Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
repo.noindex.zip
|
Zip archive data, at least v2.0 to extract, compression method=store
|
initial sample
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3d9a0d80-99f9-4f44-abc2-ea5de6f164ce.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7112
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 23
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSId55d7.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-29 11-02-11-111.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 27 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Windows\System32\OpenWith.exe
|
C:\Windows\system32\OpenWith.exe -Embedding
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\repo.noindex\repo.noindex\projectdata.rope"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276
--field-trial-handle=1600,i,3532387451054723791,1482370218202154262,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
chrome.cloudflare-dns.com
|
172.64.41.3
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.64.41.3
|
chrome.cloudflare-dns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\mspaint.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rope\UserChoice
|
ProgId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rope\UserChoice
|
Hash
|
||
|
HKEY_CURRENT_USER_Classes\.rope
|
NULL
|
||
|
HKEY_CURRENT_USER_Classes\
|
NULL
|
||
|
HKEY_CURRENT_USER_Classes\????
|
NULL
|
||
|
HKEY_CURRENT_USER_Classes\rope_auto_file\shell\Open\command
|
NULL
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts
|
rope_auto_file_.rope
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rope\OpenWithProgids
|
rope_auto_file
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rope\OpenWithList
|
b
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rope\OpenWithList
|
MRUList
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rope\OpenWithProgids
|
rope_auto_file
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
|
GlobalAssocChangedCounter
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
{6Q809377-6NS0-444O-8957-N3773S02200R}\Nqbor\Npebong QP\Npebong\Npebong.rkr
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
|
HRZR_PGYFRFFVBA
|
There are 22 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1640A58C000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640ECC3000
|
heap
|
page read and write
|
||
|
1640C520000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640A5EE000
|
heap
|
page read and write
|
||
|
1640EC7C000
|
heap
|
page read and write
|
||
|
1640A572000
|
heap
|
page read and write
|
||
|
1640C614000
|
heap
|
page read and write
|
||
|
1640A546000
|
heap
|
page read and write
|
||
|
1640A5C6000
|
heap
|
page read and write
|
||
|
4E4B97C000
|
stack
|
page read and write
|
||
|
1640C61E000
|
heap
|
page read and write
|
||
|
1640A5A3000
|
heap
|
page read and write
|
||
|
1640C5F6000
|
heap
|
page read and write
|
||
|
16410D14000
|
trusted library allocation
|
page read and write
|
||
|
1640EC49000
|
heap
|
page read and write
|
||
|
1640C5F5000
|
heap
|
page read and write
|
||
|
1640C555000
|
heap
|
page read and write
|
||
|
2BB4A7E000
|
stack
|
page read and write
|
||
|
1640C5C0000
|
heap
|
page read and write
|
||
|
1640EC97000
|
heap
|
page read and write
|
||
|
7DF4B4B81000
|
trusted library allocation
|
page execute read
|
||
|
1640A5D0000
|
heap
|
page read and write
|
||
|
1640EC4E000
|
heap
|
page read and write
|
||
|
1640A5C1000
|
heap
|
page read and write
|
||
|
1640A5CF000
|
heap
|
page read and write
|
||
|
1640A593000
|
heap
|
page read and write
|
||
|
1640C5F5000
|
heap
|
page read and write
|
||
|
1640C4B0000
|
heap
|
page read and write
|
||
|
1640C677000
|
heap
|
page read and write
|
||
|
1640C62F000
|
heap
|
page read and write
|
||
|
1640C4CF000
|
heap
|
page read and write
|
||
|
1640C5C0000
|
heap
|
page read and write
|
||
|
1640C5FF000
|
heap
|
page read and write
|
||
|
1640C5A4000
|
heap
|
page read and write
|
||
|
1640C657000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640C63B000
|
heap
|
page read and write
|
||
|
1640A57A000
|
heap
|
page read and write
|
||
|
1640C5DB000
|
heap
|
page read and write
|
||
|
1640BEEE000
|
heap
|
page read and write
|
||
|
1640A5B5000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640C612000
|
heap
|
page read and write
|
||
|
1640C5C2000
|
heap
|
page read and write
|
||
|
1640A5D5000
|
heap
|
page read and write
|
||
|
1640C51A000
|
heap
|
page read and write
|
||
|
1640A4B0000
|
heap
|
page read and write
|
||
|
1B1A9C70000
|
heap
|
page read and write
|
||
|
1640C5F1000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640C600000
|
heap
|
page read and write
|
||
|
1640A4F9000
|
heap
|
page read and write
|
||
|
1640A5EC000
|
heap
|
page read and write
|
||
|
1640A460000
|
heap
|
page read and write
|
||
|
1640A5EC000
|
heap
|
page read and write
|
||
|
1640A591000
|
heap
|
page read and write
|
||
|
1640C614000
|
heap
|
page read and write
|
||
|
1640C607000
|
heap
|
page read and write
|
||
|
1640C616000
|
heap
|
page read and write
|
||
|
1640C60B000
|
heap
|
page read and write
|
||
|
1640C5D0000
|
heap
|
page read and write
|
||
|
1640C621000
|
heap
|
page read and write
|
||
|
1640C534000
|
heap
|
page read and write
|
||
|
1640C5E2000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640C61C000
|
heap
|
page read and write
|
||
|
1640C5E5000
|
heap
|
page read and write
|
||
|
1640C5E3000
|
heap
|
page read and write
|
||
|
1640C63B000
|
heap
|
page read and write
|
||
|
1640A570000
|
heap
|
page read and write
|
||
|
1640C5E5000
|
heap
|
page read and write
|
||
|
1640ECAF000
|
heap
|
page read and write
|
||
|
1640C4E8000
|
heap
|
page read and write
|
||
|
1640C67D000
|
heap
|
page read and write
|
||
|
1640C621000
|
heap
|
page read and write
|
||
|
1640C618000
|
heap
|
page read and write
|
||
|
1640C610000
|
heap
|
page read and write
|
||
|
1640C62D000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
1640EC53000
|
heap
|
page read and write
|
||
|
1640C614000
|
heap
|
page read and write
|
||
|
1640C568000
|
heap
|
page read and write
|
||
|
1640A5C9000
|
heap
|
page read and write
|
||
|
1640EC5E000
|
heap
|
page read and write
|
||
|
1640BEEE000
|
heap
|
page read and write
|
||
|
1640EC49000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640C5EE000
|
heap
|
page read and write
|
||
|
1640C55D000
|
heap
|
page read and write
|
||
|
1B1A9A70000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640C60E000
|
heap
|
page read and write
|
||
|
1640C64F000
|
heap
|
page read and write
|
||
|
1640C61E000
|
heap
|
page read and write
|
||
|
1640C5E4000
|
heap
|
page read and write
|
||
|
1640C5E2000
|
heap
|
page read and write
|
||
|
1640EC2B000
|
heap
|
page read and write
|
||
|
1640C688000
|
heap
|
page read and write
|
||
|
1640EC99000
|
heap
|
page read and write
|
||
|
1640C614000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640C5C2000
|
heap
|
page read and write
|
||
|
1640C5F9000
|
heap
|
page read and write
|
||
|
1640C542000
|
heap
|
page read and write
|
||
|
1640C576000
|
heap
|
page read and write
|
||
|
1640C66B000
|
heap
|
page read and write
|
||
|
1640BEEE000
|
heap
|
page read and write
|
||
|
1640C565000
|
heap
|
page read and write
|
||
|
1640C518000
|
heap
|
page read and write
|
||
|
1640C606000
|
heap
|
page read and write
|
||
|
1640C567000
|
heap
|
page read and write
|
||
|
1640A55B000
|
heap
|
page read and write
|
||
|
1640A4F0000
|
heap
|
page read and write
|
||
|
1640BEE0000
|
heap
|
page read and write
|
||
|
1640A59F000
|
heap
|
page read and write
|
||
|
1640ECBD000
|
heap
|
page read and write
|
||
|
1640C525000
|
heap
|
page read and write
|
||
|
1640C61F000
|
heap
|
page read and write
|
||
|
1640C60B000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640C60B000
|
heap
|
page read and write
|
||
|
1640C5E9000
|
heap
|
page read and write
|
||
|
1640C552000
|
heap
|
page read and write
|
||
|
1640C5DB000
|
heap
|
page read and write
|
||
|
2BB47FE000
|
stack
|
page read and write
|
||
|
1640A5A7000
|
heap
|
page read and write
|
||
|
1640A552000
|
heap
|
page read and write
|
||
|
1640C65F000
|
heap
|
page read and write
|
||
|
1640A5A8000
|
heap
|
page read and write
|
||
|
1640BEEB000
|
heap
|
page read and write
|
||
|
1640C5DD000
|
heap
|
page read and write
|
||
|
2BB46FC000
|
stack
|
page read and write
|
||
|
1640A5A8000
|
heap
|
page read and write
|
||
|
1640A53F000
|
heap
|
page read and write
|
||
|
1640EC2D000
|
heap
|
page read and write
|
||
|
1640C621000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
1640BE90000
|
heap
|
page read and write
|
||
|
1640C5F9000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640C637000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640C61B000
|
heap
|
page read and write
|
||
|
1640C63B000
|
heap
|
page read and write
|
||
|
1640C57A000
|
heap
|
page read and write
|
||
|
1640C4F0000
|
heap
|
page read and write
|
||
|
1640C620000
|
heap
|
page read and write
|
||
|
1640C55F000
|
heap
|
page read and write
|
||
|
1640C525000
|
heap
|
page read and write
|
||
|
1640C5E3000
|
heap
|
page read and write
|
||
|
1640C5FB000
|
heap
|
page read and write
|
||
|
1640EC3E000
|
heap
|
page read and write
|
||
|
1640C5FA000
|
heap
|
page read and write
|
||
|
1640C4DF000
|
heap
|
page read and write
|
||
|
1640C520000
|
heap
|
page read and write
|
||
|
1640C616000
|
heap
|
page read and write
|
||
|
1640C623000
|
heap
|
page read and write
|
||
|
1640C61C000
|
heap
|
page read and write
|
||
|
1640ECB3000
|
heap
|
page read and write
|
||
|
4E4B678000
|
stack
|
page read and write
|
||
|
1640C60B000
|
heap
|
page read and write
|
||
|
1640EC9D000
|
heap
|
page read and write
|
||
|
1640C614000
|
heap
|
page read and write
|
||
|
1640EC6E000
|
heap
|
page read and write
|
||
|
1640C621000
|
heap
|
page read and write
|
||
|
1640C525000
|
heap
|
page read and write
|
||
|
1640C4EA000
|
heap
|
page read and write
|
||
|
1640C678000
|
heap
|
page read and write
|
||
|
1640C623000
|
heap
|
page read and write
|
||
|
1640EC6E000
|
heap
|
page read and write
|
||
|
1640F120000
|
trusted library allocation
|
page read and write
|
||
|
4E4B7FE000
|
stack
|
page read and write
|
||
|
1640C617000
|
heap
|
page read and write
|
||
|
1640C663000
|
heap
|
page read and write
|
||
|
1640EC56000
|
heap
|
page read and write
|
||
|
1640C588000
|
heap
|
page read and write
|
||
|
1640EC2D000
|
heap
|
page read and write
|
||
|
1640C537000
|
heap
|
page read and write
|
||
|
1640C5F5000
|
heap
|
page read and write
|
||
|
1640ECB1000
|
heap
|
page read and write
|
||
|
1640C5ED000
|
heap
|
page read and write
|
||
|
1640EC44000
|
heap
|
page read and write
|
||
|
1640C55A000
|
heap
|
page read and write
|
||
|
1640C61F000
|
heap
|
page read and write
|
||
|
1640C5D9000
|
heap
|
page read and write
|
||
|
1640A599000
|
heap
|
page read and write
|
||
|
1640C4EC000
|
heap
|
page read and write
|
||
|
1640E700000
|
trusted library allocation
|
page read and write
|
||
|
1640A599000
|
heap
|
page read and write
|
||
|
1640C667000
|
heap
|
page read and write
|
||
|
1640C5CA000
|
heap
|
page read and write
|
||
|
1640C5DB000
|
heap
|
page read and write
|
||
|
1640C4E4000
|
heap
|
page read and write
|
||
|
1640C61E000
|
heap
|
page read and write
|
||
|
1640C5D4000
|
heap
|
page read and write
|
||
|
1640C53F000
|
heap
|
page read and write
|
||
|
1640F2A0000
|
heap
|
page read and write
|
||
|
1640EC20000
|
heap
|
page read and write
|
||
|
1640EC93000
|
heap
|
page read and write
|
||
|
1640C55A000
|
heap
|
page read and write
|
||
|
1640C628000
|
heap
|
page read and write
|
||
|
1640C613000
|
heap
|
page read and write
|
||
|
1640A5C8000
|
heap
|
page read and write
|
||
|
1640C67D000
|
heap
|
page read and write
|
||
|
1640EC28000
|
heap
|
page read and write
|
||
|
1640ECC7000
|
heap
|
page read and write
|
||
|
1640C64B000
|
heap
|
page read and write
|
||
|
1640C615000
|
heap
|
page read and write
|
||
|
1640C63F000
|
heap
|
page read and write
|
||
|
1640C608000
|
heap
|
page read and write
|
||
|
1640EC43000
|
heap
|
page read and write
|
||
|
1640C52D000
|
heap
|
page read and write
|
||
|
1640BEE5000
|
heap
|
page read and write
|
||
|
1640EC85000
|
heap
|
page read and write
|
||
|
1640A569000
|
heap
|
page read and write
|
||
|
1640C5CC000
|
heap
|
page read and write
|
||
|
1640C614000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
1640A5B3000
|
heap
|
page read and write
|
||
|
1640ECB5000
|
heap
|
page read and write
|
||
|
1640A5B4000
|
heap
|
page read and write
|
||
|
1640C610000
|
heap
|
page read and write
|
||
|
1640C4FE000
|
heap
|
page read and write
|
||
|
1B1A9B78000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640ECC8000
|
heap
|
page read and write
|
||
|
1640BEED000
|
heap
|
page read and write
|
||
|
1640A5B5000
|
heap
|
page read and write
|
||
|
1640C567000
|
heap
|
page read and write
|
||
|
1640EC66000
|
heap
|
page read and write
|
||
|
1640C653000
|
heap
|
page read and write
|
||
|
1640C5D0000
|
heap
|
page read and write
|
||
|
1640C618000
|
heap
|
page read and write
|
||
|
1640C556000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
1640A582000
|
heap
|
page read and write
|
||
|
1640EC43000
|
heap
|
page read and write
|
||
|
1640ECAB000
|
heap
|
page read and write
|
||
|
1640EC43000
|
heap
|
page read and write
|
||
|
1B1A9CF5000
|
heap
|
page read and write
|
||
|
1640C618000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640C5F1000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
1640C583000
|
heap
|
page read and write
|
||
|
1640C628000
|
heap
|
page read and write
|
||
|
1640A5E8000
|
heap
|
page read and write
|
||
|
16411230000
|
heap
|
page read and write
|
||
|
1640A5B1000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
4E4B6FE000
|
stack
|
page read and write
|
||
|
1640EC56000
|
heap
|
page read and write
|
||
|
1640A5BF000
|
heap
|
page read and write
|
||
|
1640C621000
|
heap
|
page read and write
|
||
|
1640A5EE000
|
heap
|
page read and write
|
||
|
1640C5D0000
|
heap
|
page read and write
|
||
|
1640C56B000
|
heap
|
page read and write
|
||
|
1640A5CD000
|
heap
|
page read and write
|
||
|
1640C61E000
|
heap
|
page read and write
|
||
|
1640EC99000
|
heap
|
page read and write
|
||
|
4E4B9FE000
|
stack
|
page read and write
|
||
|
1B1A9CF0000
|
heap
|
page read and write
|
||
|
1640C5FF000
|
heap
|
page read and write
|
||
|
1640A5A1000
|
heap
|
page read and write
|
||
|
1640A5C8000
|
heap
|
page read and write
|
||
|
1640A591000
|
heap
|
page read and write
|
||
|
1640C60F000
|
heap
|
page read and write
|
||
|
1640C5F9000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
2BB477E000
|
stack
|
page read and write
|
||
|
1640C4BB000
|
heap
|
page read and write
|
||
|
1640C576000
|
heap
|
page read and write
|
||
|
1640EC5E000
|
heap
|
page read and write
|
||
|
1640C621000
|
heap
|
page read and write
|
||
|
1640C534000
|
heap
|
page read and write
|
||
|
1640EC3F000
|
heap
|
page read and write
|
||
|
1640C53D000
|
heap
|
page read and write
|
||
|
1640A559000
|
heap
|
page read and write
|
||
|
1640C5FD000
|
heap
|
page read and write
|
||
|
1640C612000
|
heap
|
page read and write
|
||
|
1640C4D8000
|
heap
|
page read and write
|
||
|
1640C52E000
|
heap
|
page read and write
|
||
|
1640C616000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640A554000
|
heap
|
page read and write
|
||
|
1640C64F000
|
heap
|
page read and write
|
||
|
1640C62D000
|
heap
|
page read and write
|
||
|
1640C614000
|
heap
|
page read and write
|
||
|
1640C5E9000
|
heap
|
page read and write
|
||
|
1640C58F000
|
heap
|
page read and write
|
||
|
1640C5D3000
|
heap
|
page read and write
|
||
|
1640C63F000
|
heap
|
page read and write
|
||
|
1640A5EC000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640EC5A000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
1640EC93000
|
heap
|
page read and write
|
||
|
1640C643000
|
heap
|
page read and write
|
||
|
1640C584000
|
heap
|
page read and write
|
||
|
1640C5D7000
|
heap
|
page read and write
|
||
|
1640C5DA000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640C568000
|
heap
|
page read and write
|
||
|
1640C610000
|
heap
|
page read and write
|
||
|
1640EC2E000
|
heap
|
page read and write
|
||
|
1640C5FD000
|
heap
|
page read and write
|
||
|
1640C610000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640A59F000
|
heap
|
page read and write
|
||
|
1B1A9B50000
|
heap
|
page read and write
|
||
|
1640C621000
|
heap
|
page read and write
|
||
|
1640A59D000
|
heap
|
page read and write
|
||
|
1B1AB590000
|
heap
|
page read and write
|
||
|
16411450000
|
heap
|
page readonly
|
||
|
1640C66F000
|
heap
|
page read and write
|
||
|
1640C5EC000
|
heap
|
page read and write
|
||
|
1640A5BB000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640C4EE000
|
heap
|
page read and write
|
||
|
1640C57C000
|
heap
|
page read and write
|
||
|
1640C5D1000
|
heap
|
page read and write
|
||
|
1640C4D1000
|
heap
|
page read and write
|
||
|
1640C614000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
1640C4BF000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640C53F000
|
heap
|
page read and write
|
||
|
1640EC51000
|
heap
|
page read and write
|
||
|
1640A5B5000
|
heap
|
page read and write
|
||
|
1640C602000
|
heap
|
page read and write
|
||
|
1640C4C6000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
1640C5F6000
|
heap
|
page read and write
|
||
|
1640C594000
|
heap
|
page read and write
|
||
|
1640C61C000
|
heap
|
page read and write
|
||
|
1640A5AC000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640C62D000
|
heap
|
page read and write
|
||
|
1640ECA0000
|
heap
|
page read and write
|
||
|
4E4BA7B000
|
stack
|
page read and write
|
||
|
1640C5FD000
|
heap
|
page read and write
|
||
|
1640C4E4000
|
heap
|
page read and write
|
||
|
4E4B8FE000
|
stack
|
page read and write
|
||
|
1640C5AC000
|
heap
|
page read and write
|
||
|
1640A5D1000
|
heap
|
page read and write
|
||
|
1640C5DB000
|
heap
|
page read and write
|
||
|
1640C4F0000
|
heap
|
page read and write
|
||
|
1640ECBC000
|
heap
|
page read and write
|
||
|
1640C628000
|
heap
|
page read and write
|
||
|
1640C60F000
|
heap
|
page read and write
|
||
|
1640C5DB000
|
heap
|
page read and write
|
||
|
1640EC5C000
|
heap
|
page read and write
|
||
|
1640C5ED000
|
heap
|
page read and write
|
||
|
4E4B77E000
|
stack
|
page read and write
|
||
|
1640C61C000
|
heap
|
page read and write
|
||
|
1640C5DB000
|
heap
|
page read and write
|
||
|
1640C60C000
|
heap
|
page read and write
|
||
|
1640C5E2000
|
heap
|
page read and write
|
||
|
1640A58B000
|
heap
|
page read and write
|
||
|
1640C5FD000
|
heap
|
page read and write
|
||
|
1640C5E5000
|
heap
|
page read and write
|
||
|
1640C5D9000
|
heap
|
page read and write
|
||
|
1640C5EA000
|
heap
|
page read and write
|
||
|
1640C608000
|
heap
|
page read and write
|
||
|
1640C616000
|
heap
|
page read and write
|
||
|
1640C5FD000
|
heap
|
page read and write
|
||
|
1640C5DB000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640C5FC000
|
heap
|
page read and write
|
||
|
1640C4C4000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640C544000
|
heap
|
page read and write
|
||
|
1640C607000
|
heap
|
page read and write
|
||
|
1640C5E9000
|
heap
|
page read and write
|
||
|
1640C4E4000
|
heap
|
page read and write
|
||
|
1640C60B000
|
heap
|
page read and write
|
||
|
1640A593000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
16410D32000
|
trusted library allocation
|
page read and write
|
||
|
1640C675000
|
heap
|
page read and write
|
||
|
1640C5CE000
|
heap
|
page read and write
|
||
|
1640C5C5000
|
heap
|
page read and write
|
||
|
1640C647000
|
heap
|
page read and write
|
||
|
1640A5EE000
|
heap
|
page read and write
|
||
|
1640C61C000
|
heap
|
page read and write
|
||
|
4E4BC7B000
|
stack
|
page read and write
|
||
|
1640C4FE000
|
heap
|
page read and write
|
||
|
4E4B87E000
|
stack
|
page read and write
|
||
|
1640C5F3000
|
heap
|
page read and write
|
||
|
1640C64B000
|
heap
|
page read and write
|
||
|
1640EC4E000
|
heap
|
page read and write
|
||
|
1640C5FD000
|
heap
|
page read and write
|
||
|
1640A5B7000
|
heap
|
page read and write
|
||
|
1640C633000
|
heap
|
page read and write
|
||
|
1640C633000
|
heap
|
page read and write
|
||
|
1640A5D0000
|
heap
|
page read and write
|
||
|
1640C620000
|
heap
|
page read and write
|
||
|
1640C5FD000
|
heap
|
page read and write
|
||
|
1640C577000
|
heap
|
page read and write
|
||
|
1640C55D000
|
heap
|
page read and write
|
||
|
1640C647000
|
heap
|
page read and write
|
||
|
1640C618000
|
heap
|
page read and write
|
||
|
1640C5FD000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640C61C000
|
heap
|
page read and write
|
||
|
1640C5A4000
|
heap
|
page read and write
|
||
|
1640C616000
|
heap
|
page read and write
|
||
|
1640A566000
|
heap
|
page read and write
|
||
|
1640C51A000
|
heap
|
page read and write
|
||
|
1640C5D2000
|
heap
|
page read and write
|
||
|
1640EC41000
|
heap
|
page read and write
|
||
|
1640C5B0000
|
heap
|
page read and write
|
||
|
1640C616000
|
heap
|
page read and write
|
||
|
1640A470000
|
heap
|
page read and write
|
||
|
1640C612000
|
heap
|
page read and write
|
||
|
1640A5A9000
|
heap
|
page read and write
|
||
|
1640C624000
|
heap
|
page read and write
|
||
|
1640EC5A000
|
heap
|
page read and write
|
||
|
1640ECBF000
|
heap
|
page read and write
|
||
|
1640ECA9000
|
heap
|
page read and write
|
||
|
1640C5AC000
|
heap
|
page read and write
|
||
|
1640C562000
|
heap
|
page read and write
|
||
|
1640C61E000
|
heap
|
page read and write
|
||
|
1640A5AB000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640C618000
|
heap
|
page read and write
|
||
|
1640BEEA000
|
heap
|
page read and write
|
||
|
1640C5F1000
|
heap
|
page read and write
|
||
|
1640C643000
|
heap
|
page read and write
|
||
|
1640C60F000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640C4E4000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640C4E6000
|
heap
|
page read and write
|
||
|
1640A5B8000
|
heap
|
page read and write
|
||
|
1640C607000
|
heap
|
page read and write
|
||
|
1640A599000
|
heap
|
page read and write
|
||
|
1640A5A3000
|
heap
|
page read and write
|
||
|
1640A5A2000
|
heap
|
page read and write
|
||
|
1640C4E4000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640C574000
|
heap
|
page read and write
|
||
|
1640C5FA000
|
heap
|
page read and write
|
||
|
1640C633000
|
heap
|
page read and write
|
||
|
1640C518000
|
heap
|
page read and write
|
||
|
1B1A9B70000
|
heap
|
page read and write
|
||
|
1640A5AB000
|
heap
|
page read and write
|
||
|
1640C5A4000
|
heap
|
page read and write
|
||
|
1640C5C6000
|
heap
|
page read and write
|
||
|
1640C5AC000
|
heap
|
page read and write
|
||
|
1640C5C8000
|
heap
|
page read and write
|
||
|
1640C653000
|
heap
|
page read and write
|
||
|
1640C610000
|
heap
|
page read and write
|
||
|
1640EC24000
|
heap
|
page read and write
|
||
|
1640C637000
|
heap
|
page read and write
|
||
|
1640C5E2000
|
heap
|
page read and write
|
||
|
1640C688000
|
heap
|
page read and write
|
||
|
1640EC82000
|
heap
|
page read and write
|
||
|
1640C5DC000
|
heap
|
page read and write
|
||
|
1640A53A000
|
heap
|
page read and write
|
||
|
1640C647000
|
heap
|
page read and write
|
||
|
1640C63F000
|
heap
|
page read and write
|
||
|
1640C689000
|
heap
|
page read and write
|
||
|
1640C4DC000
|
heap
|
page read and write
|
||
|
1640C5C4000
|
heap
|
page read and write
|
||
|
1640A5CA000
|
heap
|
page read and write
|
||
|
1640A5EE000
|
heap
|
page read and write
|
||
|
1640ECA1000
|
heap
|
page read and write
|
||
|
1640C614000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
||
|
1640C4C1000
|
heap
|
page read and write
|
||
|
1640C604000
|
heap
|
page read and write
|
||
|
1640EC7A000
|
heap
|
page read and write
|
||
|
1640C4F2000
|
heap
|
page read and write
|
||
|
1640C5FC000
|
heap
|
page read and write
|
||
|
1640C61C000
|
heap
|
page read and write
|
||
|
1640C60B000
|
heap
|
page read and write
|
||
|
1640C5FD000
|
heap
|
page read and write
|
||
|
1640C5FA000
|
heap
|
page read and write
|
||
|
1640A564000
|
heap
|
page read and write
|
||
|
1640C65B000
|
heap
|
page read and write
|
||
|
1640C564000
|
heap
|
page read and write
|
||
|
1640C610000
|
heap
|
page read and write
|
||
|
1640C57C000
|
heap
|
page read and write
|
||
|
1640C5DF000
|
heap
|
page read and write
|
||
|
1640C558000
|
heap
|
page read and write
|
||
|
1640EC97000
|
heap
|
page read and write
|
||
|
1640C5FB000
|
heap
|
page read and write
|
||
|
1640C612000
|
heap
|
page read and write
|
||
|
1640C5EA000
|
heap
|
page read and write
|
||
|
1640C5A4000
|
heap
|
page read and write
|
||
|
1640C61C000
|
heap
|
page read and write
|
||
|
1640C5E4000
|
heap
|
page read and write
|
||
|
1640A591000
|
heap
|
page read and write
|
||
|
1640EC4E000
|
heap
|
page read and write
|
||
|
1640A5D8000
|
heap
|
page read and write
|
||
|
1640A5BE000
|
heap
|
page read and write
|
||
|
1640C552000
|
heap
|
page read and write
|
||
|
1640C613000
|
heap
|
page read and write
|
||
|
1640C5E8000
|
heap
|
page read and write
|
There are 494 hidden memdumps, click here to show them.