Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
TST.ps1
|
ASCII text, with very long lines (530), with CRLF line terminators
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Network\Downloader\edb.log
|
data
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.db
|
Extensible storage user DataBase, version 0x620, checksum 0xd694f33f, page size 16384, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rtci5fqi.0eg.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xoirv3ba.02d.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\D0S9SLJQSX2CW1XZMXN5.temp
|
data
|
dropped
|
||
|
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
|
JSON data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\TST.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\svchost.exe
|
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://147.45.H
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://g.live.com/odclientsettings/ProdV21C:
|
unknown
|
||
|
http://crl.ver)
|
unknown
|
||
|
https://api.ip.s
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://147.45.44XBk
|
unknown
|
||
|
http://147.45.44.131
|
unknown
|
||
|
http://147.45.44.131/files/mservice64.exe
|
unknown
|
||
|
https://g.live.com/odclientsettings/Prod1C:
|
unknown
|
||
|
http://147.45.44.131/files
|
unknown
|
||
|
http://147.45.44.131/files/TTF.exe
|
147.45.44.131
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://discord.com/api/v9/users/
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://147.45.44
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 17 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.45.44.131
|
unknown
|
Russian Federation
|
||
|
127.0.0.1
|
unknown
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
|
PerfMMFileName
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2C3D70F0000
|
trusted library allocation
|
page read and write
|
|
|
|
2C3EF2E0000
|
trusted library section
|
page read and write
|
|
|
|
2C3E6D1F000
|
trusted library allocation
|
page read and write
|
|
|
|
2C3D84B3000
|
trusted library allocation
|
page read and write
|
|
|
|
2C3E6FA8000
|
trusted library allocation
|
page read and write
|
|
|
|
2C3D84A6000
|
trusted library allocation
|
page read and write
|
|
|
|
7FFD345FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3D8692000
|
trusted library allocation
|
page read and write
|
||
|
21AAC400000
|
heap
|
page read and write
|
||
|
15CD000
|
heap
|
page read and write
|
||
|
21AAC500000
|
heap
|
page read and write
|
||
|
2C3D66F0000
|
heap
|
page readonly
|
||
|
158C000
|
heap
|
page read and write
|
||
|
21AACD02000
|
heap
|
page read and write
|
||
|
2C3EEE30000
|
heap
|
page read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
2C3EEFD6000
|
heap
|
page read and write
|
||
|
3393000
|
trusted library allocation
|
page read and write
|
||
|
FA04BFE000
|
stack
|
page read and write
|
||
|
49343FE000
|
unkown
|
page readonly
|
||
|
2C3EEE50000
|
heap
|
page read and write
|
||
|
7636000
|
heap
|
page read and write
|
||
|
21AAC65C000
|
heap
|
page read and write
|
||
|
21AB19E0000
|
trusted library allocation
|
page read and write
|
||
|
2C3D6D38000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
2C3D4EA0000
|
heap
|
page read and write
|
||
|
5C15000
|
heap
|
page read and write
|
||
|
5665000
|
trusted library allocation
|
page read and write
|
||
|
FA04DFF000
|
stack
|
page read and write
|
||
|
21AAD5D0000
|
trusted library section
|
page readonly
|
||
|
5BCD000
|
stack
|
page read and write
|
||
|
2C3EED98000
|
heap
|
page read and write
|
||
|
21AAC68C000
|
heap
|
page read and write
|
||
|
49358FE000
|
unkown
|
page readonly
|
||
|
33FF000
|
trusted library allocation
|
page read and write
|
||
|
21AAC695000
|
heap
|
page read and write
|
||
|
15C9000
|
heap
|
page read and write
|
||
|
3386000
|
trusted library allocation
|
page read and write
|
||
|
21AAD600000
|
trusted library section
|
page readonly
|
||
|
2C3D6770000
|
trusted library allocation
|
page read and write
|
||
|
2C3EECF4000
|
heap
|
page read and write
|
||
|
3401000
|
trusted library allocation
|
page read and write
|
||
|
593B000
|
stack
|
page read and write
|
||
|
21AAD5F0000
|
trusted library section
|
page readonly
|
||
|
21AAD3E0000
|
trusted library allocation
|
page read and write
|
||
|
3397000
|
trusted library allocation
|
page read and write
|
||
|
2C3E6CB1000
|
trusted library allocation
|
page read and write
|
||
|
21AB1A10000
|
trusted library allocation
|
page read and write
|
||
|
4935E7E000
|
stack
|
page read and write
|
||
|
13ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
2C3D8556000
|
trusted library allocation
|
page read and write
|
||
|
2C3D4D20000
|
heap
|
page read and write
|
||
|
156A000
|
heap
|
page read and write
|
||
|
33D3000
|
trusted library allocation
|
page read and write
|
||
|
3358000
|
trusted library allocation
|
page read and write
|
||
|
141A000
|
trusted library allocation
|
page execute and read and write
|
||
|
21AB1CF9000
|
heap
|
page read and write
|
||
|
FA05039000
|
stack
|
page read and write
|
||
|
21AB1A3E000
|
trusted library allocation
|
page read and write
|
||
|
49347FE000
|
unkown
|
page readonly
|
||
|
3350000
|
trusted library allocation
|
page read and write
|
||
|
49349FE000
|
unkown
|
page readonly
|
||
|
7FFD346FA000
|
trusted library allocation
|
page read and write
|
||
|
49354FE000
|
unkown
|
page readonly
|
||
|
1440000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
||
|
2C3EED7D000
|
heap
|
page read and write
|
||
|
142B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1427000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD346F1000
|
trusted library allocation
|
page read and write
|
||
|
21AB1CCF000
|
heap
|
page read and write
|
||
|
33EA000
|
trusted library allocation
|
page read and write
|
||
|
FA04CFB000
|
stack
|
page read and write
|
||
|
2C3D4E86000
|
heap
|
page read and write
|
||
|
21AB1CE7000
|
heap
|
page read and write
|
||
|
7FFD3454D000
|
trusted library allocation
|
page execute and read and write
|
||
|
13F3000
|
trusted library allocation
|
page read and write
|
||
|
5636000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page execute and read and write
|
||
|
21AB1B30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page read and write
|
||
|
33E6000
|
trusted library allocation
|
page read and write
|
||
|
4935EFE000
|
unkown
|
page readonly
|
||
|
14EB000
|
heap
|
page read and write
|
||
|
2C3D715F000
|
trusted library allocation
|
page read and write
|
||
|
2C3EED4B000
|
heap
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
49357FB000
|
stack
|
page read and write
|
||
|
2C3D6CB1000
|
trusted library allocation
|
page read and write
|
||
|
4171000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34725000
|
trusted library allocation
|
page read and write
|
||
|
2C3D67A0000
|
trusted library allocation
|
page read and write
|
||
|
21AAC670000
|
heap
|
page read and write
|
||
|
21AAC713000
|
heap
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3D8A5E000
|
trusted library allocation
|
page read and write
|
||
|
21AB1B20000
|
trusted library allocation
|
page read and write
|
||
|
FA04D7E000
|
stack
|
page read and write
|
||
|
7FFD347E0000
|
trusted library allocation
|
page read and write
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
2C3D6757000
|
heap
|
page execute and read and write
|
||
|
FA04F3E000
|
stack
|
page read and write
|
||
|
2C3EEF59000
|
heap
|
page read and write
|
||
|
5D20000
|
heap
|
page read and write
|
||
|
4934BFE000
|
unkown
|
page readonly
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
336B000
|
trusted library allocation
|
page read and write
|
||
|
2C3D8534000
|
trusted library allocation
|
page read and write
|
||
|
21AAC6A0000
|
heap
|
page read and write
|
||
|
3380000
|
trusted library allocation
|
page read and write
|
||
|
FA052BC000
|
stack
|
page read and write
|
||
|
2C3D4DE0000
|
heap
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
2C3EEF30000
|
heap
|
page read and write
|
||
|
4933EFE000
|
unkown
|
page readonly
|
||
|
21AB19D0000
|
trusted library allocation
|
page read and write
|
||
|
1422000
|
trusted library allocation
|
page read and write
|
||
|
5610000
|
trusted library allocation
|
page read and write
|
||
|
21AACC02000
|
heap
|
page read and write
|
||
|
2C3D4E7F000
|
heap
|
page read and write
|
||
|
7FFD34710000
|
trusted library allocation
|
page execute and read and write
|
||
|
13FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
331E000
|
trusted library allocation
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
1594000
|
heap
|
page read and write
|
||
|
21AB1D05000
|
heap
|
page read and write
|
||
|
33FD000
|
trusted library allocation
|
page read and write
|
||
|
331A000
|
trusted library allocation
|
page read and write
|
||
|
2C3EEF4C000
|
heap
|
page read and write
|
||
|
21AB1B80000
|
remote allocation
|
page read and write
|
||
|
2C3D5075000
|
heap
|
page read and write
|
||
|
49341FE000
|
unkown
|
page readonly
|
||
|
3331000
|
trusted library allocation
|
page read and write
|
||
|
5600000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3D6760000
|
heap
|
page read and write
|
||
|
5C20000
|
heap
|
page read and write
|
||
|
3352000
|
trusted library allocation
|
page read and write
|
||
|
21AAD620000
|
trusted library section
|
page readonly
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
FA04AFE000
|
stack
|
page read and write
|
||
|
21AAD5E0000
|
trusted library section
|
page readonly
|
||
|
58B0000
|
trusted library allocation
|
page read and write
|
||
|
FA04E7D000
|
stack
|
page read and write
|
||
|
21AB1C4E000
|
heap
|
page read and write
|
||
|
21AAC6FE000
|
heap
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
1412000
|
trusted library allocation
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
1518000
|
heap
|
page read and write
|
||
|
3295000
|
trusted library allocation
|
page read and write
|
||
|
21AB1C00000
|
heap
|
page read and write
|
||
|
5A20000
|
trusted library allocation
|
page read and write
|
||
|
3312000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34722000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34660000
|
trusted library allocation
|
page execute and read and write
|
||
|
1780000
|
trusted library allocation
|
page read and write
|
||
|
5C30000
|
heap
|
page read and write
|
||
|
21AB1A00000
|
trusted library allocation
|
page read and write
|
||
|
33B4000
|
trusted library allocation
|
page read and write
|
||
|
2C3EECF1000
|
heap
|
page read and write
|
||
|
21AB1CF4000
|
heap
|
page read and write
|
||
|
33BC000
|
trusted library allocation
|
page read and write
|
||
|
21AAC640000
|
heap
|
page read and write
|
||
|
21AAC702000
|
heap
|
page read and write
|
||
|
21AB1D02000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page execute and read and write
|
||
|
49356FE000
|
unkown
|
page readonly
|
||
|
493537E000
|
stack
|
page read and write
|
||
|
7FFD34800000
|
trusted library allocation
|
page read and write
|
||
|
21AAC6B2000
|
heap
|
page read and write
|
||
|
3320000
|
trusted library allocation
|
page read and write
|
||
|
2C3EED36000
|
heap
|
page read and write
|
||
|
5AB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C3D4EC9000
|
heap
|
page read and write
|
||
|
3314000
|
trusted library allocation
|
page read and write
|
||
|
15D5000
|
heap
|
page read and write
|
||
|
2C3D66B0000
|
trusted library allocation
|
page read and write
|
||
|
4AA000
|
remote allocation
|
page execute and read and write
|
||
|
3340000
|
trusted library allocation
|
page read and write
|
||
|
32A0000
|
trusted library allocation
|
page read and write
|
||
|
3299000
|
trusted library allocation
|
page read and write
|
||
|
21AB1A24000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34544000
|
trusted library allocation
|
page read and write
|
||
|
3407000
|
trusted library allocation
|
page read and write
|
||
|
33BA000
|
trusted library allocation
|
page read and write
|
||
|
21AAC729000
|
heap
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
3160000
|
heap
|
page read and write
|
||
|
3403000
|
trusted library allocation
|
page read and write
|
||
|
5642000
|
trusted library allocation
|
page read and write
|
||
|
21AACD1A000
|
heap
|
page read and write
|
||
|
339D000
|
trusted library allocation
|
page read and write
|
||
|
21AAC68E000
|
heap
|
page read and write
|
||
|
21AB19E1000
|
trusted library allocation
|
page read and write
|
||
|
49344F9000
|
stack
|
page read and write
|
||
|
33B6000
|
trusted library allocation
|
page read and write
|
||
|
21AAC420000
|
heap
|
page read and write
|
||
|
2C3EEFAE000
|
heap
|
page read and write
|
||
|
FA04C7E000
|
stack
|
page read and write
|
||
|
782E000
|
stack
|
page read and write
|
||
|
7FFD345F6000
|
trusted library allocation
|
page read and write
|
||
|
33D5000
|
trusted library allocation
|
page read and write
|
||
|
FA05D4E000
|
stack
|
page read and write
|
||
|
7B52000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3455B000
|
trusted library allocation
|
page read and write
|
||
|
4934AFE000
|
unkown
|
page readonly
|
||
|
7FFD347D0000
|
trusted library allocation
|
page read and write
|
||
|
607E000
|
stack
|
page read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
21AB1C2D000
|
heap
|
page read and write
|
||
|
21AB19E0000
|
trusted library allocation
|
page read and write
|
||
|
7DF429460000
|
trusted library allocation
|
page execute and read and write
|
||
|
33C7000
|
trusted library allocation
|
page read and write
|
||
|
2C3D6700000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34810000
|
trusted library allocation
|
page read and write
|
||
|
FA0513E000
|
stack
|
page read and write
|
||
|
5A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
334E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
FA05E0D000
|
stack
|
page read and write
|
||
|
493517E000
|
stack
|
page read and write
|
||
|
21AAC667000
|
heap
|
page read and write
|
||
|
135E000
|
stack
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
2C3D4D60000
|
heap
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
||
|
2C3D6710000
|
heap
|
page read and write
|
||
|
3369000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347C0000
|
trusted library allocation
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA05F0C000
|
stack
|
page read and write
|
||
|
2C3D67E5000
|
heap
|
page read and write
|
||
|
317E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34600000
|
trusted library allocation
|
page execute and read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
49355FB000
|
stack
|
page read and write
|
||
|
561B000
|
trusted library allocation
|
page read and write
|
||
|
1524000
|
heap
|
page read and write
|
||
|
21AB1B30000
|
trusted library allocation
|
page read and write
|
||
|
3322000
|
trusted library allocation
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
21AB1C41000
|
heap
|
page read and write
|
||
|
21AB1CD4000
|
heap
|
page read and write
|
||
|
FA05E8D000
|
stack
|
page read and write
|
||
|
2C3D849E000
|
trusted library allocation
|
page read and write
|
||
|
33B0000
|
trusted library allocation
|
page read and write
|
||
|
2C3D4DE8000
|
heap
|
page read and write
|
||
|
21AB2000000
|
heap
|
page read and write
|
||
|
49345FE000
|
unkown
|
page readonly
|
||
|
21AB1D0A000
|
heap
|
page read and write
|
||
|
33CD000
|
trusted library allocation
|
page read and write
|
||
|
21AB1D00000
|
heap
|
page read and write
|
||
|
21AAD240000
|
trusted library allocation
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
563D000
|
trusted library allocation
|
page read and write
|
||
|
21AAD3F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page execute and read and write
|
||
|
21AACB90000
|
trusted library allocation
|
page read and write
|
||
|
1770000
|
trusted library allocation
|
page read and write
|
||
|
4934E7E000
|
stack
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
21AAD970000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
21AB1AB0000
|
trusted library allocation
|
page read and write
|
||
|
33B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34542000
|
trusted library allocation
|
page read and write
|
||
|
3337000
|
trusted library allocation
|
page read and write
|
||
|
21AAD4F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
3384000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page read and write
|
||
|
21AACD13000
|
heap
|
page read and write
|
||
|
4934DFE000
|
unkown
|
page readonly
|
||
|
21AB1A10000
|
trusted library allocation
|
page read and write
|
||
|
2C3EEF98000
|
heap
|
page read and write
|
||
|
FA7000
|
stack
|
page read and write
|
||
|
763E000
|
heap
|
page read and write
|
||
|
2C3EEF6C000
|
heap
|
page read and write
|
||
|
21AB19C0000
|
trusted library allocation
|
page read and write
|
||
|
21AB1C84000
|
heap
|
page read and write
|
||
|
2C3D8564000
|
trusted library allocation
|
page read and write
|
||
|
49352FD000
|
stack
|
page read and write
|
||
|
21AB1B80000
|
remote allocation
|
page read and write
|
||
|
5660000
|
trusted library allocation
|
page read and write
|
||
|
32EE000
|
trusted library allocation
|
page read and write
|
||
|
4934D7E000
|
stack
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
FA04A75000
|
stack
|
page read and write
|
||
|
2C3D67E0000
|
heap
|
page read and write
|
||
|
333B000
|
trusted library allocation
|
page read and write
|
||
|
2C3D8A62000
|
trusted library allocation
|
page read and write
|
||
|
2C3EEF5C000
|
heap
|
page read and write
|
||
|
21AB1CEB000
|
heap
|
page read and write
|
||
|
49342FE000
|
stack
|
page read and write
|
||
|
330D000
|
trusted library allocation
|
page read and write
|
||
|
493547E000
|
unkown
|
page readonly
|
||
|
2C3D4ECD000
|
heap
|
page read and write
|
||
|
13CE000
|
stack
|
page read and write
|
||
|
15A2000
|
heap
|
page read and write
|
||
|
33EE000
|
trusted library allocation
|
page read and write
|
||
|
3171000
|
trusted library allocation
|
page read and write
|
||
|
3318000
|
trusted library allocation
|
page read and write
|
||
|
2C3D4E8A000
|
heap
|
page read and write
|
||
|
49350FE000
|
unkown
|
page readonly
|
||
|
21AACBA0000
|
trusted library section
|
page read and write
|
||
|
2C3D4DF2000
|
heap
|
page read and write
|
||
|
14AE000
|
stack
|
page read and write
|
||
|
15DA000
|
heap
|
page read and write
|
||
|
335B000
|
trusted library allocation
|
page read and write
|
||
|
1592000
|
heap
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
3399000
|
trusted library allocation
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
49348FB000
|
stack
|
page read and write
|
||
|
7FFD3455D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page read and write
|
||
|
4934CFE000
|
unkown
|
page readonly
|
||
|
339B000
|
trusted library allocation
|
page read and write
|
||
|
21AB1CF0000
|
heap
|
page read and write
|
||
|
21AB1CC3000
|
heap
|
page read and write
|
||
|
21AB1AC0000
|
trusted library allocation
|
page read and write
|
||
|
2FBE000
|
stack
|
page read and write
|
||
|
33C5000
|
trusted library allocation
|
page read and write
|
||
|
603E000
|
stack
|
page read and write
|
||
|
2C3D6CA0000
|
heap
|
page execute and read and write
|
||
|
2C3D8999000
|
trusted library allocation
|
page read and write
|
||
|
21AB1B10000
|
trusted library allocation
|
page read and write
|
||
|
FA05D8F000
|
stack
|
page read and write
|
||
|
52AD000
|
stack
|
page read and write
|
||
|
15BE000
|
heap
|
page read and write
|
||
|
21AAD3B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
5C0E000
|
stack
|
page read and write
|
||
|
51AC000
|
stack
|
page read and write
|
||
|
33B8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page read and write
|
||
|
339F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346E0000
|
trusted library allocation
|
page read and write
|
||
|
13E4000
|
trusted library allocation
|
page read and write
|
||
|
2C3D6750000
|
heap
|
page execute and read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
49351FE000
|
unkown
|
page readonly
|
||
|
21AAC600000
|
heap
|
page read and write
|
||
|
49346FC000
|
stack
|
page read and write
|
||
|
FA0523F000
|
stack
|
page read and write
|
||
|
21AACD00000
|
heap
|
page read and write
|
||
|
21AB1C54000
|
heap
|
page read and write
|
||
|
7FFD347F0000
|
trusted library allocation
|
page read and write
|
||
|
5614000
|
trusted library allocation
|
page read and write
|
||
|
21AAD610000
|
trusted library section
|
page readonly
|
||
|
21AB1B40000
|
trusted library allocation
|
page read and write
|
||
|
32C1000
|
trusted library allocation
|
page read and write
|
||
|
3333000
|
trusted library allocation
|
page read and write
|
||
|
5940000
|
trusted library section
|
page readonly
|
||
|
21AACD1A000
|
heap
|
page read and write
|
||
|
21AAC6AE000
|
heap
|
page read and write
|
||
|
336F000
|
trusted library allocation
|
page read and write
|
||
|
3395000
|
trusted library allocation
|
page read and write
|
||
|
1407000
|
heap
|
page read and write
|
||
|
5800000
|
heap
|
page execute and read and write
|
||
|
2C3EEFB8000
|
heap
|
page read and write
|
||
|
5FFE000
|
stack
|
page read and write
|
||
|
341E000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
33F7000
|
trusted library allocation
|
page read and write
|
||
|
2C3D7191000
|
trusted library allocation
|
page read and write
|
||
|
2C3D86BD000
|
trusted library allocation
|
page read and write
|
||
|
2C3D6B3C000
|
heap
|
page read and write
|
||
|
333D000
|
trusted library allocation
|
page read and write
|
||
|
2C3D5070000
|
heap
|
page read and write
|
||
|
FA050B7000
|
stack
|
page read and write
|
||
|
21AACC15000
|
heap
|
page read and write
|
||
|
33F1000
|
trusted library allocation
|
page read and write
|
||
|
562E000
|
trusted library allocation
|
page read and write
|
||
|
336D000
|
trusted library allocation
|
page read and write
|
||
|
3382000
|
trusted library allocation
|
page read and write
|
||
|
4934FFE000
|
stack
|
page read and write
|
||
|
159D000
|
heap
|
page read and write
|
||
|
561E000
|
trusted library allocation
|
page read and write
|
||
|
21AACC00000
|
heap
|
page read and write
|
||
|
3405000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
2C3D7B91000
|
trusted library allocation
|
page read and write
|
||
|
1386000
|
heap
|
page read and write
|
||
|
33C1000
|
trusted library allocation
|
page read and write
|
||
|
FA0533B000
|
stack
|
page read and write
|
||
|
2C3D4C20000
|
heap
|
page read and write
|
||
|
2C3E6CC0000
|
trusted library allocation
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
796E000
|
stack
|
page read and write
|
||
|
21AB1A20000
|
trusted library allocation
|
page read and write
|
||
|
21AAC613000
|
heap
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
21AAC66C000
|
heap
|
page read and write
|
||
|
7FFD34626000
|
trusted library allocation
|
page execute and read and write
|
||
|
58B2000
|
trusted library allocation
|
page read and write
|
||
|
3316000
|
trusted library allocation
|
page read and write
|
||
|
33BF000
|
trusted library allocation
|
page read and write
|
||
|
2C3D4D00000
|
heap
|
page read and write
|
||
|
4933A7B000
|
stack
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
FA051BE000
|
stack
|
page read and write
|
||
|
5631000
|
trusted library allocation
|
page read and write
|
||
|
FA05F8E000
|
stack
|
page read and write
|
||
|
21AAC690000
|
heap
|
page read and write
|
||
|
5A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
21AAC62B000
|
heap
|
page read and write
|
||
|
3325000
|
trusted library allocation
|
page read and write
|
||
|
15B6000
|
heap
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page read and write
|
||
|
7631000
|
heap
|
page read and write
|
||
|
49340FE000
|
stack
|
page read and write
|
||
|
4934A7E000
|
stack
|
page read and write
|
||
|
1790000
|
trusted library allocation
|
page read and write
|
||
|
7A6E000
|
stack
|
page read and write
|
||
|
21AB1AB0000
|
trusted library allocation
|
page read and write
|
||
|
4934B7E000
|
stack
|
page read and write
|
||
|
2C3EECB0000
|
heap
|
page read and write
|
||
|
2C3EF130000
|
heap
|
page execute and read and write
|
||
|
7FFD34543000
|
trusted library allocation
|
page execute and read and write
|
||
|
58E0000
|
trusted library allocation
|
page read and write
|
||
|
21AB1C61000
|
heap
|
page read and write
|
||
|
1578000
|
heap
|
page read and write
|
||
|
EA9000
|
stack
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
5A50000
|
trusted library allocation
|
page read and write
|
||
|
33CF000
|
trusted library allocation
|
page read and write
|
||
|
2C3EECDD000
|
heap
|
page read and write
|
||
|
33A2000
|
trusted library allocation
|
page read and write
|
||
|
3339000
|
trusted library allocation
|
page read and write
|
||
|
FA04B7E000
|
stack
|
page read and write
|
||
|
56E3000
|
heap
|
page read and write
|
||
|
7FFD345F0000
|
trusted library allocation
|
page read and write
|
||
|
FA04EF9000
|
stack
|
page read and write
|
||
|
33D1000
|
trusted library allocation
|
page read and write
|
||
|
2C3D66E0000
|
trusted library allocation
|
page read and write
|
||
|
2C3D6ED8000
|
trusted library allocation
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21AB1CC5000
|
heap
|
page read and write
|
||
|
4934EFE000
|
unkown
|
page readonly
|
||
|
4933DF7000
|
stack
|
page read and write
|
||
|
21AB1C20000
|
heap
|
page read and write
|
||
|
792E000
|
stack
|
page read and write
|
||
|
21AB1CFC000
|
heap
|
page read and write
|
||
|
21AACD5A000
|
heap
|
page read and write
|
||
|
17A0000
|
heap
|
page read and write
|
||
|
3371000
|
trusted library allocation
|
page read and write
|
||
|
21AB1B80000
|
remote allocation
|
page read and write
|
||
|
5670000
|
trusted library allocation
|
page read and write
|
||
|
4934C7E000
|
stack
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page read and write
|
||
|
2C3D8717000
|
trusted library allocation
|
page read and write
|
||
|
5C54000
|
heap
|
page read and write
|
||
|
7FFD34550000
|
trusted library allocation
|
page read and write
|
||
|
21AACF01000
|
trusted library allocation
|
page read and write
|
||
|
2C3D4E8E000
|
heap
|
page read and write
|
||
|
13E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
565F000
|
trusted library allocation
|
page read and write
|
||
|
2C3D4EC7000
|
heap
|
page read and write
|
||
|
3335000
|
trusted library allocation
|
page read and write
|
||
|
FA050BE000
|
stack
|
page read and write
|
||
|
1792000
|
trusted library allocation
|
page read and write
|
||
|
FA04FB7000
|
stack
|
page read and write
|
||
|
2C3EECE9000
|
heap
|
page read and write
|
||
|
331C000
|
trusted library allocation
|
page read and write
|
||
|
326A000
|
trusted library allocation
|
page read and write
|
||
|
56A0000
|
trusted library allocation
|
page read and write
|
||
|
2C3E6F09000
|
trusted library allocation
|
page read and write
|
||
|
1416000
|
trusted library allocation
|
page execute and read and write
|
There are 465 hidden memdumps, click here to show them.