Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
CH _ MEP.pdf
|
PDF document, version 1.7 (zip deflate encoded)
|
initial sample
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4c325830-6988-46bb-bf5e-e0d1f2d221ff.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log
|
data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241031165014Z-187.bmp
|
PC bitmap, Windows 3.x format, 164 x -109 x 32, cbSize 71558, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 11
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Search\402eb33653842c4b902fa9b7151145eb.idx
|
data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 23
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIc5022.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 12-50-12-965.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\05a23d4e-49aa-4800-9ebd-d456c3bf4470.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\105ffe12-9a19-4b72-9464-162650dd955e.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\1ff37967-30cf-41be-bfa1-d449b511639c.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\2101c37a-407e-4f8c-9da2-26a5ef972d9f.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\f3912de1-2cc7-4c5a-b8a4-a7c9f8fda4b0.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T0.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T1.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T10.tmp
|
SVr3 curses screen image, big-endian
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T11.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T12.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T13.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T2.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T3.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T4.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T5.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T6.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T7.tmp
|
DIY-Thermocam raw data (Lepton 2.x), scale 0-8, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale
bar, calibration: offset 0.000000, slope 142336.000000
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T8.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\T9.tmp
|
OpenPGP Secret Key
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Annss.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Annssi.dat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\Annssk.dat
|
data
|
dropped
|
There are 64 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CH _ MEP.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264
--field-trial-handle=1580,i,618128829641308069,12324996105360670069,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe" --type=compute-only-broker --ipc-rdr-channel=ko.8320e781.b4ef9eb8.2
--ipc-co-channel=ko.a009a94d.40722085.1 --proc=5 --helperprocpid=6880 --channeltype=2 /CR
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\Acrobat.exe" --type=compute-only-renderer --ipc-rdr-channel=ko.8320e781.b4ef9eb8.2
--ipc-co-channel=ko.a009a94d.40722085.1 --proc=5 --helperprocpid=6880 --channeltype=2 /n /prefetch:2 /CR
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://x1.i.lencr.org/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
x1.i.lencr.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
96.7.168.138
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
bisSharedFile
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C92000
|
heap
|
page read and write
|
||
|
75BD000
|
heap
|
page read and write
|
||
|
C6A000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
77D8000
|
heap
|
page read and write
|
||
|
CA2000
|
heap
|
page read and write
|
||
|
7C79000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CBD000
|
heap
|
page read and write
|
||
|
7DFC000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
7D54000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
4F9000
|
stack
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
CDD000
|
heap
|
page read and write
|
||
|
CE5000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
77B7000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
C38000
|
heap
|
page read and write
|
||
|
BFA000
|
remote allocation
|
page execute read
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
CC7000
|
heap
|
page read and write
|
||
|
7940000
|
heap
|
page read and write
|
||
|
7A49000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
7B50000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
7B30000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
78B8000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
C83000
|
heap
|
page read and write
|
||
|
BE7000
|
heap
|
page read and write
|
||
|
7A21000
|
heap
|
page read and write
|
||
|
7880000
|
heap
|
page read and write
|
||
|
7968000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
77F8000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
7830000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CCE000
|
heap
|
page read and write
|
||
|
7AD0000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
7988000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
7B91000
|
heap
|
page read and write
|
||
|
78A0000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
7A59000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
6DFB000
|
stack
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
CC4000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
C92000
|
heap
|
page read and write
|
||
|
7D9C000
|
heap
|
page read and write
|
||
|
7878000
|
heap
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
7B79000
|
heap
|
page read and write
|
||
|
7A39000
|
heap
|
page read and write
|
||
|
79F0000
|
heap
|
page read and write
|
||
|
70FE000
|
stack
|
page read and write
|
||
|
C57000
|
heap
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
79C0000
|
heap
|
page read and write
|
||
|
7DF4000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
7840000
|
heap
|
page read and write
|
||
|
7860000
|
heap
|
page read and write
|
||
|
7828000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
17C000
|
stack
|
page read and write
|
||
|
7A41000
|
heap
|
page read and write
|
||
|
77E0000
|
heap
|
page read and write
|
||
|
79E8000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
7CBA000
|
heap
|
page read and write
|
||
|
7A19000
|
heap
|
page read and write
|
||
|
CC4000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
110000
|
unclassified section
|
page readonly
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
757D000
|
stack
|
page read and write
|
||
|
6FBD000
|
stack
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
CE6000
|
heap
|
page read and write
|
||
|
7820000
|
heap
|
page read and write
|
||
|
78E8000
|
heap
|
page read and write
|
||
|
7CDA000
|
heap
|
page read and write
|
||
|
7B38000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
CF3000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
7E6D000
|
heap
|
page read and write
|
||
|
7D3C000
|
heap
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
7A61000
|
heap
|
page read and write
|
||
|
CCE000
|
heap
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
7A29000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
4F6000
|
stack
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
82FE000
|
stack
|
page read and write
|
||
|
7E14000
|
heap
|
page read and write
|
||
|
7A81000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
7CA1000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
7950000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
7B10000
|
heap
|
page read and write
|
||
|
7DB4000
|
heap
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
CA4000
|
heap
|
page read and write
|
||
|
CD1000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
CDD000
|
heap
|
page read and write
|
||
|
7CB2000
|
heap
|
page read and write
|
||
|
7DD4000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CD6000
|
heap
|
page read and write
|
||
|
7808000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
CC9000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
7D5C000
|
heap
|
page read and write
|
||
|
CB6000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
BE0000
|
remote allocation
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
CF4000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CB9000
|
heap
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
7810000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
77D0000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
B5B000
|
stack
|
page read and write
|
||
|
7DBC000
|
heap
|
page read and write
|
||
|
CCE000
|
heap
|
page read and write
|
||
|
A5B000
|
stack
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
7D32000
|
heap
|
page read and write
|
||
|
6E40000
|
heap
|
page read and write
|
||
|
79A0000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
C31000
|
heap
|
page read and write
|
||
|
79A8000
|
heap
|
page read and write
|
||
|
CCE000
|
heap
|
page read and write
|
||
|
7B18000
|
heap
|
page read and write
|
||
|
7B58000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
7AF0000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
CF3000
|
heap
|
page read and write
|
||
|
7928000
|
heap
|
page read and write
|
||
|
83FF000
|
stack
|
page read and write
|
||
|
7A69000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
5970000
|
unclassified section
|
page read and write
|
||
|
79F8000
|
heap
|
page read and write
|
||
|
7DDC000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CB5000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
7AA9000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
7850000
|
heap
|
page read and write
|
||
|
5B70000
|
heap
|
page read and write
|
||
|
753F000
|
stack
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
CE6000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
7C39000
|
heap
|
page read and write
|
||
|
BFD000
|
heap
|
page read and write
|
||
|
7AD8000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
7D12000
|
heap
|
page read and write
|
||
|
CE4000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
77F0000
|
heap
|
page read and write
|
||
|
CF3000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
7CD2000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
7B99000
|
heap
|
page read and write
|
||
|
7CFA000
|
heap
|
page read and write
|
||
|
5960000
|
heap
|
page read and write
|
||
|
7838000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
7960000
|
heap
|
page read and write
|
||
|
78E0000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
6EB0000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
7A09000
|
heap
|
page read and write
|
||
|
7C59000
|
heap
|
page read and write
|
||
|
7898000
|
heap
|
page read and write
|
||
|
7C51000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
7E5C000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
D66000
|
heap
|
page read and write
|
||
|
78C8000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
7D94000
|
heap
|
page read and write
|
||
|
CE3000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
77E8000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
D40000
|
direct allocation
|
page execute read
|
||
|
C30000
|
heap
|
page read and write
|
||
|
CE6000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
7AF8000
|
heap
|
page read and write
|
||
|
7A51000
|
heap
|
page read and write
|
||
|
CA2000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
7980000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CE3000
|
heap
|
page read and write
|
||
|
6FF0000
|
heap
|
page read and write
|
||
|
7B70000
|
heap
|
page read and write
|
||
|
CE3000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
D60000
|
direct allocation
|
page execute read
|
||
|
75A0000
|
heap
|
page read and write
|
||
|
CBA000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
CF5000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
7D1A000
|
heap
|
page read and write
|
||
|
7C99000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
7A31000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
C6F000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
CCF000
|
heap
|
page read and write
|
||
|
79E0000
|
heap
|
page read and write
|
||
|
7A00000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
58FE000
|
stack
|
page read and write
|
||
|
C83000
|
heap
|
page read and write
|
||
|
CD7000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
C9C000
|
heap
|
page read and write
|
||
|
CB4000
|
heap
|
page read and write
|
||
|
7CF2000
|
heap
|
page read and write
|
||
|
CD8000
|
heap
|
page read and write
|
||
|
7A89000
|
heap
|
page read and write
|
||
|
7C91000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CDD000
|
heap
|
page read and write
|
||
|
CCE000
|
heap
|
page read and write
|
||
|
CD1000
|
heap
|
page read and write
|
||
|
82BE000
|
stack
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
7858000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
7D7C000
|
heap
|
page read and write
|
||
|
7800000
|
heap
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
7818000
|
heap
|
page read and write
|
||
|
7BB1000
|
heap
|
page read and write
|
||
|
7E1C000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
79C8000
|
heap
|
page read and write
|
||
|
7848000
|
heap
|
page read and write
|
||
|
C39000
|
heap
|
page read and write
|
||
|
CC5000
|
heap
|
page read and write
|
||
|
5E6F000
|
stack
|
page read and write
|
||
|
CA2000
|
heap
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
CD6000
|
heap
|
page read and write
|
||
|
7D74000
|
heap
|
page read and write
|
||
|
7920000
|
heap
|
page read and write
|
||
|
6E3E000
|
stack
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
CCE000
|
heap
|
page read and write
|
||
|
7AA1000
|
heap
|
page read and write
|
||
|
7948000
|
heap
|
page read and write
|
||
|
5D6F000
|
stack
|
page read and write
|
||
|
CCD000
|
heap
|
page read and write
|
||
|
7A11000
|
heap
|
page read and write
|
||
|
C3B000
|
heap
|
page read and write
|
||
|
C20000
|
unclassified section
|
page readonly
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
C4D000
|
heap
|
page read and write
|
There are 346 hidden memdumps, click here to show them.