Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LUYYSwStKN.ps1
|
ASCII text, with very long lines (63774), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Music\Visuals\VsEnhance.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Music\Visuals\VsLabs.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Music\Visuals\VsLabsData.ps1
|
ASCII text, with very long lines (65526), with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xo4tdqk.qnb.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bmc2bprs.35j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fpkvfbep.1wb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o20obl4h.esc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ortsuiw1.iv2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u1e5mawz.hl0.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K8MQGTRYSWYCX9SYLRDS.temp
|
data
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\LUYYSwStKN.ps1"
|
|
|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\ProgramData\Music\Visuals\VsLabs.vbs"
|
|
|
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\ProgramData\Music\Visuals\VsEnhance.bat" "
|
|
|
|
C:\Windows\System32\cmd.exe
|
cmd /c Powershell -noP -W hidden -ep byPass -NONI "C:\ProgramData\Music\Visuals\VsLabsData.ps1"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
Powershell -noP -W hidden -ep byPass -NONI "C:\ProgramData\Music\Visuals\VsLabsData.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
|
||
|
https://api.ipify.org?format=text
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
https://api.telegram.org
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://api.telegram.org/bot7023733342:AAF7anpSpW-b4P0f9IHAtSRpneaxwA7w_Lc/sendMessagep
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelpX
|
unknown
|
||
|
https://api.telegram.org/bot7023733342:AAF7anpSpW-b4P0f9IHAtSRpneaxwA7w_Lc/sendMessage
|
149.154.167.220
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://api.ipify.org
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
https://api.ipify.org/?format=text
|
104.26.12.205
|
||
|
https://api.telegram.org/bot$BotToken/sendMessage
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
vecotr.viewdns.net
|
191.96.207.180
|
|
|
|
api.telegram.org
|
149.154.167.220
|
|
|
|
api.ipify.org
|
104.26.12.205
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
|
|
191.96.207.180
|
vecotr.viewdns.net
|
Chile
|
|
|
|
104.26.12.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2771000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFB4AEF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
14D3D380000
|
heap
|
page read and write
|
||
|
26A4B781000
|
trusted library allocation
|
page read and write
|
||
|
26A4B360000
|
heap
|
page execute and read and write
|
||
|
7FFB4AEBA000
|
trusted library allocation
|
page read and write
|
||
|
26A49840000
|
heap
|
page read and write
|
||
|
26A63CA8000
|
heap
|
page read and write
|
||
|
94556FE000
|
stack
|
page read and write
|
||
|
9F6000
|
heap
|
page read and write
|
||
|
26A49848000
|
heap
|
page read and write
|
||
|
7EEC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
B26000
|
heap
|
page read and write
|
||
|
7FFB4AF70000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B11D000
|
trusted library allocation
|
page read and write
|
||
|
26A4DCDC000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
26A4CA7B000
|
trusted library allocation
|
page read and write
|
||
|
B29000
|
heap
|
page read and write
|
||
|
521FFB000
|
stack
|
page read and write
|
||
|
26A4DD4E000
|
trusted library allocation
|
page read and write
|
||
|
9455936000
|
stack
|
page read and write
|
||
|
26A63CE6000
|
heap
|
page read and write
|
||
|
26A4DFEA000
|
trusted library allocation
|
page read and write
|
||
|
94558BE000
|
stack
|
page read and write
|
||
|
7FFB4B083000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
26A4CA7F000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B1CF000
|
trusted library allocation
|
page read and write
|
||
|
26A4DC3E000
|
trusted library allocation
|
page read and write
|
||
|
26A63CEE000
|
heap
|
page read and write
|
||
|
26A63D10000
|
heap
|
page read and write
|
||
|
5E8C000
|
stack
|
page read and write
|
||
|
26A63964000
|
heap
|
page read and write
|
||
|
7FFB4B217000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0FD000
|
trusted library allocation
|
page read and write
|
||
|
61D4000
|
heap
|
page read and write
|
||
|
26A4DCC5000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B250000
|
trusted library allocation
|
page read and write
|
||
|
26A4B750000
|
heap
|
page execute and read and write
|
||
|
26A5B7A1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B290000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B050000
|
trusted library allocation
|
page read and write
|
||
|
5BDC000
|
stack
|
page read and write
|
||
|
A84000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B104000
|
trusted library allocation
|
page read and write
|
||
|
26A63F40000
|
trusted library allocation
|
page read and write
|
||
|
26A4C7BC000
|
trusted library allocation
|
page read and write
|
||
|
26A4D72A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AFF0000
|
trusted library allocation
|
page read and write
|
||
|
26A4CA8D000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0A4000
|
trusted library allocation
|
page read and write
|
||
|
26A4DCA8000
|
trusted library allocation
|
page read and write
|
||
|
26A4CA23000
|
trusted library allocation
|
page read and write
|
||
|
490D000
|
stack
|
page read and write
|
||
|
94557F9000
|
stack
|
page read and write
|
||
|
26A63961000
|
heap
|
page read and write
|
||
|
7FFB4B160000
|
trusted library allocation
|
page read and write
|
||
|
26A4E11D000
|
trusted library allocation
|
page read and write
|
||
|
5FC5000
|
trusted library allocation
|
page read and write
|
||
|
AAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0C0000
|
trusted library allocation
|
page read and write
|
||
|
4CAE000
|
stack
|
page read and write
|
||
|
26A4DF21000
|
trusted library allocation
|
page read and write
|
||
|
26A5BC15000
|
trusted library allocation
|
page read and write
|
||
|
26A4C862000
|
trusted library allocation
|
page read and write
|
||
|
26A49933000
|
heap
|
page read and write
|
||
|
26A4C978000
|
trusted library allocation
|
page read and write
|
||
|
14D3D473000
|
heap
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
7FFB4B1F4000
|
trusted library allocation
|
page read and write
|
||
|
26A4D005000
|
trusted library allocation
|
page read and write
|
||
|
5E20000
|
heap
|
page read and write
|
||
|
9455C3B000
|
stack
|
page read and write
|
||
|
7FFB4B180000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A4C948000
|
trusted library allocation
|
page read and write
|
||
|
266E000
|
stack
|
page read and write
|
||
|
26A4B330000
|
heap
|
page read and write
|
||
|
26A49AB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B020000
|
trusted library allocation
|
page read and write
|
||
|
26A4B770000
|
heap
|
page execute and read and write
|
||
|
4C50000
|
trusted library allocation
|
page read and write
|
||
|
26A4D824000
|
trusted library allocation
|
page read and write
|
||
|
9455B3E000
|
stack
|
page read and write
|
||
|
26A4D71D000
|
trusted library allocation
|
page read and write
|
||
|
A83000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AD0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AFD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B21F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0F7000
|
trusted library allocation
|
page read and write
|
||
|
575F000
|
stack
|
page read and write
|
||
|
276E000
|
stack
|
page read and write
|
||
|
7FFB4AD04000
|
trusted library allocation
|
page read and write
|
||
|
26A4DC5F000
|
trusted library allocation
|
page read and write
|
||
|
26A4D686000
|
trusted library allocation
|
page read and write
|
||
|
7DF44B860000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A4DD39000
|
trusted library allocation
|
page read and write
|
||
|
26A64269000
|
heap
|
page read and write
|
||
|
26A4DE56000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
945694E000
|
stack
|
page read and write
|
||
|
26A4DE6D000
|
trusted library allocation
|
page read and write
|
||
|
14D3D445000
|
heap
|
page read and write
|
||
|
7FFB4AD1B000
|
trusted library allocation
|
page read and write
|
||
|
26A63B00000
|
heap
|
page read and write
|
||
|
7FFB4AF50000
|
trusted library allocation
|
page read and write
|
||
|
26A4CA84000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0BC000
|
trusted library allocation
|
page read and write
|
||
|
26A5B7F0000
|
trusted library allocation
|
page read and write
|
||
|
26A63CB8000
|
heap
|
page read and write
|
||
|
26A6425F000
|
heap
|
page read and write
|
||
|
AF8000
|
heap
|
page read and write
|
||
|
7FFB4B220000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page execute and read and write
|
||
|
7FFB4AFC0000
|
trusted library allocation
|
page read and write
|
||
|
26A4CA3D000
|
trusted library allocation
|
page read and write
|
||
|
94569CD000
|
stack
|
page read and write
|
||
|
26A641D0000
|
heap
|
page read and write
|
||
|
B0F000
|
heap
|
page read and write
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
26A49B10000
|
heap
|
page read and write
|
||
|
4EDC000
|
stack
|
page read and write
|
||
|
7FFB4B1C0000
|
trusted library allocation
|
page read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
26A49AD0000
|
trusted library section
|
page read and write
|
||
|
14D3D410000
|
heap
|
page read and write
|
||
|
7FFB4B0D0000
|
trusted library allocation
|
page read and write
|
||
|
A8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B1F1000
|
trusted library allocation
|
page read and write
|
||
|
26A63B79000
|
heap
|
page read and write
|
||
|
3779000
|
trusted library allocation
|
page read and write
|
||
|
26A641EC000
|
heap
|
page read and write
|
||
|
26A4DFE3000
|
trusted library allocation
|
page read and write
|
||
|
A65000
|
heap
|
page read and write
|
||
|
26A63CAA000
|
heap
|
page read and write
|
||
|
7FFB4AED0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A4DE22000
|
trusted library allocation
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
26A63917000
|
heap
|
page read and write
|
||
|
7FFB4B1C5000
|
trusted library allocation
|
page read and write
|
||
|
26A4C983000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B140000
|
trusted library allocation
|
page read and write
|
||
|
5E49000
|
trusted library allocation
|
page read and write
|
||
|
579E000
|
stack
|
page read and write
|
||
|
26A63C8A000
|
heap
|
page read and write
|
||
|
7FFB4B2B0000
|
trusted library allocation
|
page read and write
|
||
|
26A498F0000
|
heap
|
page read and write
|
||
|
26A4D424000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B080000
|
trusted library allocation
|
page read and write
|
||
|
61D0000
|
heap
|
page read and write
|
||
|
7FFB4AF10000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B11A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B201000
|
trusted library allocation
|
page read and write
|
||
|
26A49852000
|
heap
|
page read and write
|
||
|
26A4C97A000
|
trusted library allocation
|
page read and write
|
||
|
26A4DDAE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADB0000
|
trusted library allocation
|
page read and write
|
||
|
26A4B367000
|
heap
|
page execute and read and write
|
||
|
3771000
|
trusted library allocation
|
page read and write
|
||
|
26A4B807000
|
trusted library allocation
|
page read and write
|
||
|
57DF000
|
stack
|
page read and write
|
||
|
26A4C852000
|
trusted library allocation
|
page read and write
|
||
|
BA9000
|
heap
|
page read and write
|
||
|
26A4CD2C000
|
trusted library allocation
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
26A4D8B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A49B15000
|
heap
|
page read and write
|
||
|
7FFB4AE20000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A4DC92000
|
trusted library allocation
|
page read and write
|
||
|
5F8E000
|
stack
|
page read and write
|
||
|
9456A4B000
|
stack
|
page read and write
|
||
|
7FFB4B030000
|
trusted library allocation
|
page read and write
|
||
|
945577E000
|
stack
|
page read and write
|
||
|
26A49B00000
|
heap
|
page read and write
|
||
|
515E000
|
stack
|
page read and write
|
||
|
26A63B60000
|
heap
|
page read and write
|
||
|
7FFB4B143000
|
trusted library allocation
|
page read and write
|
||
|
5A5D000
|
stack
|
page read and write
|
||
|
7FFB4AEE7000
|
trusted library allocation
|
page read and write
|
||
|
26A49902000
|
heap
|
page read and write
|
||
|
94568CE000
|
stack
|
page read and write
|
||
|
26A4992A000
|
heap
|
page read and write
|
||
|
26A641E8000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
26A5B781000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD5C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B1CA000
|
trusted library allocation
|
page read and write
|
||
|
26A63C8F000
|
heap
|
page read and write
|
||
|
26A4DF0D000
|
trusted library allocation
|
page read and write
|
||
|
26A49AE0000
|
trusted library allocation
|
page read and write
|
||
|
26A64212000
|
heap
|
page read and write
|
||
|
7FFB4B0F0000
|
trusted library allocation
|
page read and write
|
||
|
5E40000
|
trusted library allocation
|
page read and write
|
||
|
54B000
|
stack
|
page read and write
|
||
|
26A63B6B000
|
heap
|
page read and write
|
||
|
7FFB4AF40000
|
trusted library allocation
|
page read and write
|
||
|
26A4DA7E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD20000
|
trusted library allocation
|
page read and write
|
||
|
26A4CAE4000
|
trusted library allocation
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
14D3D7DE000
|
heap
|
page read and write
|
||
|
26A49B05000
|
heap
|
page read and write
|
||
|
26A4C331000
|
trusted library allocation
|
page read and write
|
||
|
4E9D000
|
stack
|
page read and write
|
||
|
26A49800000
|
heap
|
page read and write
|
||
|
14D3EFE0000
|
heap
|
page read and write
|
||
|
511E000
|
stack
|
page read and write
|
||
|
9455BBE000
|
stack
|
page read and write
|
||
|
7FFB4B20A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B110000
|
trusted library allocation
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
7FFB4AD10000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2C0000
|
trusted library allocation
|
page read and write
|
||
|
26A4C4FA000
|
trusted library allocation
|
page read and write
|
||
|
571D000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7FFB4AD00000
|
trusted library allocation
|
page read and write
|
||
|
26A63A2C000
|
heap
|
page read and write
|
||
|
7DF44B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A498E6000
|
heap
|
page read and write
|
||
|
26A63A20000
|
heap
|
page read and write
|
||
|
26A4B2F0000
|
trusted library allocation
|
page read and write
|
||
|
A80000
|
trusted library allocation
|
page read and write
|
||
|
26A4D746000
|
trusted library allocation
|
page read and write
|
||
|
521CFE000
|
stack
|
page read and write
|
||
|
4CD0000
|
heap
|
page execute and read and write
|
||
|
945670C000
|
stack
|
page read and write
|
||
|
26A63915000
|
heap
|
page read and write
|
||
|
7FFB4B1B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B060000
|
trusted library allocation
|
page read and write
|
||
|
14D3D43E000
|
heap
|
page read and write
|
||
|
26A4D737000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B226000
|
trusted library allocation
|
page read and write
|
||
|
14D3D7D0000
|
heap
|
page read and write
|
||
|
7FFB4AFB0000
|
trusted library allocation
|
page read and write
|
||
|
B1B000
|
heap
|
page read and write
|
||
|
5217FE000
|
stack
|
page read and write
|
||
|
26A63890000
|
heap
|
page read and write
|
||
|
94554F9000
|
stack
|
page read and write
|
||
|
26A63B1C000
|
heap
|
page read and write
|
||
|
4FD9000
|
stack
|
page read and write
|
||
|
26A4DC76000
|
trusted library allocation
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
26A4C98A000
|
trusted library allocation
|
page read and write
|
||
|
26A5B7A6000
|
trusted library allocation
|
page read and write
|
||
|
26A4D5C9000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
trusted library allocation
|
page read and write
|
||
|
521EFE000
|
stack
|
page read and write
|
||
|
7FFB4AD02000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B228000
|
trusted library allocation
|
page read and write
|
||
|
26A4E077000
|
trusted library allocation
|
page read and write
|
||
|
26A63CCC000
|
heap
|
page read and write
|
||
|
B61000
|
heap
|
page read and write
|
||
|
26A4C95E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF20000
|
trusted library allocation
|
page read and write
|
||
|
5216FF000
|
stack
|
page read and write
|
||
|
945567F000
|
stack
|
page read and write
|
||
|
26A63783000
|
heap
|
page read and write
|
||
|
5213B9000
|
stack
|
page read and write
|
||
|
5FD1000
|
trusted library allocation
|
page read and write
|
||
|
26A4D6D5000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF30000
|
trusted library allocation
|
page read and write
|
||
|
26A63971000
|
heap
|
page read and write
|
||
|
26A4C974000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page read and write
|
||
|
26A4B3A0000
|
heap
|
page read and write
|
||
|
26A498EA000
|
heap
|
page read and write
|
||
|
26A497D0000
|
heap
|
page read and write
|
||
|
26A63C8D000
|
heap
|
page read and write
|
||
|
26A63BA1000
|
heap
|
page read and write
|
||
|
6020000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B070000
|
trusted library allocation
|
page read and write
|
||
|
94551CE000
|
stack
|
page read and write
|
||
|
9455A38000
|
stack
|
page read and write
|
||
|
26A641E4000
|
heap
|
page read and write
|
||
|
4778000
|
trusted library allocation
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
7FFB4B230000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF80000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
7FFB4AFE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0A9000
|
trusted library allocation
|
page read and write
|
||
|
5A9C000
|
stack
|
page read and write
|
||
|
26A4C964000
|
trusted library allocation
|
page read and write
|
||
|
26A63C9F000
|
heap
|
page read and write
|
||
|
26A4DC27000
|
trusted library allocation
|
page read and write
|
||
|
9455145000
|
stack
|
page read and write
|
||
|
5CDD000
|
stack
|
page read and write
|
||
|
945688D000
|
stack
|
page read and write
|
||
|
26A4C958000
|
trusted library allocation
|
page read and write
|
||
|
AA2000
|
trusted library allocation
|
page read and write
|
||
|
26A49AC0000
|
trusted library section
|
page read and write
|
||
|
26A4DD7D000
|
trusted library allocation
|
page read and write
|
||
|
94555FB000
|
stack
|
page read and write
|
||
|
7FFB4AEA0000
|
trusted library allocation
|
page read and write
|
||
|
AA6000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A63C4A000
|
heap
|
page read and write
|
||
|
26A4D778000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AD03000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A4E0B1000
|
trusted library allocation
|
page read and write
|
||
|
26A4E0F2000
|
trusted library allocation
|
page read and write
|
||
|
14D3D390000
|
heap
|
page read and write
|
||
|
5219FF000
|
stack
|
page read and write
|
||
|
AB7000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B150000
|
trusted library allocation
|
page read and write
|
||
|
26A4E003000
|
trusted library allocation
|
page read and write
|
||
|
26A63BA4000
|
heap
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEE2000
|
trusted library allocation
|
page read and write
|
||
|
B89000
|
heap
|
page read and write
|
||
|
D8C000
|
stack
|
page read and write
|
||
|
26A4E8EA000
|
trusted library allocation
|
page read and write
|
||
|
26A498EE000
|
heap
|
page read and write
|
||
|
7FFB4B2A0000
|
trusted library allocation
|
page read and write
|
||
|
94559B8000
|
stack
|
page read and write
|
||
|
26A4C970000
|
trusted library allocation
|
page read and write
|
||
|
26A5B795000
|
trusted library allocation
|
page read and write
|
||
|
521AFF000
|
stack
|
page read and write
|
||
|
26A6396A000
|
heap
|
page read and write
|
||
|
9455ABE000
|
stack
|
page read and write
|
||
|
26A63C3E000
|
heap
|
page read and write
|
||
|
525D000
|
stack
|
page read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
26A4C98C000
|
trusted library allocation
|
page read and write
|
||
|
26A5BA76000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B270000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEE4000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B100000
|
trusted library allocation
|
page read and write
|
||
|
9455D3E000
|
stack
|
page read and write
|
||
|
26A4D0BD000
|
trusted library allocation
|
page read and write
|
||
|
26A4B2C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0A0000
|
trusted library allocation
|
page read and write
|
||
|
14D3D418000
|
heap
|
page read and write
|
||
|
7FFB4AD1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A497E0000
|
heap
|
page read and write
|
||
|
DB3000
|
heap
|
page read and write
|
||
|
26A4E12F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AEB1000
|
trusted library allocation
|
page read and write
|
||
|
26A5BBA4000
|
trusted library allocation
|
page read and write
|
||
|
26A4CA88000
|
trusted library allocation
|
page read and write
|
||
|
26A498E2000
|
heap
|
page read and write
|
||
|
7FFB4B010000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
B7A000
|
heap
|
page read and write
|
||
|
945547E000
|
stack
|
page read and write
|
||
|
7FFB4ADB6000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B000000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1D3000
|
trusted library allocation
|
page read and write
|
||
|
595C000
|
stack
|
page read and write
|
||
|
26A4DA89000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
DC7000
|
heap
|
page read and write
|
||
|
26A4D3FE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1CD000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
7FFB4B170000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
26A4C1A7000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B190000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4AF60000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4ADE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
9455CBB000
|
stack
|
page read and write
|
||
|
26A641E0000
|
heap
|
page read and write
|
||
|
7FFB4B0B0000
|
trusted library allocation
|
page read and write
|
||
|
5F94000
|
trusted library allocation
|
page read and write
|
||
|
945680E000
|
stack
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
7FFB4AF00000
|
trusted library allocation
|
page read and write
|
||
|
26A49AF0000
|
heap
|
page readonly
|
||
|
26A4C94A000
|
trusted library allocation
|
page read and write
|
||
|
26A4B938000
|
trusted library allocation
|
page read and write
|
||
|
521DFE000
|
stack
|
page read and write
|
||
|
26A5B7AF000
|
trusted library allocation
|
page read and write
|
||
|
26A63C11000
|
heap
|
page read and write
|
||
|
26A49A10000
|
heap
|
page read and write
|
||
|
26A64263000
|
heap
|
page read and write
|
||
|
9455879000
|
stack
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
26A4DD1B000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
7FFB4B040000
|
trusted library allocation
|
page read and write
|
||
|
ABB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B0E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1F6000
|
trusted library allocation
|
page read and write
|
||
|
945668E000
|
stack
|
page read and write
|
||
|
26A63B9F000
|
heap
|
page read and write
|
||
|
5E30000
|
trusted library allocation
|
page read and write
|
||
|
14D3D7D5000
|
heap
|
page read and write
|
||
|
7FFB4AD2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4AF90000
|
trusted library allocation
|
page read and write
|
||
|
945678C000
|
stack
|
page read and write
|
||
|
AA0000
|
trusted library allocation
|
page read and write
|
||
|
26A638CB000
|
heap
|
page read and write
|
||
|
26A63A31000
|
heap
|
page read and write
|
||
|
7FFB4B280000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B257000
|
trusted library allocation
|
page read and write
|
||
|
A93000
|
trusted library allocation
|
page read and write
|
||
|
7DF44B840000
|
trusted library allocation
|
page execute and read and write
|
||
|
26A4B340000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B0B8000
|
trusted library allocation
|
page read and write
|
||
|
14D3D3B0000
|
heap
|
page read and write
|
||
|
945557D000
|
stack
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
26A4C97D000
|
trusted library allocation
|
page read and write
|
||
|
26A63B27000
|
heap
|
page read and write
|
There are 401 hidden memdumps, click here to show them.