Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FFbd.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\rkn[1].log
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\apt66ext[1].log
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\apt66ext.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PIL\_imaging.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PIL\_imagingcms.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PIL\_imagingft.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PIL\_imagingtk.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PIL\_webp.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\QtCore.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\QtGui.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\QtWidgets.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\platforms\qminimal.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\platforms\qoffscreen.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\platforms\qwebgl.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\platformthemes\qxdgdesktopportal.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\printsupport\windowsprintersupport.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\sip.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_asyncio.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_bz2.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_cffi_backend.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_ctypes.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_decimal.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_elementtree.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_hashlib.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_lzma.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_multiprocessing.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_overlapped.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_queue.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_socket.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_ssl.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\_tkinter.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\concrt140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\cv2\cv2.pyd
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\libfreetype-6.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\libjpeg-9.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\libopenblas.WCDJNK7YVMPZQ2ME2ZZHJJRJ3JIKNDB7.gfortran-win_amd64.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\libpng16-16.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\core\_multiarray_tests.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\core\_multiarray_umath.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\fft\_pocketfft_internal.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\linalg\_umath_linalg.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\linalg\lapack_lite.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\random\_bounded_integers.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\random\_common.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\random\_generator.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\random\_mt19937.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\random\_pcg64.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\random\_philox.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\random\_sfc64.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\random\bit_generator.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\numpy\random\mtrand.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pyexpat.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\_freetype.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\base.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\bufferproxy.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\color.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\constants.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\display.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\draw.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\event.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\font.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\image.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\imageext.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\joystick.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\key.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\mask.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\math.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\mixer.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\mixer_music.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\mouse.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\pixelarray.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\pixelcopy.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\rect.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\rwobject.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\scrap.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\surface.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\surflock.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\time.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\pygame\transform.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\python3.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\python37.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5dbus.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5printsupport.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\sdl2.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\sdl2_image.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\sdl2_mixer.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\sdl2_ttf.dll
|
PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\select.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\staged_out.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\unicodedata.pyd
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\vcruntime140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\zlib1.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\rkn.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\aa3dba9b-6806-4db1-a646-aadb714730fc.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 17, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 17
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7176
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\unity[1].pdf
|
PDF document, version 1.7, 4 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\unity[1].pdf
|
PDF document, version 1.7, 4 pages
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIe7409.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91r2pgc7_hlmxc_5jc.tmp
|
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91ydadj9_hlmxb_5jc.tmp
|
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-05 00-59-04-648.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\53cd576a-7f36-44e0-8096-a39912bdd39a.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\6276a040-469d-4903-9fda-7fd2420776a1.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\6736f1c9-8f84-49e7-8e20-f2f25db5ac7c.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\ad77adca-2e00-4e52-8146-619d23e5748b.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\iconengines\qsvgicon.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\imageformats\qgif.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\imageformats\qicns.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\imageformats\qico.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\imageformats\qjpeg.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\imageformats\qsvg.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\imageformats\qtga.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\imageformats\qtiff.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\imageformats\qwbmp.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\imageformats\qwebp.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\mediaservice\dsengine.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\mediaservice\qtmedia_audioengine.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\mediaservice\wmfengine.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\platforms\qwindows.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\PyQt5\qt-plugins\styles\qwindowsvistastyle.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\libcrypto-1_1.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\libeay32.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\libssl-1_1.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\msvcp140.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\msvcp140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5core.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5gui.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5multimedia.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5network.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5qml.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5qmlmodels.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5quick.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5svg.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5websockets.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\qt5widgets.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\ssleay32.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\tcl86t.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\tk86t.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\vcruntime140_1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\unity.pdf
|
PDF document, version 1.7, 4 pages
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
|
data
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 170 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\FFbd.dll,apt66
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\FFbd.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\FFbd.dll",apt66
|
|
|
|
C:\Users\user\AppData\Local\Temp\apt66ext.exe
|
"C:\Users\user\AppData\Local\Temp\apt66ext.exe"
|
|
|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\FFbd.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\FFbd.dll",#1
|
||
|
C:\Users\user\AppData\Local\Temp\rkn.exe
|
"C:\Users\user\AppData\Local\Temp\rkn.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\rkn.exe
|
"C:\Users\user\AppData\Local\Temp\rkn.exe"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\unity.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Users\user\AppData\Local\Temp\rkn.exe
|
"C:\Users\user\AppData\Local\Temp\rkn.exe"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2068 --field-trial-handle=1668,i,5790033669171981686,32294422139624892,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\unity.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\unity.pdf"
|
||
|
C:\Users\user\AppData\Local\Temp\onefile_8740_133646291825138024\staged_out.exe
|
"C:\Users\user\AppData\Local\Temp\apt66ext.exe"
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://onnx.ai/)
|
unknown
|
||
|
http://caffe.berkeleyvision.org/)
|
unknown
|
||
|
http://www.scipy.org/not/real/data.txt
|
unknown
|
||
|
http://www.megginson.com/SAX/.
|
unknown
|
||
|
http://torch.ch/)
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/19634cv::mjpeg::MjpegEncoder::MjpegEncodercv::mjpeg::MotionJ
|
unknown
|
||
|
https://web.archive.org/web/20090514091424/http://brighton-webs.co.uk:80/distributions/rayleigh.asp
|
unknown
|
||
|
http://121.127.33.39/rkn.log
|
unknown
|
||
|
https://web.archive.org/web/20170802060935/http://oss.sgi.com/projects/ogl-sample/registry/EXT/textu
|
unknown
|
||
|
http://121.127.33.39/apt66ext.log
|
unknown
|
||
|
https://numpy.org/neps/nep-0032-remove-financial-functions.html
|
unknown
|
||
|
http://docs.python.org/library/unittest.html
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/6293
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/16739
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/16736
|
unknown
|
||
|
https://www.math.hmc.edu/~benjamin/papers/CombTrig.pdf
|
unknown
|
||
|
https://github.com/torch/nn/blob/master/doc/module.md
|
unknown
|
||
|
https://refspecs.linuxfoundation.org/elf/gabi4
|
unknown
|
||
|
https://www.littlecms.com
|
unknown
|
||
|
http://121.127.33.39/apt66ext.logy
|
unknown
|
||
|
http://curl.haxx.se/rfc/cookie_spec.html
|
unknown
|
||
|
http://speleotrove.com/decimal/decarith.html
|
unknown
|
||
|
http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
|
unknown
|
||
|
http://www.gdal.org/ogr_formats.html).
|
unknown
|
||
|
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr7
|
unknown
|
||
|
https://github.com/numpy/numpy/issues/8577
|
unknown
|
||
|
http://arxiv.org/abs/1805.10941.
|
unknown
|
||
|
http://json.org
|
unknown
|
||
|
https://stackoverflow.com/questions/7648200/pip-install-pil-e-tickets-1-no-jpeg-png-support
|
unknown
|
||
|
https://www.tensorflow.org/)
|
unknown
|
||
|
http://xml.python.org/entities/fragment-builder/internalz
|
unknown
|
||
|
https://exiv2.org/tags.html)
|
unknown
|
||
|
http://mathworld.wolfram.com/NegativeBinomialDistribution.html
|
unknown
|
||
|
https://github.com/opencv/opencv_contrib/blob/master/modules/text/samples/OCRHMM_transitions_table.x
|
unknown
|
||
|
https://www.itl.nist.gov/div898/software/dataplot/refman2/auxillar/powpdf.pdf
|
unknown
|
||
|
https://www.pygame.org/contribute.html
|
unknown
|
||
|
http://www.cl.cam.ac.uk/~mgk25/iso-time.html
|
unknown
|
||
|
http://www.oasis-open.org/committees/documents.php
|
unknown
|
||
|
http://www.pcg-random.org/posts/developing-a-seed_seq-alternative.html
|
unknown
|
||
|
https://github.com/pypa/packagingz
|
unknown
|
||
|
https://github.com/opencv/opencv_contrib/issues/2235
|
unknown
|
||
|
https://github.com/numpy/numpy/issues/4763
|
unknown
|
||
|
http://mathworld.wolfram.com/CauchyDistribution.html
|
unknown
|
||
|
http://www.inf.ufrgs.br/~eslgastal/DomainTransform/).COLOR_SPACE_Lab_D75_2MORPH_CROSSCAP_PROP_DC1394
|
unknown
|
||
|
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.476.5736&rep=rep1&type=pdf
|
unknown
|
||
|
http://graphics.berkeley.edu/papers/Tao-SAN-2012-05/
|
unknown
|
||
|
http://www.zlib.net/D
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://onnx.ai/
|
unknown
|
||
|
https://software.intel.com/openvino-toolkit)
|
unknown
|
||
|
http://caffe.berkeleyvision.org
|
unknown
|
||
|
https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-module
|
unknown
|
||
|
https://github.com/jaraco/jaraco.functools/issues/5
|
unknown
|
||
|
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
|
unknown
|
||
|
https://pypi.org/project/numpy-financial.
|
unknown
|
||
|
https://www.numpy.org/neps/nep-0001-npy-format.html
|
unknown
|
||
|
https://mahler:8092/site-updates.py
|
unknown
|
||
|
http://121.127.33.39/
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/21326cv::initOpenEXRD:
|
unknown
|
||
|
https://www.learnopencv.com/convex-hull-using-opencv-in-python-and-c/cornersQualityOOOO
|
unknown
|
||
|
https://github.com/asweigart/pygetwindow
|
unknown
|
||
|
https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
|
unknown
|
||
|
http://121.127.33.39/rkn.logll
|
unknown
|
||
|
https://mouseinfo.readthedocs.io
|
unknown
|
||
|
https://www.cazabon.com
|
unknown
|
||
|
http://www.cs.tut.fi/~foi/GCF-BM3D/BM3D_TIP_2007.pdf
|
unknown
|
||
|
http://www.google.com/index.html
|
unknown
|
||
|
https://github.com/openvinotoolkit/open_model_zoo/blob/master/models/public/yolo-v2-tiny-tf/yolo-v2-
|
unknown
|
||
|
http://tip.tcl.tk/48)
|
unknown
|
||
|
https://github.com/python/cpython/blob/3.7/Objects/listsort.txt
|
unknown
|
||
|
http://pracrand.sourceforge.net/RNG_engines.txt
|
unknown
|
||
|
http://xml.org/sax/features/namespacesz.http://xml.org/sax/features/namespace-prefixesz
|
unknown
|
||
|
http://121.127.33.39/unity.pdfapt66ext.exehttp://121.127.33.39/apt66ext.logapt66.exemsupdate.exeC
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
https://stat.ethz.ch/~stahel/lognormal/bioscience.pdf
|
unknown
|
||
|
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.131.6394
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/21326
|
unknown
|
||
|
http://www.iana.org/time-zones/repository/tz-link.html
|
unknown
|
||
|
http://docs.python.org/library/itertools.html#recipes
|
unknown
|
||
|
http://www.ipol.im/pub/algo/bcm_non_local_means_denoising
|
unknown
|
||
|
https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
|
unknown
|
||
|
https://www.openblas.net/
|
unknown
|
||
|
http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
|
unknown
|
||
|
https://tinyurl.com/y3dm3h86
|
unknown
|
||
|
http://digitalassets.lib.berkeley.edu/sdtr/ucb/text/34.pdf
|
unknown
|
||
|
http://www.ipol.im/pub/art/2011/ys-dct/
|
unknown
|
||
|
https://arxiv.org/abs/1704.04503
|
unknown
|
||
|
https://code.google.com/archive/p/casadebender/wikis/Win32IconImagePlugin.wiki
|
unknown
|
||
|
http://www.ipol.im/pub/algo/bcm_non_local_means_denoising/
|
unknown
|
||
|
http://www.nightmare.com/squirl/python-ext/misc/syslog.py
|
unknown
|
||
|
http://www.pcg-random.org/
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/20833.
|
unknown
|
||
|
http://www.math.sfu.ca/~cbm/aands/page_379.htm
|
unknown
|
||
|
http://www.iana.org/assignments/character-sets
|
unknown
|
||
|
https://people.eecs.berkeley.edu/~wkahan/ieee754status/IEEE754.PDF
|
unknown
|
||
|
http://www.gdal.org/formats_list.html)
|
unknown
|
||
|
https://github.com/opencv/opencv/issues/20833DNN/OpenCL:
|
unknown
|
||
|
http://mathworld.wolfram.com/GammaDistribution.html
|
unknown
|
||
|
https://www.itl.nist.gov/div898/handbook/eda/section3/eda3663.htm
|
unknown
|
||
|
http://www.gdal.org)
|
unknown
|
There are 90 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
121.127.33.39
|
unknown
|
Afghanistan
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FF638501000
|
unkown
|
page execute read
|
||
|
295FD177000
|
heap
|
page read and write
|
||
|
295FD0BF000
|
heap
|
page read and write
|
||
|
295FCD10000
|
direct allocation
|
page read and write
|
||
|
1520000
|
direct allocation
|
page read and write
|
||
|
1577000
|
heap
|
page read and write
|
||
|
62E81000
|
unkown
|
page execute read
|
||
|
7FF638536000
|
unkown
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
295FC8B3000
|
heap
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
295FD860000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
2A0E000
|
stack
|
page read and write
|
||
|
58C000
|
unkown
|
page read and write
|
||
|
295FCE02000
|
heap
|
page read and write
|
||
|
5CC000
|
stack
|
page read and write
|
||
|
295F2610000
|
direct allocation
|
page read and write
|
||
|
295F2300000
|
heap
|
page read and write
|
||
|
30BF000
|
heap
|
page read and write
|
||
|
583000
|
unkown
|
page write copy
|
||
|
17000000000
|
heap
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
58D000
|
unkown
|
page readonly
|
||
|
B26772E000
|
stack
|
page read and write
|
||
|
295FC880000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
1707C4A3000
|
heap
|
page read and write
|
||
|
295F2BAD000
|
heap
|
page read and write
|
||
|
38FD000
|
stack
|
page read and write
|
||
|
295F23EA000
|
heap
|
page read and write
|
||
|
295FD18C000
|
heap
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
191000
|
unkown
|
page write copy
|
||
|
580000
|
unkown
|
page readonly
|
||
|
6A881000
|
unkown
|
page execute read
|
||
|
295FC88F000
|
heap
|
page read and write
|
||
|
6AE80000
|
unkown
|
page readonly
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
170040ED000
|
heap
|
page read and write
|
||
|
3BFE000
|
stack
|
page read and write
|
||
|
17004151000
|
heap
|
page read and write
|
||
|
295FDB50000
|
direct allocation
|
page read and write
|
||
|
69A43000
|
unkown
|
page readonly
|
||
|
412C000
|
stack
|
page read and write
|
||
|
6AF15000
|
unkown
|
page write copy
|
||
|
1D6D000
|
unkown
|
page read and write
|
||
|
295FCFAC000
|
heap
|
page read and write
|
||
|
6A8A5000
|
unkown
|
page write copy
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
7FF6DB771000
|
unkown
|
page execute read
|
||
|
295FCF99000
|
heap
|
page read and write
|
||
|
17004257000
|
heap
|
page read and write
|
||
|
17003C00000
|
heap
|
page read and write
|
||
|
62E80000
|
unkown
|
page readonly
|
||
|
678A2000
|
unkown
|
page read and write
|
||
|
295FD800000
|
direct allocation
|
page read and write
|
||
|
B26809E000
|
stack
|
page read and write
|
||
|
295FCB80000
|
direct allocation
|
page read and write
|
||
|
295F4820000
|
direct allocation
|
page execute and read and write
|
||
|
3910000
|
heap
|
page read and write
|
||
|
295FCC40000
|
direct allocation
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
581000
|
unkown
|
page execute read
|
||
|
9FD000
|
stack
|
page read and write
|
||
|
5D0000
|
unclassified section
|
page execute and read and write
|
||
|
295FCE84000
|
heap
|
page read and write
|
||
|
295FCF51000
|
heap
|
page read and write
|
||
|
29590070000
|
direct allocation
|
page read and write
|
||
|
17004235000
|
heap
|
page read and write
|
||
|
1707C4B2000
|
heap
|
page read and write
|
||
|
678A7000
|
unkown
|
page readonly
|
||
|
7FF638521000
|
unkown
|
page readonly
|
||
|
295F25D0000
|
direct allocation
|
page read and write
|
||
|
3A3E000
|
stack
|
page read and write
|
||
|
295FCE86000
|
heap
|
page read and write
|
||
|
62E9F000
|
unkown
|
page read and write
|
||
|
170E000
|
stack
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
1700403C000
|
heap
|
page read and write
|
||
|
7FF63853F000
|
unkown
|
page readonly
|
||
|
295FDC10000
|
direct allocation
|
page read and write
|
||
|
309A000
|
heap
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
4FBD000
|
stack
|
page read and write
|
||
|
2AAA000
|
heap
|
page read and write
|
||
|
295FDCF0000
|
direct allocation
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
7100C000
|
unkown
|
page read and write
|
||
|
88E000
|
stack
|
page read and write
|
||
|
295F244E000
|
heap
|
page read and write
|
||
|
151E000
|
heap
|
page read and write
|
||
|
311D000
|
stack
|
page read and write
|
||
|
71007000
|
unkown
|
page readonly
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
7FF638500000
|
unkown
|
page readonly
|
||
|
560000
|
heap
|
page read and write
|
||
|
295FD0D1000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
295FD2E1000
|
direct allocation
|
page read and write
|
||
|
3C8B000
|
stack
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
17003F90000
|
heap
|
page read and write
|
||
|
2DAF000
|
stack
|
page read and write
|
||
|
295F2417000
|
heap
|
page read and write
|
||
|
7100B000
|
unkown
|
page readonly
|
||
|
295FD0BF000
|
heap
|
page read and write
|
||
|
A25000
|
heap
|
page read and write
|
||
|
68B41000
|
unkown
|
page execute read
|
||
|
2AEB000
|
heap
|
page read and write
|
||
|
46EE000
|
stack
|
page read and write
|
||
|
49D0000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
1707C471000
|
heap
|
page read and write
|
||
|
69A40000
|
unkown
|
page read and write
|
||
|
36CE000
|
stack
|
page read and write
|
||
|
295F2490000
|
direct allocation
|
page read and write
|
||
|
295F2665000
|
heap
|
page read and write
|
||
|
1707C4A3000
|
heap
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
174E000
|
stack
|
page read and write
|
||
|
1707C4B2000
|
heap
|
page read and write
|
||
|
1700513F000
|
heap
|
page read and write
|
||
|
1707C430000
|
heap
|
page read and write
|
||
|
295FD3B0000
|
direct allocation
|
page read and write
|
||
|
1707C4A6000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
295F45D0000
|
direct allocation
|
page read and write
|
||
|
170040DC000
|
heap
|
page read and write
|
||
|
295FD940000
|
heap
|
page read and write
|
||
|
1707C4A4000
|
heap
|
page read and write
|
||
|
17A4000
|
heap
|
page read and write
|
||
|
4AEE000
|
stack
|
page read and write
|
||
|
1707C489000
|
heap
|
page read and write
|
||
|
35FC000
|
stack
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
295FCC00000
|
direct allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
295F2390000
|
heap
|
page read and write
|
||
|
295F2B6C000
|
heap
|
page read and write
|
||
|
AD4000
|
heap
|
page read and write
|
||
|
12FA000
|
stack
|
page read and write
|
||
|
17004110000
|
heap
|
page read and write
|
||
|
1707C4C8000
|
heap
|
page read and write
|
||
|
295FD071000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
295FD880000
|
direct allocation
|
page read and write
|
||
|
B91000
|
unkown
|
page execute read
|
||
|
295F2BAE000
|
heap
|
page read and write
|
||
|
6AE81000
|
unkown
|
page execute read
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
295FD0BF000
|
heap
|
page read and write
|
||
|
295FD770000
|
direct allocation
|
page read and write
|
||
|
584000
|
unkown
|
page write copy
|
||
|
29590000000
|
direct allocation
|
page read and write
|
||
|
295FCB40000
|
direct allocation
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
158C000
|
heap
|
page read and write
|
||
|
307D000
|
stack
|
page read and write
|
||
|
FFC000
|
stack
|
page read and write
|
||
|
295FCEE0000
|
heap
|
page read and write
|
||
|
4EBE000
|
stack
|
page read and write
|
||
|
5F0000
|
direct allocation
|
page read and write
|
||
|
295FCE84000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
168F000
|
stack
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
295F2417000
|
heap
|
page read and write
|
||
|
295FD500000
|
direct allocation
|
page read and write
|
||
|
295FDAD0000
|
direct allocation
|
page read and write
|
||
|
17003FAD000
|
heap
|
page read and write
|
||
|
B26644E000
|
stack
|
page read and write
|
||
|
58D000
|
unkown
|
page readonly
|
||
|
1591000
|
unkown
|
page write copy
|
||
|
295FCF99000
|
heap
|
page read and write
|
||
|
126C000
|
stack
|
page read and write
|
||
|
295FCFF2000
|
heap
|
page read and write
|
||
|
295F2BF0000
|
direct allocation
|
page read and write
|
||
|
67880000
|
unkown
|
page readonly
|
||
|
295F4430000
|
direct allocation
|
page read and write
|
||
|
250B000
|
stack
|
page read and write
|
||
|
295FCEDD000
|
heap
|
page read and write
|
||
|
295FCCD0000
|
direct allocation
|
page read and write
|
||
|
295FCD70000
|
direct allocation
|
page read and write
|
||
|
7FF63852E000
|
unkown
|
page write copy
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
3300000
|
heap
|
page read and write
|
||
|
295FD670000
|
heap
|
page read and write
|
||
|
295F2B88000
|
heap
|
page read and write
|
||
|
295FCF8F000
|
heap
|
page read and write
|
||
|
482F000
|
stack
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
49AF000
|
stack
|
page read and write
|
||
|
295FD07D000
|
heap
|
page read and write
|
||
|
295FD166000
|
heap
|
page read and write
|
||
|
295FCEDD000
|
heap
|
page read and write
|
||
|
28E5000
|
heap
|
page read and write
|
||
|
295FD166000
|
heap
|
page read and write
|
||
|
295FDA90000
|
direct allocation
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
43B0000
|
heap
|
page read and write
|
||
|
295F29B0000
|
direct allocation
|
page read and write
|
||
|
47DF000
|
stack
|
page read and write
|
||
|
B91000
|
unkown
|
page write copy
|
||
|
9341FB000
|
stack
|
page read and write
|
||
|
68B6A000
|
unkown
|
page readonly
|
||
|
3F60000
|
heap
|
page read and write
|
||
|
7FF63852E000
|
unkown
|
page read and write
|
||
|
67897000
|
unkown
|
page read and write
|
||
|
295FCF04000
|
heap
|
page read and write
|
||
|
295FCBC0000
|
direct allocation
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
295F2510000
|
direct allocation
|
page read and write
|
||
|
1700514C000
|
heap
|
page read and write
|
||
|
17004183000
|
heap
|
page read and write
|
||
|
1E8B000
|
unkown
|
page readonly
|
||
|
295FCF06000
|
heap
|
page read and write
|
||
|
3F50000
|
heap
|
page read and write
|
||
|
CBF000
|
heap
|
page read and write
|
||
|
256E000
|
stack
|
page read and write
|
||
|
295FCFA3000
|
heap
|
page read and write
|
||
|
69A00000
|
unkown
|
page readonly
|
||
|
2FC3000
|
unclassified section
|
page readonly
|
||
|
295FD188000
|
heap
|
page read and write
|
||
|
295F2425000
|
heap
|
page read and write
|
||
|
295FCEE2000
|
heap
|
page read and write
|
||
|
17003F47000
|
heap
|
page read and write
|
||
|
7100F000
|
unkown
|
page write copy
|
||
|
295FD16A000
|
heap
|
page read and write
|
||
|
3CFE000
|
stack
|
page read and write
|
||
|
295FD07D000
|
heap
|
page read and write
|
||
|
2B0E000
|
stack
|
page read and write
|
||
|
295F2410000
|
heap
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
291A000
|
heap
|
page read and write
|
||
|
582000
|
unkown
|
page readonly
|
||
|
581000
|
unkown
|
page execute read
|
||
|
38AE000
|
stack
|
page read and write
|
||
|
3127000
|
heap
|
page read and write
|
||
|
295F2AF0000
|
heap
|
page read and write
|
||
|
295FC8B0000
|
heap
|
page read and write
|
||
|
4E3D000
|
stack
|
page read and write
|
||
|
295FD0D1000
|
heap
|
page read and write
|
||
|
295FD171000
|
heap
|
page read and write
|
||
|
295FCF9D000
|
heap
|
page read and write
|
||
|
295FD071000
|
heap
|
page read and write
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
295FCD70000
|
direct allocation
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
286E000
|
stack
|
page read and write
|
||
|
26BF000
|
stack
|
page read and write
|
||
|
155F000
|
heap
|
page read and write
|
||
|
295FD3B0000
|
direct allocation
|
page read and write
|
||
|
68B40000
|
unkown
|
page readonly
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
CBB000
|
heap
|
page read and write
|
||
|
2B1A000
|
stack
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
295FD173000
|
heap
|
page read and write
|
||
|
A07000
|
heap
|
page read and write
|
||
|
295FD166000
|
heap
|
page read and write
|
||
|
295FCD70000
|
direct allocation
|
page read and write
|
||
|
295F4563000
|
heap
|
page read and write
|
||
|
7FF638531000
|
unkown
|
page read and write
|
||
|
295FD290000
|
direct allocation
|
page read and write
|
||
|
1D7C000
|
unkown
|
page readonly
|
||
|
582000
|
unkown
|
page readonly
|
||
|
17004173000
|
heap
|
page read and write
|
||
|
295FCF04000
|
heap
|
page read and write
|
||
|
2C4F000
|
stack
|
page read and write
|
||
|
67881000
|
unkown
|
page execute read
|
||
|
295F240E000
|
heap
|
page read and write
|
||
|
295FC975000
|
heap
|
page read and write
|
||
|
7FF638500000
|
unkown
|
page readonly
|
||
|
303E000
|
stack
|
page read and write
|
||
|
B266DBF000
|
stack
|
page read and write
|
||
|
62EA2000
|
unkown
|
page write copy
|
||
|
180E000
|
stack
|
page read and write
|
||
|
A97000
|
heap
|
page read and write
|
||
|
37AE000
|
stack
|
page read and write
|
||
|
295FD079000
|
heap
|
page read and write
|
||
|
17005524000
|
heap
|
page read and write
|
||
|
295FCFAA000
|
heap
|
page read and write
|
||
|
7FF6DBA32000
|
unkown
|
page readonly
|
||
|
5CE000
|
stack
|
page read and write
|
||
|
1707C4B2000
|
heap
|
page read and write
|
||
|
1707C44A000
|
heap
|
page read and write
|
||
|
170001A0000
|
heap
|
page read and write
|
||
|
295F2B59000
|
heap
|
page read and write
|
||
|
58D000
|
unkown
|
page readonly
|
||
|
1700420F000
|
heap
|
page read and write
|
||
|
17003FCD000
|
heap
|
page read and write
|
||
|
295FD1F0000
|
direct allocation
|
page read and write
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
295FCF99000
|
heap
|
page read and write
|
||
|
58C000
|
unkown
|
page read and write
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
17004161000
|
heap
|
page read and write
|
||
|
295FC8DB000
|
heap
|
page read and write
|
||
|
295F23E8000
|
heap
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
3FDB000
|
stack
|
page read and write
|
||
|
170040FF000
|
heap
|
page read and write
|
||
|
1707C4B2000
|
heap
|
page read and write
|
||
|
3098000
|
heap
|
page read and write
|
||
|
495E000
|
stack
|
page read and write
|
||
|
295FD135000
|
heap
|
page read and write
|
||
|
295FC88E000
|
heap
|
page read and write
|
||
|
7FF6DAD71000
|
unkown
|
page execute read
|
||
|
583000
|
unkown
|
page read and write
|
||
|
7FF6DB771000
|
unkown
|
page execute read
|
||
|
295FCFA5000
|
heap
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
295FCEE0000
|
heap
|
page read and write
|
||
|
295FCF83000
|
heap
|
page read and write
|
||
|
B26515E000
|
stack
|
page read and write
|
||
|
295FD2E3000
|
direct allocation
|
page read and write
|
||
|
2FC1000
|
unclassified section
|
page execute read
|
||
|
295F24D0000
|
direct allocation
|
page read and write
|
||
|
68B76000
|
unkown
|
page readonly
|
||
|
295F23A5000
|
heap
|
page read and write
|
||
|
295FCFC5000
|
heap
|
page read and write
|
||
|
295FCF97000
|
heap
|
page read and write
|
||
|
678A6000
|
unkown
|
page write copy
|
||
|
2910000
|
heap
|
page read and write
|
||
|
295FC975000
|
heap
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
B265ADE000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
295F2320000
|
heap
|
page read and write
|
||
|
295FD3B0000
|
direct allocation
|
page read and write
|
||
|
170F000
|
stack
|
page read and write
|
||
|
295FD0D1000
|
heap
|
page read and write
|
||
|
933FFE000
|
stack
|
page read and write
|
||
|
295FDC50000
|
direct allocation
|
page read and write
|
||
|
14F0000
|
unclassified section
|
page execute and read and write
|
||
|
295FD3B0000
|
direct allocation
|
page read and write
|
||
|
9D1000
|
unclassified section
|
page execute read
|
||
|
472E000
|
stack
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
170040BA000
|
heap
|
page read and write
|
||
|
437E000
|
stack
|
page read and write
|
||
|
1EE5000
|
unkown
|
page read and write
|
||
|
295FD250000
|
direct allocation
|
page read and write
|
||
|
69A3E000
|
unkown
|
page readonly
|
||
|
30AD000
|
heap
|
page read and write
|
||
|
295F2590000
|
direct allocation
|
page read and write
|
||
|
295FCC90000
|
direct allocation
|
page read and write
|
||
|
933DFF000
|
stack
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
295F2340000
|
direct allocation
|
page read and write
|
||
|
7FF6DBA68000
|
unkown
|
page write copy
|
||
|
295F23C7000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
295FD177000
|
heap
|
page read and write
|
||
|
7FF638533000
|
unkown
|
page read and write
|
||
|
295FD166000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
295F2B88000
|
heap
|
page read and write
|
||
|
6789E000
|
unkown
|
page readonly
|
||
|
295FD2E2000
|
direct allocation
|
page read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
295FCE6D000
|
heap
|
page read and write
|
||
|
17000A00000
|
heap
|
page read and write
|
||
|
295FD7C0000
|
direct allocation
|
page read and write
|
||
|
295FD2E2000
|
direct allocation
|
page read and write
|
||
|
499F000
|
stack
|
page read and write
|
||
|
191000
|
unkown
|
page execute read
|
||
|
7FF6DAD70000
|
unkown
|
page readonly
|
||
|
933CFE000
|
stack
|
page read and write
|
||
|
AEB000
|
heap
|
page read and write
|
||
|
295FD870000
|
trusted library allocation
|
page read and write
|
||
|
7FF6DBAD7000
|
unkown
|
page readonly
|
||
|
295FCFF2000
|
heap
|
page read and write
|
||
|
1EE9000
|
unkown
|
page readonly
|
||
|
581000
|
unkown
|
page execute read
|
||
|
2880000
|
heap
|
page read and write
|
||
|
295FCF04000
|
heap
|
page read and write
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
296F000
|
stack
|
page read and write
|
||
|
2F40000
|
heap
|
page read and write
|
||
|
295F23E9000
|
heap
|
page read and write
|
||
|
582000
|
unkown
|
page readonly
|
||
|
2AFF000
|
heap
|
page read and write
|
||
|
295FCE84000
|
heap
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
17004220000
|
heap
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
170041FD000
|
heap
|
page read and write
|
||
|
295FCDB0000
|
heap
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
295FD3B0000
|
direct allocation
|
page read and write
|
||
|
1707C438000
|
heap
|
page read and write
|
||
|
B268A0F000
|
stack
|
page read and write
|
||
|
9D5000
|
unclassified section
|
page readonly
|
||
|
3A6D000
|
stack
|
page read and write
|
||
|
48AB000
|
stack
|
page read and write
|
||
|
6A880000
|
unkown
|
page readonly
|
||
|
7FF638521000
|
unkown
|
page readonly
|
||
|
49B2000
|
heap
|
page read and write
|
||
|
49C0000
|
heap
|
page read and write
|
||
|
7FF63853F000
|
unkown
|
page readonly
|
||
|
486E000
|
stack
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
37CE000
|
stack
|
page read and write
|
||
|
58C000
|
unkown
|
page read and write
|
||
|
295F2B55000
|
heap
|
page read and write
|
||
|
3AAE000
|
stack
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
6AF12000
|
unkown
|
page read and write
|
||
|
295FCF81000
|
heap
|
page read and write
|
||
|
1767000
|
heap
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
17000070000
|
heap
|
page read and write
|
||
|
295FD071000
|
heap
|
page read and write
|
||
|
3BAB000
|
stack
|
page read and write
|
||
|
17BB000
|
heap
|
page read and write
|
||
|
295FD07D000
|
heap
|
page read and write
|
||
|
295FD135000
|
heap
|
page read and write
|
||
|
17002800000
|
heap
|
page read and write
|
||
|
9340FF000
|
stack
|
page read and write
|
||
|
295FCD10000
|
direct allocation
|
page read and write
|
||
|
295FDCB0000
|
direct allocation
|
page read and write
|
||
|
295FD3B0000
|
direct allocation
|
page read and write
|
||
|
295FD184000
|
heap
|
page read and write
|
||
|
16A1000
|
unclassified section
|
page execute read
|
||
|
295FD4C0000
|
direct allocation
|
page read and write
|
||
|
295FCF06000
|
heap
|
page read and write
|
||
|
295FCAC0000
|
direct allocation
|
page read and write
|
||
|
151A000
|
heap
|
page read and write
|
||
|
17003FA1000
|
heap
|
page read and write
|
||
|
295F23EB000
|
heap
|
page read and write
|
||
|
295FCD10000
|
direct allocation
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
295FCFB1000
|
heap
|
page read and write
|
||
|
3010000
|
heap
|
page read and write
|
||
|
295FCFA1000
|
heap
|
page read and write
|
||
|
7FF6DAD70000
|
unkown
|
page readonly
|
||
|
2B04000
|
heap
|
page read and write
|
||
|
2977000
|
heap
|
page read and write
|
||
|
1335000
|
heap
|
page read and write
|
||
|
295FCF9C000
|
heap
|
page read and write
|
||
|
62E9E000
|
unkown
|
page readonly
|
||
|
8FA000
|
stack
|
page read and write
|
||
|
317B000
|
stack
|
page read and write
|
||
|
3B8E000
|
stack
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
17000000000
|
heap
|
page read and write
|
||
|
295FD169000
|
heap
|
page read and write
|
||
|
295FD720000
|
direct allocation
|
page read and write
|
||
|
58D000
|
unkown
|
page readonly
|
||
|
295FCB00000
|
direct allocation
|
page read and write
|
||
|
295FD168000
|
heap
|
page read and write
|
||
|
4FFE000
|
stack
|
page read and write
|
||
|
1760000
|
heap
|
page read and write
|
||
|
7FF638501000
|
unkown
|
page execute read
|
||
|
295FD8C0000
|
direct allocation
|
page read and write
|
||
|
295F2AF9000
|
heap
|
page read and write
|
||
|
581000
|
unkown
|
page execute read
|
||
|
27D5000
|
heap
|
page read and write
|
||
|
2FB0000
|
direct allocation
|
page read and write
|
||
|
295F2B4E000
|
heap
|
page read and write
|
||
|
295F2B58000
|
heap
|
page read and write
|
||
|
295FDB10000
|
direct allocation
|
page read and write
|
||
|
69A01000
|
unkown
|
page execute read
|
||
|
295FD135000
|
heap
|
page read and write
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
492E000
|
stack
|
page read and write
|
||
|
295FD900000
|
direct allocation
|
page read and write
|
||
|
17CB000
|
heap
|
page read and write
|
||
|
6A89B000
|
unkown
|
page readonly
|
||
|
30FF000
|
stack
|
page read and write
|
||
|
295F4570000
|
direct allocation
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
17003F9C000
|
heap
|
page read and write
|
||
|
295F2AFB000
|
heap
|
page read and write
|
||
|
C8F000
|
stack
|
page read and write
|
||
|
1585000
|
heap
|
page read and write
|
||
|
58D000
|
unkown
|
page readonly
|
||
|
376E000
|
stack
|
page read and write
|
||
|
17000075000
|
heap
|
page read and write
|
||
|
1510000
|
unclassified section
|
page execute and read and write
|
||
|
2ADB000
|
stack
|
page read and write
|
||
|
2EFD000
|
stack
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
17003200000
|
heap
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
71000000
|
unkown
|
page readonly
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
295FD192000
|
heap
|
page read and write
|
||
|
295F2B10000
|
heap
|
page read and write
|
||
|
405C000
|
stack
|
page read and write
|
||
|
17ED000
|
heap
|
page read and write
|
||
|
295FDB90000
|
direct allocation
|
page read and write
|
||
|
295FD1B0000
|
direct allocation
|
page read and write
|
||
|
584000
|
unkown
|
page write copy
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
415C000
|
stack
|
page read and write
|
||
|
295FDB50000
|
direct allocation
|
page read and write
|
||
|
295FD182000
|
heap
|
page read and write
|
||
|
295FCD10000
|
direct allocation
|
page read and write
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
1591000
|
unkown
|
page execute read
|
||
|
28FE000
|
stack
|
page read and write
|
||
|
282E000
|
stack
|
page read and write
|
||
|
6A8A1000
|
unkown
|
page readonly
|
||
|
295B000
|
heap
|
page read and write
|
||
|
295FD173000
|
heap
|
page read and write
|
||
|
295FCF51000
|
heap
|
page read and write
|
||
|
583000
|
unkown
|
page write copy
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
295FD440000
|
direct allocation
|
page read and write
|
||
|
582000
|
unkown
|
page readonly
|
||
|
17001E00000
|
heap
|
page read and write
|
||
|
1707C492000
|
heap
|
page read and write
|
||
|
6AF16000
|
unkown
|
page readonly
|
||
|
583000
|
unkown
|
page read and write
|
||
|
68B78000
|
unkown
|
page read and write
|
||
|
48ED000
|
stack
|
page read and write
|
||
|
581000
|
unkown
|
page execute read
|
||
|
2A50000
|
heap
|
page read and write
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
9D3000
|
unclassified section
|
page readonly
|
||
|
295FCFF2000
|
heap
|
page read and write
|
||
|
295F2455000
|
heap
|
page read and write
|
||
|
678A3000
|
unkown
|
page write copy
|
||
|
295F2C30000
|
direct allocation
|
page read and write
|
||
|
295FD171000
|
heap
|
page read and write
|
||
|
3090000
|
heap
|
page read and write
|
||
|
295FCDF1000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
4F7F000
|
stack
|
page read and write
|
||
|
295FD3B0000
|
direct allocation
|
page read and write
|
||
|
190000
|
unkown
|
page readonly
|
||
|
582000
|
unkown
|
page readonly
|
||
|
58D000
|
unkown
|
page readonly
|
||
|
239B000
|
stack
|
page read and write
|
||
|
295FD1B0000
|
direct allocation
|
page read and write
|
||
|
3F30000
|
heap
|
page read and write
|
||
|
4E7E000
|
stack
|
page read and write
|
||
|
2F45000
|
heap
|
page read and write
|
||
|
1576000
|
heap
|
page read and write
|
||
|
295FD3B0000
|
direct allocation
|
page read and write
|
||
|
17004268000
|
heap
|
page read and write
|
||
|
295FCF51000
|
heap
|
page read and write
|
||
|
295FCD10000
|
direct allocation
|
page read and write
|
||
|
295FCFC2000
|
heap
|
page read and write
|
||
|
4EFB000
|
stack
|
page read and write
|
||
|
295FCF8E000
|
heap
|
page read and write
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
295FCE86000
|
heap
|
page read and write
|
||
|
295F2660000
|
heap
|
page read and write
|
||
|
17003F37000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
17004245000
|
heap
|
page read and write
|
||
|
583000
|
unkown
|
page write copy
|
||
|
295FCF06000
|
heap
|
page read and write
|
||
|
254B000
|
stack
|
page read and write
|
||
|
584000
|
unkown
|
page write copy
|
||
|
295FD2E0000
|
direct allocation
|
page read and write
|
||
|
295FDCB0000
|
direct allocation
|
page read and write
|
||
|
2AA0000
|
heap
|
page read and write
|
||
|
34DB000
|
stack
|
page read and write
|
||
|
390F000
|
stack
|
page read and write
|
||
|
1707C44A000
|
heap
|
page read and write
|
||
|
4B2E000
|
stack
|
page read and write
|
||
|
4020000
|
heap
|
page read and write
|
||
|
295FCFB4000
|
heap
|
page read and write
|
||
|
295FCFF2000
|
heap
|
page read and write
|
||
|
295FCFF2000
|
heap
|
page read and write
|
||
|
295F23C6000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
1707C48E000
|
heap
|
page read and write
|
||
|
69A33000
|
unkown
|
page readonly
|
||
|
62EA3000
|
unkown
|
page readonly
|
||
|
295FD071000
|
heap
|
page read and write
|
||
|
295F2550000
|
direct allocation
|
page read and write
|
||
|
295FCA80000
|
direct allocation
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
295FC8DF000
|
heap
|
page read and write
|
||
|
295FDBD0000
|
direct allocation
|
page read and write
|
||
|
1707C390000
|
heap
|
page read and write
|
||
|
156E000
|
stack
|
page read and write
|
||
|
295FD07D000
|
heap
|
page read and write
|
||
|
1500000
|
direct allocation
|
page read and write
|
||
|
62E95000
|
unkown
|
page readonly
|
||
|
295FCEE0000
|
heap
|
page read and write
|
||
|
678A1000
|
unkown
|
page readonly
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
2B4E000
|
stack
|
page read and write
|
||
|
1707C4C1000
|
heap
|
page read and write
|
||
|
252F000
|
stack
|
page read and write
|
||
|
295FD186000
|
heap
|
page read and write
|
||
|
295FCEDD000
|
heap
|
page read and write
|
||
|
295FCFBF000
|
heap
|
page read and write
|
||
|
295F4830000
|
direct allocation
|
page read and write
|
||
|
6AEE9000
|
unkown
|
page readonly
|
||
|
1707C4A3000
|
heap
|
page read and write
|
||
|
295F4560000
|
heap
|
page read and write
|
||
|
46AB000
|
stack
|
page read and write
|
||
|
235B000
|
stack
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
306A000
|
heap
|
page read and write
|
||
|
295FD0BF000
|
heap
|
page read and write
|
||
|
582000
|
unkown
|
page readonly
|
||
|
295FD071000
|
heap
|
page read and write
|
||
|
1EE6000
|
unkown
|
page write copy
|
||
|
295FCD70000
|
direct allocation
|
page read and write
|
||
|
17004C68000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
1707C380000
|
heap
|
page read and write
|
||
|
1690000
|
direct allocation
|
page read and write
|
||
|
933996000
|
stack
|
page read and write
|
||
|
1707C4B2000
|
heap
|
page read and write
|
||
|
6AF10000
|
unkown
|
page readonly
|
||
|
136A000
|
stack
|
page read and write
|
||
|
295FCEE2000
|
heap
|
page read and write
|
||
|
17001400000
|
heap
|
page read and write
|
||
|
295FD135000
|
heap
|
page read and write
|
||
|
30C6000
|
heap
|
page read and write
|
||
|
16A3000
|
unclassified section
|
page readonly
|
||
|
71001000
|
unkown
|
page execute read
|
||
|
380E000
|
stack
|
page read and write
|
||
|
295F2B11000
|
heap
|
page read and write
|
||
|
6A89A000
|
unkown
|
page read and write
|
||
|
295FD320000
|
direct allocation
|
page read and write
|
||
|
295FCFC4000
|
heap
|
page read and write
|
||
|
2B80000
|
heap
|
page read and write
|
||
|
16A5000
|
unclassified section
|
page readonly
|
||
|
295FD3B0000
|
direct allocation
|
page read and write
|
||
|
68B7B000
|
unkown
|
page readonly
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
295FD6D0000
|
direct allocation
|
page read and write
|
||
|
295FCF8D000
|
heap
|
page read and write
|
||
|
6A8A2000
|
unkown
|
page read and write
|
||
|
1707C4A1000
|
heap
|
page read and write
|
||
|
7FF6DAD71000
|
unkown
|
page execute read
|
||
|
581000
|
unkown
|
page execute read
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
295FCE68000
|
heap
|
page read and write
|
||
|
933EFB000
|
stack
|
page read and write
|
||
|
295FD690000
|
direct allocation
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
295F47D0000
|
direct allocation
|
page read and write
|
||
|
296B000
|
heap
|
page read and write
|
||
|
4EC000
|
stack
|
page read and write
|
||
|
583000
|
unkown
|
page read and write
|
||
|
295FD480000
|
direct allocation
|
page read and write
|
||
|
295F2456000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
486F000
|
stack
|
page read and write
|
||
|
295FCD70000
|
direct allocation
|
page read and write
|
||
|
170040CA000
|
heap
|
page read and write
|
||
|
67898000
|
unkown
|
page readonly
|
||
|
295FDCB0000
|
direct allocation
|
page read and write
|
||
|
295FCEE2000
|
heap
|
page read and write
|
||
|
170041ED000
|
heap
|
page read and write
|
||
|
295FCFA6000
|
heap
|
page read and write
|
||
|
295FD0D1000
|
heap
|
page read and write
|
||
|
295F2210000
|
heap
|
page read and write
|
||
|
295FCE86000
|
heap
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
6A8A6000
|
unkown
|
page readonly
|
||
|
2FC5000
|
unclassified section
|
page readonly
|
||
|
396D000
|
stack
|
page read and write
|
There are 674 hidden memdumps, click here to show them.