Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
WWhhc3A0rs.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\xjnogmzwawzj\lwmyuxxpdkdz.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\uoqzkgppgdee.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1oy11hsh.c3w.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5gzr1fdm.dyh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nnfm2p3b.jxa.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xqalxiqd.lmf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_1agdplkg.wcb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_eoluthrv.kz2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_h001acxy.31r.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_kfz4gov4.ce0.ps1
|
ASCII text, with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\WWhhc3A0rs.exe
|
"C:\Users\user\Desktop\WWhhc3A0rs.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe delete "VKWMZEFB"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe create "VKWMZEFB" binpath= "C:\ProgramData\xjnogmzwawzj\lwmyuxxpdkdz.exe" start= "auto"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop eventlog
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe start "VKWMZEFB"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\ProgramData\xjnogmzwawzj\lwmyuxxpdkdz.exe
|
C:\ProgramData\xjnogmzwawzj\lwmyuxxpdkdz.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\powercfg.exe
|
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
conhost.exe
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
|
There are 29 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.cloudflare.com/origin_ca.crl0
|
unknown
|
||
|
http://ocsp.cloudflare.com/origin_ca
|
unknown
|
||
|
http://ocsp.cloudflare.com/origin_ca0
|
unknown
|
||
|
http://crl.cloudflare.com/origin_ca.crl
|
unknown
|
||
|
https://xmrig.com/docs/algorithms
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
xmr-eu1.nanopool.org
|
51.15.65.182
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
51.15.65.182
|
xmr-eu1.nanopool.org
|
France
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
|
DontOfferThroughWUAU
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1D9F372C000
|
heap
|
page read and write
|
|
|
|
1D9F36EA000
|
heap
|
page read and write
|
|
|
|
140001000
|
unkown
|
page execute and read and write
|
|
|
|
1D9F3695000
|
heap
|
page read and write
|
|
|
|
1D9F36B1000
|
heap
|
page read and write
|
|
|
|
1CDABBB0000
|
unkown
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1CDABEA5000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1DA75CE0000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C22000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3659000
|
heap
|
page read and write
|
||
|
22C613A8000
|
heap
|
page read and write
|
||
|
9C165AC000
|
stack
|
page read and write
|
||
|
522347E000
|
unkown
|
page readonly
|
||
|
9C1687E000
|
stack
|
page read and write
|
||
|
1CDABAB0000
|
heap
|
page read and write
|
||
|
52222EB000
|
stack
|
page read and write
|
||
|
1D1EA4D0000
|
heap
|
page read and write
|
||
|
1D9F3C35000
|
heap
|
page read and write
|
||
|
1D9F3C62000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
52234FE000
|
stack
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F36E6000
|
heap
|
page read and write
|
||
|
1A7C7159000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D1E8B00000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C5E000
|
heap
|
page read and write
|
||
|
21658510000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
2C8E9D50000
|
heap
|
page read and write
|
||
|
22C612F0000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
20B6B8E0000
|
heap
|
page read and write
|
||
|
14082C000
|
unkown
|
page execute and read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
18277F60000
|
heap
|
page read and write
|
||
|
7FF7013EC000
|
unkown
|
page readonly
|
||
|
FCD31CD000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
D1DF27E000
|
stack
|
page read and write
|
||
|
1D9F3610000
|
heap
|
page readonly
|
||
|
1D1E8CD0000
|
heap
|
page read and write
|
||
|
290C9C000
|
stack
|
page read and write
|
||
|
5C58DED000
|
stack
|
page read and write
|
||
|
F49948D000
|
stack
|
page read and write
|
||
|
7FF71EB19000
|
unkown
|
page readonly
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3CAD000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1A7C7110000
|
heap
|
page read and write
|
||
|
D7F55FE000
|
stack
|
page read and write
|
||
|
1DB0CDB0000
|
heap
|
page read and write
|
||
|
81EB6BD000
|
stack
|
page read and write
|
||
|
21C917B8000
|
heap
|
page read and write
|
||
|
D7F53FC000
|
stack
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
18277D78000
|
heap
|
page read and write
|
||
|
1D9F3C22000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
D7F4EFD000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
2BCA8740000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
20E2203F000
|
heap
|
page read and write
|
||
|
1D9F3C5A000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
15DD8FF000
|
stack
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
522327E000
|
stack
|
page read and write
|
||
|
843A5EF000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
290D9F000
|
stack
|
page read and write
|
||
|
22C61630000
|
heap
|
page read and write
|
||
|
2C8EA155000
|
heap
|
page read and write
|
||
|
D7F56FE000
|
unkown
|
page readonly
|
||
|
2BCA8855000
|
heap
|
page read and write
|
||
|
1D9F3C60000
|
heap
|
page read and write
|
||
|
21852DB9000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
29BF9080000
|
heap
|
page read and write
|
||
|
2BCA8820000
|
heap
|
page read and write
|
||
|
211EF5E0000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D1E8A00000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
15DD58D000
|
stack
|
page read and write
|
||
|
458A9FD000
|
stack
|
page read and write
|
||
|
216584D0000
|
heap
|
page read and write
|
||
|
1DB0D140000
|
heap
|
page read and write
|
||
|
1D9F5AD7000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
5222EFE000
|
stack
|
page read and write
|
||
|
1D1E8900000
|
heap
|
page read and write
|
||
|
1D9F3C5E000
|
heap
|
page read and write
|
||
|
1D9F3C64000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
F49950F000
|
stack
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C78000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D9F35E0000
|
direct allocation
|
page execute read
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1CDABEA0000
|
heap
|
page read and write
|
||
|
1DA85E00000
|
direct allocation
|
page read and write
|
||
|
1B785325000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
253B8750000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C0A000
|
heap
|
page read and write
|
||
|
1D9F36B2000
|
heap
|
page read and write
|
||
|
7FF71EB19000
|
unkown
|
page readonly
|
||
|
1D1E8A08000
|
heap
|
page read and write
|
||
|
29BF9158000
|
heap
|
page read and write
|
||
|
21658505000
|
heap
|
page read and write
|
||
|
52223EE000
|
stack
|
page read and write
|
||
|
AA317BD000
|
stack
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
2BCA88A0000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
29BF9050000
|
heap
|
page read and write
|
||
|
D7F52FE000
|
unkown
|
page readonly
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1B785320000
|
heap
|
page read and write
|
||
|
20E2202B000
|
heap
|
page read and write
|
||
|
1A7C7320000
|
heap
|
page read and write
|
||
|
18277CC0000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C64000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
D1DF07D000
|
stack
|
page read and write
|
||
|
21852D85000
|
heap
|
page read and write
|
||
|
1D9F8CD7000
|
heap
|
page read and write
|
||
|
20E22013000
|
heap
|
page read and write
|
||
|
211EF390000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
21C91A80000
|
heap
|
page read and write
|
||
|
1DB0D145000
|
heap
|
page read and write
|
||
|
7FF71EB11000
|
unkown
|
page execute read
|
||
|
7FF701160000
|
unkown
|
page readonly
|
||
|
14000A000
|
unkown
|
page readonly
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
20E21FC0000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
7FF701161000
|
unkown
|
page execute read
|
||
|
1DB0CE50000
|
heap
|
page read and write
|
||
|
21658500000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
20E22000000
|
heap
|
page read and write
|
||
|
1DB0CE58000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
29BF9060000
|
heap
|
page read and write
|
||
|
446447F000
|
stack
|
page read and write
|
||
|
253B8540000
|
heap
|
page read and write
|
||
|
9C168FF000
|
stack
|
page read and write
|
||
|
1D9F3C89000
|
heap
|
page read and write
|
||
|
D1DF17E000
|
stack
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F35A0000
|
heap
|
page read and write
|
||
|
1404C8000
|
unkown
|
page execute and read and write
|
||
|
522357E000
|
unkown
|
page readonly
|
||
|
AA317CD000
|
stack
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D1E89E0000
|
heap
|
page read and write
|
||
|
1D9F3C1A000
|
heap
|
page read and write
|
||
|
1D9F3C5C000
|
heap
|
page read and write
|
||
|
DB1C57E000
|
stack
|
page read and write
|
||
|
253B8548000
|
heap
|
page read and write
|
||
|
D1DF1FE000
|
unkown
|
page readonly
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
E2AEAFF000
|
stack
|
page read and write
|
||
|
D7F54FE000
|
unkown
|
page readonly
|
||
|
29F81030000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C1A000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3580000
|
heap
|
page read and write
|
||
|
18277BE0000
|
heap
|
page read and write
|
||
|
1DA75D30000
|
direct allocation
|
page execute and read and write
|
||
|
20B6BAF0000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
20E22022000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
216583D0000
|
heap
|
page read and write
|
||
|
D7F496B000
|
stack
|
page read and write
|
||
|
7FF701169000
|
unkown
|
page readonly
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
211EF470000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
29F81049000
|
heap
|
page read and write
|
||
|
1D9F3BB0000
|
heap
|
page read and write
|
||
|
2C8EA160000
|
unkown
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
1D9F3CD7000
|
heap
|
page read and write
|
||
|
1A7C7355000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D9F36C1000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
7FF701161000
|
unkown
|
page execute read
|
||
|
1D9F64D7000
|
heap
|
page read and write
|
||
|
522317E000
|
unkown
|
page readonly
|
||
|
21C91790000
|
heap
|
page read and write
|
||
|
140007000
|
unkown
|
page readonly
|
||
|
1A7C7150000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
F49958F000
|
stack
|
page read and write
|
||
|
1DB0CDA0000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
7FF71EB1C000
|
unkown
|
page write copy
|
||
|
20E21F90000
|
heap
|
page read and write
|
||
|
1D9F3C12000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1CDABB90000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
211EF289000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C62000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
20E22102000
|
heap
|
page read and write
|
||
|
941BFFD000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
5222B7E000
|
unkown
|
page readonly
|
||
|
1D9F35D5000
|
heap
|
page read and write
|
||
|
253B8660000
|
heap
|
page read and write
|
||
|
18277D70000
|
heap
|
page read and write
|
||
|
941C2FE000
|
stack
|
page read and write
|
||
|
7FF70116B000
|
unkown
|
page write copy
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C5C000
|
heap
|
page read and write
|
||
|
1D9F35D0000
|
heap
|
page read and write
|
||
|
1404EC000
|
unkown
|
page execute and read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
216584B0000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
2C8E9E30000
|
heap
|
page read and write
|
||
|
21658518000
|
heap
|
page read and write
|
||
|
7FF71ED99000
|
unkown
|
page readonly
|
||
|
446418D000
|
stack
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
21852D20000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
7FF701160000
|
unkown
|
page readonly
|
||
|
1D9F6ED7000
|
heap
|
page read and write
|
||
|
1D9F3CD0000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
140834000
|
unkown
|
page read and write
|
||
|
1D9F3C78000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C5E000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C64000
|
heap
|
page read and write
|
||
|
1D9F3C81000
|
heap
|
page read and write
|
||
|
52233FE000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
21852C40000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
29F81040000
|
heap
|
page read and write
|
||
|
20E21F80000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C66000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F96D7000
|
heap
|
page read and write
|
||
|
1D9F3BF0000
|
heap
|
page read and write
|
||
|
1D9F3CD0000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
E2AE7ED000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F46D7000
|
heap
|
page read and write
|
||
|
1D9F3C62000
|
heap
|
page read and write
|
||
|
29BF8F70000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C5A000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1B785049000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
7FF71ED9C000
|
unkown
|
page readonly
|
||
|
522337E000
|
unkown
|
page readonly
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
7FF71EB11000
|
unkown
|
page execute read
|
||
|
5222DFE000
|
stack
|
page read and write
|
||
|
1D9F3C60000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
20E22802000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
22C613A0000
|
heap
|
page read and write
|
||
|
29BF9150000
|
heap
|
page read and write
|
||
|
29F81230000
|
heap
|
page read and write
|
||
|
1D9F78D7000
|
heap
|
page read and write
|
||
|
1CDABEB0000
|
unkown
|
page read and write
|
||
|
1D9F82D7000
|
heap
|
page read and write
|
||
|
211EF5E5000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1DB0CDD0000
|
heap
|
page read and write
|
||
|
20B6BAB0000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
7FF701169000
|
unkown
|
page readonly
|
||
|
1B784F20000
|
heap
|
page read and write
|
||
|
1D9F3C5A000
|
heap
|
page read and write
|
||
|
E980C7D000
|
stack
|
page read and write
|
||
|
1D9F372E000
|
heap
|
page read and write
|
||
|
20B6B8A0000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1CDABBB0000
|
unkown
|
page read and write
|
||
|
15DD87F000
|
stack
|
page read and write
|
||
|
AA31AFF000
|
stack
|
page read and write
|
||
|
29F81210000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
253B8640000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D9F36C3000
|
heap
|
page read and write
|
||
|
21852D80000
|
heap
|
page read and write
|
||
|
1D9F3650000
|
heap
|
page read and write
|
||
|
1CDABC20000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
29F813C0000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
D7F58FE000
|
unkown
|
page readonly
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
29BF9055000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
20B6B8E8000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
253B8460000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
D7F57FE000
|
stack
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
522307E000
|
stack
|
page read and write
|
||
|
1D9F3C96000
|
heap
|
page read and write
|
||
|
1A7C7120000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
52228FE000
|
stack
|
page read and write
|
||
|
D7F4FFE000
|
unkown
|
page readonly
|
||
|
1D9F3C2A000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
E980CFF000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1B785040000
|
heap
|
page read and write
|
||
|
1D9F3C78000
|
heap
|
page read and write
|
||
|
1D9F3C12000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C78000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
21852D40000
|
heap
|
page read and write
|
||
|
20E21F60000
|
heap
|
page read and write
|
||
|
18277F65000
|
heap
|
page read and write
|
||
|
140777000
|
unkown
|
page execute and read and write
|
||
|
458ACFF000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
21852DB0000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C2A000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C2D000
|
heap
|
page read and write
|
||
|
1D9F3C60000
|
heap
|
page read and write
|
||
|
2BCA8860000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
direct allocation
|
page execute and read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
22C61310000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3CA7000
|
heap
|
page read and write
|
||
|
1D9F3C5E000
|
heap
|
page read and write
|
||
|
1B3CBFE000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
253B8755000
|
heap
|
page read and write
|
||
|
1A7C7350000
|
heap
|
page read and write
|
||
|
1D9F50D7000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C62000
|
heap
|
page read and write
|
||
|
1D9F3C5C000
|
heap
|
page read and write
|
||
|
21C91A85000
|
heap
|
page read and write
|
||
|
1D9F3C9D000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
29F813C5000
|
heap
|
page read and write
|
||
|
1407F8000
|
unkown
|
page execute and read and write
|
||
|
211EF280000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
7FF7013E9000
|
unkown
|
page readonly
|
||
|
1B3C7FC000
|
stack
|
page read and write
|
||
|
22C61635000
|
heap
|
page read and write
|
||
|
D7F51FE000
|
stack
|
page read and write
|
||
|
E2AE7FD000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
18277CE0000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
52226FE000
|
unkown
|
page read and write
|
||
|
20B6BAF5000
|
heap
|
page read and write
|
||
|
1B785020000
|
heap
|
page read and write
|
||
|
21C917B0000
|
heap
|
page read and write
|
||
|
7FF71EB10000
|
unkown
|
page readonly
|
||
|
458AC7F000
|
stack
|
page read and write
|
||
|
7FF71EB10000
|
unkown
|
page readonly
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
5222BFE000
|
stack
|
page read and write
|
||
|
843A56F000
|
stack
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1D1E8CD5000
|
heap
|
page read and write
|
||
|
1D9F34A0000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
140009000
|
unkown
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
22C61210000
|
heap
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
5222CFE000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
7FF70116B000
|
unkown
|
page read and write
|
||
|
1B3CAFE000
|
stack
|
page read and write
|
||
|
211EF5F0000
|
unkown
|
page read and write
|
||
|
DB1C47C000
|
stack
|
page read and write
|
||
|
5222A7E000
|
unkown
|
page readonly
|
||
|
20B6B8B0000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
941C3FF000
|
stack
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
7FF71ED97000
|
unkown
|
page read and write
|
||
|
843A4ED000
|
stack
|
page read and write
|
||
|
5222AFB000
|
stack
|
page read and write
|
||
|
7FF71EB1B000
|
unkown
|
page write copy
|
||
|
20E22002000
|
heap
|
page read and write
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
21C91980000
|
heap
|
page read and write
|
||
|
290D1E000
|
stack
|
page read and write
|
||
|
1D9F3C5C000
|
heap
|
page read and write
|
||
|
7FF71ED99000
|
unkown
|
page readonly
|
||
|
1D9F3C64000
|
heap
|
page read and write
|
||
|
2BCA88A7000
|
heap
|
page read and write
|
||
|
44644FF000
|
stack
|
page read and write
|
||
|
1DA75D60000
|
trusted library allocation
|
page read and write
|
||
|
21C91780000
|
heap
|
page read and write
|
||
|
1D9F3C5A000
|
heap
|
page read and write
|
||
|
2C8E9EB0000
|
heap
|
page read and write
|
||
|
7FF7013E9000
|
unkown
|
page readonly
|
||
|
1DA75D20000
|
trusted library allocation
|
page read and write
|
||
|
7FF7013EC000
|
unkown
|
page readonly
|
||
|
7FF71ED9C000
|
unkown
|
page readonly
|
||
|
1B785000000
|
heap
|
page read and write
|
||
|
1D9F3620000
|
trusted library allocation
|
page read and write
|
||
|
2BCA8850000
|
heap
|
page read and write
|
||
|
7FF71EB1B000
|
unkown
|
page read and write
|
||
|
2C8EA150000
|
heap
|
page read and write
|
||
|
1DA75D40000
|
trusted library allocation
|
page read and write
|
||
|
1D9F3C60000
|
heap
|
page read and write
|
There are 504 hidden memdumps, click here to show them.