Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\qbxctmyn.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\SysWOW64\htdzdeug\qbxctmyn.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml (copy)
|
XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
|
dropped
|
||
|
C:\ProgramData\USOPrivate\UpdateStore\updatestoretemp51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml
|
XML 1.0 document, ASCII text, with very long lines (2494), with no line terminators
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl (copy)
|
data
|
dropped
|
||
|
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration_Temp.1.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001 (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001 (copy)
|
data
|
dropped
|
||
|
C:\Windows\Logs\waasmedic\waasmedic.20230208_040427_786.etl
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
||
|
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20230208_040419_207.etl
|
data
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k unistacksvcgroup
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\SysWOW64\htdzdeug\qbxctmyn.exe
|
C:\Windows\SysWOW64\htdzdeug\qbxctmyn.exe /d"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow
program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k netsvcs -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
c:\windows\system32\svchost.exe -k wusvcs -p -s WaaSMedicSvc
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
svchost.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\htdzdeug\
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\qbxctmyn.exe" C:\Windows\SysWOW64\htdzdeug\
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\sc.exe
|
C:\Windows\System32\sc.exe" create htdzdeug binPath= "C:\Windows\SysWOW64\htdzdeug\qbxctmyn.exe /d\"C:\Users\user\Desktop\file.exe\""
type= own start= auto DisplayName= "wifi support
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\sc.exe
|
C:\Windows\System32\sc.exe" description htdzdeug "wifi internet conection
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\SgrmBroker.exe
|
C:\Windows\system32\SgrmBroker.exe
|
||
|
C:\Windows\SysWOW64\sc.exe
|
"C:\Windows\System32\sc.exe" start htdzdeug
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 16 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
jotunheim.name:443
|
|
||
|
svartalfheim.top:443
|
|
||
|
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.tiles.ditu.live.com/tiles/gen
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
|
unknown
|
||
|
https://%s.xboxlive.com
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Locations
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
|
https://dynamic.t
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
|
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
|
https://activity.windows.com
|
unknown
|
||
|
http://www.bingmapsportal.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://%s.dnet.xboxlive.com
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
There are 29 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
svartalfheim.top
|
176.124.192.220
|
|
|
|
microsoft-com.mail.protection.outlook.com
|
104.47.54.36
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
176.124.192.220
|
svartalfheim.top
|
Russian Federation
|
|
|
|
104.47.54.36
|
microsoft-com.mail.protection.outlook.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Usage
|
MonthID
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\Scheduler
|
UsoCrmScan
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator
|
USODiagnostics
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
C:\Windows\SysWOW64\htdzdeug
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\htdzdeug
|
ImagePath
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
E30000
|
direct allocation
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
E90000
|
direct allocation
|
page read and write
|
|
|
|
120000
|
remote allocation
|
page execute and read and write
|
|
|
|
2080000
|
direct allocation
|
page execute and read and write
|
|
|
|
E50000
|
direct allocation
|
page read and write
|
|
|
|
21C0000
|
direct allocation
|
page read and write
|
|
|
|
2142ECA0000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
2142EE24000
|
heap
|
page read and write
|
||
|
2AC63040000
|
trusted library allocation
|
page read and write
|
||
|
2AC62DE0000
|
remote allocation
|
page read and write
|
||
|
189DAC50000
|
heap
|
page read and write
|
||
|
9BF000
|
stack
|
page read and write
|
||
|
2AC6142A000
|
heap
|
page read and write
|
||
|
27EF9E56000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
D704D7D000
|
stack
|
page read and write
|
||
|
2AC612F0000
|
heap
|
page read and write
|
||
|
284C000
|
stack
|
page read and write
|
||
|
28763B12000
|
heap
|
page read and write
|
||
|
5AA000
|
heap
|
page read and write
|
||
|
1BF0F413000
|
heap
|
page read and write
|
||
|
28763090000
|
heap
|
page read and write
|
||
|
415000
|
unkown
|
page execute read
|
||
|
828000
|
heap
|
page read and write
|
||
|
AB84FF9000
|
stack
|
page read and write
|
||
|
21B3603C000
|
heap
|
page read and write
|
||
|
21B3605B000
|
heap
|
page read and write
|
||
|
2AC6148A000
|
heap
|
page read and write
|
||
|
189DAC6A000
|
heap
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
2BBF000
|
stack
|
page read and write
|
||
|
FC848FF000
|
stack
|
page read and write
|
||
|
28763223000
|
heap
|
page read and write
|
||
|
2AC61463000
|
heap
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
1A57346C000
|
heap
|
page read and write
|
||
|
27EF9DD0000
|
heap
|
page read and write
|
||
|
189DAC45000
|
heap
|
page read and write
|
||
|
170000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
AB84D7A000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
21B35F90000
|
trusted library allocation
|
page read and write
|
||
|
189DAC48000
|
heap
|
page read and write
|
||
|
287632E3000
|
heap
|
page read and write
|
||
|
1A573500000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
27EF9D60000
|
heap
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
2142EE3D000
|
heap
|
page read and write
|
||
|
75E000
|
stack
|
page read and write
|
||
|
D70547E000
|
stack
|
page read and write
|
||
|
395E000
|
stack
|
page read and write
|
||
|
27EF9E58000
|
heap
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
AD000
|
stack
|
page read and write
|
||
|
5DEB27E000
|
stack
|
page read and write
|
||
|
612000
|
heap
|
page read and write
|
||
|
27EF9E62000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
2EA0000
|
heap
|
page read and write
|
||
|
27EF9E26000
|
heap
|
page read and write
|
||
|
1A573428000
|
heap
|
page read and write
|
||
|
21B35F60000
|
heap
|
page read and write
|
||
|
189DAC7B000
|
heap
|
page read and write
|
||
|
2142F602000
|
trusted library allocation
|
page read and write
|
||
|
414000
|
unkown
|
page execute and read and write
|
||
|
189DABD0000
|
trusted library allocation
|
page read and write
|
||
|
853000
|
heap
|
page read and write
|
||
|
2AC61458000
|
heap
|
page read and write
|
||
|
1DD000
|
stack
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
28763B00000
|
heap
|
page read and write
|
||
|
2EA9000
|
heap
|
page read and write
|
||
|
1BF0F400000
|
heap
|
page read and write
|
||
|
689000
|
heap
|
page read and write
|
||
|
27EFA813000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
63B000
|
heap
|
page read and write
|
||
|
636000
|
heap
|
page read and write
|
||
|
1A5733A0000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
1BF0F2D0000
|
heap
|
page read and write
|
||
|
287632BB000
|
heap
|
page read and write
|
||
|
72E6C7C000
|
stack
|
page read and write
|
||
|
1BF0F42E000
|
heap
|
page read and write
|
||
|
27EF9F8E000
|
heap
|
page read and write
|
||
|
2AC61442000
|
heap
|
page read and write
|
||
|
30CC000
|
stack
|
page read and write
|
||
|
2CFF000
|
stack
|
page read and write
|
||
|
804000
|
heap
|
page read and write
|
||
|
2142EC30000
|
heap
|
page read and write
|
||
|
59F000
|
stack
|
page read and write
|
||
|
DD1277E000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
27EF9FE5000
|
heap
|
page read and write
|
||
|
FC84A7C000
|
stack
|
page read and write
|
||
|
1BF0F330000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
23BE000
|
stack
|
page read and write
|
||
|
28763860000
|
trusted library allocation
|
page read and write
|
||
|
55E000
|
unkown
|
page readonly
|
||
|
189DAC63000
|
heap
|
page read and write
|
||
|
28763213000
|
heap
|
page read and write
|
||
|
287632CC000
|
heap
|
page read and write
|
||
|
72E6F7B000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
631000
|
heap
|
page read and write
|
||
|
2142EE75000
|
heap
|
page read and write
|
||
|
189DA990000
|
heap
|
page read and write
|
||
|
64A000
|
heap
|
page read and write
|
||
|
21B36000000
|
heap
|
page read and write
|
||
|
21B36002000
|
heap
|
page read and write
|
||
|
27EFA743000
|
heap
|
page read and write
|
||
|
189DAA00000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page write copy
|
||
|
55A000
|
unkown
|
page readonly
|
||
|
2142EDD0000
|
remote allocation
|
page read and write
|
||
|
1BF0F402000
|
heap
|
page read and write
|
||
|
6FB7FF000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
189DAC40000
|
heap
|
page read and write
|
||
|
2AC61402000
|
heap
|
page read and write
|
||
|
1BF0F2E0000
|
heap
|
page read and write
|
||
|
27EF9E43000
|
heap
|
page read and write
|
||
|
72E707F000
|
stack
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
237E000
|
stack
|
page read and write
|
||
|
C3F000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
FC84BFB000
|
stack
|
page read and write
|
||
|
CC992FE000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
AB852FF000
|
stack
|
page read and write
|
||
|
1BF0F502000
|
heap
|
page read and write
|
||
|
D70527F000
|
stack
|
page read and write
|
||
|
2AC61280000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
FC84CFF000
|
stack
|
page read and write
|
||
|
5DEB2FE000
|
stack
|
page read and write
|
||
|
27EFA708000
|
heap
|
page read and write
|
||
|
CC98E7B000
|
stack
|
page read and write
|
||
|
2AC62DE0000
|
remote allocation
|
page read and write
|
||
|
2142EE13000
|
heap
|
page read and write
|
||
|
28763200000
|
heap
|
page read and write
|
||
|
27EFA754000
|
heap
|
page read and write
|
||
|
AB8494B000
|
stack
|
page read and write
|
||
|
DD128FF000
|
stack
|
page read and write
|
||
|
8A9000
|
heap
|
page read and write
|
||
|
55A000
|
unkown
|
page readonly
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
1A573300000
|
heap
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1BF0F445000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
2AC61290000
|
heap
|
page read and write
|
||
|
27EF9E6E000
|
heap
|
page read and write
|
||
|
28763A02000
|
heap
|
page read and write
|
||
|
CC996FE000
|
stack
|
page read and write
|
||
|
27EFA790000
|
heap
|
page read and write
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
90D000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
27EFA602000
|
heap
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
2E3F000
|
stack
|
page read and write
|
||
|
27EFA802000
|
heap
|
page read and write
|
||
|
5DEB67E000
|
stack
|
page read and write
|
||
|
21B36013000
|
heap
|
page read and write
|
||
|
21FE000
|
stack
|
page read and write
|
||
|
2AC61518000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
2AC61449000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
647000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
AB8547F000
|
stack
|
page read and write
|
||
|
7B6000
|
heap
|
page execute and read and write
|
||
|
1A573502000
|
heap
|
page read and write
|
||
|
21B35F00000
|
heap
|
page read and write
|
||
|
2AC61502000
|
heap
|
page read and write
|
||
|
189DAC46000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
189DAC00000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
27EF9E8C000
|
heap
|
page read and write
|
||
|
5C4000
|
heap
|
page read and write
|
||
|
AB850FA000
|
stack
|
page read and write
|
||
|
1BF0F429000
|
heap
|
page read and write
|
||
|
557000
|
unkown
|
page read and write
|
||
|
CC9907E000
|
stack
|
page read and write
|
||
|
189DAC39000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page write copy
|
||
|
78F000
|
stack
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
27EF9E43000
|
heap
|
page read and write
|
||
|
189DAC84000
|
heap
|
page read and write
|
||
|
391F000
|
stack
|
page read and write
|
||
|
2AC62DB0000
|
trusted library allocation
|
page read and write
|
||
|
27EFA7BA000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
5DEAFFB000
|
stack
|
page read and write
|
||
|
189DAC4B000
|
heap
|
page read and write
|
||
|
2142EE00000
|
heap
|
page read and write
|
||
|
189DAC67000
|
heap
|
page read and write
|
||
|
189DAC65000
|
heap
|
page read and write
|
||
|
6FB5FC000
|
stack
|
page read and write
|
||
|
22FF000
|
stack
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
2AC62E02000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
DD12B7E000
|
stack
|
page read and write
|
||
|
2142EDA0000
|
trusted library allocation
|
page read and write
|
||
|
189DAD02000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page readonly
|
||
|
CC994FD000
|
stack
|
page read and write
|
||
|
2DCF000
|
stack
|
page read and write
|
||
|
27EF9E00000
|
heap
|
page read and write
|
||
|
189DAC47000
|
heap
|
page read and write
|
||
|
287630A0000
|
heap
|
page read and write
|
||
|
27EF9E91000
|
heap
|
page read and write
|
||
|
55E000
|
unkown
|
page readonly
|
||
|
79E000
|
stack
|
page read and write
|
||
|
65F000
|
stack
|
page read and write
|
||
|
2AC6147C000
|
heap
|
page read and write
|
||
|
27EFA702000
|
heap
|
page read and write
|
||
|
DD125FE000
|
stack
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
DD1267E000
|
stack
|
page read and write
|
||
|
189DAC56000
|
heap
|
page read and write
|
||
|
5DEB77F000
|
stack
|
page read and write
|
||
|
5DEB57E000
|
stack
|
page read and write
|
||
|
28763229000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2AC62DE0000
|
remote allocation
|
page read and write
|
||
|
1BF0F43A000
|
heap
|
page read and write
|
||
|
2AC61413000
|
heap
|
page read and write
|
||
|
207E000
|
stack
|
page read and write
|
||
|
41A000
|
unkown
|
page write copy
|
||
|
5DEB47E000
|
stack
|
page read and write
|
||
|
2142EE57000
|
heap
|
page read and write
|
||
|
635000
|
heap
|
page read and write
|
||
|
64A000
|
heap
|
page read and write
|
||
|
28763302000
|
heap
|
page read and write
|
||
|
AB84F7C000
|
stack
|
page read and write
|
||
|
72E727B000
|
stack
|
page read and write
|
||
|
189DAC13000
|
heap
|
page read and write
|
||
|
189DAC6B000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
AB851FE000
|
stack
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
D70471B000
|
stack
|
page read and write
|
||
|
381E000
|
stack
|
page read and write
|
||
|
1A57343E000
|
heap
|
page read and write
|
||
|
AB84E7F000
|
stack
|
page read and write
|
||
|
189DAC3A000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
180000
|
heap
|
page read and write
|
||
|
67D000
|
stack
|
page read and write
|
||
|
64A000
|
heap
|
page read and write
|
||
|
2142EE26000
|
heap
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
1BF0FC02000
|
trusted library allocation
|
page read and write
|
||
|
27EF9D70000
|
heap
|
page read and write
|
||
|
415000
|
unkown
|
page execute read
|
||
|
2142EE02000
|
heap
|
page read and write
|
||
|
27EFA823000
|
heap
|
page read and write
|
||
|
47D000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
233C000
|
stack
|
page read and write
|
||
|
5B1000
|
heap
|
page execute and read and write
|
||
|
2AC613F0000
|
trusted library allocation
|
page read and write
|
||
|
CC995FC000
|
stack
|
page read and write
|
||
|
2AC61449000
|
heap
|
page read and write
|
||
|
2AC61448000
|
heap
|
page read and write
|
||
|
27EFA800000
|
heap
|
page read and write
|
||
|
27EFA722000
|
heap
|
page read and write
|
||
|
796000
|
heap
|
page read and write
|
||
|
40000
|
heap
|
page read and write
|
||
|
FC84FFF000
|
stack
|
page read and write
|
||
|
189DAC4F000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2142EE29000
|
heap
|
page read and write
|
||
|
D70507E000
|
stack
|
page read and write
|
||
|
2AC61513000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
63E000
|
heap
|
page read and write
|
||
|
402000
|
heap
|
page read and write
|
||
|
28763313000
|
heap
|
page read and write
|
||
|
27EF9E13000
|
heap
|
page read and write
|
||
|
21B35EF0000
|
heap
|
page read and write
|
||
|
28763100000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
5D3000
|
heap
|
page read and write
|
||
|
87F000
|
stack
|
page read and write
|
||
|
701000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
27EFA7AE000
|
heap
|
page read and write
|
||
|
633000
|
heap
|
page read and write
|
||
|
21BF000
|
stack
|
page read and write
|
||
|
1A573C02000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
660000
|
heap
|
page read and write
|
||
|
1A573513000
|
heap
|
page read and write
|
||
|
189DAC7E000
|
heap
|
page read and write
|
||
|
1A573370000
|
heap
|
page read and write
|
||
|
2142EC40000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
41A000
|
unkown
|
page write copy
|
||
|
2400000
|
heap
|
page read and write
|
||
|
189DAC7A000
|
heap
|
page read and write
|
||
|
189DAC2E000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
29B0000
|
heap
|
page read and write
|
||
|
189DAC49000
|
heap
|
page read and write
|
||
|
63B000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
189DAC62000
|
heap
|
page read and write
|
||
|
DD1287D000
|
stack
|
page read and write
|
||
|
189DAC30000
|
heap
|
page read and write
|
||
|
4BC000
|
stack
|
page read and write
|
||
|
6FB4FA000
|
stack
|
page read and write
|
||
|
64A000
|
heap
|
page read and write
|
||
|
2876326E000
|
heap
|
page read and write
|
||
|
369D000
|
stack
|
page read and write
|
||
|
D704B7B000
|
stack
|
page read and write
|
||
|
CC993FF000
|
stack
|
page read and write
|
||
|
DD1211C000
|
stack
|
page read and write
|
||
|
21B36076000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
D704F7D000
|
stack
|
page read and write
|
||
|
94D000
|
stack
|
page read and write
|
||
|
2970000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
27EF9E89000
|
heap
|
page read and write
|
||
|
E1E000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
CC991FE000
|
stack
|
page read and write
|
||
|
21B36802000
|
trusted library allocation
|
page read and write
|
||
|
21B36029000
|
heap
|
page read and write
|
||
|
189DAC60000
|
heap
|
page read and write
|
||
|
2142EDD0000
|
remote allocation
|
page read and write
|
||
|
CC997FC000
|
stack
|
page read and write
|
||
|
27EFA830000
|
heap
|
page read and write
|
||
|
189DB202000
|
trusted library allocation
|
page read and write
|
||
|
28763264000
|
heap
|
page read and write
|
||
|
1BF0F360000
|
trusted library allocation
|
page read and write
|
||
|
27EF9FB9000
|
heap
|
page read and write
|
||
|
649000
|
heap
|
page read and write
|
||
|
64B000
|
heap
|
page read and write
|
||
|
189DAC42000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
557000
|
unkown
|
page read and write
|
||
|
2AC61459000
|
heap
|
page read and write
|
||
|
1BF0F44A000
|
heap
|
page read and write
|
||
|
1A573402000
|
heap
|
page read and write
|
||
|
27EFA76C000
|
heap
|
page read and write
|
||
|
D70517F000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2ABF000
|
stack
|
page read and write
|
||
|
2AC61500000
|
heap
|
page read and write
|
||
|
23FE000
|
stack
|
page read and write
|
||
|
21B36113000
|
heap
|
page read and write
|
||
|
FC843EF000
|
stack
|
page read and write
|
||
|
2AC61400000
|
heap
|
page read and write
|
||
|
189DAC77000
|
heap
|
page read and write
|
||
|
6FB6FF000
|
stack
|
page read and write
|
||
|
6FB3FE000
|
stack
|
page read and write
|
||
|
636000
|
heap
|
page read and write
|
||
|
1A57345B000
|
heap
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
1A573475000
|
heap
|
page read and write
|
||
|
287632C5000
|
heap
|
page read and write
|
||
|
72E717E000
|
stack
|
page read and write
|
||
|
1BF0F43C000
|
heap
|
page read and write
|
||
|
27EFA700000
|
heap
|
page read and write
|
||
|
2142EDD0000
|
remote allocation
|
page read and write
|
||
|
AB8537E000
|
stack
|
page read and write
|
||
|
27EFA550000
|
trusted library allocation
|
page read and write
|
||
|
21B3606C000
|
heap
|
page read and write
|
||
|
2BFE000
|
stack
|
page read and write
|
||
|
27EF9F13000
|
heap
|
page read and write
|
||
|
189DAC2D000
|
heap
|
page read and write
|
||
|
1A573413000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
1A573400000
|
heap
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
FC8436C000
|
stack
|
page read and write
|
||
|
D704C7E000
|
stack
|
page read and write
|
||
|
27EF9E29000
|
heap
|
page read and write
|
||
|
294F000
|
stack
|
page read and write
|
||
|
6BC000
|
stack
|
page read and write
|
||
|
189DAC3D000
|
heap
|
page read and write
|
||
|
189DAC6D000
|
heap
|
page read and write
|
||
|
27EFA722000
|
heap
|
page read and write
|
||
|
1A573310000
|
heap
|
page read and write
|
||
|
27EF9E91000
|
heap
|
page read and write
|
||
|
36DE000
|
stack
|
page read and write
|
||
|
D70537F000
|
stack
|
page read and write
|
||
|
55A000
|
unkown
|
page readonly
|
||
|
7EB000
|
heap
|
page read and write
|
||
|
7C9000
|
heap
|
page read and write
|
||
|
FC84DFE000
|
stack
|
page read and write
|
||
|
D704E7F000
|
stack
|
page read and write
|
||
|
27EFA827000
|
heap
|
page read and write
|
||
|
2AC61459000
|
heap
|
page read and write
|
||
|
1BF0F454000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
DD129FD000
|
stack
|
page read and write
|
||
|
27EFA530000
|
trusted library allocation
|
page read and write
|
||
|
DD12AFD000
|
stack
|
page read and write
|
||
|
2FCE000
|
stack
|
page read and write
|
||
|
21B36102000
|
heap
|
page read and write
|
||
|
6FAF8C000
|
stack
|
page read and write
|
||
|
2AC63000000
|
trusted library allocation
|
page read and write
|
||
|
189DAC29000
|
heap
|
page read and write
|
||
|
189DA9A0000
|
heap
|
page read and write
|
||
|
62C000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
27EF9E6C000
|
heap
|
page read and write
|
||
|
1A57347A000
|
heap
|
page read and write
|
||
|
189DAC4E000
|
heap
|
page read and write
|
||
|
37DF000
|
stack
|
page read and write
|
||
|
3A5F000
|
stack
|
page read and write
|
||
|
189DAC44000
|
heap
|
page read and write
|
||
|
2142EF02000
|
heap
|
page read and write
|
||
|
189DAC41000
|
heap
|
page read and write
|
||
|
FC84B7D000
|
stack
|
page read and write
|
||
|
FC84EFC000
|
stack
|
page read and write
|
||
|
28763243000
|
heap
|
page read and write
|
||
|
FC8477B000
|
stack
|
page read and write
|
||
|
27EF9E3C000
|
heap
|
page read and write
|
||
|
FC849FE000
|
stack
|
page read and write
|
||
|
359D000
|
stack
|
page read and write
|
||
|
EC000
|
stack
|
page read and write
|
||
|
55A000
|
unkown
|
page readonly
|
||
|
63E000
|
heap
|
page read and write
|
||
|
1BF0F44D000
|
heap
|
page read and write
|
There are 441 hidden memdumps, click here to show them.