Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
M8BTHjgHb7.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\ccefjreaqcby.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0pdrz5wk.fvy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1sy3atrt.fvk.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_efjqc1fm.gjv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_synqoyt5.hqr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_cglbp4pg.mn1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_np4jprts.3ny.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_u0zz0tqa.uer.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_v1lyaent.z0j.psm1
|
ASCII text, with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\M8BTHjgHb7.exe
|
"C:\Users\user\Desktop\M8BTHjgHb7.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe delete "JIOGRCSG"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe create "JIOGRCSG" binpath= "C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe" start= "auto"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop eventlog
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe start "JIOGRCSG"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\M8BTHjgHb7.exe"
|
|
|
|
C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe
|
C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\nslookup.exe
|
nslookup.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\choice.exe
|
choice /C Y /N /D Y /T 3
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 51 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://r10.o.lencr.org0#
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://r10.i.lencr.org/
|
unknown
|
||
|
https://172.94.1q
|
unknown
|
||
|
https://xmrig.com/docs/algorithms
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
us-zephyr.miningocean.org
|
15.204.240.197
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
15.204.240.197
|
us-zephyr.miningocean.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
|
DontOfferThroughWUAU
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
140001000
|
unkown
|
page execute and read and write
|
|
|
|
18900060000
|
heap
|
page read and write
|
||
|
E9E3CFE000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
14D148B0000
|
heap
|
page read and write
|
||
|
7FF61B7BF000
|
unkown
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF61B7BF000
|
unkown
|
page write copy
|
||
|
1447D6F1000
|
heap
|
page read and write
|
||
|
27211AA0000
|
heap
|
page read and write
|
||
|
2006DF98000
|
heap
|
page read and write
|
||
|
5546D9F000
|
stack
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1750D870000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
197F07D0000
|
heap
|
page read and write
|
||
|
197F07E0000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D690000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
27211C70000
|
heap
|
page read and write
|
||
|
2467D7E000
|
stack
|
page read and write
|
||
|
1F393848000
|
heap
|
page read and write
|
||
|
140503000
|
unkown
|
page execute and read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
F9916DD000
|
stack
|
page read and write
|
||
|
261065F0000
|
heap
|
page read and write
|
||
|
14D14A80000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7DB0BC000
|
unkown
|
page readonly
|
||
|
1A30BE70000
|
heap
|
page read and write
|
||
|
7FF7DB0BF000
|
unkown
|
page read and write
|
||
|
7FF7DB5BD000
|
unkown
|
page readonly
|
||
|
6A5B2FF000
|
stack
|
page read and write
|
||
|
1DB0CDA0000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
16A91270000
|
heap
|
page read and write
|
||
|
14D14C65000
|
heap
|
page read and write
|
||
|
1C79F210000
|
heap
|
page read and write
|
||
|
2CC9D880000
|
heap
|
page read and write
|
||
|
16A912B0000
|
heap
|
page read and write
|
||
|
79624AD000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447F115000
|
heap
|
page read and write
|
||
|
1447D6D5000
|
heap
|
page read and write
|
||
|
284C5A60000
|
heap
|
page read and write
|
||
|
140840000
|
unkown
|
page execute and read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D726000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1DB0CF29000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
B505F7F000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
6A5AFCD000
|
stack
|
page read and write
|
||
|
481FB4D000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D635000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1A30C110000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
16E14405000
|
heap
|
page read and write
|
||
|
197F06E0000
|
heap
|
page read and write
|
||
|
14080D000
|
unkown
|
page execute and read and write
|
||
|
6EFE7ED000
|
stack
|
page read and write
|
||
|
7FF61BCBA000
|
unkown
|
page readonly
|
||
|
13E73FF000
|
stack
|
page read and write
|
||
|
2CC9D8C0000
|
heap
|
page read and write
|
||
|
1DB0D1F0000
|
heap
|
page read and write
|
||
|
16E14400000
|
heap
|
page read and write
|
||
|
261067F0000
|
heap
|
page read and write
|
||
|
1447FB15000
|
heap
|
page read and write
|
||
|
28EA0F99000
|
heap
|
page read and write
|
||
|
1447E715000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
22D31C90000
|
heap
|
page read and write
|
||
|
20E4C7A0000
|
heap
|
page read and write
|
||
|
7FF7DB5B8000
|
unkown
|
page read and write
|
||
|
19AAAE30000
|
heap
|
page read and write
|
||
|
14484115000
|
heap
|
page read and write
|
||
|
7BB8FC000
|
stack
|
page read and write
|
||
|
1C79F218000
|
heap
|
page read and write
|
||
|
7FF61B7B1000
|
unkown
|
page execute read
|
||
|
140009000
|
unkown
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
197F0800000
|
heap
|
page read and write
|
||
|
2006DE70000
|
heap
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
4F278AD000
|
stack
|
page read and write
|
||
|
15EC7C30000
|
heap
|
page read and write
|
||
|
1B27CA60000
|
heap
|
page read and write
|
||
|
7FF61B7BC000
|
unkown
|
page readonly
|
||
|
13E777F000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
26DF0100000
|
heap
|
page read and write
|
||
|
1F3937E0000
|
heap
|
page read and write
|
||
|
1F1EB415000
|
heap
|
page read and write
|
||
|
20FC7EB0000
|
heap
|
page read and write
|
||
|
28EA10C0000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
2CC9D8A0000
|
heap
|
page read and write
|
||
|
15EC7C35000
|
heap
|
page read and write
|
||
|
1F1EB480000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1750D860000
|
heap
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
21D02B10000
|
heap
|
page read and write
|
||
|
1B23E7F000
|
stack
|
page read and write
|
||
|
14D14880000
|
heap
|
page read and write
|
||
|
55470FF000
|
stack
|
page read and write
|
||
|
1F1EB2B0000
|
heap
|
page read and write
|
||
|
C94FEFF000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1404DC000
|
unkown
|
page execute and read and write
|
||
|
7FF61B7B1000
|
unkown
|
page execute read
|
||
|
1447DD15000
|
heap
|
page read and write
|
||
|
BB96DFF000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
21D02EA0000
|
heap
|
page read and write
|
||
|
1F393AA0000
|
heap
|
page read and write
|
||
|
15EC7B20000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
19AAAE90000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
C94FE7F000
|
stack
|
page read and write
|
||
|
13E6FAD000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
20FC7EE9000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
953117E000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
4F27CFE000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
26106628000
|
heap
|
page read and write
|
||
|
1447D650000
|
heap
|
page readonly
|
||
|
F54A1FF000
|
stack
|
page read and write
|
||
|
2006DF70000
|
heap
|
page read and write
|
||
|
20FC80D5000
|
heap
|
page read and write
|
||
|
1DA5C2D8000
|
heap
|
page read and write
|
||
|
13E787E000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
481FF7E000
|
stack
|
page read and write
|
||
|
CD8ED0D000
|
stack
|
page read and write
|
||
|
1A30BDB0000
|
heap
|
page read and write
|
||
|
27211B80000
|
heap
|
page read and write
|
||
|
1447DC52000
|
heap
|
page read and write
|
||
|
13E797F000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1F393AA5000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
140847000
|
unkown
|
page read and write
|
||
|
58BF6FE000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
197F08B8000
|
heap
|
page read and write
|
||
|
18900370000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
26DF0510000
|
heap
|
page read and write
|
||
|
2467CFF000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
284C5BE8000
|
heap
|
page read and write
|
||
|
19AAB130000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
20E4C4C8000
|
heap
|
page read and write
|
||
|
D4237E000
|
stack
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
2A4A7ED000
|
stack
|
page read and write
|
||
|
1554B700000
|
heap
|
page read and write
|
||
|
1447D699000
|
heap
|
page read and write
|
||
|
1554B800000
|
heap
|
page read and write
|
||
|
7FF7DB0B1000
|
unkown
|
page execute read
|
||
|
284C5BE0000
|
heap
|
page read and write
|
||
|
14D14890000
|
heap
|
page read and write
|
||
|
D8D8C7F000
|
stack
|
page read and write
|
||
|
1DA5C290000
|
heap
|
page read and write
|
||
|
1750D890000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
22D31B90000
|
heap
|
page read and write
|
||
|
13E72FE000
|
unkown
|
page read and write
|
||
|
1447DD10000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1F3937F0000
|
heap
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
284C5B40000
|
heap
|
page read and write
|
||
|
20E4C430000
|
heap
|
page read and write
|
||
|
25A73AC0000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
6EFEAFF000
|
stack
|
page read and write
|
||
|
22D31CB0000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
7BB9FE000
|
stack
|
page read and write
|
||
|
20E4C440000
|
heap
|
page read and write
|
||
|
1F393810000
|
heap
|
page read and write
|
||
|
27211BA0000
|
unkown
|
page read and write
|
||
|
2006DF90000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
2467C7E000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447DC7A000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
28EA0F60000
|
heap
|
page read and write
|
||
|
3E141AC000
|
stack
|
page read and write
|
||
|
7FF7DB341000
|
unkown
|
page write copy
|
||
|
19AAAE00000
|
heap
|
page read and write
|
||
|
1750D8F0000
|
heap
|
page read and write
|
||
|
6ADBEFE000
|
stack
|
page read and write
|
||
|
7FF7DB0B0000
|
unkown
|
page readonly
|
||
|
A004E9D000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1B23B5D000
|
stack
|
page read and write
|
||
|
F784A9D000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
2006E265000
|
heap
|
page read and write
|
||
|
3E1447F000
|
stack
|
page read and write
|
||
|
14483715000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
22D31D28000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1DB0CF20000
|
heap
|
page read and write
|
||
|
1B27CC70000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1B27CE15000
|
heap
|
page read and write
|
||
|
1554B820000
|
heap
|
page read and write
|
||
|
22D31D20000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
CD8F07E000
|
stack
|
page read and write
|
||
|
2006E260000
|
heap
|
page read and write
|
||
|
1447DC72000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7DB5BA000
|
unkown
|
page readonly
|
||
|
26106845000
|
heap
|
page read and write
|
||
|
1554B825000
|
heap
|
page read and write
|
||
|
BB96CFD000
|
stack
|
page read and write
|
||
|
7FF61B7C0000
|
unkown
|
page write copy
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
7FF7DB5BA000
|
unkown
|
page readonly
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
14078B000
|
unkown
|
page execute and read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
7FF7DB0B1000
|
unkown
|
page execute read
|
||
|
14480515000
|
heap
|
page read and write
|
||
|
1B27CB70000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
20FC80E0000
|
unkown
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
284C5B60000
|
heap
|
page read and write
|
||
|
14482315000
|
heap
|
page read and write
|
||
|
15EC7A20000
|
heap
|
page read and write
|
||
|
2A4AA7F000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
6ADBFFF000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
16E141A0000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
20FC7EE0000
|
heap
|
page read and write
|
||
|
14D14C60000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
A0052FF000
|
stack
|
page read and write
|
||
|
2CC9DBD5000
|
heap
|
page read and write
|
||
|
4F279AF000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1750D8C0000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D4E0000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
819715C000
|
stack
|
page read and write
|
||
|
18900375000
|
heap
|
page read and write
|
||
|
F99175F000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
13E74FF000
|
stack
|
page read and write
|
||
|
20FC7EC0000
|
heap
|
page read and write
|
||
|
1DA5C5E5000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
14000A000
|
unkown
|
page readonly
|
||
|
1B27CB78000
|
heap
|
page read and write
|
||
|
16A91330000
|
heap
|
page read and write
|
||
|
1F1EB488000
|
heap
|
page read and write
|
||
|
20E4C4CE000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
25A73AE0000
|
heap
|
page read and write
|
||
|
7FF61BCBA000
|
unkown
|
page readonly
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
15EC7A28000
|
heap
|
page read and write
|
||
|
1447D701000
|
heap
|
page read and write
|
||
|
7FF61B7BC000
|
unkown
|
page readonly
|
||
|
554707F000
|
stack
|
page read and write
|
||
|
25A73BA0000
|
heap
|
page read and write
|
||
|
1447D76C000
|
heap
|
page read and write
|
||
|
2006DF50000
|
heap
|
page read and write
|
||
|
C94FBED000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
7FF61BCB8000
|
unkown
|
page read and write
|
||
|
F54A0ED000
|
stack
|
page read and write
|
||
|
2CC9D8C8000
|
heap
|
page read and write
|
||
|
14480F15000
|
heap
|
page read and write
|
||
|
1DA5C5E0000
|
heap
|
page read and write
|
||
|
197F08B0000
|
heap
|
page read and write
|
||
|
6ADBB8D000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447DC30000
|
heap
|
page read and write
|
||
|
7FF61BCBD000
|
unkown
|
page readonly
|
||
|
7FF7DB0B0000
|
unkown
|
page readonly
|
||
|
27211C00000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D72A000
|
heap
|
page read and write
|
||
|
1447DC5A000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
3E144FF000
|
stack
|
page read and write
|
||
|
1B27E780000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
481FE7F000
|
stack
|
page read and write
|
||
|
1447DD10000
|
trusted library allocation
|
page read and write
|
||
|
16A912A0000
|
heap
|
page read and write
|
||
|
15EC7C00000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
28EA0E60000
|
heap
|
page read and write
|
||
|
21D02D00000
|
heap
|
page read and write
|
||
|
13E747C000
|
stack
|
page read and write
|
||
|
25A738E0000
|
heap
|
page read and write
|
||
|
140500000
|
unkown
|
page execute and read and write
|
||
|
CF0773D000
|
stack
|
page read and write
|
||
|
953127F000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
26DF0168000
|
heap
|
page read and write
|
||
|
7FF61B7B0000
|
unkown
|
page readonly
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
1F1EB390000
|
heap
|
page read and write
|
||
|
7FF61BCBD000
|
unkown
|
page readonly
|
||
|
14482D15000
|
heap
|
page read and write
|
||
|
1B27CE10000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
15EC7C40000
|
heap
|
page read and write
|
||
|
1554B859000
|
heap
|
page read and write
|
||
|
1F1EB410000
|
heap
|
page read and write
|
||
|
14D148B8000
|
heap
|
page read and write
|
||
|
1DB0CF34000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
284C5E60000
|
heap
|
page read and write
|
||
|
1447D610000
|
direct allocation
|
page execute read
|
||
|
7FF7DB0BC000
|
unkown
|
page readonly
|
||
|
20E4C7A5000
|
heap
|
page read and write
|
||
|
19AAAE10000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
2CC9DBD0000
|
heap
|
page read and write
|
||
|
953107D000
|
stack
|
page read and write
|
||
|
E9E3C7D000
|
stack
|
page read and write
|
||
|
18900040000
|
heap
|
page read and write
|
||
|
D41F7D000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
19AAB135000
|
heap
|
page read and write
|
||
|
1554B7E0000
|
heap
|
page read and write
|
||
|
F9917DF000
|
stack
|
page read and write
|
||
|
26DF00F0000
|
heap
|
page read and write
|
||
|
CD8ED8E000
|
stack
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
F784B9E000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447DC6A000
|
heap
|
page read and write
|
||
|
16A91280000
|
heap
|
page read and write
|
||
|
21D02EA5000
|
heap
|
page read and write
|
||
|
1447D5E0000
|
heap
|
page read and write
|
||
|
1DB0D1F5000
|
heap
|
page read and write
|
||
|
20E4C4C0000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
27211C05000
|
heap
|
page read and write
|
||
|
BB96CED000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1F1EB48E000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1F393840000
|
heap
|
page read and write
|
||
|
1C79F420000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
16E14410000
|
unkown
|
page read and write
|
||
|
197F07D5000
|
heap
|
page read and write
|
||
|
58BF7FF000
|
stack
|
page read and write
|
||
|
1447DBF0000
|
heap
|
page read and write
|
||
|
D4227E000
|
stack
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
21D02C20000
|
heap
|
page read and write
|
||
|
1C79F425000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
18900030000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
4D1EC7D000
|
stack
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
25A73BA5000
|
heap
|
page read and write
|
||
|
26DF0120000
|
heap
|
page read and write
|
||
|
819757F000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
20FC80D0000
|
heap
|
page read and write
|
||
|
1A30BCD0000
|
heap
|
page read and write
|
||
|
CF07A7F000
|
stack
|
page read and write
|
||
|
1F1EB3B0000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
F54A0FE000
|
stack
|
page read and write
|
||
|
13E757F000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7DB5BD000
|
unkown
|
page readonly
|
||
|
2CC9D870000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
26106600000
|
heap
|
page read and write
|
||
|
13E75FE000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1B27CB40000
|
heap
|
page read and write
|
||
|
1C79F0B0000
|
heap
|
page read and write
|
||
|
20E4C460000
|
heap
|
page read and write
|
||
|
13E78FF000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
B505E7E000
|
stack
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
284C5E65000
|
heap
|
page read and write
|
||
|
27211BA0000
|
unkown
|
page read and write
|
||
|
1554B850000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
16A912A5000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
B505B3D000
|
stack
|
page read and write
|
||
|
28EA10C5000
|
heap
|
page read and write
|
||
|
1B23F7F000
|
stack
|
page read and write
|
||
|
1DA5C2D0000
|
heap
|
page read and write
|
||
|
5546D1D000
|
stack
|
page read and write
|
||
|
819747E000
|
stack
|
page read and write
|
||
|
16E14060000
|
heap
|
page read and write
|
||
|
14481915000
|
heap
|
page read and write
|
||
|
D8D89BD000
|
stack
|
page read and write
|
||
|
7FF7DB0BF000
|
unkown
|
page write copy
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1C79F190000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1DA5C4A0000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
7FF61B7B0000
|
unkown
|
page readonly
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
246798C000
|
stack
|
page read and write
|
||
|
13E767F000
|
stack
|
page read and write
|
||
|
22D31CB5000
|
heap
|
page read and write
|
||
|
25A738E8000
|
heap
|
page read and write
|
||
|
21D02B19000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1DB0CEA0000
|
heap
|
page read and write
|
||
|
1A30BE78000
|
heap
|
page read and write
|
||
|
26106840000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
19AAAE98000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
6A5B27F000
|
stack
|
page read and write
|
||
|
25A739E0000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
28EA0F40000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447DC4A000
|
heap
|
page read and write
|
||
|
26DF0515000
|
heap
|
page read and write
|
||
|
CF077BE000
|
stack
|
page read and write
|
||
|
A004F9E000
|
stack
|
page read and write
|
||
|
26DF0160000
|
heap
|
page read and write
|
||
|
189000A4000
|
heap
|
page read and write
|
||
|
79625AE000
|
stack
|
page read and write
|
||
|
18900090000
|
heap
|
page read and write
|
||
|
140007000
|
unkown
|
page readonly
|
||
|
1A30C115000
|
heap
|
page read and write
|
||
|
1750D8C5000
|
heap
|
page read and write
|
||
|
F784EFF000
|
stack
|
page read and write
|
||
|
1447DC62000
|
heap
|
page read and write
|
||
|
13E6F2B000
|
stack
|
page read and write
|
||
|
79628FF000
|
stack
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1A30BDD0000
|
heap
|
page read and write
|
||
|
28EA0F90000
|
heap
|
page read and write
|
||
|
16E14140000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1447D630000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
58BF3AD000
|
stack
|
page read and write
|
||
|
E9E3D7F000
|
stack
|
page read and write
|
||
|
16A91338000
|
heap
|
page read and write
|
||
|
21D02D20000
|
heap
|
page read and write
|
||
|
1DA5C2A0000
|
heap
|
page read and write
|
||
|
1447D660000
|
trusted library allocation
|
page read and write
|
||
|
1C79F1B0000
|
heap
|
page read and write
|
||
|
26106620000
|
heap
|
page read and write
|
||
|
144FFD60000
|
trusted library allocation
|
page read and write
|
||
|
27211D70000
|
unkown
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
22D31C70000
|
heap
|
page read and write
|
||
|
18900099000
|
heap
|
page read and write
|
||
|
1DB0CE80000
|
heap
|
page read and write
|
||
|
1750D8F8000
|
heap
|
page read and write
|
||
|
144FFDA0000
|
trusted library allocation
|
page read and write
|
||
|
1447D5C0000
|
heap
|
page read and write
|
There are 524 hidden memdumps, click here to show them.