Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
a2e-enterprise.26.3.3677.2903.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Add2Exchange Enterprise Guide.pdf
|
PDF document, version 1.7
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Add2ExchangeSetup.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Create Time/Date: Mon Jun 21
08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number
of Pages: 200, Revision Number: {6CC5F0A5-DD20-463B-A745-23226EA64FC9}, Title: Add2Exchange Setup, Subject: Add2Exchange,
Author: Advantage International, Comments: A Microsoft Exchange Server synchronization program., Number of Words: 2, Last
Saved Time/Date: Mon Mar 11 15:43:44 2024, Last Printed: Mon Mar 11 15:43:44 2024
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\EULA\Add2Exchange EULA.pdf
|
PDF document, version 1.7, 6 pages
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\EULA\Add2Exchange EULA.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\First_Time_Installer.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Links\Request Support for DidItBetter.url
|
Generic INItialization configuration [InternetShortcut]
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\O365Outlook32\Outlook_Installer.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\O365Outlook32\Setup Files\Office365_Pro_Retailx64_Configuration.xml
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\O365Outlook32\Setup Files\Office365_Pro_Retailx86_Configuration.xml
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\O365Outlook32\Setup Files\Pro_Retailx64.cmd
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\O365Outlook32\Setup Files\Pro_Retailx86.cmd
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\O365Outlook32\Setup Files\setup.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup.zip
|
Zip archive data, at least v2.0 to extract, compression method=store
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\A2E_Auto_Migration.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\A2E_Directory.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\A2E_MMC.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\A2E_Permissions_Commands.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\A2E_SQL_Backup.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\A2E_Setup_Details.ps1
|
Non-ISO extended-ASCII text, with very long lines (485), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Add2Outlook_Set_Granular_permissions.ps1
|
Non-ISO extended-ASCII text, with very long lines (355), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Permissions_Task_Creation.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Scripts\2010-2019_All_Permissions.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Scripts\2010-2019_Dist_List_Permissions.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Scripts\2010-2019_Dynamic_Distribution.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Scripts\Office365_All_Permissions.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Scripts\Office365_Dist_List_Permissions.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Scripts\Office365_Dynamic_Distribution.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Scripts\Shell_Permissions.ps1
|
Non-ISO extended-ASCII text, with very long lines (355), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Scripts\Stand_Alone_DyanmicDistList_Task.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Permissions_Portable\Scripts\Stand_Alone_Dynamic_Distribution_List.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Upgrade_Add2Exchange.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Upgrade_Add2Outlook.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Upgrade_RMM.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Auto_Upgrade_ToolKit.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Autologon.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Bypass_AutoDiscover.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\DiditBetter_Support_Menu.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Dir_Sync.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Disable_Modern_Authentication.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Disable_Outlook_Updates.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Disable_UAC.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\EXModule_dotNET_Update.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Export_ADPhoto.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Export_License_and_Profile1.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\First_Time_Installer.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\GP_Results.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Get_Diags.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Legacy_PowerShell.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\MSExchangeDelegation.ps1
|
ISO-8859 text, with very long lines (321), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\OSC_Disable.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Office_Updater.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Outlook_Installer.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Outlook_Profile_Set.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Outlook_Tools_Menu.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\PermissionsOnPremOrO365Combined.ps1
|
Non-ISO extended-ASCII text, with very long lines (355), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Permissions_Task_Creation.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Post_A2E_Migration.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Public _Folder_to_Address_Book.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\REARM_Office.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Registry_Favorites.ps1
|
ISO-8859 text, with very long lines (342), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Reset_A2E_Password.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\SQL_Firewall_Rules.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\SQL_Upgrade_Files\SQL12x_to_SQL12xSP4.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\SQL_Upgrade_Files\SQL12x_to_SQL22x.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\SQL_Upgrade_Files\SQL17x_to_SQL22x.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\SQL_Upgrade_Files\SQL8x_to_SQL12x.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\SQL_Upgrade_Files\SQL8x_to_SQL8xSP4.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\SQL_Upgrade_Files\SQLExpress_Main_2022_Upgrade.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\SQL_Upgrade_Files\SQL_Management_Studio_Quiet_Install.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Scheduled_Update_Add2Exchange.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Setup Files\Office365_Pro_Retailx64_Configuration.xml
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Setup Files\Office365_Pro_Retailx86_Configuration.xml
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Setup Files\Pro_Retailx64.cmd
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Setup Files\Pro_Retailx86.cmd
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Setup Files\setup.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Shell_Into_Exchange.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Shell_Permissions.ps1
|
Non-ISO extended-ASCII text, with very long lines (355), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Timed Permissions\2010-2019_All_Permissions.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Timed Permissions\2010-2019_Dist_List_Permissions.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Timed Permissions\2010-2019_Dynamic_Distribution.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Timed Permissions\Office365_All_Permissions.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Timed Permissions\Office365_Dist_List_Permissions.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Timed Permissions\Office365_Dynamic_Distribution.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Timed Permissions\Stand_Alone_DyanmicDistList_Task.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Timed Permissions\Stand_Alone_Dynamic_Distribution_List.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Timed_A2E_SQL_Backup.ps1
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\Windows_Defender_Exclusions.ps1
|
ISO-8859 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Setup\shell.ps1
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Tools\Logging\gollevel.xtx
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Tools\Mapi\ExchangeMapiCdo.MSI
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Messaging API and Collaboration Data Objects 1.2.1 v6.5.8320.0, Author: Microsoft, Keywords: Installer,
Template: Intel;1033, Revision Number: {EB06CAF7-FF9E-4e70-B2DC-20D0B3E4A188}, Create Time/Date: Mon Apr 29 10:13:53 2013,
Last Saved Time/Date: Mon Apr 29 10:13:53 2013, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows
Installer XML (candle/light), Security: 1
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Tools\OutlookTools\Autodiscover\365autodiscoverOutlook13.reg
|
Windows Registry text (Win2K or above)
|
dropped
|
||
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903\Tools\OutlookTools\Autodiscover\365autodiscoverOutlook16.reg
|
Windows Registry text (Win2K or above)
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 84 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903.exe
|
C:\Users\user\Desktop\a2e-enterprise.26.3.3677.2903.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://s3.amazonaws.com/dl.diditbetter.com
|
unknown
|
||
|
https://s3.amazonaws.com/guides.diditbetter.com/Migrating_A2E_Sync_Scenarios.pdf
|
unknown
|
||
|
https://support.DidItBetter.com/
|
unknown
|
||
|
http://support.diditbetter.com/disable-group-policy.aspx
|
unknown
|
||
|
https://s3.amazonaws.com/guides.diditbetter.com/Add2Exchange_Guide.pdf
|
unknown
|
||
|
https://s3.amazonaws.com/dl.diditbetter.com/
|
unknown
|
||
|
http://support.diditbetter.com/Secure/Login.aspx?returnurl=/downloads.aspx
|
unknown
|
||
|
https://s3.amazonaws.com/dl.diditbetter.com/A2EDiags-2.3.exe
|
unknown
|
||
|
https://s3.amazonaws.com/guides.diditbetter.com/Private_to_Private_Sync_Scenarios.pdf
|
unknown
|
||
|
https://s3.amazonaws.com/guides.diditbetter.com/Private_to_Public_Sync_Scenarios.pdf
|
unknown
|
||
|
http://www.DidITbetter.com
|
unknown
|
||
|
https://s3.amazonaws.com/guides.diditbetter.com/Migrating_Environments_A2E_Sync_Scenarios.pdf
|
unknown
|
||
|
https://s3.amazonaws.com/guides.diditbetter.com/Template_Creation_RGM_Sync_Scenarios.pdf
|
unknown
|
||
|
http://www.sysinternals.com
|
unknown
|
||
|
https://s3.amazonaws.com/guides.diditbetter.com/Public_to_Public_Sync_Scenarios.pdf
|
unknown
|
||
|
https://support.diditbetter.com/support-request.aspx
|
unknown
|
||
|
https://aka.ms/ssmsfullsetup
|
unknown
|
||
|
http://www.sysinternals.comopenThe
|
unknown
|
||
|
https://s3.amazonaws.com/guides.diditbetter.com/Public_to_Private_Sync_Scenarios.pdf
|
unknown
|
||
|
https://support.diditbetter.com/downloads.aspx
|
unknown
|
||
|
http://127.0.0.1:13556/HosterIdentityHttpLogWriterEndpointInsiderSlabBehaviorProviderLabMachineLangT
|
unknown
|
||
|
http://www.DidITBetter.com/Solutions/Add2Exchange/Overview.aspARPHELPLINKAdvantage
|
unknown
|
||
|
https://s3.amazonaws.com/guides.diditbetter.com/GAL_Sync_Scenario.pdf
|
unknown
|
||
|
http://support.diditbetter.com/support-request.aspx
|
unknown
|
There are 14 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
unkown
|
page readonly
|
||
|
422000
|
unkown
|
page write copy
|
||
|
9C000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2C07000
|
heap
|
page read and write
|
||
|
41D000
|
unkown
|
page readonly
|
||
|
2207000
|
heap
|
page read and write
|
||
|
423000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
71E000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
321C000
|
heap
|
page read and write
|
||
|
6C0000
|
direct allocation
|
page read and write
|
||
|
41D000
|
unkown
|
page readonly
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2626000
|
heap
|
page read and write
|
||
|
2B14000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
422000
|
unkown
|
page write copy
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
21F6000
|
heap
|
page read and write
|
||
|
69F000
|
stack
|
page read and write
|
||
|
428000
|
unkown
|
page readonly
|
||
|
2207000
|
heap
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
3219000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
71A000
|
heap
|
page read and write
|
||
|
428000
|
unkown
|
page readonly
|
||
|
90F000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
2204000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
There are 26 hidden memdumps, click here to show them.