Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
thcdVit1dX.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\newtpp[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\pei[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1863518468.exe
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2355412914.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\2658326577.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\4BBF.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\651713841.exe
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\71384504.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\sysppvrdnvs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\2355412914.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\dwntbl[1]
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\2[1]
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\1[1]
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Setup_20241026012616_Failed.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e31keeoj.oxc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gpftffop.a0c.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_prmmsvqy.5zp.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_suqhbnrw.yp1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\tbtcmds.dat
|
data
|
dropped
|
||
|
C:\Users\user\tbtnds.dat
|
data
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\thcdVit1dX.exe
|
"C:\Users\user\Desktop\thcdVit1dX.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\4BBF.exe
|
"C:\Users\user\AppData\Local\Temp\4BBF.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\71384504.exe
|
C:\Users\user\AppData\Local\Temp\71384504.exe
|
|
|
|
C:\Windows\sysppvrdnvs.exe
|
C:\Windows\sysppvrdnvs.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath
$env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference
-ExclusionPath $env:USERPROFILE"
|
|
|
|
C:\Windows\SysWOW64\sc.exe
|
sc stop UsoSvc
|
|
|
|
C:\Windows\SysWOW64\sc.exe
|
sc stop WaaSMedicSvc
|
|
|
|
C:\Windows\SysWOW64\sc.exe
|
sc stop wuauserv
|
|
|
|
C:\Windows\SysWOW64\sc.exe
|
sc stop DoSvc
|
|
|
|
C:\Windows\SysWOW64\sc.exe
|
sc stop BITS /wait
|
|
|
|
C:\Windows\sysppvrdnvs.exe
|
"C:\Windows\sysppvrdnvs.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\2355412914.exe
|
C:\Users\user\AppData\Local\Temp\2355412914.exe
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager"
/f
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c schtasks /delete /f /tn "Windows Upgrade Manager"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks /delete /f /tn "Windows Upgrade Manager"
|
|
|
|
C:\Users\user\AppData\Local\Temp\2658326577.exe
|
C:\Users\user\AppData\Local\Temp\2658326577.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\reg.exe
|
reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Upgrade Manager" /f
|
There are 14 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://91.202.233.141/
|
unknown
|
|
|
|
http://twizt.net/newtpp.exek
|
unknown
|
|
|
|
http://185.215.113.66/pei.exe
|
185.215.113.66
|
|
|
|
http://twizt.net/newtpp.exes
|
unknown
|
|
|
|
http://185.215.113.66/
|
unknown
|
|
|
|
http://twizt.net/newtpp.exe:
|
unknown
|
|
|
|
http://twizt.net/peinstall.phpshqos.dll.mui
|
unknown
|
|
|
|
http://twizt.net/peinstall.php%temp%%s
|
unknown
|
|
|
|
http://twizt.net/newtpp.exeP0
|
unknown
|
|
|
|
http://twizt.net/peinstall.phpystem32
|
unknown
|
|
|
|
http://twizt.net/peinstall.phpQZ
|
unknown
|
|
|
|
http://twizt.net/newtpp.exe
|
unknown
|
|
|
|
http://twizt.net/peinstall.php
|
unknown
|
|
|
|
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://185.215.113.66/11
|
unknown
|
||
|
http://185.215.113.66/pei.exe(
|
unknown
|
||
|
http://185.215.113.66/der
|
unknown
|
||
|
http://185.215.113.66/3~Y
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
|
unknown
|
||
|
http://91.202.233.141/dwntbl
|
unknown
|
||
|
http://185.215.113.66/10Y
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
|
unknown
|
||
|
http://91.202.233.141/dwntbll
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://185.215.113.66/http://91.202.233.141/12345%s%s%s:Zone.Identifier%userprofile%%windir%%s
|
unknown
|
||
|
http://185.215.113.66/19YW
|
unknown
|
||
|
http://185.215.113.66/3ZY
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
|
unknown
|
||
|
http://185.215.113.66/3
|
unknown
|
||
|
http://185.215.113.66/2
|
unknown
|
||
|
http://185.215.113.66/1r
|
unknown
|
||
|
http://185.215.113.66/pei.exei
|
unknown
|
||
|
http://185.215.113.66/1
|
unknown
|
||
|
http://ocsp.sectigo.com0#
|
unknown
|
||
|
http://185.215.113.66/1s
|
unknown
|
||
|
http://91.202.233.141/dwntbltwork
|
unknown
|
||
|
http://185.215.113.66/tdrp.exe%s:Zone.Identifier/c
|
unknown
|
||
|
http://185.215.113.66/pei.exep
|
unknown
|
||
|
http://185.215.113.66/1LMEM0xHm
|
unknown
|
||
|
http://185.215.113.66/pei.exeQQC:
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
|
unknown
|
||
|
http://185.215.113.66/FYL
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
|
unknown
|
||
|
http://91.202.233.141/dwntblZ
|
unknown
|
||
|
http://185.215.113.66/tdrp.exe
|
unknown
|
||
|
http://appsyndication.org/2006/appsyn
|
unknown
|
There are 41 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
twizt.net
|
185.215.113.66
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.66
|
twizt.net
|
Portugal
|
|
|
|
195.82.3.15
|
unknown
|
Kazakhstan
|
|
|
|
2.180.10.247
|
unknown
|
Iran (ISLAMIC Republic Of)
|
|
|
|
2.184.189.189
|
unknown
|
Iran (ISLAMIC Republic Of)
|
|
|
|
91.202.233.141
|
unknown
|
Russian Federation
|
|
|
|
151.246.159.157
|
unknown
|
Iran (ISLAMIC Republic Of)
|
|
|
|
89.33.234.8
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
239.255.255.250
|
unknown
|
Reserved
|
||
|
89.249.62.7
|
unknown
|
Russian Federation
|
||
|
149.54.47.90
|
unknown
|
Afghanistan
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
FirewallOverride
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
FirewallDisableNotify
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
AntiSpywareOverride
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
AntiVirusOverride
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
AntiVirusDisableNotify
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
UpdatesOverride
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center
|
UpdatesDisableNotify
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Windows Settings
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
|
DisableWindowsUpdate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
AlwaysAutoUpdate
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
|
OverrideNotice
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS
|
Start
|
There are 2 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4B41000
|
heap
|
page read and write
|
|
|
|
7DE000
|
heap
|
page read and write
|
|
|
|
410000
|
unkown
|
page readonly
|
|
|
|
410000
|
unkown
|
page readonly
|
|
|
|
410000
|
unkown
|
page readonly
|
|
|
|
410000
|
unkown
|
page readonly
|
|
|
|
410000
|
unkown
|
page readonly
|
|
|
|
410000
|
unkown
|
page readonly
|
|
|
|
410000
|
unkown
|
page readonly
|
|
|
|
410000
|
unkown
|
page readonly
|
|
|
|
39BF000
|
stack
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
491E000
|
stack
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
47BE000
|
stack
|
page read and write
|
||
|
7FF8488F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3543000
|
heap
|
page read and write
|
||
|
453E000
|
stack
|
page read and write
|
||
|
2FA0000
|
heap
|
page read and write
|
||
|
19859705000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
4B1000
|
unkown
|
page write copy
|
||
|
2B9F000
|
stack
|
page read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
414000
|
unkown
|
page write copy
|
||
|
B20000
|
heap
|
page read and write
|
||
|
2AE8000
|
heap
|
page read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
2608000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
28AD000
|
stack
|
page read and write
|
||
|
7FF4D86E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A4F000
|
stack
|
page read and write
|
||
|
4B3F000
|
stack
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
31DC000
|
stack
|
page read and write
|
||
|
5D8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1655000
|
heap
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
4A3E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
7A9000
|
heap
|
page read and write
|
||
|
42FF000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
C5E000
|
stack
|
page read and write
|
||
|
29AE000
|
stack
|
page read and write
|
||
|
280F000
|
stack
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
377E000
|
stack
|
page read and write
|
||
|
74D000
|
heap
|
page read and write
|
||
|
2820000
|
heap
|
page read and write
|
||
|
7FF848930000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF84886C000
|
trusted library allocation
|
page execute and read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
2650000
|
heap
|
page read and write
|
||
|
2F5F000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2ACF000
|
stack
|
page read and write
|
||
|
4C4E000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
518000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
414000
|
unkown
|
page read and write
|
||
|
477F000
|
stack
|
page read and write
|
||
|
26B5000
|
heap
|
page read and write
|
||
|
2F30000
|
heap
|
page execute and read and write
|
||
|
52F000
|
heap
|
page read and write
|
||
|
6FF000
|
stack
|
page read and write
|
||
|
7B9000
|
heap
|
page read and write
|
||
|
231D000
|
stack
|
page read and write
|
||
|
1D2BF000
|
stack
|
page read and write
|
||
|
7B2000
|
heap
|
page read and write
|
||
|
2DCD000
|
heap
|
page read and write
|
||
|
354C000
|
heap
|
page read and write
|
||
|
6AC000
|
stack
|
page read and write
|
||
|
A87000
|
heap
|
page read and write
|
||
|
1BEB0000
|
heap
|
page execute and read and write
|
||
|
2DC3000
|
heap
|
page read and write
|
||
|
43FE000
|
stack
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
2BCC000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
354A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
463F000
|
stack
|
page read and write
|
||
|
42BE000
|
stack
|
page read and write
|
||
|
38BE000
|
stack
|
page read and write
|
||
|
2AE0000
|
heap
|
page read and write
|
||
|
3C63BFF000
|
stack
|
page read and write
|
||
|
C94000
|
unkown
|
page readonly
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
A89000
|
heap
|
page read and write
|
||
|
784000
|
heap
|
page read and write
|
||
|
A2A000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
22DD000
|
stack
|
page read and write
|
||
|
467E000
|
stack
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
2FCF000
|
stack
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
784000
|
heap
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
414000
|
unkown
|
page write copy
|
||
|
3650000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
2960000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
7AA000
|
heap
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
205F000
|
stack
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
3544000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
118E000
|
stack
|
page read and write
|
||
|
47DC000
|
stack
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
735000
|
heap
|
page read and write
|
||
|
427F000
|
stack
|
page read and write
|
||
|
4B5E000
|
stack
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
52C000
|
heap
|
page read and write
|
||
|
7A3000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
7B9000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
C90000
|
unkown
|
page readonly
|
||
|
1D6D0000
|
heap
|
page read and write
|
||
|
57E000
|
stack
|
page read and write
|
||
|
1C9FD000
|
stack
|
page read and write
|
||
|
2630000
|
heap
|
page read and write
|
||
|
4350000
|
heap
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
4A20000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
43BF000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
4F9000
|
heap
|
page read and write
|
||
|
558000
|
heap
|
page read and write
|
||
|
13347000
|
trusted library allocation
|
page read and write
|
||
|
8BF000
|
stack
|
page read and write
|
||
|
254E000
|
stack
|
page read and write
|
||
|
3640000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
414000
|
unkown
|
page write copy
|
||
|
2600000
|
heap
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
13341000
|
trusted library allocation
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
A2E000
|
heap
|
page read and write
|
||
|
6BF000
|
stack
|
page read and write
|
||
|
927000
|
heap
|
page read and write
|
||
|
7FF848813000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
28B9000
|
heap
|
page read and write
|
||
|
3AFF000
|
stack
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
7B7000
|
heap
|
page read and write
|
||
|
3542000
|
heap
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
414000
|
unkown
|
page write copy
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
7FF8488CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
34F0000
|
heap
|
page read and write
|
||
|
7FF848814000
|
trusted library allocation
|
page read and write
|
||
|
44FF000
|
stack
|
page read and write
|
||
|
7AE000
|
heap
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
3C7E000
|
stack
|
page read and write
|
||
|
3EBF000
|
stack
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
C92000
|
unkown
|
page readonly
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
414000
|
unkown
|
page write copy
|
||
|
48DD000
|
stack
|
page read and write
|
||
|
762000
|
heap
|
page read and write
|
||
|
784000
|
heap
|
page read and write
|
||
|
2868000
|
heap
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
28CF000
|
heap
|
page read and write
|
||
|
51D000
|
heap
|
page read and write
|
||
|
4B3000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
28B2000
|
heap
|
page read and write
|
||
|
7FF848822000
|
trusted library allocation
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
7B9000
|
heap
|
page read and write
|
||
|
320F000
|
stack
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
275D000
|
stack
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
1DD000
|
stack
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
4C9000
|
unkown
|
page execute read
|
||
|
6CE000
|
heap
|
page read and write
|
||
|
7FF84882D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
C92000
|
unkown
|
page readonly
|
||
|
30DD000
|
stack
|
page read and write
|
||
|
19859770000
|
heap
|
page read and write
|
||
|
7FF8489B0000
|
trusted library allocation
|
page read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
46A000
|
heap
|
page read and write
|
||
|
5C8D000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
7B9000
|
heap
|
page read and write
|
||
|
252F000
|
stack
|
page read and write
|
||
|
334A000
|
trusted library allocation
|
page read and write
|
||
|
3341000
|
trusted library allocation
|
page read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
2DC8000
|
heap
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
27FE000
|
stack
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2FC0000
|
heap
|
page read and write
|
||
|
2823000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
199000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
761000
|
heap
|
page read and write
|
||
|
2ECC000
|
stack
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
5B5000
|
heap
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
19859700000
|
heap
|
page read and write
|
||
|
414000
|
unkown
|
page write copy
|
||
|
158E000
|
stack
|
page read and write
|
||
|
2A10000
|
heap
|
page read and write
|
||
|
13349000
|
trusted library allocation
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
2E1E000
|
stack
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
7FF8488D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
24EE000
|
stack
|
page read and write
|
||
|
3540000
|
heap
|
page read and write
|
||
|
3520000
|
heap
|
page read and write
|
||
|
7FF848820000
|
trusted library allocation
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
2350000
|
heap
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
19859778000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
3C63AFD000
|
stack
|
page read and write
|
||
|
7B7000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
479F000
|
stack
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4DC0000
|
heap
|
page read and write
|
||
|
7A6000
|
heap
|
page read and write
|
||
|
D30000
|
trusted library allocation
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
23DE000
|
stack
|
page read and write
|
||
|
7CF000
|
stack
|
page read and write
|
||
|
4B3000
|
unkown
|
page write copy
|
||
|
284E000
|
stack
|
page read and write
|
||
|
2DC0000
|
heap
|
page read and write
|
||
|
7AA000
|
stack
|
page read and write
|
||
|
333E000
|
stack
|
page read and write
|
||
|
48BF000
|
stack
|
page read and write
|
||
|
C91000
|
unkown
|
page execute read
|
||
|
7B8000
|
heap
|
page read and write
|
||
|
26DD000
|
stack
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
2700000
|
heap
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
19859690000
|
heap
|
page read and write
|
||
|
7A6000
|
stack
|
page read and write
|
||
|
2FA8000
|
heap
|
page read and write
|
||
|
2E90000
|
heap
|
page read and write
|
||
|
3C63B7F000
|
stack
|
page read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
28CD000
|
heap
|
page read and write
|
||
|
7BA000
|
heap
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
354A000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1BABD000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
5CB000
|
heap
|
page read and write
|
||
|
413F000
|
stack
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
243D000
|
stack
|
page read and write
|
||
|
3EFE000
|
stack
|
page read and write
|
||
|
2708000
|
heap
|
page read and write
|
||
|
49FF000
|
stack
|
page read and write
|
||
|
403E000
|
stack
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
76F000
|
stack
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
433E000
|
stack
|
page read and write
|
||
|
4C5F000
|
stack
|
page read and write
|
||
|
33CE000
|
stack
|
page read and write
|
||
|
4B5000
|
unkown
|
page readonly
|
||
|
4B43000
|
heap
|
page read and write
|
||
|
C91000
|
unkown
|
page execute read
|
||
|
520000
|
heap
|
page read and write
|
||
|
30CE000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
3547000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
7DA000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
6F8000
|
heap
|
page read and write
|
||
|
7B2000
|
heap
|
page read and write
|
||
|
294E000
|
stack
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
2E3D000
|
stack
|
page read and write
|
||
|
3B3E000
|
stack
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
4A1F000
|
stack
|
page read and write
|
||
|
3C3F000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A40000
|
heap
|
page read and write
|
||
|
4B1000
|
unkown
|
page read and write
|
||
|
52A000
|
heap
|
page read and write
|
||
|
244E000
|
stack
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
7B7000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
4B43000
|
heap
|
page read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
417E000
|
stack
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
781000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
7FF848824000
|
trusted library allocation
|
page read and write
|
||
|
E6D000
|
stack
|
page read and write
|
||
|
6CA000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
25EE000
|
stack
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2E7D000
|
stack
|
page read and write
|
||
|
1CDFE000
|
stack
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
2EB0000
|
heap
|
page read and write
|
||
|
39FE000
|
stack
|
page read and write
|
||
|
28ED000
|
stack
|
page read and write
|
||
|
13343000
|
trusted library allocation
|
page read and write
|
||
|
BF5000
|
stack
|
page read and write
|
||
|
477000
|
unkown
|
page readonly
|
||
|
C94000
|
unkown
|
page readonly
|
||
|
430000
|
heap
|
page read and write
|
||
|
BAD000
|
stack
|
page read and write
|
||
|
7FF84881D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C9000
|
unkown
|
page execute read
|
||
|
3DBE000
|
stack
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
7FF8488C0000
|
trusted library allocation
|
page read and write
|
||
|
4B5000
|
unkown
|
page readonly
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
1D6BB000
|
stack
|
page read and write
|
||
|
289D000
|
heap
|
page read and write
|
||
|
3548000
|
heap
|
page read and write
|
||
|
4B43000
|
heap
|
page read and write
|
||
|
2D2C000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
420000
|
heap
|
page read and write
|
||
|
198596B0000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
7A8000
|
heap
|
page read and write
|
||
|
4A30000
|
heap
|
page read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
46E000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
48FE000
|
stack
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
C90000
|
unkown
|
page readonly
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
198595B0000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
258E000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
7FF848830000
|
trusted library allocation
|
page read and write
|
||
|
3541000
|
heap
|
page read and write
|
||
|
262E000
|
stack
|
page read and write
|
||
|
A6D000
|
heap
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
2CCC000
|
stack
|
page read and write
|
||
|
3FFF000
|
stack
|
page read and write
|
||
|
288F000
|
stack
|
page read and write
|
||
|
414000
|
unkown
|
page write copy
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
477000
|
unkown
|
page readonly
|
||
|
34CE000
|
stack
|
page read and write
|
||
|
2D7B000
|
stack
|
page read and write
|
||
|
5D8D000
|
stack
|
page read and write
|
||
|
5B3000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
387F000
|
stack
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
There are 433 hidden memdumps, click here to show them.