Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
66fd8d779da5e_EscortsRadios.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\DatumHub Technologies\DatumHub.js
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DatumHub Technologies\DatumHub.scr
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\527294\Miniature.pif
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DatumHub.url
|
MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\DatumHub Technologies\DatumHub.js" >), ASCII text,
with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\DatumHub Technologies\s
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\527294\d
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Audi
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Bottle
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Casio
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Duties
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Integral
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Jeffrey
|
ASCII text, with very long lines (1269), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Jeffrey.bat (copy)
|
ASCII text, with very long lines (1269), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Liechtenstein
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Recorder
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Sunny
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Warren
|
data
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\66fd8d779da5e_EscortsRadios.exe
|
"C:\Users\user\Desktop\66fd8d779da5e_EscortsRadios.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c move Jeffrey Jeffrey.bat & Jeffrey.bat
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "wrsa opssvc"
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c md 527294
|
|
|
|
C:\Windows\SysWOW64\findstr.exe
|
findstr /V "phisexyerrorspuzzle" Recorder
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /c copy /b ..\Bottle + ..\Audi + ..\Duties + ..\Integral + ..\Warren + ..\Casio + ..\Sunny d
|
|
|
|
C:\Users\user\AppData\Local\Temp\527294\Miniature.pif
|
Miniature.pif d
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DatumHub.url"
& echo URL="C:\Users\user\AppData\Local\DatumHub Technologies\DatumHub.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\DatumHub.url" & exit
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\DatumHub Technologies\DatumHub.js"
|
|
|
|
C:\Users\user\AppData\Local\DatumHub Technologies\DatumHub.scr
|
"C:\Users\user\AppData\Local\DatumHub Technologies\DatumHub.scr" "C:\Users\user\AppData\Local\DatumHub Technologies\s"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\tasklist.exe
|
tasklist
|
||
|
C:\Windows\SysWOW64\choice.exe
|
choice /d y /t 5
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 6 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://www.autoitscript.com/autoit3/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fojjIZmGBFVhLMWz.fojjIZmGBFVhLMWz
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
|
JScriptSetScriptStateStarted
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
40B000
|
unkown
|
page read and write
|
||
|
4BBF000
|
stack
|
page read and write
|
||
|
2D5D000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
538000
|
unkown
|
page readonly
|
||
|
4AEF000
|
heap
|
page read and write
|
||
|
2F3DC695000
|
heap
|
page read and write
|
||
|
368A000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
B80000
|
unkown
|
page write copy
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
2A9C000
|
stack
|
page read and write
|
||
|
1E50000
|
heap
|
page read and write
|
||
|
2FFF000
|
stack
|
page read and write
|
||
|
382F000
|
stack
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
2F3DC3E1000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
5F3000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
E1D000
|
stack
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
5CA000
|
heap
|
page read and write
|
||
|
48AF000
|
stack
|
page read and write
|
||
|
13EB000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
37FB000
|
heap
|
page read and write
|
||
|
2F3DC419000
|
heap
|
page read and write
|
||
|
31A8000
|
heap
|
page read and write
|
||
|
2F8D000
|
stack
|
page read and write
|
||
|
3620000
|
heap
|
page read and write
|
||
|
44AF000
|
stack
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
2F3DE150000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
B89000
|
unkown
|
page readonly
|
||
|
2710000
|
heap
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
2F3DC41F000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
FFCD0FF000
|
stack
|
page read and write
|
||
|
12DF000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
30D6000
|
heap
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
344E000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
41AA000
|
trusted library allocation
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
3865000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
4D1E000
|
stack
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
F91000
|
unkown
|
page execute read
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
FFCD3FE000
|
stack
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
2F3DC428000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
2C0C000
|
stack
|
page read and write
|
||
|
2F3DC420000
|
heap
|
page read and write
|
||
|
2F3DDD10000
|
heap
|
page read and write
|
||
|
9DF000
|
stack
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
F91000
|
unkown
|
page execute read
|
||
|
2D55000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
36C7000
|
heap
|
page read and write
|
||
|
2F3DC3C0000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
2B0C000
|
stack
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
2D5D000
|
heap
|
page read and write
|
||
|
2F3DC3E1000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
2FBD000
|
stack
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
12A3000
|
heap
|
page read and write
|
||
|
2D2F000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
3028000
|
heap
|
page read and write
|
||
|
5D7000
|
heap
|
page read and write
|
||
|
410F000
|
stack
|
page read and write
|
||
|
22C4000
|
heap
|
page read and write
|
||
|
AC0000
|
unkown
|
page readonly
|
||
|
2180000
|
heap
|
page read and write
|
||
|
2713000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
365A000
|
heap
|
page read and write
|
||
|
12F9000
|
heap
|
page read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
1059000
|
unkown
|
page readonly
|
||
|
270E000
|
stack
|
page read and write
|
||
|
31EC000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1432000
|
heap
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
271E000
|
heap
|
page read and write
|
||
|
2D3D000
|
heap
|
page read and write
|
||
|
51CF000
|
stack
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
88A000
|
stack
|
page read and write
|
||
|
4C9E000
|
stack
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
2F3DC3E7000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
FFCCEFE000
|
stack
|
page read and write
|
||
|
2D2F000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
2F3DC429000
|
heap
|
page read and write
|
||
|
AC0000
|
unkown
|
page readonly
|
||
|
B80000
|
unkown
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
2F3DC690000
|
heap
|
page read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
2F7F000
|
stack
|
page read and write
|
||
|
2D5D000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
2F3DC413000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
2717000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
5DB000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
31E5000
|
heap
|
page read and write
|
||
|
2F3DC415000
|
heap
|
page read and write
|
||
|
1020000
|
unkown
|
page readonly
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
2F3DC360000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
31EC000
|
heap
|
page read and write
|
||
|
B89000
|
unkown
|
page readonly
|
||
|
2E26000
|
heap
|
page read and write
|
||
|
1E30000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
35CF000
|
unkown
|
page read and write
|
||
|
3397000
|
heap
|
page read and write
|
||
|
346D000
|
heap
|
page read and write
|
||
|
4F4000
|
unkown
|
page readonly
|
||
|
FFCD5FF000
|
stack
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
2245000
|
heap
|
page read and write
|
||
|
11A8000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
AC1000
|
unkown
|
page execute read
|
||
|
271D000
|
heap
|
page read and write
|
||
|
F5F000
|
stack
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
3390000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1409000
|
heap
|
page read and write
|
||
|
2D4F000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
F7D000
|
stack
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
2F3DC426000
|
heap
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
8DF000
|
stack
|
page read and write
|
||
|
2F3DC40E000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
5CA000
|
heap
|
page read and write
|
||
|
705000
|
heap
|
page read and write
|
||
|
340E000
|
unkown
|
page read and write
|
||
|
36AC000
|
heap
|
page read and write
|
||
|
3EB0000
|
trusted library allocation
|
page read and write
|
||
|
2D5D000
|
heap
|
page read and write
|
||
|
2F3DC3E8000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
4DDF000
|
stack
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
35CE000
|
stack
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
120C000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
450F000
|
stack
|
page read and write
|
||
|
2B40000
|
heap
|
page read and write
|
||
|
FFCD4FE000
|
stack
|
page read and write
|
||
|
5F3000
|
heap
|
page read and write
|
||
|
38F0000
|
heap
|
page read and write
|
||
|
376E000
|
stack
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1249000
|
heap
|
page read and write
|
||
|
2F3DC3FE000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
FFCCCFA000
|
stack
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1103000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
31BE000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
3609000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
307C000
|
stack
|
page read and write
|
||
|
2F3DC41D000
|
heap
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
A3A000
|
stack
|
page read and write
|
||
|
133D000
|
heap
|
page read and write
|
||
|
36BC000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
4CDF000
|
stack
|
page read and write
|
||
|
3C00000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
363D000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1003000
|
heap
|
page read and write
|
||
|
37CD000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
37C0000
|
heap
|
page read and write
|
||
|
31CC000
|
heap
|
page read and write
|
||
|
372E000
|
stack
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
2CE0000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
3647000
|
heap
|
page read and write
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
598000
|
heap
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
38F2000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
4182000
|
trusted library allocation
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
31E4000
|
heap
|
page read and write
|
||
|
31DC000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
4AEF000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
DFF000
|
stack
|
page read and write
|
||
|
514F000
|
stack
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
B76000
|
unkown
|
page readonly
|
||
|
50CF000
|
stack
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
31E8000
|
heap
|
page read and write
|
||
|
31BE000
|
heap
|
page read and write
|
||
|
2F3DC425000
|
heap
|
page read and write
|
||
|
2C3C000
|
stack
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
5AA000
|
heap
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
2F3DC280000
|
heap
|
page read and write
|
||
|
1306000
|
heap
|
page read and write
|
||
|
2F3DC40C000
|
heap
|
page read and write
|
||
|
1046000
|
unkown
|
page readonly
|
||
|
11C3000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
3900000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
AC1000
|
unkown
|
page execute read
|
||
|
994000
|
heap
|
page read and write
|
||
|
B50000
|
unkown
|
page readonly
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
426D000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
FF4000
|
heap
|
page read and write
|
||
|
124E000
|
heap
|
page read and write
|
||
|
5CA000
|
heap
|
page read and write
|
||
|
2F3DC3F5000
|
heap
|
page read and write
|
||
|
2D18000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
2F3DC42C000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
31EC000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
1E34000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
2F3DC425000
|
heap
|
page read and write
|
||
|
4D5F000
|
stack
|
page read and write
|
||
|
3861000
|
heap
|
page read and write
|
||
|
5AD000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
2D31000
|
heap
|
page read and write
|
||
|
2D2A000
|
heap
|
page read and write
|
||
|
2719000
|
heap
|
page read and write
|
||
|
425F000
|
trusted library allocation
|
page read and write
|
||
|
2C7C000
|
stack
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
362A000
|
heap
|
page read and write
|
||
|
2ACF000
|
stack
|
page read and write
|
||
|
2F3DC415000
|
heap
|
page read and write
|
||
|
1574000
|
heap
|
page read and write
|
||
|
5CA000
|
heap
|
page read and write
|
||
|
2F3DC380000
|
heap
|
page read and write
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
41F000
|
unkown
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
2F3DC415000
|
heap
|
page read and write
|
||
|
1349000
|
heap
|
page read and write
|
||
|
2F3DC3F5000
|
heap
|
page read and write
|
||
|
271E000
|
heap
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
3846000
|
heap
|
page read and write
|
||
|
1258000
|
heap
|
page read and write
|
||
|
1050000
|
unkown
|
page write copy
|
||
|
1050000
|
unkown
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
29CE000
|
stack
|
page read and write
|
||
|
B84000
|
unkown
|
page write copy
|
||
|
2F3DC41C000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
5C6000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
303C000
|
stack
|
page read and write
|
||
|
2D7F000
|
stack
|
page read and write
|
||
|
2F3DC3F5000
|
heap
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
F9C000
|
stack
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
31EC000
|
heap
|
page read and write
|
||
|
4E30000
|
heap
|
page read and write
|
||
|
22C0000
|
heap
|
page read and write
|
||
|
56E000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
2D34000
|
heap
|
page read and write
|
||
|
5D7000
|
heap
|
page read and write
|
||
|
1046000
|
unkown
|
page readonly
|
||
|
B76000
|
unkown
|
page readonly
|
||
|
1591000
|
heap
|
page read and write
|
||
|
538000
|
unkown
|
page readonly
|
||
|
2717000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
32FE000
|
stack
|
page read and write
|
||
|
2F3DC69C000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
3170000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
FFCCDFF000
|
stack
|
page read and write
|
||
|
27D9000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
126D000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
21DE000
|
stack
|
page read and write
|
||
|
31CD000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
22AE000
|
stack
|
page read and write
|
||
|
5DB000
|
heap
|
page read and write
|
||
|
10F2000
|
heap
|
page read and write
|
||
|
B50000
|
unkown
|
page readonly
|
||
|
98000
|
stack
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
3A60000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
367F000
|
heap
|
page read and write
|
||
|
1059000
|
unkown
|
page readonly
|
||
|
2D54000
|
heap
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
11D4000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
1292000
|
heap
|
page read and write
|
||
|
1105000
|
heap
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
2B8E000
|
stack
|
page read and write
|
||
|
FFCD2FF000
|
stack
|
page read and write
|
||
|
FFCD1FF000
|
stack
|
page read and write
|
||
|
56A000
|
heap
|
page read and write
|
||
|
1103000
|
heap
|
page read and write
|
||
|
40BF000
|
trusted library allocation
|
page read and write
|
||
|
37D2000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
518E000
|
stack
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
1103000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
2D3C000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
unkown
|
page readonly
|
||
|
994000
|
heap
|
page read and write
|
||
|
994000
|
heap
|
page read and write
|
||
|
27CB000
|
heap
|
page read and write
|
||
|
2F3DC40C000
|
heap
|
page read and write
|
||
|
2BCF000
|
stack
|
page read and write
|
||
|
2F3DC423000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
2F3DC42C000
|
heap
|
page read and write
|
||
|
137E000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
1441000
|
heap
|
page read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
10C8000
|
heap
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
2D4C000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
2F3DC3F5000
|
heap
|
page read and write
|
||
|
2F3DC42B000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
59B000
|
heap
|
page read and write
|
||
|
271C000
|
heap
|
page read and write
|
||
|
2D5D000
|
heap
|
page read and write
|
||
|
36F0000
|
trusted library allocation
|
page read and write
|
||
|
363C000
|
heap
|
page read and write
|
||
|
2ADC000
|
stack
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
3178000
|
heap
|
page read and write
|
||
|
2F3DC3DC000
|
heap
|
page read and write
|
||
|
2F3DC3FD000
|
heap
|
page read and write
|
||
|
5B1000
|
heap
|
page read and write
|
||
|
5A7000
|
heap
|
page read and write
|
||
|
31EC000
|
heap
|
page read and write
|
||
|
F90000
|
unkown
|
page readonly
|
||
|
31E7000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
2F3DC413000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
3C01000
|
heap
|
page read and write
|
||
|
3664000
|
heap
|
page read and write
|
||
|
ED4000
|
heap
|
page read and write
|
||
|
3A61000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
4174000
|
trusted library allocation
|
page read and write
|
||
|
31C2000
|
heap
|
page read and write
|
||
|
1054000
|
unkown
|
page write copy
|
There are 533 hidden memdumps, click here to show them.