Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
8082-svc-x64.exe
|
PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml (copy)
|
XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
|
dropped
|
||
|
C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml
|
XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
|
modified
|
||
|
C:\Windows\Logs\waasmedic\waasmedic.20230109_001222_097.etl
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\servicereg.log
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\servicestart.log
|
ASCII text, with CRLF line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\8082-svc-x64.exe
|
C:\Users\user\Desktop\8082-svc-x64.exe
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k unistacksvcgroup
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c sc create qFrdg binpath= "C:\Users\user\Desktop\8082-svc-x64.exe" >> C:\servicereg.log 2>&1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\sc.exe
|
sc create qFrdg binpath= "C:\Users\user\Desktop\8082-svc-x64.exe"
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c sc start qFrdg >> C:\servicestart.log 2>&1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\sc.exe
|
sc start qFrdg
|
||
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 9 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://20.104.209.69:8082/broadcast
|
20.104.209.69
|
|
|
|
20.104.209.69
|
|
||
|
http://20.104.209.69:8082/1/events/com.amazon.csm.csa.prod
|
20.104.209.69
|
|
|
|
http://20.104.209.69:8082/broadcastsi
|
unknown
|
||
|
http://20.104.209.69:8082/broadcastgZ
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
|
https://www.amazon.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.tiles.ditu.live.com/tiles/gen
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
|
http://20.104.209.69:8082/broadcastashSessionKeyBackward
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
|
http://20.104.209.69:8082/1/events/com.amazon.csm.csa.prodMicrosoft
|
unknown
|
||
|
http://20.104.209.69:8082/1/events/com.amazon.csm.csa.prodf5
|
unknown
|
||
|
https://www.amazon.comL
|
unknown
|
||
|
http://www.bingmapsportal.com
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
http://20.104.209.69:8082/1/events/com.amazon.csm.csa.prodQ
|
unknown
|
||
|
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
|
http://20.104.209.69:8082/broadcast%bT
|
unknown
|
||
|
http://20.104.209.69:8082/broadcastashSessionKeyBackwardQ
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
||
|
http://20.104.209.69:8082/broadcastashSessionKeyBackwardY
|
unknown
|
||
|
https://d22u79neyj432a.cloudfront.net/bfc50dfa-8e10-44b5-ae59-ac26bfc71489/54857e6d-c060-4b3c-914a-8
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
|
http://20.104.209.69:8082/broadcastashSessionKeyBackwarda
|
unknown
|
||
|
http://20.104.209.69:8082/broadcastp
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://www.amazon.compN
|
unknown
|
||
|
https://%s.xboxlive.com
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Locations
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
|
http://20.104.209.69:8082/broadcastashSessionKeyBackwardp
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dynamic.t
|
unknown
|
||
|
http://20.104.209.69:8082/1/events/com.amazon.csm.csa.prodE?b
|
unknown
|
||
|
http://20.104.209.69:8082/broadcastashSessionKeyBackwardy
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
|
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
|
http://20.104.209.69:8082/broadcastwe
|
unknown
|
||
|
https://activity.windows.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
|
https://%s.dnet.xboxlive.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
There are 47 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
20.104.209.69
|
unknown
|
United States
|
|
|
|
192.168.2.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
|
MonthID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
|
UsoCrmScan
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator
|
USODiagnostics
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
270F7DF0000
|
remote allocation
|
page execute read
|
|
|
|
650000
|
heap
|
page read and write
|
|
|
|
270F7DF0000
|
remote allocation
|
page execute read
|
|
|
|
72AB3FD000
|
stack
|
page read and write
|
||
|
72AB279000
|
stack
|
page read and write
|
||
|
404000
|
unkown
|
page write copy
|
||
|
2A106402000
|
trusted library allocation
|
page read and write
|
||
|
18859C28000
|
heap
|
page read and write
|
||
|
270F7F34000
|
unkown
|
page read and write
|
||
|
14E50790000
|
remote allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
270F7F2A000
|
direct allocation
|
page read and write
|
||
|
1EFB4300000
|
heap
|
page read and write
|
||
|
22344AA1000
|
heap
|
page read and write
|
||
|
2697BEF0000
|
heap
|
page read and write
|
||
|
2697BFB8000
|
heap
|
page read and write
|
||
|
18859C58000
|
heap
|
page read and write
|
||
|
1885A402000
|
trusted library allocation
|
page read and write
|
||
|
20E99E29000
|
heap
|
page read and write
|
||
|
14DA5263000
|
heap
|
page read and write
|
||
|
22345400000
|
heap
|
page read and write
|
||
|
14E50800000
|
heap
|
page read and write
|
||
|
270F8140000
|
direct allocation
|
page read and write
|
||
|
22344A9B000
|
heap
|
page read and write
|
||
|
2A105BE0000
|
heap
|
page read and write
|
||
|
270F7F1E000
|
direct allocation
|
page read and write
|
||
|
14E51002000
|
trusted library allocation
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
20E99E5C000
|
heap
|
page read and write
|
||
|
20E99E42000
|
heap
|
page read and write
|
||
|
22345322000
|
heap
|
page read and write
|
||
|
22344A3C000
|
heap
|
page read and write
|
||
|
FF9557E000
|
stack
|
page read and write
|
||
|
223453AD000
|
heap
|
page read and write
|
||
|
2234536D000
|
heap
|
page read and write
|
||
|
270F7F2C000
|
direct allocation
|
page read and write
|
||
|
270F7F34000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D85FC7B000
|
stack
|
page read and write
|
||
|
22344A98000
|
heap
|
page read and write
|
||
|
2234530A000
|
heap
|
page read and write
|
||
|
1EFB39B0000
|
heap
|
page read and write
|
||
|
39E000
|
stack
|
page read and write
|
||
|
2697BDB0000
|
heap
|
page read and write
|
||
|
14E50730000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
DD8FB79000
|
stack
|
page read and write
|
||
|
270F7ECF000
|
unkown
|
page read and write
|
||
|
F7773AB000
|
stack
|
page read and write
|
||
|
C263FC000
|
stack
|
page read and write
|
||
|
270F7F36000
|
direct allocation
|
page read and write
|
||
|
270F7F34000
|
unkown
|
page read and write
|
||
|
319A7F000
|
stack
|
page read and write
|
||
|
270F7F0B000
|
direct allocation
|
page read and write
|
||
|
22345354000
|
heap
|
page read and write
|
||
|
14E506D0000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
18859BC0000
|
trusted library allocation
|
page read and write
|
||
|
270F7EC1000
|
direct allocation
|
page read and write
|
||
|
18859AC0000
|
heap
|
page read and write
|
||
|
20E99E5F000
|
heap
|
page read and write
|
||
|
18859D13000
|
heap
|
page read and write
|
||
|
20E99E3C000
|
heap
|
page read and write
|
||
|
88E000
|
stack
|
page read and write
|
||
|
270F7F07000
|
unkown
|
page read and write
|
||
|
2A105E49000
|
heap
|
page read and write
|
||
|
3B0000
|
heap
|
page read and write
|
||
|
1CC41B40000
|
heap
|
page read and write
|
||
|
22344A66000
|
heap
|
page read and write
|
||
|
14DA5247000
|
heap
|
page read and write
|
||
|
14DA5100000
|
trusted library allocation
|
page read and write
|
||
|
404000
|
unkown
|
page write copy
|
||
|
140000
|
heap
|
page read and write
|
||
|
223453B9000
|
heap
|
page read and write
|
||
|
D86017E000
|
stack
|
page read and write
|
||
|
A5F000
|
stack
|
page read and write
|
||
|
270F7F2A000
|
unkown
|
page read and write
|
||
|
270F7EC1000
|
direct allocation
|
page read and write
|
||
|
14E50902000
|
heap
|
page read and write
|
||
|
14E50829000
|
heap
|
page read and write
|
||
|
1EFB3A13000
|
heap
|
page read and write
|
||
|
22344A67000
|
heap
|
page read and write
|
||
|
1CC41C62000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
14DA5213000
|
heap
|
page read and write
|
||
|
319C7C000
|
stack
|
page read and write
|
||
|
22345430000
|
heap
|
page read and write
|
||
|
1CC41C00000
|
heap
|
page read and write
|
||
|
2A105E28000
|
heap
|
page read and write
|
||
|
270F7F39000
|
unkown
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
22344860000
|
heap
|
page read and write
|
||
|
3197FC000
|
stack
|
page read and write
|
||
|
20E99E5A000
|
heap
|
page read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
2234530E000
|
heap
|
page read and write
|
||
|
1393D7B000
|
stack
|
page read and write
|
||
|
270F7E40000
|
heap
|
page read and write
|
||
|
319D7D000
|
stack
|
page read and write
|
||
|
270F8195000
|
heap
|
page read and write
|
||
|
1EFB3940000
|
heap
|
page read and write
|
||
|
1CC41B50000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
14DA5257000
|
heap
|
page read and write
|
||
|
B64087E000
|
stack
|
page read and write
|
||
|
F777779000
|
stack
|
page read and write
|
||
|
A09000
|
heap
|
page read and write
|
||
|
543C97E000
|
stack
|
page read and write
|
||
|
D86007F000
|
stack
|
page read and write
|
||
|
14DA51D0000
|
remote allocation
|
page read and write
|
||
|
2A105E2E000
|
heap
|
page read and write
|
||
|
627000
|
heap
|
page read and write
|
||
|
14DA51D0000
|
remote allocation
|
page read and write
|
||
|
270F7ECF000
|
direct allocation
|
page read and write
|
||
|
270F7EB7000
|
direct allocation
|
page read and write
|
||
|
543C37F000
|
stack
|
page read and write
|
||
|
14DA5258000
|
heap
|
page read and write
|
||
|
20E99E57000
|
heap
|
page read and write
|
||
|
2697BF10000
|
heap
|
page read and write
|
||
|
22344A58000
|
heap
|
page read and write
|
||
|
22344A70000
|
heap
|
page read and write
|
||
|
14DA5248000
|
heap
|
page read and write
|
||
|
22344B8E000
|
heap
|
page read and write
|
||
|
2697BFFD000
|
heap
|
page read and write
|
||
|
14DA5271000
|
heap
|
page read and write
|
||
|
DD8FC7C000
|
stack
|
page read and write
|
||
|
270F7F12000
|
direct allocation
|
page read and write
|
||
|
22344A8D000
|
heap
|
page read and write
|
||
|
270F7ECF000
|
direct allocation
|
page read and write
|
||
|
C2687E000
|
stack
|
page read and write
|
||
|
18859D02000
|
heap
|
page read and write
|
||
|
14E50820000
|
heap
|
page read and write
|
||
|
543C3FC000
|
stack
|
page read and write
|
||
|
270F7F07000
|
direct allocation
|
page read and write
|
||
|
20E99E41000
|
heap
|
page read and write
|
||
|
3E0000
|
trusted library allocation
|
page read and write
|
||
|
14DA5240000
|
heap
|
page read and write
|
||
|
D85F87B000
|
stack
|
page read and write
|
||
|
270F7D80000
|
heap
|
page read and write
|
||
|
44B000
|
unkown
|
page read and write
|
||
|
2697BFF5000
|
heap
|
page read and write
|
||
|
FF959FF000
|
stack
|
page read and write
|
||
|
20E99E7B000
|
heap
|
page read and write
|
||
|
270F7F34000
|
unkown
|
page read and write
|
||
|
72AB275000
|
stack
|
page read and write
|
||
|
14E506C0000
|
heap
|
page read and write
|
||
|
22345302000
|
heap
|
page read and write
|
||
|
1EFB3ACF000
|
heap
|
page read and write
|
||
|
270F7EB2000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
2697C1A0000
|
heap
|
page read and write
|
||
|
F7778F9000
|
stack
|
page read and write
|
||
|
2697C1A5000
|
heap
|
page read and write
|
||
|
20E99E61000
|
heap
|
page read and write
|
||
|
2A105E00000
|
heap
|
page read and write
|
||
|
14DA5318000
|
heap
|
page read and write
|
||
|
18859D00000
|
heap
|
page read and write
|
||
|
3DF000
|
stack
|
page read and write
|
||
|
84F000
|
stack
|
page read and write
|
||
|
14DA5200000
|
heap
|
page read and write
|
||
|
22345300000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
2697BDC0000
|
trusted library allocation
|
page read and write
|
||
|
22344A43000
|
heap
|
page read and write
|
||
|
223447F0000
|
heap
|
page read and write
|
||
|
20E99E7A000
|
heap
|
page read and write
|
||
|
18859C13000
|
heap
|
page read and write
|
||
|
1CC41C13000
|
heap
|
page read and write
|
||
|
270F7EB1000
|
direct allocation
|
page read and write
|
||
|
2697CD10000
|
heap
|
page readonly
|
||
|
1EFB3A3E000
|
heap
|
page read and write
|
||
|
2A105E13000
|
heap
|
page read and write
|
||
|
2A105E3D000
|
heap
|
page read and write
|
||
|
22344A54000
|
heap
|
page read and write
|
||
|
B64017D000
|
stack
|
page read and write
|
||
|
22344BB9000
|
heap
|
page read and write
|
||
|
270F7F22000
|
direct allocation
|
page read and write
|
||
|
72AB47D000
|
stack
|
page read and write
|
||
|
FF954FE000
|
stack
|
page read and write
|
||
|
14DA5120000
|
trusted library allocation
|
page read and write
|
||
|
22345413000
|
heap
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
270F7F26000
|
unkown
|
page read and write
|
||
|
1CC41C72000
|
heap
|
page read and write
|
||
|
22344980000
|
trusted library allocation
|
page read and write
|
||
|
2697CAE0000
|
trusted library allocation
|
page read and write
|
||
|
22345423000
|
heap
|
page read and write
|
||
|
2A105E02000
|
heap
|
page read and write
|
||
|
270F7EB7000
|
direct allocation
|
page read and write
|
||
|
270F81A2000
|
direct allocation
|
page read and write
|
||
|
18859C6B000
|
heap
|
page read and write
|
||
|
14DA4FA0000
|
heap
|
page read and write
|
||
|
64D000
|
stack
|
page read and write
|
||
|
319B7F000
|
stack
|
page read and write
|
||
|
270F7F26000
|
direct allocation
|
page read and write
|
||
|
D85FFFE000
|
stack
|
page read and write
|
||
|
1CC41C89000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
1CC41C65000
|
heap
|
page read and write
|
||
|
2697CD80000
|
trusted library allocation
|
page read and write
|
||
|
20E99E6B000
|
heap
|
page read and write
|
||
|
270F7F39000
|
direct allocation
|
page read and write
|
||
|
20E99E60000
|
heap
|
page read and write
|
||
|
543C4FC000
|
stack
|
page read and write
|
||
|
1CC41C6C000
|
heap
|
page read and write
|
||
|
1CC41C5B000
|
heap
|
page read and write
|
||
|
18859C79000
|
heap
|
page read and write
|
||
|
1393C7B000
|
stack
|
page read and write
|
||
|
22344A94000
|
heap
|
page read and write
|
||
|
1EFB3A8B000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
270F8140000
|
direct allocation
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
DD8FD7E000
|
stack
|
page read and write
|
||
|
14DA6C02000
|
trusted library allocation
|
page read and write
|
||
|
D85FA7B000
|
stack
|
page read and write
|
||
|
1CC41D13000
|
heap
|
page read and write
|
||
|
22345427000
|
heap
|
page read and write
|
||
|
FF9547C000
|
stack
|
page read and write
|
||
|
B63FF7A000
|
stack
|
page read and write
|
||
|
270F7F39000
|
unkown
|
page read and write
|
||
|
270F7F1E000
|
direct allocation
|
page read and write
|
||
|
2697BF90000
|
trusted library allocation
|
page read and write
|
||
|
270F7F2A000
|
direct allocation
|
page read and write
|
||
|
B64067F000
|
stack
|
page read and write
|
||
|
20E99E58000
|
heap
|
page read and write
|
||
|
22344A29000
|
heap
|
page read and write
|
||
|
270F7EB1000
|
unkown
|
page read and write
|
||
|
319F7D000
|
stack
|
page read and write
|
||
|
20E9A402000
|
trusted library allocation
|
page read and write
|
||
|
2697BFB0000
|
heap
|
page read and write
|
||
|
C2647E000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
270F7EC1000
|
direct allocation
|
page read and write
|
||
|
22344AA1000
|
heap
|
page read and write
|
||
|
543C57B000
|
stack
|
page read and write
|
||
|
270F7F12000
|
direct allocation
|
page read and write
|
||
|
7D0000
|
trusted library allocation
|
page read and write
|
||
|
270F7E7B000
|
unkown
|
page read and write
|
||
|
DD8F5BB000
|
stack
|
page read and write
|
||
|
14DA5202000
|
heap
|
page read and write
|
||
|
F77787E000
|
stack
|
page read and write
|
||
|
270F8190000
|
heap
|
page read and write
|
||
|
14DA5248000
|
heap
|
page read and write
|
||
|
2BD000
|
stack
|
page read and write
|
||
|
2A106390000
|
trusted library allocation
|
page read and write
|
||
|
20E99E6D000
|
heap
|
page read and write
|
||
|
2697C012000
|
heap
|
page read and write
|
||
|
22344A13000
|
heap
|
page read and write
|
||
|
1EFB3A6E000
|
heap
|
page read and write
|
||
|
D85FEFE000
|
stack
|
page read and write
|
||
|
20E99E7E000
|
heap
|
page read and write
|
||
|
14E50840000
|
heap
|
page read and write
|
||
|
2697C1B0000
|
trusted library allocation
|
page read and write
|
||
|
C267FD000
|
stack
|
page read and write
|
||
|
1EFB3B13000
|
heap
|
page read and write
|
||
|
14E50813000
|
heap
|
page read and write
|
||
|
22344B13000
|
heap
|
page read and write
|
||
|
270F7F22000
|
unkown
|
page read and write
|
||
|
270F7F12000
|
unkown
|
page read and write
|
||
|
270F7DE0000
|
remote allocation
|
page read and write
|
||
|
B64037D000
|
stack
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
22344960000
|
trusted library allocation
|
page read and write
|
||
|
F7777FD000
|
stack
|
page read and write
|
||
|
1CC41BB0000
|
heap
|
page read and write
|
||
|
447000
|
unkown
|
page readonly
|
||
|
14E50790000
|
remote allocation
|
page read and write
|
||
|
D85FCF9000
|
stack
|
page read and write
|
||
|
20E99E6A000
|
heap
|
page read and write
|
||
|
774000
|
heap
|
page read and write
|
||
|
20E99E3A000
|
heap
|
page read and write
|
||
|
270F7F0F000
|
unkown
|
page read and write
|
||
|
72AB4FC000
|
stack
|
page read and write
|
||
|
DD8F9FE000
|
stack
|
page read and write
|
||
|
2697BF80000
|
trusted library allocation
|
page read and write
|
||
|
B64047F000
|
stack
|
page read and write
|
||
|
2A105E53000
|
heap
|
page read and write
|
||
|
FF956FE000
|
stack
|
page read and write
|
||
|
270F7F0F000
|
direct allocation
|
page read and write
|
||
|
18859C02000
|
heap
|
page read and write
|
||
|
270F7F0B000
|
unkown
|
page read and write
|
||
|
270F8AED000
|
direct allocation
|
page read and write
|
||
|
22345322000
|
heap
|
page read and write
|
||
|
1CC42402000
|
trusted library allocation
|
page read and write
|
||
|
18859C40000
|
heap
|
page read and write
|
||
|
14E50760000
|
trusted library allocation
|
page read and write
|
||
|
543BC9B000
|
stack
|
page read and write
|
||
|
1EFB3B02000
|
heap
|
page read and write
|
||
|
22345402000
|
heap
|
page read and write
|
||
|
14E50802000
|
heap
|
page read and write
|
||
|
447000
|
unkown
|
page readonly
|
||
|
22344A43000
|
heap
|
page read and write
|
||
|
1CC41D02000
|
heap
|
page read and write
|
||
|
270F7ECF000
|
direct allocation
|
page read and write
|
||
|
D85FDFA000
|
stack
|
page read and write
|
||
|
22345202000
|
heap
|
page read and write
|
||
|
14DA5150000
|
trusted library allocation
|
page read and write
|
||
|
C266FE000
|
stack
|
page read and write
|
||
|
B64057E000
|
stack
|
page read and write
|
||
|
270F7EB2000
|
direct allocation
|
page read and write
|
||
|
20E99E67000
|
heap
|
page read and write
|
||
|
14DA5190000
|
trusted library allocation
|
page read and write
|
||
|
20E9A390000
|
trusted library allocation
|
page read and write
|
||
|
270F8040000
|
heap
|
page read and write
|
||
|
270F7F22000
|
direct allocation
|
page read and write
|
||
|
270F7E70000
|
unkown
|
page read and write
|
||
|
2697BFFC000
|
heap
|
page read and write
|
||
|
20E99BD0000
|
heap
|
page read and write
|
||
|
3193BB000
|
stack
|
page read and write
|
||
|
B64007F000
|
stack
|
page read and write
|
||
|
543C27E000
|
stack
|
page read and write
|
||
|
18859C00000
|
heap
|
page read and write
|
||
|
14DA4F90000
|
heap
|
page read and write
|
||
|
543C87C000
|
stack
|
page read and write
|
||
|
22344800000
|
heap
|
page read and write
|
||
|
1EFB3A65000
|
heap
|
page read and write
|
||
|
2A105F02000
|
heap
|
page read and write
|
||
|
270F7F34000
|
direct allocation
|
page read and write
|
||
|
20E99E55000
|
heap
|
page read and write
|
||
|
1EFB39E0000
|
trusted library allocation
|
page read and write
|
||
|
67D000
|
stack
|
page read and write
|
||
|
D85FB7F000
|
stack
|
page read and write
|
||
|
2697C017000
|
heap
|
page read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
1EFB3A00000
|
heap
|
page read and write
|
||
|
1EFB3950000
|
heap
|
page read and write
|
||
|
20E99E84000
|
heap
|
page read and write
|
||
|
22344BE5000
|
heap
|
page read and write
|
||
|
18859A60000
|
heap
|
page read and write
|
||
|
2FC000
|
stack
|
page read and write
|
||
|
543C67E000
|
stack
|
page read and write
|
||
|
14DA5258000
|
heap
|
page read and write
|
||
|
2697BFFC000
|
heap
|
page read and write
|
||
|
14DA522A000
|
heap
|
page read and write
|
||
|
2697C190000
|
trusted library allocation
|
page read and write
|
||
|
2A105E3B000
|
heap
|
page read and write
|
||
|
20E99E13000
|
heap
|
page read and write
|
||
|
C2667D000
|
stack
|
page read and write
|
||
|
1EFB3A29000
|
heap
|
page read and write
|
||
|
1EFB4202000
|
heap
|
page read and write
|
||
|
14E50790000
|
remote allocation
|
page read and write
|
||
|
20E99C30000
|
heap
|
page read and write
|
||
|
20E99E59000
|
heap
|
page read and write
|
||
|
270F7F26000
|
direct allocation
|
page read and write
|
||
|
B64077F000
|
stack
|
page read and write
|
||
|
1393E7F000
|
stack
|
page read and write
|
||
|
270F7F30000
|
unkown
|
page read and write
|
||
|
FF957FF000
|
stack
|
page read and write
|
||
|
270F7F2C000
|
unkown
|
page read and write
|
||
|
FF958FE000
|
stack
|
page read and write
|
||
|
1CC41C02000
|
heap
|
page read and write
|
||
|
14DA51D0000
|
remote allocation
|
page read and write
|
||
|
20E99E56000
|
heap
|
page read and write
|
||
|
44B000
|
unkown
|
page write copy
|
||
|
20E99E24000
|
heap
|
page read and write
|
||
|
20E99E4D000
|
heap
|
page read and write
|
||
|
1EFB3A67000
|
heap
|
page read and write
|
||
|
20E99E77000
|
heap
|
page read and write
|
||
|
31997F000
|
stack
|
page read and write
|
||
|
270F81CC000
|
direct allocation
|
page read and write
|
||
|
14E50855000
|
heap
|
page read and write
|
||
|
22345390000
|
heap
|
page read and write
|
||
|
20E99E31000
|
heap
|
page read and write
|
||
|
270F8140000
|
direct allocation
|
page read and write
|
||
|
20E99E33000
|
heap
|
page read and write
|
||
|
543C77E000
|
stack
|
page read and write
|
||
|
1CC41C59000
|
heap
|
page read and write
|
||
|
14DA5302000
|
heap
|
page read and write
|
||
|
79F000
|
stack
|
page read and write
|
||
|
20E99E00000
|
heap
|
page read and write
|
||
|
B63FB4C000
|
stack
|
page read and write
|
||
|
20E99E47000
|
heap
|
page read and write
|
||
|
2697BFA0000
|
trusted library allocation
|
page read and write
|
||
|
C25F4B000
|
stack
|
page read and write
|
||
|
14DA5289000
|
heap
|
page read and write
|
||
|
20E99F02000
|
heap
|
page read and write
|
||
|
20E99BC0000
|
heap
|
page read and write
|
||
|
2697C1A9000
|
heap
|
page read and write
|
||
|
270F7F1E000
|
unkown
|
page read and write
|
||
|
2697CD20000
|
trusted library allocation
|
page read and write
|
||
|
63D000
|
stack
|
page read and write
|
||
|
1CC41C2A000
|
heap
|
page read and write
|
||
|
1EFB3AC7000
|
heap
|
page read and write
|
||
|
18859A50000
|
heap
|
page read and write
|
||
|
14DA5313000
|
heap
|
page read and write
|
||
|
F7779FE000
|
stack
|
page read and write
|
||
|
20E99E40000
|
heap
|
page read and write
|
||
|
1EFB3ABE000
|
heap
|
page read and write
|
||
|
14DA5000000
|
heap
|
page read and write
|
||
|
22344A00000
|
heap
|
page read and write
|
||
|
270F7F32000
|
unkown
|
page read and write
|
||
|
139387B000
|
stack
|
page read and write
|
||
|
2A105E45000
|
heap
|
page read and write
|
||
|
20E99E62000
|
heap
|
page read and write
|
||
|
2697CD30000
|
trusted library allocation
|
page read and write
|
||
|
22345343000
|
heap
|
page read and write
|
||
|
14DA525C000
|
heap
|
page read and write
|
||
|
22344A96000
|
heap
|
page read and write
|
||
|
20E99E26000
|
heap
|
page read and write
|
||
|
543C0FB000
|
stack
|
page read and write
|
||
|
14DA5300000
|
heap
|
page read and write
|
||
|
270F8140000
|
direct allocation
|
page read and write
|
||
|
2A105BD0000
|
heap
|
page read and write
|
||
|
2A105C30000
|
heap
|
page read and write
|
||
|
1CC41C62000
|
heap
|
page read and write
|
||
|
270F7EB3000
|
unkown
|
page read and write
|
||
|
1CC41BE0000
|
trusted library allocation
|
page read and write
|
||
|
14E5085E000
|
heap
|
page read and write
|
||
|
F8D000
|
stack
|
page read and write
|
||
|
270F7EB7000
|
direct allocation
|
page read and write
|
||
|
1393B7B000
|
stack
|
page read and write
|
||
|
1CC41C41000
|
heap
|
page read and write
|
||
|
270F7F07000
|
direct allocation
|
page read and write
|
There are 406 hidden memdumps, click here to show them.