Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
8hJNgEYi4P.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\xhzmmmxzrrwn\fqwofdtexigy.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\lvvrmxqkwnox.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ynxnbk5.i5u.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fm3mju1c.jp3.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sepfhmuy.y4d.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svxil1m2.sv2.psm1
|
ASCII text, with no line terminators
|
modified
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_jtsffusq.tql.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_mw35rvxj.phl.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_pgnzd1vq.zc5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_zbeawor0.ybc.ps1
|
ASCII text, with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\8hJNgEYi4P.exe
|
"C:\Users\user\Desktop\8hJNgEYi4P.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe delete "JVNIRHNX"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe create "JVNIRHNX" binpath= "C:\ProgramData\xhzmmmxzrrwn\fqwofdtexigy.exe" start= "auto"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop eventlog
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe start "JVNIRHNX"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\8hJNgEYi4P.exe"
|
|
|
|
C:\ProgramData\xhzmmmxzrrwn\fqwofdtexigy.exe
|
C:\ProgramData\xhzmmmxzrrwn\fqwofdtexigy.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\nslookup.exe
|
nslookup.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\choice.exe
|
choice /C Y /N /D Y /T 3
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
There are 52 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://x1.i.lencr.org/
|
unknown
|
||
|
http://r10.o.lencr.org0#
|
unknown
|
||
|
http://x1.c.lencr.org/
|
unknown
|
||
|
http://r10.i.lencr.org/0-
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
https://172.94.1q
|
unknown
|
||
|
https://xmrig.com/docs/algorithms
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
us-zephyr.miningocean.org
|
15.204.240.197
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
15.204.240.197
|
us-zephyr.miningocean.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
|
DontOfferThroughWUAU
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
140001000
|
unkown
|
page execute and read and write
|
|
|
|
22781121000
|
heap
|
page read and write
|
|
|
|
AF8BCFE000
|
stack
|
page read and write
|
||
|
AF8BDFE000
|
unkown
|
page readonly
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
888947F000
|
stack
|
page read and write
|
||
|
13FECFB0000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22B5EB15000
|
heap
|
page read and write
|
||
|
22F59378000
|
heap
|
page read and write
|
||
|
33D3A7C000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1D30F2D8000
|
heap
|
page read and write
|
||
|
2B75A000000
|
heap
|
page read and write
|
||
|
160CB810000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
24EB8690000
|
heap
|
page read and write
|
||
|
1A162A50000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22B5E7C8000
|
heap
|
page read and write
|
||
|
13166998000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22784ABB000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
2B75A020000
|
heap
|
page read and write
|
||
|
1A162A60000
|
heap
|
page read and write
|
||
|
1D95BA10000
|
heap
|
page read and write
|
||
|
1D6BF508000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
AF8BBFE000
|
unkown
|
page readonly
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
2023BC90000
|
heap
|
page read and write
|
||
|
19413B68000
|
heap
|
page read and write
|
||
|
1D95BA30000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
AF8BEFE000
|
stack
|
page read and write
|
||
|
12FE9EF000
|
stack
|
page read and write
|
||
|
2278119C000
|
heap
|
page read and write
|
||
|
7FF600261000
|
unkown
|
page execute read
|
||
|
22781790000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1F9219F5000
|
heap
|
page read and write
|
||
|
7FF600260000
|
unkown
|
page readonly
|
||
|
227817C2000
|
heap
|
page read and write
|
||
|
1C321665000
|
heap
|
page read and write
|
||
|
13166C75000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
20A4D4B5000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2B75A120000
|
unkown
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
19322730000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
C16079F000
|
unkown
|
page read and write
|
||
|
C160DFF000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
AF8C1FE000
|
unkown
|
page readonly
|
||
|
140847000
|
unkown
|
page read and write
|
||
|
9834C7D000
|
stack
|
page read and write
|
||
|
28D5E7C8000
|
heap
|
page read and write
|
||
|
22B5E740000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
6C26B9F000
|
stack
|
page read and write
|
||
|
17389065000
|
heap
|
page read and write
|
||
|
1F921A80000
|
heap
|
page read and write
|
||
|
2BE2F050000
|
heap
|
page read and write
|
||
|
17388D50000
|
heap
|
page read and write
|
||
|
13FECF40000
|
heap
|
page read and write
|
||
|
1BA57C90000
|
heap
|
page read and write
|
||
|
EBE7D5C000
|
stack
|
page read and write
|
||
|
2263BAB0000
|
heap
|
page read and write
|
||
|
8E4537F000
|
stack
|
page read and write
|
||
|
2B75A120000
|
unkown
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
269E18D000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1F9219F0000
|
heap
|
page read and write
|
||
|
14078B000
|
unkown
|
page execute and read and write
|
||
|
9834D7F000
|
stack
|
page read and write
|
||
|
14000A000
|
unkown
|
page readonly
|
||
|
1B483C20000
|
heap
|
page read and write
|
||
|
19413E05000
|
heap
|
page read and write
|
||
|
2BE2EE00000
|
heap
|
page read and write
|
||
|
7FF7609AD000
|
unkown
|
page readonly
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
1BA57A70000
|
heap
|
page read and write
|
||
|
28D5E995000
|
heap
|
page read and write
|
||
|
22781105000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
5C6F0FD000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
C160AFF000
|
stack
|
page read and write
|
||
|
227810C9000
|
heap
|
page read and write
|
||
|
1B483A00000
|
heap
|
page read and write
|
||
|
1C3212C0000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
28D5E8C0000
|
heap
|
page read and write
|
||
|
227818BB000
|
heap
|
page read and write
|
||
|
227817D2000
|
heap
|
page read and write
|
||
|
1B483A58000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
164B0630000
|
heap
|
page read and write
|
||
|
1D95BB30000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
193227E0000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1D95B910000
|
heap
|
page read and write
|
||
|
7FF7604AF000
|
unkown
|
page write copy
|
||
|
2BE2ECD0000
|
heap
|
page read and write
|
||
|
1A162D60000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
C160C7E000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
13166C70000
|
heap
|
page read and write
|
||
|
13FECFB8000
|
heap
|
page read and write
|
||
|
7FF7604A1000
|
unkown
|
page execute read
|
||
|
1D6D9B78000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22F59350000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
12FE8ED000
|
stack
|
page read and write
|
||
|
17388F40000
|
heap
|
page read and write
|
||
|
22781080000
|
heap
|
page read and write
|
||
|
227817CA000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
160CB560000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2B759F20000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2564C202000
|
trusted library allocation
|
page read and write
|
||
|
28D5E990000
|
heap
|
page read and write
|
||
|
C160EFE000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
3E61AED000
|
stack
|
page read and write
|
||
|
7FF7604A0000
|
unkown
|
page readonly
|
||
|
1D6D9B70000
|
heap
|
page read and write
|
||
|
227854BB000
|
heap
|
page read and write
|
||
|
22782CBB000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
7FF7609AA000
|
unkown
|
page readonly
|
||
|
7FF7604AC000
|
unkown
|
page readonly
|
||
|
22B5E7B0000
|
heap
|
page read and write
|
||
|
22B5EB10000
|
heap
|
page read and write
|
||
|
24EB8788000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
28257850000
|
heap
|
page read and write
|
||
|
7FF7609AD000
|
unkown
|
page readonly
|
||
|
2B75A260000
|
heap
|
page read and write
|
||
|
2278115A000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
19413A60000
|
heap
|
page read and write
|
||
|
9834CFE000
|
stack
|
page read and write
|
||
|
1288FBD000
|
stack
|
page read and write
|
||
|
24EB8A05000
|
heap
|
page read and write
|
||
|
7FF60026F000
|
unkown
|
page read and write
|
||
|
1A162AE0000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
7FF7604AC000
|
unkown
|
page readonly
|
||
|
164B0520000
|
heap
|
page read and write
|
||
|
2564BA29000
|
heap
|
page read and write
|
||
|
1D6D9E90000
|
heap
|
page read and write
|
||
|
1EA9E415000
|
heap
|
page read and write
|
||
|
1BA57AB0000
|
heap
|
page read and write
|
||
|
13166BA0000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2564BA02000
|
heap
|
page read and write
|
||
|
C160BFC000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781720000
|
direct allocation
|
page execute read
|
||
|
EC7367F000
|
stack
|
page read and write
|
||
|
D72A6ED000
|
stack
|
page read and write
|
||
|
20A4D240000
|
heap
|
page read and write
|
||
|
33D3C7F000
|
stack
|
page read and write
|
||
|
160CB480000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
F030A7D000
|
stack
|
page read and write
|
||
|
28257830000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
7FF760731000
|
unkown
|
page write copy
|
||
|
2564BB02000
|
heap
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
5C6F1FE000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
24EB8880000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
536727D000
|
stack
|
page read and write
|
||
|
13166B80000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
3125D8C000
|
stack
|
page read and write
|
||
|
D72A7EE000
|
stack
|
page read and write
|
||
|
227817BA000
|
heap
|
page read and write
|
||
|
19413B60000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1D95B820000
|
heap
|
page read and write
|
||
|
164B20D0000
|
heap
|
page read and write
|
||
|
735270D000
|
stack
|
page read and write
|
||
|
22F59370000
|
heap
|
page read and write
|
||
|
536747F000
|
stack
|
page read and write
|
||
|
24EB8780000
|
heap
|
page read and write
|
||
|
2564BA00000
|
heap
|
page read and write
|
||
|
282578E5000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781850000
|
heap
|
page readonly
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2564B9F0000
|
heap
|
page read and write
|
||
|
F030AFF000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
193227E8000
|
heap
|
page read and write
|
||
|
227818B0000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22F59340000
|
heap
|
page read and write
|
||
|
22B5E7B7000
|
heap
|
page read and write
|
||
|
228038C0000
|
trusted library allocation
|
page read and write
|
||
|
493C9EF000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
AF8BAFD000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
AF8B51B000
|
stack
|
page read and write
|
||
|
7FF600768000
|
unkown
|
page read and write
|
||
|
227817AA000
|
heap
|
page read and write
|
||
|
22B5E720000
|
heap
|
page read and write
|
||
|
2023BC30000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
3560F7F000
|
stack
|
page read and write
|
||
|
13FECF10000
|
heap
|
page read and write
|
||
|
19322750000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1C321660000
|
heap
|
page read and write
|
||
|
1D6D9E95000
|
heap
|
page read and write
|
||
|
1BE38FF000
|
stack
|
page read and write
|
||
|
7FF600261000
|
unkown
|
page execute read
|
||
|
164B0640000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
7FF7604AF000
|
unkown
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
C160CFF000
|
stack
|
page read and write
|
||
|
19322990000
|
heap
|
page read and write
|
||
|
7352B7E000
|
stack
|
page read and write
|
||
|
2564C150000
|
trusted library allocation
|
page read and write
|
||
|
3B582FE000
|
stack
|
page read and write
|
||
|
EBE817F000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1EA9E190000
|
heap
|
page read and write
|
||
|
28D5E6B0000
|
heap
|
page read and write
|
||
|
22781131000
|
heap
|
page read and write
|
||
|
22781090000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1F9218E0000
|
heap
|
page read and write
|
||
|
227810B5000
|
heap
|
page read and write
|
||
|
22781750000
|
heap
|
page read and write
|
||
|
2263BDA0000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
536737F000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
C16107E000
|
stack
|
page read and write
|
||
|
7FF60076D000
|
unkown
|
page readonly
|
||
|
1D6BF4D5000
|
heap
|
page read and write
|
||
|
20A4D260000
|
heap
|
page read and write
|
||
|
227810C0000
|
heap
|
page read and write
|
||
|
2642FC000
|
stack
|
page read and write
|
||
|
2023BC98000
|
heap
|
page read and write
|
||
|
227840BB000
|
heap
|
page read and write
|
||
|
160CB590000
|
heap
|
page read and write
|
||
|
2263B9D0000
|
heap
|
page read and write
|
||
|
6C58CFE000
|
stack
|
page read and write
|
||
|
164B06B0000
|
heap
|
page read and write
|
||
|
1D30F250000
|
heap
|
page read and write
|
||
|
1D95BB35000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
7FF60026C000
|
unkown
|
page readonly
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1EA9E410000
|
heap
|
page read and write
|
||
|
1C3212E0000
|
heap
|
page read and write
|
||
|
EC736FF000
|
stack
|
page read and write
|
||
|
3B5827E000
|
stack
|
page read and write
|
||
|
28257660000
|
heap
|
page read and write
|
||
|
2BE2EDD0000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
28257640000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2DBB4FF000
|
stack
|
page read and write
|
||
|
1A162A80000
|
heap
|
page read and write
|
||
|
19413B40000
|
heap
|
page read and write
|
||
|
22B5E7DC000
|
heap
|
page read and write
|
||
|
1D6BF4A0000
|
heap
|
page read and write
|
||
|
1F921A00000
|
heap
|
page read and write
|
||
|
8E44F4D000
|
stack
|
page read and write
|
||
|
2023BC10000
|
heap
|
page read and write
|
||
|
140007000
|
unkown
|
page readonly
|
||
|
1B483A35000
|
heap
|
page read and write
|
||
|
1D6BF4D0000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
227822BB000
|
heap
|
page read and write
|
||
|
13FECF20000
|
heap
|
page read and write
|
||
|
2023BE25000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
19322650000
|
heap
|
page read and write
|
||
|
D24A3CE000
|
stack
|
page read and write
|
||
|
7FF60076A000
|
unkown
|
page readonly
|
||
|
22F59320000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1EA9E0F0000
|
heap
|
page read and write
|
||
|
31260FF000
|
stack
|
page read and write
|
||
|
140503000
|
unkown
|
page execute and read and write
|
||
|
160CB820000
|
unkown
|
page read and write
|
||
|
816707F000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1D30F570000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1A162D65000
|
heap
|
page read and write
|
||
|
1D6D9D70000
|
heap
|
page read and write
|
||
|
2263BB08000
|
heap
|
page read and write
|
||
|
33D3B7E000
|
stack
|
page read and write
|
||
|
1BE34AD000
|
stack
|
page read and write
|
||
|
12892FE000
|
stack
|
page read and write
|
||
|
D72AAFF000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
2023BE20000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
7FF600260000
|
unkown
|
page readonly
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
19413C60000
|
heap
|
page read and write
|
||
|
140840000
|
unkown
|
page execute and read and write
|
||
|
8166E7C000
|
stack
|
page read and write
|
||
|
20A4D140000
|
heap
|
page read and write
|
||
|
17388D58000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
7FF600270000
|
unkown
|
page write copy
|
||
|
19322995000
|
heap
|
page read and write
|
||
|
888917D000
|
stack
|
page read and write
|
||
|
14080D000
|
unkown
|
page execute and read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22F59345000
|
heap
|
page read and write
|
||
|
7FF7604A1000
|
unkown
|
page execute read
|
||
|
98240FE000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1BA57A90000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
7FF7604A0000
|
unkown
|
page readonly
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
227817DA000
|
heap
|
page read and write
|
||
|
2643FE000
|
stack
|
page read and write
|
||
|
C160D7E000
|
stack
|
page read and write
|
||
|
C160B7E000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
140009000
|
unkown
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1BA57AB8000
|
heap
|
page read and write
|
||
|
1D6BF4B0000
|
heap
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2564B9C0000
|
heap
|
page read and write
|
||
|
1D30F2D0000
|
heap
|
page read and write
|
||
|
CD577FF000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
20A4D268000
|
heap
|
page read and write
|
||
|
3B57F8C000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22F59310000
|
heap
|
page read and write
|
||
|
1D95B918000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
2B75A270000
|
unkown
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
C16069B000
|
stack
|
page read and write
|
||
|
227868BB000
|
heap
|
page read and write
|
||
|
13FECF15000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1BE35AE000
|
stack
|
page read and write
|
||
|
20A4D4B0000
|
heap
|
page read and write
|
||
|
164B0600000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
2B75A265000
|
heap
|
page read and write
|
||
|
13166990000
|
heap
|
page read and write
|
||
|
AF8C0FC000
|
stack
|
page read and write
|
||
|
13166AA0000
|
heap
|
page read and write
|
||
|
1811AFF0000
|
heap
|
page read and write
|
||
|
982407C000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1811B3D0000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
982417F000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2564B9E0000
|
heap
|
page read and write
|
||
|
1C321329000
|
heap
|
page read and write
|
||
|
140500000
|
unkown
|
page execute and read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
164B0635000
|
heap
|
page read and write
|
||
|
D24A67F000
|
stack
|
page read and write
|
||
|
7FF60076D000
|
unkown
|
page readonly
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
6C58CEE000
|
stack
|
page read and write
|
||
|
282578E0000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2564BA13000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
2023BB30000
|
heap
|
page read and write
|
||
|
1B483A30000
|
heap
|
page read and write
|
||
|
164B06B8000
|
heap
|
page read and write
|
||
|
356107E000
|
stack
|
page read and write
|
||
|
24EB88A0000
|
heap
|
page read and write
|
||
|
2BE2EE09000
|
heap
|
page read and write
|
||
|
17388F20000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
D24A34C000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1BA57C95000
|
heap
|
page read and write
|
||
|
160CB815000
|
heap
|
page read and write
|
||
|
2BE2F055000
|
heap
|
page read and write
|
||
|
19413E00000
|
heap
|
page read and write
|
||
|
CD576FD000
|
stack
|
page read and write
|
||
|
7FF7609AA000
|
unkown
|
page readonly
|
||
|
17388D40000
|
heap
|
page read and write
|
||
|
22803900000
|
trusted library allocation
|
page read and write
|
||
|
227817B2000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
28D5E790000
|
heap
|
page read and write
|
||
|
88891FF000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
20A4D220000
|
heap
|
page read and write
|
||
|
22781290000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1C3212B0000
|
heap
|
page read and write
|
||
|
7FF60026C000
|
unkown
|
page readonly
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1A162AE9000
|
heap
|
page read and write
|
||
|
7FF60076A000
|
unkown
|
page readonly
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1B483A50000
|
heap
|
page read and write
|
||
|
1F9219C0000
|
heap
|
page read and write
|
||
|
1D6D9C70000
|
heap
|
page read and write
|
||
|
493C96D000
|
stack
|
page read and write
|
||
|
EBE807E000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
3560E7D000
|
stack
|
page read and write
|
||
|
C1610FF000
|
stack
|
page read and write
|
||
|
7FF7609A8000
|
unkown
|
page read and write
|
||
|
2564BA3F000
|
heap
|
page read and write
|
||
|
1D6BF4E0000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
493CC7F000
|
stack
|
page read and write
|
||
|
2564BA2B000
|
heap
|
page read and write
|
||
|
1F921A88000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1EA9E100000
|
heap
|
page read and write
|
||
|
227836BB000
|
heap
|
page read and write
|
||
|
12FE96F000
|
stack
|
page read and write
|
||
|
2DBB5FF000
|
stack
|
page read and write
|
||
|
1BA57990000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
31261FF000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1811B0E9000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
227810B0000
|
heap
|
page read and write
|
||
|
8E4527F000
|
stack
|
page read and write
|
||
|
13FECE30000
|
heap
|
page read and write
|
||
|
6C26B1D000
|
stack
|
page read and write
|
||
|
22781156000
|
heap
|
page read and write
|
||
|
24EB8A00000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1C321320000
|
heap
|
page read and write
|
||
|
1EA9E198000
|
heap
|
page read and write
|
||
|
2DBB1DD000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
1D30F575000
|
heap
|
page read and write
|
||
|
AF8BFFE000
|
unkown
|
page readonly
|
||
|
1D6BF500000
|
heap
|
page read and write
|
||
|
C160FFE000
|
stack
|
page read and write
|
||
|
3E61BEF000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
12893FF000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22B5E710000
|
heap
|
page read and write
|
||
|
2263BB00000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
2263BAD0000
|
heap
|
page read and write
|
||
|
1D30F270000
|
heap
|
page read and write
|
||
|
2BE2EDB0000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
1811B3E0000
|
unkown
|
page read and write
|
||
|
22785EBB000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
6C58DFF000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1EA9E120000
|
heap
|
page read and write
|
||
|
1811AF10000
|
heap
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
227872BB000
|
heap
|
page read and write
|
||
|
7352A7E000
|
stack
|
page read and write
|
||
|
3E61B6F000
|
stack
|
page read and write
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
7FF60026F000
|
unkown
|
page write copy
|
||
|
22803940000
|
trusted library allocation
|
page read and write
|
||
|
EC7339D000
|
stack
|
page read and write
|
||
|
8166F7F000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1404DC000
|
unkown
|
page execute and read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
2646FE000
|
stack
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1B483A10000
|
heap
|
page read and write
|
||
|
1811B0E0000
|
heap
|
page read and write
|
||
|
2263BDA5000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1D6D9D50000
|
heap
|
page read and write
|
||
|
17389060000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
CD576ED000
|
stack
|
page read and write
|
||
|
227818B0000
|
trusted library allocation
|
page read and write
|
||
|
28D5E7C0000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
||
|
1D30F170000
|
heap
|
page read and write
|
||
|
1811B3D5000
|
heap
|
page read and write
|
||
|
22781860000
|
trusted library allocation
|
page read and write
|
There are 555 hidden memdumps, click here to show them.