Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

2OmglUwx83.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Users\user\AppData\Local\0ca24ce5-0f24-4ca6-b87c-11cb41906c23\build2.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst

PostScript document text

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

data

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000013.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\build2[1].exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\SmartScreenCache.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml

data

dropped

C:\Users\user\AppData\Local\Temp\chrome_installer.log

data

dropped

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe

MS-DOS executable

dropped

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe:Zone.Identifier

ASCII text, with CRLF line terminators

modified

C:\Users\user\Desktop\DVWHKMNFNN\NWTVCDUMOB.pdf

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX.docx

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\CURQNKVOIX.jpg

data

dropped

C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeSysFnt19.lst.vvyu (copy)

PostScript document text

dropped

C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache.bin.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Internet Explorer\MSIMGSIZ.DAT.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Internet Explorer\UrlBlock\urlblock_637194112741176080.bin.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000013.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000007.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Shell\DefaultLayouts.xml.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Temp\chrome_installer.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Temporary Internet Files\Low\MSIMGSIZ.DAT.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Temporary Internet Files\Low\SmartScreenCache.dat.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe.vvyu (copy)

MS-DOS executable

dropped

C:\_readme.txt

ASCII text, with CRLF line terminators

dropped

C:\ProgramData\05322493605623596985969059

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\ProgramData\26935466222163289633987941

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\ProgramData\57030713821379500194956248

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\ProgramData\71094135503925161979660642

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\ProgramData\74995908947202801370833703

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\ProgramData\87748271858601039393839930

SQLite 3.x database, last written using SQLite version 3032001

dropped

C:\SystemID\PersonalID.txt

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst

PostScript document text

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

data

dropped

C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst

data

dropped

C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp

data

dropped

C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

data

dropped

C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

data

dropped

C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx

data

dropped

C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma

data

dropped

C:\Users\user\AppData\Local\IconCache.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NGenTask.exe.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\ngen.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NGenTask.exe.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\ngen.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml

data

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml

data

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt

data

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log

Little-endian UTF-16 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log

Little-endian UTF-16 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-100.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-150.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-200.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-150.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-100.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-200.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.VisualElementsManifest.xml

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\Resources.pri

data

dropped

C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\ECSConfig.json

data

dropped

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

data

dropped

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

data

dropped

C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_29_0.png

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.3.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{278F5142-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\get[1].htm

ASCII text, with very long lines, with no line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\deprecated.cookie

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\UPPS\UPPS.bin

PDP-11 UNIX/RT ldp

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V010000B.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V010000C.log

data

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V010000D.log

data

modified

C:\Users\user\AppData\Local\Temp\AdobeARM.log

data

dropped

C:\Users\user\AppData\Local\Temp\CR_14C6C.tmp\setup.exe

MS-DOS executable, MZ for MS-DOS

dropped

C:\Users\user\AppData\Local\Temp\JavaDeployReg.log

data

dropped

C:\Users\user\AppData\Local\Temp\tmpEAC.tmp

MS-DOS executable

dropped

C:\Users\user\AppData\Local\bowsakkdestx.txt

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK

data

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink

data

dropped

C:\Users\user\Application Data\Microsoft\Windows\Libraries\CameraRoll.library-ms.vvyu (copy)

data

dropped

C:\Users\user\Application Data\Microsoft\Windows\Libraries\Documents.library-ms.vvyu (copy)

data

dropped

C:\Users\user\Application Data\Microsoft\Windows\Libraries\Music.library-ms.vvyu (copy)

data

dropped

C:\Users\user\Application Data\Microsoft\Windows\Libraries\Pictures.library-ms.vvyu (copy)

data

dropped

C:\Users\user\Application Data\Microsoft\Windows\Libraries\Videos.library-ms.vvyu (copy)

data

dropped

C:\Users\user\Cookies\deprecated.cookie.vvyu (copy)

data

dropped

C:\Users\user\Desktop\BPMLNOBVSB.pdf

data

dropped

C:\Users\user\Desktop\BPMLNOBVSB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Desktop\CURQNKVOIX.jpg

data

dropped

C:\Users\user\Desktop\CURQNKVOIX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Desktop\CURQNKVOIX.mp3

data

dropped

C:\Users\user\Desktop\CURQNKVOIX.mp3.vvyu (copy)

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN.docx

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN.docx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\DVWHKMNFNN.docx

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\DVWHKMNFNN.docx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\KZWFNRXYKI.mp3

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\KZWFNRXYKI.mp3.vvyu (copy)

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\LTKMYBSEYZ.xlsx

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\LTKMYBSEYZ.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\NWTVCDUMOB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\WUTJSCBCFX.jpg

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\WUTJSCBCFX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\YPSIACHYXW.png

data

dropped

C:\Users\user\Desktop\DVWHKMNFNN\YPSIACHYXW.png.vvyu (copy)

data

dropped

C:\Users\user\Desktop\JSDNGYCOWY.pdf

data

dropped

C:\Users\user\Desktop\JSDNGYCOWY.pdf.vvyu (copy)

data

dropped

C:\Users\user\Desktop\JSDNGYCOWY.xlsx

data

dropped

C:\Users\user\Desktop\JSDNGYCOWY.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\KZWFNRXYKI.mp3

data

dropped

C:\Users\user\Desktop\KZWFNRXYKI.mp3.vvyu (copy)

data

dropped

C:\Users\user\Desktop\LTKMYBSEYZ.xlsx

data

dropped

C:\Users\user\Desktop\LTKMYBSEYZ.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\MXPXCVPDVN.mp3

data

dropped

C:\Users\user\Desktop\MXPXCVPDVN.mp3.vvyu (copy)

data

dropped

C:\Users\user\Desktop\NIKHQAIQAU.jpg

data

dropped

C:\Users\user\Desktop\NIKHQAIQAU.jpg.vvyu (copy)

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB.docx

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB.docx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB.pdf

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\CURQNKVOIX.mp3

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\CURQNKVOIX.mp3.vvyu (copy)

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\JSDNGYCOWY.pdf

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\JSDNGYCOWY.pdf.vvyu (copy)

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\NIKHQAIQAU.jpg

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\NIKHQAIQAU.jpg.vvyu (copy)

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\NWTVCDUMOB.docx

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\NWTVCDUMOB.docx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\RAYHIWGKDI.png

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\RAYHIWGKDI.png.vvyu (copy)

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\YPSIACHYXW.xlsx

data

dropped

C:\Users\user\Desktop\NWTVCDUMOB\YPSIACHYXW.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\RAYHIWGKDI.png

data

dropped

C:\Users\user\Desktop\RAYHIWGKDI.png.vvyu (copy)

data

dropped

C:\Users\user\Desktop\VAMYDFPUND.png

data

dropped

C:\Users\user\Desktop\VAMYDFPUND.png.vvyu (copy)

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX.docx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX.jpg

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\BPMLNOBVSB.pdf

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\BPMLNOBVSB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\CURQNKVOIX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\JSDNGYCOWY.xlsx

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\JSDNGYCOWY.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\MXPXCVPDVN.mp3

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\MXPXCVPDVN.mp3.vvyu (copy)

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\VAMYDFPUND.png

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\VAMYDFPUND.png.vvyu (copy)

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\WUTJSCBCFX.docx

data

dropped

C:\Users\user\Desktop\WUTJSCBCFX\WUTJSCBCFX.docx.vvyu (copy)

data

dropped

C:\Users\user\Desktop\YPSIACHYXW.png

data

dropped

C:\Users\user\Desktop\YPSIACHYXW.png.vvyu (copy)

data

dropped

C:\Users\user\Desktop\YPSIACHYXW.xlsx

data

dropped

C:\Users\user\Desktop\YPSIACHYXW.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Documents\BPMLNOBVSB.pdf

data

dropped

C:\Users\user\Documents\BPMLNOBVSB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Documents\CURQNKVOIX.jpg

data

dropped

C:\Users\user\Documents\CURQNKVOIX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Documents\CURQNKVOIX.mp3

data

dropped

C:\Users\user\Documents\CURQNKVOIX.mp3.vvyu (copy)

data

dropped

C:\Users\user\Documents\DVWHKMNFNN.docx

data

dropped

C:\Users\user\Documents\DVWHKMNFNN.docx.vvyu (copy)

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\DVWHKMNFNN.docx

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\DVWHKMNFNN.docx.vvyu (copy)

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\KZWFNRXYKI.mp3

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\KZWFNRXYKI.mp3.vvyu (copy)

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\LTKMYBSEYZ.xlsx

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\LTKMYBSEYZ.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\NWTVCDUMOB.pdf

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\NWTVCDUMOB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\WUTJSCBCFX.jpg

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\WUTJSCBCFX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\YPSIACHYXW.png

data

dropped

C:\Users\user\Documents\DVWHKMNFNN\YPSIACHYXW.png.vvyu (copy)

data

dropped

C:\Users\user\Documents\JSDNGYCOWY.pdf

data

dropped

C:\Users\user\Documents\JSDNGYCOWY.pdf.vvyu (copy)

data

dropped

C:\Users\user\Documents\JSDNGYCOWY.xlsx

data

dropped

C:\Users\user\Documents\JSDNGYCOWY.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Documents\KZWFNRXYKI.mp3

data

dropped

C:\Users\user\Documents\KZWFNRXYKI.mp3.vvyu (copy)

data

dropped

C:\Users\user\Documents\LTKMYBSEYZ.xlsx

data

dropped

C:\Users\user\Documents\LTKMYBSEYZ.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Documents\MXPXCVPDVN.mp3

data

dropped

C:\Users\user\Documents\MXPXCVPDVN.mp3.vvyu (copy)

data

dropped

C:\Users\user\Documents\NIKHQAIQAU.jpg

data

dropped

C:\Users\user\Documents\NIKHQAIQAU.jpg.vvyu (copy)

data

dropped

C:\Users\user\Documents\NWTVCDUMOB.docx

data

dropped

C:\Users\user\Documents\NWTVCDUMOB.docx.vvyu (copy)

data

dropped

C:\Users\user\Documents\NWTVCDUMOB.pdf

data

dropped

C:\Users\user\Documents\NWTVCDUMOB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\CURQNKVOIX.mp3

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\CURQNKVOIX.mp3.vvyu (copy)

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\JSDNGYCOWY.pdf

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\JSDNGYCOWY.pdf.vvyu (copy)

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\NIKHQAIQAU.jpg

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\NIKHQAIQAU.jpg.vvyu (copy)

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\NWTVCDUMOB.docx

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\NWTVCDUMOB.docx.vvyu (copy)

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\RAYHIWGKDI.png

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\RAYHIWGKDI.png.vvyu (copy)

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\YPSIACHYXW.xlsx

data

dropped

C:\Users\user\Documents\NWTVCDUMOB\YPSIACHYXW.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Documents\RAYHIWGKDI.png

data

dropped

C:\Users\user\Documents\RAYHIWGKDI.png.vvyu (copy)

data

dropped

C:\Users\user\Documents\VAMYDFPUND.png

data

dropped

C:\Users\user\Documents\VAMYDFPUND.png.vvyu (copy)

data

dropped

C:\Users\user\Documents\WUTJSCBCFX.docx

data

dropped

C:\Users\user\Documents\WUTJSCBCFX.docx.vvyu (copy)

data

dropped

C:\Users\user\Documents\WUTJSCBCFX.jpg

data

dropped

C:\Users\user\Documents\WUTJSCBCFX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\BPMLNOBVSB.pdf

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\BPMLNOBVSB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\CURQNKVOIX.jpg

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\CURQNKVOIX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\JSDNGYCOWY.xlsx

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\JSDNGYCOWY.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\MXPXCVPDVN.mp3

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\MXPXCVPDVN.mp3.vvyu (copy)

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\VAMYDFPUND.png

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\VAMYDFPUND.png.vvyu (copy)

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\WUTJSCBCFX.docx

data

dropped

C:\Users\user\Documents\WUTJSCBCFX\WUTJSCBCFX.docx.vvyu (copy)

data

dropped

C:\Users\user\Documents\YPSIACHYXW.png

data

dropped

C:\Users\user\Documents\YPSIACHYXW.png.vvyu (copy)

data

dropped

C:\Users\user\Documents\YPSIACHYXW.xlsx

data

dropped

C:\Users\user\Documents\YPSIACHYXW.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Downloads\BPMLNOBVSB.pdf

data

dropped

C:\Users\user\Downloads\BPMLNOBVSB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Downloads\CURQNKVOIX.jpg

data

dropped

C:\Users\user\Downloads\CURQNKVOIX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Downloads\CURQNKVOIX.mp3

data

dropped

C:\Users\user\Downloads\CURQNKVOIX.mp3.vvyu (copy)

data

dropped

C:\Users\user\Downloads\DVWHKMNFNN.docx

data

dropped

C:\Users\user\Downloads\DVWHKMNFNN.docx.vvyu (copy)

data

dropped

C:\Users\user\Downloads\JSDNGYCOWY.mp3

data

dropped

C:\Users\user\Downloads\JSDNGYCOWY.mp3.vvyu (copy)

data

dropped

C:\Users\user\Downloads\JSDNGYCOWY.pdf

data

dropped

C:\Users\user\Downloads\JSDNGYCOWY.pdf.vvyu (copy)

data

dropped

C:\Users\user\Downloads\JSDNGYCOWY.xlsx

data

dropped

C:\Users\user\Downloads\JSDNGYCOWY.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Downloads\KZWFNRXYKI.png

data

dropped

C:\Users\user\Downloads\KZWFNRXYKI.png.vvyu (copy)

data

dropped

C:\Users\user\Downloads\LTKMYBSEYZ.xlsx

data

dropped

C:\Users\user\Downloads\LTKMYBSEYZ.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Downloads\MXPXCVPDVN.mp3

data

dropped

C:\Users\user\Downloads\MXPXCVPDVN.mp3.vvyu (copy)

data

dropped

C:\Users\user\Downloads\NIKHQAIQAU.jpg

data

dropped

C:\Users\user\Downloads\NIKHQAIQAU.jpg.vvyu (copy)

data

dropped

C:\Users\user\Downloads\NWTVCDUMOB.docx

data

dropped

C:\Users\user\Downloads\NWTVCDUMOB.docx.vvyu (copy)

data

dropped

C:\Users\user\Downloads\NWTVCDUMOB.pdf

data

dropped

C:\Users\user\Downloads\NWTVCDUMOB.pdf.vvyu (copy)

data

dropped

C:\Users\user\Downloads\RAYHIWGKDI.png

data

dropped

C:\Users\user\Downloads\RAYHIWGKDI.png.vvyu (copy)

data

dropped

C:\Users\user\Downloads\VAMYDFPUND.png

data

dropped

C:\Users\user\Downloads\VAMYDFPUND.png.vvyu (copy)

data

dropped

C:\Users\user\Downloads\WUTJSCBCFX.docx

data

dropped

C:\Users\user\Downloads\WUTJSCBCFX.docx.vvyu (copy)

data

dropped

C:\Users\user\Downloads\WUTJSCBCFX.jpg

data

dropped

C:\Users\user\Downloads\WUTJSCBCFX.jpg.vvyu (copy)

data

dropped

C:\Users\user\Downloads\YPSIACHYXW.xlsx

data

dropped

C:\Users\user\Downloads\YPSIACHYXW.xlsx.vvyu (copy)

data

dropped

C:\Users\user\Favorites\Amazon.url

data

dropped

C:\Users\user\Favorites\Amazon.url.vvyu (copy)

data

dropped

C:\Users\user\Favorites\Bing.url

data

dropped

C:\Users\user\Favorites\Bing.url.vvyu (copy)

data

dropped

C:\Users\user\Favorites\Facebook.url

data

dropped

C:\Users\user\Favorites\Facebook.url.vvyu (copy)

data

dropped

C:\Users\user\Favorites\Google.url

data

dropped

C:\Users\user\Favorites\Google.url.vvyu (copy)

data

dropped

C:\Users\user\Favorites\Live.url

data

dropped

C:\Users\user\Favorites\Live.url.vvyu (copy)

data

dropped

C:\Users\user\Favorites\NYTimes.url

data

dropped

C:\Users\user\Favorites\NYTimes.url.vvyu (copy)

data

dropped

C:\Users\user\Favorites\Reddit.url

data

dropped

C:\Users\user\Favorites\Reddit.url.vvyu (copy)

data

dropped

C:\Users\user\Favorites\Twitter.url

data

dropped

C:\Users\user\Favorites\Twitter.url.vvyu (copy)

data

dropped

C:\Users\user\Favorites\Wikipedia.url

data

dropped

C:\Users\user\Favorites\Wikipedia.url.vvyu (copy)

data

dropped

C:\Users\user\Favorites\Youtube.url

data

dropped

C:\Users\user\Favorites\Youtube.url.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeCMapFnt19.lst.vvyu (copy)

PostScript document text

dropped

C:\Users\user\Local Settings\Adobe\Acrobat\DC\IconCacheRdr65536.dat.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Adobe\Color\ACECache11.lst.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jcp.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00001.jrs.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00002.jrs.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Comms\UnistoreDB\USStmp.jtx.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Google\Chrome\User Data\CrashpadMetrics-active.pma.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Google\Chrome\User Data\CrashpadMetrics.pma.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\IconCache.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\CLR_v2.0_32\UsageLogs\unarchiver.exe.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\CLR_v4.0\UsageLogs\NGenTask.exe.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\CLR_v4.0\UsageLogs\sdiagnhost.exe.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\CLR_v4.0\ngen.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\CLR_v4.0_32\UsageLogs\NGenTask.exe.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\CLR_v4.0_32\ngen.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Internet Explorer\VersionManager\versionlist.xml.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Internet Explorer\brndlog.txt.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.vvyu (copy)

Little-endian UTF-16 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.vvyu (copy)

Little-endian UTF-16 Unicode text, with very long lines, with no line terminators

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-125.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-150.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-200.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-150.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-100.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-150.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-200.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-150.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-200.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-100.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-150.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-200.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\OneDrive.VisualElementsManifest.xml.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\Resources.pri.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\OneDrive\setup\ECSConfig.json.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\PenWorkspace\DiscoverCacheData.dat.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\1033\StructuredQuerySchema.bin.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_29_0.png.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.1.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.3.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Caches\{278F5142-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog.etl.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1280.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1920.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_2560.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_768.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_96.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_custom_stream.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_exif.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_sr.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide_alternate.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1280.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_16.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1920.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_2560.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_768.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_96.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_custom_stream.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_exif.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_sr.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\UPPS\UPPS.bin.vvyu (copy)

PDP-11 UNIX/RT ldp

dropped

C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01.chk.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V010000B.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V010000C.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V010000D.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Temp\AdobeARM.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Temp\CR_14C6C.tmp\setup.exe.vvyu (copy)

MS-DOS executable, MZ for MS-DOS

dropped

C:\Users\user\Local Settings\Temp\JavaDeployReg.log.vvyu (copy)

data

dropped

C:\Users\user\Local Settings\Temp\tmpEAC.tmp.vvyu (copy)

MS-DOS executable

dropped

C:\Users\user\Local Settings\bowsakkdestx.txt.vvyu (copy)

data

dropped

C:\Users\user\SendTo\Bluetooth File Transfer.LNK.vvyu (copy)

data

dropped

C:\Users\user\SendTo\Desktop (create shortcut).DeskLink.vvyu (copy)

data

dropped

C:\Users\user\_readme.txt

ASCII text, with CRLF line terminators

dropped

There are 438 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\2OmglUwx83.exe

"C:\Users\user\Desktop\2OmglUwx83.exe"

C:\Users\user\Desktop\2OmglUwx83.exe

"C:\Users\user\Desktop\2OmglUwx83.exe"

C:\Users\user\Desktop\2OmglUwx83.exe

"C:\Users\user\Desktop\2OmglUwx83.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe --Task

C:\Users\user\Desktop\2OmglUwx83.exe

"C:\Users\user\Desktop\2OmglUwx83.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe --Task

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe

"C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe" --AutoStart

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe

"C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe" --AutoStart

C:\Users\user\AppData\Local\0ca24ce5-0f24-4ca6-b87c-11cb41906c23\build2.exe

"C:\Users\user\AppData\Local\0ca24ce5-0f24-4ca6-b87c-11cb41906c23\build2.exe"

C:\Users\user\AppData\Local\0ca24ce5-0f24-4ca6-b87c-11cb41906c23\build2.exe

"C:\Users\user\AppData\Local\0ca24ce5-0f24-4ca6-b87c-11cb41906c23\build2.exe"

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe

"C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe" --AutoStart

C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe

"C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169\2OmglUwx83.exe" --AutoStart

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\user\AppData\Local\dc8ee5c2-8cfe-4224-95e9-01d5d6a62169" /deny *S-1-1-0:(OI)(CI)(DE,DC)

There are 3 hidden processes, click here to show them.

URLs

Name

Malicious

http://rgyui.top/dl/build2.exe

151.251.24.5

http://acacaca.org/test2/get.php?pid=3C8DAB0A318E3BBE55D6418C454BF200&first=true

5.163.244.118

http://rgyui.top/dl/build2.exe$run

unknown

http://acacaca.org/files/1/build3.exe

5.163.244.118

http://acacaca.org/files/1/build3.exerun0d

unknown

https://we.tl/t-QsoSRIeA

unknown

https://we.tl/t-QsoSRIeAK6

unknown

http://acacaca.org/test2/get.php

http://acacaca.org/files/1/build3.exed5

unknown

http://rgyui.top/dl/build2.exerunb4e97Bx

unknown

http://rgyui.top/dl/build2.exe~

unknown

http://acacaca.org/files/1/build3.exe$run

unknown

https://api.2ip.ua/geo.jsonrO

unknown

https://duckduckgo.com/chrome_newtab

unknown

https://t.me/

unknown

https://duckduckgo.com/ac/?q=

unknown

https://web.telegram.org

unknown

http://49.12.9.140:1080/2277399138.zipF

unknown

http://49.12.9.140:1080/2277399138.zipJ

unknown

http://www.amazon.com/

unknown

http://49.12.9.140:1080/1Y

unknown

http://www.twitter.com/

unknown

https://t.me/pegasusfly11

unknown

http://49.12.9.140:1080/)

unknown

http://www.openssl.org/support/faq.html

unknown

http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error

unknown

http://49.12.9.140/ppData

unknown

https://mas.to/

unknown

https://t.me/pegasusfly1

149.154.167.99

https://api.2ip.ua/n

unknown

http://49.12.9.140:1080/nS

unknown

http://49.12.9.140:1080/C

unknown

http://49.12.9.140:1080/517

49.12.9.140

http://www.reddit.com/

unknown

http://www.nytimes.com/

unknown

https://www.google.com/images/branding/product/ico/googleg_lodp.ico

unknown

http://49.12.9.140:1080;Dx66

unknown

http://49.12.9.140/rontdesk

unknown

https://t.me/pegasusfly1https://mas.to/

unknown

https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=

unknown

https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search

unknown

http://49.12.9.140:1080/a

unknown

https://api.2ip.ua/geo.json

162.0.217.254

http://49.12.9.140:1080/n

unknown

http://49.12.9.140/r

unknown

https://ac.ecosia.org/autocomplete?q=

unknown

https://t.me/pegasusfly1w

unknown

http://49.12.9.140:1080/2277399138.zip

49.12.9.140

http://www.youtube.com/

unknown

http://49.12.9.140:1080/2277399138.zipm

unknown

https://api.2ip.ua/J

unknown

http://49.12.9.140/

unknown

http://www.wikipedia.com/

unknown

http://www.live.com/

unknown

https://t.me/&

unknown

http://49.12.9.140:1080

unknown

https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=

unknown

https://t.me/pegasusfly17&A

unknown

http://49.12.9.140:1080/

49.12.9.140

https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

unknown

http://www.google.com/

unknown

There are 51 hidden URLs, click here to show them.

Domains

Name

Malicious

rgyui.top

151.251.24.5

Details

Name:	rgyui.top
IP:	151.251.24.5
TargetID:	8
Current Path:	C:\Users\user\Desktop\2OmglUwx83.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Found malware configuration	AV Detection
URLs found in memory or binary data	Networking

acacaca.org

5.163.244.118

Details

Name:	acacaca.org
IP:	5.163.244.118
TargetID:	8
Current Path:	C:\Users\user\Desktop\2OmglUwx83.exe
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking
C2 URLs / IPs found in malware configuration	Networking	Application Layer Protocol
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Found malware configuration	AV Detection
URLs found in memory or binary data	Networking

t.me

149.154.167.99

Details

Name:	t.me
IP:	149.154.167.99
TargetID:	13
Current Path:	C:\Users\user\AppData\Local\0ca24ce5-0f24-4ca6-b87c-11cb41906c23\build2.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

api.2ip.ua

162.0.217.254

Details

Name:	api.2ip.ua
IP:	162.0.217.254
TargetID:	1
Current Path:	C:\Users\user\Desktop\2OmglUwx83.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

IPs

Domain

Country

Malicious

151.251.24.5

rgyui.top

Bulgaria

Details

IP:	151.251.24.5
TargetID:	8
Current Path:	C:\Users\user\Desktop\2OmglUwx83.exe
Country:	Bulgaria
Countrycode:	BGR
ASN number:	13124
ASN name:	IBGCBG
Private:	false
Domain:	rgyui.top

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

5.163.244.118

acacaca.org

Saudi Arabia

Details

IP:	5.163.244.118
TargetID:	8
Current Path:	C:\Users\user\Desktop\2OmglUwx83.exe
Country:	Saudi Arabia
Countrycode:	SAU
ASN number:	25019
ASN name:	SAUDINETSTC-ASSA
Private:	false
Domain:	acacaca.org

Signature Hits	Behavior Group	Mitre Attack
Snort IDS alert for network traffic	Networking

192.168.2.1

unknown

49.12.9.140

unknown

Germany

Details

IP:	49.12.9.140
TargetID:	13
Current Path:	C:\Users\user\AppData\Local\0ca24ce5-0f24-4ca6-b87c-11cb41906c23\build2.exe
Country:	Germany
Countrycode:	DEU
ASN number:	24940
ASN name:	HETZNER-ASDE
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
HTTP GET or POST without a user agent	Networking
Connects to IPs without corresponding DNS lookups	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

162.0.217.254

api.2ip.ua

Canada

Details

IP:	162.0.217.254
TargetID:	1
Current Path:	C:\Users\user\Desktop\2OmglUwx83.exe
Country:	Canada
Countrycode:	CAN
ASN number:	35893
ASN name:	ACPCA
Private:	false
Domain:	api.2ip.ua

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

149.154.167.99

t.me

United Kingdom

Details

IP:	149.154.167.99
TargetID:	13
Current Path:	C:\Users\user\AppData\Local\0ca24ce5-0f24-4ca6-b87c-11cb41906c23\build2.exe
Country:	United Kingdom
Countrycode:	GBR
ASN number:	62041
ASN name:	TELEGRAMRU
Private:	false
Domain:	t.me

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

Registry

Path

Value

Malicious

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

SysHelper

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion

SysHelper

Memdumps

Base Address

Regiontype

Protect

Malicious

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

2210000

direct allocation

page execute and read and write

400000

remote allocation

page execute and read and write

2290000

direct allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

21F0000

direct allocation

page execute and read and write

400000

remote allocation

page execute and read and write

22A0000

direct allocation

page execute and read and write

400000

remote allocation

page execute and read and write

2340000

direct allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

400000

remote allocation

page execute and read and write

27891000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

1F0000

trusted library allocation

page read and write

18AAA67F000

heap

page read and write

700000

heap

page read and write

610000

direct allocation

page read and write

612000

direct allocation

page read and write

1B0000

remote allocation

page read and write

610000

direct allocation

page read and write

2510000

heap

page read and write

B3E000

stack

page read and write

4E0000

unkown

page readonly

31D6000

trusted library allocation

page read and write

610000

direct allocation

page read and write

F5CE000

stack

page read and write

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

401000

unkown

page execute read

89D000

heap

page read and write

657000

heap

page read and write

2F30000

direct allocation

page read and write

310B4FF000

stack

page read and write

1F0000

trusted library allocation

page read and write

4C4000

unkown

page read and write

69A000

heap

page read and write

8BE000

stack

page read and write

2F30000

direct allocation

page read and write

625000

heap

page read and write

1A87A000

stack

page read and write

90B000

heap

page read and write

4E0000

unkown

page readonly

433000

unkown

page write copy

610000

direct allocation

page read and write

401000

unkown

page execute read

2F30000

direct allocation

page read and write

1F24B25E000

heap

page read and write

2F70000

remote allocation

page read and write

321A000

trusted library allocation

page read and write

433000

unkown

page write copy

2F30000

direct allocation

page read and write

52B000

remote allocation

page execute and read and write

400000

unkown

page readonly

6AF000

heap

page read and write

2C80000

heap

page read and write

2F30000

direct allocation

page read and write

52B000

remote allocation

page execute and read and write

30000

heap

page read and write

610000

direct allocation

page read and write

19E000

stack

page read and write

2F30000

direct allocation

page read and write

400000

unkown

page readonly

2CDE000

stack

page read and write

56E000

stack

page read and write

2F30000

direct allocation

page read and write

1F24B300000

heap

page read and write

31FA000

trusted library allocation

page read and write

AFF000

stack

page read and write

193000

stack

page read and write

28300000

heap

page read and write

2F30000

direct allocation

page read and write

2881A000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

279A1000

trusted library allocation

page read and write

B0E000

stack

page read and write

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

2F30000

direct allocation

page read and write

6C7000

heap

page read and write

4E0000

unkown

page readonly

2F30000

direct allocation

page read and write

31FB000

trusted library allocation

page read and write

7EF000

stack

page read and write

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

2F30000

direct allocation

page read and write

433000

unkown

page write copy

7AE000

heap

page read and write

3230000

heap

page read and write

2280000

heap

page read and write

15EF0113000

heap

page read and write

705000

heap

page read and write

2E30000

remote allocation

page read and write

29CF000

stack

page read and write

18AAA500000

trusted library allocation

page read and write

46A000

unkown

page readonly

620000

heap

page read and write

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

401000

unkown

page execute read

1A9BE000

stack

page read and write

196000

stack

page read and write

1B0000

remote allocation

page read and write

28AF000

stack

page read and write

6B3000

heap

page read and write

200E000

stack

page read and write

6C0000

heap

page read and write

2F30000

direct allocation

page read and write

1F24B060000

heap

page read and write

2B7D000

stack

page read and write

401000

unkown

page execute read

2F30000

direct allocation

page read and write

326B000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

22C0000

heap

page read and write

2F70000

heap

page read and write

9312000

trusted library allocation

page read and write

859000

heap

page read and write

310B57F000

stack

page read and write

68E000

stack

page read and write

431000

unkown

page execute read

6D0000

heap

page read and write

31C1000

trusted library allocation

page read and write

590000

heap

page read and write

27880000

trusted library allocation

page read and write

9920000

direct allocation

page read and write

15EF006E000

heap

page read and write

2F30000

direct allocation

page read and write

1F24B252000

heap

page read and write

400000

unkown

page readonly

2B3A000

stack

page read and write

15EF0055000

heap

page read and write

9C000

stack

page read and write

754000

heap

page read and write

193000

stack

page read and write

1B0000

remote allocation

page read and write

401000

unkown

page execute read

9C000

stack

page read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

8B0000

heap

page read and write

2F30000

direct allocation

page read and write

5A7000

heap

page read and write

71A000

heap

page read and write

57E000

stack

page read and write

4E0000

unkown

page readonly

2F34000

direct allocation

page read and write

29E0000

heap

page read and write

2F30000

direct allocation

page read and write

8EF000

heap

page read and write

52B000

remote allocation

page execute and read and write

27794000

trusted library allocation

page read and write

9359000

trusted library allocation

page read and write

15EEFF30000

heap

page read and write

2490000

heap

page read and write

610000

direct allocation

page read and write

4DA000

unkown

page read and write

15EF0047000

heap

page read and write

2A0F000

stack

page read and write

AFF000

stack

page read and write

21FF7520000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

6BF000

heap

page read and write

9360000

trusted library allocation

page read and write

400000

unkown

page readonly

5B8000

heap

page read and write

4E0000

unkown

page readonly

B7E000

stack

page read and write

4E0000

unkown

page readonly

810000

heap

page read and write

31D0000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

27EA7000

trusted library allocation

page read and write

33C0000

unkown

page read and write

600000

heap

page read and write

4E0000

unkown

page readonly

400000

remote allocation

page execute and read and write

31AA000

stack

page read and write

304D000

stack

page read and write

6C7000

heap

page read and write

2A3D000

stack

page read and write

2360000

heap

page read and write

6096E000

direct allocation

page read and write

21FF66D0000

trusted library allocation

page read and write

15EF0108000

heap

page read and write

19E000

stack

page read and write

707000

heap

page read and write

433000

unkown

page write copy

1B0000

remote allocation

page read and write

2C8B000

stack

page read and write

1B0000

remote allocation

page read and write

3070000

remote allocation

page read and write

B60000

heap

page read and write

818000

heap

page read and write

27997000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

747000

heap

page read and write

8C0000

heap

page read and write

6BB000

heap

page read and write

8D2000

heap

page read and write

7AF000

heap

page read and write

730000

direct allocation

page read and write

30000

heap

page read and write

610000

direct allocation

page read and write

433000

unkown

page write copy

400000

unkown

page readonly

62B000

direct allocation

page read and write

2F30000

direct allocation

page read and write

8AE000

heap

page read and write

400000

remote allocation

page execute and read and write

540000

heap

page read and write

52B000

remote allocation

page execute and read and write

460000

heap

page read and write

610000

direct allocation

page read and write

31F3000

trusted library allocation

page read and write

26CD0000

trusted library allocation

page read and write

28CE000

stack

page read and write

4C4000

unkown

page read and write

19B000

stack

page read and write

2B7E000

stack

page read and write

20B0000

heap

page read and write

15EF0029000

heap

page read and write

610000

direct allocation

page read and write

401000

unkown

page execute read

2DF3B5B000

stack

page read and write

27793000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

610000

direct allocation

page read and write

1F24B27F000

heap

page read and write

2F70000

remote allocation

page read and write

6F5000

heap

page read and write

29FF000

stack

page read and write

23D0000

heap

page read and write

2F30000

direct allocation

page read and write

1B0000

remote allocation

page read and write

D2D19FF000

stack

page read and write

31FB000

trusted library allocation

page read and write

7AE000

heap

page read and write

310B47B000

stack

page read and write

6A0000

heap

page read and write

8C4000

heap

page read and write

2F30000

direct allocation

page read and write

707000

heap

page read and write

1B0000

remote allocation

page read and write

650000

heap

page read and write

400000

unkown

page readonly

433000

unkown

page write copy

4E0000

unkown

page readonly

2F70000

remote allocation

page read and write

1F24B29C000

heap

page read and write

2160000

heap

page read and write

2011000

trusted library allocation

page execute and read and write

52B000

remote allocation

page execute and read and write

6E0000

heap

page read and write

6D1000

heap

page read and write

21DF000

stack

page read and write

27790000

trusted library allocation

page read and write

6CC000

heap

page read and write

2F30000

direct allocation

page read and write

6B0000

heap

page read and write

2F32000

direct allocation

page read and write

400000

unkown

page readonly

9375000

trusted library allocation

page read and write

4E0000

unkown

page readonly

15EF0013000

heap

page read and write

610000

direct allocation

page read and write

B20000

heap

page read and write

8D1000

heap

page read and write

431000

unkown

page execute read

64E000

stack

page read and write

401000

unkown

page execute read

2F1F000

stack

page read and write

2280000

heap

page read and write

18AAA640000

heap

page read and write

400000

remote allocation

page execute and read and write

27992000

trusted library allocation

page read and write

52B000

remote allocation

page execute and read and write

278E000

stack

page read and write

2F30000

direct allocation

page read and write

2F30000

direct allocation

page read and write

400000

unkown

page readonly

67E000

heap

page read and write

610000

direct allocation

page read and write

400000

unkown

page readonly

A70000

heap

page read and write

1F24B260000

heap

page read and write

31C0000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

939E000

trusted library allocation

page read and write

D2D1CFF000

stack

page read and write

650000

heap

page read and write

C1E000

stack

page read and write

431000

unkown

page execute read

648000

heap

page read and write

400000

remote allocation

page execute and read and write

401000

unkown

page execute read

19B000

stack

page read and write

8CC000

heap

page read and write

2F30000

direct allocation

page read and write

400000

unkown

page readonly

433000

unkown

page write copy

8FE000

stack

page read and write

18AAA390000

heap

page read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

938A000

trusted library allocation

page read and write

1F0000

trusted library allocation

page read and write

2B4A000

stack

page read and write

1B0000

remote allocation

page read and write

1B0000

remote allocation

page read and write

610000

direct allocation

page read and write

27992000

trusted library allocation

page read and write

8CE000

stack

page read and write

2DF437E000

stack

page read and write

196000

stack

page read and write

401000

unkown

page execute read

9375000

trusted library allocation

page read and write

400000

remote allocation

page execute and read and write

15EF0048000

heap

page read and write

9C000

stack

page read and write

433000

unkown

page write copy

21FF6800000

heap

page read and write

D2D167C000

stack

page read and write

9C000

stack

page read and write

2F30000

direct allocation

page read and write

401000

unkown

page execute read

1F24B269000

heap

page read and write

690000

heap

page read and write

434000

unkown

page write copy

610000

direct allocation

page read and write

6A5000

heap

page read and write

6C0000

direct allocation

page read and write

46A000

unkown

page readonly

431000

unkown

page execute read

2200000

heap

page read and write

9FE000

stack

page read and write

431000

unkown

page execute read

21FF68C8000

heap

page read and write

1F24B308000

heap

page read and write

18D000

stack

page read and write

1B0000

remote allocation

page read and write

6CC000

heap

page read and write

4E0000

unkown

page readonly

2F30000

direct allocation

page read and write

401000

unkown

page execute read

820000

heap

page read and write

30000

heap

page read and write

2A3D000

stack

page read and write

433000

unkown

page write copy

21FF6BC0000

trusted library allocation

page read and write

618000

direct allocation

page read and write

8D1000

heap

page read and write

4E0000

unkown

page readonly

2F30000

direct allocation

page read and write

15EF0100000

heap

page read and write

4E0000

unkown

page readonly

8B6000

heap

page read and write

433000

unkown

page write copy

610000

direct allocation

page read and write

2F30000

direct allocation

page read and write

1B0000

remote allocation

page read and write

15EF0A02000

trusted library allocation

page read and write

31FB000

trusted library allocation

page read and write

6B3000

heap

page read and write

93A4000

trusted library allocation

page read and write

4E0000

unkown

page readonly

2F30000

direct allocation

page read and write

2E31000

heap

page read and write

433000

unkown

page write copy

431000

unkown

page execute read

1A71E000

stack

page read and write

19A000

stack

page read and write

619000

heap

page read and write

28160000

heap

page read and write

3366000

trusted library allocation

page read and write

2A4D000

stack

page read and write

90F000

stack

page read and write

431000

unkown

page execute read

2F30000

direct allocation

page read and write

31D0000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

401000

unkown

page execute read

674000

trusted library allocation

page execute and read and write

400000

unkown

page readonly

6A8000

heap

page execute and read and write

1F0000

trusted library allocation

page read and write

401000

unkown

page execute read

660000

direct allocation

page read and write

2C7F000

stack

page read and write

1F24AFF0000

heap

page read and write

274F000

stack

page read and write

431000

unkown

page execute read

B9F000

stack

page read and write

401000

unkown

page execute read

2F30000

direct allocation

page read and write

60980000

direct allocation

page readonly

938B000

trusted library allocation

page read and write

7B0000

heap

page read and write

21FF68A0000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

2F90000

trusted library allocation

page read and write

288F000

stack

page read and write

6097A000

direct allocation

page read and write

4E0000

unkown

page readonly

610000

direct allocation

page read and write

46A000

unkown

page readonly

598000

heap

page read and write

15EF0050000

heap

page read and write

30000

heap

page read and write

400000

unkown

page readonly

5C0000

direct allocation

page read and write

21FF6904000

heap

page read and write

2E30000

remote allocation

page read and write

27FE0000

heap

page read and write

2E31000

heap

page read and write

68E000

stack

page read and write

433000

unkown

page write copy

6B3000

heap

page read and write

4E0000

unkown

page readonly

93F000

stack

page read and write

433000

unkown

page write copy

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

710000

heap

page read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

2F30000

direct allocation

page read and write

431000

unkown

page execute read

1F24B25C000

heap

page read and write

6CC000

heap

page read and write

909000

heap

page read and write

53E000

stack

page read and write

31F6000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

6F0000

heap

page read and write

1B0000

remote allocation

page read and write

347C000

stack

page read and write

1F24B261000

heap

page read and write

708000

heap

page read and write

28FE000

stack

page read and write

2F30000

direct allocation

page read and write

4C5000

heap

page read and write

1F24B25D000

heap

page read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

15EF0071000

heap

page read and write

264E000

stack

page read and write

434000

unkown

page write copy

3243000

trusted library allocation

page read and write

1F24B213000

heap

page read and write

1F0000

trusted library allocation

page read and write

4E0000

unkown

page readonly

936B000

trusted library allocation

page read and write

431000

unkown

page execute read

51A000

remote allocation

page execute and read and write

1F0000

trusted library allocation

page read and write

267F000

stack

page read and write

52B000

remote allocation

page execute and read and write

339A000

trusted library allocation

page read and write

1F24B23C000

heap

page read and write

433000

unkown

page write copy

1A4DE000

stack

page read and write

64E000

stack

page read and write

88F000

stack

page read and write

529000

remote allocation

page execute and read and write

226F000

stack

page read and write

226E000

stack

page read and write

2260000

heap

page read and write

400000

unkown

page readonly

15EF008F000

heap

page read and write

63F000

heap

page read and write

610000

direct allocation

page read and write

5E0E9FB000

stack

page read and write

20E0000

heap

page read and write

610000

direct allocation

page read and write

4E0000

unkown

page readonly

400000

remote allocation

page execute and read and write

431000

unkown

page execute read

1F0000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

15EF0002000

heap

page read and write

21FF692D000

heap

page read and write

2F30000

direct allocation

page read and write

6B8000

heap

page read and write

18AAA3A0000

heap

page read and write

431000

unkown

page execute read

1B0000

remote allocation

page read and write

266E000

stack

page read and write

2C7F000

stack

page read and write

1B0000

remote allocation

page read and write

610000

direct allocation

page read and write

2F36000

direct allocation

page read and write

610000

direct allocation

page read and write

1B0000

remote allocation

page read and write

8BE000

heap

page read and write

6A9000

heap

page read and write

21FF6820000

heap

page read and write

400000

unkown

page readonly

857000

heap

page read and write

6A0000

heap

page read and write

31F3000

trusted library allocation

page read and write

610000

direct allocation

page read and write

2EBE000

stack

page read and write

610000

direct allocation

page read and write

B28000

heap

page read and write

2E1E000

stack

page read and write

A9F000

stack

page read and write

9CE000

stack

page read and write

9C000

stack

page read and write

196000

stack

page read and write

612000

direct allocation

page read and write

8CD000

heap

page read and write

610000

direct allocation

page read and write

18AAA652000

heap

page read and write

D2D1AF7000

stack

page read and write

19E000

stack

page read and write

2B20000

heap

page read and write

400000

unkown

page readonly

4C4000

unkown

page read and write

2F30000

direct allocation

page read and write

2B8D000

stack

page read and write

9D000

stack

page read and write

7CF000

stack

page read and write

1B0000

remote allocation

page read and write

2E20000

remote allocation

page read and write

610000

direct allocation

page read and write

2F30000

direct allocation

page read and write

520000

heap

page read and write

2F70000

heap

page read and write

193000

stack

page read and write

30000

heap

page read and write

1F24B313000

heap

page read and write

30C0000

heap

page read and write

9357000

trusted library allocation

page read and write

2B0F000

stack

page read and write

8A8000

heap

page read and write

31D6000

trusted library allocation

page read and write

431000

unkown

page execute read

1B0000

remote allocation

page read and write

52B000

remote allocation

page execute and read and write

734000

heap

page read and write

52B000

remote allocation

page execute and read and write

28CE000

stack

page read and write

1B0000

remote allocation

page read and write

1F24B160000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

2F30000

direct allocation

page read and write

2E20000

remote allocation

page read and write

433000

unkown

page write copy

31B0000

trusted library allocation

page read and write

400000

unkown

page readonly

610000

direct allocation

page read and write

262F000

stack

page read and write

9393000

trusted library allocation

page read and write

6C5000

heap

page read and write

2E31000

heap

page read and write

2110000

heap

page read and write

21FF6BB9000

heap

page read and write

2F30000

direct allocation

page read and write

400000

unkown

page readonly

610000

direct allocation

page read and write

2E31000

heap

page read and write

1B0000

remote allocation

page read and write

A0E000

stack

page read and write

5F0000

heap

page read and write

93A4000

trusted library allocation

page read and write

936F000

trusted library allocation

page read and write

2DBE000

stack

page read and write

21FF66C0000

heap

page read and write

400000

remote allocation

page execute and read and write

431000

unkown

page execute read

6EE000

stack

page read and write

78E000

stack

page read and write

610000

direct allocation

page read and write

A1F000

stack

page read and write

2F30000

direct allocation

page read and write

23A0000

heap

page read and write

623000

direct allocation

page read and write

9317000

trusted library allocation

page read and write

2C90000

heap

page read and write

610000

direct allocation

page read and write

1B0000

remote allocation

page read and write

401000

unkown

page execute read

1B0000

remote allocation

page read and write

B0F000

stack

page read and write

31F3000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

4C7000

heap

page read and write

400000

unkown

page readonly

6B3000

heap

page read and write

610000

direct allocation

page read and write

5FA000

heap

page read and write

31F6000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

2F30000

direct allocation

page read and write

52B000

remote allocation

page execute and read and write

1B0000

remote allocation

page read and write

400000

unkown

page readonly

1B0000

remote allocation

page read and write

1AD60000

unclassified section

page read and write

2F30000

direct allocation

page read and write

71E000

stack

page read and write

5F0000

direct allocation

page execute and read and write

279A0000

trusted library allocation

page read and write

1F24B229000

heap

page read and write

434000

unkown

page write copy

1F24B29E000

heap

page read and write

2F30000

direct allocation

page read and write

1F0000

trusted library allocation

page read and write

92D0000

trusted library allocation

page read and write

18AAA400000

heap

page read and write

31D0000

trusted library allocation

page read and write

400000

unkown

page readonly

60E000

stack

page read and write

4E0000

unkown

page readonly

B10000

heap

page read and write

1B0000

remote allocation

page read and write

431000

unkown

page execute read

15EF003C000

heap

page read and write

431000

unkown

page execute read

401000

unkown

page execute read

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

6096F000

direct allocation

page readonly

15EEFF60000

trusted library allocation

page read and write

21EF000

stack

page read and write

31FA000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

431000

unkown

page execute read

21F0000

heap

page read and write

9C000

stack

page read and write

4E0000

unkown

page readonly

18AAA622000

heap

page read and write

193000

stack

page read and write

2DF3E7E000

stack

page read and write

52B000

remote allocation

page execute and read and write

8BE000

heap

page read and write

21FF690B000

heap

page read and write

15EF007D000

heap

page read and write

22AE000

stack

page read and write

2F30000

direct allocation

page read and write

431000

unkown

page execute read

8BF000

stack

page read and write

9950000

trusted library allocation

page read and write

28EE000

stack

page read and write

401000

unkown

page execute read

433000

unkown

page write copy

30000

heap

page read and write

2E31000

heap

page read and write

26DD0000

trusted library allocation

page read and write

89D000

heap

page read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

22CA000

heap

page read and write

1B0000

remote allocation

page read and write

434000

unkown

page write copy

279AA000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

32E1000

trusted library allocation

page read and write

337E000

stack

page read and write

280E0000

trusted library allocation

page read and write

6B6000

heap

page read and write

21FF68C0000

heap

page read and write

1A9F0000

remote allocation

page read and write

20CCD000

trusted library allocation

page read and write

610000

direct allocation

page read and write

2F71000

heap

page read and write

33F0000

unkown

page read and write

78D000

heap

page read and write

2DF427B000

stack

page read and write

431000

unkown

page execute read

9C000

stack

page read and write

46A000

unkown

page readonly

310B5F9000

stack

page read and write

431000

unkown

page execute read

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

433000

unkown

page write copy

3257000

trusted library allocation

page read and write

18AAA64C000

heap

page read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

433000

unkown

page write copy

2E31000

heap

page read and write

27FE1000

heap

page read and write

33BA000

trusted library allocation

page read and write

21FF690C000

heap

page read and write

4C0000

heap

page read and write

31D0000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

B3E000

stack

page read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

2E31000

heap

page read and write

A90000

heap

page read and write

1A8BE000

stack

page read and write

1B0000

remote allocation

page read and write

610000

direct allocation

page read and write

610000

direct allocation

page read and write

529000

remote allocation

page execute and read and write

2F30000

direct allocation

page read and write

18AAA600000

heap

page read and write

431000

unkown

page execute read

2CBE000

stack

page read and write

431000

unkown

page execute read

19E000

stack

page read and write

1B0000

remote allocation

page read and write

1AA2E000

stack

page read and write

433000

unkown

page write copy

60901000

direct allocation

page execute read

4E0000

unkown

page readonly

27BE000

stack

page read and write

58E000

stack

page read and write

401000

unkown

page execute read

9D000

stack

page read and write

57E000

stack

page read and write

610000

direct allocation

page read and write

21FF68B0000

trusted library allocation

page read and write

30000

heap

page read and write

400000

unkown

page readonly

15EEFED0000

heap

page read and write

431000

unkown

page execute read

2DF417B000

stack

page read and write

2DBD000

stack

page read and write

5E0ECFF000

stack

page read and write

60900000

direct allocation

page execute and read and write

27AE000

stack

page read and write

400000

unkown

page readonly

628000

direct allocation

page read and write

2821B000

stack

page read and write

5EE000

stack

page read and write

610000

direct allocation

page read and write

2DDF000

stack

page read and write

2F30000

direct allocation

page read and write

5E0E51F000

stack

page read and write

2F30000

direct allocation

page read and write

30AC000

stack

page read and write

2F30000

direct allocation

page read and write

401000

unkown

page execute read

27991000

trusted library allocation

page read and write

401000

unkown

page execute read

27781000

trusted library allocation

page read and write

2F32000

direct allocation

page read and write

2F30000

direct allocation

page read and write

665000

heap

page read and write

958D000

stack

page read and write

1AB2F000

stack

page read and write

2F70000

remote allocation

page read and write

278E000

stack

page read and write

610000

direct allocation

page read and write

401000

unkown

page execute read

15EF0102000

heap

page read and write

2F30000

direct allocation

page read and write

433000

unkown

page write copy

2330000

heap

page read and write

46A000

unkown

page readonly

2C7A000

stack

page read and write

1B0000

remote allocation

page read and write

88F000

stack

page read and write

1CB000

stack

page read and write

400000

remote allocation

page execute and read and write

431000

unkown

page execute read

18AAA702000

heap

page read and write

93CE000

trusted library allocation

page read and write

401000

unkown

page execute read

2F30000

direct allocation

page read and write

D2D177E000

stack

page read and write

935B000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

431000

unkown

page execute read

18AAA674000

heap

page read and write

1B0000

remote allocation

page read and write

401000

unkown

page execute read

1F24B302000

heap

page read and write

52B000

remote allocation

page execute and read and write

1A77D000

stack

page read and write

610000

direct allocation

page read and write

400000

unkown

page readonly

4DA000

unkown

page read and write

400000

remote allocation

page execute and read and write

27997000

trusted library allocation

page read and write

2F1E000

stack

page read and write

21FF7780000

trusted library allocation

page read and write

279AA000

trusted library allocation

page read and write

2B7E000

stack

page read and write

433000

unkown

page write copy

401000

unkown

page execute read

2F30000

direct allocation

page read and write

400000

unkown

page readonly

610000

direct allocation

page read and write

5AE000

stack

page read and write

2F30000

direct allocation

page read and write

2DBE000

stack

page read and write

610000

direct allocation

page read and write

279A1000

trusted library allocation

page read and write

27990000

trusted library allocation

page read and write

8F8000

heap

page read and write

C20000

heap

page read and write

5E0E59F000

stack

page read and write

2F30000

direct allocation

page read and write

2F30000

direct allocation

page read and write

5E0E49B000

stack

page read and write

638000

heap

page read and write

52B000

remote allocation

page execute and read and write

2F71000

heap

page read and write

2E30000

remote allocation

page read and write

2F3A000

direct allocation

page read and write

81F000

stack

page read and write

27781000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

610000

direct allocation

page read and write

310B779000

stack

page read and write

2E31000

heap

page read and write

3070000

remote allocation

page read and write

2E5E000

stack

page read and write

2F70000

remote allocation

page read and write

464000

unkown

page read and write

120000

heap

page read and write

671000

heap

page read and write

400000

unkown

page readonly

4E0000

unkown

page readonly

1B0000

remote allocation

page read and write

222F000

stack

page read and write

2F30000

direct allocation

page read and write

3511000

unkown

page read and write

30000

heap

page read and write

2F30000

direct allocation

page read and write

1B0000

remote allocation

page read and write

31F3000

trusted library allocation

page read and write

2DF407B000

stack

page read and write

434000

unkown

page write copy

2F30000

direct allocation

page read and write

2799D000

trusted library allocation

page read and write

4E0000

unkown

page readonly

2F30000

direct allocation

page read and write

3070000

remote allocation

page read and write

2F30000

direct allocation

page read and write

2F30000

direct allocation

page read and write

431000

unkown

page execute read

1B0000

remote allocation

page read and write

400000

unkown

page readonly

433000

unkown

page write copy

6DF000

stack

page read and write

17B000

stack

page read and write

63C000

heap

page read and write

400000

remote allocation

page execute and read and write

26C30000

trusted library allocation

page read and write

529000

remote allocation

page execute and read and write

2F30000

direct allocation

page read and write

610000

direct allocation

page read and write

400000

remote allocation

page execute and read and write

430000

trusted library allocation

page read and write

433000

unkown

page write copy

31D0000

trusted library allocation

page read and write

6A9000

heap

page read and write

27780000

trusted library allocation

page read and write

2162000

trusted library allocation

page execute and read and write

4E0000

unkown

page readonly

4E0000

unkown

page readonly

7A2000

heap

page read and write

7A9000

heap

page read and write

6F7000

heap

page read and write

63C000

heap

page read and write

BBE000

stack

page read and write

2CBE000

stack

page read and write

78E000

heap

page read and write

610000

direct allocation

page read and write

33A3000

trusted library allocation

page read and write

400000

unkown

page readonly

5F0000

heap

page read and write

4C4000

unkown

page read and write

400000

remote allocation

page execute and read and write

610000

direct allocation

page read and write

936F000

trusted library allocation

page read and write

61C000

direct allocation

page read and write

610000

direct allocation

page read and write

2F30000

direct allocation

page read and write

433000

unkown

page write copy

8A0000

heap

page read and write

2F5F000

stack

page read and write

610000

direct allocation

page read and write

2F30000

direct allocation

page read and write

69E000

stack

page read and write

2E20000

remote allocation

page read and write

18AAA700000

heap

page read and write

2F1F000

stack

page read and write

400000

remote allocation

page execute and read and write

18AAA613000

heap

page read and write

93AB000

trusted library allocation

page read and write

1F24B249000

heap

page read and write

1B0000

remote allocation

page read and write

590000

heap

page read and write

434000

unkown

page write copy

9C000

stack

page read and write

2F70000

heap

page read and write

18AAA602000

heap

page read and write

401000

unkown

page execute read

310B6FF000

stack

page read and write

705000

heap

page read and write

1B0000

remote allocation

page read and write

400000

remote allocation

page execute and read and write

2F30000

direct allocation

page read and write

8CC000

heap

page read and write

401000

unkown

page execute read

401000

unkown

page execute read

2F30000

direct allocation

page read and write

52B000

remote allocation

page execute and read and write

2F30000

direct allocation

page read and write

4DA000

unkown

page read and write

431000

unkown

page execute read

400000

unkown

page readonly

27796000

trusted library allocation

page read and write

1A39F000

stack

page read and write

610000

direct allocation

page read and write

52B000

remote allocation

page execute and read and write

2C7A000

stack

page read and write

2F30000

direct allocation

page read and write

6B3000

heap

page read and write

400000

remote allocation

page execute and read and write

78E000

heap

page read and write

64E000

stack

page read and write

19B000

stack

page read and write

753000

heap

page read and write

529000

remote allocation

page execute and read and write

9BF000

stack

page read and write

19B000

stack

page read and write

610000

direct allocation

page read and write

52B000

remote allocation

page execute and read and write

31D7000

trusted library allocation

page read and write

400000

unkown

page readonly

2B0F000

stack

page read and write

52B000

remote allocation

page execute and read and write

2811E000

stack

page read and write

52B000

remote allocation

page execute and read and write

27991000

trusted library allocation

page read and write

15EF0000000

heap

page read and write

2B7D000

stack

page read and write

2DBE000

stack

page read and write

9FF000

stack

page read and write

431000

unkown

page execute read

400000

remote allocation

page execute and read and write

6097D000

direct allocation

page read and write

21FF7750000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

280F000

stack

page read and write

1F24B265000

heap

page read and write

2F38000

direct allocation

page read and write

400000

unkown

page readonly

1A9F0000

remote allocation

page read and write

29CF000

stack

page read and write

1B0000

remote allocation

page read and write

610000

direct allocation

page read and write

6B6000

heap

page read and write

2F30000

direct allocation

page read and write

431000

unkown

page execute read

30000

heap

page read and write

52B000

remote allocation

page execute and read and write

529000

remote allocation

page execute and read and write

75F000

stack

page read and write

32CB000

trusted library allocation

page read and write

401000

unkown

page execute read

2CBE000

stack

page read and write

301F000

stack

page read and write

6A9000

heap

page read and write

8BB000

heap

page read and write

18AAA713000

heap

page read and write

1B0000

remote allocation

page read and write

30000

heap

page read and write

431000

unkown

page execute read

660000

heap

page read and write

1F0000

trusted library allocation

page read and write

431000

unkown

page execute read

15EF0088000

heap

page read and write

21FF7760000

heap

page readonly

B19000

heap

page read and write

610000

direct allocation

page read and write

400000

unkown

page readonly

8DA000

heap

page read and write

433000

unkown

page write copy

2F30000

direct allocation

page read and write

1F0000

trusted library allocation

page read and write

9303000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

2F30000

direct allocation

page read and write

69F000

heap

page read and write

610000

direct allocation

page read and write

400000

unkown

page readonly

9382000

trusted library allocation

page read and write

6C2000

heap

page read and write

4DA000

unkown

page read and write

2816A000

heap

page read and write

2F30000

direct allocation

page read and write

1B0000

remote allocation

page read and write

21FF690B000

heap

page read and write

697000

heap

page read and write

31C1000

trusted library allocation

page read and write

31DB000

trusted library allocation

page read and write

433000

unkown

page write copy

196000

stack

page read and write

336C000

trusted library allocation

page read and write

8AF000

heap

page read and write

696000

trusted library allocation

page execute and read and write

610000

direct allocation

page read and write

2F30000

direct allocation

page read and write

2670000

heap

page read and write

1B0000

remote allocation

page read and write

18AAA66D000

heap

page read and write

19B000

stack

page read and write

196000

stack

page read and write

64E000

stack

page read and write

631000

heap

page read and write

2F30000

direct allocation

page read and write

5A0000

heap

page read and write

2821D000

stack

page read and write

2F30000

direct allocation

page read and write

D2D197B000

stack

page read and write

30000

heap

page read and write

433000

unkown

page write copy

7FF000

trusted library allocation

page execute and read and write

705000

heap

page read and write

2F30000

direct allocation

page read and write

1B0000

remote allocation

page read and write

705000

heap

page read and write

400000

unkown

page readonly

431000

unkown

page execute read

401000

unkown

page execute read

1B0000

remote allocation

page read and write

9D000

stack

page read and write

6BB000

heap

page read and write

2F30000

direct allocation

page read and write

15EEFEC0000

heap

page read and write

277F000

stack

page read and write

2F30000

direct allocation

page read and write

8BA000

heap

page read and write

9C000

stack

page read and write

431000

unkown

page execute read

610000

direct allocation

page read and write

903000

heap

page read and write

6C8000

heap

page read and write

26CF8000

trusted library allocation

page read and write

87E000

stack

page read and write

2F30000

direct allocation

page read and write

6A7000

heap

page read and write

1B0000

remote allocation

page read and write

4DA000

unkown

page read and write

2F30000

direct allocation

page read and write

1B0000

remote allocation

page read and write

7B0000

heap

page read and write

310B67A000

stack

page read and write

6B7000

heap

page read and write

627000

heap

page read and write

2821F000

stack

page read and write

60E000

stack

page read and write

1F24B200000

heap

page read and write

610000

direct allocation

page read and write

4E0000

unkown

page readonly

620000

heap

page read and write

401000

unkown

page execute read

276F000

stack

page read and write

2799D000

trusted library allocation

page read and write

401000

unkown

page execute read

5C2000

heap

page read and write

93C7000

trusted library allocation

page read and write

400000

unkown

page readonly

1F24B000000

heap

page read and write

2F30000

direct allocation

page read and write

5DF000

heap

page read and write

6097B000

direct allocation

page readonly

4E0000

unkown

page readonly

28270000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

8B2000

heap

page read and write

30000

heap

page read and write

15EF006E000

heap

page read and write

288F000

stack

page read and write

21FF6BB5000

heap

page read and write

4C4000

unkown

page read and write

433000

unkown

page write copy

A0F000

stack

page read and write

252E000

stack

page read and write

290F000

stack

page read and write

610000

direct allocation

page read and write

2A0E000

stack

page read and write

4E0000

unkown

page readonly

21FF6890000

trusted library allocation

page read and write

31D7000

trusted library allocation

page read and write

A5E000

stack

page read and write

2C8E000

stack

page read and write

433000

unkown

page write copy

9BF000

stack

page read and write

610000

direct allocation

page read and write

610000

direct allocation

page read and write

612000

direct allocation

page read and write

2FEE000

stack

page read and write

400000

unkown

page readonly

93B1000

trusted library allocation

page read and write

2F70000

remote allocation

page read and write

80E000

stack

page read and write

1B0000

remote allocation

page read and write

2B3A000

stack

page read and write

932B000

trusted library allocation

page read and write

740000

heap

page read and write

936F000

trusted library allocation

page read and write

431000

unkown

page execute read

9375000

trusted library allocation

page read and write

8BE000

heap

page read and write

2F30000

direct allocation

page read and write

1F0000

trusted library allocation

page read and write

4E0000

unkown

page readonly

5E0EAF7000

stack

page read and write

1A5DF000

stack

page read and write

610000

direct allocation

page read and write

1F24BA02000

trusted library allocation

page read and write

401000

unkown

page execute read

627000

heap

page read and write

1AC5D000

trusted library allocation

page read and write

5E0EBFD000

stack

page read and write

6F7000

heap

page read and write

2F30000

direct allocation

page read and write

21FF77D0000

trusted library allocation

page read and write

21FF7770000

trusted library allocation

page read and write

2E1E000

stack

page read and write

6AE000

stack

page read and write

8D1000

heap

page read and write

431000

unkown

page execute read

31F7000

trusted library allocation

page read and write

1B0000

remote allocation

page read and write

2E30000

heap

page read and write

2F30000

direct allocation

page read and write

2F71000

heap

page read and write

1A61E000

stack

page read and write

640000

heap

page read and write

2F30000

direct allocation

page read and write

18AAAE02000

trusted library allocation

page read and write

8CD000

heap

page read and write

2F30000

direct allocation

page read and write

6C7000

heap

page read and write

828000

heap

page read and write

6BB000

heap

page read and write

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

21FF6BB0000

heap

page read and write

2F30000

direct allocation

page read and write

18AAA628000

heap

page read and write

610000

direct allocation

page read and write

D2D1BFF000

stack

page read and write

1F0000

trusted library allocation

page read and write

2F30000

direct allocation

page read and write

400000

unkown

page readonly

1F24B25B000

heap

page read and write

401000

unkown

page execute read

2B20000

heap

page read and write

28BF000

stack

page read and write

64E000

stack

page read and write

5B0000

heap

page read and write

52B000

remote allocation

page execute and read and write

45C000

unkown

page read and write

2F30000

direct allocation

page read and write

62A000

direct allocation

page read and write

610000

direct allocation

page read and write

4E0000

unkown

page readonly

401000

unkown

page execute read

31C1000

trusted library allocation

page read and write

31F3000

trusted library allocation

page read and write

431000

unkown

page execute read

193000

stack

page read and write

1B0000

remote allocation

page read and write

8CC000

heap

page read and write

29EF000

stack

page read and write

29F0000

heap

page read and write

1A9F0000

remote allocation

page read and write

1B0000

remote allocation

page read and write

2F30000

direct allocation

page read and write

21FF68D0000

heap

page read and write

46A000

unkown

page readonly

274F000

stack

page read and write

401000

unkown

page execute read

2F30000

direct allocation

page read and write

1A49F000

stack

page read and write

9372000

trusted library allocation

page read and write

6C5000

heap

page read and write

2290000

heap

page read and write

4E0000

unkown

page readonly

433000

unkown

page write copy

401000

unkown

page execute read

610000

direct allocation

page read and write

31F3000

trusted library allocation

page read and write

D2D16FE000

stack

page read and write

9307000

trusted library allocation

page read and write

There are 1207 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
2OmglUwx83.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report2OmglUwx83.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
2OmglUwx83.exe