Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Blue-Cloner-Signed.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
|
JSON data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\7zxa64.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AdobeXMPFiles.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CompSvcsPkg.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\CryptoPP530Fips32.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\EppManifest.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MSB1FREN.DLL
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\MXF_SDK_XMLBuilder_1.3.39_vs10.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.AspNetCore.Http.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.Build.Tasks.CodeAnalysis.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.DotNet.DesignTools.Protocol.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.ExtendedReflection.Reasoning.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Services.CodeReview.WebApi.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.Setup.Download.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\UIAutomationClientSideProviders.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WRLiloPlugin.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WindowsBase.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\WzWXFln64.dll
|
PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\boost_python-vc90-mt-gd-1_47.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\gnsdk_musicid.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\jp2ssv.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x
|
data
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.dif
|
data
|
dropped
|
||
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\perf_intervals.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\jsc.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\083223c6-26bb-4051-8817-3a2545d860fb.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1f9373ec-d9ac-4192-b48d-998ecc5795b9.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\642f6698-516c-4f1c-b8df-e0a357bf0e21.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D57D72-184C.pma
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D57D72-B34.pma
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D57DA4-2FC.pma
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D57DA5-210.pma
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\13df94de-b61e-4b7f-84b2-1afea581d44c.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\42d17259-de75-4bd8-92a6-0c4d50f8f8c7.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\78dc4621-cae5-4ab1-940b-ea7d919ef0b5.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old~RF36dfd.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old~RF36dfd.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old~RF36e0d.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old~RF3710a.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old~RF36f93.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\todelete_ff8a3123a9b659a2
(copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old~RF370bc.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386518133307201
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386518184833936
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old~RF36dee.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old~RF3711a.TMP
(copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust
Tokens
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8,
version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old~RF36d9f.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 89, cookie
0x36, schema 4, UTF-8, version-valid-for 10
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\cce2a117-934c-43f7-a38b-9df31a10c7ac.tmp
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8,
version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old~RF3705f.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old~RF3703f.TMP (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2a27f.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2a445.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36831.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3693a.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3694a.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36e2c.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fdabdcc0-430d-4658-b99d-02fac7543da9.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_isdecmp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-14NCV.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_iscrypt.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_isdecmp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-HLUPI.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\tmp1BEF.tmp
|
SQLite 3.x database, last written using SQLite version 3046000, file counter 12, database pages 6, 1st free page 4, free pages
1, cookie 0x17, schema 4, UTF-8, version-valid-for 12
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp24F9.tmp
|
SQLite 3.x database, last written using SQLite version 3046000, file counter 12, database pages 6, 1st free page 4, free pages
1, cookie 0x17, schema 4, UTF-8, version-valid-for 12
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpFAAB.tmp
|
SQLite 3.x database, last written using SQLite version 3046000, file counter 12, database pages 6, 1st free page 4, free pages
1, cookie 0x17, schema 4, UTF-8, version-valid-for 12
|
dropped
|
||
|
C:\Users\user\AppData\Local\ksedtnorf\llg\background.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\ksedtnorf\llg\content.js
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\ksedtnorf\llg\icon.png
|
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\ksedtnorf\llg\jquery.js
|
ASCII text, with very long lines (32086)
|
dropped
|
||
|
C:\Users\user\AppData\Local\ksedtnorf\llg\manifest.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\7zxa64.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AdobeXMPFiles.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CompSvcsPkg.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\CryptoPP530Fips32.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\EppManifest.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MSB1FREN.DLL (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\MXF_SDK_XMLBuilder_1.3.39_vs10.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.AspNetCore.Http.dll (copy)
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.Build.Tasks.CodeAnalysis.dll (copy)
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.DotNet.DesignTools.Protocol.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.ExtendedReflection.Reasoning.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.TestPlatform.VsTestConsole.TranslationLayer.dll
(copy)
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Services.CodeReview.WebApi.dll
(copy)
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.Setup.Download.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\Microsoft.VisualStudio.TestPlatform.ObjectModel.dll (copy)
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\UIAutomationClientSideProviders.dll (copy)
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WRLiloPlugin.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WindowsBase.dll (copy)
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\WzWXFln64.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\Atlassian.Bitbucket.UI.exe (copy)
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\WhoUses.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\ahost.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\bzip2.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\gettext.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-askpass.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\git-upload-pack.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-16T1P.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-2T9KN.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-5CO57.tmp
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7PBMM.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-7V644.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-9Q7I2.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-AM20K.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-BS67M.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F170C.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-F1F38.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-FATKD.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-GFSB8.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-J998I.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-MV4I3.tmp
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-Q86LU.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-QM56C.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\is-V2HAC.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kcpytkt.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kdestroy.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kinit.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kpasswd.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\kvno.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\lzmadec.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\p11-kit.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\psl.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\scalar.exe (copy)
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\bin\x86_64-w64-mingw32-agrep.exe (copy)
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\boost_python-vc90-mt-gd-1_47.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\gnsdk_musicid.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-0B1I3.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-0DKEL.tmp
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-0GSKS.tmp
|
data
|
modified
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1ETL8.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-1Q7FG.tmp
|
PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-67O6P.tmp
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7P6L7.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-7RJUF.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-82LNC.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-9I5HK.tmp
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-F4AFB.tmp
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-G5EHS.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-GOG00.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-I90HQ.tmp
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-K5Q6M.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-L9AJM.tmp
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-LMMQQ.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-M1I32.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-N4QCG.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-O9589.tmp
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-PGLBN.tmp
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-QNESL.tmp
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-REOGC.tmp
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-S2L72.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SEJ7F.tmp
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\is-SRMF3.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\jp2ssv.dll (copy)
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\lionheartedly.a3x (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\lionheartedly.dif (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\perf_intervals.dll (copy)
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
Chrome Cache Entry: 214
|
ASCII text
|
downloaded
|
||
|
Chrome Cache Entry: 215
|
ASCII text, with very long lines (65531)
|
downloaded
|
||
|
Chrome Cache Entry: 216
|
ASCII text, with very long lines (2764)
|
downloaded
|
There are 212 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp
|
"C:\Users\user~1\AppData\Local\Temp\is-JKB6U.tmp\Blue-Cloner-Signed.tmp" /SL5="$203F2,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe"
/VERYSILENT
|
|
|
|
C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe
|
"C:\Users\user\AppData\Roaming\{4408DCF6-F8CF-46C7-9F4F-00812F90192A}\AutoIt3.exe" lionheartedly.a3x
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9502 --profile-directory="Default"
|
|
|
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe
|
"C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Autoit3.exe" "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
|
|
|
|
C:\9e146be9-c76a-4720-bcdb-53011b87bd06\AutoIt3.exe
|
"C:\9e146be9-c76a-4720-bcdb-53011b87bd06\Autoit3.exe" "C:\9e146be9-c76a-4720-bcdb-53011b87bd06\lionheartedly.a3x"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9897 --profile-directory="Default"
|
|
|
|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2188,i,17180470386210367676,4269936662652460596,262144
--variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2192 /prefetch:3
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory="Default"
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2588 --field-trial-handle=2080,i,12350679301300759523,9547740877792458895,262144
/prefetch:3
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=8053 --profile-directory=Default --flag-switches-begin
--flag-switches-end --disable-nacl --do-not-de-elevate
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=2076,i,17998252986563725011,528699901736445202,262144
/prefetch:3
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory="Default"
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=2336,i,5047216504094889522,3815978345748103374,262144
/prefetch:3
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=7905 --profile-directory=Default --flag-switches-begin
--flag-switches-end --disable-nacl --do-not-de-elevate
|
|
|
|
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2424 --field-trial-handle=2512,i,1085491752832484117,15979880841371217689,262144
/prefetch:3
|
|
|
|
C:\Users\user\Desktop\Blue-Cloner-Signed.exe
|
"C:\Users\user\Desktop\Blue-Cloner-Signed.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp
|
"C:\Users\user~1\AppData\Local\Temp\is-KJ2AK.tmp\Blue-Cloner-Signed.tmp" /SL5="$203E4,16056410,995328,C:\Users\user\Desktop\Blue-Cloner-Signed.exe"
|
||
|
C:\Users\user\Desktop\Blue-Cloner-Signed.exe
|
"C:\Users\user\Desktop\Blue-Cloner-Signed.exe" /VERYSILENT
|
There are 11 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://194.26.29.44:9000/wbinjget?q=ABEE5D020398559D1CCC81B5F72669AE
|
194.26.29.44
|
|
|
|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47
|
unknown
|
||
|
http://www.vmware.com/0
|
unknown
|
||
|
http://repository.certum.pl/cscasha2.cer0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://www.winzip.com/authenticode.htm0
|
unknown
|
||
|
https://github.com/dotnet/roslyn
|
unknown
|
||
|
http://uri.etsi.org/01903/v1.2.2#bhttp://uri.etsi.org/01903/v1.2.2#SignedProperties
|
unknown
|
||
|
https://github.com/dotnet/aspnetcore
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://uri.etsi.org/01903/v1.2.2#yHKEY_LOCAL_MACHINE
|
unknown
|
||
|
https://github.com/microsoft/winforms-designer
|
unknown
|
||
|
https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js
|
204.79.197.203
|
||
|
https://www.remobjects.com/ps
|
unknown
|
||
|
http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://micros
|
unknown
|
||
|
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531
|
204.79.197.203
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
https://www.innosetup.com/
|
unknown
|
||
|
https://sectigo.com/CPS0D
|
unknown
|
||
|
https://jrsoftware.org0
|
unknown
|
||
|
https://jrsoftware.org/
|
unknown
|
||
|
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
142.250.185.228
|
||
|
https://github.com/dotnet/aspnetcore/tree/57512b49997283599b00a6b67d0ccebaec171daf
|
unknown
|
||
|
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
|
142.250.185.228
|
||
|
http://schemas.xmlsoap.org/disco/http://schemas.xmlsoap.org/wsdl/XMLDocument
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://localhostrootServerBindingsSecureBindingshttps://localhost443:http://localhostprimaryfusion.d
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.cb278af4d754dd8a1a58.js
|
204.79.197.203
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
https://github.com/dotnet/wpf
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
https://login.microsoftonline.comH72f988bf-86f1-41af-91ab-2d7cd011db47
|
unknown
|
||
|
https://www.google.com/async/newtab_promos
|
142.250.185.228
|
||
|
http://www.autoitscript.com/autoit3/X
|
unknown
|
||
|
https://pastebin.com/raw/WQwfZTNB
|
unknown
|
||
|
https://www.certum.pl/CPS0
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://crl.certum.pl/cscasha2.crl0q
|
unknown
|
||
|
http://cscasha2.ocsp-certum.com04
|
unknown
|
||
|
https://pastebin.com/raw/WQwfZTNBPO
|
unknown
|
||
|
https://www.google.com/async/ddljson?async=ntp:2
|
142.250.185.228
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://uri.etsi.org/01903/v1.2.2#SignedProperties
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://github.com/dotnet/wpf4
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
There are 39 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
a416.dscd.akamai.net
|
2.22.242.105
|
||
|
a-0003.a-msedge.net
|
204.79.197.203
|
||
|
c-msn-pme.trafficmanager.net
|
13.74.129.1
|
||
|
ssl.bingadsedgeextension-prod-europe.azurewebsites.net
|
94.245.104.56
|
||
|
sb.scorecardresearch.com
|
18.244.18.32
|
||
|
www.google.com
|
142.250.185.228
|
||
|
ax-0001.ax-msedge.net
|
150.171.27.10
|
||
|
a233.dscd.akamai.net
|
2.22.242.122
|
||
|
bzib.nelreports.net
|
unknown
|
||
|
assets.msn.com
|
unknown
|
||
|
c.msn.com
|
unknown
|
||
|
ntp.msn.com
|
unknown
|
||
|
api.msn.com
|
unknown
|
There are 3 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.7
|
unknown
|
unknown
|
|
|
|
194.26.29.44
|
unknown
|
unknown
|
|
|
|
2.22.242.122
|
a233.dscd.akamai.net
|
European Union
|
||
|
142.250.185.228
|
www.google.com
|
United States
|
||
|
2.22.242.105
|
a416.dscd.akamai.net
|
European Union
|
||
|
2.22.242.11
|
unknown
|
European Union
|
||
|
13.74.129.1
|
c-msn-pme.trafficmanager.net
|
United States
|
||
|
2.19.96.66
|
unknown
|
European Union
|
||
|
18.244.18.32
|
sb.scorecardresearch.com
|
United States
|
||
|
150.171.27.10
|
ax-0001.ax-msedge.net
|
United States
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
204.79.197.203
|
a-0003.a-msedge.net
|
United States
|
There are 3 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFiles0000
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
RegFilesHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
lionheartedly
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
|
Left
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\MSUTB
|
Top
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
gceookfcdfofclcndfnfpcheccdekecg
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
freseenversion
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
freseen
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
|
is_dse_recommended
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Defaults
|
is_startup_page_recommended
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\590902
|
WindowTabManagerFileMappingId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
media.cdm.origin_data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
software_reporter.reporting
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
media.storage_id_salt
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_startup_urls
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.prompt_wave
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
edge.services.account_id
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
software_reporter.prompt_seed
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_homepage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
edge.services.last_username
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
default_search_provider_data.template_url_data
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
safebrowsing.incidents_sent
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
pinned_tabs
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
search_provider_overrides
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
edge.services.last_account_id
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
software_reporter.prompt_version
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
session.startup_urls
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
session.restore_on_startup
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
settings_reset_prompt.last_triggered_for_default_search
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
prefs.preference_reset_time
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
browser.show_home_button
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
homepage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default
|
homepage_is_newtabpage
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
lastrun
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\PreferenceMACs\Default\extensions.settings
|
gceookfcdfofclcndfnfpcheccdekecg
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\393516
|
WindowTabManagerFileMappingId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
|
StatusCodes
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
|
state
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
|
user_experience_metrics.stability.exited_cleanly
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
|
lastrun
|
There are 69 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
732000
|
remote allocation
|
page execute and read and write
|
|
|
|
D0F000
|
stack
|
page read and write
|
||
|
221A000
|
direct allocation
|
page read and write
|
||
|
22B1000
|
direct allocation
|
page read and write
|
||
|
6362000
|
heap
|
page read and write
|
||
|
6792000
|
heap
|
page read and write
|
||
|
5627000
|
heap
|
page read and write
|
||
|
6602000
|
heap
|
page read and write
|
||
|
18039AB0000
|
unkown
|
page readonly
|
||
|
570F000
|
heap
|
page read and write
|
||
|
59A9000
|
heap
|
page read and write
|
||
|
3608000
|
direct allocation
|
page read and write
|
||
|
5A8F000
|
heap
|
page read and write
|
||
|
65D8000
|
heap
|
page read and write
|
||
|
250B000
|
direct allocation
|
page read and write
|
||
|
B00000
|
trusted library allocation
|
page read and write
|
||
|
2213000
|
direct allocation
|
page read and write
|
||
|
67CC000
|
heap
|
page read and write
|
||
|
5A7C000
|
heap
|
page read and write
|
||
|
21E4000
|
direct allocation
|
page read and write
|
||
|
1A757FF000
|
stack
|
page read and write
|
||
|
636F000
|
heap
|
page read and write
|
||
|
6CA0000B4000
|
direct allocation
|
page read and write
|
||
|
A5B000
|
trusted library allocation
|
page execute and read and write
|
||
|
6352000
|
heap
|
page read and write
|
||
|
59A1000
|
heap
|
page read and write
|
||
|
619C000
|
heap
|
page read and write
|
||
|
3FB000
|
stack
|
page read and write
|
||
|
619C000
|
heap
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
660C000
|
heap
|
page read and write
|
||
|
599D000
|
heap
|
page read and write
|
||
|
47CD000
|
stack
|
page read and write
|
||
|
6199000
|
heap
|
page read and write
|
||
|
60BE000
|
heap
|
page read and write
|
||
|
6CA000098000
|
direct allocation
|
page read and write
|
||
|
84E000
|
stack
|
page read and write
|
||
|
2C1000
|
unkown
|
page readonly
|
||
|
24C1000
|
direct allocation
|
page read and write
|
||
|
57E7000
|
heap
|
page read and write
|
||
|
6D3000
|
unkown
|
page read and write
|
||
|
25C3000
|
heap
|
page read and write
|
||
|
6521000
|
heap
|
page read and write
|
||
|
6604000
|
heap
|
page read and write
|
||
|
48CD000
|
stack
|
page read and write
|
||
|
3CB0000
|
heap
|
page read and write
|
||
|
5FD5000
|
heap
|
page read and write
|
||
|
708000
|
heap
|
page read and write
|
||
|
60B7000
|
heap
|
page read and write
|
||
|
2286000
|
direct allocation
|
page read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
6276000
|
heap
|
page read and write
|
||
|
60B0000
|
heap
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
E21000
|
unkown
|
page write copy
|
||
|
6448000
|
heap
|
page read and write
|
||
|
180331C0000
|
heap
|
page read and write
|
||
|
3731000
|
heap
|
page read and write
|
||
|
562D000
|
heap
|
page read and write
|
||
|
633D000
|
heap
|
page read and write
|
||
|
4EC00002C000
|
direct allocation
|
page read and write
|
||
|
225A000
|
direct allocation
|
page read and write
|
||
|
60BC000
|
heap
|
page read and write
|
||
|
DED000
|
unkown
|
page readonly
|
||
|
21E0000
|
direct allocation
|
page read and write
|
||
|
59A5000
|
heap
|
page read and write
|
||
|
18032FB0000
|
heap
|
page read and write
|
||
|
6277000
|
heap
|
page read and write
|
||
|
6529000
|
heap
|
page read and write
|
||
|
31FE000
|
heap
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
5A8E000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
6C4000
|
unkown
|
page read and write
|
||
|
6195000
|
heap
|
page read and write
|
||
|
23FA000
|
direct allocation
|
page read and write
|
||
|
2309000
|
direct allocation
|
page read and write
|
||
|
5995000
|
heap
|
page read and write
|
||
|
619A000
|
heap
|
page read and write
|
||
|
5706000
|
heap
|
page read and write
|
||
|
A45000
|
heap
|
page read and write
|
||
|
627B000
|
heap
|
page read and write
|
||
|
58CB000
|
heap
|
page read and write
|
||
|
60B8000
|
heap
|
page read and write
|
||
|
6446000
|
heap
|
page read and write
|
||
|
6199000
|
heap
|
page read and write
|
||
|
2538000
|
direct allocation
|
page read and write
|
||
|
3671000
|
heap
|
page read and write
|
||
|
636F000
|
heap
|
page read and write
|
||
|
66EF000
|
heap
|
page read and write
|
||
|
2360000
|
direct allocation
|
page read and write
|
||
|
5A68000
|
heap
|
page read and write
|
||
|
60BD000
|
heap
|
page read and write
|
||
|
7FE06000
|
direct allocation
|
page read and write
|
||
|
6361000
|
heap
|
page read and write
|
||
|
2D5000
|
unkown
|
page readonly
|
||
|
18034AB0000
|
unkown
|
page readonly
|
||
|
67CE000
|
heap
|
page read and write
|
||
|
66AC000
|
heap
|
page read and write
|
||
|
21FD000
|
direct allocation
|
page read and write
|
||
|
6CA0000DC000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5A86000
|
heap
|
page read and write
|
||
|
66E2000
|
heap
|
page read and write
|
||
|
625A000
|
heap
|
page read and write
|
||
|
23EC000
|
direct allocation
|
page read and write
|
||
|
6278000
|
heap
|
page read and write
|
||
|
24A4000
|
direct allocation
|
page read and write
|
||
|
6175000
|
heap
|
page read and write
|
||
|
60BC000
|
heap
|
page read and write
|
||
|
6273000
|
heap
|
page read and write
|
||
|
6E9000
|
unkown
|
page readonly
|
||
|
6D3000
|
unkown
|
page read and write
|
||
|
66EF000
|
heap
|
page read and write
|
||
|
E1D000
|
unkown
|
page write copy
|
||
|
1A737EE000
|
stack
|
page read and write
|
||
|
6CA000098000
|
direct allocation
|
page read and write
|
||
|
5B51000
|
heap
|
page read and write
|
||
|
3CB0000
|
heap
|
page read and write
|
||
|
6340000
|
heap
|
page read and write
|
||
|
310D000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
65FC000
|
heap
|
page read and write
|
||
|
A45000
|
heap
|
page read and write
|
||
|
965000
|
heap
|
page read and write
|
||
|
1A747FE000
|
unkown
|
page read and write
|
||
|
65FE000
|
heap
|
page read and write
|
||
|
9F2000
|
heap
|
page read and write
|
||
|
2221000
|
direct allocation
|
page read and write
|
||
|
57E1000
|
heap
|
page read and write
|
||
|
2358000
|
direct allocation
|
page read and write
|
||
|
5EF7000
|
heap
|
page read and write
|
||
|
9F9000
|
heap
|
page read and write
|
||
|
21D9000
|
direct allocation
|
page read and write
|
||
|
58CB000
|
heap
|
page read and write
|
||
|
E25000
|
unkown
|
page readonly
|
||
|
B8C000
|
heap
|
page read and write
|
||
|
65F4000
|
heap
|
page read and write
|
||
|
9FF000
|
heap
|
page read and write
|
||
|
2563000
|
direct allocation
|
page read and write
|
||
|
35D4000
|
direct allocation
|
page read and write
|
||
|
B10000
|
direct allocation
|
page execute and read and write
|
||
|
627A000
|
heap
|
page read and write
|
||
|
635A000
|
heap
|
page read and write
|
||
|
26B0000
|
trusted library allocation
|
page read and write
|
||
|
6191000
|
heap
|
page read and write
|
||
|
3614000
|
direct allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
6529000
|
heap
|
page read and write
|
||
|
180336B0000
|
unkown
|
page readonly
|
||
|
18033090000
|
heap
|
page read and write
|
||
|
4CB000
|
unkown
|
page readonly
|
||
|
255C000
|
direct allocation
|
page read and write
|
||
|
58B9000
|
heap
|
page read and write
|
||
|
390E000
|
stack
|
page read and write
|
||
|
E1D000
|
unkown
|
page write copy
|
||
|
2D1000
|
unkown
|
page write copy
|
||
|
6276000
|
heap
|
page read and write
|
||
|
66D6000
|
heap
|
page read and write
|
||
|
2261000
|
direct allocation
|
page read and write
|
||
|
2302000
|
direct allocation
|
page read and write
|
||
|
24DC000
|
direct allocation
|
page read and write
|
||
|
231F000
|
direct allocation
|
page read and write
|
||
|
5FD7000
|
heap
|
page read and write
|
||
|
57E8000
|
heap
|
page read and write
|
||
|
6CA0000A8000
|
direct allocation
|
page read and write
|
||
|
617C000
|
heap
|
page read and write
|
||
|
229F000
|
direct allocation
|
page read and write
|
||
|
635A000
|
heap
|
page read and write
|
||
|
570D000
|
heap
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
21E8000
|
direct allocation
|
page read and write
|
||
|
5FD4000
|
heap
|
page read and write
|
||
|
6280000
|
heap
|
page read and write
|
||
|
B18000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
6275000
|
heap
|
page read and write
|
||
|
5703000
|
heap
|
page read and write
|
||
|
644C000
|
heap
|
page read and write
|
||
|
6286000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
180340B0000
|
unkown
|
page readonly
|
||
|
21C8000
|
direct allocation
|
page read and write
|
||
|
88E000
|
stack
|
page read and write
|
||
|
2310000
|
direct allocation
|
page read and write
|
||
|
6604000
|
heap
|
page read and write
|
||
|
2326000
|
direct allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
23DD000
|
direct allocation
|
page read and write
|
||
|
3971000
|
heap
|
page read and write
|
||
|
5B50000
|
heap
|
page read and write
|
||
|
358E000
|
direct allocation
|
page read and write
|
||
|
65F2000
|
heap
|
page read and write
|
||
|
66B6000
|
heap
|
page read and write
|
||
|
67C2000
|
heap
|
page read and write
|
||
|
3CB1000
|
heap
|
page read and write
|
||
|
5A7A000
|
heap
|
page read and write
|
||
|
643E000
|
heap
|
page read and write
|
||
|
66E7000
|
heap
|
page read and write
|
||
|
60B3000
|
heap
|
page read and write
|
||
|
226A000
|
direct allocation
|
page read and write
|
||
|
3A4E000
|
stack
|
page read and write
|
||
|
23B1000
|
direct allocation
|
page read and write
|
||
|
60B5000
|
heap
|
page read and write
|
||
|
26E0000
|
heap
|
page read and write
|
||
|
228D000
|
direct allocation
|
page read and write
|
||
|
22AD000
|
direct allocation
|
page read and write
|
||
|
221F000
|
direct allocation
|
page read and write
|
||
|
66D5000
|
heap
|
page read and write
|
||
|
6270000
|
heap
|
page read and write
|
||
|
4F8000
|
unkown
|
page readonly
|
||
|
57E9000
|
heap
|
page read and write
|
||
|
59AA000
|
heap
|
page read and write
|
||
|
2464000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
B5A000
|
heap
|
page read and write
|
||
|
4C4E000
|
stack
|
page read and write
|
||
|
5A7F000
|
heap
|
page read and write
|
||
|
6520000
|
heap
|
page read and write
|
||
|
59AB000
|
heap
|
page read and write
|
||
|
627A000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
5B4D000
|
heap
|
page read and write
|
||
|
2318000
|
direct allocation
|
page read and write
|
||
|
5FD1000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
3CB1000
|
heap
|
page read and write
|
||
|
627B000
|
heap
|
page read and write
|
||
|
36F1000
|
trusted library allocation
|
page read and write
|
||
|
5FD7000
|
heap
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
66EC000
|
heap
|
page read and write
|
||
|
619F000
|
heap
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
636A000
|
heap
|
page read and write
|
||
|
2246000
|
direct allocation
|
page read and write
|
||
|
59AD000
|
heap
|
page read and write
|
||
|
18A5000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
E11000
|
unkown
|
page readonly
|
||
|
636B000
|
heap
|
page read and write
|
||
|
21CA000
|
direct allocation
|
page read and write
|
||
|
627B000
|
heap
|
page read and write
|
||
|
A13000
|
trusted library allocation
|
page execute and read and write
|
||
|
E25000
|
unkown
|
page readonly
|
||
|
890000
|
heap
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
5EFD000
|
heap
|
page read and write
|
||
|
5A7A000
|
heap
|
page read and write
|
||
|
3930000
|
heap
|
page read and write
|
||
|
6DB000
|
unkown
|
page readonly
|
||
|
652E000
|
heap
|
page read and write
|
||
|
58CD000
|
heap
|
page read and write
|
||
|
570F000
|
heap
|
page read and write
|
||
|
58B0000
|
heap
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
5B51000
|
heap
|
page read and write
|
||
|
22BC000
|
direct allocation
|
page read and write
|
||
|
65F6000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
180331E0000
|
heap
|
page readonly
|
||
|
6CA0000B4000
|
direct allocation
|
page read and write
|
||
|
B25000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
890000
|
heap
|
page read and write
|
||
|
570B000
|
heap
|
page read and write
|
||
|
6520000
|
heap
|
page read and write
|
||
|
6274000
|
heap
|
page read and write
|
||
|
562A000
|
heap
|
page read and write
|
||
|
66EE000
|
heap
|
page read and write
|
||
|
18037CB0000
|
unkown
|
page readonly
|
||
|
22D0000
|
direct allocation
|
page read and write
|
||
|
64F5000
|
heap
|
page read and write
|
||
|
59AB000
|
heap
|
page read and write
|
||
|
2334000
|
direct allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
5A76000
|
heap
|
page read and write
|
||
|
236C000
|
direct allocation
|
page read and write
|
||
|
239B000
|
direct allocation
|
page read and write
|
||
|
4F4F000
|
stack
|
page read and write
|
||
|
3E54000
|
heap
|
page read and write
|
||
|
66EC000
|
heap
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
2580000
|
heap
|
page read and write
|
||
|
59A3000
|
heap
|
page read and write
|
||
|
6601000
|
heap
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
6197000
|
heap
|
page read and write
|
||
|
B76000
|
heap
|
page read and write
|
||
|
59AC000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
5EF3000
|
heap
|
page read and write
|
||
|
253F000
|
direct allocation
|
page read and write
|
||
|
619F000
|
heap
|
page read and write
|
||
|
5FDF000
|
heap
|
page read and write
|
||
|
60BD000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
66E0000
|
heap
|
page read and write
|
||
|
21C0000
|
direct allocation
|
page read and write
|
||
|
6284000
|
heap
|
page read and write
|
||
|
67C6000
|
heap
|
page read and write
|
||
|
22B8000
|
direct allocation
|
page read and write
|
||
|
59A9000
|
heap
|
page read and write
|
||
|
6CA0000A8000
|
direct allocation
|
page read and write
|
||
|
6199000
|
heap
|
page read and write
|
||
|
222F000
|
direct allocation
|
page read and write
|
||
|
6253000
|
heap
|
page read and write
|
||
|
6609000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
21DD000
|
direct allocation
|
page read and write
|
||
|
6441000
|
heap
|
page read and write
|
||
|
9DC000
|
heap
|
page read and write
|
||
|
660A000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
5FD5000
|
heap
|
page read and write
|
||
|
6CB000
|
unkown
|
page read and write
|
||
|
6CA0000B8000
|
direct allocation
|
page read and write
|
||
|
652D000
|
heap
|
page read and write
|
||
|
2FB7000
|
heap
|
page read and write
|
||
|
6278000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
6CA0000B8000
|
direct allocation
|
page read and write
|
||
|
4B9000
|
unkown
|
page read and write
|
||
|
18033360000
|
heap
|
page read and write
|
||
|
3CB1000
|
heap
|
page read and write
|
||
|
A39000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
660A000
|
heap
|
page read and write
|
||
|
6367000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
5FD5000
|
heap
|
page read and write
|
||
|
57EA000
|
heap
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
23D6000
|
direct allocation
|
page read and write
|
||
|
636E000
|
heap
|
page read and write
|
||
|
6285000
|
heap
|
page read and write
|
||
|
22E3000
|
direct allocation
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
6605000
|
heap
|
page read and write
|
||
|
3B8C000
|
stack
|
page read and write
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
6CE000
|
unkown
|
page read and write
|
||
|
619F000
|
heap
|
page read and write
|
||
|
D51000
|
unkown
|
page execute read
|
||
|
6F8000
|
stack
|
page read and write
|
||
|
6C4000
|
unkown
|
page write copy
|
||
|
3CB1000
|
heap
|
page read and write
|
||
|
6195000
|
heap
|
page read and write
|
||
|
62DF000
|
stack
|
page read and write
|
||
|
180386B0000
|
unkown
|
page readonly
|
||
|
232D000
|
direct allocation
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
23CF000
|
direct allocation
|
page read and write
|
||
|
6609000
|
heap
|
page read and write
|
||
|
5B59000
|
heap
|
page read and write
|
||
|
21D2000
|
direct allocation
|
page read and write
|
||
|
2238000
|
direct allocation
|
page read and write
|
||
|
2578000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
5EFA000
|
heap
|
page read and write
|
||
|
9BB000
|
heap
|
page read and write
|
||
|
5995000
|
heap
|
page read and write
|
||
|
A24000
|
trusted library allocation
|
page read and write
|
||
|
67C4000
|
heap
|
page read and write
|
||
|
619F000
|
heap
|
page read and write
|
||
|
57E0000
|
heap
|
page read and write
|
||
|
24DF000
|
direct allocation
|
page read and write
|
||
|
66E0000
|
heap
|
page read and write
|
||
|
5B5A000
|
heap
|
page read and write
|
||
|
599C000
|
heap
|
page read and write
|
||
|
6199000
|
heap
|
page read and write
|
||
|
B33000
|
heap
|
page read and write
|
||
|
3B4F000
|
stack
|
page read and write
|
||
|
5B54000
|
heap
|
page read and write
|
||
|
B0C000
|
trusted library allocation
|
page read and write
|
||
|
6517000
|
heap
|
page read and write
|
||
|
2571000
|
direct allocation
|
page read and write
|
||
|
24D0000
|
direct allocation
|
page read and write
|
||
|
58B5000
|
heap
|
page read and write
|
||
|
A15000
|
heap
|
page read and write
|
||
|
6278000
|
heap
|
page read and write
|
||
|
35B1000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
unkown
|
page read and write
|
||
|
22AA000
|
direct allocation
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
229C000
|
direct allocation
|
page read and write
|
||
|
180330C8000
|
heap
|
page read and write
|
||
|
9E2000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
6359000
|
heap
|
page read and write
|
||
|
2268000
|
direct allocation
|
page read and write
|
||
|
57E8000
|
heap
|
page read and write
|
||
|
6357000
|
heap
|
page read and write
|
||
|
2512000
|
direct allocation
|
page read and write
|
||
|
644B000
|
heap
|
page read and write
|
||
|
9BF000
|
heap
|
page read and write
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
A42000
|
heap
|
page read and write
|
||
|
5B5F000
|
heap
|
page read and write
|
||
|
6174000
|
heap
|
page read and write
|
||
|
223B000
|
direct allocation
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
652B000
|
heap
|
page read and write
|
||
|
2251000
|
direct allocation
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
8FF000
|
stack
|
page read and write
|
||
|
227F000
|
direct allocation
|
page read and write
|
||
|
67BA000
|
heap
|
page read and write
|
||
|
23B8000
|
direct allocation
|
page read and write
|
||
|
6CE000
|
unkown
|
page read and write
|
||
|
66EC000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
18033200000
|
trusted library allocation
|
page read and write
|
||
|
180368B0000
|
unkown
|
page readonly
|
||
|
D50000
|
unkown
|
page readonly
|
||
|
31FF000
|
heap
|
page read and write
|
||
|
6194000
|
heap
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
6275000
|
heap
|
page read and write
|
||
|
65F1000
|
heap
|
page read and write
|
||
|
6351000
|
heap
|
page read and write
|
||
|
29D000
|
unkown
|
page readonly
|
||
|
6278000
|
heap
|
page read and write
|
||
|
249D000
|
direct allocation
|
page read and write
|
||
|
2228000
|
direct allocation
|
page read and write
|
||
|
3970000
|
heap
|
page read and write
|
||
|
570C000
|
heap
|
page read and write
|
||
|
21B9000
|
direct allocation
|
page read and write
|
||
|
B29000
|
heap
|
page read and write
|
||
|
2CD000
|
unkown
|
page write copy
|
||
|
644A000
|
heap
|
page read and write
|
||
|
5A7B000
|
heap
|
page read and write
|
||
|
5B6A000
|
heap
|
page read and write
|
||
|
8D9000
|
heap
|
page read and write
|
||
|
66EC000
|
heap
|
page read and write
|
||
|
9EB000
|
heap
|
page read and write
|
||
|
180372B0000
|
unkown
|
page readonly
|
||
|
60B2000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
660E000
|
heap
|
page read and write
|
||
|
1803A4B0000
|
unkown
|
page readonly
|
||
|
6604000
|
heap
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
58BF000
|
heap
|
page read and write
|
||
|
635B000
|
heap
|
page read and write
|
||
|
35DF000
|
direct allocation
|
page read and write
|
||
|
23E4000
|
direct allocation
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
914000
|
heap
|
page read and write
|
||
|
6350000
|
heap
|
page read and write
|
||
|
60BD000
|
heap
|
page read and write
|
||
|
66BE000
|
heap
|
page read and write
|
||
|
26AF000
|
stack
|
page read and write
|
||
|
6CB000
|
unkown
|
page read and write
|
||
|
201000
|
unkown
|
page execute read
|
||
|
A3C000
|
heap
|
page read and write
|
||
|
6448000
|
heap
|
page read and write
|
||
|
652F000
|
heap
|
page read and write
|
||
|
A43000
|
heap
|
page read and write
|
||
|
6607000
|
heap
|
page read and write
|
||
|
2351000
|
direct allocation
|
page read and write
|
||
|
5FD5000
|
heap
|
page read and write
|
||
|
2298000
|
direct allocation
|
page read and write
|
||
|
58BF000
|
heap
|
page read and write
|
||
|
6CA0000C0000
|
direct allocation
|
page read and write
|
||
|
66E3000
|
heap
|
page read and write
|