Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

PLAY.mal_.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

A:\Recovery\WindowsRE\boot.sdi.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY (copy)

Dyalog APL version 167.40

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.PLAY (copy)

data

dropped

data

dropped

C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies.PLAY (copy)

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\cab1.cab

Dyalog APL version 167.40

dropped

C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab

data

dropped

C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl

data

dropped

C:\Recovery\WindowsRE\Winre.wim

data

dropped

C:\Recovery\WindowsRE\boot.sdi

data

dropped

C:\Users\Default\NTUSER.DAT

data

dropped

C:\Users\Default\NTUSER.DAT.LOG1

data

dropped

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf

data

dropped

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms

data

dropped

C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

data

dropped

C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

data

dropped

C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

data

dropped

C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx

data

dropped

C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62FC0DB0-1450.pma

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

SysEx File - ADA

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\17f7cd50011af964_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1ba843d01a7fd21b_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2fc35d15f2eabeff_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4d1a34821fab0830_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d86ce9f97b83b7a_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5e3d1997942e96db_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6634d30d3dcbf0b9_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\92ed7279d3e98be7_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9aac68df8d0c7a90_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc9785cdcbaea0b7_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\verified_contents.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_background.js

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_window.js

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db

data

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PLAY.mal_.exe_1445cdc43efb964b32befeee25a179accaf97_d3ad2702_0d741ad7\Report.wer

Little-endian UTF-16 Unicode text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PLAY.mal_.exe_1445cdc43efb964b32befeee25a179accaf97_d3ad2702_1fe7fa4f\Report.wer

Little-endian UTF-16 Unicode text, with CRLF line terminators

dropped

A:\Recovery\WindowsRE\ReAgent.xml.PLAY (copy)

data

dropped

C:\$Recycle.Bin\S-1-5-18\desktop.ini

data

dropped

C:\$Recycle.Bin\S-1-5-18\desktop.ini.PLAY (copy)

data

dropped

C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini

data

dropped

C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini.PLAY (copy)

data

dropped

C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\$I2EW2MR.pdf

data

dropped

C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\$I2EW2MR.pdf.PLAY (copy)

data

dropped

C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini

data

dropped

C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini.PLAY (copy)

data

dropped

C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini

data

dropped

C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn.PLAY (copy)

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn.PLAY (copy)

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn.PLAY (copy)

PGP\011Secret Key -

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.PLAY (copy)

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\state.rsm.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\state.rsm.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore4df22196-a1f2-426c-aa27-062a9f86aba6.xml.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.PLAY (copy)

data

dropped

data

dropped

data

dropped

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Microsoft Office Professional Plus 2016.swidtag.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.PLAY (copy)

data

dropped

data

dropped

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.PLAY (copy)

data

dropped

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\desktop.ini.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.PLAY (copy)

data

dropped

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.PLAY (copy)

data

dropped

data

dropped

data

dropped

COM executable for DOS

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

BS image, Version 17610, Quantization 59316, (Decompresses to 60148 words)

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

PGP\011Secret Sub-key -

dropped

data

dropped

data

dropped

data

dropped

PGP\011Secret Sub-key -

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

data

dropped

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp

data

dropped

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab

data

dropped

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini

data

dropped

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini

data

dropped

C:\ProgramData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.MSACCESS.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.ONENOTE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.OUTLOOK.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.POWERPNT.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SETLANG.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn

PGP\011Secret Key -

dropped

C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\MS.WINWORD.16.1033.hxn

data

dropped

C:\ProgramData\Microsoft Help\nslist.hxl

data

dropped

C:\ProgramData\Microsoft OneDrive\setup\refcount.ini

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\desktop.ini

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini

MPEG-4 LOAS

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini

data

dropped

C:\ProgramData\Oracle\Java\installcache\baseimagefam8

data

dropped

C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\state.rsm

data

dropped

C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm

data

dropped

C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\state.rsm

data

dropped

C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm

data

dropped

C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm

data

dropped

C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm

data

dropped

C:\ProgramData\USOPrivate\UpdateStore\updatestore4df22196-a1f2-426c-aa27-062a9f86aba6.xml

data

dropped

C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml

data

dropped

C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl

data

dropped

C:\ProgramData\USOShared\Logs\NotifyIcon.002.etl

data

dropped

C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl

data

dropped

C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl

data

dropped

C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Microsoft Office Professional Plus 2016.swidtag

data

dropped

C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag

data

dropped

C:\ReadMe.txt

ASCII text, with CRLF line terminators

dropped

C:\Recovery\WindowsRE\ReAgent.xml

data

dropped

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink

data

dropped

C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini

data

dropped

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini

data

dropped

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini

data

dropped

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini

data

dropped

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini

data

dropped

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini

data

dropped

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

data

dropped

C:\Users\Public\Desktop\desktop.ini

data

dropped

C:\Users\Public\Documents\desktop.ini

data

dropped

C:\Users\Public\Music\desktop.ini

COM executable for DOS

dropped

C:\Users\Public\Pictures\desktop.ini

data

dropped

C:\Users\Public\Videos\desktop.ini

data

dropped

C:\Users\desktop.ini

data

dropped

C:\Users\user\3D Objects\desktop.ini

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

data

dropped

C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst

data

dropped

C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp

data

dropped

C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp

data

dropped

C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\index

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\02f2049f4d076920_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0345d052e557eb30_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0cd82a09b7413176_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\12318cd0c335b8e0_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\157ac5dc69855318_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\181db4280bb3db70_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\193710419aa3cc17_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\204be61fa3dd1aa2_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\244f905c10de3c26_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\25f13bc86c899fc9_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2fc3d3a085992c47_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\33d102032f141cd7_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3653004befb613c5_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37c5525a0a82ad76_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\39208e3502e0f8fa_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3cad3a8253a7ad76_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3dbe54b7c92541c6_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\413a48146dfbead6_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\520e3a8ed2a05fd8_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54c2a35d39717397_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\58ea1f927c503c2b_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5febb783fe057117_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5feda46b7e0a1749_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70060c5e68d24ac0_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7024e62dc145f17b_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\781eda116020e748_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\78ce8e30f78a2d10_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\830eb3248d9b5d25_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\904d92f9077f5bc7_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\99fbbd13ad205f5c_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d6041a3c725d0dd_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a1ae1b82121938e8_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a98e8bc1ce64e2b3_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae276f63f5a595de_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\af093619a7f7877c_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bebbf0a4fa320847_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c0f40f633d039512_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c7f24e4bd8dada7f_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cd472734465da5c1_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ce66982a2c6e4dab_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cf7c0c62d2a87a0c_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e0e29b32b66396ce_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e957e727b4de6e6c_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5205d5c99120fa5_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd193f77dd25e1a1_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fee6704ec67d5ed1_0

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index

PGP\011Secret Key -

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENT

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

BS image, Version 17610, Quantization 59316, (Decompresses to 60148 words)

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\128.png

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\af\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\am\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ar\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\az\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\be\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\bg\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\bn\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ca\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\cs\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\cy\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\da\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\de\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\el\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en_GB\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en_US\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\es\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\es_419\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\et\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\eu\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fa\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fi\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fil\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fr\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fr_CA\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\gl\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\gu\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hi\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hr\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hu\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hy\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\id\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\is\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\it\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\iw\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ja\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ka\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\kk\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\km\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\kn\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ko\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lo\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lt\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lv\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ml\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\mn\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\mr\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ms\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\my\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ne\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\nl\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\no\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pa\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pl\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pt_BR\messages.json

PGP\011Secret Sub-key -

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pt_PT\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ro\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ru\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\si\messages.json

PGP\011Secret Sub-key -

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sk\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sl\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sr\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sv\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sw\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ta\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\te\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\th\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\tr\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\uk\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ur\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\vi\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zh_CN\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zh_HK\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zh_TW\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zu\messages.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\computed_hashes.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\dasherSettingSchema.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\manifest.json

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\page_embed_script.js

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\craw_window.css

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\craw_window.html

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_16.png

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old

data

dropped

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000008

data

dropped

C:\bootTel.dat

data

dropped

C:\bootTel.dat.PLAY (copy)

data

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1115.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FF.tmp.dmp

Mini DuMP crash report, 15 streams, Fri Sep 2 06:09:42 2022, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8ACC.tmp.dmp

Mini DuMP crash report, 15 streams, Fri Sep 2 06:09:21 2022, 0x1205a4 type

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD5B.tmp.WERInternalMetadata.xml

XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE60C.tmp.WERInternalMetadata.xml

XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\WER\Temp\WERED70.tmp.xml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\ProgramData\USOShared\Logs\NotifyIcon.003.etl

data

dropped

C:\ProgramData\USOShared\Logs\NotifyIcon.004.etl

data

dropped

C:\ProgramData\USOShared\Logs\NotifyIcon.005.etl

data

dropped

There are 516 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\PLAY.mal_.exe

"C:\Users\user\Desktop\PLAY.mal_.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6884
Target ID:	0
Parent PID:	5876
Name:	PLAY.mal_.exe
Path:	C:\Users\user\Desktop\PLAY.mal_.exe
Commandline:	"C:\Users\user\Desktop\PLAY.mal_.exe"
Size:	182784
MD5:	223EFF1610B432A1F1AA06C60BD7B9A6
Time:	23:18:57
Date:	01/09/2022
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xae0000
Modulesize:	196608
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Yara detected Keylogger Generic	Key, Mouse, Clipboard, Microphone and Screen Capturing
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 1540

Details

Is windows:	true
Is dropped:	false
PID:	8156
Target ID:	14
Parent PID:	5460
Name:	WerFault.exe
Path:	C:\Windows\SysWOW64\WerFault.exe
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 1540
Size:	434592
MD5:	9E2B8ACAD48ECCA55C0230D63623661B
Time:	23:09:05
Date:	01/09/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1030000
Modulesize:	442368
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Launches processes in debugging mode, may be used to hinder debugging	Anti Debugging	Disable or Modify Tools
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 1540

Details

Is windows:	true
Is dropped:	false
PID:	3400
Target ID:	19
Parent PID:	5460
Name:	WerFault.exe
Path:	C:\Windows\SysWOW64\WerFault.exe
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 1540
Size:	434592
MD5:	9E2B8ACAD48ECCA55C0230D63623661B
Time:	23:09:40
Date:	01/09/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1030000
Modulesize:	442368
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Launches processes in debugging mode, may be used to hinder debugging	Anti Debugging	Disable or Modify Tools
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 2796

Details

Is windows:	true
Is dropped:	false
PID:	5288
Target ID:	20
Parent PID:	5460
Name:	WerFault.exe
Path:	C:\Windows\SysWOW64\WerFault.exe
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 2796
Size:	434592
MD5:	9E2B8ACAD48ECCA55C0230D63623661B
Time:	23:09:40
Date:	01/09/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1030000
Modulesize:	442368
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Launches processes in debugging mode, may be used to hinder debugging	Anti Debugging	Disable or Modify Tools
One or more processes crash	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://bugreport.sun.com/bugreport/crash.jsp

unknown

http://www.oracle.com/hotspot/jvm/java/monitor/address

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

http://www.oracle.com/hotspot/jvm/vm/compiler/id

unknown

http://www.oracle.com/hotspot/jvm/

unknown

http://www.oracle.com/hotspot/jvm/vm/gc/id

unknown

http://bugreport.sun.com/bugreport/crash.jspVM

unknown

http://ocsp.thawte.com0

unknown

http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id

unknown

IPs

Domain

Country

Malicious

192.168.2.148

unknown

192.168.2.149

unknown

192.168.2.146

unknown

192.168.2.147

unknown

192.168.2.140

unknown

192.168.2.141

unknown

192.168.2.144

unknown

192.168.2.145

unknown

192.168.2.142

unknown

192.168.2.143

unknown

192.168.2.159

unknown

192.168.2.157

unknown

192.168.2.158

unknown

192.168.2.151

unknown

192.168.2.152

unknown

192.168.2.150

unknown

192.168.2.155

unknown

192.168.2.156

unknown

192.168.2.153

unknown

192.168.2.154

unknown

192.168.2.126

unknown

192.168.2.247

unknown

192.168.2.127

unknown

192.168.2.248

unknown

192.168.2.124

unknown

192.168.2.245

unknown

192.168.2.125

unknown

192.168.2.246

unknown

192.168.2.128

unknown

192.168.2.249

unknown

192.168.2.129

unknown

192.168.2.240

unknown

192.168.2.122

unknown

192.168.2.243

unknown

192.168.2.123

unknown

192.168.2.244

unknown

192.168.2.120

unknown

192.168.2.241

unknown

192.168.2.121

unknown

192.168.2.242

unknown

192.168.2.97

unknown

192.168.2.137

unknown

192.168.2.96

unknown

192.168.2.138

unknown

192.168.2.99

unknown

192.168.2.135

unknown

192.168.2.98

unknown

192.168.2.136

unknown

192.168.2.139

unknown

192.168.2.250

unknown

192.168.2.130

unknown

192.168.2.251

unknown

192.168.2.91

unknown

192.168.2.90

unknown

192.168.2.93

unknown

192.168.2.133

unknown

192.168.2.254

unknown

192.168.2.92

unknown

192.168.2.134

unknown

192.168.2.95

unknown

192.168.2.131

unknown

192.168.2.252

unknown

192.168.2.94

unknown

192.168.2.132

unknown

192.168.2.253

unknown

192.168.2.104

unknown

192.168.2.225

unknown

192.168.2.105

unknown

192.168.2.226

unknown

192.168.2.102

unknown

192.168.2.223

unknown

192.168.2.103

unknown

192.168.2.224

unknown

192.168.2.108

unknown

192.168.2.229

unknown

192.168.2.109

unknown

192.168.2.106

unknown

192.168.2.227

unknown

192.168.2.107

unknown

192.168.2.228

unknown

192.168.2.100

unknown

192.168.2.221

unknown

192.168.2.101

unknown

192.168.2.222

unknown

192.168.2.220

unknown

192.168.2.115

unknown

192.168.2.236

unknown

192.168.2.116

unknown

192.168.2.237

unknown

192.168.2.113

unknown

192.168.2.234

unknown

192.168.2.114

unknown

192.168.2.235

unknown

192.168.2.119

unknown

192.168.2.117

unknown

192.168.2.238

unknown

192.168.2.118

unknown

192.168.2.239

unknown

192.168.2.111

unknown

192.168.2.232

unknown

There are 90 hidden IPs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

AmiHivePermissionsCorrect

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

AmiHiveOwnerCorrect

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

ProgramId

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

FileId

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

LowerCaseLongPath

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

LongPathHash

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

Name

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

Publisher

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

Version

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

BinFileVersion

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

BinaryType

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

ProductName

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

ProductVersion

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

LinkDate

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

BinProductVersion

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

Size

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

Language

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

IsPeFile

\REGISTRY\A\{1a33ef08-b54a-6ddc-fe2c-ed020b0e2d68}\Root\InventoryApplicationFile\play.mal_.exe|e1fb99c

IsOsComponent

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug

ExceptionRecord

HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceTicket

HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

DeviceId

HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}

ApplicationFlags

HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property

001840064172BCE4

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

ClockTimeSeconds

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData

TickCount

There are 16 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

13BC000

heap

page read and write

13A6000

heap

page read and write

31B2000

direct allocation

page read and write

13D0000

heap

page read and write

1550000

direct allocation

page read and write

1630000

direct allocation

page read and write

13E9000

heap

page read and write

13A1000

heap

page read and write

13C8000

heap

page read and write

13E2000

heap

page read and write

11E74000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

1439000

heap

page read and write

11E64000

trusted library allocation

page read and write

13FC000

heap

page read and write

11E62000

trusted library allocation

page read and write

BBC0000

direct allocation

page read and write

1E8B3E02000

trusted library allocation

page read and write

3F14000

direct allocation

page read and write

13DF000

heap

page read and write

30C0000

direct allocation

page read and write

11E58000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

13B8000

heap

page read and write

11E64000

trusted library allocation

page read and write

C890000

direct allocation

page read and write

11EB0000

trusted library allocation

page read and write

1560000

direct allocation

page read and write

1620000

direct allocation

page read and write

11E64000

trusted library allocation

page read and write

13F8000

heap

page read and write

139F000

heap

page read and write

13A6000

heap

page read and write

1820000

direct allocation

page read and write

138E000

heap

page read and write

11E74000

trusted library allocation

page read and write

1420000

heap

page read and write

11E76000

trusted library allocation

page read and write

4600000

direct allocation

page read and write | page no cache

1395000

heap

page read and write

11E5A000

trusted library allocation

page read and write

11E74000

trusted library allocation

page read and write

139C000

heap

page read and write

11EA6000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1414000

heap

page read and write

13F4000

heap

page read and write

11E76000

trusted library allocation

page read and write

11E44000

trusted library allocation

page read and write

BA40000

direct allocation

page read and write

3100000

direct allocation

page read and write

11EC6000

trusted library allocation

page read and write

16B0000

direct allocation

page read and write

1550000

direct allocation

page read and write

1410000

heap

page read and write

11E61000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1560000

direct allocation

page read and write

11E4E000

trusted library allocation

page read and write

13C8000

heap

page read and write

15B0000

direct allocation

page read and write

13AA000

heap

page read and write

13B8000

heap

page read and write

11E60000

trusted library allocation

page read and write

11E35000

trusted library allocation

page read and write

5C00000

direct allocation

page read and write | page no cache

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

13C8000

heap

page read and write

30C0000

direct allocation

page read and write

1690000

direct allocation

page read and write

13A8000

heap

page read and write

13DA000

heap

page read and write

1391000

heap

page read and write

13A1000

heap

page read and write

13D2000

heap

page read and write

13FC000

heap

page read and write

1396000

heap

page read and write

11EB2000

trusted library allocation

page read and write

1438000

heap

page read and write

1460000

direct allocation

page read and write

13E2000

heap

page read and write

11E7C000

trusted library allocation

page read and write

13F8000

heap

page read and write

1550000

direct allocation

page read and write

13F8000

heap

page read and write

11EA6000

trusted library allocation

page read and write

11EA4000

trusted library allocation

page read and write

1E8B3700000

heap

page read and write

13D2000

heap

page read and write

15C0000

direct allocation

page read and write

13E9000

heap

page read and write

FCC000

stack

page read and write

1460000

direct allocation

page read and write

1402000

heap

page read and write

13E6000

heap

page read and write

11E55000

trusted library allocation

page read and write

15A0000

direct allocation

page read and write

11E44000

trusted library allocation

page read and write

11E44000

trusted library allocation

page read and write

13DA000

heap

page read and write

17E0000

direct allocation

page read and write

13E2000

heap

page read and write

1439000

heap

page read and write

1460000

direct allocation

page read and write

1398000

heap

page read and write

13FC000

heap

page read and write

1880000

direct allocation

page read and write

30C0000

direct allocation

page read and write

11EAB000

trusted library allocation

page read and write

13CA000

heap

page read and write

13A8000

heap

page read and write

F60000

heap

page read and write

4100000

direct allocation

page read and write | page no cache

13E4000

heap

page read and write

1550000

direct allocation

page read and write

11EF8000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

13E2000

heap

page read and write

13F6000

heap

page read and write

11E4E000

trusted library allocation

page read and write

138E000

heap

page read and write

1402000

heap

page read and write

1550000

direct allocation

page read and write

1460000

direct allocation

page read and write

1404000

heap

page read and write

11EB6000

trusted library allocation

page read and write

1E8B363C000

heap

page read and write

13E0000

heap

page read and write

1460000

direct allocation

page read and write

1391000

heap

page read and write

B0B000

unkown

page read and write

13F5000

heap

page read and write

1398000

heap

page read and write

11EB6000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

11EB6000

trusted library allocation

page read and write

139C000

heap

page read and write

1460000

direct allocation

page read and write

1400000

heap

page read and write

11E58000

trusted library allocation

page read and write

1550000

direct allocation

page read and write

1460000

direct allocation

page read and write

1414000

heap

page read and write

139C000

heap

page read and write

11E58000

trusted library allocation

page read and write

13D0000

heap

page read and write

30C0000

direct allocation

page read and write

30C0000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

1550000

direct allocation

page read and write

11EE0000

trusted library allocation

page read and write

1428000

heap

page read and write

11EC8000

trusted library allocation

page read and write

13F6000

heap

page read and write

1680000

direct allocation

page read and write

11ED6000

trusted library allocation

page read and write

11E3F000

trusted library allocation

page read and write

11EAE000

trusted library allocation

page read and write

13A6000

heap

page read and write

1429000

heap

page read and write

13F8000

heap

page read and write

13F8000

heap

page read and write

13FE000

heap

page read and write

BA40000

direct allocation

page read and write

13BC000

heap

page read and write

13C0000

heap

page read and write

16D0000

direct allocation

page read and write

30C0000

direct allocation

page read and write

11E48000

trusted library allocation

page read and write

11E54000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

139C000

heap

page read and write

142E000

heap

page read and write

7100000

direct allocation

page read and write | page no cache

1404000

heap

page read and write

13D0000

heap

page read and write

13E4000

heap

page read and write

1401000

heap

page read and write

11E79000

trusted library allocation

page read and write

13CA000

heap

page read and write

30C0000

direct allocation

page read and write

1393000

heap

page read and write

13A1000

heap

page read and write

11E48000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1439000

heap

page read and write

13C8000

heap

page read and write

15F0000

direct allocation

page read and write

16A0000

direct allocation

page read and write

1409000

heap

page read and write

13A3000

heap

page read and write

11E3C000

trusted library allocation

page read and write

13BC000

heap

page read and write

1460000

direct allocation

page read and write

13BC000

heap

page read and write

1414000

heap

page read and write

11E9E000

trusted library allocation

page read and write

13C8000

heap

page read and write

1400000

heap

page read and write

3100000

direct allocation

page read and write

11E97000

trusted library allocation

page read and write

11EAB000

trusted library allocation

page read and write

16A0000

direct allocation

page read and write

11E76000

trusted library allocation

page read and write

11E76000

trusted library allocation

page read and write

18F0000

direct allocation

page read and write

13E4000

heap

page read and write

13C8000

heap

page read and write

11E96000

trusted library allocation

page read and write

142C000

heap

page read and write

1460000

direct allocation

page read and write

11E34000

trusted library allocation

page read and write

11E58000

trusted library allocation

page read and write

BBC0000

direct allocation

page read and write

13DF000

heap

page read and write

6600000

direct allocation

page read and write | page no cache

17DF000

unkown

page read and write

1560000

direct allocation

page read and write

142C000

heap

page read and write

11EE4000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

11EE4000

trusted library allocation

page read and write

13E4000

heap

page read and write

11E61000

trusted library allocation

page read and write

11E55000

trusted library allocation

page read and write

139F000

heap

page read and write

11EB6000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

6A00000

direct allocation

page read and write | page no cache

13E4000

heap

page read and write

3216000

direct allocation

page read and write

138B000

heap

page read and write

4293000

direct allocation

page read and write

30C0000

direct allocation

page read and write

30C0000

direct allocation

page read and write

1439000

heap

page read and write

B88275B000

stack

page read and write

3100000

direct allocation

page read and write

139C000

heap

page read and write

11E5C000

trusted library allocation

page read and write

11EB3000

trusted library allocation

page read and write

13E0000

heap

page read and write

3100000

direct allocation

page read and write | page no cache

1430000

heap

page read and write

3161000

direct allocation

page read and write

1460000

direct allocation

page read and write

11E98000

trusted library allocation

page read and write

13DF000

heap

page read and write

11EBC000

trusted library allocation

page read and write

1550000

direct allocation

page read and write

1460000

direct allocation

page read and write

13E4000

heap

page read and write

11EAB000

trusted library allocation

page read and write

13E0000

heap

page read and write

B04000

unkown

page readonly

5300000

direct allocation

page read and write | page no cache

1414000

heap

page read and write

13A6000

heap

page read and write

1377000

heap

page read and write

1E8B3702000

heap

page read and write

1560000

direct allocation

page read and write

13A1000

heap

page read and write

13C8000

heap

page read and write

11EF8000

trusted library allocation

page read and write

1376000

heap

page read and write

13A3000

heap

page read and write

15A0000

direct allocation

page read and write

13F4000

heap

page read and write

1389000

heap

page read and write

11E76000

trusted library allocation

page read and write

1411000

heap

page read and write

11E9A000

trusted library allocation

page read and write

1393000

heap

page read and write

B882B7B000

stack

page read and write

11E64000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13F2000

heap

page read and write

BBC0000

direct allocation

page read and write

1460000

direct allocation

page read and write

138D000

heap

page read and write

11E60000

trusted library allocation

page read and write

143A000

heap

page read and write

11E58000

trusted library allocation

page read and write

11F08000

trusted library allocation

page read and write

13F5000

heap

page read and write

11E96000

trusted library allocation

page read and write

1428000

heap

page read and write

1460000

direct allocation

page read and write

139F000

heap

page read and write

1620000

direct allocation

page read and write

B04000

unkown

page readonly

315C000

direct allocation

page read and write

11ECE000

trusted library allocation

page read and write

1428000

heap

page read and write

1460000

direct allocation

page read and write

13C9000

heap

page read and write

5600000

direct allocation

page read and write | page no cache

1404000

heap

page read and write

30C0000

direct allocation

page read and write

15D0000

direct allocation

page read and write

1414000

heap

page read and write

B882CFE000

stack

page read and write

138E000

heap

page read and write

C890000

direct allocation

page read and write

1340000

heap

page read and write

11E44000

trusted library allocation

page read and write

1404000

heap

page read and write

1820000

direct allocation

page read and write

13CC000

heap

page read and write

1E8B3713000

heap

page read and write

3A6A000

direct allocation

page read and write

13F8000

heap

page read and write

139F000

heap

page read and write

13BC000

heap

page read and write

1400000

heap

page read and write

13B2000

heap

page read and write

7700000

direct allocation

page read and write | page no cache

11EBC000

trusted library allocation

page read and write

13DA000

heap

page read and write

1384000

heap

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

321F000

direct allocation

page read and write

13B8000

heap

page read and write

138B000

heap

page read and write

11EE4000

trusted library allocation

page read and write

BBD0000

direct allocation

page read and write

BB80000

direct allocation

page read and write

13E2000

heap

page read and write

11E64000

trusted library allocation

page read and write

1404000

heap

page read and write

11E58000

trusted library allocation

page read and write

6F00000

direct allocation

page read and write | page no cache

11E5A000

trusted library allocation

page read and write

15F0000

direct allocation

page read and write

1830000

direct allocation

page read and write

11E45000

trusted library allocation

page read and write

13C8000

heap

page read and write

138E000

heap

page read and write

13CA000

heap

page read and write

11EB5000

trusted library allocation

page read and write

1410000

heap

page read and write

3701000

direct allocation

page read and write

13E4000

heap

page read and write

1460000

direct allocation

page read and write

1550000

direct allocation

page read and write

13E2000

heap

page read and write

11EE4000

trusted library allocation

page read and write

1550000

direct allocation

page read and write

13CA000

heap

page read and write

15E0000

direct allocation

page read and write

13E2000

heap

page read and write

13C8000

heap

page read and write

1430000

heap

page read and write

15A0000

direct allocation

page read and write

1460000

direct allocation

page read and write

138E000

heap

page read and write

11EAB000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

15A0000

direct allocation

page read and write

15E0000

direct allocation

page read and write

1460000

direct allocation

page read and write

390B000

direct allocation

page read and write

1424000

heap

page read and write

143D000

heap

page read and write

1570000

direct allocation

page read and write

11ED0000

trusted library allocation

page read and write

13C8000

heap

page read and write

15E0000

direct allocation

page read and write

1414000

heap

page read and write

11E74000

trusted library allocation

page read and write

13CC000

heap

page read and write

30C0000

direct allocation

page read and write

137F000

heap

page read and write

11EAE000

trusted library allocation

page read and write

11E96000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

13B6000

heap

page read and write

BB80000

direct allocation

page read and write

1460000

direct allocation

page read and write

143D000

heap

page read and write

1404000

heap

page read and write

BBC0000

direct allocation

page read and write

1393000

heap

page read and write

BBC0000

direct allocation

page read and write

139F000

heap

page read and write

1404000

heap

page read and write

11E76000

trusted library allocation

page read and write

11ED0000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

1460000

direct allocation

page read and write

11E64000

trusted library allocation

page read and write

11E76000

trusted library allocation

page read and write

11E96000

trusted library allocation

page read and write

4E00000

direct allocation

page read and write | page no cache

1460000

direct allocation

page read and write

137B000

heap

page read and write

13CE000

heap

page read and write

30B0000

direct allocation

page read and write

3240000

direct allocation

page read and write

1600000

direct allocation

page read and write

1412000

heap

page read and write

11E44000

trusted library allocation

page read and write

13F6000

heap

page read and write

13CC000

heap

page read and write

18F0000

direct allocation

page read and write

13B7000

heap

page read and write

1460000

direct allocation

page read and write

1424000

heap

page read and write

16B0000

direct allocation

page read and write

13D0000

heap

page read and write

11E64000

trusted library allocation

page read and write

13C0000

heap

page read and write

13C8000

heap

page read and write

13CF000

heap

page read and write

1460000

direct allocation

page read and write

1402000

heap

page read and write

142C000

heap

page read and write

139F000

heap

page read and write

1460000

direct allocation

page read and write

C560000

direct allocation

page read and write

BDF0000

direct allocation

page read and write

BDF0000

direct allocation

page read and write

1590000

direct allocation

page read and write

13DF000

heap

page read and write

1460000

direct allocation

page read and write

1830000

direct allocation

page read and write

1430000

heap

page read and write

1408000

heap

page read and write

13E6000

heap

page read and write

1430000

heap

page read and write

1E8B3666000

heap

page read and write

13BE000

heap

page read and write

BCB0000

direct allocation

page read and write

11E79000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

11ED0000

trusted library allocation

page read and write

13F6000

heap

page read and write

11EA5000

trusted library allocation

page read and write

1550000

direct allocation

page read and write

1387000

heap

page read and write

1460000

direct allocation

page read and write

13E4000

heap

page read and write

137F000

heap

page read and write

11F08000

trusted library allocation

page read and write

11E74000

trusted library allocation

page read and write

BBC0000

direct allocation

page read and write

11E96000

trusted library allocation

page read and write

1E8B3629000

heap

page read and write

13A3000

heap

page read and write

BB80000

direct allocation

page read and write

7400000

direct allocation

page read and write | page no cache

11E54000

trusted library allocation

page read and write

1600000

direct allocation

page read and write

17E0000

direct allocation

page read and write

138B000

heap

page read and write

11E64000

trusted library allocation

page read and write

1402000

heap

page read and write

13E0000

heap

page read and write

142B000

heap

page read and write

1400000

heap

page read and write

1431000

heap

page read and write

11E74000

trusted library allocation

page read and write

1398000

heap

page read and write

11E9C000

trusted library allocation

page read and write

11EB5000

trusted library allocation

page read and write

11E3F000

trusted library allocation

page read and write

11E96000

trusted library allocation

page read and write

13AC000

heap

page read and write

1333000

heap

page read and write

13CC000

heap

page read and write

13E4000

heap

page read and write

141A000

heap

page read and write

13F1000

heap

page read and write

133A000

heap

page read and write

13F4000

heap

page read and write

11EB6000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

30C0000

direct allocation

page read and write

143D000

heap

page read and write

3700000

direct allocation

page read and write | page no cache

4200000

direct allocation

page read and write | page no cache

1620000

direct allocation

page read and write

13E2000

heap

page read and write

13A4000

heap

page read and write

18F0000

direct allocation

page read and write

1460000

direct allocation

page read and write

1550000

direct allocation

page read and write

11EAA000

trusted library allocation

page read and write

1410000

heap

page read and write

3100000

direct allocation

page read and write

11EDA000

trusted library allocation

page read and write

1400000

heap

page read and write

139D000

heap

page read and write

1860000

direct allocation

page read and write

13C8000

heap

page read and write

142D000

heap

page read and write

11E96000

trusted library allocation

page read and write

11E3C000

trusted library allocation

page read and write

13A3000

heap

page read and write

6E00000

direct allocation

page read and write | page no cache

13F2000

heap

page read and write

137B000

heap

page read and write

1412000

heap

page read and write

141A000

heap

page read and write

1408000

heap

page read and write

11E3C000

trusted library allocation

page read and write

11F0E000

trusted library allocation

page read and write

11EE0000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1590000

direct allocation

page read and write

13C8000

heap

page read and write

1460000

direct allocation

page read and write

13E4000

heap

page read and write

143D000

heap

page read and write

1560000

direct allocation

page read and write

1417000

heap

page read and write

1550000

direct allocation

page read and write

BDF0000

direct allocation

page read and write

11EAE000

trusted library allocation

page read and write

13F8000

heap

page read and write

13C0000

heap

page read and write

BB90000

direct allocation

page read and write

11E76000

trusted library allocation

page read and write

18F0000

direct allocation

page read and write

1419000

heap

page read and write

1460000

direct allocation

page read and write

138E000

heap

page read and write

1630000

direct allocation

page read and write

1460000

direct allocation

page read and write

C0D0000

direct allocation

page read and write

1450000

direct allocation

page read and write

1431000

heap

page read and write

1439000

heap

page read and write

13B8000

heap

page read and write

138D000

heap

page read and write

17F0000

direct allocation

page read and write

11E64000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13A3000

heap

page read and write

11E96000

trusted library allocation

page read and write

1550000

direct allocation

page read and write

1820000

direct allocation

page read and write

3F32000

direct allocation

page read and write

1431000

heap

page read and write

13BC000

heap

page read and write

13E9000

heap

page read and write

11F0E000

trusted library allocation

page read and write

1431000

heap

page read and write

1460000

direct allocation

page read and write

138B000

heap

page read and write

13BC000

heap

page read and write

13A3000

heap

page read and write

1460000

direct allocation

page read and write

13E4000

heap

page read and write

BB90000

direct allocation

page read and write

3B00000

direct allocation

page read and write | page no cache

382A000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

13E6000

heap

page read and write

1460000

direct allocation

page read and write

13FE000

heap

page read and write

11EB0000

trusted library allocation

page read and write

13BC000

heap

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

1436000

heap

page read and write

BBC0000

direct allocation

page read and write

140C000

heap

page read and write

3230000

direct allocation

page read and write

10FC1000

trusted library allocation

page read and write

11EDA000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

1408000

heap

page read and write

13AC000

heap

page read and write

11EA4000

trusted library allocation

page read and write

13DF000

heap

page read and write

11EF8000

trusted library allocation

page read and write

13E0000

heap

page read and write

1428000

heap

page read and write

3100000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

11E5C000

trusted library allocation

page read and write

13BC000

heap

page read and write

362B000

direct allocation

page read and write

11E5A000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

C8A0000

direct allocation

page read and write

11E98000

trusted library allocation

page read and write

30B0000

direct allocation

page read and write

11EB6000

trusted library allocation

page read and write

1552000

trusted library allocation

page read and write

11E74000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

1690000

direct allocation

page read and write

1431000

heap

page read and write

1460000

direct allocation

page read and write

1419000

heap

page read and write

11E74000

trusted library allocation

page read and write

13E2000

heap

page read and write

1398000

heap

page read and write

BBC0000

direct allocation

page read and write

11E3C000

trusted library allocation

page read and write

11E58000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

11E48000

trusted library allocation

page read and write

13C0000

heap

page read and write

1630000

direct allocation

page read and write

13E2000

heap

page read and write

137B000

heap

page read and write

11EB3000

trusted library allocation

page read and write

1431000

heap

page read and write

1384000

heap

page read and write

11E64000

trusted library allocation

page read and write

11EB2000

trusted library allocation

page read and write

13BC000

heap

page read and write

1428000

heap

page read and write

1460000

direct allocation

page read and write

11E96000

trusted library allocation

page read and write

1E8B3613000

heap

page read and write

1460000

direct allocation

page read and write

1438000

heap

page read and write

1420000

heap

page read and write

1409000

heap

page read and write

141A000

heap

page read and write

13CE000

heap

page read and write

11EF8000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

13E0000

heap

page read and write

4000000

direct allocation

page read and write | page no cache

11ECE000

trusted library allocation

page read and write

13C8000

heap

page read and write

30C0000

direct allocation

page read and write

1820000

direct allocation

page read and write

4B00000

direct allocation

page read and write | page no cache

11E3B000

trusted library allocation

page read and write

1320000

trusted library allocation

page read and write

13A4000

heap

page read and write

13C8000

heap

page read and write

11E60000

trusted library allocation

page read and write

BBC0000

direct allocation

page read and write

1430000

heap

page read and write

1431000

heap

page read and write

1416000

heap

page read and write

6700000

direct allocation

page read and write | page no cache

11E64000

trusted library allocation

page read and write

11E5C000

trusted library allocation

page read and write

141E000

heap

page read and write

13FC000

heap

page read and write

1460000

direct allocation

page read and write

11ED6000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

11E9E000

trusted library allocation

page read and write

11E76000

trusted library allocation

page read and write

11EB0000

trusted library allocation

page read and write

13C8000

heap

page read and write

13F4000

heap

page read and write

13A1000

heap

page read and write

13E0000

heap

page read and write

1425000

heap

page read and write

143D000

heap

page read and write

11E45000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

11E76000

trusted library allocation

page read and write

13E2000

heap

page read and write

1460000

direct allocation

page read and write

11E48000

trusted library allocation

page read and write

13E0000

heap

page read and write

13CB000

heap

page read and write

140A000

heap

page read and write

11E3C000

trusted library allocation

page read and write

13FE000

heap

page read and write

11E58000

trusted library allocation

page read and write

11EB6000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

13D0000

heap

page read and write

1870000

direct allocation

page read and write

1438000

heap

page read and write

13A4000

heap

page read and write

30C0000

direct allocation

page read and write

B882C7B000

stack

page read and write

1460000

direct allocation

page read and write

BBC0000

direct allocation

page read and write

11E58000

trusted library allocation

page read and write

1389000

heap

page read and write

1409000

heap

page read and write

139F000

heap

page read and write

1820000

direct allocation

page read and write

1404000

heap

page read and write

11EAE000

trusted library allocation

page read and write

1427000

heap

page read and write

1E8B365C000

heap

page read and write

13CA000

heap

page read and write

1410000

heap

page read and write

1580000

direct allocation

page read and write

15A0000

direct allocation

page read and write

1550000

direct allocation

page read and write

11EB0000

trusted library allocation

page read and write

11E54000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

5200000

direct allocation

page read and write | page no cache

1560000

direct allocation

page read and write

1460000

direct allocation

page read and write

138E000

heap

page read and write

13E0000

heap

page read and write

30C0000

direct allocation

page read and write

13BC000

heap

page read and write

1460000

direct allocation

page read and write

B882DF7000

stack

page read and write

1460000

direct allocation

page read and write

13E0000

heap

page read and write

11EB0000

trusted library allocation

page read and write

1404000

heap

page read and write

1690000

direct allocation

page read and write

BBA0000

direct allocation

page read and write

13E2000

heap

page read and write

11E60000

trusted library allocation

page read and write

BBC0000

direct allocation

page read and write

3A00000

direct allocation

page read and write | page no cache

13A3000

heap

page read and write

11EB6000

trusted library allocation

page read and write

3631000

direct allocation

page read and write

11EB0000

trusted library allocation

page read and write

11E58000

trusted library allocation

page read and write

5D00000

direct allocation

page read and write | page no cache

1830000

direct allocation

page read and write

1430000

heap

page read and write

1431000

heap

page read and write

13BC000

heap

page read and write

13E4000

heap

page read and write

1428000

heap

page read and write

13D2000

heap

page read and write

30C0000

direct allocation

page read and write

13B8000

heap

page read and write

141A000

heap

page read and write

1427000

heap

page read and write

1431000

heap

page read and write

1460000

direct allocation

page read and write

15F0000

direct allocation

page read and write

1427000

heap

page read and write

143D000

heap

page read and write

1425000

heap

page read and write

15C0000

direct allocation

page read and write

13BC000

heap

page read and write

15E0000

direct allocation

page read and write

13C8000

heap

page read and write

18A0000

direct allocation

page read and write

1424000

heap

page read and write

11E74000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

1460000

direct allocation

page read and write

13F6000

heap

page read and write

13E9000

heap

page read and write

1460000

direct allocation

page read and write

1414000

heap

page read and write

13E4000

heap

page read and write

1560000

direct allocation

page read and write

1460000

direct allocation

page read and write

142C000

heap

page read and write

5500000

direct allocation

page read and write | page no cache

142C000

heap

page read and write

13FC000

heap

page read and write

13B5000

heap

page read and write

7200000

direct allocation

page read and write | page no cache

142C000

heap

page read and write

13CA000

heap

page read and write

11F08000

trusted library allocation

page read and write

138B000

heap

page read and write

30C0000

direct allocation

page read and write

1410000

heap

page read and write

1391000

heap

page read and write

11EB6000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

140D000

heap

page read and write

11F0C000

trusted library allocation

page read and write

11EE0000

trusted library allocation

page read and write

1330000

heap

page read and write

11E45000

trusted library allocation

page read and write

11E58000

trusted library allocation

page read and write

13B0000

heap

page read and write

1460000

direct allocation

page read and write

1389000

heap

page read and write

1436000

heap

page read and write

1450000

direct allocation

page read and write | page no cache

1400000

heap

page read and write

3138000

direct allocation

page read and write

1460000

direct allocation

page read and write

13DF000

heap

page read and write

13FC000

heap

page read and write

138D000

heap

page read and write

1560000

direct allocation

page read and write

30C0000

direct allocation

page read and write

11E33000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

11E38000

trusted library allocation

page read and write

13BC000

heap

page read and write

11E9A000

trusted library allocation

page read and write

11EA8000

trusted library allocation

page read and write

1610000

direct allocation

page read and write

13AE000

heap

page read and write

11E74000

trusted library allocation

page read and write

4400000

direct allocation

page read and write | page no cache

11E74000

trusted library allocation

page read and write

13F6000

heap

page read and write

11E64000

trusted library allocation

page read and write

13DA000

heap

page read and write

11E74000

trusted library allocation

page read and write

11E9A000

trusted library allocation

page read and write

11E3C000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1600000

direct allocation

page read and write

1560000

direct allocation

page read and write

13A4000

heap

page read and write

1550000

direct allocation

page read and write

1398000

heap

page read and write

13FA000

heap

page read and write

13B8000

heap

page read and write

11E74000

trusted library allocation

page read and write

4290000

direct allocation

page read and write

12F8000

stack

page read and write

11ECE000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1430000

heap

page read and write

30C0000

direct allocation

page read and write

10FB9000

trusted library allocation

page read and write

1414000

heap

page read and write

1408000

heap

page read and write

138B000

heap

page read and write

13BC000

heap

page read and write

1410000

heap

page read and write

1460000

direct allocation

page read and write

15A0000

direct allocation

page read and write

7500000

direct allocation

page read and write | page no cache

13D0000

heap

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

1429000

heap

page read and write

11EAA000

trusted library allocation

page read and write

BBC0000

direct allocation

page read and write

1460000

direct allocation

page read and write

1590000

direct allocation

page read and write

1414000

heap

page read and write

30C0000

direct allocation

page read and write

139D000

heap

page read and write

13B6000

heap

page read and write

15F0000

direct allocation

page read and write

30C0000

direct allocation

page read and write

1550000

direct allocation

page read and write

11E9A000

trusted library allocation

page read and write

13CA000

heap

page read and write

13BC000

heap

page read and write

11E74000

trusted library allocation

page read and write

13A3000

heap

page read and write

142D000

heap

page read and write

BBC0000

direct allocation

page read and write

1402000

heap

page read and write

13E2000

heap

page read and write

1620000

direct allocation

page read and write

3100000

direct allocation

page read and write

1550000

direct allocation

page read and write

4700000

direct allocation

page read and write | page no cache

13BC000

heap

page read and write

1430000

heap

page read and write

139F000

heap

page read and write

1460000

direct allocation

page read and write

1820000

direct allocation

page read and write

3100000

direct allocation

page read and write

11E9A000

trusted library allocation

page read and write

13CC000

heap

page read and write

1820000

direct allocation

page read and write

3100000

direct allocation

page read and write

BBC0000

direct allocation

page read and write

B882FFE000

stack

page read and write

134A000

heap

page read and write

11EA6000

trusted library allocation

page read and write

1560000

direct allocation

page read and write

1400000

heap

page read and write

1460000

direct allocation

page read and write

11EB2000

trusted library allocation

page read and write

316A000

direct allocation

page read and write

133A000

heap

page read and write

AE0000

unkown

page readonly

1402000

heap

page read and write

1460000

direct allocation

page read and write

30C0000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

1384000

heap

page read and write

3100000

direct allocation

page read and write

13E2000

heap

page read and write

30C0000

direct allocation

page read and write

1402000

heap

page read and write

13A3000

heap

page read and write

11E38000

trusted library allocation

page read and write

138E000

heap

page read and write

1389000

heap

page read and write

3100000

direct allocation

page read and write

15F0000

direct allocation

page read and write

1460000

direct allocation

page read and write

13AF000

heap

page read and write

11E74000

trusted library allocation

page read and write

13E4000

heap

page read and write

1550000

direct allocation

page read and write

17E0000

direct allocation

page read and write

15E0000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

1393000

heap

page read and write

13E0000

heap

page read and write

1408000

heap

page read and write

13CA000

heap

page read and write

13A6000

heap

page read and write

139F000

heap

page read and write

11E3C000

trusted library allocation

page read and write

1550000

direct allocation

page read and write

13CA000

heap

page read and write

1900000

direct allocation

page read and write

1408000

heap

page read and write

13CC000

heap

page read and write

11E60000

trusted library allocation

page read and write

11EC0000

trusted library allocation

page read and write

11ECE000

trusted library allocation

page read and write

11E54000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

C550000

direct allocation

page read and write

1630000

direct allocation

page read and write

1460000

direct allocation

page read and write

1409000

heap

page read and write

11EE4000

trusted library allocation

page read and write

1E8B3460000

heap

page read and write

13E4000

heap

page read and write

1376000

heap

page read and write

1460000

direct allocation

page read and write

1429000

heap

page read and write

1610000

direct allocation

page read and write

13B7000

heap

page read and write

11E64000

trusted library allocation

page read and write

13E2000

heap

page read and write

1E8B3675000

heap

page read and write

13C8000

heap

page read and write

1670000

direct allocation

page read and write

11E55000

trusted library allocation

page read and write

1610000

direct allocation

page read and write

11E37000

trusted library allocation

page read and write

4500000

direct allocation

page read and write | page no cache

13E2000

heap

page read and write

11EC6000

trusted library allocation

page read and write

13E2000

heap

page read and write

1560000

direct allocation

page read and write

15A0000

direct allocation

page read and write

13E9000

heap

page read and write

1400000

heap

page read and write

11EB6000

trusted library allocation

page read and write

13C8000

heap

page read and write

13A4000

heap

page read and write

11E74000

trusted library allocation

page read and write

BDF0000

direct allocation

page read and write

142D000

heap

page read and write

13AC000

heap

page read and write

314B000

direct allocation

page read and write

13C8000

heap

page read and write

1460000

direct allocation

page read and write

142C000

heap

page read and write

11E5A000

trusted library allocation

page read and write

13F8000

heap

page read and write

7600000

direct allocation

page read and write | page no cache

13C8000

heap

page read and write

11EB0000

trusted library allocation

page read and write

140E000

heap

page read and write

1460000

direct allocation

page read and write

11E96000

trusted library allocation

page read and write

11E9C000

trusted library allocation

page read and write

11EA0000

trusted library allocation

page read and write

13DA000

heap

page read and write

3134000

direct allocation

page read and write

11E64000

trusted library allocation

page read and write

1590000

direct allocation

page read and write

13E4000

heap

page read and write

6900000

direct allocation

page read and write | page no cache

1404000

heap

page read and write

143D000

heap

page read and write

1409000

heap

page read and write

13F4000

heap

page read and write

1460000

direct allocation

page read and write

1590000

direct allocation

page read and write

13E2000

heap

page read and write

13D0000

heap

page read and write

11E48000

trusted library allocation

page read and write

17E0000

direct allocation

page read and write

1460000

direct allocation

page read and write

13C8000

heap

page read and write

30C0000

direct allocation

page read and write

13F6000

heap

page read and write

1438000

heap

page read and write

1438000

heap

page read and write

11EC0000

trusted library allocation

page read and write

11E5A000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

1560000

direct allocation

page read and write

13A3000

heap

page read and write

7300000

direct allocation

page read and write | page no cache

C890000

direct allocation

page read and write

11E9A000

trusted library allocation

page read and write

11EB6000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

11E64000

trusted library allocation

page read and write

11EB6000

trusted library allocation

page read and write

13F4000

heap

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

1E8B35D0000

trusted library allocation

page read and write

1400000

heap

page read and write

30C0000

direct allocation

page read and write

11E9D000

trusted library allocation

page read and write

1E8B3600000

heap

page read and write

13C8000

heap

page read and write

140C000

heap

page read and write

11E5C000

trusted library allocation

page read and write

13CC000

heap

page read and write

11EB6000

trusted library allocation

page read and write

13E0000

heap

page read and write

11EAE000

trusted library allocation

page read and write

1414000

heap

page read and write

3800000

direct allocation

page read and write | page no cache

15E0000

direct allocation

page read and write

B0E000

unkown

page readonly

1402000

heap

page read and write

1409000

heap

page read and write

AE1000

unkown

page execute read

11EB6000

trusted library allocation

page read and write

3C79000

direct allocation

page read and write

11EF8000

trusted library allocation

page read and write

142C000

heap

page read and write

1460000

direct allocation

page read and write

16DE000

unkown

page read and write

142C000

heap

page read and write

1570000

direct allocation

page read and write

11E41000

trusted library allocation

page read and write

11E74000

trusted library allocation

page read and write

13B8000

heap

page read and write

11E96000

trusted library allocation

page read and write

13CC000

heap

page read and write

13C8000

heap

page read and write

138E000

heap

page read and write

1560000

direct allocation

page read and write

13DA000

heap

page read and write

13F8000

heap

page read and write

13C8000

heap

page read and write

13E0000

heap

page read and write

30C0000

direct allocation

page read and write

13A4000

heap

page read and write

13D0000

heap

page read and write

11E64000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

11F08000

trusted library allocation

page read and write

11ED0000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

13D0000

heap

page read and write

BBC0000

direct allocation

page read and write

30C0000

direct allocation

page read and write

141C000

heap

page read and write

1424000

heap

page read and write

11E60000

trusted library allocation

page read and write

11EB6000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

11E3C000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13F4000

heap

page read and write

1560000

direct allocation

page read and write

13DA000

heap

page read and write

1580000

direct allocation

page read and write

7000000

direct allocation

page read and write | page no cache

1550000

direct allocation

page read and write

13E2000

heap

page read and write

1400000

heap

page read and write

140C000

heap

page read and write

1389000

heap

page read and write

1428000

heap

page read and write

138B000

heap

page read and write

1436000

heap

page read and write

B882A7E000

stack

page read and write

BB80000

direct allocation

page read and write

13E9000

heap

page read and write

BBC0000

direct allocation

page read and write

1428000

heap

page read and write

C890000

direct allocation

page read and write

1E8B3661000

heap

page read and write

1460000

direct allocation

page read and write

30C0000

direct allocation

page read and write

11E5C000

trusted library allocation

page read and write

13C8000

heap

page read and write

13D0000

heap

page read and write

13D0000

heap

page read and write

4900000

direct allocation

page read and write | page no cache

13D0000

heap

page read and write

B0B000

unkown

page write copy

1E8B368D000

heap

page read and write

BDF0000

direct allocation

page read and write

126B0000

direct allocation

page read and write

13FC000

heap

page read and write

1580000

direct allocation

page read and write

139F000

heap

page read and write

13E4000

heap

page read and write

3155000

direct allocation

page read and write

1428000

heap

page read and write

11ED6000

trusted library allocation

page read and write

1414000

heap

page read and write

140C000

heap

page read and write

1460000

direct allocation

page read and write

1E8B3708000

heap

page read and write

15D0000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

11F0A000

trusted library allocation

page read and write

11E5A000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13A8000

heap

page read and write

11E61000

trusted library allocation

page read and write

13D0000

heap

page read and write

13A1000

heap

page read and write

11E74000

trusted library allocation

page read and write

13C8000

heap

page read and write

1400000

heap

page read and write

142C000

heap

page read and write

11E44000

trusted library allocation

page read and write

13C8000

heap

page read and write

13A3000

heap

page read and write

11EC0000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13E2000

heap

page read and write

11E5A000

trusted library allocation

page read and write

137C000

heap

page read and write

11EB6000

trusted library allocation

page read and write

143D000

heap

page read and write

140C000

heap

page read and write

11EBC000

trusted library allocation

page read and write

11E74000

trusted library allocation

page read and write

13E2000

heap

page read and write

13E4000

heap

page read and write

16C0000

direct allocation

page read and write

1416000

heap

page read and write

11E58000

trusted library allocation

page read and write

11E74000

trusted library allocation

page read and write

1424000

heap

page read and write

13D0000

heap

page read and write

11E99000

trusted library allocation

page read and write

11EB2000

trusted library allocation

page read and write

11E60000

trusted library allocation

page read and write

4211000

direct allocation

page read and write

1390000

heap

page read and write

1376000

heap

page read and write

11E74000

trusted library allocation

page read and write

11ECE000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1401000

heap

page read and write

1460000

direct allocation

page read and write

11E3F000

trusted library allocation

page read and write

15A0000

direct allocation

page read and write

1560000

direct allocation

page read and write

316E000

direct allocation

page read and write

3100000

direct allocation

page read and write

11E54000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

13CC000

heap

page read and write

16A0000

direct allocation

page read and write

1398000

heap

page read and write

11E76000

trusted library allocation

page read and write

11EB6000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

11E62000

trusted library allocation

page read and write

15A0000

direct allocation

page read and write

16B0000

direct allocation

page read and write

11E76000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13A1000

heap

page read and write

1620000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

30B0000

direct allocation

page read and write

1E8B3681000

heap

page read and write

4300000

direct allocation

page read and write | page no cache

11E60000

trusted library allocation

page read and write

15E0000

direct allocation

page read and write

321C000

direct allocation

page read and write

13E0000

heap

page read and write

BBC0000

direct allocation

page read and write

1E8B365F000

heap

page read and write

13CC000

heap

page read and write

13D0000

heap

page read and write

11EB6000

trusted library allocation

page read and write

13D0000

heap

page read and write

1460000

direct allocation

page read and write

11EF8000

trusted library allocation

page read and write

13FE000

heap

page read and write

30C0000

direct allocation

page read and write

1630000

direct allocation

page read and write

11F08000

trusted library allocation

page read and write

13D2000

heap

page read and write

13A1000

heap

page read and write

13F2000

heap

page read and write

11E46000

trusted library allocation

page read and write

11E96000

trusted library allocation

page read and write

142C000

heap

page read and write

1460000

direct allocation

page read and write

13E0000

heap

page read and write

13D0000

heap

page read and write

6100000

direct allocation

page read and write | page no cache

18F0000

direct allocation

page read and write

11E44000

trusted library allocation

page read and write

6300000

direct allocation

page read and write | page no cache

11E58000

trusted library allocation

page read and write

11E60000

trusted library allocation

page read and write

1560000

direct allocation

page read and write

13E2000

heap

page read and write

15B0000

direct allocation

page read and write

1368000

heap

page read and write

138E000

heap

page read and write

11E60000

trusted library allocation

page read and write

1427000

heap

page read and write

1460000

direct allocation

page read and write

13A8000

heap

page read and write

1402000

heap

page read and write

13E4000

heap

page read and write

13E7000

heap

page read and write

11E3C000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

6C00000

direct allocation

page read and write | page no cache

1460000

direct allocation

page read and write

13DA000

heap

page read and write

1460000

direct allocation

page read and write

3100000

direct allocation

page read and write

BA40000

direct allocation

page read and write

30C0000

direct allocation

page read and write

13A4000

heap

page read and write

11F0A000

trusted library allocation

page read and write

1431000

heap

page read and write

11E3D000

trusted library allocation

page read and write

13B7000

heap

page read and write

11E96000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

10FB9000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

141A000

heap

page read and write

1460000

direct allocation

page read and write

13BC000

heap

page read and write

1414000

heap

page read and write

13CF000

heap

page read and write

3100000

direct allocation

page read and write

1460000

direct allocation

page read and write

1590000

direct allocation

page read and write

139F000

heap

page read and write

13A3000

heap

page read and write

1460000

direct allocation

page read and write

11E44000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

3E00000

direct allocation

page read and write | page no cache

11EA4000

trusted library allocation

page read and write

1430000

heap

page read and write

1389000

heap

page read and write

13C8000

heap

page read and write

AE1000

unkown

page execute read

13A6000

heap

page read and write

1820000

direct allocation

page read and write

11E64000

trusted library allocation

page read and write

1610000

direct allocation

page read and write

13B6000

heap

page read and write

11E96000

trusted library allocation

page read and write

11E74000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13CC000

heap

page read and write

138B000

heap

page read and write

1414000

heap

page read and write

1460000

direct allocation

page read and write

139F000

heap

page read and write

13DF000

heap

page read and write

1550000

direct allocation

page read and write

11E5A000

trusted library allocation

page read and write

13B8000

heap

page read and write

13C8000

heap

page read and write

30C0000

direct allocation

page read and write

143D000

heap

page read and write

1402000

heap

page read and write

1560000

direct allocation

page read and write

13C0000

heap

page read and write

11E74000

trusted library allocation

page read and write

1E8B364A000

heap

page read and write

30C0000

direct allocation

page read and write

1550000

direct allocation

page read and write

13DA000

heap

page read and write

1460000

direct allocation

page read and write

1800000

direct allocation

page read and write

16A0000

direct allocation

page read and write

1425000

heap

page read and write

1430000

heap

page read and write

BCB0000

direct allocation

page read and write

1420000

heap

page read and write

3100000

direct allocation

page read and write

1429000

heap

page read and write

3100000

direct allocation

page read and write

13E4000

heap

page read and write

1404000

heap

page read and write

1425000

heap

page read and write

15D0000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

140C000

heap

page read and write

1436000

heap

page read and write

1398000

heap

page read and write

13A3000

heap

page read and write

13CA000

heap

page read and write

11E74000

trusted library allocation

page read and write

11EA7000

trusted library allocation

page read and write

BBC0000

direct allocation

page read and write

1402000

heap

page read and write

1550000

direct allocation

page read and write

30C0000

direct allocation

page read and write

15A0000

direct allocation

page read and write

11E58000

trusted library allocation

page read and write

1560000

direct allocation

page read and write

13D0000

heap

page read and write

13D0000

heap

page read and write

1460000

direct allocation

page read and write

1409000

heap

page read and write

1398000

heap

page read and write

140C000

heap

page read and write

1460000

direct allocation

page read and write

139E000

heap

page read and write

1460000

direct allocation

page read and write

1436000

heap

page read and write

1376000

heap

page read and write

13B6000

heap

page read and write

13E6000

heap

page read and write

1400000

heap

page read and write

B882EFE000

stack

page read and write

11E60000

trusted library allocation

page read and write

13A4000

heap

page read and write

1389000

heap

page read and write

13F4000

heap

page read and write

10FB9000

trusted library allocation

page read and write

11E74000

trusted library allocation

page read and write

13FA000

heap

page read and write

11EB2000

trusted library allocation

page read and write

3172000

direct allocation

page read and write

1376000

heap

page read and write

13AF000

heap

page read and write

13A0000

heap

page read and write

1850000

direct allocation

page read and write

1337000

heap

page read and write

15B0000

direct allocation

page read and write

1439000

heap

page read and write

140E000

heap

page read and write

11EF8000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

11EB2000

trusted library allocation

page read and write

142C000

heap

page read and write

1460000

direct allocation

page read and write

C0D0000

direct allocation

page read and write

1402000

heap

page read and write

1400000

heap

page read and write

30C0000

direct allocation

page read and write

11E54000

trusted library allocation

page read and write

13A5000

heap

page read and write

11E60000

trusted library allocation

page read and write

13E4000

heap

page read and write

1404000

heap

page read and write

30C0000

direct allocation

page read and write

13D2000

heap

page read and write

1550000

direct allocation

page read and write

1460000

direct allocation

page read and write

11EDA000

trusted library allocation

page read and write

138B000

heap

page read and write

13C8000

heap

page read and write

30C0000

direct allocation

page read and write

13E0000

heap

page read and write

13BC000

heap

page read and write

11E3F000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

3100000

direct allocation

page read and write

1428000

heap

page read and write

13E5000

heap

page read and write

30C0000

direct allocation

page read and write

13E9000

heap

page read and write

11E5A000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

133B000

heap

page read and write

13B8000

heap

page read and write

11EAE000

trusted library allocation

page read and write

13CF000

heap

page read and write

1427000

heap

page read and write

1550000

direct allocation

page read and write

1550000

direct allocation

page read and write

18F0000

direct allocation

page read and write

1337000

heap

page read and write

1376000

heap

page read and write

30C0000

direct allocation

page read and write

1560000

direct allocation

page read and write

13E2000

heap

page read and write

1438000

heap

page read and write

13F2000

heap

page read and write

1460000

direct allocation

page read and write

11ED6000

trusted library allocation

page read and write

13AA000

heap

page read and write

11EDA000

trusted library allocation

page read and write

BBE0000

direct allocation

page read and write

11EB0000

trusted library allocation

page read and write

11E9E000

trusted library allocation

page read and write

1820000

direct allocation

page read and write

1460000

direct allocation

page read and write

1338000

heap

page read and write

11E97000

trusted library allocation

page read and write

11E76000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

13BC000

heap

page read and write

1460000

direct allocation

page read and write

13A4000

heap

page read and write

13C8000

heap

page read and write

1460000

direct allocation

page read and write

6B00000

direct allocation

page read and write | page no cache

13CD000

heap

page read and write

11EDA000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

11E64000

trusted library allocation

page read and write

11E3F000

trusted library allocation

page read and write

1395000

heap

page read and write

11E79000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

1470000

heap

page read and write

11F0A000

trusted library allocation

page read and write

142B000

heap

page read and write

13BC000

heap

page read and write

11EAB000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

11EB6000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

11ED0000

trusted library allocation

page read and write

142C000

heap

page read and write

138B000

heap

page read and write

323D000

direct allocation

page read and write

138B000

heap

page read and write

13E2000

heap

page read and write

13BC000

heap

page read and write

11E54000

trusted library allocation

page read and write

1429000

heap

page read and write

3100000

direct allocation

page read and write

1460000

direct allocation

page read and write

11EE0000

trusted library allocation

page read and write

BBC0000

direct allocation

page read and write

138E000

heap

page read and write

1560000

direct allocation

page read and write

7800000

direct allocation

page read and write | page no cache

13D0000

heap

page read and write

11EB6000

trusted library allocation

page read and write

13C8000

heap

page read and write

6800000

direct allocation

page read and write | page no cache

13F4000

heap

page read and write

11EAA000

trusted library allocation

page read and write

1390000

heap

page read and write

BA40000

direct allocation

page read and write

13F6000

heap

page read and write

BBC0000

direct allocation

page read and write

1460000

direct allocation

page read and write

1410000

heap

page read and write

13BE000

heap

page read and write

13D0000

heap

page read and write

30C0000

direct allocation

page read and write

1570000

direct allocation

page read and write

11E64000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13E4000

heap

page read and write

11F08000

trusted library allocation

page read and write

1E8B3653000

heap

page read and write

1400000

heap

page read and write

143D000

heap

page read and write

1460000

direct allocation

page read and write

13E4000

heap

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

11E99000

trusted library allocation

page read and write

1820000

direct allocation

page read and write

11EB3000

trusted library allocation

page read and write

1429000

heap

page read and write

140C000

heap

page read and write

11E5C000

trusted library allocation

page read and write

11EB6000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

143C000

heap

page read and write

3100000

direct allocation

page read and write

1428000

heap

page read and write

16A0000

direct allocation

page read and write

13F4000

heap

page read and write

1E8B34D0000

heap

page read and write

1393000

heap

page read and write

1460000

direct allocation

page read and write

30C0000

direct allocation

page read and write

1475000

heap

page read and write

3A86000

direct allocation

page read and write

1431000

heap

page read and write

13BC000

heap

page read and write

13B2000

heap

page read and write

13E2000

heap

page read and write

13B8000

heap

page read and write

11E3C000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

11E9A000

trusted library allocation

page read and write

AE0000

unkown

page readonly

11E3C000

trusted library allocation

page read and write

1428000

heap

page read and write

1550000

direct allocation

page read and write

1E8B3470000

heap

page read and write

17E0000

direct allocation

page read and write

3100000

direct allocation

page read and write

11E60000

trusted library allocation

page read and write

13F4000

heap

page read and write

13E0000

heap

page read and write

11E74000

trusted library allocation

page read and write

11E9C000

trusted library allocation

page read and write

B0E000

unkown

page readonly

11ED0000

trusted library allocation

page read and write

1429000

heap

page read and write

13CC000

heap

page read and write

13FC000

heap

page read and write

13A3000

heap

page read and write

141C000

heap

page read and write

1431000

heap

page read and write

1600000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

6200000

direct allocation

page read and write | page no cache

1460000

direct allocation

page read and write

30B0000

direct allocation

page read and write

11E96000

trusted library allocation

page read and write

11E54000

trusted library allocation

page read and write

1414000

heap

page read and write

143D000

heap

page read and write

138B000

heap

page read and write

13B8000

heap

page read and write

1393000

heap

page read and write

16B0000

direct allocation

page read and write

11EA8000

trusted library allocation

page read and write

317B000

direct allocation

page read and write

1404000

heap

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

11E5A000

trusted library allocation

page read and write

140A000

heap

page read and write

1560000

direct allocation

page read and write

3100000

direct allocation

page read and write

11E64000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

11E43000

trusted library allocation

page read and write

BDF0000

direct allocation

page read and write

3300000

direct allocation

page read and write | page no cache

13BE000

heap

page read and write

312A000

direct allocation

page read and write

1590000

direct allocation

page read and write

1376000

heap

page read and write

11EB6000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

6D00000

direct allocation

page read and write | page no cache

138B000

heap

page read and write

1460000

direct allocation

page read and write

5F00000

direct allocation

page read and write | page no cache

1400000

heap

page read and write

30C0000

direct allocation

page read and write

11EE4000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13CE000

heap

page read and write

11E64000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13BC000

heap

page read and write

1389000

heap

page read and write

13E2000

heap

page read and write

142C000

heap

page read and write

1550000

direct allocation

page read and write

1416000

heap

page read and write

30C0000

direct allocation

page read and write

1404000

heap

page read and write

11E60000

trusted library allocation

page read and write

13D2000

heap

page read and write

139D000

heap

page read and write

13CC000

heap

page read and write

3900000

direct allocation

page read and write | page no cache

1460000

direct allocation

page read and write

13B8000

heap

page read and write

13E2000

heap

page read and write

1387000

heap

page read and write

1460000

direct allocation

page read and write

BBC0000

direct allocation

page read and write

13E2000

heap

page read and write

11E64000

trusted library allocation

page read and write

13E4000

heap

page read and write

13CA000

heap

page read and write

1410000

heap

page read and write

1436000

heap

page read and write

11E58000

trusted library allocation

page read and write

1338000

heap

page read and write

1428000

heap

page read and write

11E3F000

trusted library allocation

page read and write

11E58000

trusted library allocation

page read and write

13FC000

heap

page read and write

1460000

direct allocation

page read and write

B8827DE000

stack

page read and write

11E60000

trusted library allocation

page read and write

13E4000

heap

page read and write

1460000

direct allocation

page read and write

13E0000

heap

page read and write

13E0000

heap

page read and write

11E9B000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

13B6000

heap

page read and write

138B000

heap

page read and write

1431000

heap

page read and write

3100000

direct allocation

page read and write

1400000

heap

page read and write

1428000

heap

page read and write

16B0000

direct allocation

page read and write

13BC000

heap

page read and write

30C0000

direct allocation

page read and write

1404000

heap

page read and write

13D0000

heap

page read and write

13BC000

heap

page read and write

11EB3000

trusted library allocation

page read and write

13CA000

heap

page read and write

1550000

direct allocation

page read and write

139F000

heap

page read and write

1630000

direct allocation

page read and write

11E36000

trusted library allocation

page read and write

139D000

heap

page read and write

143D000

heap

page read and write

15E0000

direct allocation

page read and write

3177000

direct allocation

page read and write

13E4000

heap

page read and write

11EB6000

trusted library allocation

page read and write

1820000

direct allocation

page read and write

1560000

direct allocation

page read and write

1460000

direct allocation

page read and write

11EA8000

trusted library allocation

page read and write

17E0000

direct allocation

page read and write

11E76000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

30C0000

direct allocation

page read and write

BDF0000

direct allocation

page read and write

1460000

direct allocation

page read and write

1436000

heap

page read and write

138E000

heap

page read and write

1414000

heap

page read and write

13B6000

heap

page read and write

1402000

heap

page read and write

11E60000

trusted library allocation

page read and write

BDF0000

direct allocation

page read and write

13FC000

heap

page read and write

13C0000

heap

page read and write

1460000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

30C0000

direct allocation

page read and write

11E96000

trusted library allocation

page read and write

5400000

direct allocation

page read and write | page no cache

1431000

heap

page read and write

1590000

direct allocation

page read and write

1460000

direct allocation

page read and write

1460000

direct allocation

page read and write

13BC000

heap

page read and write

11EDA000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13D0000

heap

page read and write

11E9E000

trusted library allocation

page read and write

13E2000

heap

page read and write

3F00000

direct allocation

page read and write | page no cache

143C000

heap

page read and write

1460000

direct allocation

page read and write

1410000

heap

page read and write

11E5C000

trusted library allocation

page read and write

13FC000

heap

page read and write

1840000

direct allocation

page read and write

3100000

direct allocation

page read and write

17E0000

direct allocation

page read and write

11E96000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

13DA000

heap

page read and write

1460000

direct allocation

page read and write

13D0000

heap

page read and write

5000000

direct allocation

page read and write | page no cache

13FC000

heap

page read and write

11E5C000

trusted library allocation

page read and write

11E5A000

trusted library allocation

page read and write

1460000

direct allocation

page read and write

13CC000

heap

page read and write

13CE000

heap

page read and write

1460000

direct allocation

page read and write

11E74000

trusted library allocation

page read and write

11E76000

trusted library allocation

page read and write

13CA000

heap

page read and write

137B000

heap

page read and write

1620000

direct allocation

page read and write

1430000

heap

page read and write

1410000

heap

page read and write

1550000

direct allocation

page read and write

13FC000

heap

page read and write

11E9C000

trusted library allocation

page read and write

11E74000

trusted library allocation

page read and write

3100000

direct allocation

page read and write

11F0C000

trusted library allocation

page read and write

13E4000

heap

page read and write

137C000

heap

page read and write

13D0000

heap

page read and write

13E2000

heap

page read and write

139F000

heap

page read and write

1387000

heap

page read and write

11E98000

trusted library allocation

page read and write

139F000

heap

page read and write

1460000

direct allocation

page read and write

17E0000

direct allocation

page read and write

1431000

heap

page read and write

138B000

heap

page read and write

13C8000

heap

page read and write

13B8000

heap

page read and write

11EE4000

trusted library allocation

page read and write

11E64000

trusted library allocation

page read and write

13AC000

heap

page read and write

3500000

direct allocation

page read and write | page no cache

140C000

heap

page read and write

11E48000

trusted library allocation

page read and write

There are 1722 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
PLAY.mal_.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportPLAY.mal_.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
PLAY.mal_.exe