Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FFL 01 EXP 09-01-23.pdf
|
PDF document, version 1.6
|
initial sample
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\39c14c1f4b086971_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6267ed4d4a13f54b_0
|
data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-220420233817Z-213.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3024000
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.6460
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst (copy)
|
PostScript document text
|
dropped
|
There are 40 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\FFL 01 EXP 09-01-23.pdf
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\FFL
01 EXP 09-01-23.pdf
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1692,15095255467343264,15953424090873945641,131072
--disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log"
--log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA
--use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=7054524493282448139
--mojo-platform-channel-handle=1704 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat
Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1692,15095255467343264,15953424090873945641,131072
--disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=3437087714133067519 --lang=en-US --disable-pack-loading
--log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035
Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3437087714133067519
--renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat
Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1692,15095255467343264,15953424090873945641,131072
--disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=3988524340413199970 --lang=en-US --disable-pack-loading
--log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035
Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3988524340413199970
--renderer-client-id=4 --mojo-platform-channel-handle=1820 --allow-no-sandbox-job /prefetch:1
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat
Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1692,15095255467343264,15953424090873945641,131072
--disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10726486129092804403 --lang=en-US --disable-pack-loading
--log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035
Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10726486129092804403
--renderer-client-id=5 --mojo-platform-channel-handle=1968 --allow-no-sandbox-job /prefetch:1
|
||
|
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
|
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat
Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1692,15095255467343264,15953424090873945641,131072
--disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4353246954609320378 --lang=en-US --disable-pack-loading
--log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035
Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4353246954609320378
--renderer-client-id=6 --mojo-platform-channel-handle=1964 --allow-no-sandbox-job /prefetch:1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent\cWin0\cTab0\cPathInfo
|
sDI
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent\cWin0\cTab0\cPathInfo
|
tDIText
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent\cWin0\cTab0\cPathInfo
|
aFS
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent\cWin0\cTab0
|
tfilename
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent\cWin0
|
iTabCount
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement\cWindowsCurrent
|
iWinCount
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
|
aDefaultRHPViewModeL
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
|
bExpandRHPInViewer
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\ExitSection
|
bLastExitNormal
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\SessionManagement
|
bNormalExit
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
|
uLastAppLaunchTimeStamp
|
||
|
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral
|
iNumReaderLaunches
|
There are 17 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1C92AE28000
|
heap
|
page read and write
|
||
|
17B5E77000
|
stack
|
page read and write
|
||
|
A2E1BFF000
|
stack
|
page read and write
|
||
|
1F8BA530000
|
trusted library allocation
|
page read and write
|
||
|
630EB3E000
|
stack
|
page read and write
|
||
|
1F8B5759000
|
heap
|
page read and write
|
||
|
25565FC0000
|
heap
|
page read and write
|
||
|
14D64170000
|
heap
|
page read and write
|
||
|
10151FF000
|
stack
|
page read and write
|
||
|
25E35460000
|
heap
|
page read and write
|
||
|
1C92AD60000
|
heap
|
page read and write
|
||
|
19FB6B65000
|
heap
|
page read and write
|
||
|
17B5C7B000
|
stack
|
page read and write
|
||
|
6B3FD7B000
|
stack
|
page read and write
|
||
|
14D6426F000
|
heap
|
page read and write
|
||
|
290C0A60000
|
trusted library allocation
|
page read and write
|
||
|
1E6BDE6A000
|
heap
|
page read and write
|
||
|
1014BFF000
|
stack
|
page read and write
|
||
|
1F8B4E59000
|
heap
|
page read and write
|
||
|
14D64274000
|
heap
|
page read and write
|
||
|
1C92AE40000
|
heap
|
page read and write
|
||
|
1F8B6260000
|
trusted library allocation
|
page read and write
|
||
|
14D64278000
|
heap
|
page read and write
|
||
|
1F8BA615000
|
heap
|
page read and write
|
||
|
290C0400000
|
heap
|
page read and write
|
||
|
1F8BA702000
|
heap
|
page read and write
|
||
|
A2E1CFE000
|
stack
|
page read and write
|
||
|
14D6427C000
|
heap
|
page read and write
|
||
|
35F257C000
|
stack
|
page read and write
|
||
|
35F2B7D000
|
stack
|
page read and write
|
||
|
1F8B4E8E000
|
heap
|
page read and write
|
||
|
24288FE000
|
unkown
|
page read and write
|
||
|
1F8B5615000
|
heap
|
page read and write
|
||
|
630F07E000
|
stack
|
page read and write
|
||
|
1E6BE700000
|
heap
|
page read and write
|
||
|
14D6427A000
|
heap
|
page read and write
|
||
|
14D6427D000
|
heap
|
page read and write
|
||
|
AB6A7FF000
|
stack
|
page read and write
|
||
|
1E6BE739000
|
heap
|
page read and write
|
||
|
290C0431000
|
heap
|
page read and write
|
||
|
1F8BA63E000
|
heap
|
page read and write
|
||
|
1F8B4D10000
|
heap
|
page read and write
|
||
|
1EAE07E000
|
stack
|
page read and write
|
||
|
1C77825B000
|
heap
|
page read and write
|
||
|
1014AFF000
|
stack
|
page read and write
|
||
|
35F29FC000
|
stack
|
page read and write
|
||
|
101467F000
|
stack
|
page read and write
|
||
|
A2E187E000
|
stack
|
page read and write
|
||
|
1F8BA410000
|
trusted library allocation
|
page read and write
|
||
|
1014D7E000
|
stack
|
page read and write
|
||
|
25E35590000
|
remote allocation
|
page read and write
|
||
|
17B617F000
|
stack
|
page read and write
|
||
|
1F8BA3EE000
|
trusted library allocation
|
page read and write
|
||
|
25E353F0000
|
heap
|
page read and write
|
||
|
1C92AE00000
|
heap
|
page read and write
|
||
|
1F8BA6B9000
|
heap
|
page read and write
|
||
|
19FB6909000
|
heap
|
page read and write
|
||
|
1C778229000
|
heap
|
page read and write
|
||
|
35F277F000
|
stack
|
page read and write
|
||
|
E7F987D000
|
stack
|
page read and write
|
||
|
1C77826C000
|
heap
|
page read and write
|
||
|
1C77824F000
|
heap
|
page read and write
|
||
|
25E35613000
|
heap
|
page read and write
|
||
|
1C92ADF0000
|
trusted library allocation
|
page read and write
|
||
|
35F28FC000
|
stack
|
page read and write
|
||
|
1F8B4E92000
|
heap
|
page read and write
|
||
|
1F8B5EF0000
|
trusted library section
|
page readonly
|
||
|
1C7781E0000
|
heap
|
page read and write
|
||
|
14D64313000
|
heap
|
page read and write
|
||
|
14D6426E000
|
heap
|
page read and write
|
||
|
1F8BA706000
|
heap
|
page read and write
|
||
|
290C0C02000
|
trusted library allocation
|
page read and write
|
||
|
1F8B55B1000
|
trusted library allocation
|
page read and write
|
||
|
1C92ADC0000
|
heap
|
page read and write
|
||
|
25565F60000
|
heap
|
page read and write
|
||
|
14D64277000
|
heap
|
page read and write
|
||
|
1C778233000
|
heap
|
page read and write
|
||
|
1F8B5ED0000
|
trusted library section
|
page readonly
|
||
|
16144A29000
|
heap
|
page read and write
|
||
|
19FB6F00000
|
unkown
|
page readonly
|
||
|
290C0437000
|
heap
|
page read and write
|
||
|
1E6BDE27000
|
heap
|
page read and write
|
||
|
35F2E7E000
|
stack
|
page read and write
|
||
|
1F8B5981000
|
trusted library allocation
|
page read and write
|
||
|
AB6AFFF000
|
stack
|
page read and write
|
||
|
AB6ABFE000
|
stack
|
page read and write
|
||
|
1F8BA520000
|
trusted library allocation
|
page read and write
|
||
|
1F8B5713000
|
heap
|
page read and write
|
||
|
E7F967E000
|
stack
|
page read and write
|
||
|
1C92AF02000
|
heap
|
page read and write
|
||
|
630EF7E000
|
stack
|
page read and write
|
||
|
1EADD4B000
|
stack
|
page read and write
|
||
|
1C77826A000
|
heap
|
page read and write
|
||
|
1C92AE13000
|
heap
|
page read and write
|
||
|
16145202000
|
trusted library allocation
|
page read and write
|
||
|
E7F917C000
|
stack
|
page read and write
|
||
|
1C77827C000
|
heap
|
page read and write
|
||
|
1F8B4E78000
|
heap
|
page read and write
|
||
|
1F8BA620000
|
heap
|
page read and write
|
||
|
101457A000
|
stack
|
page read and write
|
||
|
1C77825D000
|
heap
|
page read and write
|
||
|
16144B02000
|
heap
|
page read and write
|
||
|
1F8B4EFC000
|
heap
|
page read and write
|
||
|
1F8B4E29000
|
heap
|
page read and write
|
||
|
1E6BE712000
|
heap
|
page read and write
|
||
|
25E35640000
|
heap
|
page read and write
|
||
|
1E6BDE62000
|
heap
|
page read and write
|
||
|
1F8BA700000
|
heap
|
page read and write
|
||
|
1C92AF00000
|
heap
|
page read and write
|
||
|
1F8B4E7A000
|
heap
|
page read and write
|
||
|
19FB6900000
|
heap
|
page read and write
|
||
|
1F8B4E57000
|
heap
|
page read and write
|
||
|
1F8BA4B0000
|
trusted library allocation
|
page read and write
|
||
|
1F8B4DC0000
|
trusted library section
|
page read and write
|
||
|
1F8BA70C000
|
heap
|
page read and write
|
||
|
14D64292000
|
heap
|
page read and write
|
||
|
1EAE1FF000
|
stack
|
page read and write
|
||
|
1F8B4EAD000
|
heap
|
page read and write
|
||
|
19FB6B70000
|
unkown
|
page readonly
|
||
|
1C778265000
|
heap
|
page read and write
|
||
|
1F8B55D3000
|
trusted library allocation
|
page read and write
|
||
|
25566002000
|
heap
|
page read and write
|
||
|
35F2D7C000
|
stack
|
page read and write
|
||
|
1C778260000
|
heap
|
page read and write
|
||
|
1014DFE000
|
stack
|
page read and write
|
||
|
17B5F7D000
|
stack
|
page read and write
|
||
|
16144890000
|
heap
|
page read and write
|
||
|
25E35629000
|
heap
|
page read and write
|
||
|
1C778246000
|
heap
|
page read and write
|
||
|
1F8B4F25000
|
heap
|
page read and write
|
||
|
290C02A0000
|
heap
|
page read and write
|
||
|
25E35E02000
|
trusted library allocation
|
page read and write
|
||
|
1F8BA3E0000
|
trusted library allocation
|
page read and write
|
||
|
1F8BA400000
|
trusted library allocation
|
page read and write
|
||
|
1F8BA64B000
|
heap
|
page read and write
|
||
|
16144A13000
|
heap
|
page read and write
|
||
|
AB6A9FF000
|
stack
|
page read and write
|
||
|
16144A8F000
|
heap
|
page read and write
|
||
|
1F8BA3E0000
|
trusted library allocation
|
page read and write
|
||
|
630EBBE000
|
stack
|
page read and write
|
||
|
1F8B4F13000
|
heap
|
page read and write
|
||
|
1E6BDE60000
|
heap
|
page read and write
|
||
|
1014CFD000
|
stack
|
page read and write
|
||
|
290C043E000
|
heap
|
page read and write
|
||
|
E7F99FD000
|
stack
|
page read and write
|
||
|
1C77823E000
|
heap
|
page read and write
|
||
|
1C778940000
|
trusted library allocation
|
page read and write
|
||
|
1EAE3F7000
|
stack
|
page read and write
|
||
|
14D64308000
|
heap
|
page read and write
|
||
|
1C778302000
|
heap
|
page read and write
|
||
|
1EADDCE000
|
stack
|
page read and write
|
||
|
1C778180000
|
heap
|
page read and write
|
||
|
290C0502000
|
heap
|
page read and write
|
||
|
1C778263000
|
heap
|
page read and write
|
||
|
35F2A7B000
|
stack
|
page read and write
|
||
|
1E6BDD30000
|
heap
|
page read and write
|
||
|
1C778213000
|
heap
|
page read and write
|
||
|
25566113000
|
heap
|
page read and write
|
||
|
25566802000
|
trusted library allocation
|
page read and write
|
||
|
1F8BA657000
|
heap
|
page read and write
|
||
|
1F8B4E00000
|
heap
|
page read and write
|
||
|
1EAE17C000
|
stack
|
page read and write
|
||
|
14D64271000
|
heap
|
page read and write
|
||
|
E7F95FD000
|
stack
|
page read and write
|
||
|
A2E19FF000
|
stack
|
page read and write
|
||
|
101487C000
|
stack
|
page read and write
|
||
|
25E35400000
|
heap
|
page read and write
|
||
|
1E6BDE89000
|
heap
|
page read and write
|
||
|
290C0413000
|
heap
|
page read and write
|
||
|
25E3565E000
|
heap
|
page read and write
|
||
|
1F8BA6FD000
|
heap
|
page read and write
|
||
|
AB6ADFF000
|
stack
|
page read and write
|
||
|
1F8BA6EC000
|
heap
|
page read and write
|
||
|
161449F0000
|
trusted library allocation
|
page read and write
|
||
|
1C92B602000
|
trusted library allocation
|
page read and write
|
||
|
1C92AE79000
|
heap
|
page read and write
|
||
|
1C92AF13000
|
heap
|
page read and write
|
||
|
1F8B5702000
|
heap
|
page read and write
|
||
|
1F8B5DE0000
|
trusted library allocation
|
page read and write
|
||
|
1F8BA6E7000
|
heap
|
page read and write
|
||
|
16144A00000
|
heap
|
page read and write
|
||
|
25565F50000
|
heap
|
page read and write
|
||
|
AB6AAFD000
|
stack
|
page read and write
|
||
|
101497B000
|
stack
|
page read and write
|
||
|
1C778170000
|
heap
|
page read and write
|
||
|
A2E154B000
|
stack
|
page read and write
|
||
|
1F8BA424000
|
trusted library allocation
|
page read and write
|
||
|
17B5A7B000
|
stack
|
page read and write
|
||
|
25566000000
|
heap
|
page read and write
|
||
|
17B5B7F000
|
stack
|
page read and write
|
||
|
1F8BA401000
|
trusted library allocation
|
page read and write
|
||
|
290C0446000
|
heap
|
page read and write
|
||
|
14D64254000
|
heap
|
page read and write
|
||
|
A2E1AFE000
|
stack
|
page read and write
|
||
|
17B5D7A000
|
stack
|
page read and write
|
||
|
E7F98FE000
|
stack
|
page read and write
|
||
|
161448F0000
|
heap
|
page read and write
|
||
|
1F8B5718000
|
heap
|
page read and write
|
||
|
14D6428A000
|
heap
|
page read and write
|
||
|
1E6BDD90000
|
heap
|
page read and write
|
||
|
1F8B55E0000
|
trusted library allocation
|
page read and write
|
||
|
25566102000
|
heap
|
page read and write
|
||
|
1C77827F000
|
heap
|
page read and write
|
||
|
1F8B5600000
|
heap
|
page read and write
|
||
|
1EAE4FE000
|
stack
|
page read and write
|
||
|
290C042F000
|
heap
|
page read and write
|
||
|
14D64110000
|
heap
|
page read and write
|
||
|
1F8B5718000
|
heap
|
page read and write
|
||
|
1C778A02000
|
trusted library allocation
|
page read and write
|
||
|
1F8BA540000
|
remote allocation
|
page read and write
|
||
|
35F287E000
|
stack
|
page read and write
|
||
|
1E6BDD20000
|
heap
|
page read and write
|
||
|
AB6A1DB000
|
stack
|
page read and write
|
||
|
1F8B4E40000
|
heap
|
page read and write
|
||
|
14D6426D000
|
heap
|
page read and write
|
||
|
290C0300000
|
heap
|
page read and write
|
||
|
1E6BDE00000
|
heap
|
page read and write
|
||
|
1F8BA420000
|
trusted library allocation
|
page read and write
|
||
|
1F8B5759000
|
heap
|
page read and write
|
||
|
14D64213000
|
heap
|
page read and write
|
||
|
290C02B0000
|
heap
|
page read and write
|
||
|
6B3FE7B000
|
stack
|
page read and write
|
||
|
1C778259000
|
heap
|
page read and write
|
||
|
1F8B5EC0000
|
trusted library section
|
page readonly
|
||
|
1F8BA4F0000
|
trusted library allocation
|
page read and write
|
||
|
14D64229000
|
heap
|
page read and write
|
||
|
1C778262000
|
heap
|
page read and write
|
||
|
630EABB000
|
stack
|
page read and write
|
||
|
242867E000
|
unkown
|
page read and write
|
||
|
1F8B4E8C000
|
heap
|
page read and write
|
||
|
35F2C7F000
|
stack
|
page read and write
|
||
|
25565FF0000
|
trusted library allocation
|
page read and write
|
||
|
14D64A02000
|
trusted library allocation
|
page read and write
|
||
|
1F8BA540000
|
trusted library allocation
|
page read and write
|
||
|
1F8B4D80000
|
heap
|
page read and write
|
||
|
1EAE2FA000
|
stack
|
page read and write
|
||
|
19FB68D0000
|
unkown
|
page read and write
|
||
|
1C778200000
|
heap
|
page read and write
|
||
|
1F8B4E13000
|
heap
|
page read and write
|
||
|
1E6BDEBB000
|
heap
|
page read and write
|
||
|
14D6428A000
|
heap
|
page read and write
|
||
|
16144A8B000
|
heap
|
page read and write
|
||
|
1F8BA62E000
|
heap
|
page read and write
|
||
|
25566078000
|
heap
|
page read and write
|
||
|
1F8B4E9E000
|
heap
|
page read and write
|
||
|
1F8BA664000
|
heap
|
page read and write
|
||
|
14D64302000
|
heap
|
page read and write
|
||
|
1F8BA3E8000
|
trusted library allocation
|
page read and write
|
||
|
1C77823C000
|
heap
|
page read and write
|
||
|
14D64100000
|
heap
|
page read and write
|
||
|
14D64276000
|
heap
|
page read and write
|
||
|
1E6BDE44000
|
heap
|
page read and write
|
||
|
101477F000
|
stack
|
page read and write
|
||
|
1F8B55D0000
|
trusted library allocation
|
page read and write
|
||
|
16144880000
|
heap
|
page read and write
|
||
|
1014477000
|
stack
|
page read and write
|
||
|
19FB68B0000
|
unkown
|
page read and write
|
||
|
1F8B4D20000
|
heap
|
page read and write
|
||
|
2556606E000
|
heap
|
page read and write
|
||
|
1E6BDF02000
|
heap
|
page read and write
|
||
|
1E6BE602000
|
heap
|
page read and write
|
||
|
1F8BA410000
|
trusted library allocation
|
page read and write
|
||
|
1F8BA6B5000
|
heap
|
page read and write
|
||
|
1F8BA540000
|
remote allocation
|
page read and write
|
||
|
19FB6B60000
|
heap
|
page read and write
|
||
|
1E6BDECC000
|
heap
|
page read and write
|
||
|
1F8BA2D0000
|
trusted library allocation
|
page read and write
|
||
|
19FB6910000
|
heap
|
page read and write
|
||
|
1F8BA6F6000
|
heap
|
page read and write
|
||
|
1C778243000
|
heap
|
page read and write
|
||
|
1C77827B000
|
heap
|
page read and write
|
||
|
1F8BA600000
|
heap
|
page read and write
|
||
|
1F8BA500000
|
trusted library allocation
|
page read and write
|
||
|
16144A3C000
|
heap
|
page read and write
|
||
|
1C92AD50000
|
heap
|
page read and write
|
||
|
16144A71000
|
heap
|
page read and write
|
||
|
1F8BA6A2000
|
heap
|
page read and write
|
||
|
14D641A0000
|
trusted library allocation
|
page read and write
|
||
|
1E6BDDC0000
|
trusted library allocation
|
page read and write
|
||
|
1C92AE02000
|
heap
|
page read and write
|
||
|
16144A87000
|
heap
|
page read and write
|
||
|
6B3FF7B000
|
stack
|
page read and write
|
||
|
25E35560000
|
trusted library allocation
|
page read and write
|
||
|
14D64202000
|
heap
|
page read and write
|
||
|
2556605C000
|
heap
|
page read and write
|
||
|
AB6A5FA000
|
stack
|
page read and write
|
||
|
1C778235000
|
heap
|
page read and write
|
||
|
17B5AFE000
|
stack
|
page read and write
|
||
|
1C778258000
|
heap
|
page read and write
|
||
|
1F8BA510000
|
trusted library allocation
|
page read and write
|
||
|
1F8B4DB0000
|
trusted library allocation
|
page read and write
|
||
|
E7F9AFD000
|
stack
|
page read and write
|
||
|
14D64270000
|
heap
|
page read and write
|
||
|
14D64273000
|
heap
|
page read and write
|
||
|
35F216B000
|
stack
|
page read and write
|
||
|
25E35590000
|
remote allocation
|
page read and write
|
||
|
25E35600000
|
heap
|
page read and write
|
||
|
AB6AEFF000
|
stack
|
page read and write
|
||
|
25566063000
|
heap
|
page read and write
|
||
|
1C778248000
|
heap
|
page read and write
|
||
|
6B3FA7C000
|
stack
|
page read and write
|
||
|
1F8BA2C0000
|
trusted library allocation
|
page read and write
|
||
|
1F8B4E70000
|
heap
|
page read and write
|
||
|
1F8B4F02000
|
heap
|
page read and write
|
||
|
1E6BDEC9000
|
heap
|
page read and write
|
||
|
1014FFA000
|
stack
|
page read and write
|
||
|
14D64265000
|
heap
|
page read and write
|
||
|
1F8B55F0000
|
trusted library allocation
|
page read and write
|
||
|
1F8BA68B000
|
heap
|
page read and write
|
||
|
1014EFA000
|
stack
|
page read and write
|
||
|
1F8B5700000
|
heap
|
page read and write
|
||
|
1F8BA404000
|
trusted library allocation
|
page read and write
|
||
|
1E6BDF13000
|
heap
|
page read and write
|
||
|
1F8B4E75000
|
heap
|
page read and write
|
||
|
14D6423C000
|
heap
|
page read and write
|
||
|
1F8B5F00000
|
trusted library section
|
page readonly
|
||
|
E7F9B7F000
|
stack
|
page read and write
|
||
|
1EAE5FF000
|
stack
|
page read and write
|
||
|
E7F977E000
|
stack
|
page read and write
|
||
|
630F27E000
|
stack
|
page read and write
|
||
|
25E35590000
|
remote allocation
|
page read and write
|
||
|
AB6ACFF000
|
stack
|
page read and write
|
||
|
25566013000
|
heap
|
page read and write
|
||
|
AB6A6FD000
|
stack
|
page read and write
|
||
|
19FB6840000
|
heap
|
page read and write
|
||
|
630F17E000
|
stack
|
page read and write
|
||
|
14D64200000
|
heap
|
page read and write
|
||
|
1E6BDEE1000
|
heap
|
page read and write
|
||
|
AB6A8FF000
|
stack
|
page read and write
|
||
|
1F8B5EE0000
|
trusted library section
|
page readonly
|
||
|
1C778241000
|
heap
|
page read and write
|
||
|
1F8BA540000
|
remote allocation
|
page read and write
|
||
|
1C92AE57000
|
heap
|
page read and write
|
||
|
1C778278000
|
heap
|
page read and write
|
||
|
17B607E000
|
stack
|
page read and write
|
||
|
1014A7F000
|
stack
|
page read and write
|
||
|
1F8B5F10000
|
trusted library section
|
page readonly
|
||
|
14D64300000
|
heap
|
page read and write
|
||
|
290C0402000
|
heap
|
page read and write
|
||
|
6B4007E000
|
stack
|
page read and write
|
||
|
1C778225000
|
heap
|
page read and write
|
||
|
290C0429000
|
heap
|
page read and write
|
||
|
1C77826E000
|
heap
|
page read and write
|
||
|
25E35702000
|
heap
|
page read and write
|
||
|
16144B13000
|
heap
|
page read and write
|
||
|
1C778285000
|
heap
|
page read and write
|
||
|
1F8BA709000
|
heap
|
page read and write
|
||
|
101427B000
|
stack
|
page read and write
|
||
|
242877C000
|
unkown
|
page read and write
|
||
|
24287FE000
|
unkown
|
page read and write
|
||
|
1C778267000
|
heap
|
page read and write
|
||
|
24283FA000
|
stack
|
page read and write
|
||
|
25566029000
|
heap
|
page read and write
|
||
|
24286FE000
|
unkown
|
page read and write
|
||
|
1E6BDE13000
|
heap
|
page read and write
|
||
|
A2E15CF000
|
stack
|
page read and write
|
||
|
25E35602000
|
heap
|
page read and write
|
||
|
1C778247000
|
heap
|
page read and write
|
||
|
1F8B5602000
|
heap
|
page read and write
|
||
|
242887F000
|
unkown
|
page read and write
|
||
|
10149FE000
|
stack
|
page read and write
|
||
|
2556603D000
|
heap
|
page read and write
|
There are 352 hidden memdumps, click here to show them.