library allocation

page read and write

E24000

heap

page read and write

20460BA1000

heap

page read and write

2846F108000

heap

page read and write

E93000

heap

page read and write

E93000

heap

page read and write

2046101B000

heap

page read and write

2498C613000

heap

page read and write

E97000

heap

page read and write

20460B5F000

heap

page read and write

8396000

trusted library allocation

page read and write

14871E13000

heap

page read and write

F15DE7C000

stack

page read and write

2498C67E000

heap

page read and write

20460A02000

heap

page read and write

8394000

trusted library allocation

page read and write

EB2000

heap

page read and write

EC201FF000

stack

page read and write

20460B9E000

heap

page read and write

2498C677000

heap

page read and write

EC1FFFA000

stack

page read and write

2566F360000

heap

page read and write

14871C13000

unkown

page read and write

1D69C250000

heap

page read and write

E93000

heap

page read and write

2498C410000

heap

page read and write

14871C00000

unkown

page read and write

2846EFF0000

trusted library allocation

page read and write

4403C7E000

stack

page read and write

2BE38200000

heap

page read and write

23740ED0000

heap

page read and write

86B0000

trusted library allocation

page read and write

E46000

heap

page read and write

81FC000

trusted library allocation

page read and write

17F07402000

heap

page read and write

839C000

trusted library allocation

page read and write

C00000

heap

page read and write

E93000

heap

page read and write

26C1ADF0000

trusted library allocation

page read and write

E93000

heap

page read and write

204602B3000

heap

page read and write

83EE000

trusted library allocation

page read and write

1F6FC113000

heap

page read and write

8360000

trusted library allocation

page read and write

83A0000

trusted library allocation

page read and write

8206000

trusted library allocation

page read and write

839C000

trusted library allocation

page read and write

14871A00000

heap

page read and write

26C1AE29000

heap

page read and write

20460B86000

heap

page read and write

823C000

trusted library allocation

page read and write

14871D00000

trusted library allocation

page read and write

8249000

trusted library allocation

page read and write

26C1AE70000

heap

page read and write

20460BBF000

heap

page read and write

8249000

trusted library allocation

page read and write

2498C63A000

heap

page read and write

823C000

trusted library allocation

page read and write

2BE38AC0000

trusted library section

page readonly

E93000

heap

page read and write

2BE38AF0000

trusted library section

page readonly

86B1000

trusted library allocation

page read and write

81C9000

trusted library allocation

page read and write

1F793D02000

heap

page read and write

20460B97000

heap

page read and write

440377B000

stack

page read and write

2B787F8000

stack

page read and write

2498C642000

heap

page read and write

E93000

heap

page read and write

23740F13000

heap

page read and write

20460229000

heap

page read and write

1F6FC05C000

heap

page read and write

20460B83000

heap

page read and write

1D69C2D9000

heap

page read and write

8213000

trusted library allocation

page read and write

2498C649000

heap

page read and write

83A0000

trusted library allocation

page read and write

8249000

trusted library allocation

page read and write

2BE37A57000

heap

page read and write

EC1FEFE000

stack

page read and write

2BE37A8E000

heap

page read and write

2846F100000

heap

page read and write

792C000

heap

page read and write

23740E13000

heap

page read and write

8206000

trusted library allocation

page read and write

2BE3CE90000

trusted library allocation

page read and write

8390000

trusted library allocation

page read and write

20460BA4000

heap

page read and write

8657000

trusted library allocation

page read and write

20460B83000

heap

page read and write

827C000

trusted library allocation

page read and write

2BE3D262000

heap

page read and write

B40000

trusted library allocation

page read and write

204600F0000

heap

page read and write

26C1AF08000

heap

page read and write

83A1000

trusted library allocation

page read and write

81C9000

trusted library allocation

page read and write

23741700000

heap

page read and write

C07000

heap

page read and write

17F07457000

heap

page read and write

2566F5B0000

heap

page read and write

E01000

heap

page read and write

5190000

direct allocation

page read and write

2BE38318000

heap

page read and write

1F6FC108000

heap

page read and write

20460B8B000

heap

page read and write

827C000

trusted library allocation

page read and write

E93000

heap

page read and write

8522000

trusted library allocation

page read and write

2846F051000

heap

page read and write

8249000

trusted library allocation

page read and write

EC203FF000

stack

page read and write

792C000

heap

page read and write

20460BB9000

heap

page read and write

2498C702000

heap

page read and write

20460BC4000

heap

page read and write

C09000

heap

page read and write

E49000

heap

page read and write

A2CFC8A000

stack

page read and write

1D69C105000

heap

page read and write

20460B8B000

heap

page read and write

20460B7C000

heap

page read and write

20460B97000

heap

page read and write

23740EBF000

heap

page read and write

8249000

trusted library allocation

page read and write

2BE37A8C000

heap

page read and write

1D69C280000

heap

page read and write

2846F013000

heap

page read and write

2BE37A3D000

heap

page read and write

1F793C29000

heap

page read and write

81FC000

trusted library allocation

page read and write

2BE3D22D000

heap

page read and write

2BE37AAE000

heap

page read and write

2BE3D2EC000

heap

page read and write

14871D02000

trusted library allocation

page read and write

E93000

heap

page read and write

14871C29000

heap

page read and write

20460213000

heap

page read and write

8191000

trusted library allocation

page read and write

823C000

trusted library allocation

page read and write

4B3E000

stack

page read and write

81FE000

trusted library allocation

page read and write

E97000

heap

page read and write

E46000

heap

page read and write

204602A9000

heap

page read and write

B96D97B000

stack

page read and write

20461000000

heap

page read and write

2B7807B000

stack

page read and write

81C3000

trusted library allocation

page read and write

20460B53000

heap

page read and write

4C80000

direct allocation

page read and write

81FE000

trusted library allocation

page read and write

78F9000

heap

page read and write

26C1AE49000

heap

page read and write

1F6FBF50000

trusted library allocation

page read and write

8361000

trusted library allocation

page read and write

2BE38B10000

trusted library section

page readonly

23740DF0000

trusted library allocation

page read and write

20460B85000

heap

page read and write

20460B5D000

heap

page read and write

DBA673B000

stack

page read and write

827C000

trusted library allocation

page read and write

2BE38E61000

trusted library allocation

page read and write

20461022000

heap

page read and write

78F9000

heap

page read and write

17F0745B000

heap

page read and write

20460B74000

heap

page read and write

2566F341000

heap

page read and write

20460B88000

heap

page read and write

8630000

trusted library allocation

page read and write

E93000

heap

page read and write

DC8000

heap

page read and write

2498C64E000

heap

page read and write

20460B85000

heap

page read and write

3A427FF000

stack

page read and write

E45000

heap

page read and write

17F073D0000

trusted library allocation

page read and write

81C9000

trusted library allocation

page read and write

2498C63C000

heap

page read and write

2BE3D2DB000

heap

page read and write

2BE38B00000

trusted library section

page readonly

1F794402000

trusted library allocation

page read and write

DBA73FF000

stack

page read and write

A2D007E000

stack

page read and write

795F000

heap

page read and write

F4A000

unkown

page read and write

66167FF000

stack

page read and write

2566F360000

heap

page read and write

2BE37A79000

heap

page read and write

2498C62E000

heap

page read and write

20460B8D000

heap

page read and write

20460313000

heap

page read and write

823C000

trusted library allocation

page read and write

20460B7C000

heap

page read and write

26C1AD50000

heap

page read and write

20461022000

heap

page read and write

86E3000

trusted library allocation

page read and write

477E000

stack

page read and write

F4D000

unkown

page readonly

81FF000

trusted library allocation

page read and write

F15DFFE000

stack

page read and write

E93000

heap

page read and write

E93000

heap

page read and write

EC1FA7E000

stack

page read and write

81FC000

trusted library allocation

page read and write

8396000

trusted library allocation

page read and write

2566F340000

heap

page read and write

20460256000

heap

page read and write

83A0000

trusted library allocation

page read and write

14871C42000

heap

page read and write

8249000

trusted library allocation

page read and write

E44000

heap

page read and write

81C9000

trusted library allocation

page read and write

8201000

trusted library allocation

page read and write

2566F369000

heap

page read and write

E9A000

heap

page read and write

23740DC0000

heap

page read and write

1F6FC100000

heap

page read and write

20460BA9000

heap

page read and write

2BE37AFD000

heap

page read and write

2BE37A26000

heap

page read and write

17F07400000

heap

page read and write

86E3000

trusted library allocation

page read and write

DBFAFE000

stack

page read and write

86E3000

trusted library allocation

page read and write

A2D017F000

stack

page read and write

EC1F78B000

stack

page read and write

2846F04B000

heap

page read and write

81C5000

trusted library allocation

page read and write

8191000

trusted library allocation

page read and write

20460B84000

heap

page read and write

2BE37B13000

heap

page read and write

EC1FBF7000

stack

page read and write

C355B7E000

stack

page read and write

792C000

heap

page read and write

20460302000

heap

page read and write

2BE3D070000

trusted library allocation

page read and write

20460150000

heap

page read and write

8206000

trusted library allocation

page read and write

2B7867F000

stack

page read and write

E97000

heap

page read and write

2566F36E000

heap

page read and write

2BE37970000

heap

page read and write

E93000

heap

page read and write

20461018000

heap

page read and write

8249000

trusted library allocation

page read and write

2846EDC0000

heap

page read and write

8396000

trusted library allocation

page read and write

B96DB7F000

stack

page read and write

2BE37AA1000

heap

page read and write

8522000

trusted library allocation

page read and write

2498C63B000

heap

page read and write

20461002000

heap

page read and write

83A0000

trusted library allocation

page read and write

8394000

trusted library allocation

page read and write

83A1000

trusted library allocation

page read and write

48BE000

stack

page read and write

23740E51000

heap

page read and write

20460BBF000

heap

page read and write

823C000

trusted library allocation

page read and write

E45000

heap

page read and write

20460B7C000

heap

page read and write

14871A70000

heap

page read and write

26C1AE00000

heap

page read and write

20460B87000

heap

page read and write

1F793C13000

heap

page read and write

EC2037F000

stack

page read and write

26C1AE68000

heap

page read and write

1F6FC05F000

heap

page read and write

B96D77E000

stack

page read and write

20460B85000

heap

page read and write

204602EE000

heap

page read and write

6EAF9FF000

stack

page read and write

2BE3D190000

remote allocation

page read and write

E45000

heap

page read and write

47BE000

stack

page read and write

26C1AF13000

heap

page read and write

2498C63E000

heap

page read and write

6EAF4FE000

stack

page read and write

8361000

trusted library allocation

page read and write

661627E000

stack

page read and write

2498C644000

heap

page read and write

2498C64B000

heap

page read and write

2498C67B000

heap

page read and write

26C1AE4D000

heap

page read and write

26C1AE13000

heap

page read and write

2846F070000

heap

page read and write

17F07413000

heap

page read and write

20460B74000

heap

page read and write

23740E6E000

heap

page read and write

66164FB000

stack

page read and write

2566F360000

heap

page read and write

23740E88000

heap

page read and write

DBA6B7C000

stack

page read and write

66166FF000

stack

page read and write

839C000

trusted library allocation

page read and write

823D000

trusted library allocation

page read and write

17F07502000

heap

page read and write

2498C600000

heap

page read and write

8209000

trusted library allocation

page read and write

8206000

trusted library allocation

page read and write

2BE389E0000

trusted library allocation

page read and write

20460B86000

heap

page read and write

2BE3D054000

trusted library allocation

page read and write

81C9000

trusted library allocation

page read and write

874F000

trusted library allocation

page read and write

1F793C25000

heap

page read and write

6615FBB000

stack

page read and write

2566F5B5000

heap

page read and write

F15DD7E000

stack

page read and write

14871C59000

heap

page read and write

20460B24000

heap

page read and write

DBA6DFE000

stack

page read and write

765F000

stack

page read and write

2498C580000

trusted library allocation

page read and write

8361000

trusted library allocation

page read and write

2BE3D2F7000

heap

page read and write

20460B70000

heap

page read and write

8361000

trusted library allocation

page read and write

6EAF6FF000

stack

page read and write

44FE000

stack

page read and write

2566F369000

heap

page read and write

E93000

heap

page read and write

EC1FDFA000

stack

page read and write

20460B78000

heap

page read and write

83A0000

trusted library allocation

page read and write

2BE37A00000

heap

page read and write

2BE3D2F6000

heap

page read and write

2498C630000

heap

page read and write

6EAF7FD000

stack

page read and write

E97000

heap

page read and write

DBA6F7C000

stack

page read and write

B96D67B000

stack

page read and write

8250000

trusted library allocation

page read and write

8394000

trusted library allocation

page read and write

8206000

trusted library allocation

page read and write

20460B64000

heap

page read and write

1F6FC05A000

heap

page read and write

2846F113000

heap

page read and write

81C3000

trusted library allocation

page read and write

B96D87B000

stack

page read and write

204601F0000

remote allocation

page read and write

F44000

unkown

page readonly

2498C684000

heap

page read and write

14871C02000

unkown

page read and write

8201000

trusted library allocation

page read and write

8209000

trusted library allocation

page read and write

2BE3D29E000

heap

page read and write

81C6000

trusted library allocation

page read and write

E4F000

heap

page read and write

86B1000

trusted library allocation

page read and write

81FC000

trusted library allocation

page read and write

2BE3D038000

trusted library allocation

page read and write

E93000

heap

page read and write

DBA70FF000

stack

page read and write

2566F32B000

heap

page read and write

C355AFF000

stack

page read and write

F15E1FF000

stack

page read and write

842F000

trusted library allocation

page read and write

E93000

heap

page read and write

6EAF8FF000

stack

page read and write

17F07463000

heap

page read and write

8206000

trusted library allocation

page read and write

23740E29000

heap

page read and write

1F794260000

remote allocation

page read and write

4403E7D000

stack

page read and write

20460B9E000

heap

page read and write

C35573E000

stack

page read and write

8209000

trusted library allocation

page read and write

20460BA8000

heap

page read and write

78E1000

heap

page read and write

E93000

heap

page read and write

8394000

trusted library allocation

page read and write

17F07C02000

trusted library allocation

page read and write

83A0000

trusted library allocation

page read and write

1F6FC052000

heap

page read and write

F15E0F7000

stack

page read and write

2498C480000

heap

page read and write

20460B7C000

heap

page read and write

EC2047E000

stack

page read and write

F15DF7B000

stack

page read and write

81C3000

trusted library allocation

page read and write

E93000

heap

page read and write

8209000

trusted library allocation

page read and write

17F07513000

heap

page read and write

2498C641000

heap

page read and write

1F793C00000

heap

page read and write

86E3000

trusted library allocation

page read and write

3A428F9000

stack

page read and write

DBA71FF000

stack

page read and write

E7C000

heap

page read and write

8209000

trusted library allocation

page read and write

F21000

unkown

page execute read

20460B00000

heap

page read and write

827C000

trusted library allocation

page read and write

81FD000

trusted library allocation

page read and write

E32000

heap

page read and write

23740EC7000

heap

page read and write

81C3000

trusted library allocation

page read and write

8249000

trusted library allocation

page read and write

20460B8B000

heap

page read and write

E46000

heap

page read and write

4403EFE000

stack

page read and write

17F07441000

heap

page read and write

66165F7000

stack

page read and write

20460B86000

heap

page read and write

8361000

trusted library allocation

page read and write

2BE3D23E000

heap

page read and write

8201000

trusted library allocation

page read and write

827C000

trusted library allocation

page read and write

8555000

trusted library allocation

page read and write

E44000

heap

page read and write

E44000

heap

page read and write

2BE3D170000

trusted library allocation

page read and write

8547000

trusted library allocation

page read and write

2BE37A29000

heap

page read and write

2BE38215000

heap

page read and write

2BE3D2F2000

heap

page read and write

2566F420000

heap

page read and write

823C000

trusted library allocation

page read and write

A2D00F8000

stack

page read and write

26C1AE88000

heap

page read and write

2BE3CF20000

trusted library allocation

page read and write

C09000

heap

page read and write

86E3000

trusted library allocation

page read and write

2566F346000

heap

page read and write

8180000

heap

page read and write

E03000

heap

page read and write

20460B19000

heap

page read and write

1F6FC03C000

heap

page read and write

1F6FBE50000

heap

page read and write

DFE000

heap

page read and write

78F9000

heap

page read and write

2BE3CF10000

trusted library allocation

page read and write

204602ED000

heap

page read and write

E93000

heap

page read and write

E93000

heap

page read and write

2498CE02000

trusted library allocation

page read and write

2498C663000

heap

page read and write

DBF9F8000

stack

page read and write

23740D50000

heap

page read and write

78F1000

heap

page read and write

AFC000

stack

page read and write

2846F602000

trusted library allocation

page read and write

2846F03C000

heap

page read and write

E97000

heap

page read and write

DBFBFC000

stack

page read and write

49FF000

stack

page read and write

56A0000

direct allocation

page read and write

1F6FC802000

trusted library allocation

page read and write

2566F1C0000

heap

page read and write

204602BF000

heap

page read and write

E93000

heap

page read and write

2BE3D030000

trusted library allocation

page read and write

839C000

trusted library allocation

page read and write

C09000

heap

page read and write

204602C6000

heap

page read and write

81FE000

trusted library allocation

page read and write

83A0000

trusted library allocation

page read and write

2BE3D060000

trusted library allocation

page read and write

2BE38302000

heap

page read and write

2566F342000

heap

page read and write

20460BB9000

heap

page read and write

86BC000

trusted library allocation

page read and write

14871A10000

trusted library allocation

page read and write

827C000

trusted library allocation

page read and write

2BE3D050000

trusted library allocation

page read and write

1F6FC060000

heap

page read and write

78E1000

heap

page read and write

1D69C294000

heap

page read and write

811E000

stack

page read and write

81FF000

trusted library allocation

page read and write

A2CFD8E000

stack

page read and write

8522000

trusted library allocation

page read and write

453C000

stack

page read and write

2BE3D180000

trusted library allocation

page read and write

839C000

trusted library allocation

page read and write

839C000

trusted library allocation

page read and write

7DC000

stack

page read and write

4403D7E000

stack

page read and write

2566F331000

heap

page read and write

B96DC7D000

stack

page read and write

2566F341000

heap

page read and write

792C000

heap

page read and write

C09000

heap

page read and write

8201000

trusted library allocation

page read and write

A2D01FC000

stack

page read and write

C09000

heap

page read and write

E40000

heap

page read and write

2BE37A13000

heap

page read and write

43BE000

stack

page read and write

20460B89000

heap

page read and write

81E6000

trusted library allocation

page read and write

26C1AE68000

heap

page read and write

1F6FBDF0000

heap

page read and write

E48000

heap

page read and write

2566F35D000

heap

page read and write

20460B7F000

heap

page read and write

20460B8B000

heap

page read and write

2B78477000

stack

page read and write

1F793C58000

heap

page read and write

2566F352000

heap

page read and write

E93000

heap

page read and write

204600E0000

heap

page read and write

E93000

heap

page read and write

1F793A60000

heap

page read and write

204602FD000

heap

page read and write

2046023C000

heap

page read and write

83A1000

trusted library allocation

page read and write

E93000

heap

page read and write

E13000

heap

page read and write

8206000

trusted library allocation

page read and write

EBC000

heap

page read and write

20461062000

heap

page read and write

44040FD000

stack

page read and write

20460258000

heap

page read and write

23740EE2000

heap

page read and write

8724000

trusted library allocation

page read and write

8394000

trusted library allocation

page read and write

20460B84000

heap

page read and write

8361000

trusted library allocation

page read and write

E2B000

heap

page read and write

827C000

trusted library allocation

page read and write

E93000

heap

page read and write

E0D000

heap

page read and write

E93000

heap

page read and write

2BE38E83000

trusted library allocation

page read and write

8361000

trusted library allocation

page read and write

20460B8D000

heap

page read and write

2498C650000

heap

page read and write

E93000

heap

page read and write

2566F344000

heap

page read and write

E42000

heap

page read and write

839C000

trusted library allocation

page read and write

66162FE000

stack

page read and write

E5B000

heap

page read and write

F20000

unkown

page readonly

2498C647000

heap

page read and write

2BE3D2A0000

heap

page read and write

There are 978 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
ll.exe

Files

Processes

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportll.exe

Files

Processes

IPs

Registry

Memdumps

IOC Report
ll.exe