Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
TVa8tq8a2X.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\ccefjreaqcby.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2tnomaos.fn2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_egvhinba.sfz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lujngdi5.feq.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nzyvbclm.054.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_31rcdm4f.qnx.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_4mgddg5u.syh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_c33jdqts.p32.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_gjyhm4hx.naq.psm1
|
ASCII text, with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\TVa8tq8a2X.exe
|
"C:\Users\user\Desktop\TVa8tq8a2X.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe delete "JIOGRCSG"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe create "JIOGRCSG" binpath= "C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe" start= "auto"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop eventlog
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe start "JIOGRCSG"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\TVa8tq8a2X.exe"
|
|
|
|
C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe
|
C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\nslookup.exe
|
nslookup.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\choice.exe
|
choice /C Y /N /D Y /T 3
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 51 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://r10.o.lencr.org0#
|
unknown
|
||
|
http://x1.c.lencr.org/
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://r10.i.lencr.org/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
us-zephyr.miningocean.org
|
15.204.240.197
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
15.204.244.104
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
|
DontOfferThroughWUAU
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
272E2520000
|
heap
|
page read and write
|
|
|
|
140001000
|
unkown
|
page execute and read and write
|
|
|
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
165BE3F0000
|
unkown
|
page read and write
|
||
|
23F945D0000
|
heap
|
page read and write
|
||
|
272E2533000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
15AA8495000
|
heap
|
page read and write
|
||
|
140009000
|
unkown
|
page read and write
|
||
|
234D2EC0000
|
heap
|
page read and write
|
||
|
7FF7F86E1000
|
unkown
|
page execute read
|
||
|
14000A000
|
unkown
|
page readonly
|
||
|
607E58D000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
27364CB0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
1FBF6C90000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
4D375FE000
|
stack
|
page read and write
|
||
|
29C617E000
|
stack
|
page read and write
|
||
|
165BE119000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
1A3D3AE0000
|
heap
|
page read and write
|
||
|
1ECCB930000
|
heap
|
page read and write
|
||
|
1DF23915000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF6236FF000
|
unkown
|
page write copy
|
||
|
272E2C26000
|
heap
|
page read and write
|
||
|
7FF7F8BED000
|
unkown
|
page readonly
|
||
|
272E2480000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
18C9C850000
|
heap
|
page read and write
|
||
|
9D16C7D000
|
stack
|
page read and write
|
||
|
607E8FE000
|
stack
|
page read and write
|
||
|
19654490000
|
heap
|
page read and write
|
||
|
1EB54BD0000
|
heap
|
page read and write
|
||
|
26792B50000
|
heap
|
page read and write
|
||
|
120E35E0000
|
heap
|
page read and write
|
||
|
17489FD0000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
18B7EEB0000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
9D16D7F000
|
stack
|
page read and write
|
||
|
1F46FDE0000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E2BE2000
|
heap
|
page read and write
|
||
|
18C9ABC7000
|
heap
|
page read and write
|
||
|
F79AB0F000
|
stack
|
page read and write
|
||
|
9D170FE000
|
stack
|
page read and write
|
||
|
23F945D8000
|
heap
|
page read and write
|
||
|
1DF23590000
|
heap
|
page read and write
|
||
|
CE02AFD000
|
stack
|
page read and write
|
||
|
7FF6236FC000
|
unkown
|
page readonly
|
||
|
25D9AE15000
|
heap
|
page read and write
|
||
|
272E2C0A000
|
heap
|
page read and write
|
||
|
9D16AFE000
|
unkown
|
page read and write
|
||
|
24988480000
|
heap
|
page read and write
|
||
|
272E2C10000
|
heap
|
page read and write
|
||
|
272E2555000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
23F94490000
|
heap
|
page read and write
|
||
|
140503000
|
unkown
|
page execute and read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
1C529010000
|
heap
|
page read and write
|
||
|
1EB54C40000
|
heap
|
page read and write
|
||
|
272E36AD000
|
heap
|
page read and write
|
||
|
258C41D0000
|
heap
|
page read and write
|
||
|
9D167FB000
|
stack
|
page read and write
|
||
|
120E3600000
|
heap
|
page read and write
|
||
|
1B12C6F0000
|
heap
|
page read and write
|
||
|
1ECCB900000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
6B4F0FE000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
AB2DAFE000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
272E54AD000
|
heap
|
page read and write
|
||
|
46E13BE000
|
stack
|
page read and write
|
||
|
249884B4000
|
heap
|
page read and write
|
||
|
272E90AD000
|
heap
|
page read and write
|
||
|
140500000
|
unkown
|
page execute and read and write
|
||
|
21F8BA40000
|
heap
|
page read and write
|
||
|
272E4AAD000
|
heap
|
page read and write
|
||
|
272E2CA0000
|
trusted library allocation
|
page read and write
|
||
|
1DF23910000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
165BE3E5000
|
heap
|
page read and write
|
||
|
7504C7D000
|
stack
|
page read and write
|
||
|
272E2BEA000
|
heap
|
page read and write
|
||
|
18C9AD90000
|
heap
|
page read and write
|
||
|
1F46FDB0000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF6236F1000
|
unkown
|
page execute read
|
||
|
25D9AE10000
|
heap
|
page read and write
|
||
|
19654660000
|
heap
|
page read and write
|
||
|
1404DC000
|
unkown
|
page execute and read and write
|
||
|
26792D40000
|
heap
|
page read and write
|
||
|
24988450000
|
heap
|
page read and write
|
||
|
2B2032C000
|
stack
|
page read and write
|
||
|
21F8BA80000
|
heap
|
page read and write
|
||
|
272E7CAD000
|
heap
|
page read and write
|
||
|
F2F1E7E000
|
stack
|
page read and write
|
||
|
23F94885000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
1ECCB8E0000
|
heap
|
page read and write
|
||
|
272E2C14000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
18849310000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
9CBDE7D000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E2470000
|
heap
|
page read and write
|
||
|
CE02E7F000
|
stack
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
1748A1C0000
|
heap
|
page read and write
|
||
|
1ECCB959000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
2D89F160000
|
heap
|
page read and write
|
||
|
1EB54CA0000
|
heap
|
page read and write
|
||
|
2C4D5250000
|
heap
|
page read and write
|
||
|
272E5EAD000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
2C4D5266000
|
heap
|
page read and write
|
||
|
6B780FF000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
2C4D50C0000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E2BCA000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
24988795000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E2559000
|
heap
|
page read and write
|
||
|
1C529000000
|
heap
|
page read and write
|
||
|
1EB54C45000
|
heap
|
page read and write
|
||
|
E8F0C7F000
|
stack
|
page read and write
|
||
|
2D89EF60000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
18849645000
|
heap
|
page read and write
|
||
|
722638E000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
1A3D3710000
|
heap
|
page read and write
|
||
|
1C529360000
|
heap
|
page read and write
|
||
|
7FF7F86EC000
|
unkown
|
page readonly
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
21F8BCC0000
|
heap
|
page read and write
|
||
|
2C4D526B000
|
heap
|
page read and write
|
||
|
258C41F0000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
83A26BD000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7F86EF000
|
unkown
|
page write copy
|
||
|
1ECCB800000
|
heap
|
page read and write
|
||
|
29C627E000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
2D89F2F5000
|
heap
|
page read and write
|
||
|
165BE030000
|
heap
|
page read and write
|
||
|
272E40AD000
|
heap
|
page read and write
|
||
|
140007000
|
unkown
|
page readonly
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
1B12C750000
|
heap
|
page read and write
|
||
|
1B12C759000
|
heap
|
page read and write
|
||
|
1C529030000
|
heap
|
page read and write
|
||
|
E39C8FF000
|
stack
|
page read and write
|
||
|
7FF7F86E0000
|
unkown
|
page readonly
|
||
|
9D16CFC000
|
stack
|
page read and write
|
||
|
1A3D3730000
|
heap
|
page read and write
|
||
|
25D9AD30000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
1FBF6C95000
|
heap
|
page read and write
|
||
|
4EDEB8D000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
140847000
|
unkown
|
page read and write
|
||
|
1E980B30000
|
heap
|
page read and write
|
||
|
120E3648000
|
heap
|
page read and write
|
||
|
7FF6236F0000
|
unkown
|
page readonly
|
||
|
83A2AFF000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
21F8B940000
|
heap
|
page read and write
|
||
|
272E24C0000
|
heap
|
page read and write
|
||
|
258C4575000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E2B70000
|
heap
|
page read and write
|
||
|
1C5290B0000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
F79AA8C000
|
stack
|
page read and write
|
||
|
83A27BF000
|
stack
|
page read and write
|
||
|
1748A370000
|
heap
|
page read and write
|
||
|
2D89EF90000
|
heap
|
page read and write
|
||
|
272E2530000
|
heap
|
page read and write
|
||
|
7FF6236FC000
|
unkown
|
page readonly
|
||
|
20A63DF000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF623BFA000
|
unkown
|
page readonly
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
264D4B70000
|
heap
|
page read and write
|
||
|
272E2BDA000
|
heap
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
E422BD000
|
stack
|
page read and write
|
||
|
1A3D3AE5000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
264D4BD8000
|
heap
|
page read and write
|
||
|
2181E8E0000
|
heap
|
page read and write
|
||
|
1FBF69F9000
|
heap
|
page read and write
|
||
|
165BDF50000
|
heap
|
page read and write
|
||
|
9D16BFE000
|
stack
|
page read and write
|
||
|
2C4D51C0000
|
heap
|
page read and write
|
||
|
1DF23790000
|
unkown
|
page read and write
|
||
|
29C607C000
|
stack
|
page read and write
|
||
|
264E91C000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
2D89EF98000
|
heap
|
page read and write
|
||
|
4D3718D000
|
stack
|
page read and write
|
||
|
1FBF6AF0000
|
heap
|
page read and write
|
||
|
9CBDF7E000
|
stack
|
page read and write
|
||
|
14080D000
|
unkown
|
page execute and read and write
|
||
|
18B7F2F5000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E2C0C000
|
heap
|
page read and write
|
||
|
272E2C08000
|
heap
|
page read and write
|
||
|
700A1BF000
|
stack
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E2BF2000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
23F94590000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
2C4D5260000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
18849650000
|
unkown
|
page read and write
|
||
|
120E3640000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
234D2EC5000
|
heap
|
page read and write
|
||
|
272E68AD000
|
heap
|
page read and write
|
||
|
7FF6236F1000
|
unkown
|
page execute read
|
||
|
19654460000
|
heap
|
page read and write
|
||
|
120E35D0000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
CE02BFE000
|
stack
|
page read and write
|
||
|
14078B000
|
unkown
|
page execute and read and write
|
||
|
1E980D18000
|
heap
|
page read and write
|
||
|
188493B0000
|
heap
|
page read and write
|
||
|
536ECFE000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
18B7F2F0000
|
heap
|
page read and write
|
||
|
249884A0000
|
heap
|
page read and write
|
||
|
1EB54C00000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
25D9AEA8000
|
heap
|
page read and write
|
||
|
234D2D10000
|
heap
|
page read and write
|
||
|
1C5290B8000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
234D2C00000
|
heap
|
page read and write
|
||
|
272E24A0000
|
heap
|
page read and write
|
||
|
140840000
|
unkown
|
page execute and read and write
|
||
|
7FF7F8BE8000
|
unkown
|
page read and write
|
||
|
D22F3ED000
|
stack
|
page read and write
|
||
|
1FBF6B10000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
1E980D10000
|
heap
|
page read and write
|
||
|
700A0BD000
|
stack
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
F2F1D7F000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
18849640000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
26792D60000
|
heap
|
page read and write
|
||
|
23F94880000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
1FBF6900000
|
heap
|
page read and write
|
||
|
607E9FF000
|
stack
|
page read and write
|
||
|
4EDEFFF000
|
stack
|
page read and write
|
||
|
18C9ABC0000
|
heap
|
page read and write
|
||
|
46E13AE000
|
stack
|
page read and write
|
||
|
20A635D000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
258C41C0000
|
heap
|
page read and write
|
||
|
C27898E000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
1A3D3900000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
E39C48D000
|
stack
|
page read and write
|
||
|
2181EBE5000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E2CAD000
|
heap
|
page read and write
|
||
|
23F94570000
|
heap
|
page read and write
|
||
|
2181EBE0000
|
heap
|
page read and write
|
||
|
2D89EF50000
|
heap
|
page read and write
|
||
|
FD743FE000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
25D9AE40000
|
heap
|
page read and write
|
||
|
272E2700000
|
heap
|
page read and write
|
||
|
21F8BA88000
|
heap
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
FD7437D000
|
stack
|
page read and write
|
||
|
18C9AB90000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E2C4C000
|
heap
|
page read and write
|
||
|
9D16DFE000
|
stack
|
page read and write
|
||
|
E8F091D000
|
stack
|
page read and write
|
||
|
18B7EE90000
|
heap
|
page read and write
|
||
|
15AA8490000
|
heap
|
page read and write
|
||
|
7FF7F86F0000
|
unkown
|
page write copy
|
||
|
7FF623BF8000
|
unkown
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
258C4228000
|
heap
|
page read and write
|
||
|
7FF6236F0000
|
unkown
|
page readonly
|
||
|
120E3870000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
6B4ECDD000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
19654485000
|
heap
|
page read and write
|
||
|
272E259B000
|
heap
|
page read and write
|
||
|
25D9AEA0000
|
heap
|
page read and write
|
||
|
C707D7E000
|
stack
|
page read and write
|
||
|
1B12C9E0000
|
heap
|
page read and write
|
||
|
7FF7F86EF000
|
unkown
|
page read and write
|
||
|
7FF7F86EC000
|
unkown
|
page readonly
|
||
|
7FF623BFA000
|
unkown
|
page readonly
|
||
|
165BE110000
|
heap
|
page read and write
|
||
|
C27890D000
|
stack
|
page read and write
|
||
|
24988460000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
C707E7E000
|
stack
|
page read and write
|
||
|
7504CFE000
|
stack
|
page read and write
|
||
|
7FF623981000
|
unkown
|
page write copy
|
||
|
1A3D3738000
|
heap
|
page read and write
|
||
|
1DF23920000
|
unkown
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
2C4D51A0000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E2C0E000
|
heap
|
page read and write
|
||
|
9D171FF000
|
stack
|
page read and write
|
||
|
1748A1E0000
|
heap
|
page read and write
|
||
|
A5B46FF000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
234D2C0E000
|
heap
|
page read and write
|
||
|
9D16E7F000
|
stack
|
page read and write
|
||
|
2181E7E0000
|
heap
|
page read and write
|
||
|
264D4B80000
|
heap
|
page read and write
|
||
|
18C9AEE5000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
1748A0C0000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7F8BEA000
|
unkown
|
page readonly
|
||
|
264D4BA0000
|
heap
|
page read and write
|
||
|
D22F6FF000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
18B7EF48000
|
heap
|
page read and write
|
||
|
120E3875000
|
heap
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
19654498000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
1C529365000
|
heap
|
page read and write
|
||
|
264D4E05000
|
heap
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
21F8BA20000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
19654480000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E72AD000
|
heap
|
page read and write
|
||
|
1EB54BE0000
|
heap
|
page read and write
|
||
|
1F470035000
|
heap
|
page read and write
|
||
|
9CBE07F000
|
stack
|
page read and write
|
||
|
2B2067F000
|
stack
|
page read and write
|
||
|
272E26A0000
|
direct allocation
|
page execute read
|
||
|
CE02B7E000
|
stack
|
page read and write
|
||
|
46E16FF000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
536ED7E000
|
stack
|
page read and write
|
||
|
A5B437D000
|
stack
|
page read and write
|
||
|
18B7EE80000
|
heap
|
page read and write
|
||
|
1ECCB935000
|
heap
|
page read and write
|
||
|
272E2705000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
1DF23690000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
25D9AE20000
|
heap
|
page read and write
|
||
|
7FF7F86E0000
|
unkown
|
page readonly
|
||
|
9D16EFE000
|
stack
|
page read and write
|
||
|
6B7807F000
|
stack
|
page read and write
|
||
|
15AA8100000
|
heap
|
page read and write
|
||
|
7FF7F86E1000
|
unkown
|
page execute read
|
||
|
15AA8310000
|
heap
|
page read and write
|
||
|
15AA8148000
|
heap
|
page read and write
|
||
|
7504D7E000
|
stack
|
page read and write
|
||
|
20A667F000
|
stack
|
page read and write
|
||
|
272E24C9000
|
heap
|
page read and write
|
||
|
26792B58000
|
heap
|
page read and write
|
||
|
18849230000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
C278C7F000
|
stack
|
page read and write
|
||
|
272E2505000
|
heap
|
page read and write
|
||
|
2C4D5270000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
26792C60000
|
heap
|
page read and write
|
||
|
E8F099F000
|
stack
|
page read and write
|
||
|
24988790000
|
heap
|
page read and write
|
||
|
26792F30000
|
heap
|
page read and write
|
||
|
1B12C6D0000
|
heap
|
page read and write
|
||
|
1DF23770000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF6236FF000
|
unkown
|
page read and write
|
||
|
18C9ABA0000
|
heap
|
page read and write
|
||
|
2181E958000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
AB2DB7F000
|
stack
|
page read and write
|
||
|
E39C58E000
|
stack
|
page read and write
|
||
|
27364CF0000
|
trusted library allocation
|
page read and write
|
||
|
272E2C12000
|
heap
|
page read and write
|
||
|
2181E950000
|
heap
|
page read and write
|
||
|
2D89F2F0000
|
heap
|
page read and write
|
||
|
A5B436D000
|
stack
|
page read and write
|
||
|
FD7467F000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF623BFD000
|
unkown
|
page readonly
|
||
|
E423BE000
|
stack
|
page read and write
|
||
|
272E2BD2000
|
heap
|
page read and write
|
||
|
4D374FE000
|
stack
|
page read and write
|
||
|
272E2BFA000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
AB2DA7D000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E2CA0000
|
trusted library allocation
|
page read and write
|
||
|
272E2BB0000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
258C4570000
|
heap
|
page read and write
|
||
|
D22F7FF000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
F2F1C7D000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
700A4FF000
|
stack
|
page read and write
|
||
|
1E980C30000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
18C9AEE0000
|
heap
|
page read and write
|
||
|
26792F35000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
6B4EDDE000
|
stack
|
page read and write
|
||
|
15AA8140000
|
heap
|
page read and write
|
||
|
234D2E10000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
7FF623BFD000
|
unkown
|
page readonly
|
||
|
6B77DCD000
|
stack
|
page read and write
|
||
|
9D16FFE000
|
stack
|
page read and write
|
||
|
722667F000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
722630D000
|
stack
|
page read and write
|
||
|
2C4D5255000
|
heap
|
page read and write
|
||
|
1DF23790000
|
unkown
|
page read and write
|
||
|
165BE3E0000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
E426FE000
|
stack
|
page read and write
|
||
|
1E980C10000
|
heap
|
page read and write
|
||
|
1EB54CA8000
|
heap
|
page read and write
|
||
|
272E26D0000
|
heap
|
page readonly
|
||
|
264D4BD0000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
1F470030000
|
heap
|
page read and write
|
||
|
1F46FDC0000
|
heap
|
page read and write
|
||
|
234D2DF0000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
1E980C95000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
1748A375000
|
heap
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
264D4E00000
|
heap
|
page read and write
|
||
|
1F46FE00000
|
heap
|
page read and write
|
||
|
1FBF69F0000
|
heap
|
page read and write
|
||
|
1E980C90000
|
heap
|
page read and write
|
||
|
C707C7D000
|
stack
|
page read and write
|
||
|
1ECCB950000
|
heap
|
page read and write
|
||
|
249884A9000
|
heap
|
page read and write
|
||
|
21F8BCC5000
|
heap
|
page read and write
|
||
|
1A3D3700000
|
heap
|
page read and write
|
||
|
258C4220000
|
heap
|
page read and write
|
||
|
234D2C08000
|
heap
|
page read and write
|
||
|
19654680000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
1B12C9E5000
|
heap
|
page read and write
|
||
|
272E86AD000
|
heap
|
page read and write
|
||
|
1748A0C7000
|
heap
|
page read and write
|
||
|
9D1717F000
|
stack
|
page read and write
|
||
|
2181E8C0000
|
heap
|
page read and write
|
||
|
1B12C6C0000
|
heap
|
page read and write
|
||
|
4EDEEFE000
|
stack
|
page read and write
|
||
|
18B7EF40000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
2B2077E000
|
stack
|
page read and write
|
||
|
27364D30000
|
trusted library allocation
|
page read and write
|
||
|
536EC7C000
|
stack
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
1F46FE08000
|
heap
|
page read and write
|
||
|
272E26E0000
|
trusted library allocation
|
page read and write
|
||
|
15AA8110000
|
heap
|
page read and write
|
||
|
F79AB8F000
|
stack
|
page read and write
|
||
|
7FF7F8BED000
|
unkown
|
page readonly
|
||
|
7FF7F8BEA000
|
unkown
|
page readonly
|
There are 532 hidden memdumps, click here to show them.