IOC Report
Cancellation_418406_Dec23.pdf

loading gif

Files

File Path
Type
Category
Malicious
Cancellation_418406_Dec23.pdf
PDF document, version 1.3, 1 pages
initial sample
 malicious
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0
data
modified
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\39c14c1f4b086971_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6267ed4d4a13f54b_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index~RF4cd3b9.TMP (copy)
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF4c4c2a.TMP (copy)
ASCII text
dropped
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
data
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-230105170223Z-212.bmp
PC bitmap, Windows 3.x format, 164 x -115 x 32, cbSize 75494, bits offset 54
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
SQLite 3.x database, last written using SQLite version 3024000, file counter 12, database pages 15, cookie 0x5, schema 4, UTF-8, version-valid-for 12
dropped
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
SQLite Rollback Journal
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.2008
PostScript document text
dropped
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst (copy)
PostScript document text
dropped
C:\Users\user\AppData\Local\Temp\unarchiver.log
ASCII text, with CRLF line terminators
dropped
C:\Users\user\Downloads\Cancellation_367461_Dec23.zip (copy)
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\Downloads\Cancellation_367461_Dec23.zip.crdownload
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\Downloads\f1db83af-6dc2-44be-ad08-ad1b8f6a393d.tmp
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
There are 48 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\Cancellation_418406_Dec23.pdf
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://agapeministriesinternational.church/blog/Cancellation_367461_Dec23.zip
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1812,i,544507481073856773,15156316211615148029,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
C:\Windows\SysWOW64\unarchiver.exe
C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Cancellation_367461_Dec23.zip
C:\Windows\SysWOW64\7za.exe
C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\fgt4alc0.uhe" "C:\Users\user\Downloads\Cancellation_367461_Dec23.zip
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
http://agapeministriesinternational.church/blog/Cancellation_367461_Dec23.zip
50.62.149.105
 malicious
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1
142.250.184.78
http://agapeministriesinternational.church/blog/Cancellation_367461_Dec23.zip)
unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
142.251.209.13

Domains

Name
IP
Malicious
agapeministriesinternational.church
50.62.149.105
 malicious
accounts.google.com
142.251.209.13
www.google.com
142.250.184.36
clients.l.google.com
142.250.184.78
clients2.google.com
unknown

IPs

IP
Domain
Country
Malicious
50.62.149.105
agapeministriesinternational.church
United States
malicious
142.250.184.78
clients.l.google.com
United States
192.168.2.1
unknown
unknown
142.251.209.13
accounts.google.com
United States
239.255.255.250
unknown
Reserved
142.250.184.36
www.google.com
United States
127.0.0.1
unknown
unknown

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
aFS
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tDIText
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tFileName
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
tFileSource
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sFileAncestors
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sDI
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
sDate
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
uFileSize
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c1
uPageCount
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
aFS
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
tDIText
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
tFileName
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
sFileAncestors
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
sDI
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\AVGeneral\cRecentFiles\c2
sDate
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
LangID
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\SysWOW64\unarchiver.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\SysWOW64\unarchiver.exe.ApplicationCompany
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gdaefkejpgkiemlaofpalmlakkmbjdnl
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.cdm.origin_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.reporting
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
media.storage_id_salt
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.account_id
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
module_blocklist_cache_md5_digest
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_seed
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
default_search_provider_data.template_url_data
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
safebrowsing.incidents_sent
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
pinned_tabs
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
browser.show_home_button
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
search_provider_overrides
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.last_triggered_for_default_search
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
prefs.preference_reset_time
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
software_reporter.prompt_version
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
google.services.last_username
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.startup_urls
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
session.restore_on_startup
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
settings_reset_prompt.prompt_wave
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default
homepage_is_newtabpage
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\LastWasDefault
S-1-5-21-3853321935-2125563209-4053062332-1002
HKEY_USERSS-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry
TraceTimeLast
There are 55 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2026DBF3000
trusted library allocation
page read and write
7D6000
stack
page read and write
527E000
stack
page read and write
2624C202000
heap
page read and write
18E92900000
trusted library allocation
page read and write
E18593B000
stack
page read and write
50AD000
stack
page read and write
24916502000
heap
page read and write
1CCA3FC0000
trusted library allocation
page read and write
2026E200000
trusted library allocation
page read and write
68EC9EC000
stack
page read and write
8F1D7FE000
stack
page read and write
56E437A000
stack
page read and write
20272A81000
trusted library allocation
page read and write
220A14B0000
heap
page read and write
67C000
stack
page read and write
4F6A000
stack
page read and write
1CCA4113000
heap
page read and write
56E3F8F000
stack
page read and write
2624B829000
heap
page read and write
2CAA000
trusted library allocation
page read and write
2CD8000
trusted library allocation
page read and write
2624B890000
heap
page read and write
F2A000
trusted library allocation
page execute and read and write
56E43FF000
stack
page read and write
BDE5EFF000
stack
page read and write
2CDE000
trusted library allocation
page read and write
2026D66A000
heap
page read and write
4B57A7E000
stack
page read and write
18E926A0000
heap
page read and write
8F1D4FB000
stack
page read and write
18E92827000
heap
page read and write
20272AA0000
trusted library allocation
page read and write
23312864000
heap
page read and write
251945F0000
trusted library allocation
page read and write
220A1674000
heap
page read and write
CF3F5FF000
stack
page read and write
2CB0000
trusted library allocation
page read and write
18E9280D000
heap
page read and write
220A1644000
heap
page read and write
2624B5F0000
heap
page read and write
23312866000
heap
page read and write
2624C102000
heap
page read and write
F10000
heap
page read and write
CF3FA7E000
stack
page read and write
8F1D6FF000
stack
page read and write
220A1633000
heap
page read and write
20272BC0000
remote allocation
page read and write
FE9A47B000
stack
page read and write
18E92804000
heap
page read and write
2026D702000
heap
page read and write
220A1647000
heap
page read and write
FE9A87F000
stack
page read and write
220A1657000
heap
page read and write
28147E40000
heap
page read and write
20272B80000
trusted library allocation
page read and write
220A1E02000
trusted library allocation
page read and write
1CCA402A000
heap
page read and write
D73E9FF000
stack
page read and write
2624B98E000
heap
page read and write
2624B813000
heap
page read and write
25194600000
heap
page read and write
20272C66000
heap
page read and write
2026E440000
trusted library allocation
page read and write
CF3EEFE000
stack
page read and write
220A167E000
heap
page read and write
2631E802000
trusted library allocation
page read and write
1CCA4061000
heap
page read and write
2624B851000
heap
page read and write
7F310000
trusted library allocation
page execute and read and write
CF3FC7C000
stack
page read and write
2CD2000
trusted library allocation
page read and write
D73EAFA000
stack
page read and write
F290EFE000
stack
page read and write
2026D5D0000
trusted library allocation
page read and write
F2909BB000
stack
page read and write
CF3F67F000
stack
page read and write
2624B855000
heap
page read and write
2631E040000
heap
page read and write
2026D3A0000
heap
page read and write
2CEB000
trusted library allocation
page read and write
56E42F9000
stack
page read and write
20272A68000
trusted library allocation
page read and write
1CCA4102000
heap
page read and write
28E0000
trusted library allocation
page execute and read and write
7DA000
stack
page read and write
18E929C0000
heap
page readonly
2D22000
trusted library allocation
page read and write
2631DF60000
heap
page read and write
8B0000
trusted library allocation
page read and write
251943C0000
heap
page read and write
8C0000
trusted library allocation
page read and write
23312620000
heap
page read and write
25194C02000
trusted library allocation
page read and write
2519463D000
heap
page read and write
2D03000
trusted library allocation
page read and write
220A1642000
heap
page read and write
670000
heap
page read and write
2631DFF0000
trusted library allocation
page read and write
CF3F87F000
stack
page read and write
25194BB0000
remote allocation
page read and write
2624C154000
heap
page read and write
CF3F9FE000
stack
page read and write
28147E00000
heap
page read and write
F57000
trusted library allocation
page execute and read and write
2CCA000
trusted library allocation
page read and write
3C91000
trusted library allocation
page read and write
18E92A20000
trusted library allocation
page read and write
2624C1BD000
heap
page read and write
11B0000
trusted library allocation
page read and write
1075000
heap
page read and write
1CCA5A70000
trusted library allocation
page read and write
28147E02000
heap
page read and write
2624B893000
heap
page read and write
68ED27D000
stack
page read and write
2026D692000
heap
page read and write
2D1A000
trusted library allocation
page read and write
20272B90000
trusted library allocation
page read and write
18E9280D000
heap
page read and write
610000
trusted library allocation
page read and write
2026D390000
heap
page read and write
24916425000
heap
page read and write
20272BB0000
trusted library allocation
page read and write
2026D600000
heap
page read and write
1CCA4057000
heap
page read and write
25194602000
heap
page read and write
24916446000
heap
page read and write
56E427F000
stack
page read and write
F2C000
trusted library allocation
page execute and read and write
20272A80000
trusted library allocation
page read and write
BDE5FFF000
stack
page read and write
24916390000
heap
page read and write
F42000
trusted library allocation
page execute and read and write
220A1659000
heap
page read and write
2624B84E000
heap
page read and write
E185E7E000
stack
page read and write
18E92970000
trusted library allocation
page read and write
20272ED0000
trusted library allocation
page read and write
2026D629000
heap
page read and write
20272C2F000
heap
page read and write
CAF000
stack
page read and write
23313132000
heap
page read and write
E1861FF000
stack
page read and write
2026D700000
heap
page read and write
2026E570000
trusted library section
page readonly
18E93530000
trusted library allocation
page read and write
20272A84000
trusted library allocation
page read and write
EF0000
trusted library allocation
page read and write
2624B843000
heap
page read and write
11C0000
heap
page read and write
2026D713000
heap
page read and write
CF3F77F000
stack
page read and write
1CCA3ED0000
heap
page read and write
20272940000
trusted library allocation
page read and write
7A0000
remote allocation
page read and write
CF3F17A000
stack
page read and write
220A1613000
heap
page read and write
220A1663000
heap
page read and write
28148602000
trusted library allocation
page read and write
220A1679000
heap
page read and write
1CCA4040000
heap
page read and write
2631E029000
heap
page read and write
24916340000
heap
page read and write
2026DC15000
heap
page read and write
CF3EBDC000
stack
page read and write
FE9A67E000
stack
page read and write
2624B869000
heap
page read and write
220A167A000
heap
page read and write
20272C7D000
heap
page read and write
23312680000
heap
page read and write
2940000
heap
page execute and read and write
18E93300000
trusted library allocation
page read and write
8AE000
stack
page read and write
2631E013000
heap
page read and write
25194629000
heap
page read and write
1CCA4013000
heap
page read and write
1CCA407B000
heap
page read and write
2624C002000
heap
page read and write
23312780000
trusted library allocation
page read and write
1CCA4000000
heap
page read and write
2C91000
trusted library allocation
page read and write
2026DD18000
heap
page read and write
220A1673000
heap
page read and write
28DE000
stack
page read and write
E185FF9000
stack
page read and write
2026DBF0000
trusted library allocation
page read and write
20272B30000
trusted library allocation
page read and write
2026E8C0000
trusted library allocation
page read and write
20272C84000
heap
page read and write
220A1660000
heap
page read and write
2CE6000
trusted library allocation
page read and write
F0A000
trusted library allocation
page execute and read and write
8F1D5FB000
stack
page read and write
23313100000
heap
page read and write
2CC8000
trusted library allocation
page read and write
25194613000
heap
page read and write
84E000
stack
page read and write
4B576FE000
stack
page read and write
1CCA4002000
heap
page read and write
2026E520000
trusted library section
page readonly
2631E069000
heap
page read and write
20272A6E000
trusted library allocation
page read and write
220A166C000
heap
page read and write
2CA2000
trusted library allocation
page read and write
2631E05B000
heap
page read and write
28F0000
trusted library allocation
page read and write
1CCA4046000
heap
page read and write
2026DD13000
heap
page read and write
1CCA4047000
heap
page read and write
68ED47F000
stack
page read and write
2026DBD1000
trusted library allocation
page read and write
D73E5FB000
stack
page read and write
20272C00000
heap
page read and write
220A1640000
heap
page read and write
23312913000
heap
page read and write
28147D70000
heap
page read and write
2026E560000
trusted library section
page readonly
20272A87000
trusted library allocation
page read and write
2624B864000
heap
page read and write
2491644D000
heap
page read and write
2631E000000
heap
page read and write
220A1672000
heap
page read and write
2624C1C7000
heap
page read and write
11AE000
stack
page read and write
220A165C000
heap
page read and write
BDE5DFF000
stack
page read and write
220A1683000
heap
page read and write
202728C0000
trusted library allocation
page read and write
1CCA5AF0000
remote allocation
page read and write
20272C52000
heap
page read and write
6DC000
stack
page read and write
D73EDFE000
stack
page read and write
CF3F8FE000
stack
page read and write
CF3F47A000
stack
page read and write
FD0000
heap
page read and write
2026D690000
heap
page read and write
28147D10000
heap
page read and write
18E92560000
heap
page read and write
220A164E000
heap
page read and write
24916402000
heap
page read and write
2624B866000
heap
page read and write
24916400000
heap
page read and write
1CCA3EE0000
heap
page read and write
20272BC0000
remote allocation
page read and write
4B57B7F000
stack
page read and write
220A1677000
heap
page read and write
860000
heap
page read and write
FE9A17F000
stack
page read and write
2624B83C000
heap
page read and write
18E927C0000
heap
page read and write
20272BB0000
trusted library allocation
page read and write
D09000
heap
page read and write
1CCA4088000
heap
page read and write
20272A90000
trusted library allocation
page read and write
E1863FA000
stack
page read and write
1CCA5AF0000
remote allocation
page read and write
2624C1D2000
heap
page read and write
4B5787E000
stack
page read and write
BDE57FD000
stack
page read and write
CF3EFF7000
stack
page read and write
CEB000
heap
page read and write
F22000
trusted library allocation
page execute and read and write
2624C143000
heap
page read and write
1CCA3F90000
trusted library allocation
page read and write
2631E002000
heap
page read and write
2CFE000
trusted library allocation
page read and write
2026D6A4000
heap
page read and write
18E929D0000
trusted library allocation
page read and write
4FAE000
stack
page read and write
CF3FB7C000
stack
page read and write
25194420000
heap
page read and write
2624C1CF000
heap
page read and write
2631DF50000
heap
page read and write
220A1450000
heap
page read and write
1CCA3F70000
trusted library allocation
page read and write
2331283D000
heap
page read and write
FE99FFC000
stack
page read and write
2D1F000
trusted library allocation
page read and write
220A1675000
heap
page read and write
220A1661000
heap
page read and write
F290FFE000
stack
page read and write
F290E7E000
stack
page read and write
2624B85D000
heap
page read and write
2026DC02000
heap
page read and write
68ED57C000
stack
page read and write
23312813000
heap
page read and write
18E92A19000
heap
page read and write
220A167B000
heap
page read and write
220A163D000
heap
page read and write
18E92910000
trusted library allocation
page read and write
1CCA411C000
heap
page read and write
2631E102000
heap
page read and write
523E000
stack
page read and write
BDE5CFF000
stack
page read and write
4E6D000
stack
page read and write
2026DD59000
heap
page read and write
D1A000
heap
page read and write
220A1641000
heap
page read and write
2D17000
trusted library allocation
page read and write
2624C122000
heap
page read and write
2624C213000
heap
page read and write
CF3EE7E000
stack
page read and write
2491642F000
heap
page read and write
18E9280C000
heap
page read and write
233128BA000
heap
page read and write
2D25000
trusted library allocation
page read and write
23313002000
heap
page read and write
BDE56FB000
stack
page read and write
CF3F57B000
stack
page read and write
BDE52DB000
stack
page read and write
28147E57000
heap
page read and write
28F0000
trusted library allocation
page read and write
8F1CFAB000
stack
page read and write
23312887000
heap
page read and write
20272C90000
heap
page read and write
18E927D0000
heap
page read and write
BDE5AFD000
stack
page read and write
B30000
heap
page read and write
233128C2000
heap
page read and write
1CCA4057000
heap
page read and write
CF3F6FE000
stack
page read and write
F4A000
trusted library allocation
page execute and read and write
1CCA4069000
heap
page read and write
20272A90000
trusted library allocation
page read and write
BAF000
stack
page read and write
2519465C000
heap
page read and write
2026D68E000
heap
page read and write
537E000
stack
page read and write
2631E075000
heap
page read and write
2624C122000
heap
page read and write
2624B600000
heap
page read and write
2026DC00000
heap
page read and write
18E929B0000
trusted library allocation
page read and write
FE99BEB000
stack
page read and write
23312610000
heap
page read and write
2026DD00000
heap
page read and write
77C000
stack
page read and write
2491643C000
heap
page read and write
24916443000
heap
page read and write
20272C8C000
heap
page read and write
2624B760000
trusted library allocation
page read and write
20272C22000
heap
page read and write
220A1632000
heap
page read and write
2026DD59000
heap
page read and write
4B5767E000
stack
page read and write
24916413000
heap
page read and write
F20000
trusted library allocation
page read and write
24916330000
heap
page read and write
2624C230000
heap
page read and write
2026D697000
heap
page read and write
1CCA407E000
heap
page read and write
2631E113000
heap
page read and write
1080000
trusted library allocation
page read and write
FE9A2FC000
stack
page read and write
2026D725000
heap
page read and write
220A1702000
heap
page read and write
2331286C000
heap
page read and write
2624B780000
trusted library allocation
page read and write
25194702000
heap
page read and write
220A1645000
heap
page read and write
2CE9000
trusted library allocation
page read and write
2026E540000
trusted library section
page readonly
18E9280D000
heap
page read and write
2D09000
trusted library allocation
page read and write
F2910FD000
stack
page read and write
220A163B000
heap
page read and write
220A15B0000
trusted library allocation
page read and write
220A1440000
heap
page read and write
220A1665000
heap
page read and write
220A1662000
heap
page read and write
FE9A77D000
stack
page read and write
18E927C8000
heap
page read and write
7A0000
remote allocation
page read and write
1CCA4056000
heap
page read and write
2624B9B9000
heap
page read and write
68ED07E000
stack
page read and write
24916452000
heap
page read and write
2026DF01000
trusted library allocation
page read and write
4E2E000
stack
page read and write
CF3F37E000
stack
page read and write
2624C190000
heap
page read and write
2D14000
trusted library allocation
page read and write
F9E000
stack
page read and write
2026D400000
heap
page read and write
1CCA4100000
heap
page read and write
2026D613000
heap
page read and write
2D06000
trusted library allocation
page read and write
23312902000
heap
page read and write
20272A60000
trusted library allocation
page read and write
2CF1000
trusted library allocation
page read and write
CE0000
heap
page read and write
28147E13000
heap
page read and write
25194BB0000
remote allocation
page read and write
2D0C000
trusted library allocation
page read and write
220A1646000
heap
page read and write
28147F02000
heap
page read and write
20272C17000
heap
page read and write
28147E64000
heap
page read and write
FE9A57D000
stack
page read and write
F29117E000
stack
page read and write
2624B843000
heap
page read and write
1CCA4118000
heap
page read and write
28147E79000
heap
page read and write
CF3F27B000
stack
page read and write
20272BC0000
remote allocation
page read and write
251943B0000
heap
page read and write
BDE5BFE000
stack
page read and write
68ECF7F000
stack
page read and write
FE9A27E000
stack
page read and write
8E8000
heap
page read and write
2CE3000
trusted library allocation
page read and write
28147E68000
heap
page read and write
2026DD18000
heap
page read and write
249163C0000
trusted library allocation
page read and write
20272C45000
heap
page read and write
FE9A3FE000
stack
page read and write
20272A60000
trusted library allocation
page read and write
20272950000
trusted library allocation
page read and write
2CFA000
trusted library allocation
page read and write
E185CFF000
stack
page read and write
E18647F000
stack
page read and write
2026E530000
trusted library section
page readonly
18E926C0000
heap
page read and write
24916C02000
trusted library allocation
page read and write
23312829000
heap
page read and write
220A1629000
heap
page read and write
68ED37C000
stack
page read and write
2624B9E5000
heap
page read and write
220A1664000
heap
page read and write
2624C1B1000
heap
page read and write
2026D641000
heap
page read and write
2631DFC0000
heap
page read and write
28147DA0000
trusted library allocation
page read and write
1CCA5AF0000
remote allocation
page read and write
220A165F000
heap
page read and write
F02000
trusted library allocation
page execute and read and write
1CCA4047000
heap
page read and write
20272B70000
trusted library allocation
page read and write
E1862FF000
stack
page read and write
2026D67C000
heap
page read and write
20272A65000
trusted library allocation
page read and write
E185F7B000
stack
page read and write
18E92570000
trusted library allocation
page read and write
2624C100000
heap
page read and write
2624B88A000
heap
page read and write
4B573FB000
stack
page read and write
2624C16F000
heap
page read and write
E1860FA000
stack
page read and write
2624C200000
heap
page read and write
2026D5E0000
trusted library section
page read and write
220A165A000
heap
page read and write
28147F00000
heap
page read and write
20272A61000
trusted library allocation
page read and write
23312800000
heap
page read and write
2026D673000
heap
page read and write
2026D6A2000
heap
page read and write
2D11000
trusted library allocation
page read and write
220A1600000
heap
page read and write
F5B000
trusted library allocation
page execute and read and write
2026DD02000
heap
page read and write
513E000
stack
page read and write
28147E28000
heap
page read and write
18E92804000
heap
page read and write
28147D00000
heap
page read and write
F29127D000
stack
page read and write
56E3F0B000
stack
page read and write
220A1658000
heap
page read and write
2026D678000
heap
page read and write
4B5797E000
stack
page read and write
2624B660000
heap
page read and write
2624C223000
heap
page read and write
28147F13000
heap
page read and write
2624C227000
heap
page read and write
68ED17F000
stack
page read and write
202728D0000
trusted library allocation
page read and write
1CCA405C000
heap
page read and write
2CF7000
trusted library allocation
page read and write
1CCA5C02000
trusted library allocation
page read and write
8E0000
heap
page read and write
24916429000
heap
page read and write
2624B913000
heap
page read and write
18E929E0000
trusted library allocation
page read and write
2624B858000
heap
page read and write
220A1668000
heap
page read and write
20272AA4000
trusted library allocation
page read and write
18E92A15000
heap
page read and write
D73EBFA000
stack
page read and write
233128CB000
heap
page read and write
4F6C000
stack
page read and write
25194BB0000
remote allocation
page read and write
56E4479000
stack
page read and write
B10000
trusted library allocation
page read and write
18E92A10000
heap
page read and write
1070000
heap
page read and write
3F0000
heap
page read and write
F290C7D000
stack
page read and write
1CCA3F40000
heap
page read and write
7A0000
remote allocation
page read and write
20272BA0000
trusted library allocation
page read and write
BDE58FE000
stack
page read and write
2631E077000
heap
page read and write
20272BC0000
trusted library allocation
page read and write
CF3F07E000
stack
page read and write
20272C11000
heap
page read and write
2624B800000
heap
page read and write
25194624000
heap
page read and write
2026E550000
trusted library section
page readonly
There are 497 hidden memdumps, click here to show them.