IOC Report
lgX7lgUL1w.exe

loading gif

Files

File Path
Type
Category
Malicious
lgX7lgUL1w.exe
PE32+ executable (console) x86-64, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\2nhKzHIgDWCzStH9EAQv4dqj.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\3wIIRe1QiHmGmyDfkt1MdfjR.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\4lBshxehGejQoegWUuOtgGGK.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\8RYSoZQFK6V9LYpTMM1le7yQ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\AFlhDPRBYXSdsXlIscLwpPBI.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\CwXesQHbkmvSYkF54FDCGs0u.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\DYOHZPW0D22LInRRNxYgymyV.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\H0hJPxhIO3F6BQNxVzuoHmfd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\IMmyv1eSkv8WoF4sKRLh3j87.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\JRER40VeoC2Q4ducOjAkB8be.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\KFwijURKZUrjToqwGsuVqcsD.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Default15_s[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Retailer_prog[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\o2i3jroi23joj23ikrjokij3oroi[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\timeSync[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\crt[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\niko[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\oiii[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\123p[1].exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\default_s[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\setup294[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\setup[1].exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\O6FJxszjCn1zgUzc3ngkew5Q.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\SMjkjKVfovgJQv0DVgLWunVz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\TZazqzIjmIm4XQvcJYbdkOMa.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSA05C.tmp\Install.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSA05C.tmp\atieah64.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSA05C.tmp\auditpol.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\7zSA05C.tmp\bash.exe
PE32+ executable (console) x86-64, for MS Windows
modified
 malicious
C:\Users\user\AppData\Local\Temp\7zSA05C.tmp\notepad.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\ED0F.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Temp\FFE8.exe
PE32 executable (GUI) Intel 80386, for MS Windows
modified
 malicious
C:\Users\user\AppData\Local\Temp\{F0567900-3BBD-4439-A130-BA90A759BDE5}.tmp\360P2SP.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\VEH3hOo7SH8Curivn14XA2XL.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\XxYZdepnteJj9ehuEwVshtV3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\Y01cK2OJgtSKgzCj2OAQkixL.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\aqGWEPmkK0B9sJyfEBtpOpuJ.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\eVDrCR1hP70QTfLbRAKhpUOl.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\gsV4lhPLd9AgpTxUWWWokC1J.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\hmtNBhlQWScQGAc2r9fH2laz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\iMXraNxDRLg4aVOpMn3cNrIf.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\j19ppip6hQlQefTQJUWb1E5Y.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\jRw9sx4Ek0t13Tr93vMM8tJ1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\o3bvuCFHWJf8oEmP3T0jhkMM.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\oNUrhYTToLZiF7IoGm0L0Ir9.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\oURwiane2EFilQ46IVStlZR3.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\oZEH3cHEU5SysFjbUbbRDrah.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\pkc9Yy7eyXDNxjrdaLkXC1Nw.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\qoBVbpyFWm3cPk1EQ0W4FQFR.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\rCs1RclDFMYQLymrwE3zboPd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\v0F2dmnMQ8GuOxPTeGs09I9Y.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\xCvbsgibKaoe0JrKdFZUHTO3.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\AppData\Local\zPFKv97tg3hm10kOTWpULC1K.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Local\zl9WjeKTxMy8k8EbTBZdpElC.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1Ub2k1IJ2t5gUNZveaJnsLim.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2zxQMcxXAdjZW6YdcXWRkkOC.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3r3iI3aD5uoVkmnpNwglczar.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4lG8OjDaPfGRBHmxDRRVnuFX.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\63M9nLrRjxludNRrfdaZddPt.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\66nsVpLcdQEIzffvQGAD01Wx.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\70kdhy3RjJy5GS3eqVG34cMz.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7TQPiLaiOp4J0vvxRaQJgnEq.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7n1DOJlzDKyVx2HRsxGMDCQe.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8acF06oTPket8RN9OHo9AhQC.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9KovXimwlIyW3P77uFXo41ye.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BWeUEkKv96FAORobAHCW6ypF.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BsDz5LTErOmd8yNfyBTmMVUZ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CpI1BxUwX4GXv0UQgqj98YFq.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fp4XGOFNreU9QQvFxWGD280g.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GCxOPoVfvPyhMjrPUVz65iw0.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Gov6rjgDZRJhjjWExECEmd4R.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HtVik0gCCXpMbW1ewQEIafJO.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JA9IiDRirqHyvko4OfQivGZ7.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LD4hNojEUEziyKrYgWhQk5rm.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LPtepEDzI9Rnp2fhv2mNTraW.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\N7uBTIqAI4TFaoTgWHqBwwXI.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NF17SuJC2X4gjmjhKys98Qxu.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OiFswMERSIM5QYpzdzXs8HqN.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\P8Y5HAG12fYTb8t4PcK7rKlv.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PFtTOLsGyXAF8UN7SK2yoXrT.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QiP2pWLr6NBQvOLbwQTTyn6C.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TH2edQjI5N96cctLqxcxRWB4.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WfwAozSpYoRh0VfEDamYiBsR.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wgc7DyRQRZGZ91fWhoYDAYbz.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YnNYj3NsWtyv1mUxqNvcXDCG.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a0N7wfHYhrlqZ4SvtOhtcxTC.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b5QOFtze6kWQIzQsICnW3Y23.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bzhtqiaIEnooSzQ58KPkDsXr.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dH9ICyXokcwnq5IDiow3vkKB.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dsh82zoYXoBpPEndu5XVvQbj.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fDdDwjmSMhosQx3rLX3Nv89G.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ixTCqmFJu5C2WAuYjLa75esH.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lRYDXj1XORWa1yGwgqL1xUtR.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfz7DVXioZ89NNQKMlyzk5D1.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mttZ30v22cES8SbTv1OgQiYx.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mzNuu3a0I49mMXBViscfANRg.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tEJmB2nPjyQy45rj4ea5hhl3.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tYY0jrXY77oGwO5gH1VTslTu.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\txcp0mnex1Rnt92zIdFfbI0y.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\u4NTnGOUpjOPuN9Xvi5JMQBJ.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uM7NrUar2CHMPPLhTaEGJaiv.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vD42lBWTRgzN6MsiYDmXUaxN.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vtoFw8ASSHe6FVnWEsT9Qpir.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w7u98nz6M4xUaPLHp2FQ8cKh.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xInHqHgRkuPGfp5esHw9Po4t.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xsGva5E6VHjdUQqf5f96rHfC.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yx7mEUrFnFwXRMEpkyGWl1Pr.bat
ASCII text, with no line terminators
dropped
 malicious
C:\Users\user\AppData\Roaming\hvfsedh
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\0xzSXfvcS_VEarTqOdaPs4ts.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\1j9R8lifNJQPOos8jChy96bC.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\3jK_1xVb8VV_A9ZblPqH0VLP.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\7uuYOubuRuTeu2Z5aoCcHRqr.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\8uJfLKd9Ss22grd4NZfs8ESc.exe
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\949yVhltZoP9AEITjUlYclGY.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\Dwkvj_9aXUK5SRV0uUMfzWFw.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\GLt6qc3E5xlMIXJ9xyvvME0a.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\IzXa7ArplEUILx8JLGVvIms1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\JJ5skLlHHCJQmKA3fqFEF8WX.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\OZYSp_SuS64TdEhCce9XJabD.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\Vv3eq95tJE23PC8aGlGuTOwU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\iWX2pBM7OP8AKRlxpYxKCjxp.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\rKeuCT5BtcDJi3xnRhdYBXJ0.exe
PE32+ executable (GUI) x86-64, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\sCKRGnz9ufcbydLPdvMHEgfk.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\wPxPcov2_iRQt91bGzfyQLn0.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Documents\SimpleAdobe\xCrl2X_yjihZJLjlfNXcaGsm.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\04MMWMll6oQNYP44niQAKG8f.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\360TS_Setup.exe (copy)
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\360TS_Setup.exe.P2P
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\5FLQaCVJzPf4A255tfj9dVCh.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\6up3Hll278RsXeDsUnv7AmsU.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\8ew1ueXT5mhwmZG4bTyHf7GY.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\A6Q2KMdnce3aBm1K21Xc0zdR.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\ByzLwX6bBzV9uMer6vLaibLq.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\COdFyPiBcHZ6gr6RgSEauTsj.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\E6ijlcXzCqRG7r61JO0b9evs.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\EXHYoUWbk2EtGfzPiFxOh4fX.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\GEHqSaIn1rPu3OTaMO2vs7UL.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\JEeghWLvEc5NBgQe7cVxX86V.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\JRzNWYaVkGhoqBVKINyNWHZb.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\LAD11vkv57kHfnlhAFxxWdEz.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\Lxz6buRp1tzgPd3mYM1t5mGJ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\M5ZhHB9e1LKNIZlvmmjrpriI.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\PBZVagSpvy50LOBQHCjW6qX9.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\PZ3hKWPffUrXuh6Gjn77Ivv1.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\PkqGBlFfXQGSePxTvCIfv7cw.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\QAuG4M9OCXilplKuXEar6ygd.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\Y8VzUT8xWp3WAsPKChchuKQ1.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\b7ii2eIKHIFqIN8jVgqT5jFD.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\bVGflEGYToK4vU6iMb86uQ6v.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\c12YwoiQ34lE0LgBRkxJOClX.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\cbVkxkkdr6gAwr3ezrvUlIvw.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\gX97xQ1DxOEiWzmKIb4DOJWg.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\i3ScmbyFMAYvi3d3SI8x4eUU.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\iYU7jmLL0jPLxgjctxjq1ReZ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\iuDvaF9Di8V3GPfVdVsLOQc6.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\m1SrljFNqYeH3vArtbYAaVjK.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\oabRgCI78gjFIFXr0JEwCrFT.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\vzNIVOaxf0vNgO94DAC9jWgi.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\w0LUzqfajtYxxu1NAEZFwfRY.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\Pictures\xHjBfoMXM1Bms4i9lirVpf5B.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\xJOdjN6fVDYC0Ta4cXD9JBiF.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\Users\user\Pictures\z7qYuSNnmN1T20mVDPQyJKNf.exe
MS-DOS executable PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, MZ for MS-DOS
dropped
 malicious
C:\Users\user\lgX7lgUL1w.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
 malicious
C:\Windows\System32\GroupPolicy\gpt.ini
ASCII text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat
data
dropped
C:\ProgramData\Microsoft\Windows\ClipSvc\tokens.dat.bak (copy)
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2495.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER29D5.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER43C2.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER46D0.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4971.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4D5A.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5CAD.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER64CC.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6597.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA977.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD9E.tmp.txt
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB2BB.tmp.dmp
Mini DuMP crash report, 14 streams, Fri May 24 09:29:09 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB358.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB388.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3B5.tmp.csv
data
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4BF.tmp.txt
data
dropped
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
dropped
C:\Users\user~1\AppData\Local\Temp\!@tA09A.tmp (copy)
Microsoft Cabinet archive data, Windows 2000/XP setup, 656 bytes, 1 file, at 0x2c +A "setup.ini", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
modified
C:\Users\user\AppData\Local\8x9fHtTH22TaURiMTLqQ6qDQ.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\F4U52lR6G7O1cHxteAioycWo.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\GEiB3Ddcoc4kuTiV3LIO2ABQ.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\JjDJbN3mgLfy7jfCjajQylmg.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001c.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001d.db
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\file2005[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\xfile[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\WWW11_32[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\crypted[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\crypted[2].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\gewgdggrwh_20240521161330[1].bmp
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\setup[1].htm
HTML document, ASCII text
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
dropped
C:\Users\user\AppData\Local\QdAnaM3mjG9zwvm6YlndB8Yg.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\S0yywC6t6qDFXXOiN4mRrQOm.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\SemaoG1Uwehw633tFAn5ubO2.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\Temp\!@tA09A.tmp.P2P
Microsoft Cabinet archive data, Windows 2000/XP setup, 656 bytes, 1 file, at 0x2c +A "setup.ini", number 1, 1 datablock, 0x1 compression
dropped
C:\Users\user\AppData\Local\Temp\!@tA09A.tmp.dir\setup.ini
Generic INItialization configuration [360TS]
dropped
C:\Users\user\AppData\Local\Temp\C__Users_user~1_AppData_Local_Temp_!@tA09A.tmp.mem
MS Windows COFF PA-RISC object file
dropped
C:\Users\user\AppData\Local\Temp\C__Users_user_Pictures_360TS_Setup.exe.mem
data
dropped
C:\Users\user\AppData\Local\Temp\C__Users_user_Pictures_360TS_Setup.exe.trt
data
modified
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3pc5rfut.4zc.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g1qkxxxp.3it.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l0f3thyz.plo.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lui3424j.umk.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_scxfv02y.453.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wgtravd3.dcs.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yk2ypuxo.xh3.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yrsojfea.jbs.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\{937653BD-83FD-462c-B3DC-31897B9DEFC3}.tmp
Microsoft Cabinet archive data, Windows 2000/XP setup, 423228 bytes, 1 file, at 0x2c +A "360P2SP.dll", number 1, 26 datablocks, 0x1 compression
dropped
C:\Users\user\AppData\Local\VwW7Zrgqb8W4pCzz9zGBtVYi.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\WAQu9tLKGblXXebB2miyLMLA.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\WaSFZllUCVoGMQbapl7iiNhG.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\Wh0WdTK7FmemcqdqznsDUek0.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\YX45oTvqMEPC5GJFPgqFMHJF.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\cIoVbmWEriSiViaXsDVPRBww.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\fb815uICkCyOkfRy3eesDn62.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\fqTri05otLw3AgCCHnmdVecS.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\tFMRJ2N4WXQX8R9XoXwDeTd7.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\w4xiNBVLdPuuQzpgLYTzx18Y.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Local\yn8qA7eUPrrxMa2hPKWNWLT4.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\eb42b1a5c308fc11edf1ddbdd25c8486_9e146be9-c76a-4720-bcdb-53011b87bd06
data
dropped
C:\Users\user\Documents\SimpleAdobe\49PhL2u6RJaN6gkfIG6mTjtg.exe
HTML document, ASCII text, with very long lines (6927)
dropped
C:\Users\user\Documents\SimpleAdobe\AaWaOfvGFn1i9dXWYSo7dRjD.exe
HTML document, ASCII text, with CRLF, LF line terminators
dropped
C:\Users\user\Documents\SimpleAdobe\e3VBEHEyvWHF7UQhQQ1Xwuc5.exe
HTML document, ASCII text, with very long lines (6927)
dropped
C:\Users\user\Pictures\1QmyjDm1eFH0lgBrYiowPc38.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\2Ik0JEK56ZEfeWSnlWXlxAQH.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\7XiHagxRttiQJ0jD8B1KcnGB.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\8PAbeHuClLlqK8bLhAM9cs8l.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\BoufAyOi6g3dz7fgFn5cKMkk.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\BuFPDwZaV1iS9PXkCB7kSU2D.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\ECaYsN3ZlPVQpORLp9yKqP3b.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\OEf7asb27AljF1U8YK72cN6l.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\QlycVMt9XxnRzBMLYO9bD2Xg.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\RzyrdRTROyDyffduQ1CbhttT.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\TUdvQ3wmTDhA7WvLZJFgTEvp.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\YV2wsGyAOAc9vN2gHfk2THwt.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\ZkgAUWW1XaYJAcqvB0QszT7a.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\aQ7CUsrnipUkMOjgF0nKuX1q.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\acQeHpiFDRznT8wjZFcvB4qB.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\kIqVtyaJ3Md4voRq7FbxRbNc.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\qDDOYpn1QugD92FNbGgaxms8.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\Pictures\twwmm95SEd1qhyzlGrhpRq1C.exe
HTML document, Unicode text, UTF-8 text, with very long lines (1460)
dropped
C:\Users\user\lgX7lgUL1w.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
RAGE Package Format (RPF),
dropped
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
data
dropped
C:\Windows\Tasks\bbmnnUCIPYyTQrzMQJ.job
data
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
\Device\ConDrv
ASCII text, with CRLF, CR line terminators
dropped
There are 246 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\lgX7lgUL1w.exe
"C:\Users\user\Desktop\lgX7lgUL1w.exe"
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath $env:UserProfile
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
 malicious
C:\Users\user\Pictures\xJOdjN6fVDYC0Ta4cXD9JBiF.exe
"C:\Users\user\Pictures\xJOdjN6fVDYC0Ta4cXD9JBiF.exe" /s
 malicious
C:\Users\user\Pictures\PZ3hKWPffUrXuh6Gjn77Ivv1.exe
"C:\Users\user\Pictures\PZ3hKWPffUrXuh6Gjn77Ivv1.exe"
malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
 malicious
C:\Users\user\Pictures\iYU7jmLL0jPLxgjctxjq1ReZ.exe
"C:\Users\user\Pictures\iYU7jmLL0jPLxgjctxjq1ReZ.exe"
malicious
C:\Users\user\Pictures\c12YwoiQ34lE0LgBRkxJOClX.exe
"C:\Users\user\Pictures\c12YwoiQ34lE0LgBRkxJOClX.exe"
malicious
C:\Users\user\AppData\Local\Temp\7zSA05C.tmp\Install.exe
.\Install.exe /odidum "385118" /S
 malicious
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
 malicious
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
malicious
C:\Windows\explorer.exe
C:\Windows\Explorer.EXE
 malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6
 malicious
C:\Users\user\Pictures\E6ijlcXzCqRG7r61JO0b9evs.exe
"C:\Users\user\Pictures\E6ijlcXzCqRG7r61JO0b9evs.exe"
malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m where.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
 malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"
malicious
C:\Windows\SysWOW64\cmd.exe
/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
malicious
C:\Windows\SysWOW64\reg.exe
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6
 malicious
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m help.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"
 malicious
C:\Windows\SysWOW64\cmd.exe
/C powershell start-process -WindowStyle Hidden gpupdate.exe /force
 malicious
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell start-process -WindowStyle Hidden gpupdate.exe /force
 malicious
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
 malicious
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bbmnnUCIPYyTQrzMQJ" /SC once /ST 05:30:00 /RU "SYSTEM" /TR "\"C:\Users\user~1\AppData\Local\Temp\7zSA05C.tmp\Install.exe\" it /fMDdidlBgf 385118 /S" /V1 /F
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\SgrmBroker.exe
C:\Windows\system32\SgrmBroker.exe
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 8028 -ip 8028
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 356
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
There are 41 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://45.129.96.86:80/file/update.exe
unknown
 malicious
http://guteyr.cc/tmp/index.php
malicious
http://schemas.xmlsoap.org/soap/encoding/Nhttp://www.borland.com/namespaces/Types
unknown
https://kurd.computer/
unknown
http://5.42.66.10/download/th/retail.phphp
unknown
https://api.msn.com:443/v1/news/Feed/Windows?t
unknown
http://www.360totalsecurity.com/en/privacy.htmlin
unknown
https://api.msn.com:443/v1/news/Feed/Windows?
unknown
https://yip.su/redirect-
unknown
http://Passport.NET/tbA
unknown
https://vk.com:80/doc5294803_669772653?hash=MJgzq2uHp4YpxKcxqN6PbWIkURu6KtrsshfCpnqBzv8&dl=rLosXazzK
unknown
https://a-dira.net/images/upd2.php$n
unknown
https://vk.com
unknown
http://schemas.xmlsoap.org/soap/http
unknown
https://aka.ms/dotnet-core-applaunch?framework=&framework_version=missing_runtime=true&arch=&rid=
unknown
https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srf.
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Win10TSE.cabg
unknown
http://www.360totalsecurity.com/en/privacy.htmlim
unknown
https://wns.windows.com/
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Win10TSE.cabe
unknown
http://www.360totalsecurity.com/en/license.htmlz(
unknown
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
unknown
https://free.360totalsecurity.com
unknown
http://Passport.NET/tb_
unknown
http://down.360safe.com/setup.exehttp://down.360safe.com/setupbeta.exe360
unknown
http://www.autoitscript.com/autoit3/J
unknown
http://schemas.xmlsoap.org/ws/2005/02/sc4
unknown
http://s.360totalsecurity.com/safei18n/ins.htm?mid=%s&ver=%s&lan=%s&os=%s&ch=%s&sch=%s&ue=%sMainDlg7
unknown
http://crl.ver)
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cabSE.ca
unknown
http://www.360totalsecurity.comIDS_LOAD_P2SP_ERROR/tswin10/tsewin10IDS_UPDATE_QUESTIONIDS_UPDATE_WAR
unknown
http://schemas.xmlsoap.org/ws/2005/02/sc(
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issueue
unknown
http://www.symauth.com/cps0(
unknown
https://dev.virtualearth.net/REST/v1/Locations
unknown
https://a-dira.net/images/upd2.php
unknown
http://5.42.66.10/download/th/space.phpLt
unknown
http://s.360safe.com/safei18n/ins_err.htm?ng
unknown
http://www.360totalsecurity.com/en/license.htmla=95
unknown
https://dynamic.t
unknown
http://www.symauth.com/rpa00
unknown
https://monoblocked.com:80/525403/setup.exehudp(
unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit
unknown
https://ipinfo.io/widget/demo/8.46.123.175
unknown
http://www.360totalsecurity.com/$:
unknown
http://www.360totalsecurity.com/zh-cn/license.htmlins
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Win10TS.cab
unknown
https://chrome.google.com/webstore/detail/360-internet-protection/glcimepnljoholdmjchkloafkggfoijhht
unknown
http://185.172.18
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Win10TS.cabp
unknown
http://www.360totalsecurity.com/en/privacy.html%9
unknown
http://www.360totalsecurity.com/en/privacy.htmlF:
unknown
https://dev.virtualearth.net/REST/v1/Routes/Driving
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Win10TS.cabz
unknown
https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
unknown
http://www.360totalsecurity.com/zh-cn/license.htmla=7
unknown
https://f.123654987.xyz/525403/setup.exe_
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Win10TS.cabv
unknown
https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
unknown
https://login.microsoftonline.com/ppsecure/devicechangecredential.srfen
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Win10TS.cab.q
unknown
https://monoblocked.com:80/525403/setup.exeAy
unknown
http://www.360totalsecurity.com/en/license.htmlup
unknown
http://schemas.micro
unknown
https://monoblocked.com/
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80600e
unknown
https://cdn.ampproject.org
unknown
http://schemas.xmlsoap.org/ws/2005/02/scd
unknown
https://f.123654987.xyz/525403/setup.exev
unknown
http://66.85.156.89/nafdhkdf.exe
unknown
https://monoblocked.com/525403/setup.exe
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Win10TS.cabre
unknown
https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf%
unknown
https://lop.foxesjoy.com:80/ssl/crt.exeBt
unknown
http://www.bingmapsportal.comc
unknown
https://yip.su
unknown
https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
unknown
https://vk.com/doc5294803_669772653?hash=MJgzq2uHp4YpxKcxqN6PbWIkURu6KtrsshfCpnqBzv8&dl=rLosXazzKL04
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Win10TSE.cabupdate
unknown
http://www.360totalsecurity.com/en/license.htmlimb6
unknown
https://signup.live.com/signup.aspx
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80601
unknown
http://channel.360totalsecurity.com/ins?m2=%s&v611=%s&ch=%s&sch=%s%s?%skeyref_linkPhttps://orion.ts.
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80603
unknown
https://securepubads.g.doubleclick.net
unknown
https://api.myip.com/
unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAAAAAA
unknown
https://dev.ditu.live.com/REST/v1/Transit/Stops/
unknown
https://monoblocked.com/525403/setup.exeom/a
unknown
https://vk.ru
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80605
unknown
https://account.live.com/inlinesignup.aspx?iww=1&id=80604
unknown
https://yip.su/RNWPd
unknown
https://fleur-de-lis.sbs/Mx
unknown
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
unknown
https://vk.com/
unknown
https://monoblocked.com/525403/setup.exeU
unknown
http://iup.360safe.com/iv3/pc/360safe/360TS_Setup_For_Mini_Rel.cabmp
unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
unknown
There are 90 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
91.202.233.231
unknown
Russian Federation
malicious
45.129.96.86
unknown
Estonia
malicious
66.85.156.89
unknown
United States
malicious
190.224.203.37
unknown
Argentina
malicious
85.192.56.26
unknown
Russian Federation
87.240.132.78
unknown
Russian Federation
104.192.108.17
unknown
United States
172.67.147.32
unknown
United States
199.232.210.172
unknown
United States
104.20.3.235
unknown
United States
108.156.60.116
unknown
United States
99.86.249.120
unknown
United States
147.45.47.149
unknown
Russian Federation
20.101.57.9
unknown
United States
13.89.179.12
unknown
United States
176.111.174.109
unknown
Russian Federation
91.202.233.232
unknown
Russian Federation
104.20.4.235
unknown
United States
172.67.19.24
unknown
United States
188.114.97.3
unknown
European Union
108.156.60.18
unknown
United States
146.70.56.165
unknown
United Kingdom
54.76.174.118
unknown
United States
34.117.186.192
unknown
United States
18.184.178.29
unknown
United States
54.77.42.29
unknown
United States
104.26.9.59
unknown
United States
185.172.128.159
unknown
Russian Federation
37.221.125.202
unknown
Lithuania
151.236.127.172
unknown
Russian Federation
151.236.118.173
unknown
Russian Federation
13.227.219.114
unknown
United States
108.156.60.43
unknown
United States
95.142.206.3
unknown
Russian Federation
95.142.206.0
unknown
Russian Federation
95.142.206.2
unknown
Russian Federation
95.142.206.1
unknown
Russian Federation
40.126.31.69
unknown
United States
5.42.66.47
unknown
Russian Federation
207.180.242.32
unknown
Germany
185.172.128.82
unknown
Russian Federation
104.192.108.20
unknown
United States
40.119.148.38
unknown
United States
5.42.66.10
unknown
Russian Federation
93.184.221.240
unknown
European Union
20.190.159.4
unknown
United States
13.227.219.55
unknown
United States
188.114.96.3
unknown
European Union
13.227.219.51
unknown
United States
13.227.219.18
unknown
United States
103.146.158.221
unknown
unknown
104.21.4.208
unknown
United States
45.130.41.108
unknown
Russian Federation
108.156.60.9
unknown
United States
There are 44 hidden IPs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
STATE
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
cval
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
Exclusions_Extensions
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
exe
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableAntiSpyware
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender
DisableRoutinelyTakingAction
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableBehaviorMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableOnAccessProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableScanOnRealtimeEnable
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRealtimeMonitoring
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableIOAVProtection
 malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{4CD858B3-107C-48BB-950A-EADAAF604C18}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
DisableRawWriteNotification
 malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\AddInProcess32_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\360Safe\Liveup
mid
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LiveUpdate360
proxytype
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\xJOdjN6fVDYC0Ta4cXD9JBiF_RASMANCS
FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LiveUpdate360
MaxDnSpeed
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
c688cf83-9945-5ff6-0e1e-1ff1f8a2ec9a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator
StartWorkerOnServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
Checking to see if mostack override has changed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
CleanupUsoLogs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
UsoCrmScan
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
C:\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
2147735503
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config
LastKnownGoodTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\sbesvyrf.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060042
VirtualDesktop
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\Explorer.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\Explorer.exe.ApplicationCompany
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
a
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020470
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000204A6
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000304A2
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\Fgneghc\hZ7AeHne2PUZCCYuGnRTWnvi.ong
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
b
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000404CC
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020518
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000010572
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000105A4
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\SHC
14
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000105DE
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000305BA
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000305B8
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000D048E
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C0242
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000001062C
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\Zvpebfbsg.ARG\Senzrjbex\i4.0.30319\ZFOhvyq.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
ZFRqtr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\sebagqrfx\NccQngn\Ybpny\EntrZC131\EntrZC131.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
c
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020456
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\sebagqrfx\NccQngn\Ybpny\84no4p18-5253-4582-oqq7-2s37s81n0157\vJK2cOZ7BC8NXEykcLkXPwkc.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
d
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000070586
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\sebagqrfx\NccQngn\Ybpny\NqborHcqngreI168_oqpn866007so255201297q2n15n49513\NqborHcqngreI168.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
e
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050456
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\sebagqrfx\NccQngn\Ybpny\NqborHcqngreI168_55sr1070n367p8n2rr8r8r5q74rp3ps7\NqborHcqngreI168.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000100608
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
f
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\sebagqrfx\NccQngn\Ybpny\NqborHcqngreI202_55sr1070n367p8n2rr8r8r5q74rp3ps7\NqborHcqngreI202.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
g
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000110608
VirtualDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\sbesvyrf.rkr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Rkcybere
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${194664f8-535a-47e9-a3e9-8ea52371fed9}$$windows.data.unifiedtile.localstartvolatiletilepropertiesmap\Current
Data
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\GameDVR
KGLToGCSUpdatedRevision
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
InstalledWin32AppsRevision
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${194664f8-535a-47e9-a3e9-8ea52371fed9}$$windows.data.unifiedtile.localstartvolatiletilepropertiesmap\Current
Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated
Chrome
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Puebzr
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
InstalledWin32AppsRevision
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
SlowContextMenuEntries
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
2147814524
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
2147780199
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\8844
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\8844
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\8844
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\27116
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\27116
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\27116
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\9896
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\9896
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\9896
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\5968
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\5968
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\5968
CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\21460
Terminator
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\21460
Reason
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TermReason\21460
CreationTime
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
ProgramId
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
FileId
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
LowerCaseLongPath
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
LongPathHash
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
Name
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
OriginalFileName
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
Publisher
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
Version
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
BinFileVersion
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
BinaryType
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
ProductName
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
ProductVersion
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
LinkDate
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
BinProductVersion
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
AppxPackageFullName
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
AppxPackageRelativeId
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
Size
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
Language
\REGISTRY\A\{600a67c0-19cc-0902-a45a-59be461ac2d2}\Root\InventoryApplicationFile\e6ijlcxzcqrg7r61|1065443e19ede3c0
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
2147812831
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\2C85006A1A028BCC349DF23C474724C055FDE8B6
Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates\B68D8F953E551914324E557E6164D68B9926650C
Blob
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02qtltntcbrequaj
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02jzzlbhrpasqsly
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02jzzlbhrpasqsly
Provision Friday, May 24, 2024 05:29:21
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02jzzlbhrpasqsly
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
URL
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Name
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
P3P
HKEY_USERS.DEFAULT\Software\Microsoft\AuthCookies\Live\Default\DIDC
Flags
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02psbtbqujhpqftm
Request Friday, May 24, 2024 05:29:27
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02psbtbqujhpqftm
Response Friday, May 24, 2024 05:29:27
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02psbtbqujhpqftm
Reason
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02sfotpttazbpuie
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02sfotpttazbpuie
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02qtltntcbrequaj
AppIdList
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL
GlobalDeviceUpdateTime
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02jzzlbhrpasqsly
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02jzzlbhrpasqsly
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02jzzlbhrpasqsly
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02psbtbqujhpqftm
AppIdList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02sfotpttazbpuie
DeviceId
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003
ValidDeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02sfotpttazbpuie
DeviceId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties
LID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-2246122658-3693405117-2476756634-1003\02sfotpttazbpuie
DeviceId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC
Data
There are 242 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7FF7E36ED000
unkown
page readonly
 malicious
7FF7E36ED000
unkown
page readonly
 malicious
233C4D27000
direct allocation
page read and write
 malicious
2E20000
direct allocation
page read and write
 malicious
7FF7E369D000
unkown
page read and write
 malicious
2F51000
unclassified section
page read and write
 malicious
4E43000
heap
page read and write
3929E7C000
stack
page read and write
2B171638000
heap
page read and write
2CE4000
heap
page read and write
97F0000
unkown
page read and write
1F4D8F92000
heap
page read and write
2790000
heap
page read and write
8383000
unkown
page read and write
1F4D8F3B000
heap
page read and write
3220000
unkown
page readonly
44AC000
heap
page read and write
305D000
stack
page read and write
10610000
unkown
page read and write
2CE4000
heap
page read and write
2CE4000
heap
page read and write
889000
heap
page read and write
1F4D8F29000
heap
page read and write
1F4D8F0E000
heap
page read and write
2AB9000
heap
page read and write
2AB5000
heap
page read and write
2CE0000
heap
page read and write
10610000
unkown
page read and write
8F27000
unkown
page read and write
1F4D975F000
heap
page read and write
4140000
trusted library allocation
page read and write
507A000
heap
page read and write
1F4D9778000
heap
page read and write
2CE4000
heap
page read and write
835000
heap
page read and write
4CA2000
heap
page read and write
910000
unkown
page readonly
380C000
heap
page read and write
867000
heap
page read and write
3846000
heap
page read and write
233C0500000
heap
page read and write
F18A000
heap
page read and write
840000
heap
page read and write
4384000
heap
page read and write
1F0000
heap
page read and write
97F0000
unkown
page read and write
2B1715F0000
trusted library allocation
page read and write
82E000
heap
page read and write
7F1000
heap
page read and write
12990000
unkown
page read and write
8D74000
unkown
page read and write
1F4D8F53000
heap
page read and write
37E9000
heap
page read and write
10610000
unkown
page read and write
A87A000
unkown
page read and write
92B0000
unkown
page read and write
8960000
unkown
page read and write
92B0000
unkown
page read and write
F084000
unkown
page read and write
3846000
heap
page read and write
88C000
stack
page read and write
2C4D000
trusted library allocation
page read and write
233C0572000
heap
page read and write
4F95000
heap
page read and write
B28557A000
stack
page read and write
4910000
heap
page read and write
F0CF000
unkown
page read and write
2B55000
trusted library allocation
page read and write
8810000
unkown
page readonly
17993A02000
heap
page read and write
2220D87E000
heap
page read and write
9760000
unkown
page read and write
2CE4000
heap
page read and write
7FF5574F4000
unkown
page readonly
1B89A010000
heap
page read and write
7FF5572C9000
unkown
page readonly
1F4D990A000
heap
page read and write
12710000
unkown
page read and write
48DF000
stack
page read and write
9760000
unkown
page read and write
83C000
stack
page read and write
85B000
heap
page read and write
92B0000
unkown
page read and write
7169000
unkown
page read and write
92B0000
unkown
page read and write
1F4D8F5F000
heap
page read and write
4390000
heap
page read and write
2AAF000
stack
page read and write
7FF55706A000
unkown
page readonly
2A4E3113000
heap
page read and write
8960000
unkown
page read and write
B2146FE000
unkown
page readonly
19C000
stack
page read and write
CB4000
trusted library allocation
page read and write
445D000
heap
page read and write
F084000
unkown
page read and write
4E3F000
heap
page read and write
3208000
heap
page read and write
1F4D8F29000
heap
page read and write
1E0D1202000
heap
page read and write
7FF55710A000
unkown
page readonly
91D9000
stack
page read and write
4F44000
heap
page read and write
384D000
heap
page read and write
1F4D8F5B000
heap
page read and write
1F4D8F0E000
heap
page read and write
10610000
unkown
page read and write
438C000
heap
page read and write
AA59000
unkown
page read and write
52CB000
heap
page read and write
2CE4000
heap
page read and write
C072000
unkown
page read and write
5EDF000
heap
page read and write
2B41000
trusted library allocation
page read and write
B030000
unkown
page readonly
AA65000
unkown
page read and write
7DF468981000
unkown
page execute read
869000
heap
page read and write
17993A2B000
heap
page read and write
AB30000
unkown
page read and write
4E0000
direct allocation
page read and write
140001000
unkown
page execute and write copy
2CE4000
heap
page read and write
32D3000
unkown
page read and write
1F4D9915000
heap
page read and write
CC000
stack
page read and write
104B0000
unkown
page read and write
B080000
unkown
page read and write
AC8BAFE000
stack
page read and write
F0C8000
unkown
page read and write
C244000
unkown
page read and write
7FF557501000
unkown
page readonly
C2E4000
unkown
page read and write
1F4D8F81000
heap
page read and write
10610000
unkown
page read and write
824000
heap
page read and write
2CE4000
heap
page read and write
410000
unkown
page readonly
233C0516000
heap
page read and write
2990000
trusted library allocation
page read and write
1278A000
stack
page read and write
717A000
unkown
page read and write
EEB000
trusted library allocation
page execute and read and write
8930000
unkown
page read and write
383F000
heap
page read and write
C3B3000
unkown
page read and write
427000
unkown
page readonly
3847000
heap
page read and write
62B000
heap
page read and write
8930000
unkown
page read and write
8970000
unkown
page read and write
1F4D8F76000
heap
page read and write
F0AF000
unkown
page read and write
8960000
unkown
page read and write
4730000
unkown
page read and write
630000
heap
page read and write
401000
unkown
page execute read
4EE0000
heap
page read and write
8960000
unkown
page read and write
2E0A000
stack
page read and write
1F4D8F0E000
heap
page read and write
101C2000
unkown
page read and write
383F000
heap
page read and write
1F4D96CA000
heap
page read and write
1F4D978A000
heap
page read and write
E7D277E000
unkown
page readonly
92B0000
unkown
page read and write
4CEC000
heap
page read and write
492000
unkown
page readonly
2B171633000
heap
page read and write
7FF5575BB000
unkown
page readonly
1F4D960C000
heap
page read and write
46F6000
unkown
page read and write
24653A26000
heap
page read and write
2CE9000
trusted library allocation
page read and write
1F4D9723000
heap
page read and write
BA5000
heap
page read and write
43A1000
heap
page read and write
30C0000
heap
page read and write
85C000
heap
page read and write
41B000
unkown
page readonly
1F4D8F53000
heap
page read and write
2B171653000
heap
page read and write
2E1A000
heap
page read and write
C06D000
unkown
page read and write
43CE000
heap
page read and write
520000
remote allocation
page read and write
10610000
unkown
page read and write
567C000
heap
page read and write
F0BF000
unkown
page read and write
824000
heap
page read and write
7FF5574A9000
unkown
page readonly
43A9000
heap
page read and write
4394000
heap
page read and write
102C4000
unkown
page read and write
52F9000
heap
page read and write
7FF557065000
unkown
page readonly
438C000
heap
page read and write
7FF55741A000
unkown
page readonly
F0C2000
unkown
page read and write
12710000
unkown
page read and write
52F1000
heap
page read and write
4DC9000
heap
page read and write
AC70000
unkown
page read and write
520000
remote allocation
page read and write
7FF556E7B000
unkown
page readonly
4EE0000
heap
page read and write
B628000
stack
page read and write
8930000
unkown
page read and write
3806000
heap
page read and write
A110000
unkown
page read and write
1F4D971C000
heap
page read and write
A810000
unkown
page read and write
8D76000
unkown
page read and write
116F6000
unkown
page read and write
7FF5571DC000
unkown
page readonly
7FF557174000
unkown
page readonly
238A1002000
trusted library allocation
page read and write
718B000
unkown
page read and write
1409C2000
unkown
page execute and write copy
A156000
unkown
page read and write
7FF5574BA000
unkown
page readonly
5159000
heap
page read and write
4C2C000
heap
page read and write
4384000
heap
page read and write
8960000
unkown
page read and write
2AA4000
heap
page read and write
1F4D8F7B000
heap
page read and write
7FF557589000
unkown
page readonly
7E5000
heap
page read and write
8960000
unkown
page read and write
1F4D8F5B000
heap
page read and write
1F4D9924000
heap
page read and write
104B0000
unkown
page read and write
2A96000
heap
page read and write
238A0802000
heap
page read and write
F08A000
unkown
page read and write
1F4D8F52000
heap
page read and write
E970000
heap
page read and write
4E34000
heap
page read and write
8C61000
unkown
page read and write
5049000
heap
page read and write
1E0D1A02000
heap
page read and write
21F37200000
heap
page read and write
4460000
heap
page read and write
2E4A000
heap
page read and write
2220D885000
heap
page read and write
507A000
heap
page read and write
1F4D86DC000
heap
page read and write
1F4D8F53000
heap
page read and write
1F4D976A000
heap
page read and write
7FF55728F000
unkown
page readonly
10610000
unkown
page read and write
8960000
unkown
page read and write
8960000
unkown
page read and write
831000
heap
page read and write
216D000
stack
page read and write
2BD0000
heap
page read and write
17993810000
heap
page read and write
2CE4000
heap
page read and write
32C4000
unkown
page read and write
73C5000
stack
page read and write
12990000
unkown
page read and write
F088000
unkown
page read and write
4E0000
direct allocation
page read and write
8960000
unkown
page read and write
2D70000
heap
page read and write
12990000
unkown
page read and write
7FF5569F1000
unkown
page readonly
104B0000
unkown
page read and write
507A000
heap
page read and write
7E03000
stack
page read and write
2B90000
heap
page read and write
1F4D8F33000
heap
page read and write
9619000
stack
page read and write
4EF967B000
stack
page read and write
EF442FC000
stack
page read and write
5AB1E7B000
stack
page read and write
2A4E3013000
heap
page read and write
92B0000
unkown
page read and write
4D51000
heap
page read and write
4401000
heap
page read and write
7FF556E66000
unkown
page readonly
267D000
stack
page read and write
300E000
heap
page read and write
C474000
unkown
page read and write
2364000
heap
page read and write
104B0000
unkown
page read and write
1B899B6A000
heap
page read and write
F0BE000
unkown
page read and write
4769000
unkown
page read and write
4E0000
direct allocation
page read and write
2CE4000
heap
page read and write
8930000
unkown
page read and write
17993FA0000
trusted library allocation
page read and write
C4DC000
unkown
page read and write
582C000
heap
page read and write
4D9D000
heap
page read and write
2A76000
heap
page read and write
6EDF0000
unkown
page readonly
7FF557113000
unkown
page readonly
104B0000
unkown
page read and write
2DD0000
heap
page read and write
2B80000
heap
page read and write
4DA8000
heap
page read and write
C10B000
unkown
page read and write
C0F3000
unkown
page read and write
4F0000
direct allocation
page read and write
10610000
unkown
page read and write
C233000
unkown
page read and write
C31000
unkown
page readonly
1B899302000
heap
page read and write
104B0000
unkown
page read and write
1F4D8F33000
heap
page read and write
4D9A000
heap
page read and write
92B0000
unkown
page read and write
10610000
unkown
page read and write
AF6E000
stack
page read and write
8970000
unkown
page read and write
7FF55760F000
unkown
page readonly
97F0000
unkown
page read and write
97F0000
unkown
page read and write
9F8F000
stack
page read and write
418000
unkown
page write copy
4C83000
heap
page read and write
25CB000
heap
page read and write
900000
unkown
page readonly
4388000
heap
page read and write
628A000
heap
page read and write
7FF556A1B000
unkown
page readonly
1B899B74000
heap
page read and write
54E000
stack
page read and write
6AB000
stack
page read and write
AB02000
unkown
page read and write
7FF557661000
unkown
page readonly
7176000
unkown
page read and write
1F4D8F82000
heap
page read and write
4DC3000
heap
page read and write
400000
unkown
page readonly
4469000
heap
page read and write
5AB26FE000
stack
page read and write
4385000
heap
page read and write
174DB8B000
stack
page read and write
7FF5573C1000
unkown
page readonly
104B0000
unkown
page read and write
8930000
unkown
page read and write
2CE4000
heap
page read and write
1F4D8F52000
heap
page read and write
644000
heap
page read and write
355D000
heap
page read and write
55CE000
stack
page read and write
4D94000
heap
page read and write
8930000
unkown
page read and write
4DEA000
heap
page read and write
3080000
heap
page read and write
1F4D8F0E000
heap
page read and write
4ED000
stack
page read and write
1F4D9776000
heap
page read and write
400000
unkown
page execute and read and write
8970000
unkown
page read and write
B21417C000
stack
page read and write
7FF557042000
unkown
page readonly
43AC000
heap
page read and write
4140000
trusted library allocation
page read and write
2500000
heap
page read and write
27DE000
unkown
page read and write
9760000
unkown
page read and write
1F4D8F8A000
heap
page read and write
2CE4000
heap
page read and write
2E50000
heap
page read and write
AE2B000
stack
page read and write
F084000
unkown
page read and write
8930000
unkown
page read and write
4D9D000
heap
page read and write
896000
heap
page read and write
43AC000
heap
page read and write
88A0000
unkown
page read and write
4D0000
direct allocation
page read and write
104B0000
unkown
page read and write
50CC000
heap
page read and write
140B18000
unkown
page execute and write copy
12990000
unkown
page read and write
1F4D8F2E000
heap
page read and write
2D55000
trusted library allocation
page read and write
7FF557487000
unkown
page readonly
1F4D9710000
heap
page read and write
4E01000
heap
page read and write
12710000
unkown
page read and write
C4D3000
unkown
page read and write
104B0000
unkown
page read and write
1E0D122B000
heap
page read and write
647000
heap
page read and write
92B0000
unkown
page read and write
C214000
unkown
page read and write
1F4D9905000
heap
page read and write
1F4D8F0E000
heap
page read and write
560000
heap
page read and write
1F4D9915000
heap
page read and write
51F9000
unkown
page read and write
43C4000
heap
page read and write
4D9C000
heap
page read and write
AC90000
unkown
page read and write
5C25000
heap
page read and write
2C77000
trusted library allocation
page read and write
10610000
unkown
page read and write
F0CD000
unkown
page read and write
2B171666000
heap
page read and write
88B0000
unkown
page read and write
2B17166B000
heap
page read and write
A218000
unkown
page read and write
AAF5000
unkown
page read and write
2389000
heap
page read and write
83A0000
unkown
page read and write
10610000
unkown
page read and write
7FF55732D000
unkown
page readonly
400000
unkown
page readonly
4DA8000
heap
page read and write
37E8000
heap
page read and write
44AC000
heap
page read and write
27C0000
heap
page read and write
26C0000
heap
page read and write
2618000
heap
page read and write
3847000
heap
page read and write
439D000
heap
page read and write
43A2000
heap
page read and write
3806000
heap
page read and write
4E0000
direct allocation
page read and write
50C1000
heap
page read and write
861000
heap
page read and write
2A4E2D00000
trusted library allocation
page read and write
F0AE000
unkown
page read and write
B2148FE000
unkown
page readonly
1F4D8F7D000
heap
page read and write
8960000
unkown
page read and write
1F4D8F2E000
heap
page read and write
4369000
heap
page read and write
C1E9000
unkown
page read and write
F0B6000
unkown
page read and write
1F4D9749000
heap
page read and write
3846000
heap
page read and write
D41000
unkown
page execute read
F0BE000
unkown
page read and write
10610000
unkown
page read and write
92B0000
unkown
page read and write
AEE7000
stack
page read and write
BBC0000
unkown
page read and write
7FF55726C000
unkown
page readonly
477D000
unkown
page read and write
D14000
heap
page read and write
12710000
unkown
page read and write
4D0000
direct allocation
page read and write
1F4D8F52000
heap
page read and write
43CA000
heap
page read and write
104B0000
unkown
page read and write
1F4D8F0E000
heap
page read and write
4AE0000
heap
page read and write
7FF5570BB000
unkown
page readonly
437A000
heap
page read and write
1F4D874C000
heap
page read and write
77C0000
unkown
page read and write
2CA0000
heap
page read and write
2220D840000
heap
page read and write
92B0000
unkown
page read and write
7C70000
unkown
page readonly
92B0000
unkown
page read and write
2AD2000
heap
page read and write
1F4D8613000
heap
page read and write
7C00000
unkown
page readonly
1F4D8F84000
heap
page read and write
1F4D8F32000
heap
page read and write
C1E9000
unkown
page read and write
C3A8000
unkown
page read and write
2C0B000
heap
page read and write
4EF957E000
unkown
page readonly
2CE4000
heap
page read and write
12710000
unkown
page read and write
9760000
unkown
page read and write
888000
heap
page read and write
8960000
unkown
page read and write
7300000
unkown
page read and write
C3AE000
unkown
page read and write
624000
heap
page read and write
8970000
unkown
page read and write
A873000
unkown
page read and write
1F4D977C000
heap
page read and write
12710000
unkown
page read and write
2ED1000
heap
page read and write
855000
heap
page read and write
6A1000
heap
page read and write
1F4D9613000
heap
page read and write
C1E7000
unkown
page read and write
82B000
heap
page read and write
2B17164E000
heap
page read and write
43AC000
heap
page read and write
13A9000
unkown
page readonly
238A0780000
trusted library allocation
page read and write
1F4D8F5A000
heap
page read and write
438B000
heap
page read and write
1B899B36000
heap
page read and write
12710000
unkown
page read and write
7D8D000
stack
page read and write
418000
unkown
page write copy
423000
unkown
page read and write
21F37460000
heap
page read and write
A231000
unkown
page read and write
7F0000
heap
page read and write
400000
unkown
page readonly
7FF5573E2000
unkown
page readonly
380D000
heap
page read and write
1F4D8F52000
heap
page read and write
1F4D8F52000
heap
page read and write
A286000
unkown
page read and write
1F4D990A000
heap
page read and write
383F000
heap
page read and write
2A4E2C91000
unkown
page read and write
5B9000
heap
page read and write
1151D000
unkown
page read and write
10610000
unkown
page read and write
233C0830000
direct allocation
page read and write
7FF5570CA000
unkown
page readonly
4DEB000
heap
page read and write
116B6000
unkown
page read and write
7FF5571E2000
unkown
page readonly
335F000
stack
page read and write
2CE4000
heap
page read and write
F0AE000
unkown
page read and write
2220D813000
heap
page read and write
7E1000
heap
page read and write
7FF556F84000
unkown
page readonly
115F3000
unkown
page read and write
AC90000
unkown
page read and write
1F4D8739000
heap
page read and write
51CD000
stack
page read and write
7FF556FD2000
unkown
page readonly
BEE000
stack
page read and write
7FF556E27000
unkown
page readonly
1F4D9723000
heap
page read and write
4E0000
direct allocation
page read and write
EDA000
trusted library allocation
page execute and read and write
2B171657000
heap
page read and write
1C67CE72000
heap
page read and write
B656CFE000
stack
page read and write
1F4D96C0000
heap
page read and write
1F4D8F5B000
heap
page read and write
13AA000
unkown
page execute and write copy
12710000
unkown
page read and write
A8D2000
unkown
page read and write
89E000
heap
page read and write
2AAB000
heap
page read and write
1F4D977F000
heap
page read and write
7FF5574B3000
unkown
page readonly
1F4D9905000
heap
page read and write
97F0000
unkown
page read and write
43C0000
heap
page read and write
4369000
heap
page read and write
7FF5569FA000
unkown
page readonly
7F4000
heap
page read and write
6EDF1000
unkown
page execute read
1F4D8F5A000
heap
page read and write
2E30000
heap
page read and write
43A2000
heap
page read and write
7FF557642000
unkown
page readonly
B050000
unkown
page read and write
4DC1000
heap
page read and write
43B5000
heap
page read and write
AC70000
unkown
page read and write
233C0510000
heap
page read and write
BA0000
heap
page read and write
84B000
heap
page read and write
1F4D8F84000
heap
page read and write
4368000
heap
page read and write
2CE4000
heap
page read and write
F70000
trusted library allocation
page read and write
2CE4000
heap
page read and write
114C9000
unkown
page read and write
44AC000
heap
page read and write
8D6A000
unkown
page read and write
21F3742B000
heap
page read and write
845000
heap
page read and write
1F4D9778000
heap
page read and write
104B0000
unkown
page read and write
97F0000
unkown
page read and write
8930000
unkown
page read and write
F10000
trusted library allocation
page execute and read and write
2AA1000
heap
page read and write
1F4D8F30000
heap
page read and write
12990000
unkown
page read and write
89B000
heap
page read and write
61E7000
heap
page read and write
4DA8000
heap
page read and write
4E0000
direct allocation
page read and write
4C01000
heap
page read and write
92D0000
unkown
page read and write
3818000
heap
page read and write
80A000
heap
page read and write
5809000
heap
page read and write
F0C6000
unkown
page read and write
2330000
direct allocation
page read and write
C630000
unkown
page read and write
238A0860000
heap
page read and write
AC70000
unkown
page read and write
28B4000
heap
page read and write
1F4D874C000
heap
page read and write
7FF5573BB000
unkown
page readonly
BFD0000
unkown
page read and write
F0D0000
unkown
page read and write
F06D000
unkown
page read and write
420000
unkown
page read and write
A1FD000
unkown
page read and write
2D10000
heap
page read and write
422000
unkown
page write copy
7FF55703C000
unkown
page readonly
2399000
heap
page read and write
25C0000
heap
page read and write
49A0000
heap
page read and write
2C87000
trusted library allocation
page read and write
1F4D8F2E000
heap
page read and write
C10000
unkown
page read and write
1F4D96FD000
heap
page read and write
1B899A02000
heap
page read and write
8930000
unkown
page read and write
98DA000
stack
page read and write
575B000
heap
page read and write
487000
unkown
page write copy
9B5000
stack
page read and write
1B899B86000
heap
page read and write
F87000
heap
page read and write
92B0000
unkown
page read and write
280E000
stack
page read and write
EF446FE000
stack
page read and write
10610000
unkown
page read and write
3929B7E000
stack
page read and write
4E0000
direct allocation
page read and write
E7D29FF000
stack
page read and write
1B899287000
heap
page read and write
2220D7F0000
remote allocation
page read and write
82B000
heap
page read and write
2AD2000
heap
page read and write
486A000
unkown
page read and write
7162000
unkown
page read and write
104B0000
unkown
page read and write
12990000
unkown
page read and write
27E0000
heap
page read and write
2ADE000
heap
page read and write
4E34000
heap
page read and write
77B0000
unkown
page read and write
239F000
heap
page read and write
104B0000
unkown
page read and write
544E000
stack
page read and write
25E0000
heap
page read and write
437A000
heap
page read and write
7FF5572A8000
unkown
page readonly
104B0000
unkown
page read and write
1F4D9654000
heap
page read and write
1F4D9913000
heap
page read and write
97F0000
unkown
page read and write
7E5000
heap
page read and write
5126000
heap
page read and write
1F4D8F5A000
heap
page read and write
2CE4000
heap
page read and write
2AFE000
trusted library allocation
page read and write
7FF7E3778000
unkown
page readonly
92B0000
unkown
page read and write
9340000
unkown
page read and write
EF443FE000
unkown
page readonly
C3E7000
unkown
page read and write
4EE0000
heap
page read and write
1F4D8F29000
heap
page read and write
5648000
heap
page read and write
BBBA000
stack
page read and write
1BE000
stack
page read and write
8D7A000
unkown
page read and write
1F4D8F07000
heap
page read and write
4EF8479000
stack
page read and write
8930000
unkown
page read and write
9760000
unkown
page read and write
2C50000
trusted library allocation
page read and write
7FF557037000
unkown
page readonly
2C8C000
unkown
page readonly
1F4D8F29000
heap
page read and write
1E0D1180000
heap
page read and write
4EF867E000
stack
page read and write
B2150FD000
stack
page read and write
83A000
heap
page read and write
D9D000
heap
page read and write
F079000
unkown
page read and write
2F09000
stack
page read and write
4DC3000
heap
page read and write
B656F7E000
stack
page read and write
7FF5575EA000
unkown
page readonly
4EF947D000
stack
page read and write
7FF556E7E000
unkown
page readonly
B070000
unkown
page read and write
2E12000
heap
page read and write
650D000
heap
page read and write
85F000
heap
page read and write
2E20000
direct allocation
page execute and read and write
2CE4000
heap
page read and write
2ADF000
trusted library allocation
page read and write
842000
heap
page read and write
422000
unkown
page write copy
E7D26FE000
stack
page read and write
5E0000
heap
page read and write
4F0000
direct allocation
page read and write
24FA8640000
heap
page read and write
11645000
unkown
page read and write
2220D7F0000
remote allocation
page read and write
7FF546F2F000
unkown
page readonly
D1D000
heap
page read and write
104B0000
unkown
page read and write
859000
heap
page read and write
238A0828000
heap
page read and write
8930000
unkown
page read and write
43C0000
heap
page read and write
888000
heap
page read and write
12990000
unkown
page read and write
89C0000
unkown
page read and write
2B2D000
trusted library allocation
page read and write
2CE4000
heap
page read and write
2E23000
heap
page read and write
C1DD000
unkown
page read and write
F0CC000
unkown
page read and write
2B6E000
stack
page read and write
9760000
unkown
page read and write
7A50000
unkown
page readonly
2B171684000
heap
page read and write
4E34000
heap
page read and write
2CE4000
heap
page read and write
3118000
stack
page read and write
233C0840000
direct allocation
page read and write
7FF557456000
unkown
page readonly
C3AE000
unkown
page read and write
3200000
heap
page read and write
7FF557285000
unkown
page readonly
892E000
stack
page read and write
3826000
heap
page read and write
92B0000
unkown
page read and write
2C70000
heap
page read and write
4EF7B7E000
unkown
page readonly
D41000
unkown
page execute read
3823000
heap
page read and write
1F4D8F33000
heap
page read and write
92B0000
unkown
page read and write
1F4D85A0000
trusted library allocation
page read and write
107AA000
unkown
page read and write
104B0000
unkown
page read and write
2CE4000
heap
page read and write
1F4D869E000
heap
page read and write
4EF977E000
unkown
page readonly
104B0000
unkown
page read and write
B65693D000
stack
page read and write
238E000
heap
page read and write
140000000
unkown
page readonly
C721000
unkown
page read and write
2B171628000
heap
page read and write
12710000
unkown
page read and write
2F70000
heap
page read and write
851000
heap
page read and write
2CA0000
heap
page read and write
2341000
heap
page read and write
104B0000
unkown
page read and write
1F4D9938000
heap
page read and write
8D72000
unkown
page read and write
1F4D963D000
heap
page read and write
1E0D10A0000
heap
page read and write
76B0000
unkown
page read and write
C3ED000
unkown
page read and write
717C000
unkown
page read and write
1F4D8702000
heap
page read and write
9760000
unkown
page read and write
43A2000
heap
page read and write
EF448FB000
stack
page read and write
1F4D8F29000
heap
page read and write
40B000
unkown
page execute read
89E000
heap
page read and write
1F0000
heap
page read and write
215D000
stack
page read and write
1F4D8F0E000
heap
page read and write
1F4D8F2A000
heap
page read and write
25CE000
stack
page read and write
85C5000
stack
page read and write
C1E7000
unkown
page read and write
88F000
heap
page read and write
F040000
unkown
page read and write
92B0000
unkown
page read and write
1F4D8F33000
heap
page read and write
B65737A000
stack
page read and write
2B171661000
heap
page read and write
1F4D96D2000
heap
page read and write
10610000
unkown
page read and write
B1A0000
unkown
page read and write
E7D2B7E000
stack
page read and write
807000
heap
page read and write
B82A000
stack
page read and write
7FF557437000
unkown
page readonly
4C1F000
heap
page read and write
1F4D8F90000
heap
page read and write
9086000
unkown
page read and write
114B2000
unkown
page read and write
238A0813000
heap
page read and write
843000
heap
page read and write
1F4D8F30000
heap
page read and write
8960000
unkown
page read and write
AA3E000
unkown
page read and write
5238000
heap
page read and write
515D000
heap
page read and write
1C67CE54000
heap
page read and write
4D8D000
heap
page read and write
C23A000
unkown
page read and write
1F4D8DA0000
remote allocation
page read and write
C04B000
unkown
page read and write
1F4D9939000
heap
page read and write
2CE4000
heap
page read and write
7F6000
heap
page read and write
92B0000
unkown
page read and write
24FA8560000
trusted library allocation
page read and write
12710000
unkown
page read and write
8530000
unkown
page readonly
114E5000
unkown
page read and write
104B0000
unkown
page read and write
7FF557669000
unkown
page readonly
4394000
heap
page read and write
2A4E2C3C000
heap
page read and write
8EF5000
unkown
page read and write
C426000
unkown
page read and write
4EF8C7E000
stack
page read and write
37DF000
heap
page read and write
43B4000
heap
page read and write
7FF5574EF000
unkown
page readonly
56CE000
stack
page read and write
798E000
stack
page read and write
C18A000
unkown
page read and write
F0BB000
unkown
page read and write
401000
unkown
page execute read
238C000
heap
page read and write
1F4D8F52000
heap
page read and write
548E000
stack
page read and write
107AA000
unkown
page read and write
66C000
heap
page read and write
8960000
unkown
page read and write
43CE000
heap
page read and write
2CE4000
heap
page read and write
8930000
unkown
page read and write
6EE0F000
unkown
page readonly
2B171590000
heap
page read and write
5F14000
heap
page read and write
2C04000
trusted library allocation
page read and write
238A000
heap
page read and write
8930000
unkown
page read and write
2DCC000
stack
page read and write
E7D229B000
stack
page read and write
24654202000
trusted library allocation
page read and write
ED2000
trusted library allocation
page read and write
1F4D8F0F000
heap
page read and write
43AC000
heap
page read and write
1F4D8F30000
heap
page read and write
F0AE000
unkown
page read and write
43AC000
heap
page read and write
7803000
unkown
page read and write
598E000
stack
page read and write
2ABC000
heap
page read and write
107AA000
unkown
page read and write
72C3000
unkown
page read and write
3847000
heap
page read and write
EF44BFE000
unkown
page readonly
12710000
unkown
page read and write
2D86000
trusted library allocation
page read and write
1C67D602000
trusted library allocation
page read and write
58E000
heap
page read and write
1F4D8D60000
remote allocation
page read and write
381A000
heap
page read and write
4E34000
heap
page read and write
67A5000
heap
page read and write
233C8174000
direct allocation
page read and write
17993A3D000
heap
page read and write
AC70000
unkown
page read and write
5B0000
heap
page read and write
1F4D9782000
heap
page read and write
F06D000
unkown
page read and write
C4A2000
unkown
page read and write
43A2000
heap
page read and write
2F7B000
heap
page read and write
3549000
heap
page read and write
8960000
unkown
page read and write
24FA8702000
heap
page read and write
AAF5000
unkown
page read and write
4469000
heap
page read and write
85B000
heap
page read and write
2B17164D000
heap
page read and write
2CE4000
heap
page read and write
43A1000
heap
page read and write
50C1000
heap
page read and write
92B0000
unkown
page read and write
F0CC000
unkown
page read and write
2B17165B000
heap
page read and write
7FF5570FE000
unkown
page readonly
7B99000
stack
page read and write
843000
heap
page read and write
12710000
unkown
page read and write
4C1A000
heap
page read and write
526D000
heap
page read and write
EF447FE000
unkown
page readonly
1F4D8F84000
heap
page read and write
843000
heap
page read and write
12710000
unkown
page read and write
C6E000
stack
page read and write
104B0000
unkown
page read and write
F09E000
unkown
page read and write
1F4D9724000
heap
page read and write
2330000
trusted library allocation
page read and write
C091000
unkown
page read and write
2B00000
trusted library allocation
page read and write
EF44DFE000
unkown
page readonly
2BDF000
trusted library allocation
page read and write
4EF7D79000
stack
page read and write
50C1000
heap
page read and write
507A000
heap
page read and write
AA4C000
unkown
page read and write
1F4D8F0F000
heap
page read and write
10610000
unkown
page read and write
7FF5573ED000
unkown
page readonly
12710000
unkown
page read and write
507A000
heap
page read and write
43C0000
heap
page read and write
7FF55733B000
unkown
page readonly
43B4000
heap
page read and write
104B0000
unkown
page read and write
2CE4000
heap
page read and write
1F4D874C000
heap
page read and write
1023000
heap
page read and write
2E71000
heap
page read and write
7FF5570D4000
unkown
page readonly
8D9C000
unkown
page read and write
44AC000
heap
page read and write
D12EC7C000
stack
page read and write
7FF557235000
unkown
page readonly
2BED000
trusted library allocation
page read and write
17994002000
trusted library allocation
page read and write
B657079000
stack
page read and write
2B49000
trusted library allocation
page read and write
2CE4000
heap
page read and write
C244000
unkown
page read and write
7FF556E6C000
unkown
page readonly
1B899B6D000
heap
page read and write
4D6F000
heap
page read and write
C74000
heap
page read and write
31E0000
heap
page read and write
43A9000
heap
page read and write
2ED1000
heap
page read and write
4F0000
direct allocation
page read and write
12710000
unkown
page read and write
716E000
unkown
page read and write
27C8000
heap
page read and write
6A13000
heap
page read and write
2B17165A000
heap
page read and write
A858000
unkown
page read and write
1B899B62000
heap
page read and write
F084000
unkown
page read and write
F0B1000
unkown
page read and write
8960000
unkown
page read and write
DAF000
heap
page read and write
8D60000
unkown
page read and write
B010000
unkown
page readonly
8960000
unkown
page read and write
2BB0000
heap
page read and write
590C000
heap
page read and write
4840000
unkown
page read and write
47DB000
unkown
page read and write
4ECA000
heap
page read and write
2ABC000
trusted library allocation
page read and write
2E3C000
heap
page read and write
B728000
stack
page read and write
2D3E000
stack
page read and write
827000
heap
page read and write
10610000
unkown
page read and write
2220D730000
heap
page read and write
37E3000
heap
page read and write
7FF5575E3000
unkown
page readonly
1F4D874C000
heap
page read and write
88B0000
unkown
page read and write
7DF468990000
unkown
page readonly
292F000
stack
page read and write
401000
unkown
page execute read
43C0000
heap
page read and write
104B0000
unkown
page read and write
92B0000
unkown
page read and write
EF43A7B000
stack
page read and write
A8B8000
unkown
page read and write
77D0000
unkown
page read and write
24FA8661000
heap
page read and write
4E34000
heap
page read and write
279E000
stack
page read and write
2E3C000
heap
page read and write
43AC000
heap
page read and write
10610000
unkown
page read and write
7FF557187000
unkown
page readonly
43B4000
heap
page read and write
8960000
unkown
page read and write
1F4D874B000
heap
page read and write
6A1000
heap
page read and write
44AC000
heap
page read and write
2CC3000
trusted library allocation
page read and write
33FF000
stack
page read and write
1F4D8F3B000
heap
page read and write
5FF000
stack
page read and write
1E0D11B0000
trusted library allocation
page read and write
450000
heap
page read and write
C50000
heap
page read and write
1441000
unkown
page readonly
4EF887B000
stack
page read and write
F07E000
unkown
page read and write
C3ED000
unkown
page read and write
21F37300000
heap
page read and write
10610000
unkown
page read and write
72FC000
unkown
page read and write
8960000
unkown
page read and write
21E0000
heap
page read and write
2810000
heap
page read and write
4D9A000
heap
page read and write
874E000
stack
page read and write
43B4000
heap
page read and write
1F4D8F53000
heap
page read and write
445E000
heap
page read and write
9760000
unkown
page read and write
824000
heap
page read and write
4EF77DB000
stack
page read and write
B213E7C000
stack
page read and write
107A3000
unkown
page read and write
4785000
unkown
page read and write
2A97000
heap
page read and write
439D000
heap
page read and write
7FF55753D000
unkown
page readonly
C374000
unkown
page read and write
1F4D8713000
heap
page read and write
2C8C000
unkown
page readonly
8930000
unkown
page read and write
845000
heap
page read and write
85B000
heap
page read and write
4781000
unkown
page read and write
7FF557653000
unkown
page readonly
880000
heap
page read and write
263D000
stack
page read and write
1F4D97A4000
heap
page read and write
1F4D8F32000
heap
page read and write
107E0000
unkown
page read and write
C59000
heap
page read and write
2398000
heap
page read and write
83D000
heap
page read and write
520000
remote allocation
page read and write
861000
heap
page read and write
4DED000
heap
page read and write
C5C8000
unkown
page read and write
1E0D1300000
heap
page read and write
E7D307E000
unkown
page readonly
10610000
unkown
page read and write
1F4D991E000
heap
page read and write
C20000
unkown
page read and write
A114000
unkown
page read and write
97F0000
unkown
page read and write
A00A000
stack
page read and write
1409DF000
unkown
page execute and write copy
11669000
unkown
page read and write
4EF7AFE000
stack
page read and write
355A000
heap
page read and write
2F70000
heap
page read and write
9760000
unkown
page read and write
43AC000
heap
page read and write
AC70000
unkown
page read and write
43B4000
heap
page read and write
7FF55733F000
unkown
page readonly
43C0000
heap
page read and write
1F4D8F33000
heap
page read and write
2AFC000
trusted library allocation
page read and write
2220F402000
trusted library allocation
page read and write
258F000
stack
page read and write
471000
unkown
page readonly
88B0000
unkown
page read and write
2C89000
unkown
page read and write
1F4D96DD000
heap
page read and write
24FA8570000
remote allocation
page read and write
2CE4000
heap
page read and write
2CE4000
heap
page read and write
1C67CDC0000
heap
page read and write
7FF556FEE000
unkown
page readonly
7FF5573F3000
unkown
page readonly
9F0E000
stack
page read and write
2F90000
unkown
page readonly
4390000
heap
page read and write
FD0000
unkown
page readonly
1F4D86C5000
heap
page read and write
97F0000
unkown
page read and write
104B0000
unkown
page read and write
64C000
heap
page read and write
43C4000
heap
page read and write
4460000
heap
page read and write
C12D000
unkown
page read and write
2AB9000
heap
page read and write
3031000
heap
page read and write
10610000
unkown
page read and write
4DC3000
heap
page read and write
AC70000
unkown
page read and write
97F0000
unkown
page read and write
7306000
unkown
page read and write
12990000
unkown
page read and write
438C000
heap
page read and write
2AAB000
heap
page read and write
1F4D8600000
heap
page read and write
EF444FE000
unkown
page readonly
7E9000
heap
page read and write
F080000
unkown
page read and write
B7AA000
stack
page read and write
1F4D9918000
heap
page read and write
233C4D22000
direct allocation
page read and write
12710000
unkown
page read and write
F0AE000
unkown
page read and write
C721000
unkown
page read and write
2F4F000
stack
page read and write
10610000
unkown
page read and write
F0BE000
unkown
page read and write
92E0000
unkown
page read and write
9760000
unkown
page read and write
5D0000
heap
page read and write
1F4D8F32000
heap
page read and write
833000
heap
page read and write
7EE000
heap
page read and write
C2D3000
unkown
page read and write
351F000
stack
page read and write
B656E7F000
stack
page read and write
7FF5570D6000
unkown
page readonly
31C0000
heap
page read and write
97F0000
unkown
page read and write
7BC1000
unkown
page read and write
1F4D9681000
heap
page read and write
543D000
heap
page read and write
2B171649000
heap
page read and write
F180000
heap
page read and write
2A4E3100000
heap
page read and write
A131000
unkown
page read and write
12710000
unkown
page read and write
1B89A000000
heap
page read and write
1F4D8697000
heap
page read and write
1B899160000
heap
page read and write
1C67CE82000
heap
page read and write
7FF7E376A000
unkown
page read and write
2D0B000
stack
page read and write
888000
heap
page read and write
A850000
unkown
page read and write
4384000
heap
page read and write
88B0000
stack
page read and write
507A000
heap
page read and write
4EE0000
heap
page read and write
1F0000
heap
page read and write
4C16000
heap
page read and write
694000
heap
page read and write
52AB000
heap
page read and write
A08D000
stack
page read and write
8960000
unkown
page read and write
1B899B84000
heap
page read and write
5176000
heap
page read and write
AC70000
unkown
page read and write
AD10000
unkown
page readonly
24653A41000
heap
page read and write
6597EFE000
unkown
page readonly
2E34000
heap
page read and write
888000
heap
page read and write
3230000
unkown
page read and write
383F000
heap
page read and write
101CB000
unkown
page read and write
904C000
unkown
page read and write
50B1000
heap
page read and write
888000
heap
page read and write
4394000
heap
page read and write
82C000
heap
page read and write
7FF55761F000
unkown
page readonly
2330000
trusted library allocation
page read and write
1F4D86D2000
heap
page read and write
7FF5575D5000
unkown
page readonly
85D000
heap
page read and write
44AC000
heap
page read and write
1F4D96B7000
heap
page read and write
EF4457E000
stack
page read and write
1F4D8F0F000
heap
page read and write
4388000
heap
page read and write
1F4D8F82000
heap
page read and write
1F4D9907000
heap
page read and write
F0CC000
unkown
page read and write
7FF55723D000
unkown
page readonly
6CAF000
heap
page read and write
569C000
heap
page read and write
827000
heap
page read and write
F50000
heap
page read and write
4384000
heap
page read and write
F80000
heap
page read and write
8930000
unkown
page read and write
BF4A000
unkown
page read and write
24653A13000
heap
page read and write
1E0D1226000
heap
page read and write
4D78000
heap
page read and write
83D000
heap
page read and write
7FF55722A000
unkown
page readonly
2CE4000
heap
page read and write
436E000
heap
page read and write
570D000
stack
page read and write
B90000
trusted library allocation
page read and write
D12EEFD000
stack
page read and write
4E44000
heap
page read and write
2386000
heap
page read and write
1F4D9937000
heap
page read and write
4CB7000
heap
page read and write
FB7000
heap
page read and write
17993910000
heap
page read and write
97F0000
unkown
page read and write
8DFE000
unkown
page read and write
1020000
heap
page read and write
5FE1000
heap
page read and write
2E18000
heap
page read and write
97F0000
unkown
page read and write
1B899248000
heap
page read and write
25C6000
heap
page read and write
1E0D1302000
heap
page read and write
5344000
heap
page read and write
C5C8000
unkown
page read and write
174E67E000
unkown
page readonly
436F000
heap
page read and write
49A1000
heap
page read and write
7FF557280000
unkown
page readonly
2220D7F0000
remote allocation
page read and write
4EF8D7B000
stack
page read and write
40B000
unkown
page execute read
A308C7A000
stack
page read and write
7FF5572B6000
unkown
page readonly
8D84000
unkown
page read and write
84F000
heap
page read and write
4EE0000
heap
page read and write
4DC2000
heap
page read and write
8960000
unkown
page read and write
4F05000
heap
page read and write
AA6F000
unkown
page read and write
2FAF000
stack
page read and write
12710000
unkown
page read and write
1F4D9655000
heap
page read and write
104B0000
unkown
page read and write
238A085A000
heap
page read and write
4D2B000
heap
page read and write
870000
heap
page read and write
5AB24FB000
stack
page read and write
7FF556F90000
unkown
page readonly
2B171668000
heap
page read and write
1F4D8622000
heap
page read and write
A308D7E000
stack
page read and write
5269000
heap
page read and write
2B17164C000
heap
page read and write
10000000
direct allocation
page read and write
115EE000
unkown
page read and write
8960000
unkown
page read and write
11531000
unkown
page read and write
5BA000
heap
page read and write
4393000
heap
page read and write
851000
heap
page read and write
4460000
heap
page read and write
124FD000
stack
page read and write
C42C000
unkown
page read and write
4E0000
direct allocation
page read and write
7FF557493000
unkown
page readonly
1F4D8689000
heap
page read and write
1B89927F000
heap
page read and write
83A000
heap
page read and write
107AA000
unkown
page read and write
2A4E2C3E000
heap
page read and write
9760000
unkown
page read and write
8EC5000
unkown
page read and write
4EF8E7E000
unkown
page readonly
2EEF000
stack
page read and write
9050000
unkown
page read and write
8930000
unkown
page read and write
B0E000
stack
page read and write
1B899B47000
heap
page read and write
F0CC000
unkown
page read and write
7FF5573E6000
unkown
page readonly
7FF55730C000
unkown
page readonly
1F4D9680000
heap
page read and write
4140000
trusted library allocation
page read and write
485A000
unkown
page read and write
1F4D9766000
heap
page read and write
EF43F7E000
stack
page read and write
1F4D8F55000
heap
page read and write
C700000
unkown
page read and write
50C1000
heap
page read and write
4E34000
heap
page read and write
7FF5573A9000
unkown
page readonly
1E0D128C000
heap
page read and write
2BB1000
trusted library allocation
page read and write
1C67CE37000
heap
page read and write
7FF5571DF000
unkown
page readonly
1F4D8F5A000
heap
page read and write
1F4D990A000
heap
page read and write
1E0D123A000
heap
page read and write
1F4D9683000
heap
page read and write
4D0000
direct allocation
page read and write
ADAD000
stack
page read and write
21F37400000
heap
page read and write
1F4D977B000
heap
page read and write
10284000
unkown
page read and write
2220D917000
heap
page read and write
104B0000
unkown
page read and write
2B6B000
heap
page read and write
383F000
heap
page read and write
2398000
heap
page read and write
E83F000
stack
page read and write
10610000
unkown
page read and write
A0BF000
unkown
page read and write
33BE000
stack
page read and write
12990000
unkown
page read and write
3030000
heap
page read and write
7FF7E3570000
unkown
page readonly
2B17168D000
heap
page read and write
11170000
unkown
page read and write
8960000
unkown
page read and write
AC70000
unkown
page read and write
4469000
heap
page read and write
EF445FE000
unkown
page readonly
97F0000
unkown
page read and write
AC90000
unkown
page read and write
7FF5574F9000
unkown
page readonly
580000
heap
page read and write
824000
heap
page read and write
843000
heap
page read and write
6D7A000
heap
page read and write
895000
heap
page read and write
8EB8000
unkown
page read and write
F0C2000
unkown
page read and write
8980000
unkown
page read and write
1F4D86CC000
heap
page read and write
1C67CE16000
heap
page read and write
8960000
unkown
page read and write
4E0000
direct allocation
page read and write
97F0000
unkown
page read and write
52BE000
heap
page read and write
2A4E3200000
heap
page read and write
C6A8000
unkown
page read and write
7178000
unkown
page read and write
7FF5574C6000
unkown
page readonly
5AB27FE000
unkown
page readonly
7FF557607000
unkown
page readonly
8980000
unkown
page read and write
4D94000
heap
page read and write
1F4D993C000
heap
page read and write
4E6D000
heap
page read and write
7FF557467000
unkown
page readonly
7FF55715D000
unkown
page readonly
4461000
heap
page read and write
140BA9000
unkown
page execute and write copy
7F3000
heap
page read and write
92B0000
unkown
page read and write
3814000
heap
page read and write
2AAB000
heap
page read and write
7FF557292000
unkown
page readonly
B28557D000
stack
page read and write
17993A40000
heap
page read and write
24654090000
trusted library allocation
page read and write
1F4D8F7C000
heap
page read and write
1F4D8D60000
remote allocation
page read and write
4C7F000
heap
page read and write
92B0000
unkown
page read and write
B214D7E000
stack
page read and write
2B17168F000
heap
page read and write
2CE4000
heap
page read and write
4397000
heap
page read and write
299B000
trusted library allocation
page read and write
50CD000
heap
page read and write
4D70000
heap
page read and write
580D000
stack
page read and write
1F4D8F0E000
heap
page read and write
7ED000
heap
page read and write
24FA8430000
heap
page read and write
4E0000
direct allocation
page read and write
8A0000
heap
page read and write
4E0000
direct allocation
page read and write
10610000
unkown
page read and write
10610000
unkown
page read and write
438C000
heap
page read and write
2B17166D000
heap
page read and write
27C0000
heap
page read and write
888000
heap
page read and write
7FF5574F1000
unkown
page readonly
1F4D8F52000
heap
page read and write
FB0000
heap
page read and write
C788000
unkown
page read and write
7FF5573B0000
unkown
page readonly
5CC4000
heap
page read and write
1F4D9903000
heap
page read and write
2B17165E000
heap
page read and write
97F0000
unkown
page read and write
F084000
unkown
page read and write
8930000
unkown
page read and write
F0D0000
unkown
page read and write
807000
heap
page read and write
4D9A000
heap
page read and write
8960000
unkown
page read and write
1F4D9790000
heap
page read and write
4AC000
stack
page read and write
7FF55764C000
unkown
page readonly
92B0000
unkown
page read and write
4388000
heap
page read and write
2C8C000
unkown
page readonly
C18A000
unkown
page read and write
3806000
heap
page read and write
1F4D96C2000
heap
page read and write
52CF000
heap
page read and write
50C1000
heap
page read and write
92B0000
unkown
page read and write
1F4D8F7A000
heap
page read and write
2CC5000
trusted library allocation
page read and write
10160000
direct allocation
page read and write
20AB000
heap
page read and write
43A9000
heap
page read and write
3929C7E000
stack
page read and write
92B0000
unkown
page read and write
2A43000
trusted library allocation
page read and write
445E000
heap
page read and write
1C67D530000
trusted library allocation
page read and write
7FF557387000
unkown
page readonly
2E10000
direct allocation
page execute and read and write
830000
heap
page read and write
2BCD000
stack
page read and write
42D000
unkown
page read and write
8D68000
unkown
page read and write
653D000
heap
page read and write
9340000
unkown
page read and write
2A4E2C2B000
heap
page read and write
7FF556FFB000
unkown
page readonly
7FF55719C000
unkown
page readonly
438C000
heap
page read and write
8960000
unkown
page read and write
2341000
heap
page read and write
4E6D000
heap
page read and write
7FF5569CB000
unkown
page readonly
1F4D8F5A000
heap
page read and write
857000
heap
page read and write
E290000
unkown
page read and write
83D000
heap
page read and write
824000
heap
page read and write
2B171651000
heap
page read and write
C328000
unkown
page read and write
2B59000
trusted library allocation
page read and write
24FA8530000
heap
page read and write
507A000
heap
page read and write
7FF5570C5000
unkown
page readonly
649000
heap
page read and write
7FF55714F000
unkown
page readonly
170000
heap
page read and write
79B0000
unkown
page read and write
51E3000
unkown
page read and write
20A0000
heap
page read and write
10610000
unkown
page read and write
A118000
unkown
page read and write
108B0000
unkown
page read and write
F0B4000
unkown
page read and write
2A4E3102000
heap
page read and write
4FC3000
heap
page read and write
2220D913000
heap
page read and write
7DF4689A1000
unkown
page execute read
7FF557420000
unkown
page readonly
50F4000
heap
page read and write
11828000
unkown
page read and write
43A2000
heap
page read and write
1F4D8647000
heap
page read and write
8960000
unkown
page read and write
C3F7000
unkown
page read and write
71FC000
unkown
page read and write
1F4D991F000
heap
page read and write
2CE4000
heap
page read and write
83D000
heap
page read and write
530E000
stack
page read and write
F084000
unkown
page read and write
F0C4000
unkown
page read and write
E260000
unkown
page read and write
2B17168E000
heap
page read and write
17993A44000
heap
page read and write
EF440FE000
stack
page read and write
2220D82B000
heap
page read and write
2CE4000
heap
page read and write
2220D790000
trusted library allocation
page read and write
43CE000
heap
page read and write
88E000
heap
page read and write
4384000
heap
page read and write
430000
heap
page read and write
1F4D8F0E000
heap
page read and write
9760000
unkown
page read and write
F088000
unkown
page read and write
8930000
unkown
page read and write
1F4D8F75000
heap
page read and write
4D0000
direct allocation
page read and write
827000
heap
page read and write
1F4D8F2A000
heap
page read and write
4140000
trusted library allocation
page read and write
43EE000
heap
page read and write
1E0D1A00000
heap
page read and write
13A6000
unkown
page read and write
A8C9000
unkown
page read and write
12710000
unkown
page read and write
C468000
unkown
page read and write
2E43000
heap
page read and write
AAF9000
unkown
page read and write
7F6000
heap
page read and write
2CE4000
heap
page read and write
438B000
heap
page read and write
535000
stack
page read and write
380C000
heap
page read and write
79A0000
unkown
page read and write
12710000
unkown
page read and write
8960000
unkown
page read and write
EF4447E000
stack
page read and write
104B0000
unkown
page read and write
1E0D124B000
heap
page read and write
10610000
unkown
page read and write
F0CC000
unkown
page read and write
2ADE000
heap
page read and write
300F000
stack
page read and write
9C000
stack
page read and write
32E3000
unkown
page read and write
92B0000
unkown
page read and write
1F4D9796000
heap
page read and write
2390000
heap
page read and write
2A07000
trusted library allocation
page read and write
7173000
unkown
page read and write
90CF000
unkown
page read and write
7FF5575BD000
unkown
page readonly
7E10000
unkown
page read and write
7FF557426000
unkown
page readonly
97F0000
unkown
page read and write
832000
heap
page read and write
52AE000
heap
page read and write
2C3D000
trusted library allocation
page read and write
1161E000
unkown
page read and write
2351000
heap
page read and write
2C02000
trusted library allocation
page read and write
2ADE000
heap
page read and write
5DD000
heap
page read and write
9760000
unkown
page read and write
7FF5570C1000
unkown
page readonly
2B8E000
stack
page read and write
2CC1000
trusted library allocation
page read and write
2DDC000
heap
page read and write
7FF5572BD000
unkown
page readonly
4368000
heap
page read and write
1B899213000
heap
page read and write
2C00000
heap
page read and write
37EE000
heap
page read and write
115EA000
unkown
page read and write
1F4D86B8000
heap
page read and write
7FF557328000
unkown
page readonly
AC90000
unkown
page read and write
1F4D9787000
heap
page read and write
F0B4000
unkown
page read and write
10610000
unkown
page read and write
858000
heap
page read and write
1F4D990F000
heap
page read and write
1B899B00000
heap
page read and write
7FF556E2E000
unkown
page readonly
2365000
heap
page read and write
4483000
heap
page read and write
2A3F000
trusted library allocation
page read and write
7FF557571000
unkown
page readonly
1F4D8F3B000
heap
page read and write
1F4D86B4000
heap
page read and write
76A000
stack
page read and write
1F4D9713000
heap
page read and write
2CE4000
heap
page read and write
1F4D8F99000
heap
page read and write
2396000
heap
page read and write
7FF556E48000
unkown
page readonly
4EF9A7E000
unkown
page readonly
17993A13000
heap
page read and write
238E000
heap
page read and write
9760000
unkown
page read and write
4E0000
direct allocation
page read and write
4D0000
direct allocation
page read and write
410000
unkown
page readonly
9F0000
heap
page read and write
43C0000
heap
page read and write
10610000
unkown
page read and write
1F4D96C5000
heap
page read and write
1B899B86000
heap
page read and write
436C000
heap
page read and write
1F4D8F5B000
heap
page read and write
3440000
unkown
page readonly
C101000
unkown
page read and write
2A4E3259000
heap
page read and write
2AAB000
heap
page read and write
7FF557009000
unkown
page readonly
2BCE000
stack
page read and write
1F4D8F56000
heap
page read and write
F0BB000
unkown
page read and write
238C000
heap
page read and write
319A000
stack
page read and write
86CE000
stack
page read and write
2220D869000
heap
page read and write
8930000
unkown
page read and write
2CE4000
heap
page read and write
1F4D9909000
heap
page read and write
B2141FE000
stack
page readonly
4D51000
heap
page read and write
7FF557599000
unkown
page readonly
331E000
stack
page read and write
97F0000
unkown
page read and write
7FF55700F000
unkown
page readonly
7FF557148000
unkown
page readonly
7FF556F2A000
unkown
page readonly
C478000
unkown
page read and write
4397000
heap
page read and write
43A8000
heap
page read and write
307E000
stack
page read and write
1F4D8F84000
heap
page read and write
418000
unkown
page write copy
2AB5000
heap
page read and write
487A000
unkown
page read and write
2AB5000
heap
page read and write
47EE000
unkown
page read and write
4D25000
heap
page read and write
239C000
heap
page read and write
1F4D8F0E000
heap
page read and write
1F4D8E15000
heap
page read and write
1F4D8F52000
heap
page read and write
1F4D96F7000
heap
page read and write
4390000
heap
page read and write
1F4D8540000
heap
page read and write
4F84000
heap
page read and write
7FF5575D0000
unkown
page readonly
8970000
unkown
page read and write
1162C000
unkown
page read and write
238B000
heap
page read and write
7FF55708D000
unkown
page readonly
1F4D8F79000
heap
page read and write
2C8F000
stack
page read and write
4D51000
heap
page read and write
10610000
unkown
page read and write
7FF557264000
unkown
page readonly
AC70000
unkown
page read and write
2A4E3100000
heap
page read and write
1B899248000
heap
page read and write
2ABC000
heap
page read and write
43EE000
heap
page read and write
4CA5000
heap
page read and write
104B0000
unkown
page read and write
1C67CF02000
heap
page read and write
4D51000
heap
page read and write
104B0000
unkown
page read and write
174E57E000
stack
page read and write
2E20000
direct allocation
page read and write
1F4D969C000
heap
page read and write
3029000
stack
page read and write
7D0E000
stack
page read and write
7FF5575B1000
unkown
page readonly
A85E000
unkown
page read and write
2386000
heap
page read and write
7FF557382000
unkown
page readonly
2BFF000
trusted library allocation
page read and write
2396000
heap
page read and write
1F4D874C000
heap
page read and write
53F3000
heap
page read and write
104B0000
unkown
page read and write
43C000
stack
page read and write
3556000
heap
page read and write
DB4000
unkown
page read and write
3547000
heap
page read and write
3846000
heap
page read and write
2CE4000
heap
page read and write
43A9000
heap
page read and write
10A5000
heap
page read and write
4140000
trusted library allocation
page read and write
2DBE000
stack
page read and write
21F37476000
heap
page read and write
1F4D8F52000
heap
page read and write
9C000
stack
page read and write
1F4D9600000
heap
page read and write
84B000
heap
page read and write
107A2000
unkown
page read and write
10610000
unkown
page read and write
7DF4689B1000
unkown
page execute read
2220D882000
heap
page read and write
AA6F000
unkown
page read and write
8F4D000
unkown
page read and write
2C04000
stack
page read and write
1F4D96D4000
heap
page read and write
7FF5575A1000
unkown
page readonly
2C89000
unkown
page read and write
4EF837E000
unkown
page readonly
97F0000
unkown
page read and write
851000
heap
page read and write
E1B9000
stack
page read and write
401000
unkown
page execute read
1F4D976D000
heap
page read and write
2395000
heap
page read and write
2B36000
heap
page read and write
238B000
heap
page read and write
2CE4000
heap
page read and write
90C9000
unkown
page read and write
42D000
unkown
page read and write
4F9C000
stack
page read and write
5F1000
heap
page read and write
1F4D96B2000
heap
page read and write
1F4D8F5C000
heap
page read and write
3450000
heap
page read and write
3C21000
heap
page read and write
7FF5569E8000
unkown
page readonly
4746000
unkown
page read and write
43A9000
heap
page read and write
3554000
heap
page read and write
43CE000
heap
page read and write
8930000
unkown
page read and write
A308EFE000
unkown
page readonly
43A2000
heap
page read and write
9580000
unkown
page readonly
845000
heap
page read and write
1B899B79000
heap
page read and write
8960000
unkown
page read and write
5789000
heap
page read and write
8CB2000
unkown
page read and write
2AD2000
heap
page read and write
A85A000
unkown
page read and write
2C4E000
stack
page read and write
7A80000
unkown
page readonly
C5C8000
unkown
page read and write
104B0000
unkown
page read and write
418000
unkown
page write copy
21F37402000
heap
page read and write
A23B000
unkown
page read and write
1F4D96BC000
heap
page read and write
400000
remote allocation
page execute and read and write
1F4D9937000
heap
page read and write
BBE0000
unkown
page readonly
2E30000
heap
page read and write
1F4D8F33000
heap
page read and write
233C7000000
direct allocation
page read and write
107AA000
unkown
page read and write
8930000
unkown
page read and write
3110000
heap
page read and write
104B0000
unkown
page read and write
1F4D8F31000
heap
page read and write
21F3744F000
heap
page read and write
8930000
unkown
page read and write
1F4D9705000
heap
page read and write
21F37440000
heap
page read and write
92B0000
unkown
page read and write
B28587A000
stack
page read and write
4F8B000
heap
page read and write
4F5D000
stack
page read and write
1F4D865F000
heap
page read and write
10B0000
unkown
page readonly
4460000
heap
page read and write
1F4D8702000
heap
page read and write
43C0000
heap
page read and write
3821000
heap
page read and write
2B171644000
heap
page read and write
F0AE000
unkown
page read and write
212D000
stack
page read and write
82B000
heap
page read and write
AC90000
unkown
page read and write
889000
heap
page read and write
1060000
unkown
page read and write
47C6000
unkown
page read and write
2386000
heap
page read and write
515A000
heap
page read and write
2A4E3102000
heap
page read and write
9760000
unkown
page read and write
3C21000
heap
page read and write
1F4D8F84000
heap
page read and write
50CC000
heap
page read and write
1F4D8F5A000
heap
page read and write
400000
unkown
page readonly
F0BF000
unkown
page read and write
855000
heap
page read and write
2CE4000
heap
page read and write
12710000
unkown
page read and write
2D09000
trusted library allocation
page read and write
B214EFE000
stack
page read and write
2CEF000
stack
page read and write
1F4D8F88000
heap
page read and write
2400000
heap
page read and write
C700000
unkown
page read and write
2A4E2D24000
heap
page read and write
92B0000
unkown
page read and write
EE2000
trusted library allocation
page read and write
32DF000
stack
page read and write
84D000
heap
page read and write
865000
heap
page read and write
1F4D993C000
heap
page read and write
1B899B32000
heap
page read and write
7FF55751D000
unkown
page readonly
F079000
unkown
page read and write
7FF55756D000
unkown
page readonly
3120000
heap
page read and write
21F37428000
heap
page read and write
692000
heap
page read and write
1F4D874C000
heap
page read and write
1F4D991A000
heap
page read and write
7FF5575E0000
unkown
page readonly
EE7000
trusted library allocation
page execute and read and write
3969000
trusted library allocation
page read and write
97F0000
unkown
page read and write
8970000
unkown
page read and write
2B17162B000
heap
page read and write
92B0000
unkown
page read and write
7FF7E3571000
unkown
page execute read
20A1000
heap
page read and write
F0A0000
unkown
page read and write
8D94000
unkown
page read and write
1B899130000
heap
page read and write
603000
heap
page read and write
43C7000
heap
page read and write
12710000
unkown
page read and write
7FF5573D3000
unkown
page readonly
8960000
unkown
page read and write
7FF556F31000
unkown
page readonly
10610000
unkown
page read and write
7FF5572A2000
unkown
page readonly
2CE4000
heap
page read and write
E13B000
stack
page read and write
238A0720000
heap
page read and write
1F4D876D000
heap
page read and write
12710000
stack
page read and write
2AB0000
heap
page read and write
7FF557062000
unkown
page readonly
2341000
heap
page read and write
2C50000
trusted library allocation
page read and write
1F4D8F29000
heap
page read and write
24FA864F000
heap
page read and write
7FF55714A000
unkown
page readonly
2B17165C000
heap
page read and write
104B0000
unkown
page read and write
1F4D8F53000
heap
page read and write
233C2400000
direct allocation
page read and write
B214DFE000
unkown
page readonly
4394000
heap
page read and write
2C57000
trusted library allocation
page read and write
92B0000
unkown
page read and write
72B000
stack
page read and write
1F4D8717000
heap
page read and write
4EF7F7E000
unkown
page readonly
AA63000
unkown
page read and write
7FF557531000
unkown
page readonly
1F4D8F5B000
heap
page read and write
17993A55000
heap
page read and write
580C000
heap
page read and write
831000
heap
page read and write
43C0000
heap
page read and write
833000
heap
page read and write
50B0000
unkown
page write copy
233C081E000
heap
page read and write
1F4D8F5A000
heap
page read and write
10FD0000
unkown
page read and write
2B171662000
heap
page read and write
7FF55703F000
unkown
page readonly
3350000
unkown
page readonly
888000
heap
page read and write
32C9000
unkown
page read and write
174E27E000
unkown
page readonly
6EE0D000
unkown
page read and write
558E000
stack
page read and write
107AA000
unkown
page read and write
10203000
unkown
page read and write
2A6E000
stack
page read and write
92B0000
unkown
page read and write
7FF557103000
unkown
page readonly
2CE4000
heap
page read and write
1F4D9730000
heap
page read and write
4EE0000
heap
page read and write
13AB000
unkown
page readonly
1F4D8F2A000
heap
page read and write
5AC6000
heap
page read and write
4F92000
heap
page read and write
233C7774000
direct allocation
page read and write
F09E000
unkown
page read and write
233C06E0000
heap
page read and write
1F4D9724000
heap
page read and write
8930000
unkown
page read and write
1B899B93000
heap
page read and write
1F4D8F0E000
heap
page read and write
435F000
heap
page read and write
5A7000
heap
page read and write
438C000
heap
page read and write
37F0000
heap
page read and write
2B171667000
heap
page read and write
597000
heap
page read and write
384D000
heap
page read and write
10610000
unkown
page read and write
A0FC000
unkown
page read and write
9760000
unkown
page read and write
1F4D9735000
heap
page read and write
E7BB000
stack
page read and write
50F000
stack
page read and write
4E28000
heap
page read and write
ED6000
trusted library allocation
page execute and read and write
447F000
heap
page read and write
4DE9000
heap
page read and write
A0B9000
unkown
page read and write
88E000
heap
page read and write
105D2000
direct allocation
page readonly
4D51000
heap
page read and write
565000
heap
page read and write
4E40000
heap
page read and write
410000
unkown
page readonly
AA3E000
unkown
page read and write
2CE4000
heap
page read and write
2E23000
heap
page read and write
260F000
stack
page read and write
3817000
heap
page read and write
52F0000
heap
page read and write
3809000
heap
page read and write
D40000
unkown
page readonly
4DC1000
heap
page read and write
23A2000
heap
page read and write
8EEE000
unkown
page read and write
1F4D8F2F000
heap
page read and write
7FF5570F7000
unkown
page readonly
85E000
heap
page read and write
B42E000
stack
page read and write
7FF55747D000
unkown
page readonly
64D000
heap
page read and write
44AC000
heap
page read and write
1F4D96C0000
heap
page read and write
1F4D9723000
heap
page read and write
5263000
heap
page read and write
F0BF000
unkown
page read and write
AC70000
unkown
page read and write
9760000
unkown
page read and write
4E01000
heap
page read and write
2A4D000
trusted library allocation
page read and write
9C000
stack
page read and write
4EF997D000
stack
page read and write
913F000
unkown
page read and write
24653B02000
heap
page read and write
842F000
stack
page read and write
1E0D1213000
heap
page read and write
2393000
heap
page read and write
2E3E000
heap
page read and write
1E0D1240000
heap
page read and write
7FF5573D5000
unkown
page readonly
824000
heap
page read and write
2CE4000
heap
page read and write
2351000
heap
page read and write
1F4D8F35000
heap
page read and write
4EF8B7E000
unkown
page readonly
2B171670000
heap
page read and write
32C7000
unkown
page read and write
8960000
unkown
page read and write
24FA8602000
heap
page read and write
508D000
heap
page read and write
1F4D8742000
heap
page read and write
8930000
unkown
page read and write
4EF917B000
stack
page read and write
F0D0000
unkown
page read and write
1F4D9759000
heap
page read and write
4D0000
direct allocation
page read and write
10001000
direct allocation
page execute read
53F9000
heap
page read and write
861000
heap
page read and write
7FF55748F000
unkown
page readonly
7FF557579000
unkown
page readonly
1F4D8570000
heap
page read and write
2CB4000
trusted library allocation
page read and write
2A4E3113000
heap
page read and write
F0AE000
unkown
page read and write
1C67CDA0000
heap
page read and write
2E42000
heap
page read and write
1F4D96B7000
heap
page read and write
4390000
heap
page read and write
10B80000
unkown
page read and write
4DA8000
heap
page read and write
5AB21F6000
stack
page read and write
464000
heap
page read and write
1F4D8F72000
heap
page read and write
114E5000
unkown
page read and write
AA63000
unkown
page read and write
21F37413000
heap
page read and write
233C0700000
heap
page read and write
2A90000
heap
page read and write
4D85000
heap
page read and write
7FF55720C000
unkown
page readonly
7FF556E75000
unkown
page readonly
1F4D9907000
heap
page read and write
2CE4000
heap
page read and write
1D0000
heap
page read and write
238A0800000
heap
page read and write
44AC000
heap
page read and write
2A80000
heap
page read and write
1F4D977E000
heap
page read and write
7FF7E3770000
unkown
page read and write
4469000
heap
page read and write
2CE4000
heap
page read and write
444A000
heap
page read and write
3550000
heap
page read and write
AB02000
unkown
page read and write
4C77000
heap
page read and write
12990000
unkown
page read and write
1F4D96DD000
heap
page read and write
104B0000
unkown
page read and write
92B0000
unkown
page read and write
4C1F000
heap
page read and write
384D000
heap
page read and write
C470000
unkown
page read and write
2220D902000
heap
page read and write
44AC000
heap
page read and write
EBE000
stack
page read and write
43B4000
heap
page read and write
12990000
unkown
page read and write
7E7000
heap
page read and write
97F0000
unkown
page read and write
140BA3000
unkown
page execute and write copy
233C052A000
heap
page read and write
DB5000
unkown
page write copy
1F4D8F0F000
heap
page read and write
37F7000
heap
page read and write
383F000
heap
page read and write
7E1000
heap
page read and write
8960000
unkown
page read and write
50A5000
heap
page read and write
10610000
unkown
page read and write
5EC000
stack
page read and write
A129000
unkown
page read and write
71A4000
unkown
page read and write
1F4D8F2C000
heap
page read and write
B52A000
stack
page read and write
6A1000
heap
page read and write
7FF5571B3000
unkown
page readonly
2D1B000
trusted library allocation
page read and write
AC70000
unkown
page read and write
8930000
unkown
page read and write
9847000
unkown
page read and write
1F4D8F0E000
heap
page read and write
10610000
unkown
page read and write
7E1000
heap
page read and write
2E1A000
heap
page read and write
24653A2B000
heap
page read and write
2E6E000
stack
page read and write
25C1000
heap
page read and write
F0B8000
unkown
page read and write
4D0000
direct allocation
page read and write
2220D83A000
heap
page read and write
380D000
heap
page read and write
E7D239E000
stack
page read and write
82C000
heap
page read and write
C3B3000
unkown
page read and write
1F4D9907000
heap
page read and write
238E000
heap
page read and write
7FF557239000
unkown
page readonly
1F4D8F0F000
heap
page read and write
2ADE000
heap
page read and write
1F4D993F000
heap
page read and write
10610000
unkown
page read and write
1F4D8F33000
heap
page read and write
2220D802000
heap
page read and write
52E000
unkown
page readonly
F0CF000
unkown
page read and write
24FA8613000
heap
page read and write
8960000
unkown
page read and write
4461000
heap
page read and write
56E000
unkown
page readonly
8960000
unkown
page read and write
1310F000
stack
page read and write
2F7B000
heap
page read and write
8D70000
unkown
page read and write
94F000
stack
page read and write
21F379A0000
trusted library allocation
page read and write
50B1000
heap
page read and write
F0B7000
unkown
page read and write
3807000
heap
page read and write
4F97000
heap
page read and write
10610000
unkown
page read and write
1B899A00000
heap
page read and write
1F4D873C000
heap
page read and write
8980000
unkown
page read and write
2CE4000
heap
page read and write
301B000
heap
page execute and read and write
1F4D9747000
heap
page read and write
BF3F000
stack
page read and write
44AC000
heap
page read and write
8930000
unkown
page read and write
47C0000
unkown
page read and write
9013000
unkown
page read and write
29A3000
trusted library allocation
page read and write
2AB9000
heap
page read and write
2B92000
trusted library allocation
page read and write
330A000
unkown
page read and write
3846000
heap
page read and write
7FF557594000
unkown
page readonly
92B0000
unkown
page read and write
9760000
unkown
page read and write
12D8A000
stack
page read and write
219D000
stack
page read and write
7FF556F26000
unkown
page readonly
840000
heap
page read and write
588D000
heap
page read and write
10610000
unkown
page read and write
2220D7B0000
trusted library allocation
page read and write
37F0000
heap
page read and write
97F0000
unkown
page read and write
F0A0000
unkown
page read and write
25CF000
stack
page read and write
2A6C000
stack
page read and write
3018000
heap
page read and write
CC8000
heap
page read and write
859000
heap
page read and write
2CE4000
heap
page read and write
1024B000
unkown
page read and write
104B0000
unkown
page read and write
8970000
unkown
page read and write
4EF827E000
stack
page read and write
238A07A0000
remote allocation
page read and write
97F0000
unkown
page read and write
97F0000
unkown
page read and write
63B000
heap
page read and write
239A000
heap
page read and write
8930000
unkown
page read and write
52BE000
heap
page read and write
2A4E2C13000
unkown
page read and write
1C67CE02000
heap
page read and write
41B000
unkown
page readonly
25CB000
heap
page read and write
6CCF000
heap
page read and write
25CE000
heap
page read and write
1F4D8F32000
heap
page read and write
140BB1000
unkown
page execute and write copy
51CC000
heap
page read and write
C156000
unkown
page read and write
104B0000
unkown
page read and write
7FF5571E6000
unkown
page readonly
4447000
heap
page read and write
1E0D1264000
heap
page read and write
A3092FE000
unkown
page readonly
2B17164A000
heap
page read and write
F0B5000
unkown
page read and write
1F4D8F07000
heap
page read and write
2CE4000
heap
page read and write
F0A0000
unkown
page read and write
889000
heap
page read and write
92B0000
unkown
page read and write
2CE4000
heap
page read and write
104B0000
unkown
page read and write
8960000
unkown
page read and write
238A082B000
heap
page read and write
1F4D8F30000
heap
page read and write
E7D2C7E000
unkown
page readonly
2CE4000
heap
page read and write
7FF5573DE000
unkown
page readonly
EC0000
trusted library allocation
page read and write
499F000
stack
page read and write
2B5B000
trusted library allocation
page read and write
4393000
heap
page read and write
2720000
heap
page read and write
83A000
heap
page read and write
2A4E3002000
heap
page read and write
1F4D8F5A000
heap
page read and write
54D7000
heap
page read and write
2AA4000
heap
page read and write
10610000
unkown
page read and write
1F4D8F00000
heap
page read and write
239A000
heap
page read and write
50CC000
heap
page read and write
25CD000
heap
page read and write
2CE4000
heap
page read and write
C630000
unkown
page read and write
E7D2F7E000
stack
page read and write
7FF5570A6000
unkown
page readonly
7F6000
heap
page read and write
303F000
stack
page read and write
309D000
stack
page read and write
EF44CFC000
stack
page read and write
AC8B9FE000
stack
page read and write
AC70000
unkown
page read and write
4FC0000
heap
page execute and read and write
2B171658000
heap
page read and write
C630000
unkown
page read and write
4A9E000
stack
page read and write
2CE4000
heap
page read and write
1F4D990A000
heap
page read and write
5F70000
heap
page read and write
28DE000
stack
page read and write
CB0000
trusted library allocation
page read and write
2A76000
heap
page read and write
2D40000
heap
page read and write
834000
heap
page read and write
8930000
unkown
page read and write
25B9000
heap
page read and write
10610000
unkown
page read and write
526A000
heap
page read and write
2B17165D000
heap
page read and write
1F4D9A00000
heap
page read and write
F0B8000
unkown
page read and write
2F20000
unkown
page read and write
92B0000
unkown
page read and write
12710000
unkown
page read and write
52CB000
heap
page read and write
B214AFE000
unkown
page readonly
4732000
unkown
page read and write
7F6000
heap
page read and write
258E000
stack
page read and write
1E0D1313000
heap
page read and write
1F4D9761000
heap
page read and write
2AA1000
heap
page read and write
EF43FFE000
unkown
page readonly
5B4000
heap
page read and write
37EA000
heap
page read and write
84DC000
stack
page read and write
19C000
stack
page read and write
32F3000
unkown
page read and write
4FB0000
heap
page read and write
A3093FE000
stack
page read and write
832000
heap
page read and write
1F4D992D000
heap
page read and write
2ADE000
heap
page read and write
A0BD000
unkown
page read and write
400000
unkown
page readonly
61C7000
heap
page read and write
392971B000
stack
page read and write
845000
heap
page read and write
1F4D8F0F000
heap
page read and write
1C67CDD0000
heap
page read and write
1F4D8F0E000
heap
page read and write
2B171613000
heap
page read and write
8960000
unkown
page read and write
7FF557106000
unkown
page readonly
3846000
heap
page read and write
12710000
unkown
page read and write
82C000
heap
page read and write
101D9000
unkown
page read and write
2BC0000
heap
page read and write
43C0000
heap
page read and write
66B000
heap
page read and write
4C16000
heap
page read and write
2CF5000
trusted library allocation
page read and write
10610000
unkown
page read and write
1F4D96F7000
heap
page read and write
92B0000
unkown
page read and write
1F4D966F000
heap
page read and write
384D000
heap
page read and write
7FF5575B9000
unkown
page readonly
445D000
heap
page read and write
6932000
heap
page read and write
8D78000
unkown
page read and write
4734000
unkown
page read and write
104B0000
unkown
page read and write
842000
heap
page read and write
10C000
stack
page read and write
273D606F000
direct allocation
page read and write
1B899A15000
heap
page read and write
4390000
heap
page read and write
46E0000
unkown
page read and write
2D6F000
stack
page read and write
51FE000
heap
page read and write
7FF557302000
unkown
page readonly
2393000
heap
page read and write
1F4D8F4D000
heap
page read and write
12710000
unkown
page read and write
82A000
heap
page read and write
1F4D8F0F000
heap
page read and write
50A5000
heap
page read and write
BC10000
unkown
page read and write
C1DD000
unkown
page read and write
4E0000
direct allocation
page read and write
C7A1000
unkown
page read and write
53F6000
heap
page read and write
2EAE000
stack
page read and write
2CE4000
heap
page read and write
4F05000
heap
page read and write
C426000
unkown
page read and write
715C000
unkown
page read and write
4140000
trusted library allocation
page read and write
4EF817E000
unkown
page readonly
2BBB000
heap
page read and write
7FF557099000
unkown
page readonly
E270000
unkown
page read and write
104B0000
unkown
page read and write
1F4D9783000
heap
page read and write
E7D2D7E000
stack
page read and write
2BB0000
heap
page read and write
10610000
unkown
page read and write
2E40000
heap
page read and write
2B171643000
heap
page read and write
7FF55726A000
unkown
page readonly
9760000
unkown
page read and write
F088000
unkown
page read and write
1F4D96A4000
heap
page read and write
3818000
heap
page read and write
7DF468971000
unkown
page execute read
2B171702000
heap
page read and write
AFFF000
stack
page read and write
4D0000
direct allocation
page read and write
43B4000
heap
page read and write
1F4D8F52000
heap
page read and write
10610000
unkown
page read and write
4D94000
heap
page read and write
4DC1000
heap
page read and write
7FF557095000
unkown
page readonly
842000
heap
page read and write
2E3E000
heap
page read and write
1F4D8F7B000
heap
page read and write
1F4D874C000
heap
page read and write
7FF557463000
unkown
page readonly
2CD9000
trusted library allocation
page read and write
2220D800000
heap
page read and write
1F4D8F07000
heap
page read and write
17993A44000
heap
page read and write
10610000
unkown
page read and write
7FF7E376A000
unkown
page write copy
2CE4000
heap
page read and write
864F000
stack
page read and write
1B899B7F000
heap
page read and write
9F0000
unkown
page readonly
1F4D9920000
heap
page read and write
7FF55710F000
unkown
page readonly
E7D2E7E000
unkown
page readonly
1F4D8F33000
heap
page read and write
12990000
unkown
page read and write
839000
heap
page read and write
5B0000
heap
page read and write
97F0000
unkown
page read and write
8ECE000
unkown
page read and write
B21487E000
stack
page read and write
1F4D96D7000
heap
page read and write
AC70000
unkown
page read and write
104B0000
unkown
page read and write
43CE000
heap
page read and write
1F4D8F5B000
heap
page read and write
2B04000
trusted library allocation
page read and write
FB0000
unkown
page read and write
2A4E3259000
heap
page read and write
83A000
heap
page read and write
B10000
heap
page read and write
1F4D86EF000
heap
page read and write
1F4D869F000
heap
page read and write
43C0000
heap
page read and write
13A9000
unkown
page readonly
13AB000
unkown
page readonly
25C3000
heap
page read and write
2CE4000
heap
page read and write
4461000
heap
page read and write
92B0000
unkown
page read and write
9760000
unkown
page read and write
1F4D9933000
heap
page read and write
32D7000
unkown
page read and write
4D6C000
heap
page read and write
1B899268000
heap
page read and write
2CE4000
heap
page read and write
1F4D96C0000
heap
page read and write
1F4D874C000
heap
page read and write
842000
heap
page read and write
8960000
unkown
page read and write
174E47E000
unkown
page readonly
104B0000
unkown
page read and write
104B0000
unkown
page read and write
2B171660000
heap
page read and write
C480000
unkown
page read and write
7FF55752A000
unkown
page readonly
24FA8570000
remote allocation
page read and write
1B89B002000
heap
page read and write
2A4E3202000
heap
page read and write
2E4E000
heap
page read and write
4398000
heap
page read and write
107AA000
unkown
page read and write
5500000
heap
page read and write
F06D000
unkown
page read and write
2CE4000
heap
page read and write
4880000
unkown
page read and write
4E0000
direct allocation
page read and write
443F000
heap
page read and write
7909000
stack
page read and write
9FF000
stack
page read and write
580000
heap
page read and write
250E000
stack
page read and write
4FA0000
heap
page read and write
2A4E2C3B000
heap
page read and write
8960000
unkown
page read and write
7FF556E9A000
unkown
page readonly
10610000
stack
page read and write
AC90000
unkown
page read and write
400000
unkown
page execute and read and write
1F4D8F82000
heap
page read and write
7FF55750F000
unkown
page readonly
7FF7E3571000
unkown
page execute read
50CC000
heap
page read and write
4EFF000
heap
page read and write
3929D7E000
stack
page read and write
7FF55763D000
unkown
page readonly
9052000
unkown
page read and write
89E000
heap
page read and write
59E000
stack
page read and write
1F4D8F3C000
heap
page read and write
104B0000
unkown
page read and write
2CE4000
heap
page read and write
1F4D9690000
heap
page read and write
43CE000
heap
page read and write
7FF557330000
unkown
page readonly
F07D000
unkown
page read and write
84F000
stack
page read and write
1F4D9790000
heap
page read and write
8ED5000
unkown
page read and write
6962000
heap
page read and write
2CE4000
heap
page read and write
238A0750000
heap
page read and write
82D000
heap
page read and write
C3A8000
unkown
page read and write
85E000
heap
page read and write
788B000
stack
page read and write
F084000
unkown
page read and write
2CE4000
heap
page read and write
1E0D1A15000
heap
page read and write
4388000
heap
page read and write
7E4000
heap
page read and write
4388000
heap
page read and write
12710000
unkown
page read and write
2386000
heap
page read and write
1B899B63000
heap
page read and write
1E0D125F000
heap
page read and write
104B0000
unkown
page read and write
2B20000
heap
page read and write
57C000
heap
page read and write
3821000
heap
page read and write
A215000
unkown
page read and write
8960000
unkown
page read and write
7FF557210000
unkown
page readonly
4E0000
direct allocation
page read and write
C04F000
unkown
page read and write
4D9D000
heap
page read and write
9760000
unkown
page read and write
3807000
heap
page read and write
8501000
unkown
page read and write
4820000
unkown
page read and write
299F000
trusted library allocation
page read and write
2CE4000
heap
page read and write
104B0000
unkown
page read and write
827000
heap
page read and write
2362000
heap
page read and write
2A7C000
trusted library allocation
page read and write
CFA000
heap
page read and write
5AB29FE000
unkown
page readonly
2E30000
heap
page read and write
7F1000
heap
page read and write
384C000
heap
page read and write
2FE0000
heap
page read and write
89CB000
unkown
page read and write
2AA1000
heap
page read and write
AB61000
unkown
page read and write
2351000
heap
page read and write
2CA4000
trusted library allocation
page read and write
445D000
heap
page read and write
888000
heap
page read and write
2CE4000
heap
page read and write
1F4D8F78000
heap
page read and write
A0A5000
unkown
page read and write
2DDF000
heap
page read and write
90E000
stack
page read and write
10610000
unkown
page read and write
1F4D8F77000
heap
page read and write
1F4D8F52000
heap
page read and write
851000
heap
page read and write
4CF7000
heap
page read and write
B5AD000
stack
page read and write
2B7C000
trusted library allocation
page read and write
1F4D8F7C000
heap
page read and write
1F4D8F5B000
heap
page read and write
7FF55765C000
unkown
page readonly
1F4D9922000
heap
page read and write
174E37A000
stack
page read and write
A280000
unkown
page read and write
17993A00000
heap
page read and write
4390000
heap
page read and write
113A0000
unkown
page read and write
43A8000
heap
page read and write
3542000
heap
page read and write
97F0000
unkown
page read and write
2CE4000
heap
page read and write
2CE4000
heap
page read and write
AC90000
unkown
page read and write
8960000
unkown
page read and write
4140000
trusted library allocation
page read and write
50A5000
heap
page read and write
10610000
unkown
page read and write
92B0000
unkown
page read and write
4D83000
heap
page read and write
7A4B000
stack
page read and write
427000
unkown
page readonly
4EF877E000
unkown
page readonly
44AC000
heap
page read and write
C788000
unkown
page read and write
5096000
heap
page read and write
2341000
heap
page read and write
43AC000
heap
page read and write
1F4D9911000
heap
page read and write
12990000
unkown
page read and write
233C051C000
heap
page read and write
534E000
stack
page read and write
2CE4000
heap
page read and write
8DA6000
unkown
page read and write
5AB28FE000
stack
page read and write
F08A000
unkown
page read and write
1F4D9800000
heap
page read and write
507B000
heap
page read and write
858000
heap
page read and write
4D0000
direct allocation
page read and write
13089000
stack
page read and write
2341000
heap
page read and write
7FF557583000
unkown
page readonly
97DE000
stack
page read and write
2AB9000
heap
page read and write
8960000
unkown
page read and write
2A91000
heap
page read and write
104B0000
unkown
page read and write
1F4D9734000
heap
page read and write
1F4D9724000
heap
page read and write
2CE4000
heap
page read and write
24FA8E02000
trusted library allocation
page read and write
7FF55707D000
unkown
page readonly
7FF55724C000
unkown
page readonly
2E3F000
stack
page read and write
2389000
heap
page read and write
92B0000
unkown
page read and write
7A60000
unkown
page readonly
1F4D9812000
heap
page read and write
84B000
heap
page read and write
10610000
unkown
page read and write
2C0E000
stack
page read and write
27C0000
heap
page read and write
4DEB000
heap
page read and write
AAF9000
unkown
page read and write
F09E000
unkown
page read and write
2E86000
stack
page read and write
2A5E000
trusted library allocation
page read and write
1F4D8F30000
heap
page read and write
1F4D96C0000
heap
page read and write
865000
heap
page read and write
32BE000
stack
page read and write
2F40000
unclassified section
page read and write
10610000
unkown
page read and write
4140000
trusted library allocation
page read and write
233C4C00000
direct allocation
page read and write
AC8B8FE000
stack
page read and write
33BF000
stack
page read and write
1162C000
unkown
page read and write
5049000
heap
page read and write
1B89B002000
heap
page read and write
1F4D96FF000
heap
page read and write
43B5000
heap
page read and write
1F4D874C000
heap
page read and write
7FF55725B000
unkown
page readonly
24653A00000
heap
page read and write
2220D900000
heap
page read and write
851000
heap
page read and write
7FF5572B4000
unkown
page readonly
842000
heap
page read and write
7E8000
heap
page read and write
43A2000
heap
page read and write
25D4000
heap
page read and write
B214CFE000
unkown
page readonly
2CEE000
stack
page read and write
84E0000
unkown
page readonly
435E000
heap
page read and write
1B899B50000
heap
page read and write
355B000
heap
page read and write
80A000
heap
page read and write
1F4D8702000
heap
page read and write
1F4D969B000
heap
page read and write
37D7000
heap
page read and write
4390000
heap
page read and write
6A1000
heap
page read and write
32DB000
unkown
page read and write
F0C2000
unkown
page read and write
849000
heap
page read and write
2E40000
heap
page read and write
1149E000
unkown
page read and write
5176000
heap
page read and write
AC90000
unkown
page read and write
37DF000
heap
page read and write
2F80000
unkown
page readonly
2AB8000
trusted library allocation
page read and write
EF441FE000
unkown
page readonly
1F4D8F5A000
heap
page read and write
8960000
unkown
page read and write
2610000
heap
page read and write
53A000
stack
page read and write
1F4D8F52000
heap
page read and write
2348000
heap
page read and write
7E0000
heap
page read and write
530000
direct allocation
page read and write
EEC000
stack
page read and write
4D51000
heap
page read and write
1F4D8688000
heap
page read and write
A0DA000
unkown
page read and write
AB40000
unkown
page read and write
7FF557026000
unkown
page readonly
2E45000
heap
page read and write
7FF5571AC000
unkown
page readonly
9760000
unkown
page read and write
1B899200000
heap
page read and write
50B1000
heap
page read and write
2CE4000
heap
page read and write
AC70000
unkown
page read and write
F0AF000
unkown
page read and write
4140000
trusted library allocation
page read and write
2AB5000
heap
page read and write
1F4D8F07000
heap
page read and write
4F81000
heap
page read and write
B4A6000
stack
page read and write
1F4D96D2000
heap
page read and write
2C8C000
unkown
page readonly
92B0000
unkown
page read and write
E60000
unkown
page readonly
3000000
heap
page read and write
F20000
trusted library allocation
page read and write
71B1000
unkown
page read and write
5161000
unkown
page read and write
C22F000
unkown
page read and write
5668000
heap
page read and write
2090000
heap
page read and write
1F4D874C000
heap
page read and write
A222000
unkown
page read and write
50B6000
heap
page read and write
10610000
unkown
page read and write
D40000
unkown
page readonly
8960000
unkown
page read and write
436E000
heap
page read and write
59CE000
stack
page read and write
7F6000
heap
page read and write
24653920000
heap
page read and write
E7D2A7E000
unkown
page readonly
7FF557257000
unkown
page readonly
2D8C000
stack
page read and write
5373000
heap
page read and write
F0BE000
unkown
page read and write
108B0000
unkown
page read and write
3559000
heap
page read and write
8960000
unkown
page read and write
8960000
unkown
page read and write
7FF557549000
unkown
page readonly
D20000
heap
page read and write
1409C3000
unkown
page write copy
2B171600000
heap
page read and write
2581000
heap
page read and write
7FF556F87000
unkown
page readonly
2950000
heap
page execute and read and write
2CE4000
heap
page read and write
2961000
trusted library allocation
page read and write
2D6D000
stack
page read and write
7D0000
heap
page read and write
2B171663000
heap
page read and write
855000
heap
page read and write
1F4D96B2000
heap
page read and write
2A91000
heap
page read and write
1F4D8F33000
heap
page read and write
3807000
heap
page read and write
2D88000
trusted library allocation
page read and write
401000
unkown
page execute read
2B17166A000
heap
page read and write
576D000
heap
page read and write
2B1715B0000
heap
page read and write
AC70000
unkown
page read and write
7FF557522000
unkown
page readonly
1F4D862B000
heap
page read and write
2E43000
heap
page read and write
855000
heap
page read and write
4FC3000
heap
page read and write
1F4D990A000
heap
page read and write
1F4D8F72000
heap
page read and write
24FA8570000
remote allocation
page read and write
1F4D8F2E000
heap
page read and write
104B0000
unkown
page read and write
7FF7E3778000
unkown
page readonly
43B4000
heap
page read and write
254F000
stack
page read and write
AC70000
unkown
page read and write
902C000
unkown
page read and write
5179000
heap
page read and write
92B0000
unkown
page read and write
7FF55742B000
unkown
page readonly
7FF5575FC000
unkown
page readonly
A308E7E000
stack
page read and write
2351000
heap
page read and write
21F37990000
trusted library allocation
page read and write
7FF5573FF000
unkown
page readonly
F0C2000
unkown
page read and write
54F6000
heap
page read and write
2B7E000
stack
page read and write
7EE000
heap
page read and write
21F37502000
heap
page read and write
1F4D8694000
heap
page read and write
10610000
unkown
page read and write
92B0000
unkown
page read and write
2390000
heap
page read and write
2CE4000
heap
page read and write
7DF468970000
unkown
page readonly
1162C000
unkown
page read and write
337E000
stack
page read and write
AC70000
unkown
page read and write
9760000
unkown
page read and write
1F4D8F30000
heap
page read and write
AA4C000
unkown
page read and write
233C0730000
heap
page read and write
381B000
heap
page read and write
24FA8450000
heap
page read and write
C7A1000
unkown
page read and write
A0A8000
unkown
page read and write
3812000
heap
page read and write
4DEB000
heap
page read and write
2CE4000
heap
page read and write
24E0000
heap
page read and write
BEBF000
stack
page read and write
F0CD000
unkown
page read and write
1F4D993C000
heap
page read and write
2A65000
heap
page read and write
5376000
heap
page read and write
1F4D970E000
heap
page read and write
55FC000
heap
page read and write
2CE4000
heap
page read and write
73D0000
unkown
page read and write
174E17E000
stack
page read and write
4140000
trusted library allocation
page read and write
825000
heap
page read and write
1F4D96FD000
heap
page read and write
1F4D8F5C000
heap
page read and write
24FA862B000
heap
page read and write
2D8A000
stack
page read and write
1F4D977F000
heap
page read and write
2BE0000
heap
page read and write
8960000
unkown
page read and write
8970000
unkown
page read and write
402000
remote allocation
page execute and read and write
4D9A000
heap
page read and write
F0BF000
unkown
page read and write
12710000
unkown
page read and write
80A000
heap
page read and write
C22F000
unkown
page read and write
2CE4000
heap
page read and write
2A4E2C94000
heap
page read and write
F0A0000
unkown
page read and write
1F4D9671000
heap
page read and write
1B8992AD000
heap
page read and write
C233000
unkown
page read and write
669E000
heap
page read and write
52F4000
heap
page read and write
520E000
stack
page read and write
B657179000
stack
page read and write
7FF557413000
unkown
page readonly
1F4D9904000
heap
page read and write
1F4D8F56000
heap
page read and write
4390000
heap
page read and write
4D0000
direct allocation
page read and write
2CE4000
heap
page read and write
4455000
heap
page read and write
2E19000
heap
page read and write
23A2000
heap
page read and write
1F4D9915000
heap
page read and write
8820000
unkown
page readonly
E23B000
stack
page read and write
C6A8000
unkown
page read and write
A308DFE000
unkown
page readonly
2A51000
trusted library allocation
page read and write
1F4D8F33000
heap
page read and write
1F4D8F86000
heap
page read and write
2C50000
heap
page read and write
6597D7E000
stack
page read and write
12710000
unkown
page read and write
12710000
unkown
page read and write
4D9D000
heap
page read and write
4A0000
heap
page read and write
89E000
heap
page read and write
7FF557602000
unkown
page readonly
1F4D993C000
heap
page read and write
4DA8000
heap
page read and write
1F4D991B000
heap
page read and write
E370000
unkown
page read and write
238A0840000
heap
page read and write
CF8000
heap
page read and write
C6A8000
unkown
page read and write
4376000
heap
page read and write
9BE000
stack
page read and write
2F20000
unkown
page read and write
4C01000
heap
page read and write
12710000
unkown
page read and write
12990000
unkown
page read and write
2AB4000
trusted library allocation
page read and write
43B4000
heap
page read and write
4140000
trusted library allocation
page read and write
50CC000
heap
page read and write
32E6000
unkown
page read and write
8970000
unkown
page read and write
9EC000
stack
page read and write
4CA2000
heap
page read and write
92B0000
unkown
page read and write
3543000
heap
page read and write
4384000
heap
page read and write
4140000
trusted library allocation
page read and write
1F4D8738000
heap
page read and write
7FF557429000
unkown
page readonly
1B89A120000
heap
page read and write
1166F000
unkown
page read and write
B2145FE000
stack
page read and write
43C0000
heap
page read and write
7E1000
heap
page read and write
2351000
heap
page read and write
4EF927E000
unkown
page readonly
3826000
heap
page read and write
1B899B6C000
heap
page read and write
6E9000
stack
page read and write
4D51000
heap
page read and write
2BF0000
trusted library allocation
page read and write
F080000
unkown
page read and write
333E000
stack
page read and write
7FF557476000
unkown
page readonly
644000
heap
page read and write
557C000
heap
page read and write
1F4D8F59000
heap
page read and write
7FF557416000
unkown
page readonly
43A8000
heap
page read and write
8970000
unkown
page read and write
AC90000
unkown
page read and write
B28527B000
stack
page read and write
238A0862000
heap
page read and write
12990000
unkown
page read and write
A877000
unkown
page read and write
58B000
heap
page read and write
517C000
heap
page read and write
116CF000
unkown
page read and write
2A4E2BE0000
heap
page read and write
BC00000
unkown
page readonly
F0D1000
unkown
page read and write
24FA8623000
heap
page read and write
2B1715C0000
heap
page read and write
7FF5573D8000
unkown
page readonly
D12EDFF000
stack
page read and write
52AE000
heap
page read and write
1F4D8F13000
heap
page read and write
139F000
unkown
page read and write
AA59000
unkown
page read and write
2DE2000
heap
page read and write
2CE4000
heap
page read and write
8B50000
unkown
page readonly
1F4D9760000
heap
page read and write
82B000
heap
page read and write
7FF5572D4000
unkown
page readonly
92B0000
unkown
page read and write
4830000
unkown
page read and write
2F3F000
stack
page read and write
1F4D8E02000
heap
page read and write
2ABC000
heap
page read and write
2AA4000
heap
page read and write
A00000
heap
page read and write
12710000
unkown
page read and write
92B0000
unkown
page read and write
43A8000
heap
page read and write
24653900000
heap
page read and write
7FF556FE3000
unkown
page readonly
EA74000
stack
page read and write
1F4D8F5A000
heap
page read and write
4489000
heap
page read and write
AC70000
unkown
page read and write
4DA8000
heap
page read and write
B21477D000
stack
page read and write
92B0000
unkown
page read and write
1F4D8F57000
heap
page read and write
898000
heap
page read and write
1F4D9724000
heap
page read and write
AC70000
unkown
page read and write
4C1F000
heap
page read and write
50D1000
heap
page read and write
10610000
unkown
page read and write
4D7A000
heap
page read and write
9259000
stack
page read and write
12990000
unkown
page read and write
1F4D8F33000
heap
page read and write
437A000
heap
page read and write
1F4D9907000
heap
page read and write
AC70000
unkown
page read and write
104B0000
unkown
page read and write
7E2000
heap
page read and write
2ED1000
heap
page read and write
1F4D8F6E000
heap
page read and write
C6D000
heap
page read and write
E2A0000
heap
page read and write
17993830000
heap
page read and write
1F4D8F37000
heap
page read and write
4140000
trusted library allocation
page read and write
73F0000
unkown
page read and write
B5E000
stack
page read and write
80B000
heap
page read and write
5ADC000
heap
page read and write
11490000
unkown
page read and write
2D84000
trusted library allocation
page read and write
4460000
heap
page read and write
1F4D9770000
heap
page read and write
1F4D8D60000
remote allocation
page read and write
4718000
unkown
page read and write
C0F9000
unkown
page read and write
2CE4000
heap
page read and write
839000
heap
page read and write
988000
stack
page read and write
4398000
heap
page read and write
1F4D967F000
heap
page read and write
83F000
heap
page read and write
848000
heap
page read and write
4EF8F7E000
unkown
page readonly
4FC3000
heap
page read and write
43A1000
heap
page read and write
254E000
stack
page read and write
2B30000
heap
page read and write
3010000
heap
page read and write
2CE4000
heap
page read and write
65F8000
heap
page read and write
7F1000
heap
page read and write
5243000
heap
page read and write
8960000
unkown
page read and write
117D6000
unkown
page read and write
8960000
unkown
page read and write
7FF55752E000
unkown
page readonly
117AB000
unkown
page read and write
4810000
unkown
page read and write
43A8000
heap
page read and write
12990000
unkown
page read and write
2D2E000
stack
page read and write
1C67CE13000
heap
page read and write
1F4D96A3000
heap
page read and write
24FA8600000
heap
page read and write
A8BA000
unkown
page read and write
11669000
unkown
page read and write
593000
heap
page read and write
F0A0000
unkown
page read and write
8D80000
unkown
page read and write
107A3000
unkown
page read and write
1F4D990A000
heap
page read and write
2CE4000
heap
page read and write
25CD000
heap
page read and write
97F0000
unkown
page read and write
43B4000
heap
page read and write
C22B000
unkown
page read and write
F09E000
unkown
page read and write
43A9000
heap
page read and write
E280000
unkown
page read and write
2B17164B000
heap
page read and write
4140000
trusted library allocation
page read and write
7E05000
stack
page read and write
8D6C000
unkown
page read and write
1B899B7C000
heap
page read and write
5ABE000
stack
page read and write
807000
heap
page read and write
2AA4000
heap
page read and write
4DEC000
heap
page read and write
2A4E2C3E000
heap
page read and write
EF449FE000
unkown
page readonly
F0CC000
unkown
page read and write
2B17164F000
heap
page read and write
1F4D874C000
heap
page read and write
7E8000
heap
page read and write
1F4D9A02000
heap
page read and write
1F4D8F2A000
heap
page read and write
43C9000
heap
page read and write
104B0000
unkown
page read and write
4471000
heap
page read and write
8970000
unkown
page read and write
238A07A0000
remote allocation
page read and write
1F4D8F92000
heap
page read and write
1C67CE00000
heap
page read and write
AA65000
unkown
page read and write
1F4D9907000
heap
page read and write
2330000
trusted library allocation
page read and write
4D9D000
heap
page read and write
1F4D8F07000
heap
page read and write
12710000
unkown
page read and write
C24F000
unkown
page read and write
7FF557434000
unkown
page readonly
8960000
unkown
page read and write
43C4000
heap
page read and write
2A97000
heap
page read and write
B6569BE000
stack
page read and write
4397000
heap
page read and write
104B0000
unkown
page read and write
E32B000
stack
page read and write
1F4D976D000
heap
page read and write
114E2000
unkown
page read and write
7FF556E98000
unkown
page readonly
43B4000
heap
page read and write
10A0000
heap
page read and write
3823000
heap
page read and write
580000
heap
page read and write
2B171E02000
trusted library allocation
page read and write
97F0000
unkown
page read and write
50C1000
heap
page read and write
8930000
unkown
page read and write
1F4D8F7D000
heap
page read and write
1F4D8DD0000
remote allocation
page read and write
1F4D8F7B000
heap
page read and write
29BD000
trusted library allocation
page read and write
7FF546F35000
unkown
page readonly
C2E4000
unkown
page read and write
2E3E000
heap
page read and write
4390000
heap
page read and write
2AB5000
heap
page read and write
2220D760000
heap
page read and write
300A000
heap
page read and write
30AB000
heap
page read and write
845000
heap
page read and write
1F4D86A2000
heap
page read and write
19C000
stack
page read and write
B65727B000
stack
page read and write
2A97000
heap
page read and write
2A8C000
stack
page read and write
1F4D9913000
heap
page read and write
7FF55738F000
unkown
page readonly
A0FF000
unkown
page read and write
4CAC000
heap
page read and write
1F4D8F3B000
heap
page read and write
861000
heap
page read and write
1F4D9919000
heap
page read and write
92B0000
unkown
page read and write
A154000
unkown
page read and write
2CE4000
heap
page read and write
1F4D8F6B000
heap
page read and write
380E000
heap
page read and write
D12EFFC000
stack
page read and write
1F4D966F000
heap
page read and write
25C1000
heap
page read and write
1F4D9933000
heap
page read and write
F06E000
unkown
page read and write
97F0000
unkown
page read and write
21D0000
heap
page read and write
1F4D96B0000
heap
page read and write
30A0000
heap
page read and write
3849000
heap
page read and write
3450000
unkown
page read and write
4EE0000
heap
page read and write
4470000
heap
page read and write
92B0000
unkown
page read and write
1C0000
heap
page read and write
9E8E000
stack
page read and write
1F4D8F0F000
heap
page read and write
CB3000
trusted library allocation
page execute and read and write
37E4000
heap
page read and write
F071000
unkown
page read and write
7FF5574BD000
unkown
page readonly
526D000
heap
page read and write
4EF8079000
stack
page read and write
8930000
unkown
page read and write
5EED000
heap
page read and write
115EA000
unkown
page read and write
1F4D8F29000
heap
page read and write
B656D7E000
stack
page read and write
C374000
unkown
page read and write
B2144FE000
unkown
page readonly
1F4D96DA000
heap
page read and write
8960000
unkown
page read and write
289F000
stack
page read and write
43A2000
heap
page read and write
4388000
heap
page read and write
859000
heap
page read and write
43AC000
heap
page read and write
410000
unkown
page readonly
1F4D96F3000
heap
page read and write
7FF556E44000
unkown
page readonly
2AEF000
trusted library allocation
page read and write
7FF557411000
unkown
page readonly
10246000
unkown
page read and write
7FF557250000
unkown
page readonly
F077000
unkown
page read and write
2AA1000
heap
page read and write
108B0000
unkown
page read and write
F40000
heap
page read and write
C23A000
unkown
page read and write
238A0831000
heap
page read and write
12710000
unkown
page read and write
C7A1000
unkown
page read and write
4397000
heap
page read and write
1B899216000
heap
page read and write
89AF000
stack
page read and write
4D9A000
heap
page read and write
2CE4000
heap
page read and write
1B899233000
heap
page read and write
A8D2000
unkown
page read and write
8960000
unkown
page read and write
1F4D8F33000
heap
page read and write
140AAD000
unkown
page execute and write copy
92B0000
unkown
page read and write
43B4000
heap
page read and write
7FF556FF3000
unkown
page readonly
4800000
unkown
page read and write
1F4D9907000
heap
page read and write
F0CC000
unkown
page read and write
F0B8000
unkown
page read and write
92B0000
unkown
page read and write
2CE4000
heap
page read and write
4D0000
direct allocation
page read and write
239A000
heap
page read and write
439D000
heap
page read and write
590000
heap
page read and write
9D8E000
stack
page read and write
7DF468980000
unkown
page readonly
4398000
heap
page read and write
F074000
unkown
page read and write
1F4D86FA000
heap
page read and write
1F4D96B7000
heap
page read and write
B28567A000
stack
page read and write
2E7E000
stack
page read and write
117D7000
unkown
page read and write
107AA000
unkown
page read and write
1F4D8683000
heap
page read and write
2930000
heap
page read and write
C44A000
unkown
page read and write
37E4000
heap
page read and write
3846000
heap
page read and write
7FF7E3570000
unkown
page readonly
850000
heap
page read and write
4EF7EFE000
stack
page read and write
550000
heap
page read and write
2AD2000
heap
page read and write
7FF556E8D000
unkown
page readonly
1F4D9903000
heap
page read and write
8960000
unkown
page read and write
1F4D96DA000
heap
page read and write
7FF55731B000
unkown
page readonly
D10000
heap
page read and write
46F0000
unkown
page read and write
2AA1000
heap
page read and write
5AB25FE000
unkown
page readonly
2B17168B000
heap
page read and write
3828000
heap
page read and write
50CC000
heap
page read and write
DB4000
unkown
page write copy
1F4D8560000
heap
page read and write
1ED0000
heap
page read and write
104B0000
unkown
page read and write
10610000
unkown
page read and write
3249000
unkown
page read and write
9CDC000
stack
page read and write
104B0000
unkown
page read and write
F0B8000
unkown
page read and write
888000
heap
page read and write
B214BFD000
stack
page read and write
3540000
heap
page read and write
B656CF9000
stack
page read and write
8960000
unkown
page read and write
37EA000
heap
page read and write
2CE4000
heap
page read and write
10610000
unkown
page read and write
384D000
heap
page read and write
4A10000
heap
page read and write
238A0902000
heap
page read and write
2A4E2BC0000
heap
page read and write
2CE4000
heap
page read and write
A3095FE000
stack
page read and write
107AA000
unkown
page read and write
238A084A000
heap
page read and write
12990000
unkown
page read and write
4CAB000
heap
page read and write
8960000
unkown
page read and write
1F4D86E9000
heap
page read and write
50A5000
heap
page read and write
7FF557627000
unkown
page readonly
4397000
heap
page read and write
C0FB000
unkown
page read and write
F0C9000
unkown
page read and write
4FC3000
heap
page read and write
1F4D8F53000
heap
page read and write
4460000
heap
page read and write
CC0000
heap
page read and write
7140000
unkown
page read and write
37E6000
heap
page read and write
7FF5575BF000
unkown
page readonly
C510000
unkown
page read and write
11531000
unkown
page read and write
1F4D876D000
heap
page read and write
7FF557393000
unkown
page readonly
107AA000
unkown
page read and write
92B0000
unkown
page read and write
8960000
unkown
page read and write
2D75000
trusted library allocation
page read and write
2F0E000
stack
page read and write
F09E000
unkown
page read and write
7FF557045000
unkown
page readonly
5150000
heap
page read and write
807000
heap
page read and write
24653A02000
heap
page read and write
4F8E000
heap
page read and write
84C000
heap
page read and write
84B000
heap
page read and write
43C4000
heap
page read and write
C3F7000
unkown
page read and write
C1DB000
unkown
page read and write
4DC1000
heap
page read and write
7276000
unkown
page read and write
5A01000
heap
page read and write
C3E7000
unkown
page read and write
34DE000
stack
page read and write
3460000
unkown
page read and write
2AB9000
heap
page read and write
843000
heap
page read and write
C480000
unkown
page read and write
4EF8A7B000
stack
page read and write
438B000
heap
page read and write
2E0E000
stack
page read and write
1B899B5F000
heap
page read and write
2A4E2D15000
trusted library allocation
page read and write
54BC000
heap
page read and write
5CA000
heap
page read and write
2A4E2C37000
heap
page read and write
97F0000
unkown
page read and write
4DA8000
heap
page read and write
1B899237000
heap
page read and write
1F4D8F82000
heap
page read and write
12990000
unkown
page read and write
7FF556FFF000
unkown
page readonly
F0AF000
unkown
page read and write
24653C00000
heap
page read and write
4EF857E000
unkown
page readonly
9E0F000
stack
page read and write
2E30000
direct allocation
page read and write
995E000
stack
page read and write
17993B02000
heap
page read and write
2950000
heap
page read and write
F0BE000
unkown
page read and write
23A2000
heap
page read and write
8930000
unkown
page read and write
8960000
unkown
page read and write
1F4D9682000
heap
page read and write
50B1000
heap
page read and write
44AC000
heap
page read and write
50CC000
heap
page read and write
6D88000
heap
page read and write
1F4D9802000
heap
page read and write
238E000
heap
page read and write
1F4D9752000
heap
page read and write
1F4D8F2F000
heap
page read and write
7FF5571A1000
unkown
page readonly
D3D000
heap
page read and write
515C000
heap
page read and write
104B0000
unkown
page read and write
F071000
unkown
page read and write
2EA0000
heap
page read and write
B2151FE000
unkown
page readonly
4369000
heap
page read and write
833000
heap
page read and write
2C63000
trusted library allocation
page read and write
2CE4000
heap
page read and write
104B0000
unkown
page read and write
6EE06000
unkown
page readonly
716B000
unkown
page read and write
238A0740000
heap
page read and write
F0B6000
unkown
page read and write
C1DF000
unkown
page read and write
5D9000
heap
page read and write
6597E7E000
stack
page read and write
C721000
unkown
page read and write
AC70000
unkown
page read and write
2AA4000
heap
page read and write
1E0D127F000
heap
page read and write
1F4D874C000
heap
page read and write
1F4D8F0E000
heap
page read and write
447F000
heap
page read and write
443F000
heap
page read and write
7FF5573EA000
unkown
page readonly
F182000
heap
page read and write
1F4D96B9000
heap
page read and write
2A4E3000000
heap
page read and write
C788000
unkown
page read and write
1F4D9923000
heap
page read and write
A8DC000
unkown
page read and write
7FF55714D000
unkown
page readonly
C792000
unkown
page read and write
5A7D000
heap
page read and write
4F0000
direct allocation
page read and write
2B0F000
unkown
page read and write
62B000
heap
page read and write
1F4D9933000
heap
page read and write
1F4D8F0E000
heap
page read and write
AC8B5A9000
stack
page read and write
580D000
heap
page read and write
50A5000
heap
page read and write
820000
heap
page read and write
2390000
heap
page read and write
7FF557617000
unkown
page readonly
1B899190000
trusted library allocation
page read and write
4455000
heap
page read and write
B214FFE000
unkown
page readonly
2B60000
heap
page read and write
A22F000
unkown
page read and write
1F4D8F2E000
heap
page read and write
1F4D8F5B000
heap
page read and write
C700000
unkown
page read and write
82F000
heap
page read and write
4460000
heap
page read and write
2DCE000
stack
page read and write
43A9000
heap
page read and write
11802000
unkown
page read and write
4EF7E7E000
unkown
page readonly
F07E000
unkown
page read and write
2B171692000
heap
page read and write
6597C7B000
stack
page read and write
839000
heap
page read and write
8980000
unkown
page read and write
F0AE000
unkown
page read and write
1F4D9904000
heap
page read and write
E7D267E000
unkown
page readonly
2CE4000
heap
page read and write
8330000
unkown
page readonly
4E0000
direct allocation
page read and write
C22B000
unkown
page read and write
8AE6000
unkown
page read and write
13AA000
unkown
page execute and read and write
24FA8661000
heap
page read and write
92B0000
unkown
page read and write
1F4D8F5B000
heap
page read and write
2D19000
trusted library allocation
page read and write
3961000
trusted library allocation
page read and write
92B0000
unkown
page read and write
647000
heap
page read and write
1F4D990A000
heap
page read and write
12710000
unkown
page read and write
115F2000
unkown
page read and write
107AA000
unkown
page read and write
9760000
unkown
page read and write
50C1000
heap
page read and write
A225000
unkown
page read and write
4D9D000
heap
page read and write
2CE4000
heap
page read and write
2D80000
heap
page read and write
7FF557352000
unkown
page readonly
AC70000
unkown
page read and write
89D000
heap
page read and write
EF44AFE000
stack
page read and write
1300D000
stack
page read and write
1B899150000
heap
page read and write
1F4D9935000
heap
page read and write
31B0000
heap
page read and write
2B171697000
heap
page read and write
F082000
unkown
page read and write
2A4E2D02000
trusted library allocation
page read and write
5506000
heap
page read and write
12710000
unkown
page read and write
7FF5575C5000
unkown
page readonly
AC90000
unkown
page read and write
855000
heap
page read and write
2390000
heap
page read and write
B040000
unkown
page readonly
AC90000
unkown
page read and write
B6AA000
stack
page read and write
3806000
heap
page read and write
9760000
unkown
page read and write
3213000
stack
page read and write
7FF556F9E000
unkown
page readonly
1F4D8679000
heap
page read and write
7FF556E85000
unkown
page readonly
5708000
heap
page read and write
3849000
heap
page read and write
F0BA000
unkown
page read and write
8970000
unkown
page read and write
2A4E2C3B000
unkown
page read and write
7FF55702F000
unkown
page readonly
1F4D8F07000
heap
page read and write
1F4D8F84000
heap
page read and write
32B9000
unkown
page read and write
104B0000
unkown
page read and write
24FA864D000
heap
page read and write
C1DB000
unkown
page read and write
12990000
unkown
page read and write
2BAF000
stack
page read and write
1F4D9907000
heap
page read and write
43AC000
heap
page read and write
8D98000
unkown
page read and write
1F4D9734000
heap
page read and write
445D000
heap
page read and write
7FF557554000
unkown
page readonly
889000
heap
page read and write
1F4D9802000
heap
page read and write
43A9000
heap
page read and write
8980000
unkown
page read and write
7FF5570B5000
unkown
page readonly
AC70000
unkown
page read and write
1F4D9902000
heap
page read and write
1F4D8F7D000
heap
page read and write
5A0000
heap
page read and write
1F4D8678000
heap
page read and write
A3094FE000
unkown
page readonly
2388000
heap
page read and write
50A0000
heap
page read and write
B28577E000
stack
page read and write
9760000
unkown
page read and write
104B0000
unkown
page read and write
1F4D8F5B000
heap
page read and write
44AC000
heap
page read and write
1F4D8F10000
heap
page read and write
2A91000
heap
page read and write
238A0860000
heap
page read and write
7FF556E17000
unkown
page readonly
7FF5570CF000
unkown
page readonly
2C06000
stack
page read and write
1F4D9900000
heap
page read and write
43C0000
heap
page read and write
856000
heap
page read and write
355B000
heap
page read and write
C7A1000
unkown
page read and write
1F4D8F40000
heap
page read and write
72FE000
unkown
page read and write
1F4D9713000
heap
page read and write
1F4D9779000
heap
page read and write
1F4D9916000
heap
page read and write
1E0D1200000
heap
page read and write
21F37A02000
trusted library allocation
page read and write
5157000
heap
page read and write
8960000
unkown
page read and write
F074000
unkown
page read and write
443D000
heap
page read and write
1F4D8F0F000
heap
page read and write
7FF557535000
unkown
page readonly
1F4D8E00000
heap
page read and write
861000
heap
page read and write
8C59000
stack
page read and write
43AC000
heap
page read and write
F07D000
unkown
page read and write
2D00000
heap
page read and write
7160000
unkown
page read and write
8930000
unkown
page read and write
2CE4000
heap
page read and write
2AD2000
heap
page read and write
50CE000
stack
page read and write
1F4D874C000
heap
page read and write
2AAB000
heap
page read and write
2CE4000
heap
page read and write
F06F000
unkown
page read and write
10610000
unkown
page read and write
1B89B002000
heap
page read and write
507B000
heap
page read and write
7FF556E13000
unkown
page readonly
437A000
heap
page read and write
5AB22FE000
unkown
page readonly
383F000
heap
page read and write
107AA000
unkown
page read and write
3547000
heap
page read and write
1F4D8F90000
heap
page read and write
D32000
heap
page read and write
B2147FE000
unkown
page readonly
26C8000
heap
page read and write
7FF556FC4000
unkown
page readonly
7FF5575AB000
unkown
page readonly
238A07A0000
remote allocation
page read and write
12990000
unkown
page read and write
8EDD000
unkown
page read and write
108B0000
unkown
page read and write
CBD000
trusted library allocation
page execute and read and write
85B000
heap
page read and write
4D9A000
heap
page read and write
5096000
heap
page read and write
92B0000
unkown
page read and write
21F37220000
heap
page read and write
2A4E2C94000
heap
page read and write
83D000
heap
page read and write
4384000
heap
page read and write
C00000
heap
page read and write
2B1D000
trusted library allocation
page read and write
C59A000
unkown
page read and write
105D3000
direct allocation
page read and write
D12EA7B000
stack
page read and write
7FF557568000
unkown
page readonly
4F8E000
heap
page read and write
1F4D9713000
heap
page read and write
833000
heap
page read and write
5004000
heap
page read and write
4393000
heap
page read and write
1F4D990B000
heap
page read and write
C328000
unkown
page read and write
1F4D8F5A000
heap
page read and write
F07E000
unkown
page read and write
7FF55745B000
unkown
page readonly
1F4D960A000
heap
page read and write
2ACC000
stack
page read and write
90F2000
unkown
page read and write
2CE4000
heap
page read and write
7ED000
heap
page read and write
A3096FE000
unkown
page readonly
233C4800000
direct allocation
page read and write
420000
unkown
page write copy
97F0000
unkown
page read and write
8960000
unkown
page read and write
4EE0000
heap
page read and write
8960000
unkown
page read and write
104B0000
unkown
page read and write
233C0890000
heap
page read and write
499C000
stack
page read and write
4E0000
direct allocation
page read and write
8970000
unkown
page read and write
1F4D9699000
heap
page read and write
4384000
heap
page read and write
1B899B76000
heap
page read and write
7E6000
heap
page read and write
4460000
heap
page read and write
10610000
unkown
page read and write
97F0000
unkown
page read and write
8BD9000
stack
page read and write
8930000
unkown
page read and write
F084000
unkown
page read and write
1E0D1080000
heap
page read and write
24FA8627000
heap
page read and write
3846000
heap
page read and write
4EF897E000
unkown
page readonly
C24F000
unkown
page read and write
7FF5570E7000
unkown
page readonly
13A0000
unkown
page write copy
BBD0000
unkown
page readonly
77F0000
unkown
page read and write
B2149FE000
stack
page read and write
12710000
unkown
page read and write
8960000
unkown
page read and write
864000
heap
page read and write
104B0000
unkown
page read and write
88E000
heap
page read and write
2A4E2BF0000
trusted library allocation
page read and write
1F4D8F95000
heap
page read and write
2A4E2C7F000
heap
page read and write
C063000
unkown
page read and write
1F4D8F0E000
heap
page read and write
2220D750000
heap
page read and write
1F4D96A0000
heap
page read and write
C2D3000
unkown
page read and write
460000
heap
page read and write
57D1000
heap
page read and write
1F4D876D000
heap
page read and write
2A4E2C00000
unkown
page read and write
2E5B000
heap
page execute and read and write
2396000
heap
page read and write
8970000
unkown
page read and write
F00000
trusted library allocation
page read and write
1C67CE48000
heap
page read and write
2CE4000
heap
page read and write
7FF55704A000
unkown
page readonly
7DF468991000
unkown
page execute read
B2143FD000
stack
page read and write
43CE000
heap
page read and write
1F4D8F56000
heap
page read and write
7185000
unkown
page read and write
21F37446000
heap
page read and write
A8DC000
unkown
page read and write
2994000
trusted library allocation
page read and write
2E12000
heap
page read and write
2F20000
unkown
page read and write
2C65000
trusted library allocation
page read and write
A3091FE000
stack
page read and write
472C000
unkown
page read and write
1F4D8F86000
heap
page read and write
F082000
unkown
page read and write
717E000
unkown
page read and write
8F09000
unkown
page read and write
238C000
heap
page read and write
1F4D8F63000
heap
page read and write
43B4000
heap
page read and write
F6C000
stack
page read and write
3100000
heap
page read and write
7FF557083000
unkown
page readonly
44AC000
heap
page read and write
29C1000
trusted library allocation
page read and write
5379000
heap
page read and write
97F0000
unkown
page read and write
8960000
unkown
page read and write
10610000
unkown
page read and write
F082000
unkown
page read and write
1F4D8F32000
heap
page read and write
37DF000
heap
page read and write
10610000
unkown
page read and write
354A000
heap
page read and write
439D000
heap
page read and write
There are 3555 hidden memdumps, click here to show them.