Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\xtthvazemyzh\nlkuzmdacjrb.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Windows\Temp\gtebvdararzg.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hmgre3nn.jyw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r4oek4jq.iqf.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_twscbzmi.cu3.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ukrdmtf5.ewz.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_1ksoiwsx.q32.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_l35xcuuo.y1v.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_o2zndmgw.43f.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\Temp\__PSScriptPolicyTest_usg3rmda.ml4.ps1
|
ASCII text, with no line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe delete "MXOLIHZI"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe create "MXOLIHZI" binpath= "C:\ProgramData\xtthvazemyzh\nlkuzmdacjrb.exe" start= "auto"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe stop eventlog
|
|
|
|
C:\Windows\System32\sc.exe
|
C:\Windows\system32\sc.exe start "MXOLIHZI"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\ProgramData\xtthvazemyzh\nlkuzmdacjrb.exe
|
C:\ProgramData\xtthvazemyzh\nlkuzmdacjrb.exe
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData)
-ExclusionExtension '.exe' -Force
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\System32\conhost.exe
|
conhost.exe
|
|
|
|
C:\Windows\System32\notepad.exe
|
notepad.exe
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\notepad.exe
|
notepad.exe
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
|
||
|
C:\Windows\System32\wusa.exe
|
wusa /uninstall /kb:890830 /quiet /norestart
|
There are 15 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://172.94.1q
|
unknown
|
||
|
https://xmrig.com/docs/algorithms
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pool.hashvault.pro
|
45.76.89.70
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.76.89.70
|
pool.hashvault.pro
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT
|
DontOfferThroughWUAU
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
140001000
|
unkown
|
page execute and read and write
|
|
|
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
7FF728790000
|
unkown
|
page readonly
|
||
|
122A4359000
|
unkown
|
page read and write
|
||
|
1BB80540000
|
direct allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
122A4915000
|
heap
|
page read and write
|
||
|
10D5968F000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
164CEFB000
|
stack
|
page read and write
|
||
|
10D545CA000
|
heap
|
page read and write
|
||
|
10D54680000
|
trusted library allocation
|
page read and write
|
||
|
122A4BA9000
|
direct allocation
|
page execute and read and write
|
||
|
22270C40000
|
heap
|
page read and write
|
||
|
7FF728790000
|
unkown
|
page readonly
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
122A3A80000
|
heap
|
page read and write
|
||
|
14000A000
|
unkown
|
page readonly
|
||
|
10D5828F000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1A27F470000
|
heap
|
page read and write
|
||
|
22270D60000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
2960BEF5000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1F7CFA30000
|
heap
|
page read and write
|
||
|
10D53FB0000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D53F80000
|
direct allocation
|
page execute read
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1C801A00000
|
heap
|
page read and write
|
||
|
328D2CD000
|
stack
|
page read and write
|
||
|
10D54011000
|
heap
|
page read and write
|
||
|
7EF6D7E000
|
stack
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1A27F3F0000
|
heap
|
page read and write
|
||
|
35417E000
|
stack
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
353FFE000
|
unkown
|
page readonly
|
||
|
290A25D0000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
14078B000
|
unkown
|
page execute and read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
290A2730000
|
heap
|
page read and write
|
||
|
7FF728B0C000
|
unkown
|
page readonly
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
655B0FE000
|
stack
|
page read and write
|
||
|
10D5408C000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
122A4BB0000
|
unkown
|
page read and write
|
||
|
10D5648F000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
352F0B000
|
stack
|
page read and write
|
||
|
1C801920000
|
heap
|
page read and write
|
||
|
328D6FF000
|
stack
|
page read and write
|
||
|
22270D35000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
A27167D000
|
stack
|
page read and write
|
||
|
1F7CF6F0000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
3540FE000
|
unkown
|
page readonly
|
||
|
10D5407D000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54560000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1C801B30000
|
heap
|
page read and write
|
||
|
7FF728770000
|
unkown
|
page readonly
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1BBFE340000
|
heap
|
page read and write
|
||
|
140009000
|
unkown
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1A27F400000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D53FC9000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
35387E000
|
stack
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
2960BB40000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
122A48C0000
|
unkown
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1F7CF7F0000
|
heap
|
page read and write
|
||
|
B6126FE000
|
stack
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
2960BEF0000
|
heap
|
page read and write
|
||
|
1BB80C10000
|
unkown
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
7EF6C7C000
|
stack
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
7FF63B8DC000
|
unkown
|
page readonly
|
||
|
10D53E50000
|
heap
|
page read and write
|
||
|
7EF6E7E000
|
stack
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1A27F6F5000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1BB80000000
|
unkown
|
page execute read
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1BB80007000
|
unkown
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
17791F55000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1BB80C09000
|
direct allocation
|
page execute and read and write
|
||
|
290A2735000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
A0A18ED000
|
stack
|
page read and write
|
||
|
1BB80542000
|
direct allocation
|
page read and write
|
||
|
1F7CFA35000
|
heap
|
page read and write
|
||
|
2960BC20000
|
heap
|
page read and write
|
||
|
1C801A38000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1404DC000
|
unkown
|
page execute and read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
14080D000
|
unkown
|
page execute and read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54180000
|
heap
|
page readonly
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
22270DF0000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
122A4921000
|
direct allocation
|
page execute and read and write
|
||
|
1BB80970000
|
heap
|
page read and write
|
||
|
1C801CF5000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54012000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
35367D000
|
stack
|
page read and write
|
||
|
7FF63B8DC000
|
unkown
|
page readonly
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1BB802AB000
|
unkown
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D545BA000
|
heap
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
1BB80981000
|
direct allocation
|
page execute and read and write
|
||
|
353DFE000
|
unkown
|
page readonly
|
||
|
7FF63B8DB000
|
unkown
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
2960D870000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
17791F97000
|
heap
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
2960BC40000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
122A40B0000
|
unkown
|
page execute read
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D5A08F000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
122A40B8000
|
unkown
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
122A45F2000
|
direct allocation
|
page read and write
|
||
|
140007000
|
unkown
|
page readonly
|
||
|
17791E10000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1A27F478000
|
heap
|
page read and write
|
||
|
10D54021000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D541C5000
|
heap
|
page read and write
|
||
|
17791F90000
|
heap
|
page read and write
|
||
|
7FF63B540000
|
unkown
|
page readonly
|
||
|
122A40B0000
|
unkown
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D5788F000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
122A4910000
|
heap
|
page read and write
|
||
|
10D5508F000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1F7CF848000
|
heap
|
page read and write
|
||
|
A27187E000
|
stack
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1C801CF0000
|
heap
|
page read and write
|
||
|
164CFFE000
|
stack
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54680000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1BBFE240000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1A27F420000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54087000
|
heap
|
page read and write
|
||
|
290A28B0000
|
unkown
|
page read and write
|
||
|
655B17F000
|
stack
|
page read and write
|
||
|
353EFE000
|
stack
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
290A26B0000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
353A7E000
|
stack
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
10D53F30000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1C801A30000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
7FF728B0B000
|
unkown
|
page write copy
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1BBFE420000
|
heap
|
page read and write
|
||
|
7FF63B8DB000
|
unkown
|
page write copy
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
90C687E000
|
stack
|
page read and write
|
||
|
122A45F0000
|
direct allocation
|
page read and write
|
||
|
1BB80975000
|
heap
|
page read and write
|
||
|
7FF63B540000
|
unkown
|
page readonly
|
||
|
2960BD08000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
22270DF9000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D545D2000
|
heap
|
page read and write
|
||
|
1A27F6F0000
|
heap
|
page read and write
|
||
|
10D56E8F000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
328D3CE000
|
stack
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
17791F10000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
7FF728771000
|
unkown
|
page execute read
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
164D1FD000
|
stack
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
35397E000
|
stack
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D53F50000
|
heap
|
page read and write
|
||
|
140000000
|
unkown
|
page read and write
|
||
|
140500000
|
unkown
|
page execute and read and write
|
||
|
10D545A0000
|
heap
|
page read and write
|
||
|
1F7CF7D0000
|
heap
|
page read and write
|
||
|
A27177F000
|
stack
|
page read and write
|
||
|
B6128FD000
|
stack
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D545C2000
|
heap
|
page read and write
|
||
|
7FF63B541000
|
unkown
|
page execute read
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
122A48C0000
|
unkown
|
page read and write
|
||
|
140847000
|
unkown
|
page read and write
|
||
|
353CFE000
|
stack
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D58C8F000
|
heap
|
page read and write
|
||
|
B6127FF000
|
stack
|
page read and write
|
||
|
3541FE000
|
unkown
|
page readonly
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
122A3AA1000
|
heap
|
page read and write
|
||
|
3537FE000
|
unkown
|
page readonly
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1BBFE24C000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
7FF63B541000
|
unkown
|
page execute read
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
F532F1C000
|
stack
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
F53327E000
|
stack
|
page read and write
|
||
|
17791EF0000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D541C0000
|
heap
|
page read and write
|
||
|
1BB807F0000
|
unkown
|
page read and write
|
||
|
164D1EE000
|
stack
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1F7CF840000
|
heap
|
page read and write
|
||
|
3536FE000
|
unkown
|
page readonly
|
||
|
7FF728770000
|
unkown
|
page readonly
|
||
|
10DD66A0000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
B61233B000
|
stack
|
page read and write
|
||
|
164D0FE000
|
stack
|
page read and write
|
||
|
1BB80000000
|
unkown
|
page read and write
|
||
|
353B7E000
|
stack
|
page read and write
|
||
|
35407E000
|
stack
|
page read and write
|
||
|
10D53FF7000
|
heap
|
page read and write
|
||
|
10D545E2000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
7FF728B0B000
|
unkown
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
140840000
|
unkown
|
page execute and read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
1BB807D0000
|
unkown
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
1BBFE246000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D5468F000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
122A48A0000
|
unkown
|
page read and write
|
||
|
290A27B0000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
140503000
|
unkown
|
page execute and read and write
|
||
|
122A4880000
|
unkown
|
page read and write
|
||
|
122A3A8C000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
22270D40000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
7FF728771000
|
unkown
|
page execute read
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
35377C000
|
stack
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
22270D30000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
122A3A50000
|
heap
|
page read and write
|
||
|
17791F50000
|
heap
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
140001000
|
unkown
|
page execute read
|
||
|
1BB80870000
|
heap
|
page read and write
|
||
|
10D545DA000
|
heap
|
page read and write
|
||
|
10DD66E0000
|
trusted library allocation
|
page read and write
|
||
|
F532F9E000
|
stack
|
page read and write
|
||
|
90C697E000
|
stack
|
page read and write
|
||
|
7FF728B0C000
|
unkown
|
page readonly
|
||
|
90C653C000
|
stack
|
page read and write
|
||
|
655B07C000
|
stack
|
page read and write
|
||
|
10D53FB9000
|
heap
|
page read and write
|
||
|
10D55A8F000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
122A4900000
|
heap
|
page read and write
|
||
|
7FF63B560000
|
unkown
|
page readonly
|
||
|
10DD6720000
|
trusted library allocation
|
page read and write
|
||
|
7FF63B560000
|
unkown
|
page readonly
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
2960BD00000
|
heap
|
page read and write
|
||
|
122A3A40000
|
heap
|
page read and write
|
||
|
10D54190000
|
trusted library allocation
|
page read and write
|
||
|
B6128ED000
|
stack
|
page read and write
|
There are 392 hidden memdumps, click here to show them.