Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
hx1hwVZIjy.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Google\Update\AFKwztugVSPq.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Recovery\smss.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ReviewHost\AFKwztugVSPq.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ReviewHost\LGlGhCGbVntC7HCLV0QyeYWp.vbe
|
data
|
dropped
|
|
|
|
C:\ReviewHost\RuntimeBroker.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ReviewHost\brokercrt.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\ReviewHost\conhost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\AFKwztugVSPq.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\cscript.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Default\WinStore.App.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\AFKwztugVSPq.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Videos\AFKwztugVSPq.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AFKwztugVSPq.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\bWPufSNCBJ.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Windows\Containers\serviced\wininit.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Google\Update\0a769a02709f5e
|
ASCII text, with very long lines (527), with no line terminators
|
dropped
|
||
|
C:\Recovery\69ddcba757bf72
|
ASCII text, with very long lines (412), with no line terminators
|
dropped
|
||
|
C:\ReviewHost\088424020bedd6
|
ASCII text, with very long lines (599), with no line terminators
|
dropped
|
||
|
C:\ReviewHost\0a769a02709f5e
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ReviewHost\9e8d7a4ca61bd9
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\ReviewHost\Qtt5UtOWbMYxPmztsNxVxiRIZauHb.bat
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\0a769a02709f5e
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\4e3ac3462c9605
|
ASCII text, with very long lines (984), with no line terminators
|
dropped
|
||
|
C:\Users\Default\fd168b19609dff
|
ASCII text, with very long lines (982), with no line terminators
|
dropped
|
||
|
C:\Users\Public\0a769a02709f5e
|
ASCII text, with very long lines (312), with no line terminators
|
dropped
|
||
|
C:\Users\Public\Videos\0a769a02709f5e
|
ASCII text, with very long lines (639), with no line terminators
|
dropped
|
||
|
C:\Users\user\0a769a02709f5e
|
ASCII text, with very long lines (625), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AFKwztugVSPq.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\brokercrt.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hE0vHax3wk
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Containers\serviced\56085415360792
|
ASCII text, with no line terminators
|
dropped
|
There are 22 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\hx1hwVZIjy.exe
|
"C:\Users\user\Desktop\hx1hwVZIjy.exe"
|
|
|
|
C:\Windows\SysWOW64\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\ReviewHost\LGlGhCGbVntC7HCLV0QyeYWp.vbe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\ReviewHost\brokercrt.exe
|
"C:\ReviewHost\brokercrt.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 11 /tr "'C:\Users\user\AFKwztugVSPq.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPq" /sc ONLOGON /tr "'C:\Users\user\AFKwztugVSPq.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 7 /tr "'C:\Users\user\AFKwztugVSPq.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 6 /tr "'C:\ReviewHost\conhost.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\ReviewHost\conhost.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 9 /tr "'C:\ReviewHost\conhost.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\google\Update\AFKwztugVSPq.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPq" /sc ONLOGON /tr "'C:\Program Files (x86)\google\Update\AFKwztugVSPq.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\google\Update\AFKwztugVSPq.exe'" /rl
HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 8 /tr "'C:\Users\Default\WinStore.App.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Users\Default\WinStore.App.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 5 /tr "'C:\Users\Default\WinStore.App.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 10 /tr "'C:\ReviewHost\AFKwztugVSPq.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPq" /sc ONLOGON /tr "'C:\ReviewHost\AFKwztugVSPq.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 6 /tr "'C:\ReviewHost\AFKwztugVSPq.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 13 /tr "'C:\Windows\Containers\serviced\wininit.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Windows\Containers\serviced\wininit.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 13 /tr "'C:\Windows\Containers\serviced\wininit.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 10 /tr "'C:\Users\Public\AFKwztugVSPq.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPq" /sc ONLOGON /tr "'C:\Users\Public\AFKwztugVSPq.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 11 /tr "'C:\Users\Public\AFKwztugVSPq.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 9 /tr "'C:\Recovery\smss.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Recovery\smss.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 6 /tr "'C:\Recovery\smss.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 7 /tr "'C:\Users\Default User\Recent\AFKwztugVSPq.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPq" /sc ONLOGON /tr "'C:\Users\Default User\Recent\AFKwztugVSPq.exe'" /rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 6 /tr "'C:\Users\Default User\Recent\AFKwztugVSPq.exe'" /rl HIGHEST
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Videos\AFKwztugVSPq.exe'" /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPq" /sc ONLOGON /tr "'C:\Users\Public\Videos\AFKwztugVSPq.exe'" /rl HIGHEST /f
|
|
|
|
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\AFKwztugVSPq.exe
|
"C:\Users\Default User\Recent\AFKwztugVSPq.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "AFKwztugVSPqA" /sc MINUTE /mo 7 /tr "'C:\Users\Public\Videos\AFKwztugVSPq.exe'" /rl HIGHEST /f
|
|
|
|
C:\Users\Public\Videos\AFKwztugVSPq.exe
|
C:\Users\Public\Videos\AFKwztugVSPq.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cscriptc" /sc MINUTE /mo 8 /tr "'C:\Users\Default User\Start Menu\Programs\System Tools\cscript.exe'"
/f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cscript" /sc ONLOGON /tr "'C:\Users\Default User\Start Menu\Programs\System Tools\cscript.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\System32\schtasks.exe
|
schtasks.exe /create /tn "cscriptc" /sc MINUTE /mo 13 /tr "'C:\Users\Default User\Start Menu\Programs\System Tools\cscript.exe'"
/rl HIGHEST /f
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\ReviewHost\Qtt5UtOWbMYxPmztsNxVxiRIZauHb.bat" "
|
There are 30 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://a0945069.xsph.ru/@==gbJBzYuFDT
|
|||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
LangID
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\WScript.exe.ApplicationCompany
|
||
|
HKEY_CURRENT_USER\SOFTWARE\197ec60e9437f607c2ca8547ad36a8d65b0c8859
|
8ecc2024a99dc91166700b550a9b0f6684aae1e5
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.FriendlyAppName
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
|
C:\Windows\System32\cmd.exe.ApplicationCompany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
24E1000
|
trusted library allocation
|
page read and write
|
|
|
|
2531000
|
trusted library allocation
|
page read and write
|
|
|
|
3397000
|
trusted library allocation
|
page read and write
|
|
|
|
2B01000
|
trusted library allocation
|
page read and write
|
|
|
|
2F91000
|
trusted library allocation
|
page read and write
|
|
|
|
2527000
|
trusted library allocation
|
page read and write
|
|
|
|
3352000
|
heap
|
page read and write
|
||
|
2BC4000
|
trusted library allocation
|
page read and write
|
||
|
759D000
|
heap
|
page read and write
|
||
|
2942000
|
heap
|
page read and write
|
||
|
2929000
|
heap
|
page read and write
|
||
|
1BE8D000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
2E0E000
|
stack
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
10C0000
|
heap
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
307F000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
trusted library allocation
|
page read and write
|
||
|
1BE65000
|
heap
|
page read and write
|
||
|
297B000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
1BE77000
|
heap
|
page read and write
|
||
|
3075000
|
trusted library allocation
|
page read and write
|
||
|
32B5000
|
heap
|
page read and write
|
||
|
12B03000
|
trusted library allocation
|
page read and write
|
||
|
294A000
|
heap
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
32E4000
|
trusted library allocation
|
page read and write
|
||
|
3098000
|
stack
|
page read and write
|
||
|
297B000
|
heap
|
page read and write
|
||
|
530F000
|
stack
|
page read and write
|
||
|
1BFF7000
|
heap
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
33B8000
|
trusted library allocation
|
page read and write
|
||
|
3077000
|
trusted library allocation
|
page read and write
|
||
|
1135000
|
heap
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
1BEEA000
|
heap
|
page read and write
|
||
|
1B12F000
|
stack
|
page read and write
|
||
|
1C23D000
|
heap
|
page read and write
|
||
|
4DFF000
|
stack
|
page read and write
|
||
|
32FD000
|
heap
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
2940000
|
heap
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
297D000
|
heap
|
page read and write
|
||
|
2F80000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
AF2000
|
unkown
|
page readonly
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
1B02E000
|
stack
|
page read and write
|
||
|
2919000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page execute and read and write
|
||
|
1AB30000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
9D5000
|
heap
|
page read and write
|
||
|
7FF848F91000
|
trusted library allocation
|
page read and write
|
||
|
1C27D000
|
heap
|
page read and write
|
||
|
F63000
|
unkown
|
page readonly
|
||
|
1C1EF000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
F6E000
|
unkown
|
page write copy
|
||
|
291F000
|
heap
|
page read and write
|
||
|
12F98000
|
trusted library allocation
|
page read and write
|
||
|
1BEC4000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
F74000
|
unkown
|
page read and write
|
||
|
1BD5A000
|
heap
|
page read and write
|
||
|
7FF848F9C000
|
trusted library allocation
|
page read and write
|
||
|
3322000
|
heap
|
page read and write
|
||
|
2923000
|
heap
|
page read and write
|
||
|
7FF848E3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
32D2000
|
heap
|
page read and write
|
||
|
1C019000
|
heap
|
page read and write
|
||
|
2922000
|
heap
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
2FE3000
|
trusted library allocation
|
page read and write
|
||
|
47B0000
|
heap
|
page read and write
|
||
|
4F3F000
|
stack
|
page read and write
|
||
|
7FF848E1B000
|
trusted library allocation
|
page execute and read and write
|
||
|
32FD000
|
heap
|
page read and write
|
||
|
78B000
|
heap
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
5A00000
|
heap
|
page read and write
|
||
|
7FF848E90000
|
trusted library allocation
|
page read and write
|
||
|
51F0000
|
heap
|
page read and write
|
||
|
297D000
|
heap
|
page read and write
|
||
|
329C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
EA5000
|
heap
|
page read and write
|
||
|
334A000
|
trusted library allocation
|
page read and write
|
||
|
2967000
|
heap
|
page read and write
|
||
|
2967000
|
heap
|
page read and write
|
||
|
32E7000
|
heap
|
page read and write
|
||
|
578D000
|
stack
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1104000
|
heap
|
page read and write
|
||
|
51CE000
|
stack
|
page read and write
|
||
|
253F000
|
trusted library allocation
|
page read and write
|
||
|
32CB000
|
heap
|
page read and write
|
||
|
24B0000
|
heap
|
page execute and read and write
|
||
|
1BE2D000
|
heap
|
page read and write
|
||
|
335B000
|
heap
|
page read and write
|
||
|
1BD67000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
32D1000
|
heap
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2932000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
294A000
|
heap
|
page read and write
|
||
|
1C1F5000
|
heap
|
page read and write
|
||
|
7FF848FCB000
|
trusted library allocation
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
7FF848E3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A6000
|
heap
|
page read and write
|
||
|
1BF84000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
7FF848F0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BE50000
|
heap
|
page read and write
|
||
|
294A000
|
heap
|
page read and write
|
||
|
2967000
|
heap
|
page read and write
|
||
|
1C03F000
|
heap
|
page read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
32BF000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
3351000
|
heap
|
page read and write
|
||
|
28E8000
|
heap
|
page read and write
|
||
|
297D000
|
heap
|
page read and write
|
||
|
51F4000
|
heap
|
page read and write
|
||
|
1BFFC000
|
heap
|
page read and write
|
||
|
3239000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
32FA000
|
heap
|
page read and write
|
||
|
7FF848FBC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
1BD4E000
|
stack
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
1BD50000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page readonly
|
||
|
7FF848FBB000
|
trusted library allocation
|
page read and write
|
||
|
1BA5F000
|
stack
|
page read and write
|
||
|
47C0000
|
heap
|
page read and write
|
||
|
F92000
|
unkown
|
page readonly
|
||
|
1C78E000
|
stack
|
page read and write
|
||
|
2928000
|
heap
|
page read and write
|
||
|
836000
|
heap
|
page read and write
|
||
|
1C216000
|
heap
|
page read and write
|
||
|
1BC44000
|
stack
|
page read and write
|
||
|
6C8A000
|
heap
|
page read and write
|
||
|
124E3000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF0000
|
unkown
|
page readonly
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
E5B000
|
heap
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
292F000
|
heap
|
page read and write
|
||
|
3352000
|
heap
|
page read and write
|
||
|
2947000
|
heap
|
page read and write
|
||
|
7FF848E96000
|
trusted library allocation
|
page read and write
|
||
|
F16000
|
stack
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
7FF848E2C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF4000
|
trusted library allocation
|
page read and write
|
||
|
1B52E000
|
stack
|
page read and write
|
||
|
DF6000
|
heap
|
page read and write
|
||
|
2949000
|
heap
|
page read and write
|
||
|
7FF848FA3000
|
trusted library allocation
|
page read and write
|
||
|
56FD000
|
stack
|
page read and write
|
||
|
3080000
|
stack
|
page read and write
|
||
|
7FF848DE4000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
heap
|
page execute and read and write
|
||
|
7FF848F9A000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E23000
|
trusted library allocation
|
page read and write
|
||
|
1C1AF000
|
heap
|
page read and write
|
||
|
358E000
|
stack
|
page read and write
|
||
|
124ED000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
32D1000
|
heap
|
page read and write
|
||
|
3298000
|
heap
|
page read and write
|
||
|
1BE34000
|
heap
|
page read and write
|
||
|
7FF848ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
291F000
|
heap
|
page read and write
|
||
|
32D1000
|
heap
|
page read and write
|
||
|
1B42E000
|
stack
|
page read and write
|
||
|
1BDA9000
|
heap
|
page read and write
|
||
|
1BFC1000
|
heap
|
page read and write
|
||
|
55FB000
|
stack
|
page read and write
|
||
|
7FF848E07000
|
trusted library allocation
|
page read and write
|
||
|
2944000
|
heap
|
page read and write
|
||
|
297D000
|
heap
|
page read and write
|
||
|
1B223000
|
stack
|
page read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
7FF848E4C000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E27000
|
trusted library allocation
|
page read and write
|
||
|
326B000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
292D000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
348E000
|
stack
|
page read and write
|
||
|
291E000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
1C1D3000
|
heap
|
page read and write
|
||
|
1BD79000
|
heap
|
page read and write
|
||
|
2932000
|
heap
|
page read and write
|
||
|
7FF848F11000
|
trusted library allocation
|
page execute and read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
7FF848FB3000
|
trusted library allocation
|
page read and write
|
||
|
2928000
|
heap
|
page read and write
|
||
|
1CB7B000
|
stack
|
page read and write
|
||
|
1BE38000
|
heap
|
page read and write
|
||
|
6C80000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
12B0D000
|
trusted library allocation
|
page read and write
|
||
|
14BE000
|
stack
|
page read and write
|
||
|
297B000
|
heap
|
page read and write
|
||
|
253A000
|
trusted library allocation
|
page read and write
|
||
|
F63000
|
unkown
|
page readonly
|
||
|
3093000
|
stack
|
page read and write
|
||
|
2B5D000
|
trusted library allocation
|
page read and write
|
||
|
55BF000
|
stack
|
page read and write
|
||
|
297B000
|
heap
|
page read and write
|
||
|
3087000
|
stack
|
page read and write
|
||
|
7FF848E9C000
|
trusted library allocation
|
page execute and read and write
|
||
|
297D000
|
heap
|
page read and write
|
||
|
ECC000
|
heap
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
307B000
|
trusted library allocation
|
page read and write
|
||
|
1BDD5000
|
heap
|
page read and write
|
||
|
2934000
|
heap
|
page read and write
|
||
|
3076000
|
stack
|
page read and write
|
||
|
307C000
|
stack
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
3350000
|
heap
|
page read and write
|
||
|
1C1DD000
|
heap
|
page read and write
|
||
|
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848DF8000
|
trusted library allocation
|
page read and write
|
||
|
292B000
|
heap
|
page read and write
|
||
|
292D000
|
heap
|
page read and write
|
||
|
2967000
|
heap
|
page read and write
|
||
|
113D000
|
heap
|
page read and write
|
||
|
1165000
|
heap
|
page read and write
|
||
|
2922000
|
heap
|
page read and write
|
||
|
1B65E000
|
stack
|
page read and write
|
||
|
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
|
51CA000
|
trusted library allocation
|
page read and write
|
||
|
291A000
|
heap
|
page read and write
|
||
|
1B94E000
|
stack
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
1BEF5000
|
heap
|
page read and write
|
||
|
15BE000
|
stack
|
page read and write
|
||
|
2931000
|
heap
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
1BDDD000
|
heap
|
page read and write
|
||
|
1BF46000
|
heap
|
page read and write
|
||
|
1C20E000
|
heap
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
298B000
|
heap
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
1BEA9000
|
heap
|
page read and write
|
||
|
1CA7F000
|
stack
|
page read and write
|
||
|
15F4000
|
heap
|
page read and write
|
||
|
2950000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
306C000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
2944000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
BA5000
|
heap
|
page read and write
|
||
|
1B75E000
|
stack
|
page read and write
|
||
|
1C021000
|
heap
|
page read and write
|
||
|
9F6000
|
stack
|
page read and write
|
||
|
12FA1000
|
trusted library allocation
|
page read and write
|
||
|
124E8000
|
trusted library allocation
|
page read and write
|
||
|
78AC000
|
stack
|
page read and write
|
||
|
3352000
|
heap
|
page read and write
|
||
|
1BED2000
|
heap
|
page read and write
|
||
|
2BBE000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
1B4CE000
|
stack
|
page read and write
|
||
|
7FF848E34000
|
trusted library allocation
|
page read and write
|
||
|
F93000
|
unkown
|
page readonly
|
||
|
30A2000
|
stack
|
page read and write
|
||
|
293F000
|
heap
|
page read and write
|
||
|
7FF848E03000
|
trusted library allocation
|
page read and write
|
||
|
10F3000
|
heap
|
page read and write
|
||
|
1B95E000
|
stack
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
478E000
|
stack
|
page read and write
|
||
|
1B40D000
|
stack
|
page read and write
|
||
|
1BF62000
|
heap
|
page read and write
|
||
|
F31000
|
unkown
|
page execute read
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
1AA7D000
|
stack
|
page read and write
|
||
|
7FF848EB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
1C1CA000
|
heap
|
page read and write
|
||
|
1AFC0000
|
trusted library allocation
|
page read and write
|
||
|
1BDA0000
|
heap
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DF3000
|
trusted library allocation
|
page read and write
|
||
|
294D000
|
heap
|
page read and write
|
||
|
293F000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page execute and read and write
|
||
|
2AEF000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
2944000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
1BECE000
|
heap
|
page read and write
|
||
|
7FF848FD3000
|
trusted library allocation
|
page read and write
|
||
|
32FD000
|
heap
|
page read and write
|
||
|
1A510000
|
trusted library allocation
|
page read and write
|
||
|
32C7000
|
heap
|
page read and write
|
||
|
3E6000
|
stack
|
page read and write
|
||
|
12B08000
|
trusted library allocation
|
page read and write
|
||
|
5380000
|
heap
|
page read and write
|
||
|
7FF848F8E000
|
trusted library allocation
|
page read and write
|
||
|
1C88E000
|
stack
|
page read and write
|
||
|
3271000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
307D000
|
trusted library allocation
|
page read and write
|
||
|
25A6000
|
trusted library allocation
|
page read and write
|
||
|
2938000
|
heap
|
page read and write
|
||
|
1C235000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
291F000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BDBF000
|
heap
|
page read and write
|
||
|
294E000
|
heap
|
page read and write
|
||
|
F6E000
|
unkown
|
page read and write
|
||
|
1B550000
|
heap
|
page read and write
|
||
|
1BF82000
|
heap
|
page read and write
|
||
|
7FF848F96000
|
trusted library allocation
|
page read and write
|
||
|
30E4000
|
trusted library allocation
|
page read and write
|
||
|
588E000
|
stack
|
page read and write
|
||
|
7A2000
|
heap
|
page read and write
|
||
|
2944000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BE32000
|
heap
|
page read and write
|
||
|
3351000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
4720000
|
heap
|
page read and write
|
||
|
1AF20000
|
heap
|
page read and write
|
||
|
1C22B000
|
heap
|
page read and write
|
||
|
DFC000
|
heap
|
page read and write
|
||
|
7FF848DF2000
|
trusted library allocation
|
page read and write
|
||
|
293C000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2926000
|
heap
|
page read and write
|
||
|
2BC1000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
2941000
|
heap
|
page read and write
|
||
|
808000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
292F000
|
heap
|
page read and write
|
||
|
2F6A000
|
heap
|
page read and write
|
||
|
7CC000
|
heap
|
page read and write
|
||
|
1BD91000
|
heap
|
page read and write
|
||
|
1B08E000
|
stack
|
page read and write
|
||
|
F92000
|
unkown
|
page write copy
|
||
|
25AC000
|
trusted library allocation
|
page read and write
|
||
|
50CE000
|
stack
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
7598000
|
heap
|
page read and write
|
||
|
77AF000
|
stack
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
95F000
|
stack
|
page read and write
|
||
|
7AB000
|
stack
|
page read and write
|
||
|
1BA4F000
|
stack
|
page read and write
|
||
|
2967000
|
heap
|
page read and write
|
||
|
E32000
|
heap
|
page read and write
|
||
|
6C90000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
2967000
|
heap
|
page read and write
|
||
|
EC5000
|
heap
|
page read and write
|
||
|
32BC000
|
heap
|
page read and write
|
||
|
2BD0000
|
trusted library allocation
|
page read and write
|
||
|
2947000
|
heap
|
page read and write
|
||
|
2922000
|
heap
|
page read and write
|
||
|
51B1000
|
trusted library allocation
|
page read and write
|
||
|
E66000
|
stack
|
page read and write
|
||
|
1C24B000
|
heap
|
page read and write
|
||
|
297D000
|
heap
|
page read and write
|
||
|
2923000
|
heap
|
page read and write
|
||
|
54BE000
|
stack
|
page read and write
|
||
|
813000
|
heap
|
page read and write
|
||
|
2BCA000
|
trusted library allocation
|
page read and write
|
||
|
292F000
|
heap
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
318A000
|
trusted library allocation
|
page read and write
|
||
|
1BF38000
|
heap
|
page read and write
|
||
|
759E000
|
heap
|
page read and write
|
||
|
58CE000
|
stack
|
page read and write
|
||
|
30CC000
|
trusted library allocation
|
page read and write
|
||
|
10EF000
|
stack
|
page read and write
|
||
|
1B853000
|
stack
|
page read and write
|
||
|
1BE90000
|
heap
|
page read and write
|
||
|
25A3000
|
trusted library allocation
|
page read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
293A000
|
heap
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
2946000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page read and write
|
||
|
F30000
|
unkown
|
page readonly
|
||
|
1106000
|
heap
|
page read and write
|
||
|
3352000
|
heap
|
page read and write
|
||
|
7FF848E0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1132000
|
heap
|
page read and write
|
||
|
768F000
|
stack
|
page read and write
|
||
|
244E000
|
stack
|
page read and write
|
||
|
D15000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
1BE4C000
|
heap
|
page read and write
|
||
|
335B000
|
heap
|
page read and write
|
||
|
3351000
|
heap
|
page read and write
|
||
|
2AF0000
|
heap
|
page execute and read and write
|
||
|
F91000
|
unkown
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
11BD000
|
heap
|
page read and write
|
||
|
594C000
|
stack
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
1C224000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
1C190000
|
heap
|
page read and write
|
||
|
1BB5E000
|
stack
|
page read and write
|
||
|
1C01E000
|
heap
|
page read and write
|
||
|
2922000
|
heap
|
page read and write
|
||
|
32FA000
|
heap
|
page read and write
|
||
|
31FF000
|
trusted library allocation
|
page read and write
|
||
|
1BE16000
|
heap
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page execute and read and write
|
||
|
32EF000
|
heap
|
page read and write
|
||
|
7FF848F8C000
|
trusted library allocation
|
page read and write
|
||
|
2FFA000
|
trusted library allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
336B000
|
trusted library allocation
|
page read and write
|
||
|
335B000
|
heap
|
page read and write
|
||
|
124E1000
|
trusted library allocation
|
page read and write
|
||
|
AF0000
|
unkown
|
page readonly
|
||
|
2DCE000
|
stack
|
page read and write
|
||
|
516E000
|
stack
|
page read and write
|
||
|
7D1000
|
heap
|
page read and write
|
||
|
33BA000
|
trusted library allocation
|
page read and write
|
||
|
30AA000
|
stack
|
page read and write
|
||
|
1C231000
|
heap
|
page read and write
|
||
|
1100000
|
trusted library allocation
|
page read and write
|
||
|
1BEA5000
|
heap
|
page read and write
|
||
|
297B000
|
heap
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
6AB000
|
stack
|
page read and write
|
||
|
7FF848EA0000
|
trusted library allocation
|
page read and write
|
||
|
12F91000
|
trusted library allocation
|
page read and write
|
||
|
2922000
|
heap
|
page read and write
|
||
|
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
31DC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3125000
|
trusted library allocation
|
page read and write
|
||
|
1BB43000
|
stack
|
page read and write
|
||
|
2901000
|
heap
|
page read and write
|
||
|
7FF848DFC000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DED000
|
trusted library allocation
|
page execute and read and write
|
||
|
32FD000
|
heap
|
page read and write
|
||
|
F30000
|
unkown
|
page readonly
|
||
|
1B32E000
|
stack
|
page read and write
|
||
|
293D000
|
heap
|
page read and write
|
||
|
ADF000
|
stack
|
page read and write
|
||
|
1BEE6000
|
heap
|
page read and write
|
||
|
590E000
|
stack
|
page read and write
|
||
|
3290000
|
heap
|
page read and write
|
||
|
32C8000
|
heap
|
page read and write
|
||
|
54B4000
|
heap
|
page read and write
|
||
|
12F9D000
|
trusted library allocation
|
page read and write
|
||
|
335B000
|
heap
|
page read and write
|
||
|
7FF848E0C000
|
trusted library allocation
|
page read and write
|
||
|
E5D000
|
heap
|
page read and write
|
||
|
B10000
|
heap
|
page execute and read and write
|
||
|
3352000
|
heap
|
page read and write
|
||
|
297B000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
25B2000
|
trusted library allocation
|
page read and write
|
||
|
7490000
|
heap
|
page read and write
|
||
|
F31000
|
unkown
|
page execute read
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
BC2000
|
unkown
|
page readonly
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
FEF000
|
stack
|
page read and write
|
||
|
6C8F000
|
heap
|
page read and write
|
||
|
2948000
|
heap
|
page read and write
|
||
|
7FF848DFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
32DD000
|
heap
|
page read and write
|
||
|
335B000
|
heap
|
page read and write
|
||
|
32DC000
|
heap
|
page read and write
|
||
|
12B01000
|
trusted library allocation
|
page read and write
|
||
|
1C015000
|
heap
|
page read and write
|
||
|
2931000
|
heap
|
page read and write
|
||
|
7FF4B8570000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F93000
|
trusted library allocation
|
page read and write
|
||
|
1B84E000
|
stack
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EA6000
|
trusted library allocation
|
page read and write
|
||
|
294D000
|
heap
|
page read and write
|
||
|
2B58000
|
trusted library allocation
|
page read and write
|
||
|
1AEBF000
|
stack
|
page read and write
|
||
|
1C00C000
|
heap
|
page read and write
|
||
|
7FF848DF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
32FD000
|
heap
|
page read and write
|
||
|
1BD94000
|
heap
|
page read and write
|
||
|
3079000
|
trusted library allocation
|
page read and write
|
||
|
3267000
|
heap
|
page read and write
|
||
|
1BB60000
|
heap
|
page read and write
|
There are 528 hidden memdumps, click here to show them.