Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
s4WNw38F1s.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\ccefjreaqcby.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4kvwtz20.1ut.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ikb45f31.2g1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xkri5mbk.3gu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xuetvhby.gun.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_gzy5mgrj.b4w.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_h2ng0elj.oxi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_pr4ovagv.s0c.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_smmfxi1e.fga.ps1
|
ASCII text, with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\s4WNw38F1s.exe
|
"C:\Users\user\Desktop\s4WNw38F1s.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe delete "JIOGRCSG"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe create "JIOGRCSG" binpath= "C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe" start= "auto"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop eventlog
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe start "JIOGRCSG"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\Desktop\s4WNw38F1s.exe"
|
|
|
|
C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe
|
C:\ProgramData\zvycwxhpsxqt\lutlgidagtja.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\nslookup.exe
|
nslookup.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\choice.exe
|
choice /C Y /N /D Y /T 3
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 52 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://r10.i.lencr.org/s
|
unknown
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
http://r10.o.lencr.org0#
|
unknown
|
||
|
http://x1.c.lencr.org/
|
unknown
|
||
|
http://x1.c.lencr.org/r
|
unknown
|
||
|
http://r10.i.lencr.org/0-
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://r10.i.lencr.org/
|
unknown
|
||
|
https://172.94.1q
|
unknown
|
||
|
https://xmrig.com/docs/algorithms
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
time.windows.com
|
unknown
|
|
|
|
us-zephyr.miningocean.org
|
15.204.240.197
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
15.204.244.104
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
|
DontOfferThroughWUAU
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config
|
LastKnownGoodTime
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
140001000
|
unkown
|
page execute and read and write
|
|
|
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5A1A000
|
heap
|
page read and write
|
||
|
2CA6E278000
|
heap
|
page read and write
|
||
|
1FD6FB38000
|
heap
|
page read and write
|
||
|
140009000
|
unkown
|
page read and write
|
||
|
A96847C000
|
stack
|
page read and write
|
||
|
172F3A20000
|
heap
|
page read and write
|
||
|
C3C3B7C000
|
stack
|
page read and write
|
||
|
2CA6E3A0000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
1C8067D9000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
22B09490000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
2CA6E270000
|
heap
|
page read and write
|
||
|
E2B0B7E000
|
stack
|
page read and write
|
||
|
DFFC9CF000
|
stack
|
page read and write
|
||
|
1C0FC3E0000
|
heap
|
page read and write
|
||
|
1CC807F000
|
stack
|
page read and write
|
||
|
1E21B6C0000
|
heap
|
page read and write
|
||
|
264CD602000
|
heap
|
page read and write
|
||
|
13EC6BF0000
|
heap
|
page read and write
|
||
|
1C806790000
|
heap
|
page read and write
|
||
|
2A6982B0000
|
unkown
|
page read and write
|
||
|
264CDE02000
|
trusted library allocation
|
page read and write
|
||
|
2883D305000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF604BC1000
|
unkown
|
page execute read
|
||
|
7FF66A311000
|
unkown
|
page execute read
|
||
|
1BD7D525000
|
heap
|
page read and write
|
||
|
1E9C6E90000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
2CA6E3B0000
|
heap
|
page read and write
|
||
|
B4DFFE000
|
stack
|
page read and write
|
||
|
264CD613000
|
heap
|
page read and write
|
||
|
7FF604BCC000
|
unkown
|
page readonly
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1EE68C10000
|
unkown
|
page read and write
|
||
|
DFFC8CD000
|
stack
|
page read and write
|
||
|
4BCD17E000
|
stack
|
page read and write
|
||
|
28A674F0000
|
heap
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
28A736D000
|
stack
|
page read and write
|
||
|
7FF66A31C000
|
unkown
|
page readonly
|
||
|
1EE68B60000
|
heap
|
page read and write
|
||
|
17EA69D8000
|
heap
|
page read and write
|
||
|
284C5570000
|
trusted library allocation
|
page read and write
|
||
|
17EA6C15000
|
heap
|
page read and write
|
||
|
167F2D80000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
9A5F67D000
|
stack
|
page read and write
|
||
|
284C5435000
|
heap
|
page read and write
|
||
|
1FD6FA50000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
2DF83A00000
|
heap
|
page read and write
|
||
|
1CC7D4C000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
E9C6AFF000
|
stack
|
page read and write
|
||
|
208FF990000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
264CD5E0000
|
remote allocation
|
page read and write
|
||
|
176484F0000
|
heap
|
page read and write
|
||
|
20C34CC5000
|
heap
|
page read and write
|
||
|
C3C3F7E000
|
stack
|
page read and write
|
||
|
1EE68A69000
|
heap
|
page read and write
|
||
|
A96857F000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
264CD640000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
167F30C0000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
C6930FF000
|
stack
|
page read and write
|
||
|
2459C430000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
2DF83900000
|
heap
|
page read and write
|
||
|
1BD7D538000
|
heap
|
page read and write
|
||
|
7FF66A31F000
|
unkown
|
page read and write
|
||
|
167F2D60000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
167F2DF0000
|
heap
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
1C8067A0000
|
heap
|
page read and write
|
||
|
7761ABC000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF66A320000
|
unkown
|
page write copy
|
||
|
7FF604BC1000
|
unkown
|
page execute read
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
20C349C0000
|
heap
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1FD6FDD5000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1E9C6D89000
|
heap
|
page read and write
|
||
|
260FD9C5000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
4338FE000
|
stack
|
page read and write
|
||
|
1BD7D530000
|
heap
|
page read and write
|
||
|
1E0B2E40000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF604BCC000
|
unkown
|
page readonly
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
7FF6050CA000
|
unkown
|
page readonly
|
||
|
21839779000
|
heap
|
page read and write
|
||
|
1E9C7105000
|
heap
|
page read and write
|
||
|
63C751D000
|
stack
|
page read and write
|
||
|
264CD64B000
|
heap
|
page read and write
|
||
|
264CD4B0000
|
heap
|
page read and write
|
||
|
2883D020000
|
heap
|
page read and write
|
||
|
1C0FC3B0000
|
heap
|
page read and write
|
||
|
7FF6050C8000
|
unkown
|
page read and write
|
||
|
C3C3AFD000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
2CA6E180000
|
heap
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
E7297CF000
|
stack
|
page read and write
|
||
|
1E9C6F70000
|
heap
|
page read and write
|
||
|
172F3660000
|
heap
|
page read and write
|
||
|
22B09680000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
2883D310000
|
unkown
|
page read and write
|
||
|
208FF620000
|
heap
|
page read and write
|
||
|
A88EC7C000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
F7AEBDF000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C55B0000
|
direct allocation
|
page execute and read and write
|
||
|
2A6982B0000
|
unkown
|
page read and write
|
||
|
264CD590000
|
heap
|
page read and write
|
||
|
172F36A0000
|
heap
|
page read and write
|
||
|
25651890000
|
heap
|
page read and write
|
||
|
284C5400000
|
heap
|
page read and write
|
||
|
1E419900000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
264CD702000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
2459C438000
|
heap
|
page read and write
|
||
|
1E0B2DF0000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
688A7F000
|
stack
|
page read and write
|
||
|
28A674D0000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
2A6982A0000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
284C52C0000
|
heap
|
page read and write
|
||
|
17EA69B0000
|
heap
|
page read and write
|
||
|
208FF9C5000
|
heap
|
page read and write
|
||
|
817027F000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
13EC6900000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
BB006FF000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
3CF46FD000
|
stack
|
page read and write
|
||
|
7FF6050CA000
|
unkown
|
page readonly
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1C806B40000
|
heap
|
page read and write
|
||
|
1EE68C00000
|
heap
|
page read and write
|
||
|
172F3680000
|
heap
|
page read and write
|
||
|
27A83EA8000
|
heap
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
2A8A98D000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
22B09660000
|
heap
|
page read and write
|
||
|
7FF66A31C000
|
unkown
|
page readonly
|
||
|
22B09470000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
7FF66A310000
|
unkown
|
page readonly
|
||
|
63C787F000
|
stack
|
page read and write
|
||
|
1E21B6A0000
|
heap
|
page read and write
|
||
|
25651770000
|
heap
|
page read and write
|
||
|
817067F000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
1C0FC3C0000
|
heap
|
page read and write
|
||
|
208FF6D0000
|
heap
|
page read and write
|
||
|
21839890000
|
heap
|
page read and write
|
||
|
13EC6BF5000
|
heap
|
page read and write
|
||
|
20C348E0000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
4BCD07E000
|
stack
|
page read and write
|
||
|
284CA0BA000
|
heap
|
page read and write
|
||
|
13EC6880000
|
heap
|
page read and write
|
||
|
284C59F0000
|
heap
|
page read and write
|
||
|
284C547C000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
226418A0000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1C0FC755000
|
heap
|
page read and write
|
||
|
1C0FC400000
|
heap
|
page read and write
|
||
|
284C82BA000
|
heap
|
page read and write
|
||
|
284C55C0000
|
direct allocation
|
page execute and read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
1EE68B80000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
CEDBC7D000
|
stack
|
page read and write
|
||
|
F7AEE7F000
|
stack
|
page read and write
|
||
|
C0A8C7E000
|
stack
|
page read and write
|
||
|
264CD600000
|
heap
|
page read and write
|
||
|
284C78BA000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
817007B000
|
stack
|
page read and write
|
||
|
1BD7D480000
|
heap
|
page read and write
|
||
|
21839A00000
|
heap
|
page read and write
|
||
|
13EC6908000
|
heap
|
page read and write
|
||
|
BB003FE000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
C0A8B7F000
|
stack
|
page read and write
|
||
|
1C0FC408000
|
heap
|
page read and write
|
||
|
208FF9C0000
|
heap
|
page read and write
|
||
|
1404DC000
|
unkown
|
page execute and read and write
|
||
|
4DD34FD000
|
stack
|
page read and write
|
||
|
817037F000
|
stack
|
page read and write
|
||
|
9A5F77F000
|
stack
|
page read and write
|
||
|
2A8ADFF000
|
stack
|
page read and write
|
||
|
21839770000
|
heap
|
page read and write
|
||
|
17EA6BA0000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
167F30C5000
|
heap
|
page read and write
|
||
|
5C40BCF000
|
stack
|
page read and write
|
||
|
172F36A8000
|
heap
|
page read and write
|
||
|
7FF66A818000
|
unkown
|
page read and write
|
||
|
2CA6E370000
|
heap
|
page read and write
|
||
|
260FDA20000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C5340000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
25651955000
|
heap
|
page read and write
|
||
|
284C5570000
|
trusted library allocation
|
page read and write
|
||
|
817057E000
|
stack
|
page read and write
|
||
|
284C6EBA000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1EE68980000
|
heap
|
page read and write
|
||
|
13EC6890000
|
heap
|
page read and write
|
||
|
284C55E1000
|
direct allocation
|
page execute and read and write
|
||
|
9A5F6FF000
|
stack
|
page read and write
|
||
|
22641770000
|
heap
|
page read and write
|
||
|
C3C3A7E000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
C3C407E000
|
stack
|
page read and write
|
||
|
17648200000
|
heap
|
page read and write
|
||
|
2DF839E0000
|
heap
|
page read and write
|
||
|
1EE68A60000
|
heap
|
page read and write
|
||
|
284C5340000
|
heap
|
page readonly
|
||
|
7FF604E51000
|
unkown
|
page write copy
|
||
|
1BD7D520000
|
heap
|
page read and write
|
||
|
2459C3C0000
|
heap
|
page read and write
|
||
|
21839870000
|
heap
|
page read and write
|
||
|
7FF604BC0000
|
unkown
|
page readonly
|
||
|
CEDBCFF000
|
stack
|
page read and write
|
||
|
B4DEFE000
|
stack
|
page read and write
|
||
|
284C5310000
|
direct allocation
|
page execute read
|
||
|
264CD65C000
|
heap
|
page read and write
|
||
|
356CCFD000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
22641775000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
28A67570000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
F8906FF000
|
stack
|
page read and write
|
||
|
7FF66A81A000
|
unkown
|
page readonly
|
||
|
140847000
|
unkown
|
page read and write
|
||
|
5D8267F000
|
stack
|
page read and write
|
||
|
C3C3E7F000
|
stack
|
page read and write
|
||
|
1C8067D0000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
4DD38FF000
|
stack
|
page read and write
|
||
|
7FF604BC0000
|
unkown
|
page readonly
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
140500000
|
unkown
|
page execute and read and write
|
||
|
1EE68A66000
|
heap
|
page read and write
|
||
|
284C52E0000
|
heap
|
page read and write
|
||
|
264CD5E0000
|
remote allocation
|
page read and write
|
||
|
140840000
|
unkown
|
page execute and read and write
|
||
|
2A698685000
|
heap
|
page read and write
|
||
|
68875D000
|
stack
|
page read and write
|
||
|
284C8CBA000
|
heap
|
page read and write
|
||
|
176484F5000
|
heap
|
page read and write
|
||
|
2883D090000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C51E0000
|
heap
|
page read and write
|
||
|
22641780000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C53B8000
|
heap
|
page read and write
|
||
|
1EE68C05000
|
heap
|
page read and write
|
||
|
17EA6C10000
|
heap
|
page read and write
|
||
|
1E0B2E57000
|
heap
|
page read and write
|
||
|
1E0B3115000
|
heap
|
page read and write
|
||
|
28A777F000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
28A767E000
|
stack
|
page read and write
|
||
|
1E419905000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
27A84180000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5610000
|
heap
|
page read and write
|
||
|
1E419680000
|
heap
|
page read and write
|
||
|
172F3650000
|
heap
|
page read and write
|
||
|
1E21B690000
|
heap
|
page read and write
|
||
|
28A67575000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
1FD6FB30000
|
heap
|
page read and write
|
||
|
264CD660000
|
heap
|
page read and write
|
||
|
28A67588000
|
heap
|
page read and write
|
||
|
5C40B4F000
|
stack
|
page read and write
|
||
|
5D823AF000
|
stack
|
page read and write
|
||
|
4335BD000
|
stack
|
page read and write
|
||
|
284CAABA000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
1BD7D4B0000
|
heap
|
page read and write
|
||
|
264CD660000
|
heap
|
page read and write
|
||
|
1FD6FDD0000
|
heap
|
page read and write
|
||
|
14000A000
|
unkown
|
page readonly
|
||
|
1BD7D490000
|
heap
|
page read and write
|
||
|
7FF604BCF000
|
unkown
|
page write copy
|
||
|
7FF66A81D000
|
unkown
|
page readonly
|
||
|
25651690000
|
heap
|
page read and write
|
||
|
5C40ACD000
|
stack
|
page read and write
|
||
|
284C5401000
|
heap
|
page read and write
|
||
|
2A6982C0000
|
heap
|
page read and write
|
||
|
284C5410000
|
heap
|
page read and write
|
||
|
DDF4AFF000
|
stack
|
page read and write
|
||
|
284C5A32000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
27A83E80000
|
heap
|
page read and write
|
||
|
27A83D80000
|
heap
|
page read and write
|
||
|
63C759F000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
2DF83A68000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
20C34AA0000
|
heap
|
page read and write
|
||
|
1E419760000
|
heap
|
page read and write
|
||
|
1E4197B0000
|
heap
|
page read and write
|
||
|
22B096B0000
|
heap
|
page read and write
|
||
|
1FD6FA70000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1E0B2E10000
|
heap
|
page read and write
|
||
|
C3C3D7F000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
C3C3C7F000
|
stack
|
page read and write
|
||
|
284C55D1000
|
direct allocation
|
page execute and read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1E0B2D10000
|
heap
|
page read and write
|
||
|
264CD490000
|
heap
|
page read and write
|
||
|
1E9C7100000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
1C806B45000
|
heap
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
20C349E0000
|
heap
|
page read and write
|
||
|
C3C387B000
|
stack
|
page read and write
|
||
|
1EE68A6B000
|
heap
|
page read and write
|
||
|
7FF66A81D000
|
unkown
|
page readonly
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
172F3A25000
|
heap
|
page read and write
|
||
|
284C53A9000
|
heap
|
page read and write
|
||
|
1E0B2E47000
|
heap
|
page read and write
|
||
|
E2B0A7E000
|
stack
|
page read and write
|
||
|
2A698490000
|
heap
|
page read and write
|
||
|
28A673F0000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
208FF630000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
2A698690000
|
unkown
|
page read and write
|
||
|
C3C397E000
|
unkown
|
page read and write
|
||
|
27A83EA0000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF604BCF000
|
unkown
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
22641680000
|
heap
|
page read and write
|
||
|
5D8232D000
|
stack
|
page read and write
|
||
|
2DF83A60000
|
heap
|
page read and write
|
||
|
1E21B729000
|
heap
|
page read and write
|
||
|
284C96BA000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
22641880000
|
heap
|
page read and write
|
||
|
C0A8A7D000
|
stack
|
page read and write
|
||
|
25651778000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
2459C390000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
167F2DF8000
|
heap
|
page read and write
|
||
|
688B7F000
|
stack
|
page read and write
|
||
|
1E419780000
|
heap
|
page read and write
|
||
|
260FD9A0000
|
heap
|
page read and write
|
||
|
28A67580000
|
heap
|
page read and write
|
||
|
22641788000
|
heap
|
page read and write
|
||
|
F7AEB5D000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
13EC68B0000
|
heap
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
264CD5C0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
C692DED000
|
stack
|
page read and write
|
||
|
DFFC94F000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
3CF47FF000
|
stack
|
page read and write
|
||
|
22B09498000
|
heap
|
page read and write
|
||
|
284CB4BA000
|
heap
|
page read and write
|
||
|
E729AFE000
|
stack
|
page read and write
|
||
|
22B096B5000
|
heap
|
page read and write
|
||
|
284C5A0A000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
2DF83D30000
|
heap
|
page read and write
|
||
|
2A8ACFE000
|
stack
|
page read and write
|
||
|
264CD5E0000
|
remote allocation
|
page read and write
|
||
|
2CA6E3A5000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
17EA69A0000
|
heap
|
page read and write
|
||
|
1E9C6D80000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C53E6000
|
heap
|
page read and write
|
||
|
A9684FE000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
2883D030000
|
heap
|
page read and write
|
||
|
140007000
|
unkown
|
page readonly
|
||
|
208FF6D8000
|
heap
|
page read and write
|
||
|
4339FE000
|
stack
|
page read and write
|
||
|
7761B3E000
|
stack
|
page read and write
|
||
|
DDF471D000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
1E4197B8000
|
heap
|
page read and write
|
||
|
DDF472D000
|
stack
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
7FF66A31F000
|
unkown
|
page write copy
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
20C34AA8000
|
heap
|
page read and write
|
||
|
C3C3CFF000
|
stack
|
page read and write
|
||
|
2459C290000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF66A310000
|
unkown
|
page readonly
|
||
|
260FDA28000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
17648290000
|
heap
|
page read and write
|
||
|
17648299000
|
heap
|
page read and write
|
||
|
7FF6050CD000
|
unkown
|
page readonly
|
||
|
284C5570000
|
direct allocation
|
page execute and read and write
|
||
|
4DD35FE000
|
stack
|
page read and write
|
||
|
20C34CC0000
|
heap
|
page read and write
|
||
|
4BCCD2D000
|
stack
|
page read and write
|
||
|
167F2D50000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C53A0000
|
heap
|
page read and write
|
||
|
284C543A000
|
heap
|
page read and write
|
||
|
21839680000
|
heap
|
page read and write
|
||
|
284C5A22000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
264CD64C000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
208FF650000
|
heap
|
page read and write
|
||
|
260FD9C0000
|
heap
|
page read and write
|
||
|
E9C67AD000
|
stack
|
page read and write
|
||
|
2DF83D35000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
1E21B9F0000
|
heap
|
page read and write
|
||
|
1E21B9F5000
|
heap
|
page read and write
|
||
|
27A83E60000
|
heap
|
page read and write
|
||
|
3CF4AFF000
|
stack
|
page read and write
|
||
|
7FF6050CD000
|
unkown
|
page readonly
|
||
|
7FF66A311000
|
unkown
|
page execute read
|
||
|
C69307F000
|
stack
|
page read and write
|
||
|
264CD624000
|
heap
|
page read and write
|
||
|
25651870000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
E9C6BFE000
|
stack
|
page read and write
|
||
|
E2B072D000
|
stack
|
page read and write
|
||
|
17648210000
|
heap
|
page read and write
|
||
|
284C5A12000
|
heap
|
page read and write
|
||
|
E7296CC000
|
stack
|
page read and write
|
||
|
2459C3C5000
|
heap
|
page read and write
|
||
|
2459C370000
|
heap
|
page read and write
|
||
|
7FF66A81A000
|
unkown
|
page readonly
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
2A698680000
|
heap
|
page read and write
|
||
|
284C59B0000
|
heap
|
page read and write
|
||
|
17648230000
|
heap
|
page read and write
|
||
|
C3C3BFF000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1E0B3110000
|
heap
|
page read and write
|
||
|
1C8069A0000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
25651950000
|
heap
|
page read and write
|
||
|
14078B000
|
unkown
|
page execute and read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
817047B000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5A2A000
|
heap
|
page read and write
|
||
|
284C5570000
|
trusted library allocation
|
page read and write
|
||
|
284C5ABA000
|
heap
|
page read and write
|
||
|
BB002FD000
|
stack
|
page read and write
|
||
|
1E9C6F90000
|
heap
|
page read and write
|
||
|
284CBEBA000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
1E21B720000
|
heap
|
page read and write
|
||
|
C3C3FFF000
|
stack
|
page read and write
|
||
|
356CCED000
|
stack
|
page read and write
|
||
|
1C0FC750000
|
heap
|
page read and write
|
||
|
B4DBCD000
|
stack
|
page read and write
|
||
|
1FD6F970000
|
heap
|
page read and write
|
||
|
264CD652000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
260FD980000
|
heap
|
page read and write
|
||
|
284C5A3A000
|
heap
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
7761BBF000
|
stack
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
356CDFE000
|
stack
|
page read and write
|
||
|
21839A05000
|
heap
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
260FD970000
|
heap
|
page read and write
|
||
|
2883D300000
|
heap
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C55B0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
F8903CF000
|
stack
|
page read and write
|
||
|
284C64BA000
|
heap
|
page read and write
|
||
|
140503000
|
unkown
|
page execute and read and write
|
||
|
28547AC0000
|
trusted library allocation
|
page read and write
|
||
|
284C5390000
|
trusted library allocation
|
page read and write
|
||
|
1CC7DCE000
|
stack
|
page read and write
|
||
|
284C5615000
|
heap
|
page read and write
|
||
|
F8902CD000
|
stack
|
page read and write
|
||
|
14080D000
|
unkown
|
page execute and read and write
|
||
|
17EA69D0000
|
heap
|
page read and write
|
||
|
27A84185000
|
heap
|
page read and write
|
There are 549 hidden memdumps, click here to show them.