Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Google Chrome.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Chrome.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\System32\drivers\etc\hosts
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\Temp\aeqsvaygefnl.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4zxdcnwi.moc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jfxs03mz.kfp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rn3dbb1m.1rr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uqaczy1o.pcr.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_mai2naou.ec1.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_rggid11q.cw1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_wbyexdko.2cv.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_wmzffi0d.10r.ps1
|
ASCII text, with no line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Google Chrome.exe
|
"C:\Users\user\Desktop\Google Chrome.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe delete "Chrome"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe create "Chrome" binpath= "C:\ProgramData\Chrome.exe" start= "auto"
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop eventlog
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe start "Chrome"
|
|
|
|
C:\ProgramData\Chrome.exe
|
C:\ProgramData\Chrome.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop UsoSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop WaaSMedicSvc
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop wuauserv
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop bits
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop dosvc
|
|
|
|
C:\Windows\System32\svchost.exe
|
svchost.exe
|
|
|
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe
|
There are 33 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://pastebin.com/raw/FBXiGyZ9
|
172.67.19.24
|
||
|
https://www.kaspersky.ru/downloads/free-virus-removal-tool
|
unknown
|
||
|
https://pastebin.com/raw/FBXiGyZ9--cinit-stealth-targets=Taskmgr.exe
|
unknown
|
||
|
https://www.drweb.ru/
|
unknown
|
||
|
https://172.94.1q
|
unknown
|
||
|
https://xmrig.com/docs/algorithms
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pastebin.com
|
172.67.19.24
|
|
|
|
pool.hashvault.pro
|
45.76.89.70
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.19.24
|
pastebin.com
|
United States
|
|
|
|
45.76.89.70
|
pool.hashvault.pro
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
|
DontOfferThroughWUAU
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
140001000
|
unkown
|
page execute and read and write
|
|
|
|
1FE9D080000
|
heap
|
page read and write
|
|
|
|
14078B000
|
unkown
|
page execute and read and write
|
||
|
431D0FE000
|
stack
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
232CD8E0000
|
heap
|
page read and write
|
||
|
1FE9D090000
|
heap
|
page read and write
|
||
|
1C78A5B0000
|
heap
|
page read and write
|
||
|
59A9B7F000
|
stack
|
page read and write
|
||
|
1FE9D8B8000
|
heap
|
page read and write
|
||
|
1C78A875000
|
heap
|
page read and write
|
||
|
22A782A0000
|
heap
|
page read and write
|
||
|
1FE9D879000
|
heap
|
page read and write
|
||
|
22A782A5000
|
heap
|
page read and write
|
||
|
1BEC1AE5000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D865000
|
heap
|
page read and write
|
||
|
BFA207D000
|
stack
|
page read and write
|
||
|
7FF7EA96C000
|
unkown
|
page readonly
|
||
|
1FE9D865000
|
heap
|
page read and write
|
||
|
83D0C7E000
|
stack
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1447BD10000
|
heap
|
page read and write
|
||
|
20382015000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
18182B00000
|
heap
|
page read and write
|
||
|
1FE9D86C000
|
heap
|
page read and write
|
||
|
1FE9D879000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
272CD130000
|
heap
|
page read and write
|
||
|
140503000
|
unkown
|
page execute and read and write
|
||
|
1447BD30000
|
heap
|
page read and write
|
||
|
7FF7EA46E000
|
unkown
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D8C8000
|
heap
|
page read and write
|
||
|
1A551950000
|
heap
|
page read and write
|
||
|
24A07080000
|
heap
|
page read and write
|
||
|
1FE9D0DF000
|
heap
|
page read and write
|
||
|
C62437F000
|
stack
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1404DC000
|
unkown
|
page execute and read and write
|
||
|
1C8270C0000
|
heap
|
page read and write
|
||
|
24A07090000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D02A000
|
heap
|
page read and write
|
||
|
1C312B90000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7EA46F000
|
unkown
|
page write copy
|
||
|
BB2CDBE000
|
stack
|
page read and write
|
||
|
1447C170000
|
heap
|
page read and write
|
||
|
1FE9CF90000
|
heap
|
page read and write
|
||
|
9F9458E000
|
stack
|
page read and write
|
||
|
1FE9D86F000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
22A781F0000
|
heap
|
page read and write
|
||
|
24A070F5000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D86D000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D113000
|
heap
|
page read and write
|
||
|
763237F000
|
stack
|
page read and write
|
||
|
20382020000
|
unkown
|
page read and write
|
||
|
2A184805000
|
heap
|
page read and write
|
||
|
1FE9D86F000
|
heap
|
page read and write
|
||
|
AFA0EE000
|
stack
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7EA46E000
|
unkown
|
page write copy
|
||
|
7FF7EA461000
|
unkown
|
page execute read
|
||
|
26E85870000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
140500000
|
unkown
|
page execute and read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
C520FFE000
|
stack
|
page read and write
|
||
|
1FF30402000
|
heap
|
page read and write
|
||
|
272CD260000
|
heap
|
page read and write
|
||
|
1FE9D880000
|
heap
|
page read and write
|
||
|
22A78010000
|
heap
|
page read and write
|
||
|
194FBCE0000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1F505FE000
|
stack
|
page read and write
|
||
|
1FE9FC00000
|
heap
|
page read and write
|
||
|
1FE9D853000
|
heap
|
page read and write
|
||
|
1FE9D869000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
2A1847E0000
|
heap
|
page read and write
|
||
|
1C78A540000
|
heap
|
page read and write
|
||
|
242238F0000
|
heap
|
page read and write
|
||
|
D7ED7E000
|
stack
|
page read and write
|
||
|
7FF7EA460000
|
unkown
|
page readonly
|
||
|
C520EFD000
|
stack
|
page read and write
|
||
|
1FE9D000000
|
heap
|
page read and write
|
||
|
242238E0000
|
heap
|
page read and write
|
||
|
AFA1FF000
|
stack
|
page read and write
|
||
|
1FE4D610000
|
unkown
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
272CD150000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1C78A870000
|
heap
|
page read and write
|
||
|
24223C70000
|
unkown
|
page read and write
|
||
|
1FE9D876000
|
heap
|
page read and write
|
||
|
26E85830000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D876000
|
heap
|
page read and write
|
||
|
14000A000
|
unkown
|
page readonly
|
||
|
593B71D000
|
stack
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
22BD0830000
|
heap
|
page read and write
|
||
|
1FE9CFB0000
|
direct allocation
|
page execute read
|
||
|
1F4FCFD000
|
stack
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D872000
|
heap
|
page read and write
|
||
|
BB2D0FF000
|
stack
|
page read and write
|
||
|
7631F1C000
|
stack
|
page read and write
|
||
|
7FF61FA49000
|
unkown
|
page readonly
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D881000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
140007000
|
unkown
|
page readonly
|
||
|
2A184860000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D05D000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D88E000
|
heap
|
page read and write
|
||
|
1F4F70B000
|
stack
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
11E097E000
|
stack
|
page read and write
|
||
|
7FF61FA47000
|
unkown
|
page read and write
|
||
|
26E85BF5000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FFFF608000
|
heap
|
page read and write
|
||
|
1FFFF810000
|
heap
|
page read and write
|
||
|
C62417F000
|
stack
|
page read and write
|
||
|
1FE9D86F000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D86D000
|
heap
|
page read and write
|
||
|
242239A0000
|
heap
|
page read and write
|
||
|
1D4B463F000
|
heap
|
page read and write
|
||
|
1BEC1840000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
2A1846E0000
|
heap
|
page read and write
|
||
|
1C78A5B9000
|
heap
|
page read and write
|
||
|
1FE9D02F000
|
heap
|
page read and write
|
||
|
24223910000
|
unkown
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D800000
|
heap
|
page read and write
|
||
|
9F9448C000
|
stack
|
page read and write
|
||
|
7FF61FA4C000
|
unkown
|
page readonly
|
||
|
232CD770000
|
heap
|
page read and write
|
||
|
232CD850000
|
heap
|
page read and write
|
||
|
194FBCE8000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DE00000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1D4B4560000
|
heap
|
page read and write
|
||
|
1FE9E800000
|
heap
|
page read and write
|
||
|
1FFFF7D0000
|
heap
|
page read and write
|
||
|
7FF61FA4C000
|
unkown
|
page readonly
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
232CF290000
|
heap
|
page read and write
|
||
|
C62447F000
|
stack
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
232CD910000
|
heap
|
page read and write
|
||
|
1FE9D866000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
22A78018000
|
heap
|
page read and write
|
||
|
1F500FE000
|
unkown
|
page readonly
|
||
|
1FE9D86D000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D84E000
|
heap
|
page read and write
|
||
|
C41C1FF000
|
stack
|
page read and write
|
||
|
7FF7EA46B000
|
unkown
|
page readonly
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
194FC005000
|
heap
|
page read and write
|
||
|
812A17E000
|
stack
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1D4B4600000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
direct allocation
|
page execute and read and write
|
||
|
24223C60000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1D4B462B000
|
heap
|
page read and write
|
||
|
7FF7EA46B000
|
unkown
|
page readonly
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1A5519A8000
|
heap
|
page read and write
|
||
|
1FE9D84D000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
1FE9D7C0000
|
direct allocation
|
page execute and read and write
|
||
|
C62477F000
|
stack
|
page read and write
|
||
|
6DE0B7E000
|
stack
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D86D000
|
heap
|
page read and write
|
||
|
7FF61F541000
|
unkown
|
page execute read
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
BFA227F000
|
stack
|
page read and write
|
||
|
18182B08000
|
heap
|
page read and write
|
||
|
A3D0C7F000
|
stack
|
page read and write
|
||
|
1FE9D760000
|
heap
|
page read and write
|
||
|
1FE9D84C000
|
heap
|
page read and write
|
||
|
194FBDF0000
|
heap
|
page read and write
|
||
|
1FE9D863000
|
heap
|
page read and write
|
||
|
1F4FDFE000
|
unkown
|
page readonly
|
||
|
4D77A7F000
|
stack
|
page read and write
|
||
|
AFA0FE000
|
stack
|
page read and write
|
||
|
1D4B4E02000
|
trusted library allocation
|
page read and write
|
||
|
10C93D000
|
stack
|
page read and write
|
||
|
1FEA1A00000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1D4B460B000
|
heap
|
page read and write
|
||
|
C62487E000
|
stack
|
page read and write
|
||
|
1FE9D869000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
593BA7F000
|
stack
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
431D1FE000
|
stack
|
page read and write
|
||
|
22BD0710000
|
heap
|
page read and write
|
||
|
232CD870000
|
heap
|
page read and write
|
||
|
1C827315000
|
heap
|
page read and write
|
||
|
1FE4D600000
|
unkown
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D872000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
194FBED0000
|
heap
|
page read and write
|
||
|
1FE9D760000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
140009000
|
unkown
|
page read and write
|
||
|
1FE9D84C000
|
heap
|
page read and write
|
||
|
1FEA1000000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D8F0000
|
heap
|
page read and write
|
||
|
1FE9D8F8000
|
heap
|
page read and write
|
||
|
24A070B0000
|
heap
|
page read and write
|
||
|
1FE9CF60000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D86D000
|
heap
|
page read and write
|
||
|
59A9A7C000
|
stack
|
page read and write
|
||
|
1C78A5B6000
|
heap
|
page read and write
|
||
|
272CD155000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D86C000
|
heap
|
page read and write
|
||
|
1BEC17A0000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
593BB7E000
|
stack
|
page read and write
|
||
|
1D4B4540000
|
heap
|
page read and write
|
||
|
1FEA0600000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
7FF61FA49000
|
unkown
|
page readonly
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D85B000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D866000
|
heap
|
page read and write
|
||
|
2A1847C0000
|
heap
|
page read and write
|
||
|
22A78210000
|
heap
|
page read and write
|
||
|
1FE9D0F3000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1447BD00000
|
heap
|
page read and write
|
||
|
1D4B4570000
|
heap
|
page read and write
|
||
|
1FE4D920000
|
unkown
|
page read and write
|
||
|
BFA21FE000
|
unkown
|
page readonly
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
10CC7F000
|
stack
|
page read and write
|
||
|
7FF61F54E000
|
unkown
|
page read and write
|
||
|
1FE4D6D0000
|
heap
|
page read and write
|
||
|
140840000
|
unkown
|
page execute and read and write
|
||
|
1C78A560000
|
heap
|
page read and write
|
||
|
7FF61F540000
|
unkown
|
page readonly
|
||
|
1D4B45A0000
|
trusted library allocation
|
page read and write
|
||
|
1C827130000
|
heap
|
page read and write
|
||
|
C41BDBD000
|
stack
|
page read and write
|
||
|
C623F7D000
|
stack
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
FE53B3D000
|
stack
|
page read and write
|
||
|
1FE9D06A000
|
heap
|
page read and write
|
||
|
2A184868000
|
heap
|
page read and write
|
||
|
1FE9D879000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D102000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1BEC1780000
|
heap
|
page read and write
|
||
|
1FE9D0FC000
|
heap
|
page read and write
|
||
|
1FE9D8C0000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
10CD7E000
|
stack
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
20381C60000
|
heap
|
page read and write
|
||
|
C623D7E000
|
stack
|
page read and write
|
||
|
1FE9D85B000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1C312B65000
|
heap
|
page read and write
|
||
|
7FF61F54E000
|
unkown
|
page write copy
|
||
|
1C827138000
|
heap
|
page read and write
|
||
|
A3D0B7F000
|
stack
|
page read and write
|
||
|
7FF61F54B000
|
unkown
|
page readonly
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE4D910000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1A551C55000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
7FF7EA461000
|
unkown
|
page execute read
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D102000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
6DE0C7E000
|
stack
|
page read and write
|
||
|
1BEC1830000
|
heap
|
page read and write
|
||
|
1FE4D915000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
812A07E000
|
stack
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1447BDD0000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
22A78110000
|
heap
|
page read and write
|
||
|
22BD0730000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE4D500000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
22BD0528000
|
heap
|
page read and write
|
||
|
1FFFF600000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
232CD918000
|
heap
|
page read and write
|
||
|
2A184800000
|
heap
|
page read and write
|
||
|
24223C65000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
59A9AFF000
|
stack
|
page read and write
|
||
|
24223920000
|
unkown
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
272CD160000
|
heap
|
page read and write
|
||
|
1FE9D85E000
|
heap
|
page read and write
|
||
|
C41C0FF000
|
stack
|
page read and write
|
||
|
4D7787D000
|
stack
|
page read and write
|
||
|
7FF61F540000
|
unkown
|
page readonly
|
||
|
1FEA2E00000
|
heap
|
page read and write
|
||
|
1FE9D09D000
|
heap
|
page read and write
|
||
|
1FE9CF80000
|
heap
|
page read and write
|
||
|
D7EC7D000
|
stack
|
page read and write
|
||
|
1447BDD8000
|
heap
|
page read and write
|
||
|
1D4B4602000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
26E85BF0000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D879000
|
heap
|
page read and write
|
||
|
1FE9D8CF000
|
heap
|
page read and write
|
||
|
1A551C50000
|
heap
|
page read and write
|
||
|
1BEC16A0000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
A3D0A7D000
|
stack
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D881000
|
heap
|
page read and write
|
||
|
272CD050000
|
heap
|
page read and write
|
||
|
9F9450E000
|
stack
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
C62467E000
|
stack
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D843000
|
heap
|
page read and write
|
||
|
C520EEE000
|
stack
|
page read and write
|
||
|
7FF61F541000
|
unkown
|
page execute read
|
||
|
1BEC1838000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
7FF61F54B000
|
unkown
|
page readonly
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
C623E7E000
|
stack
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
83D0B7E000
|
stack
|
page read and write
|
||
|
1FE4D6D9000
|
heap
|
page read and write
|
||
|
1FE9D88C000
|
heap
|
page read and write
|
||
|
1C8270E0000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
18182CF0000
|
heap
|
page read and write
|
||
|
1FE9D866000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
24223910000
|
unkown
|
page read and write
|
||
|
20381C50000
|
heap
|
page read and write
|
||
|
1FFFF5D0000
|
heap
|
page read and write
|
||
|
BFA217E000
|
stack
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D760000
|
trusted library allocation
|
page read and write
|
||
|
11E087F000
|
stack
|
page read and write
|
||
|
83D0A7D000
|
stack
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FEA3800000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
18182E15000
|
heap
|
page read and write
|
||
|
24A07158000
|
heap
|
page read and write
|
||
|
C623C7B000
|
stack
|
page read and write
|
||
|
1FE9D094000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9F200000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7EA969000
|
unkown
|
page readonly
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D843000
|
heap
|
page read and write
|
||
|
24223910000
|
unkown
|
page read and write
|
||
|
18182CD0000
|
heap
|
page read and write
|
||
|
20381C80000
|
heap
|
page read and write
|
||
|
1FE9D8A6000
|
heap
|
page read and write
|
||
|
20382010000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
194FC000000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D86D000
|
heap
|
page read and write
|
||
|
1447C175000
|
heap
|
page read and write
|
||
|
140847000
|
unkown
|
page read and write
|
||
|
24A070F0000
|
heap
|
page read and write
|
||
|
1FEA2400000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
6DE0A7C000
|
stack
|
page read and write
|
||
|
1C312B60000
|
heap
|
page read and write
|
||
|
1C312BB8000
|
heap
|
page read and write
|
||
|
1F506FE000
|
unkown
|
page readonly
|
||
|
1C312B70000
|
heap
|
page read and write
|
||
|
1FE9D86B000
|
heap
|
page read and write
|
||
|
22BD0630000
|
heap
|
page read and write
|
||
|
1F4FFFE000
|
stack
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D013000
|
heap
|
page read and write
|
||
|
22BD0835000
|
heap
|
page read and write
|
||
|
232CD8E5000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1C827310000
|
heap
|
page read and write
|
||
|
1A5519A0000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1C312BB0000
|
heap
|
page read and write
|
||
|
1FF30423000
|
heap
|
page read and write
|
||
|
1FE9D86F000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
26E85800000
|
heap
|
page read and write
|
||
|
7FF7EA96C000
|
unkown
|
page readonly
|
||
|
1FE4D5E0000
|
heap
|
page read and write
|
||
|
7FF7EA460000
|
unkown
|
page readonly
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1D4B4702000
|
heap
|
page read and write
|
||
|
1D4B4613000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1C826FE0000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
4D7797E000
|
stack
|
page read and write
|
||
|
431CD8D000
|
stack
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D0F8000
|
heap
|
page read and write
|
||
|
1C78A460000
|
heap
|
page read and write
|
||
|
1A551970000
|
heap
|
page read and write
|
||
|
11E051D000
|
stack
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D879000
|
heap
|
page read and write
|
||
|
1D4B4628000
|
heap
|
page read and write
|
||
|
14080D000
|
unkown
|
page execute and read and write
|
||
|
1FE9CFE0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D86D000
|
heap
|
page read and write
|
||
|
763227F000
|
stack
|
page read and write
|
||
|
1FE9CFE0000
|
heap
|
page readonly
|
||
|
1FE9D879000
|
heap
|
page read and write
|
||
|
24A07150000
|
heap
|
page read and write
|
||
|
C62427F000
|
stack
|
page read and write
|
||
|
C62407C000
|
stack
|
page read and write
|
||
|
7FF61F7D0000
|
unkown
|
page write copy
|
||
|
1FFFF5E0000
|
heap
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D770000
|
direct allocation
|
page execute and read and write
|
||
|
1FE9D760000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1A551940000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
6DE0CFE000
|
unkown
|
page readonly
|
||
|
18182AF0000
|
heap
|
page read and write
|
||
|
7FF7EA969000
|
unkown
|
page readonly
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
272CD168000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D86F000
|
heap
|
page read and write
|
||
|
1FE9D8D7000
|
heap
|
page read and write
|
||
|
C62457F000
|
stack
|
page read and write
|
||
|
22BD0520000
|
heap
|
page read and write
|
||
|
1FE9D86B000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1C312B50000
|
heap
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
1BEC1AE0000
|
heap
|
page read and write
|
||
|
1FE9D86D000
|
heap
|
page read and write
|
||
|
1FFFF815000
|
heap
|
page read and write
|
||
|
1FE9D879000
|
heap
|
page read and write
|
||
|
194FBEF0000
|
heap
|
page read and write
|
||
|
1FF30423000
|
heap
|
page read and write
|
||
|
18182E10000
|
heap
|
page read and write
|
||
|
1FE9D861000
|
heap
|
page read and write
|
||
|
26E85810000
|
heap
|
page read and write
|
||
|
D7EE7E000
|
stack
|
page read and write
|
||
|
7FF7EA967000
|
unkown
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
8129D2D000
|
stack
|
page read and write
|
||
|
1FE9D879000
|
heap
|
page read and write
|
||
|
1FE9D06A000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
C62497F000
|
stack
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7D0000
|
trusted library allocation
|
page read and write
|
||
|
26E85878000
|
heap
|
page read and write
|
||
|
1FE9DD40000
|
trusted library allocation
|
page read and write
|
||
|
1FE9D7B0000
|
trusted library allocation
|
page read and write
|
||
|
BB2CCBC000
|
stack
|
page read and write
|
There are 537 hidden memdumps, click here to show them.