Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rkn.log.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\apt66ext[1].log
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\apt66ext.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PIL\_imaging.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PIL\_imagingcms.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PIL\_imagingft.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PIL\_imagingtk.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PIL\_webp.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\QtCore.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\QtGui.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\QtWidgets.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\platforms\qminimal.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\platforms\qoffscreen.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\platforms\qwebgl.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\printsupport\windowsprintersupport.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\sip.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_asyncio.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_bz2.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_cffi_backend.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_ctypes.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_decimal.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_elementtree.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_hashlib.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_lzma.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_multiprocessing.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_overlapped.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_queue.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_socket.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_ssl.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\_tkinter.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\concrt140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\cv2\cv2.pyd
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\libfreetype-6.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\libjpeg-9.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\libpng16-16.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\core\_multiarray_tests.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\core\_multiarray_umath.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\fft\_pocketfft_internal.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\linalg\_umath_linalg.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\linalg\lapack_lite.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\random\_bounded_integers.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\random\_common.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\random\_generator.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\random\_mt19937.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\random\_pcg64.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\random\_philox.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\random\_sfc64.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\random\bit_generator.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\numpy\random\mtrand.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pyexpat.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\_freetype.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\base.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\bufferproxy.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\color.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\constants.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\display.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\draw.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\event.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\font.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\image.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\imageext.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\joystick.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\key.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\mask.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\math.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\mixer.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\mixer_music.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\mouse.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\pixelarray.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\pixelcopy.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\rect.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\rwobject.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\scrap.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\surface.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\surflock.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\time.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\pygame\transform.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\python3.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\python37.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5dbus.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5printsupport.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\sdl2.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\sdl2_image.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\sdl2_mixer.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\sdl2_ttf.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\select.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\staged_out.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\unicodedata.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\vcruntime140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\zlib1.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2ae2084c-08f1-45a4-b202-25788e08d35e.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6384
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 19
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\unity[1].pdf
|
PDF document, version 1.7, 4 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSId101a.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-05 00-48-53-615.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\28d854e8-d7cf-4df2-9de2-c275cb69ebf2.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\a1bae895-bd89-4946-8139-5b33837f980e.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\ad329d6e-d6e8-49af-a2e7-b8c3bea700d5.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\e1256416-f0a7-411f-a487-cc86afe48c28.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\iconengines\qsvgicon.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\imageformats\qgif.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\imageformats\qicns.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\imageformats\qico.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\imageformats\qjpeg.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\imageformats\qsvg.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\imageformats\qtga.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\imageformats\qtiff.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\imageformats\qwbmp.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\imageformats\qwebp.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\mediaservice\dsengine.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\mediaservice\wmfengine.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\platforms\qwindows.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\libcrypto-1_1.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\libeay32.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\libssl-1_1.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\msvcp140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\msvcp140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5core.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5gui.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5multimedia.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5network.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5qml.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5qmlmodels.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5quick.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5svg.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5websockets.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\qt5widgets.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\ssleay32.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\tcl86t.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\tk86t.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\vcruntime140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\unity.pdf
|
PDF document, version 1.7, 4 pages
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 160 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\rkn.log.exe
|
"C:\Users\user\Desktop\rkn.log.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\apt66ext.exe
|
"C:\Users\user\AppData\Local\Temp\apt66ext.exe"
|
|
|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\unity.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2072 --field-trial-handle=1664,i,2083842070607392695,600635408370004689,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_5264_133646285321448385\staged_out.exe
|
"C:\Users\user\AppData\Local\Temp\apt66ext.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://121.127.33.39/apt66ext.logIL
|
unknown
|
||
|
https://onnx.ai/)
|
unknown
|
||
|
http://caffe.berkeleyvision.org/)
|
unknown
|
||
|
http://www.scipy.org/not/real/data.txt
|
unknown
|
||
|
http://www.megginson.com/SAX/.
|
unknown
|
||
|
http://torch.ch/)
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/19634cv::mjpeg::MjpegEncoder::MjpegEncodercv::mjpeg::MotionJ
|
unknown
|
||
|
https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp
|
unknown
|
||
|
https://web.archive.org/web/20170802060935/http://oss.sgi.com/projects/ogl-sample/registry/EXT/textu
|
unknown
|
||
|
http://121.127.33.39/apt66ext.log
|
121.127.33.39
|
||
|
https://numpy.org/neps/nep-0032-remove-financial-functions.html
|
unknown
|
||
|
http://docs.python.org/library/unittest.html
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/6293
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/16739
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/16736
|
unknown
|
||
|
https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdf
|
unknown
|
||
|
https://github.com/torch/nn/blob/master/doc/module.md
|
unknown
|
||
|
https://refspecs.linuxfoundation.org/elf/gabi4
|
unknown
|
||
|
https://www.littlecms.com
|
unknown
|
||
|
http://curl.haxx.se/rfc/cookie_spec.html
|
unknown
|
||
|
http://speleotrove.com/decimal/decarith.html
|
unknown
|
||
|
http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
|
unknown
|
||
|
http://www.gdal.org/ogr_formats.html).
|
unknown
|
||
|
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr7
|
unknown
|
||
|
https://github.com/numpy/numpy/issues/8577
|
unknown
|
||
|
http://arxiv.org/abs/1805.10941.
|
unknown
|
||
|
http://json.org
|
unknown
|
||
|
https://stackoverflow.com/questions/7648200/pip-install-pil-e-tickets-1-no-jpeg-png-support
|
unknown
|
||
|
https://www.tensorflow.org/)
|
unknown
|
||
|
http://xml.python.org/entities/fragment-builder/internalz
|
unknown
|
||
|
https://exiv2.org/tags.html)
|
unknown
|
||
|
http://mathworld.wolfram.com/NegativeBinomialDistribution.html
|
unknown
|
||
|
https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/OCRHMM_transitions_table.x
|
unknown
|
||
|
https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf
|
unknown
|
||
|
https://www.pygame.org/contribute.html
|
unknown
|
||
|
http://www.cl.cam.ac.uk/~mgk25/iso-time.html
|
unknown
|
||
|
http://www.oasis-open.org/committees/documents.php
|
unknown
|
||
|
http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html
|
unknown
|
||
|
https://github.com/pypa/packagingz
|
unknown
|
||
|
https://github.com/opencv/opencv_contrib/issues/2235
|
unknown
|
||
|
https://github.com/numpy/numpy/issues/4763
|
unknown
|
||
|
http://mathworld.wolfram.com/CauchyDistribution.html
|
unknown
|
||
|
http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).COLOR_SPACE_Lab_D75_2MORPH_CROSSCAP_PROP_DC1394
|
unknown
|
||
|
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.476.5736&rep=rep1&type=pdf
|
unknown
|
||
|
http://graphics.berkeley.edu/papers/Tao-SAN-2012-05/
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://onnx.ai/
|
unknown
|
||
|
https://software.intel.com/openvino-toolkit)
|
unknown
|
||
|
http://caffe.berkeleyvision.org
|
unknown
|
||
|
https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-module
|
unknown
|
||
|
https://github.com/jaraco/jaraco.functools/issues/5
|
unknown
|
||
|
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
|
unknown
|
||
|
https://pypi.org/project/numpy-financial.
|
unknown
|
||
|
https://www.numpy.org/neps/nep-0001-npy-format.html
|
unknown
|
||
|
https://mahler:8092/site-updates.py
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:
|
unknown
|
||
|
https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/cornersQualityOOOO
|
unknown
|
||
|
https://github.com/asweigart/pygetwindow
|
unknown
|
||
|
https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
|
unknown
|
||
|
https://mouseinfo.readthedocs.io
|
unknown
|
||
|
https://www.cazabon.com
|
unknown
|
||
|
http://www.cs.tut.fi/~foi/GCF-BM3D/BM3D_TIP_2007.pdf
|
unknown
|
||
|
http://www.google.com/index.html
|
unknown
|
||
|
https://github.com/openvinotoolkit/open_model_zoo/blob/master/models/public/yolo-v2-tiny-tf/yolo-v2-
|
unknown
|
||
|
http://tip.tcl.tk/48)
|
unknown
|
||
|
https://github.com/python/cpython/blob/3.7/Objects/listsort.txt
|
unknown
|
||
|
http://pracrand.sourceforge.net/RNG_engines.txt
|
unknown
|
||
|
http://xml.org/sax/features/namespacesz.http://xml.org/sax/features/namespace-prefixesz
|
unknown
|
||
|
http://121.127.33.39/unity.pdfapt66ext.exehttp://121.127.33.39/apt66ext.logapt66.exemsupdate.exeC
|
unknown
|
||
|
https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf
|
unknown
|
||
|
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.131.6394
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/21326
|
unknown
|
||
|
http://www.iana.org/time-zones/repository/tz-link.html
|
unknown
|
||
|
http://docs.python.org/library/itertools.html#recipes
|
unknown
|
||
|
http://www.ipol.im/pub/algo/bcm_non_local_means_denoising
|
unknown
|
||
|
https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
|
unknown
|
||
|
https://www.openblas.net/
|
unknown
|
||
|
http://121.127.33.39/apt66ext.logCL
|
unknown
|
||
|
http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
|
unknown
|
||
|
https://tinyurl.com/y3dm3h86
|
unknown
|
||
|
http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
|
unknown
|
||
|
http://www.ipol.im/pub/art/2011/ys-dct/
|
unknown
|
||
|
https://arxiv.org/abs/1704.04503
|
unknown
|
||
|
https://code.google.com/archive/p/casadebender/wikis/Win32IconImagePlugin.wiki
|
unknown
|
||
|
http://www.ipol.im/pub/algo/bcm_non_local_means_denoising/
|
unknown
|
||
|
http://www.nightmare.com/squirl/python-ext/misc/syslog.py
|
unknown
|
||
|
http://www.pcg-random.org/
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/20833.
|
unknown
|
||
|
http://www.math.sfu.ca/~cbm/aands/page_379.htm
|
unknown
|
||
|
http://www.iana.org/assignments/character-sets
|
unknown
|
||
|
https://people.eecs.berkeley.edu/~wkahan/ieee754status/IEEE754.PDF
|
unknown
|
||
|
http://www.gdal.org/formats_list.html)
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/20833DNN/OpenCL:
|
unknown
|
||
|
http://mathworld.wolfram.com/GammaDistribution.html
|
unknown
|
||
|
https://www.itl.nist.gov/div898/handbook/eda/section3/eda3663.htm
|
unknown
|
||
|
http://www.gdal.org)
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/5412.
|
unknown
|
||
|
http://code.activestate.com/recipes/577916/
|
unknown
|
||
|
https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
|
unknown
|
||
|
https://tinyurl.com/y3dm3h86u
|
unknown
|
There are 90 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
121.127.33.39
|
unknown
|
Afghanistan
|
||
|
23.47.168.24
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6AEE9000
|
unkown
|
page readonly
|
||
|
1E4C7690000
|
heap
|
page read and write
|
||
|
1E4C1C9E000
|
heap
|
page read and write
|
||
|
2B4597B7000
|
heap
|
page read and write
|
||
|
97B000
|
heap
|
page read and write
|
||
|
2B458FD1000
|
heap
|
page read and write
|
||
|
2B459681000
|
heap
|
page read and write
|
||
|
2B440B20000
|
direct allocation
|
page read and write
|
||
|
2B459330000
|
direct allocation
|
page read and write
|
||
|
62E95000
|
unkown
|
page readonly
|
||
|
2B4597B7000
|
heap
|
page read and write
|
||
|
2B459693000
|
heap
|
page read and write
|
||
|
63C000
|
unkown
|
page read and write
|
||
|
633000
|
unkown
|
page write copy
|
||
|
2B45909C000
|
heap
|
page read and write
|
||
|
1C81000
|
unkown
|
page write copy
|
||
|
67898000
|
unkown
|
page readonly
|
||
|
2560000
|
heap
|
page read and write
|
||
|
2B459857000
|
heap
|
page read and write
|
||
|
2B459522000
|
heap
|
page read and write
|
||
|
1E4C7191000
|
heap
|
page read and write
|
||
|
2B4597C3000
|
heap
|
page read and write
|
||
|
71001000
|
unkown
|
page execute read
|
||
|
2B43F2D8000
|
heap
|
page read and write
|
||
|
881000
|
unkown
|
page execute read
|
||
|
2B458FDC000
|
heap
|
page read and write
|
||
|
2B45950E000
|
heap
|
page read and write
|
||
|
2B459AA0000
|
direct allocation
|
page read and write
|
||
|
2B461BB0000
|
direct allocation
|
page read and write
|
||
|
2B461EF0000
|
direct allocation
|
page read and write
|
||
|
2B459018000
|
heap
|
page read and write
|
||
|
2B43F320000
|
direct allocation
|
page read and write
|
||
|
A673BFC000
|
stack
|
page read and write
|
||
|
2B459170000
|
direct allocation
|
page read and write
|
||
|
BFE000
|
stack
|
page read and write
|
||
|
69A33000
|
unkown
|
page readonly
|
||
|
1E4C75CD000
|
heap
|
page read and write
|
||
|
C15F3BF000
|
stack
|
page read and write
|
||
|
2B4597B1000
|
heap
|
page read and write
|
||
|
8F1000
|
unclassified section
|
page execute read
|
||
|
1E4C1C7C000
|
heap
|
page read and write
|
||
|
2B459522000
|
heap
|
page read and write
|
||
|
2B4597B7000
|
heap
|
page read and write
|
||
|
881000
|
unkown
|
page write copy
|
||
|
2B4597B1000
|
heap
|
page read and write
|
||
|
25D6000
|
unkown
|
page write copy
|
||
|
A673AFE000
|
stack
|
page read and write
|
||
|
68B76000
|
unkown
|
page readonly
|
||
|
885000
|
heap
|
page read and write
|
||
|
2B459571000
|
heap
|
page read and write
|
||
|
2B462350000
|
direct allocation
|
page read and write
|
||
|
2B459AA0000
|
direct allocation
|
page read and write
|
||
|
2B43F283000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
1E4C1C61000
|
heap
|
page read and write
|
||
|
2B4596DD000
|
heap
|
page read and write
|
||
|
1E4C3F91000
|
heap
|
page read and write
|
||
|
1E4C1C93000
|
heap
|
page read and write
|
||
|
6A8A6000
|
unkown
|
page readonly
|
||
|
3BC000
|
stack
|
page read and write
|
||
|
631000
|
unkown
|
page execute read
|
||
|
2B43E9EC000
|
heap
|
page read and write
|
||
|
2B459574000
|
heap
|
page read and write
|
||
|
7FF76F141000
|
unkown
|
page execute read
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
2B46203F000
|
heap
|
page read and write
|
||
|
2B4597C3000
|
heap
|
page read and write
|
||
|
2B43F2D8000
|
heap
|
page read and write
|
||
|
62E9E000
|
unkown
|
page readonly
|
||
|
2B4597C3000
|
heap
|
page read and write
|
||
|
2B440EC0000
|
direct allocation
|
page read and write
|
||
|
1E4C77B1000
|
heap
|
page read and write
|
||
|
2B459400000
|
direct allocation
|
page read and write
|
||
|
7FF679D31000
|
unkown
|
page read and write
|
||
|
7FF679D00000
|
unkown
|
page readonly
|
||
|
2B459574000
|
heap
|
page read and write
|
||
|
2B43E9D7000
|
heap
|
page read and write
|
||
|
2B4597B1000
|
heap
|
page read and write
|
||
|
6A880000
|
unkown
|
page readonly
|
||
|
2B45909C000
|
heap
|
page read and write
|
||
|
2B43EA7A000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
2B4594A0000
|
heap
|
page read and write
|
||
|
1E4C74D8000
|
heap
|
page read and write
|
||
|
94F000
|
heap
|
page read and write
|
||
|
2B43EA65000
|
heap
|
page read and write
|
||
|
1E4C76E2000
|
heap
|
page read and write
|
||
|
1E4C5D91000
|
heap
|
page read and write
|
||
|
2B459857000
|
heap
|
page read and write
|
||
|
7100B000
|
unkown
|
page readonly
|
||
|
2B4594E9000
|
heap
|
page read and write
|
||
|
2B461F60000
|
trusted library allocation
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
2B43F2A8000
|
heap
|
page read and write
|
||
|
969000
|
heap
|
page read and write
|
||
|
678A6000
|
unkown
|
page write copy
|
||
|
2B459875000
|
heap
|
page read and write
|
||
|
2B459530000
|
heap
|
page read and write
|
||
|
7FF679D2E000
|
unkown
|
page write copy
|
||
|
1E4C1CA3000
|
heap
|
page read and write
|
||
|
2B43F020000
|
direct allocation
|
page read and write
|
||
|
1E4C752D000
|
heap
|
page read and write
|
||
|
2B4591B0000
|
direct allocation
|
page read and write
|
||
|
2B459062000
|
heap
|
page read and write
|
||
|
2B459574000
|
heap
|
page read and write
|
||
|
2B43EF60000
|
direct allocation
|
page read and write
|
||
|
2B4596DD000
|
heap
|
page read and write
|
||
|
2B43E900000
|
heap
|
page read and write
|
||
|
69A01000
|
unkown
|
page execute read
|
||
|
2B459062000
|
heap
|
page read and write
|
||
|
7FF76E741000
|
unkown
|
page execute read
|
||
|
2B4623F0000
|
direct allocation
|
page read and write
|
||
|
7FF679D3F000
|
unkown
|
page readonly
|
||
|
C15D75D000
|
stack
|
page read and write
|
||
|
A6738F6000
|
stack
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
2B45987B000
|
heap
|
page read and write
|
||
|
2B43EA57000
|
heap
|
page read and write
|
||
|
2B43E9EB000
|
heap
|
page read and write
|
||
|
2B459980000
|
direct allocation
|
page read and write
|
||
|
2B459678000
|
heap
|
page read and write
|
||
|
632000
|
unkown
|
page readonly
|
||
|
2B43E9D9000
|
heap
|
page read and write
|
||
|
2B461BF0000
|
direct allocation
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
1E4C765B000
|
heap
|
page read and write
|
||
|
2B43F2AA000
|
heap
|
page read and write
|
||
|
2B459574000
|
heap
|
page read and write
|
||
|
2B458FA7000
|
heap
|
page read and write
|
||
|
1E4C7714000
|
heap
|
page read and write
|
||
|
2B43EFE0000
|
direct allocation
|
page read and write
|
||
|
2B459AA0000
|
direct allocation
|
page read and write
|
||
|
8D0000
|
direct allocation
|
page read and write
|
||
|
6AE81000
|
unkown
|
page execute read
|
||
|
2B43EB95000
|
heap
|
page read and write
|
||
|
A6739FF000
|
stack
|
page read and write
|
||
|
2B43E9EC000
|
heap
|
page read and write
|
||
|
1E4C86DD000
|
heap
|
page read and write
|
||
|
2B459518000
|
heap
|
page read and write
|
||
|
2B459775000
|
heap
|
page read and write
|
||
|
2B462290000
|
direct allocation
|
page read and write
|
||
|
1E4C7532000
|
heap
|
page read and write
|
||
|
2B43E9C9000
|
heap
|
page read and write
|
||
|
1E4C1C37000
|
heap
|
page read and write
|
||
|
633000
|
unkown
|
page read and write
|
||
|
1E4C1C93000
|
heap
|
page read and write
|
||
|
2B43F255000
|
heap
|
page read and write
|
||
|
2B45969A000
|
heap
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
2B4595DD000
|
heap
|
page read and write
|
||
|
C16100E000
|
stack
|
page read and write
|
||
|
6AF15000
|
unkown
|
page write copy
|
||
|
2B43E9B8000
|
heap
|
page read and write
|
||
|
2B461E60000
|
direct allocation
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
2B459143000
|
heap
|
page read and write
|
||
|
2B4597B7000
|
heap
|
page read and write
|
||
|
2B461F50000
|
trusted library allocation
|
page read and write
|
||
|
7FF76F438000
|
unkown
|
page write copy
|
||
|
9AC000
|
heap
|
page read and write
|
||
|
2B43EA4E000
|
heap
|
page read and write
|
||
|
678A2000
|
unkown
|
page read and write
|
||
|
2B4597C3000
|
heap
|
page read and write
|
||
|
1E4C753E000
|
heap
|
page read and write
|
||
|
2B459523000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
2B459B70000
|
direct allocation
|
page read and write
|
||
|
2B43E9D9000
|
heap
|
page read and write
|
||
|
2B43EA51000
|
heap
|
page read and write
|
||
|
AFE000
|
stack
|
page read and write
|
||
|
2B43EA4B000
|
heap
|
page read and write
|
||
|
2B4597C3000
|
heap
|
page read and write
|
||
|
1E4C3591000
|
heap
|
page read and write
|
||
|
73A000
|
stack
|
page read and write
|
||
|
2B459380000
|
direct allocation
|
page read and write
|
||
|
2B45951D000
|
heap
|
page read and write
|
||
|
2C9E000
|
stack
|
page read and write
|
||
|
C15EA4D000
|
stack
|
page read and write
|
||
|
2B459400000
|
direct allocation
|
page read and write
|
||
|
2B458FA7000
|
heap
|
page read and write
|
||
|
2B4594D1000
|
heap
|
page read and write
|
||
|
2B43E9EC000
|
heap
|
page read and write
|
||
|
2B461E10000
|
direct allocation
|
page read and write
|
||
|
2B461B70000
|
direct allocation
|
page read and write
|
||
|
90A000
|
heap
|
page read and write
|
||
|
25AE000
|
stack
|
page read and write
|
||
|
2B4596B7000
|
heap
|
page read and write
|
||
|
2B43F2E0000
|
direct allocation
|
page read and write
|
||
|
2B43E940000
|
heap
|
page read and write
|
||
|
2B45955B000
|
heap
|
page read and write
|
||
|
2B45909C000
|
heap
|
page read and write
|
||
|
2B440C60000
|
direct allocation
|
page read and write
|
||
|
2B45951D000
|
heap
|
page read and write
|
||
|
2B4595DD000
|
heap
|
page read and write
|
||
|
1E4C755E000
|
heap
|
page read and write
|
||
|
6A881000
|
unkown
|
page execute read
|
||
|
7FF679D21000
|
unkown
|
page readonly
|
||
|
2B43E9D9000
|
heap
|
page read and write
|
||
|
1E4C77A0000
|
heap
|
page read and write
|
||
|
34FB000
|
stack
|
page read and write
|
||
|
1E4C1C93000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
2B458FED000
|
heap
|
page read and write
|
||
|
2B459778000
|
heap
|
page read and write
|
||
|
1C81000
|
unkown
|
page execute read
|
||
|
2B4590A2000
|
heap
|
page read and write
|
||
|
2B4597B7000
|
heap
|
page read and write
|
||
|
2B459460000
|
direct allocation
|
page read and write
|
||
|
8F3000
|
unclassified section
|
page readonly
|
||
|
69A40000
|
unkown
|
page read and write
|
||
|
A673DFF000
|
stack
|
page read and write
|
||
|
2B440B20000
|
direct allocation
|
page read and write
|
||
|
68B78000
|
unkown
|
page read and write
|
||
|
6789E000
|
unkown
|
page readonly
|
||
|
2B4590A2000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
630000
|
unkown
|
page readonly
|
||
|
6AF12000
|
unkown
|
page read and write
|
||
|
870000
|
unclassified section
|
page execute and read and write
|
||
|
2B461FB0000
|
direct allocation
|
page read and write
|
||
|
1E4C77F9000
|
heap
|
page read and write
|
||
|
246C000
|
unkown
|
page readonly
|
||
|
2B462250000
|
direct allocation
|
page read and write
|
||
|
7FF679D3F000
|
unkown
|
page readonly
|
||
|
2B43F21E000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
1E4C1C93000
|
heap
|
page read and write
|
||
|
2B459270000
|
direct allocation
|
page read and write
|
||
|
2B43E9D6000
|
heap
|
page read and write
|
||
|
2B459526000
|
heap
|
page read and write
|
||
|
2567000
|
heap
|
page read and write
|
||
|
2B459520000
|
heap
|
page read and write
|
||
|
2B4593C0000
|
direct allocation
|
page read and write
|
||
|
632000
|
unkown
|
page readonly
|
||
|
68B6A000
|
unkown
|
page readonly
|
||
|
1E4C778E000
|
heap
|
page read and write
|
||
|
1281000
|
unkown
|
page execute read
|
||
|
7FF76F402000
|
unkown
|
page readonly
|
||
|
6AF10000
|
unkown
|
page readonly
|
||
|
1E4C1C00000
|
heap
|
page read and write
|
||
|
2B4623B0000
|
direct allocation
|
page read and write
|
||
|
2B4598A0000
|
direct allocation
|
page read and write
|
||
|
35FC000
|
stack
|
page read and write
|
||
|
1E4C94B5000
|
heap
|
page read and write
|
||
|
2B4590A2000
|
heap
|
page read and write
|
||
|
320E000
|
stack
|
page read and write
|
||
|
2B43F267000
|
heap
|
page read and write
|
||
|
1E4C7521000
|
heap
|
page read and write
|
||
|
A673EFB000
|
stack
|
page read and write
|
||
|
2B45902A000
|
heap
|
page read and write
|
||
|
2B4594E8000
|
heap
|
page read and write
|
||
|
7FF679D00000
|
unkown
|
page readonly
|
||
|
2B45952A000
|
heap
|
page read and write
|
||
|
2B4597B1000
|
heap
|
page read and write
|
||
|
2B4597B1000
|
heap
|
page read and write
|
||
|
26AE000
|
stack
|
page read and write
|
||
|
2B4621D0000
|
direct allocation
|
page read and write
|
||
|
2B458F70000
|
heap
|
page read and write
|
||
|
2B461DC0000
|
direct allocation
|
page read and write
|
||
|
2B4592F0000
|
direct allocation
|
page read and write
|
||
|
25D9000
|
unkown
|
page readonly
|
||
|
2B461D80000
|
direct allocation
|
page read and write
|
||
|
2B45951D000
|
heap
|
page read and write
|
||
|
2B43F20E000
|
heap
|
page read and write
|
||
|
68B40000
|
unkown
|
page readonly
|
||
|
2B43F21E000
|
heap
|
page read and write
|
||
|
2B459940000
|
direct allocation
|
page read and write
|
||
|
6A8A2000
|
unkown
|
page read and write
|
||
|
69A00000
|
unkown
|
page readonly
|
||
|
2B43EA62000
|
heap
|
page read and write
|
||
|
2B4596A6000
|
heap
|
page read and write
|
||
|
C15FD2F000
|
stack
|
page read and write
|
||
|
2B43E980000
|
heap
|
page read and write
|
||
|
678A3000
|
unkown
|
page write copy
|
||
|
2B459142000
|
heap
|
page read and write
|
||
|
63D000
|
unkown
|
page readonly
|
||
|
2520000
|
heap
|
page read and write
|
||
|
2B459460000
|
direct allocation
|
page read and write
|
||
|
2B459086000
|
heap
|
page read and write
|
||
|
2B459018000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
2B43F208000
|
heap
|
page read and write
|
||
|
7FF679D2E000
|
unkown
|
page read and write
|
||
|
2B459085000
|
heap
|
page read and write
|
||
|
2B458FEE000
|
heap
|
page read and write
|
||
|
1E4C76F2000
|
heap
|
page read and write
|
||
|
2B4595DD000
|
heap
|
page read and write
|
||
|
2B4590A2000
|
heap
|
page read and write
|
||
|
2B43F254000
|
heap
|
page read and write
|
||
|
2B43F1E0000
|
heap
|
page read and write
|
||
|
1281000
|
unkown
|
page write copy
|
||
|
68B41000
|
unkown
|
page execute read
|
||
|
C15E0DE000
|
stack
|
page read and write
|
||
|
2B45968D000
|
heap
|
page read and write
|
||
|
1E4C3590000
|
heap
|
page read and write
|
||
|
2B45906D000
|
heap
|
page read and write
|
||
|
2B462310000
|
direct allocation
|
page read and write
|
||
|
2B45968D000
|
heap
|
page read and write
|
||
|
1E4C1C93000
|
heap
|
page read and write
|
||
|
2B45909C000
|
heap
|
page read and write
|
||
|
6A89A000
|
unkown
|
page read and write
|
||
|
2B4597C3000
|
heap
|
page read and write
|
||
|
6A89B000
|
unkown
|
page readonly
|
||
|
1E4C6791000
|
heap
|
page read and write
|
||
|
1E4C76A1000
|
heap
|
page read and write
|
||
|
2B45986A000
|
heap
|
page read and write
|
||
|
2B4597B1000
|
heap
|
page read and write
|
||
|
2B459522000
|
heap
|
page read and write
|
||
|
2B459857000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
1E4C1C93000
|
heap
|
page read and write
|
||
|
1E4C1C20000
|
heap
|
page read and write
|
||
|
2B43E9D8000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
8F5000
|
unclassified section
|
page readonly
|
||
|
2B43E9CA000
|
heap
|
page read and write
|
||
|
1E4C1C2E000
|
heap
|
page read and write
|
||
|
2B4596DD000
|
heap
|
page read and write
|
||
|
33D0000
|
heap
|
page read and write
|
||
|
1E4C1C9E000
|
heap
|
page read and write
|
||
|
2B4596DD000
|
heap
|
page read and write
|
||
|
2B459526000
|
heap
|
page read and write
|
||
|
26EE000
|
stack
|
page read and write
|
||
|
2B43EA14000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
678A1000
|
unkown
|
page readonly
|
||
|
33F0000
|
heap
|
page read and write
|
||
|
2B43EB90000
|
heap
|
page read and write
|
||
|
7FF679D33000
|
unkown
|
page read and write
|
||
|
1E4C4991000
|
heap
|
page read and write
|
||
|
2B440B80000
|
heap
|
page read and write
|
||
|
1E4C777E000
|
heap
|
page read and write
|
||
|
2B459571000
|
heap
|
page read and write
|
||
|
1E4C74C8000
|
heap
|
page read and write
|
||
|
2B4596A0000
|
heap
|
page read and write
|
||
|
2B459460000
|
direct allocation
|
page read and write
|
||
|
2B4596BB000
|
heap
|
page read and write
|
||
|
2B4597B7000
|
heap
|
page read and write
|
||
|
2B459018000
|
heap
|
page read and write
|
||
|
2B459B30000
|
direct allocation
|
page read and write
|
||
|
1E4C1C62000
|
heap
|
page read and write
|
||
|
2B43E9D9000
|
heap
|
page read and write
|
||
|
2B4596B9000
|
heap
|
page read and write
|
||
|
2B43EFA0000
|
direct allocation
|
page read and write
|
||
|
2B45952A000
|
heap
|
page read and write
|
||
|
2B43F1F1000
|
heap
|
page read and write
|
||
|
2B459871000
|
heap
|
page read and write
|
||
|
2B459520000
|
heap
|
page read and write
|
||
|
7FF679D21000
|
unkown
|
page readonly
|
||
|
7FF76F4A7000
|
unkown
|
page readonly
|
||
|
2B45906D000
|
heap
|
page read and write
|
||
|
2B4597B1000
|
heap
|
page read and write
|
||
|
2B43E9BA000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
7FF679D01000
|
unkown
|
page execute read
|
||
|
2B4597B7000
|
heap
|
page read and write
|
||
|
1E4C8AB5000
|
heap
|
page read and write
|
||
|
1E4C7704000
|
heap
|
page read and write
|
||
|
2B45906D000
|
heap
|
page read and write
|
||
|
2B4595DD000
|
heap
|
page read and write
|
||
|
1E4C77C6000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
2B43EA77000
|
heap
|
page read and write
|
||
|
62EA3000
|
unkown
|
page readonly
|
||
|
8CE000
|
stack
|
page read and write
|
||
|
2B4590A2000
|
heap
|
page read and write
|
||
|
1E4C1C28000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
2B43E9B7000
|
heap
|
page read and write
|
||
|
1E4C766D000
|
heap
|
page read and write
|
||
|
1E4C764B000
|
heap
|
page read and write
|
||
|
2B459511000
|
heap
|
page read and write
|
||
|
2B43EB50000
|
direct allocation
|
page read and write
|
||
|
2B459857000
|
heap
|
page read and write
|
||
|
678A7000
|
unkown
|
page readonly
|
||
|
2B459520000
|
heap
|
page read and write
|
||
|
2B4597C3000
|
heap
|
page read and write
|
||
|
2B459400000
|
direct allocation
|
page read and write
|
||
|
2B459857000
|
heap
|
page read and write
|
||
|
71007000
|
unkown
|
page readonly
|
||
|
6A8A5000
|
unkown
|
page write copy
|
||
|
2B440B83000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
2B4597C3000
|
heap
|
page read and write
|
||
|
2B45969D000
|
heap
|
page read and write
|
||
|
2B459857000
|
heap
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
1E4C5391000
|
heap
|
page read and write
|
||
|
1E4C1C9E000
|
heap
|
page read and write
|
||
|
62E9F000
|
unkown
|
page read and write
|
||
|
2B459A10000
|
direct allocation
|
page read and write
|
||
|
2B43E9FE000
|
heap
|
page read and write
|
||
|
67881000
|
unkown
|
page execute read
|
||
|
7FF76E740000
|
unkown
|
page readonly
|
||
|
7FF76E741000
|
unkown
|
page execute read
|
||
|
2B459873000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
2B43E9E2000
|
heap
|
page read and write
|
||
|
2B459699000
|
heap
|
page read and write
|
||
|
2B4623B0000
|
direct allocation
|
page read and write
|
||
|
69A43000
|
unkown
|
page readonly
|
||
|
2B43EA44000
|
heap
|
page read and write
|
||
|
2B459571000
|
heap
|
page read and write
|
||
|
2B45987A000
|
heap
|
page read and write
|
||
|
2B458F85000
|
heap
|
page read and write
|
||
|
2B4597A2000
|
heap
|
page read and write
|
||
|
2B459675000
|
heap
|
page read and write
|
||
|
2B4599D0000
|
direct allocation
|
page read and write
|
||
|
2B459018000
|
heap
|
page read and write
|
||
|
1E4C767E000
|
heap
|
page read and write
|
||
|
2B461EB0000
|
direct allocation
|
page read and write
|
||
|
63D000
|
unkown
|
page readonly
|
||
|
6AE80000
|
unkown
|
page readonly
|
||
|
2B459460000
|
direct allocation
|
page read and write
|
||
|
62E81000
|
unkown
|
page execute read
|
||
|
1E4C81F9000
|
heap
|
page read and write
|
||
|
2B43E920000
|
heap
|
page read and write
|
||
|
2B459571000
|
heap
|
page read and write
|
||
|
2B43F1F4000
|
heap
|
page read and write
|
||
|
1E4C1C93000
|
heap
|
page read and write
|
||
|
2B4591F0000
|
direct allocation
|
page read and write
|
||
|
2B43E9FC000
|
heap
|
page read and write
|
||
|
2B45968A000
|
heap
|
page read and write
|
||
|
2B4596DD000
|
heap
|
page read and write
|
||
|
1E4C77D6000
|
heap
|
page read and write
|
||
|
2B4596DD000
|
heap
|
page read and write
|
||
|
2B43F250000
|
heap
|
page read and write
|
||
|
2E1D000
|
stack
|
page read and write
|
||
|
C16069E000
|
stack
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
2B43EF20000
|
direct allocation
|
page read and write
|
||
|
2B459062000
|
heap
|
page read and write
|
||
|
2B459555000
|
heap
|
page read and write
|
||
|
2B459230000
|
direct allocation
|
page read and write
|
||
|
2B43EA05000
|
heap
|
page read and write
|
||
|
7100F000
|
unkown
|
page write copy
|
||
|
2B45968D000
|
heap
|
page read and write
|
||
|
1E4C1CA3000
|
heap
|
page read and write
|
||
|
2B45951A000
|
heap
|
page read and write
|
||
|
2B462190000
|
direct allocation
|
page read and write
|
||
|
2B43F2D8000
|
heap
|
page read and write
|
||
|
7100C000
|
unkown
|
page read and write
|
||
|
1E4C1C7D000
|
heap
|
page read and write
|
||
|
634000
|
unkown
|
page write copy
|
||
|
2B43EA45000
|
heap
|
page read and write
|
||
|
2B459062000
|
heap
|
page read and write
|
||
|
2B43EA45000
|
heap
|
page read and write
|
||
|
2B4622D0000
|
direct allocation
|
page read and write
|
||
|
2B459857000
|
heap
|
page read and write
|
||
|
2B45909C000
|
heap
|
page read and write
|
||
|
2B459697000
|
heap
|
page read and write
|
||
|
1E4C1C38000
|
heap
|
page read and write
|
||
|
2B440CC0000
|
direct allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
2B43E9DB000
|
heap
|
page read and write
|
||
|
2B45968D000
|
heap
|
page read and write
|
||
|
2B461FF0000
|
direct allocation
|
page read and write
|
||
|
A673CFB000
|
stack
|
page read and write
|
||
|
2B440F10000
|
direct allocation
|
page execute and read and write
|
||
|
2B458F83000
|
heap
|
page read and write
|
||
|
2B459400000
|
direct allocation
|
page read and write
|
||
|
2B4592B0000
|
direct allocation
|
page read and write
|
||
|
2B4598A0000
|
direct allocation
|
page read and write
|
||
|
62EA2000
|
unkown
|
page write copy
|
||
|
2B459791000
|
heap
|
page read and write
|
||
|
2B43EEE0000
|
direct allocation
|
page read and write
|
||
|
2B43F060000
|
direct allocation
|
page read and write
|
||
|
2B4596DD000
|
heap
|
page read and write
|
||
|
25D5000
|
unkown
|
page read and write
|
||
|
1E4C77E8000
|
heap
|
page read and write
|
||
|
71000000
|
unkown
|
page readonly
|
||
|
2B459BE0000
|
direct allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
2B4596FC000
|
heap
|
page read and write
|
||
|
2B4596BA000
|
heap
|
page read and write
|
||
|
62E80000
|
unkown
|
page readonly
|
||
|
2B43EA5B000
|
heap
|
page read and write
|
||
|
2B459857000
|
heap
|
page read and write
|
||
|
2B461D60000
|
heap
|
page read and write
|
||
|
2B4596A8000
|
heap
|
page read and write
|
||
|
1E4C3620000
|
heap
|
page read and write
|
||
|
2B4596DD000
|
heap
|
page read and write
|
||
|
2B45906D000
|
heap
|
page read and write
|
||
|
8E0000
|
direct allocation
|
page read and write
|
||
|
1E4C1BD0000
|
heap
|
page read and write
|
||
|
1E4C1CA3000
|
heap
|
page read and write
|
||
|
67880000
|
unkown
|
page readonly
|
||
|
2B459400000
|
direct allocation
|
page read and write
|
||
|
1E4C1C93000
|
heap
|
page read and write
|
||
|
68B7B000
|
unkown
|
page readonly
|
||
|
1E4C1C05000
|
heap
|
page read and write
|
||
|
2B4594E2000
|
heap
|
page read and write
|
||
|
7FF76E740000
|
unkown
|
page readonly
|
||
|
2B45902B000
|
heap
|
page read and write
|
||
|
1E4C1BC0000
|
heap
|
page read and write
|
||
|
2B4597B1000
|
heap
|
page read and write
|
||
|
2B462210000
|
direct allocation
|
page read and write
|
||
|
67897000
|
unkown
|
page read and write
|
||
|
2B43F283000
|
heap
|
page read and write
|
||
|
2B458FA4000
|
heap
|
page read and write
|
||
|
2B4598E0000
|
direct allocation
|
page read and write
|
||
|
2B458FA3000
|
heap
|
page read and write
|
||
|
7FF679D01000
|
unkown
|
page execute read
|
||
|
1E4C86D0000
|
heap
|
page read and write
|
||
|
6A8A1000
|
unkown
|
page readonly
|
||
|
2B459877000
|
heap
|
page read and write
|
||
|
2B4596DD000
|
heap
|
page read and write
|
||
|
880000
|
unkown
|
page readonly
|
||
|
1E4C1C9E000
|
heap
|
page read and write
|
||
|
2B43EA52000
|
heap
|
page read and write
|
||
|
2B440F20000
|
direct allocation
|
page read and write
|
||
|
2B459400000
|
direct allocation
|
page read and write
|
||
|
2B43EA05000
|
heap
|
page read and write
|
||
|
2F1B000
|
stack
|
page read and write
|
||
|
7FF679D36000
|
unkown
|
page read and write
|
||
|
257B000
|
unkown
|
page readonly
|
||
|
2B4596FB000
|
heap
|
page read and write
|
||
|
2B461F70000
|
direct allocation
|
page read and write
|
||
|
1E4C1C84000
|
heap
|
page read and write
|
||
|
245D000
|
unkown
|
page read and write
|
||
|
6AF16000
|
unkown
|
page readonly
|
||
|
2B43F0A0000
|
direct allocation
|
page read and write
|
||
|
69A3E000
|
unkown
|
page readonly
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
85D000
|
stack
|
page read and write
|
||
|
2B4597B7000
|
heap
|
page read and write
|
||
|
631000
|
unkown
|
page execute read
|
||
|
630000
|
unkown
|
page readonly
|
There are 520 hidden memdumps, click here to show them.